Removing hard dependency on PyOpenSSL.

gcloud/storage/acl.py

@@ -108,11 +108,11 @@ def __str__(self):
         if not self.identifier:
             return str(self.type)
         else:
-            return '{self.type}-{self.identifier}'.format(self=self)
+            return '{acl.type}-{acl.identifier}'.format(acl=self)
 
     def __repr__(self):
-        return '<ACL Entity: {self} ({roles})>'.format(
-            self=self, roles=', '.join(self.roles))
+        return '<ACL Entity: {acl} ({roles})>'.format(
+            acl=self, roles=', '.join(self.roles))
 
     def get_roles(self):
         """Get the list of roles permitted by this entity.

gcloud/storage/connection.py

@@ -23,8 +23,8 @@
 from Crypto.Hash import SHA256
 from Crypto.PublicKey import RSA
 from Crypto.Signature import PKCS1_v1_5
-from OpenSSL import crypto
 from oauth2client import client
+from oauth2client import crypt
 from oauth2client import service_account
 import pytz
 
@@ -57,11 +57,8 @@ def _get_pem_key(credentials):
     """
     if isinstance(credentials, client.SignedJwtAssertionCredentials):
         # Take our PKCS12 (.p12) key and make it into a RSA key we can use.
-        pkcs12 = crypto.load_pkcs12(
-            base64.b64decode(credentials.private_key),
-            'notasecret')
-        pem_text = crypto.dump_privatekey(
-            crypto.FILETYPE_PEM, pkcs12.get_privatekey())
+        pem_text = crypt.pkcs12_key_as_pem(credentials.private_key,
+                                           credentials.private_key_password)
     elif isinstance(credentials, service_account._ServiceAccountCredentials):
         pem_text = credentials._private_key_pkcs8_text
     else:

gcloud/storage/test_connection.py

@@ -767,17 +767,23 @@ def test_bad_argument(self):
         self.assertRaises(TypeError, self._callFUT, None)
 
     def test_signed_jwt_for_p12(self):
+        import base64
         from oauth2client import client
         from gcloud._testing import _Monkey
         from gcloud.storage import connection as MUT
 
         scopes = []
+        PRIVATE_KEY = 'dummy_private_key_text'
         credentials = client.SignedJwtAssertionCredentials(
-            'dummy_service_account_name', 'dummy_private_key_text', scopes)
-        crypto = _Crypto()
+            'dummy_service_account_name', PRIVATE_KEY, scopes)
+        crypt = _Crypt()
         rsa = _RSA()
-        with _Monkey(MUT, crypto=crypto, RSA=rsa):
+        with _Monkey(MUT, crypt=crypt, RSA=rsa):
             result = self._callFUT(credentials)
+
+        self.assertEqual(crypt._private_key_text,
+                         base64.b64encode(PRIVATE_KEY))
+        self.assertEqual(crypt._private_key_password, 'notasecret')
         self.assertEqual(result, 'imported:__PEM__')
 
     def test_service_account_via_json_key(self):
@@ -816,7 +822,6 @@ def test_wrong_type(self):
         from gcloud._testing import _Monkey
         from gcloud.storage import connection as MUT
 
-        crypto = _Crypto()
         pkcs_v1_5 = _PKCS1_v1_5()
         rsa = _RSA()
         sha256 = _SHA256()
@@ -827,7 +832,7 @@ def _get_pem_key(credentials):
         BAD_CREDENTIALS = None
         EXPIRATION = '100'
         SIGNATURE_STRING = 'dummy_signature'
-        with _Monkey(MUT, crypto=crypto, RSA=rsa, PKCS1_v1_5=pkcs_v1_5,
+        with _Monkey(MUT, RSA=rsa, PKCS1_v1_5=pkcs_v1_5,
                      SHA256=sha256, _get_pem_key=_get_pem_key):
             self.assertRaises(NameError, self._callFUT,
                               BAD_CREDENTIALS, EXPIRATION, SIGNATURE_STRING)
@@ -837,17 +842,21 @@ def _run_test_with_credentials(self, credentials, account_name):
         from gcloud._testing import _Monkey
         from gcloud.storage import connection as MUT
 
-        crypto = _Crypto()
+        crypt = _Crypt()
         pkcs_v1_5 = _PKCS1_v1_5()
         rsa = _RSA()
         sha256 = _SHA256()
 
         EXPIRATION = '100'
         SIGNATURE_STRING = 'dummy_signature'
-        with _Monkey(MUT, crypto=crypto, RSA=rsa, PKCS1_v1_5=pkcs_v1_5,
+        with _Monkey(MUT, crypt=crypt, RSA=rsa, PKCS1_v1_5=pkcs_v1_5,
                      SHA256=sha256):
             result = self._callFUT(credentials, EXPIRATION, SIGNATURE_STRING)
 
+        if crypt._pkcs12_key_as_pem_called:
+            self.assertEqual(crypt._private_key_text,
+                             base64.b64encode('dummy_private_key_text'))
+            self.assertEqual(crypt._private_key_password, 'notasecret')
         self.assertEqual(sha256._signature_string, SIGNATURE_STRING)
         SIGNED = base64.b64encode('DEADBEEF')
         expected_query = {
@@ -900,20 +909,14 @@ def request(self, **kw):
         return self._response, self._content
 
 
-class _Crypto(object):
-
-    FILETYPE_PEM = 'pem'
-    _loaded = _dumped = None
-
-    def load_pkcs12(self, buffer, passphrase):
-        self._loaded = (buffer, passphrase)
-        return self
+class _Crypt(object):
 
-    def get_privatekey(self):
-        return '__PKCS12__'
+    _pkcs12_key_as_pem_called = False
 
-    def dump_privatekey(self, type, pkey, cipher=None, passphrase=None):
-        self._dumped = (type, pkey, cipher, passphrase)
+    def pkcs12_key_as_pem(self, private_key_text, private_key_password):
+        self._pkcs12_key_as_pem_called = True
+        self._private_key_text = private_key_text
+        self._private_key_password = private_key_password
         return '__PEM__'
 
 

setup.py

@@ -13,10 +13,9 @@
 
 REQUIREMENTS = [
     'httplib2',
-    'oauth2client',
+    'oauth2client >= 1.4.6',
     'protobuf >= 2.5.0',
     'pycrypto',
-    'pyopenssl',
     'pytz',
     'six',
 ]