Skip to content

Commit

Permalink
resolve conflict with master
Browse files Browse the repository at this point in the history
  • Loading branch information
@arithmetic1728
arithmetic1728 committed Mar 11, 2020
1 parent ea47a6f commit ec189f2
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 48 deletions.
7 changes: 7 additions & 0 deletions docs/reference/google.auth.crypt.es256.rst
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
google.auth.crypt.es256 module
==============================

.. automodule:: google.auth.crypt.es256
:members:
:inherited-members:
:show-inheritance:
1 change: 1 addition & 0 deletions docs/reference/google.auth.crypt.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,5 @@ Submodules
.. toctree::

google.auth.crypt.base
google.auth.crypt.es256
google.auth.crypt.rsa
22 changes: 11 additions & 11 deletions google/auth/crypt/es256.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,18 +28,18 @@
from google.auth.crypt import base

_IMPORT_ERROR_MSG = (
'cryptography>=1.4.0 is required to use cryptography-based ECDSA '
'algorithms')
"cryptography>=1.4.0 is required to use cryptography-based ECDSA " "algorithms"
)

try: # pragma: NO COVER
release = pkg_resources.get_distribution('cryptography').parsed_version
if release < pkg_resources.parse_version('1.4.0'):
release = pkg_resources.get_distribution("cryptography").parsed_version
if release < pkg_resources.parse_version("1.4.0"):
raise ImportError(_IMPORT_ERROR_MSG)
except pkg_resources.DistributionNotFound: # pragma: NO COVER
raise ImportError(_IMPORT_ERROR_MSG)


_CERTIFICATE_MARKER = b'-----BEGIN CERTIFICATE-----'
_CERTIFICATE_MARKER = b"-----BEGIN CERTIFICATE-----"
_BACKEND = backends.default_backend()
_PADDING = padding.PKCS1v15()

Expand Down Expand Up @@ -84,12 +84,12 @@ def from_string(cls, public_key):

if _CERTIFICATE_MARKER in public_key_data:
cert = cryptography.x509.load_pem_x509_certificate(
public_key_data, _BACKEND)
public_key_data, _BACKEND
)
pubkey = cert.public_key()

else:
pubkey = serialization.load_pem_public_key(
public_key_data, _BACKEND)
pubkey = serialization.load_pem_public_key(public_key_data, _BACKEND)

return cls(pubkey)

Expand Down Expand Up @@ -118,8 +118,7 @@ def key_id(self):
@_helpers.copy_docstring(base.Signer)
def sign(self, message):
message = _helpers.to_bytes(message)
return self._key.sign(
message, ec.ECDSA(hashes.SHA256()))
return self._key.sign(message, ec.ECDSA(hashes.SHA256()))

@classmethod
def from_string(cls, key, key_id=None):
Expand All @@ -141,5 +140,6 @@ def from_string(cls, key, key_id=None):
"""
key = _helpers.to_bytes(key)
private_key = serialization.load_pem_private_key(
key, password=None, backend=_BACKEND)
key, password=None, backend=_BACKEND
)
return cls(private_key, key_id=key_id)
39 changes: 17 additions & 22 deletions tests/crypt/test_es256.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
from google.auth.crypt import es256


DATA_DIR = os.path.join(os.path.dirname(__file__), '..', 'data')
DATA_DIR = os.path.join(os.path.dirname(__file__), "..", "data")

# To generate es256_privatekey.pem, es256_privatekey.pub, and
# es256_public_cert.pem:
Expand All @@ -32,34 +32,33 @@
# $ openssl req -new -x509 -key es256_privatekey.pem -out \
# > es256_public_cert.pem

with open(os.path.join(DATA_DIR, 'es256_privatekey.pem'), 'rb') as fh:
with open(os.path.join(DATA_DIR, "es256_privatekey.pem"), "rb") as fh:
PRIVATE_KEY_BYTES = fh.read()
PKCS1_KEY_BYTES = PRIVATE_KEY_BYTES

with open(os.path.join(DATA_DIR, 'es256_publickey.pem'), 'rb') as fh:
with open(os.path.join(DATA_DIR, "es256_publickey.pem"), "rb") as fh:
PUBLIC_KEY_BYTES = fh.read()

with open(os.path.join(DATA_DIR, 'es256_public_cert.pem'), 'rb') as fh:
with open(os.path.join(DATA_DIR, "es256_public_cert.pem"), "rb") as fh:
PUBLIC_CERT_BYTES = fh.read()

SERVICE_ACCOUNT_JSON_FILE = os.path.join(
DATA_DIR, 'es256_service_account.json')
SERVICE_ACCOUNT_JSON_FILE = os.path.join(DATA_DIR, "es256_service_account.json")

with open(SERVICE_ACCOUNT_JSON_FILE, 'r') as fh:
with open(SERVICE_ACCOUNT_JSON_FILE, "r") as fh:
SERVICE_ACCOUNT_INFO = json.load(fh)


class Testes256Verifier(object):
def test_verify_success(self):
to_sign = b'foo'
to_sign = b"foo"
signer = es256.ES256Signer.from_string(PRIVATE_KEY_BYTES)
actual_signature = signer.sign(to_sign)

verifier = es256.ES256Verifier.from_string(PUBLIC_KEY_BYTES)
assert verifier.verify(to_sign, actual_signature)

def test_verify_unicode_success(self):
to_sign = u'foo'
to_sign = u"foo"
signer = es256.ES256Signer.from_string(PRIVATE_KEY_BYTES)
actual_signature = signer.sign(to_sign)

Expand All @@ -68,10 +67,10 @@ def test_verify_unicode_success(self):

def test_verify_failure(self):
verifier = es256.ES256Verifier.from_string(PUBLIC_KEY_BYTES)
bad_signature1 = b''
assert not verifier.verify(b'foo', bad_signature1)
bad_signature2 = b'a'
assert not verifier.verify(b'foo', bad_signature2)
bad_signature1 = b""
assert not verifier.verify(b"foo", bad_signature1)
bad_signature2 = b"a"
assert not verifier.verify(b"foo", bad_signature2)

def test_from_string_pub_key(self):
verifier = es256.ES256Verifier.from_string(PUBLIC_KEY_BYTES)
Expand Down Expand Up @@ -109,16 +108,14 @@ def test_from_string_pkcs1_unicode(self):
assert isinstance(signer._key, ec.EllipticCurvePrivateKey)

def test_from_string_bogus_key(self):
key_bytes = 'bogus-key'
key_bytes = "bogus-key"
with pytest.raises(ValueError):
es256.ES256Signer.from_string(key_bytes)

def test_from_service_account_info(self):
signer = es256.ES256Signer.from_service_account_info(
SERVICE_ACCOUNT_INFO)
signer = es256.ES256Signer.from_service_account_info(SERVICE_ACCOUNT_INFO)

assert signer.key_id == SERVICE_ACCOUNT_INFO[
base._JSON_FILE_PRIVATE_KEY_ID]
assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID]
assert isinstance(signer._key, ec.EllipticCurvePrivateKey)

def test_from_service_account_info_missing_key(self):
Expand All @@ -128,9 +125,7 @@ def test_from_service_account_info_missing_key(self):
assert excinfo.match(base._JSON_FILE_PRIVATE_KEY)

def test_from_service_account_file(self):
signer = es256.ES256Signer.from_service_account_file(
SERVICE_ACCOUNT_JSON_FILE)
signer = es256.ES256Signer.from_service_account_file(SERVICE_ACCOUNT_JSON_FILE)

assert signer.key_id == SERVICE_ACCOUNT_INFO[
base._JSON_FILE_PRIVATE_KEY_ID]
assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID]
assert isinstance(signer._key, ec.EllipticCurvePrivateKey)
26 changes: 11 additions & 15 deletions tests/test_jwt.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,30 +202,26 @@ def test_decode_no_key_id(token_factory):


def test_decode_unknown_alg():
headers = json.dumps({u'kid': u'1', u'alg': u'fakealg'})
token = b'.'.join(map(lambda seg: base64.b64encode(seg.encode('utf-8')), [
headers,
u'{}',
u'sig'
]))
headers = json.dumps({u"kid": u"1", u"alg": u"fakealg"})
token = b".".join(
map(lambda seg: base64.b64encode(seg.encode("utf-8")), [headers, u"{}", u"sig"])
)

with pytest.raises(ValueError) as excinfo:
jwt.decode(token)
assert excinfo.match(r'fakealg')
assert excinfo.match(r"fakealg")


def test_decode_missing_crytography_alg(monkeypatch):
monkeypatch.delitem(jwt._ALGORITHM_TO_VERIFIER_CLASS, 'ES256')
headers = json.dumps({u'kid': u'1', u'alg': u'ES256'})
token = b'.'.join(map(lambda seg: base64.b64encode(seg.encode('utf-8')), [
headers,
u'{}',
u'sig'
]))
monkeypatch.delitem(jwt._ALGORITHM_TO_VERIFIER_CLASS, "ES256")
headers = json.dumps({u"kid": u"1", u"alg": u"ES256"})
token = b".".join(
map(lambda seg: base64.b64encode(seg.encode("utf-8")), [headers, u"{}", u"sig"])
)

with pytest.raises(ValueError) as excinfo:
jwt.decode(token)
assert excinfo.match(r'cryptography')
assert excinfo.match(r"cryptography")


def test_roundtrip_explicit_key_id(token_factory):
Expand Down

0 comments on commit ec189f2

Please sign in to comment.