|
 |
b4b3ce |
diff -uNr a/bundled/gcp/google-cloud-sdk/lib/third_party/oauth2client/_pure_python_crypt.py b/bundled/gcp/google-cloud-sdk/lib/third_party/oauth2client/_pure_python_crypt.py
|
|
|
b4b3ce |
--- a/bundled/gcp/google-cloud-sdk/lib/third_party/oauth2client/_pure_python_crypt.py 1980-01-01 09:00:00.000000000 +0100
|
|
|
b4b3ce |
+++ b/bundled/gcp/google-cloud-sdk/lib/third_party/oauth2client/_pure_python_crypt.py 2019-04-04 11:56:00.292677044 +0200
|
|
|
b4b3ce |
@@ -19,8 +19,14 @@
|
|
|
b4b3ce |
certificates.
|
|
|
b4b3ce |
"""
|
|
|
b4b3ce |
|
|
|
b4b3ce |
+from pyasn1.codec.der import decoder
|
|
|
b4b3ce |
from pyasn1_modules import pem
|
|
|
b4b3ce |
-import rsa
|
|
|
b4b3ce |
+from pyasn1_modules.rfc2459 import Certificate
|
|
|
b4b3ce |
+from pyasn1_modules.rfc5208 import PrivateKeyInfo
|
|
|
b4b3ce |
+from cryptography.hazmat.primitives import serialization, hashes
|
|
|
b4b3ce |
+from cryptography.hazmat.primitives.asymmetric import padding
|
|
|
b4b3ce |
+from cryptography import x509
|
|
|
b4b3ce |
+from cryptography.hazmat.backends import default_backend
|
|
|
b4b3ce |
import six
|
|
|
b4b3ce |
|
|
|
b4b3ce |
from oauth2client import _helpers
|
|
|
b4b3ce |
@@ -40,7 +46,7 @@
|
|
|
b4b3ce |
'-----END RSA PRIVATE KEY-----')
|
|
|
b4b3ce |
_PKCS8_MARKER = ('-----BEGIN PRIVATE KEY-----',
|
|
|
b4b3ce |
'-----END PRIVATE KEY-----')
|
|
|
b4b3ce |
-_PKCS8_SPEC = None
|
|
|
b4b3ce |
+_PKCS8_SPEC = PrivateKeyInfo()
|
|
|
b4b3ce |
|
|
|
b4b3ce |
|
|
|
b4b3ce |
def _bit_list_to_bytes(bit_list):
|
|
|
b4b3ce |
@@ -67,7 +73,8 @@
|
|
|
b4b3ce |
"""
|
|
|
b4b3ce |
|
|
|
b4b3ce |
def __init__(self, pubkey):
|
|
|
b4b3ce |
- self._pubkey = pubkey
|
|
|
b4b3ce |
+ self._pubkey = serialization.load_pem_public_key(pubkey,
|
|
|
b4b3ce |
+ backend=default_backend())
|
|
|
b4b3ce |
|
|
|
b4b3ce |
def verify(self, message, signature):
|
|
|
b4b3ce |
"""Verifies a message against a signature.
|
|
|
b4b3ce |
@@ -84,8 +91,9 @@
|
|
|
b4b3ce |
"""
|
|
|
b4b3ce |
message = _helpers._to_bytes(message, encoding='utf-8')
|
|
|
b4b3ce |
try:
|
|
|
b4b3ce |
- return rsa.pkcs1.verify(message, signature, self._pubkey)
|
|
|
b4b3ce |
- except (ValueError, rsa.pkcs1.VerificationError):
|
|
|
b4b3ce |
+ return self._pubkey.verify(signature, message, padding.PKCS1v15(),
|
|
|
b4b3ce |
+ hashes.SHA256())
|
|
|
b4b3ce |
+ except (ValueError, TypeError, InvalidSignature):
|
|
|
b4b3ce |
return False
|
|
|
b4b3ce |
|
|
|
b4b3ce |
@classmethod
|
|
|
b4b3ce |
@@ -109,19 +117,18 @@
|
|
|
b4b3ce |
"""
|
|
|
b4b3ce |
key_pem = _helpers._to_bytes(key_pem)
|
|
|
b4b3ce |
if is_x509_cert:
|
|
|
b4b3ce |
- from pyasn1.codec.der import decoder
|
|
|
b4b3ce |
- from pyasn1_modules import rfc2459
|
|
|
b4b3ce |
-
|
|
|
b4b3ce |
- der = rsa.pem.load_pem(key_pem, 'CERTIFICATE')
|
|
|
b4b3ce |
- asn1_cert, remaining = decoder.decode(der, asn1Spec=rfc2459.Certificate())
|
|
|
b4b3ce |
+ der = x509.load_pem_x509_certificate(pem_data, default_backend())
|
|
|
b4b3ce |
+ asn1_cert, remaining = decoder.decode(der, asn1Spec=Certificate())
|
|
|
b4b3ce |
if remaining != b'':
|
|
|
b4b3ce |
raise ValueError('Unused bytes', remaining)
|
|
|
b4b3ce |
|
|
|
b4b3ce |
cert_info = asn1_cert['tbsCertificate']['subjectPublicKeyInfo']
|
|
|
b4b3ce |
key_bytes = _bit_list_to_bytes(cert_info['subjectPublicKey'])
|
|
|
b4b3ce |
- pubkey = rsa.PublicKey.load_pkcs1(key_bytes, 'DER')
|
|
|
b4b3ce |
+ pubkey = serialization.load_der_public_key(decoded_key,
|
|
|
b4b3ce |
+ backend=default_backend())
|
|
|
b4b3ce |
else:
|
|
|
b4b3ce |
- pubkey = rsa.PublicKey.load_pkcs1(key_pem, 'PEM')
|
|
|
b4b3ce |
+ pubkey = serialization.load_pem_public_key(decoded_key,
|
|
|
b4b3ce |
+ backend=default_backend())
|
|
|
b4b3ce |
return cls(pubkey)
|
|
|
b4b3ce |
|
|
|
b4b3ce |
|
|
|
b4b3ce |
@@ -134,6 +141,8 @@
|
|
|
b4b3ce |
|
|
|
b4b3ce |
def __init__(self, pkey):
|
|
|
b4b3ce |
self._key = pkey
|
|
|
b4b3ce |
+ self._pubkey = serialization.load_pem_private_key(pkey,
|
|
|
b4b3ce |
+ backend=default_backend())
|
|
|
b4b3ce |
|
|
|
b4b3ce |
def sign(self, message):
|
|
|
b4b3ce |
"""Signs a message.
|
|
|
b4b3ce |
@@ -145,7 +154,7 @@
|
|
|
b4b3ce |
string, The signature of the message for the given key.
|
|
|
b4b3ce |
"""
|
|
|
b4b3ce |
message = _helpers._to_bytes(message, encoding='utf-8')
|
|
|
b4b3ce |
- return rsa.pkcs1.sign(message, self._key, 'SHA-256')
|
|
|
b4b3ce |
+ return self._key.sign(message, padding.PKCS1v15(), hashes.SHA256())
|
|
|
b4b3ce |
|
|
|
b4b3ce |
@classmethod
|
|
|
b4b3ce |
def from_string(cls, key, password='notasecret'):
|
|
|
b4b3ce |
@@ -163,27 +172,24 @@
|
|
|
b4b3ce |
ValueError if the key cannot be parsed as PKCS#1 or PKCS#8 in
|
|
|
b4b3ce |
PEM format.
|
|
|
b4b3ce |
"""
|
|
|
b4b3ce |
- global _PKCS8_SPEC
|
|
|
b4b3ce |
key = _helpers._from_bytes(key) # pem expects str in Py3
|
|
|
b4b3ce |
marker_id, key_bytes = pem.readPemBlocksFromFile(
|
|
|
b4b3ce |
six.StringIO(key), _PKCS1_MARKER, _PKCS8_MARKER)
|
|
|
b4b3ce |
|
|
|
b4b3ce |
if marker_id == 0:
|
|
|
b4b3ce |
- pkey = rsa.key.PrivateKey.load_pkcs1(key_bytes,
|
|
|
b4b3ce |
- format='DER')
|
|
|
b4b3ce |
- elif marker_id == 1:
|
|
|
b4b3ce |
- from pyasn1.codec.der import decoder
|
|
|
b4b3ce |
- from pyasn1_modules import rfc5208
|
|
|
b4b3ce |
+ pkey = serialization.load_der_private_key(
|
|
|
b4b3ce |
+ key_bytes, password=None,
|
|
|
b4b3ce |
+ backend=default_backend())
|
|
|
b4b3ce |
|
|
|
b4b3ce |
- if _PKCS8_SPEC is None:
|
|
|
b4b3ce |
- _PKCS8_SPEC = rfc5208.PrivateKeyInfo()
|
|
|
b4b3ce |
+ elif marker_id == 1:
|
|
|
b4b3ce |
key_info, remaining = decoder.decode(
|
|
|
b4b3ce |
key_bytes, asn1Spec=_PKCS8_SPEC)
|
|
|
b4b3ce |
if remaining != b'':
|
|
|
b4b3ce |
raise ValueError('Unused bytes', remaining)
|
|
|
b4b3ce |
pkey_info = key_info.getComponentByName('privateKey')
|
|
|
b4b3ce |
- pkey = rsa.key.PrivateKey.load_pkcs1(pkey_info.asOctets(),
|
|
|
b4b3ce |
- format='DER')
|
|
|
b4b3ce |
+ pkey = serialization.load_der_private_key(
|
|
|
b4b3ce |
+ pkey_info.asOctets(), password=None,
|
|
|
b4b3ce |
+ backend=default_backend())
|
|
|
b4b3ce |
else:
|
|
|
b4b3ce |
raise ValueError('No key could be detected.')
|
|
|
b4b3ce |
|