googleapiclient 1.4 and oauth2client 1.4.7 upgrades

2025-07-08 05:33:34 +00:00 · 2015-04-15 11:47:26 -04:00
parent a2e8d17a69
commit db0dd231b1
24 changed files with 867 additions and 489 deletions
--- a/oauth2client/crypt.py
+++ b/oauth2client/crypt.py
@ -18,8 +18,11 @@
 import base64
 import json
 import logging
+import sys
 import time

+import six
+

 CLOCK_SKEW_SECS = 300  # 5 minutes in seconds
 AUTH_TOKEN_LIFETIME_SECS = 300  # 5 minutes in seconds
@ -59,6 +62,8 @@ try:
        key that this object was constructed with.
      """
      try:
+        if isinstance(message, six.text_type):
+          message = message.encode('utf-8')
        crypto.verify(self._pubkey, signature, message, 'sha256')
        return True
      except:
@ -101,15 +106,17 @@ try:
      """Signs a message.

      Args:
-        message: string, Message to be signed.
+        message: bytes, Message to be signed.

      Returns:
        string, The signature of the message for the given key.
      """
+      if isinstance(message, six.text_type):
+        message = message.encode('utf-8')
      return crypto.sign(self._key, message, 'sha256')

    @staticmethod
-    def from_string(key, password='notasecret'):
+    def from_string(key, password=b'notasecret'):
      """Construct a Signer instance from a string.

      Args:
@ -126,12 +133,34 @@ try:
      if parsed_pem_key:
        pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
      else:
-        pkey = crypto.load_pkcs12(key, password.encode('utf8')).get_privatekey()
+        if isinstance(password, six.text_type):
+          password = password.encode('utf-8')
+        pkey = crypto.load_pkcs12(key, password).get_privatekey()
      return OpenSSLSigner(pkey)

+
+  def pkcs12_key_as_pem(private_key_text, private_key_password):
+    """Convert the contents of a PKCS12 key to PEM using OpenSSL.
+
+    Args:
+      private_key_text: String. Private key.
+      private_key_password: String. Password for PKCS12.
+
+    Returns:
+      String. PEM contents of ``private_key_text``.
+    """
+    decoded_body = base64.b64decode(private_key_text)
+    if isinstance(private_key_password, six.string_types):
+      private_key_password = private_key_password.encode('ascii')
+
+    pkcs12 = crypto.load_pkcs12(decoded_body, private_key_password)
+    return crypto.dump_privatekey(crypto.FILETYPE_PEM,
+                                  pkcs12.get_privatekey())
 except ImportError:
  OpenSSLVerifier = None
  OpenSSLSigner = None
+  def pkcs12_key_as_pem(*args, **kwargs):
+    raise NotImplementedError('pkcs12_key_as_pem requires OpenSSL.')


 try:
@ -182,8 +211,10 @@ try:
        Verifier instance.
      """
      if is_x509_cert:
-        pemLines = key_pem.replace(' ', '').split()
-        certDer = _urlsafe_b64decode(''.join(pemLines[1:-1]))
+        if isinstance(key_pem, six.text_type):
+          key_pem = key_pem.encode('ascii')
+        pemLines = key_pem.replace(b' ', b'').split()
+        certDer = _urlsafe_b64decode(b''.join(pemLines[1:-1]))
        certSeq = DerSequence()
        certSeq.decode(certDer)
        tbsSeq = DerSequence()
@ -214,6 +245,8 @@ try:
      Returns:
        string, The signature of the message for the given key.
      """
+      if isinstance(message, six.text_type):
+        message = message.encode('utf-8')
      return PKCS1_v1_5.new(self._key).sign(SHA256.new(message))

    @staticmethod
@ -269,19 +302,22 @@ def _parse_pem_key(raw_key_input):
  Returns:
    string, The actual key if the contents are from a PEM file, or else None.
  """
-  offset = raw_key_input.find('-----BEGIN ')
+  offset = raw_key_input.find(b'-----BEGIN ')
  if offset != -1:
    return raw_key_input[offset:]


 def _urlsafe_b64encode(raw_bytes):
-  return base64.urlsafe_b64encode(raw_bytes).rstrip('=')
+  if isinstance(raw_bytes, six.text_type):
+    raw_bytes = raw_bytes.encode('utf-8')
+  return base64.urlsafe_b64encode(raw_bytes).decode('ascii').rstrip('=')


 def _urlsafe_b64decode(b64string):
  # Guard against unicode strings, which base64 can't handle.
-  b64string = b64string.encode('ascii')
-  padded = b64string + '=' * (4 - len(b64string) % 4)
+  if isinstance(b64string, six.text_type):
+    b64string = b64string.encode('ascii')
+  padded = b64string + b'=' * (4 - len(b64string) % 4)
  return base64.urlsafe_b64decode(padded)


@ -345,13 +381,13 @@ def verify_signed_jwt_with_certs(jwt, certs, audience):
  # Parse token.
  json_body = _urlsafe_b64decode(segments[1])
  try:
-    parsed = json.loads(json_body)
+    parsed = json.loads(json_body.decode('utf-8'))
  except:
    raise AppIdentityError('Can\'t parse token: %s' % json_body)

  # Check signature.
  verified = False
-  for _, pem in certs.items():
+  for pem in certs.values():
    verifier = Verifier.from_string(pem, True)
    if verifier.verify(signed, signature):
      verified = True
@ -366,7 +402,7 @@ def verify_signed_jwt_with_certs(jwt, certs, audience):
  earliest = iat - CLOCK_SKEW_SECS

  # Check expiration timestamp.
-  now = long(time.time())
+  now = int(time.time())
  exp = parsed.get('exp')
  if exp is None:
    raise AppIdentityError('No exp field in token: %s' % json_body)