| Index: third_party/google-endpoints/oauth2client/_openssl_crypt.py
|
| diff --git a/third_party/google-endpoints/oauth2client/_openssl_crypt.py b/third_party/google-endpoints/oauth2client/_openssl_crypt.py
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..d024cf30aa5ac872af24e3e7ee3e33118c80a810
|
| --- /dev/null
|
| +++ b/third_party/google-endpoints/oauth2client/_openssl_crypt.py
|
| @@ -0,0 +1,139 @@
|
| +# Copyright 2015 Google Inc. All rights reserved.
|
| +#
|
| +# Licensed under the Apache License, Version 2.0 (the "License");
|
| +# you may not use this file except in compliance with the License.
|
| +# You may obtain a copy of the License at
|
| +#
|
| +# http://www.apache.org/licenses/LICENSE-2.0
|
| +#
|
| +# Unless required by applicable law or agreed to in writing, software
|
| +# distributed under the License is distributed on an "AS IS" BASIS,
|
| +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| +# See the License for the specific language governing permissions and
|
| +# limitations under the License.
|
| +"""OpenSSL Crypto-related routines for oauth2client."""
|
| +
|
| +import base64
|
| +
|
| +from OpenSSL import crypto
|
| +
|
| +from oauth2client._helpers import _parse_pem_key
|
| +from oauth2client._helpers import _to_bytes
|
| +
|
| +
|
| +class OpenSSLVerifier(object):
|
| + """Verifies the signature on a message."""
|
| +
|
| + def __init__(self, pubkey):
|
| + """Constructor.
|
| +
|
| + Args:
|
| + pubkey: OpenSSL.crypto.PKey, The public key to verify with.
|
| + """
|
| + self._pubkey = pubkey
|
| +
|
| + def verify(self, message, signature):
|
| + """Verifies a message against a signature.
|
| +
|
| + Args:
|
| + message: string or bytes, The message to verify. If string, will be
|
| + encoded to bytes as utf-8.
|
| + signature: string or bytes, The signature on the message. If string,
|
| + will be encoded to bytes as utf-8.
|
| +
|
| + Returns:
|
| + True if message was signed by the private key associated with the
|
| + public key that this object was constructed with.
|
| + """
|
| + message = _to_bytes(message, encoding='utf-8')
|
| + signature = _to_bytes(signature, encoding='utf-8')
|
| + try:
|
| + crypto.verify(self._pubkey, signature, message, 'sha256')
|
| + return True
|
| + except crypto.Error:
|
| + return False
|
| +
|
| + @staticmethod
|
| + def from_string(key_pem, is_x509_cert):
|
| + """Construct a Verified instance from a string.
|
| +
|
| + Args:
|
| + key_pem: string, public key in PEM format.
|
| + is_x509_cert: bool, True if key_pem is an X509 cert, otherwise it
|
| + is expected to be an RSA key in PEM format.
|
| +
|
| + Returns:
|
| + Verifier instance.
|
| +
|
| + Raises:
|
| + OpenSSL.crypto.Error: if the key_pem can't be parsed.
|
| + """
|
| + if is_x509_cert:
|
| + pubkey = crypto.load_certificate(crypto.FILETYPE_PEM, key_pem)
|
| + else:
|
| + pubkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key_pem)
|
| + return OpenSSLVerifier(pubkey)
|
| +
|
| +
|
| +class OpenSSLSigner(object):
|
| + """Signs messages with a private key."""
|
| +
|
| + def __init__(self, pkey):
|
| + """Constructor.
|
| +
|
| + Args:
|
| + pkey: OpenSSL.crypto.PKey (or equiv), The private key to sign with.
|
| + """
|
| + self._key = pkey
|
| +
|
| + def sign(self, message):
|
| + """Signs a message.
|
| +
|
| + Args:
|
| + message: bytes, Message to be signed.
|
| +
|
| + Returns:
|
| + string, The signature of the message for the given key.
|
| + """
|
| + message = _to_bytes(message, encoding='utf-8')
|
| + return crypto.sign(self._key, message, 'sha256')
|
| +
|
| + @staticmethod
|
| + def from_string(key, password=b'notasecret'):
|
| + """Construct a Signer instance from a string.
|
| +
|
| + Args:
|
| + key: string, private key in PKCS12 or PEM format.
|
| + password: string, password for the private key file.
|
| +
|
| + Returns:
|
| + Signer instance.
|
| +
|
| + Raises:
|
| + OpenSSL.crypto.Error if the key can't be parsed.
|
| + """
|
| + parsed_pem_key = _parse_pem_key(key)
|
| + if parsed_pem_key:
|
| + pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
|
| + else:
|
| + password = _to_bytes(password, encoding='utf-8')
|
| + pkey = crypto.load_pkcs12(key, password).get_privatekey()
|
| + return OpenSSLSigner(pkey)
|
| +
|
| +
|
| +def pkcs12_key_as_pem(private_key_text, private_key_password):
|
| + """Convert the contents of a PKCS12 key to PEM using OpenSSL.
|
| +
|
| + Args:
|
| + private_key_text: String. Private key.
|
| + private_key_password: String. Password for PKCS12.
|
| +
|
| + Returns:
|
| + String. PEM contents of ``private_key_text``.
|
| + """
|
| + decoded_body = base64.b64decode(private_key_text)
|
| + private_key_password = _to_bytes(private_key_password)
|
| +
|
| + pkcs12 = crypto.load_pkcs12(decoded_body, private_key_password)
|
| + return crypto.dump_privatekey(crypto.FILETYPE_PEM,
|
| + pkcs12.get_privatekey())
|
|
|
Chromium Code Reviews
Issue 2666783008:
Add google-endpoints to third_party/. (Closed)
