diff options
| author | INADA Naoki <inada-n@klab.com> | 2014-08-19 18:01:13 +0900 |
|---|---|---|
| committer | INADA Naoki <inada-n@klab.com> | 2014-08-19 18:01:13 +0900 |
| commit | 37988e40e54b9a7b2ce2200bb8d1fa85f7023b35 (patch) | |
| tree | b3d32528dfb12ffbd5091fd53f6737eb82d66433 /oauth2client/crypt.py | |
| parent | af79ce454246708a3eaa368f684db842dd3bd52d (diff) | |
| parent | ff74634c30ed501ba81df265d0a0f1ad4c9c7528 (diff) | |
| download | oauth2client-37988e40e54b9a7b2ce2200bb8d1fa85f7023b35.tar.gz | |
Merge branch 'master' into six-cleanup
Conflicts:
oauth2client/client.py
oauth2client/clientsecrets.py
oauth2client/crypt.py
oauth2client/file.py
oauth2client/gce.py
oauth2client/multistore_file.py
oauth2client/service_account.py
oauth2client/tools.py
oauth2client/util.py
tests/test_jwt.py
tests/test_oauth2client.py
tests/test_service_account.py
uritemplate/__init__.py
Diffstat (limited to 'oauth2client/crypt.py')
| -rw-r--r-- | oauth2client/crypt.py | 31 |
1 files changed, 14 insertions, 17 deletions
diff --git a/oauth2client/crypt.py b/oauth2client/crypt.py index 9b5172a..b301be7 100644 --- a/oauth2client/crypt.py +++ b/oauth2client/crypt.py @@ -16,15 +16,14 @@ import base64 import hashlib +import json import logging +import sys import time -import sys -if sys.version > '3': +if sys.version_info[0] >= 3: long = int -from oauth2client.anyjson import simplejson - CLOCK_SKEW_SECS = 300 # 5 minutes in seconds AUTH_TOKEN_LIFETIME_SECS = 300 # 5 minutes in seconds @@ -314,7 +313,7 @@ def _urlsafe_b64decode(b64string): def _json_encode(data): - return simplejson.dumps(data, separators = (',', ':')) + return json.dumps(data, separators = (',', ':')) def make_signed_jwt(signer, payload): @@ -364,9 +363,8 @@ def verify_signed_jwt_with_certs(jwt, certs, audience): """ segments = jwt.split('.') - if (len(segments) != 3): - raise AppIdentityError( - 'Wrong number of segments in token: %s' % jwt) + if len(segments) != 3: + raise AppIdentityError('Wrong number of segments in token: %s' % jwt) signed = '%s.%s' % (segments[0], segments[1]) try: signed_bytes = str.encode(signed) @@ -383,20 +381,20 @@ def verify_signed_jwt_with_certs(jwt, certs, audience): json_body = _urlsafe_b64decode(segments[1]) try: json_body = bytes.decode(json_body) - parsed = simplejson.loads(json_body) + parsed = json.loads(json_body) except: raise AppIdentityError('Can\'t parse token: %s' % json_body) # Check signature. verified = False - for (keyname, pem) in certs.items(): + for _, pem in certs.items(): verifier = Verifier.from_string(pem, True) # Python2 - if (verifier.verify(signed_str, signature)): + if verifier.verify(signed_str, signature): verified = True break # Python3 - if (verifier.verify(signed_bytes, signature)): + if verifier.verify(signed_bytes, signature): verified = True break if not verified: @@ -414,16 +412,15 @@ def verify_signed_jwt_with_certs(jwt, certs, audience): if exp is None: raise AppIdentityError('No exp field in token: %s' % json_body) if exp >= now + MAX_TOKEN_LIFETIME_SECS: - raise AppIdentityError( - 'exp field too far in future: %s' % json_body) + raise AppIdentityError('exp field too far in future: %s' % json_body) latest = exp + CLOCK_SKEW_SECS if now < earliest: raise AppIdentityError('Token used too early, %d < %d: %s' % - (now, earliest, json_body)) + (now, earliest, json_body)) if now > latest: raise AppIdentityError('Token used too late, %d > %d: %s' % - (now, latest, json_body)) + (now, latest, json_body)) # Check audience. if audience is not None: @@ -432,6 +429,6 @@ def verify_signed_jwt_with_certs(jwt, certs, audience): raise AppIdentityError('No aud field in token: %s' % json_body) if aud != audience: raise AppIdentityError('Wrong recipient, %s != %s: %s' % - (aud, audience, json_body)) + (aud, audience, json_body)) return parsed |