From a17cafe8dad19f6c1c9bfea3df0e00dfd15e63e1 Mon Sep 17 00:00:00 2001 From: Danny Hermes Date: Fri, 16 Jan 2015 14:16:04 -0800 Subject: [PATCH] Removing hard dependency on PyOpenSSL. Requires oauth2client>=1.4.6. Also had to update storage/acl.py due to a change in PyLint that didn't like `self` as a kwarg to a str instance method --- gcloud/storage/acl.py | 6 ++--- gcloud/storage/connection.py | 9 +++---- gcloud/storage/test_connection.py | 41 +++++++++++++++++-------------- setup.py | 3 +-- 4 files changed, 29 insertions(+), 30 deletions(-) diff --git a/gcloud/storage/acl.py b/gcloud/storage/acl.py index ebd24910e1c0..f6671e524c98 100644 --- a/gcloud/storage/acl.py +++ b/gcloud/storage/acl.py @@ -108,11 +108,11 @@ def __str__(self): if not self.identifier: return str(self.type) else: - return '{self.type}-{self.identifier}'.format(self=self) + return '{acl.type}-{acl.identifier}'.format(acl=self) def __repr__(self): - return ''.format( - self=self, roles=', '.join(self.roles)) + return ''.format( + acl=self, roles=', '.join(self.roles)) def get_roles(self): """Get the list of roles permitted by this entity. diff --git a/gcloud/storage/connection.py b/gcloud/storage/connection.py index 74c2d046e89a..5abe7f57ef65 100644 --- a/gcloud/storage/connection.py +++ b/gcloud/storage/connection.py @@ -23,8 +23,8 @@ from Crypto.Hash import SHA256 from Crypto.PublicKey import RSA from Crypto.Signature import PKCS1_v1_5 -from OpenSSL import crypto from oauth2client import client +from oauth2client import crypt from oauth2client import service_account import pytz @@ -57,11 +57,8 @@ def _get_pem_key(credentials): """ if isinstance(credentials, client.SignedJwtAssertionCredentials): # Take our PKCS12 (.p12) key and make it into a RSA key we can use. - pkcs12 = crypto.load_pkcs12( - base64.b64decode(credentials.private_key), - 'notasecret') - pem_text = crypto.dump_privatekey( - crypto.FILETYPE_PEM, pkcs12.get_privatekey()) + pem_text = crypt.pkcs12_key_as_pem(credentials.private_key, + credentials.private_key_password) elif isinstance(credentials, service_account._ServiceAccountCredentials): pem_text = credentials._private_key_pkcs8_text else: diff --git a/gcloud/storage/test_connection.py b/gcloud/storage/test_connection.py index 03cfc9c1b565..1305324b7214 100644 --- a/gcloud/storage/test_connection.py +++ b/gcloud/storage/test_connection.py @@ -767,17 +767,23 @@ def test_bad_argument(self): self.assertRaises(TypeError, self._callFUT, None) def test_signed_jwt_for_p12(self): + import base64 from oauth2client import client from gcloud._testing import _Monkey from gcloud.storage import connection as MUT scopes = [] + PRIVATE_KEY = 'dummy_private_key_text' credentials = client.SignedJwtAssertionCredentials( - 'dummy_service_account_name', 'dummy_private_key_text', scopes) - crypto = _Crypto() + 'dummy_service_account_name', PRIVATE_KEY, scopes) + crypt = _Crypt() rsa = _RSA() - with _Monkey(MUT, crypto=crypto, RSA=rsa): + with _Monkey(MUT, crypt=crypt, RSA=rsa): result = self._callFUT(credentials) + + self.assertEqual(crypt._private_key_text, + base64.b64encode(PRIVATE_KEY)) + self.assertEqual(crypt._private_key_password, 'notasecret') self.assertEqual(result, 'imported:__PEM__') def test_service_account_via_json_key(self): @@ -816,7 +822,6 @@ def test_wrong_type(self): from gcloud._testing import _Monkey from gcloud.storage import connection as MUT - crypto = _Crypto() pkcs_v1_5 = _PKCS1_v1_5() rsa = _RSA() sha256 = _SHA256() @@ -827,7 +832,7 @@ def _get_pem_key(credentials): BAD_CREDENTIALS = None EXPIRATION = '100' SIGNATURE_STRING = 'dummy_signature' - with _Monkey(MUT, crypto=crypto, RSA=rsa, PKCS1_v1_5=pkcs_v1_5, + with _Monkey(MUT, RSA=rsa, PKCS1_v1_5=pkcs_v1_5, SHA256=sha256, _get_pem_key=_get_pem_key): self.assertRaises(NameError, self._callFUT, BAD_CREDENTIALS, EXPIRATION, SIGNATURE_STRING) @@ -837,17 +842,21 @@ def _run_test_with_credentials(self, credentials, account_name): from gcloud._testing import _Monkey from gcloud.storage import connection as MUT - crypto = _Crypto() + crypt = _Crypt() pkcs_v1_5 = _PKCS1_v1_5() rsa = _RSA() sha256 = _SHA256() EXPIRATION = '100' SIGNATURE_STRING = 'dummy_signature' - with _Monkey(MUT, crypto=crypto, RSA=rsa, PKCS1_v1_5=pkcs_v1_5, + with _Monkey(MUT, crypt=crypt, RSA=rsa, PKCS1_v1_5=pkcs_v1_5, SHA256=sha256): result = self._callFUT(credentials, EXPIRATION, SIGNATURE_STRING) + if crypt._pkcs12_key_as_pem_called: + self.assertEqual(crypt._private_key_text, + base64.b64encode('dummy_private_key_text')) + self.assertEqual(crypt._private_key_password, 'notasecret') self.assertEqual(sha256._signature_string, SIGNATURE_STRING) SIGNED = base64.b64encode('DEADBEEF') expected_query = { @@ -900,20 +909,14 @@ def request(self, **kw): return self._response, self._content -class _Crypto(object): - - FILETYPE_PEM = 'pem' - _loaded = _dumped = None - - def load_pkcs12(self, buffer, passphrase): - self._loaded = (buffer, passphrase) - return self +class _Crypt(object): - def get_privatekey(self): - return '__PKCS12__' + _pkcs12_key_as_pem_called = False - def dump_privatekey(self, type, pkey, cipher=None, passphrase=None): - self._dumped = (type, pkey, cipher, passphrase) + def pkcs12_key_as_pem(self, private_key_text, private_key_password): + self._pkcs12_key_as_pem_called = True + self._private_key_text = private_key_text + self._private_key_password = private_key_password return '__PEM__' diff --git a/setup.py b/setup.py index 5d273c26def4..ad871d9228da 100644 --- a/setup.py +++ b/setup.py @@ -13,10 +13,9 @@ REQUIREMENTS = [ 'httplib2', - 'oauth2client', + 'oauth2client >= 1.4.6', 'protobuf >= 2.5.0', 'pycrypto', - 'pyopenssl', 'pytz', 'six', ]