diff options
author | Pat Ferate <pferate@gmail.com> | 2014-07-17 22:02:59 -0700 |
---|---|---|
committer | Pat Ferate <pferate@gmail.com> | 2014-07-17 22:02:59 -0700 |
commit | c3dd9ac7d363eb9e9071bdc4222cd119d030cc4f (patch) | |
tree | 3cef131ecef465786095837171e197e11ee7ae45 /oauth2client/crypt.py | |
parent | 287862496dbdfa51b4dd457e70b1e262e4538b24 (diff) | |
download | oauth2client-c3dd9ac7d363eb9e9071bdc4222cd119d030cc4f.tar.gz |
Try to handle either str or bytes when verifying signature.
Diffstat (limited to 'oauth2client/crypt.py')
-rwxr-xr-x | oauth2client/crypt.py | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/oauth2client/crypt.py b/oauth2client/crypt.py index 9ba8099..0b97e75 100755 --- a/oauth2client/crypt.py +++ b/oauth2client/crypt.py @@ -146,7 +146,7 @@ try: pkey = crypto.load_pkcs12(key, password).get_privatekey() except TypeError: # Failed as str, so let's try with bytes (probably 0.14+) - message = str.encode(password) + password = str.encode(password) pkey = crypto.load_pkcs12(key, password).get_privatekey() return OpenSSLSigner(pkey) @@ -368,7 +368,15 @@ def verify_signed_jwt_with_certs(jwt, certs, audience): if (len(segments) != 3): raise AppIdentityError( 'Wrong number of segments in token: %s' % jwt) - signed = str('%s.%s' % (segments[0], segments[1])) + signed = '%s.%s' % (segments[0], segments[1]) + try: + signed_bytes = str.encode(signed) + except TypeError: + signed_bytes = None + try: + signed_str = str(signed) + except TypeError: + signed_str = None signature = _urlsafe_b64decode(segments[2]) @@ -384,7 +392,12 @@ def verify_signed_jwt_with_certs(jwt, certs, audience): verified = False for (keyname, pem) in certs.items(): verifier = Verifier.from_string(pem, True) - if (verifier.verify(signed, signature)): + # Python2 + if (verifier.verify(signed_str, signature)): + verified = True + break + # Python3 + if (verifier.verify(signed_bytes, signature)): verified = True break if not verified: |