diff options
author | Danny Hermes <daniel.j.hermes@gmail.com> | 2015-08-19 22:03:50 -0700 |
---|---|---|
committer | Danny Hermes <daniel.j.hermes@gmail.com> | 2015-08-21 08:04:14 -0700 |
commit | 34c1ff543dd16edf58dcf5b336076cf27de3721a (patch) | |
tree | c4bfda94143239939a56cec584a5c707b87bcced /oauth2client/crypt.py | |
parent | 043e066e54d00bd3f8c5a90d2cb83292f30f8ede (diff) | |
download | oauth2client-34c1ff543dd16edf58dcf5b336076cf27de3721a.tar.gz |
Raw pep8ify changes.
Simply ran
pep8ify -w oauth2client/
pep8ify -w tests/
Diffstat (limited to 'oauth2client/crypt.py')
-rw-r--r-- | oauth2client/crypt.py | 164 |
1 files changed, 82 insertions, 82 deletions
diff --git a/oauth2client/crypt.py b/oauth2client/crypt.py index 75ecfd1..d5e18f4 100644 --- a/oauth2client/crypt.py +++ b/oauth2client/crypt.py @@ -25,51 +25,51 @@ from oauth2client._helpers import _to_bytes from oauth2client._helpers import _urlsafe_b64decode from oauth2client._helpers import _urlsafe_b64encode - CLOCK_SKEW_SECS = 300 # 5 minutes in seconds AUTH_TOKEN_LIFETIME_SECS = 300 # 5 minutes in seconds MAX_TOKEN_LIFETIME_SECS = 86400 # 1 day in seconds - logger = logging.getLogger(__name__) class AppIdentityError(Exception): - pass + pass try: - from oauth2client._openssl_crypt import OpenSSLVerifier - from oauth2client._openssl_crypt import OpenSSLSigner - from oauth2client._openssl_crypt import pkcs12_key_as_pem + from oauth2client._openssl_crypt import OpenSSLVerifier + from oauth2client._openssl_crypt import OpenSSLSigner + from oauth2client._openssl_crypt import pkcs12_key_as_pem except ImportError: - OpenSSLVerifier = None - OpenSSLSigner = None - def pkcs12_key_as_pem(*args, **kwargs): - raise NotImplementedError('pkcs12_key_as_pem requires OpenSSL.') + OpenSSLVerifier = None + OpenSSLSigner = None + + + def pkcs12_key_as_pem(*args, **kwargs): + raise NotImplementedError('pkcs12_key_as_pem requires OpenSSL.') try: - from oauth2client._pycrypto_crypt import PyCryptoVerifier - from oauth2client._pycrypto_crypt import PyCryptoSigner + from oauth2client._pycrypto_crypt import PyCryptoVerifier + from oauth2client._pycrypto_crypt import PyCryptoSigner except ImportError: - PyCryptoVerifier = None - PyCryptoSigner = None + PyCryptoVerifier = None + PyCryptoSigner = None if OpenSSLSigner: - Signer = OpenSSLSigner - Verifier = OpenSSLVerifier + Signer = OpenSSLSigner + Verifier = OpenSSLVerifier elif PyCryptoSigner: - Signer = PyCryptoSigner - Verifier = PyCryptoVerifier + Signer = PyCryptoSigner + Verifier = PyCryptoVerifier else: - raise ImportError('No encryption library found. Please install either ' + raise ImportError('No encryption library found. Please install either ' 'PyOpenSSL, or PyCrypto 2.6 or later') def make_signed_jwt(signer, payload): - """Make a signed JWT. + """Make a signed JWT. See http://self-issued.info/docs/draft-jones-json-web-token.html. @@ -80,24 +80,24 @@ def make_signed_jwt(signer, payload): Returns: string, The JWT for the payload. """ - header = {'typ': 'JWT', 'alg': 'RS256'} + header = {'typ': 'JWT', 'alg': 'RS256'} - segments = [ + segments = [ _urlsafe_b64encode(_json_encode(header)), _urlsafe_b64encode(_json_encode(payload)), - ] - signing_input = b'.'.join(segments) + ] + signing_input = b'.'.join(segments) - signature = signer.sign(signing_input) - segments.append(_urlsafe_b64encode(signature)) + signature = signer.sign(signing_input) + segments.append(_urlsafe_b64encode(signature)) - logger.debug(str(segments)) + logger.debug(str(segments)) - return b'.'.join(segments) + return b'.'.join(segments) def verify_signed_jwt_with_certs(jwt, certs, audience): - """Verify a JWT against public certs. + """Verify a JWT against public certs. See http://self-issued.info/docs/draft-jones-json-web-token.html. @@ -113,61 +113,61 @@ def verify_signed_jwt_with_certs(jwt, certs, audience): Raises: AppIdentityError if any checks are failed. """ - jwt = _to_bytes(jwt) - segments = jwt.split(b'.') - - if len(segments) != 3: - raise AppIdentityError('Wrong number of segments in token: %s' % jwt) - signed = segments[0] + b'.' + segments[1] - - signature = _urlsafe_b64decode(segments[2]) - - # Parse token. - json_body = _urlsafe_b64decode(segments[1]) - try: - parsed = json.loads(_from_bytes(json_body)) - except: - raise AppIdentityError('Can\'t parse token: %s' % json_body) - - # Check signature. - verified = False - for pem in certs.values(): - verifier = Verifier.from_string(pem, True) - if verifier.verify(signed, signature): - verified = True - break - if not verified: - raise AppIdentityError('Invalid token signature: %s' % jwt) - - # Check creation timestamp. - iat = parsed.get('iat') - if iat is None: - raise AppIdentityError('No iat field in token: %s' % json_body) - earliest = iat - CLOCK_SKEW_SECS - - # Check expiration timestamp. - now = int(time.time()) - exp = parsed.get('exp') - if exp is None: - raise AppIdentityError('No exp field in token: %s' % json_body) - if exp >= now + MAX_TOKEN_LIFETIME_SECS: - raise AppIdentityError('exp field too far in future: %s' % json_body) - latest = exp + CLOCK_SKEW_SECS - - if now < earliest: - raise AppIdentityError('Token used too early, %d < %d: %s' % + jwt = _to_bytes(jwt) + segments = jwt.split(b'.') + + if len(segments) != 3: + raise AppIdentityError('Wrong number of segments in token: %s' % jwt) + signed = segments[0] + b'.' + segments[1] + + signature = _urlsafe_b64decode(segments[2]) + + # Parse token. + json_body = _urlsafe_b64decode(segments[1]) + try: + parsed = json.loads(_from_bytes(json_body)) + except: + raise AppIdentityError('Can\'t parse token: %s' % json_body) + + # Check signature. + verified = False + for pem in certs.values(): + verifier = Verifier.from_string(pem, True) + if verifier.verify(signed, signature): + verified = True + break + if not verified: + raise AppIdentityError('Invalid token signature: %s' % jwt) + + # Check creation timestamp. + iat = parsed.get('iat') + if iat is None: + raise AppIdentityError('No iat field in token: %s' % json_body) + earliest = iat - CLOCK_SKEW_SECS + + # Check expiration timestamp. + now = int(time.time()) + exp = parsed.get('exp') + if exp is None: + raise AppIdentityError('No exp field in token: %s' % json_body) + if exp >= now + MAX_TOKEN_LIFETIME_SECS: + raise AppIdentityError('exp field too far in future: %s' % json_body) + latest = exp + CLOCK_SKEW_SECS + + if now < earliest: + raise AppIdentityError('Token used too early, %d < %d: %s' % (now, earliest, json_body)) - if now > latest: - raise AppIdentityError('Token used too late, %d > %d: %s' % + if now > latest: + raise AppIdentityError('Token used too late, %d > %d: %s' % (now, latest, json_body)) - # Check audience. - if audience is not None: - aud = parsed.get('aud') - if aud is None: - raise AppIdentityError('No aud field in token: %s' % json_body) - if aud != audience: - raise AppIdentityError('Wrong recipient, %s != %s: %s' % + # Check audience. + if audience is not None: + aud = parsed.get('aud') + if aud is None: + raise AppIdentityError('No aud field in token: %s' % json_body) + if aud != audience: + raise AppIdentityError('Wrong recipient, %s != %s: %s' % (aud, audience, json_body)) - return parsed + return parsed |