Blame SOURCES/9-google-cloud-sdk-oauth2client-python-rsa-to-cryptography.patch

05afe3
diff -uNr a/bundled/gcp/google-cloud-sdk/lib/third_party/oauth2client/_pure_python_crypt.py b/bundled/gcp/google-cloud-sdk/lib/third_party/oauth2client/_pure_python_crypt.py
4d1913
--- a/bundled/gcp/google-cloud-sdk/lib/third_party/oauth2client/_pure_python_crypt.py	1980-01-01 09:00:00.000000000 +0100
4d1913
+++ b/bundled/gcp/google-cloud-sdk/lib/third_party/oauth2client/_pure_python_crypt.py	2019-04-04 11:56:00.292677044 +0200
4d1913
@@ -19,8 +19,14 @@
4d1913
 certificates.
4d1913
 """
4d1913
 
4d1913
+from pyasn1.codec.der import decoder
05afe3
 from pyasn1_modules import pem
05afe3
-import rsa
4d1913
+from pyasn1_modules.rfc2459 import Certificate
4d1913
+from pyasn1_modules.rfc5208 import PrivateKeyInfo
05afe3
+from cryptography.hazmat.primitives import serialization, hashes
05afe3
+from cryptography.hazmat.primitives.asymmetric import padding
05afe3
+from cryptography import x509
05afe3
+from cryptography.hazmat.backends import default_backend
05afe3
 import six
05afe3
 
05afe3
 from oauth2client import _helpers
4d1913
@@ -40,7 +46,7 @@
4d1913
                  '-----END RSA PRIVATE KEY-----')
4d1913
 _PKCS8_MARKER = ('-----BEGIN PRIVATE KEY-----',
4d1913
                  '-----END PRIVATE KEY-----')
4d1913
-_PKCS8_SPEC = None
4d1913
+_PKCS8_SPEC = PrivateKeyInfo()
4d1913
 
4d1913
 
4d1913
 def _bit_list_to_bytes(bit_list):
4d1913
@@ -67,7 +73,8 @@
05afe3
     """
05afe3
 
05afe3
     def __init__(self, pubkey):
05afe3
-        self._pubkey = pubkey
05afe3
+        self._pubkey = serialization.load_pem_public_key(pubkey,
05afe3
+            backend=default_backend())
05afe3
 
05afe3
     def verify(self, message, signature):
05afe3
         """Verifies a message against a signature.
4d1913
@@ -84,8 +91,9 @@
05afe3
         """
05afe3
         message = _helpers._to_bytes(message, encoding='utf-8')
05afe3
         try:
05afe3
-            return rsa.pkcs1.verify(message, signature, self._pubkey)
05afe3
-        except (ValueError, rsa.pkcs1.VerificationError):
05afe3
+            return self._pubkey.verify(signature, message, padding.PKCS1v15(),
05afe3
+                hashes.SHA256())
05afe3
+        except (ValueError, TypeError, InvalidSignature):
05afe3
             return False
05afe3
 
05afe3
     @classmethod
4d1913
@@ -109,19 +117,18 @@
05afe3
         """
05afe3
         key_pem = _helpers._to_bytes(key_pem)
05afe3
         if is_x509_cert:
4d1913
-            from pyasn1.codec.der import decoder
4d1913
-            from pyasn1_modules import rfc2459
4d1913
-
05afe3
-            der = rsa.pem.load_pem(key_pem, 'CERTIFICATE')
4d1913
-            asn1_cert, remaining = decoder.decode(der, asn1Spec=rfc2459.Certificate())
05afe3
+            der = x509.load_pem_x509_certificate(pem_data, default_backend())
4d1913
+            asn1_cert, remaining = decoder.decode(der, asn1Spec=Certificate())
05afe3
             if remaining != b'':
05afe3
                 raise ValueError('Unused bytes', remaining)
05afe3
 
05afe3
             cert_info = asn1_cert['tbsCertificate']['subjectPublicKeyInfo']
05afe3
             key_bytes = _bit_list_to_bytes(cert_info['subjectPublicKey'])
05afe3
-            pubkey = rsa.PublicKey.load_pkcs1(key_bytes, 'DER')
05afe3
+            pubkey = serialization.load_der_public_key(decoded_key,
05afe3
+                backend=default_backend())
05afe3
         else:
05afe3
-            pubkey = rsa.PublicKey.load_pkcs1(key_pem, 'PEM')
05afe3
+            pubkey = serialization.load_pem_public_key(decoded_key,
05afe3
+                backend=default_backend())
05afe3
         return cls(pubkey)
05afe3
 
05afe3
 
05afe3
@@ -134,6 +141,8 @@
05afe3
 
05afe3
     def __init__(self, pkey):
05afe3
         self._key = pkey
05afe3
+        self._pubkey = serialization.load_pem_private_key(pkey,
05afe3
+            backend=default_backend())
05afe3
 
05afe3
     def sign(self, message):
05afe3
         """Signs a message.
05afe3
@@ -145,7 +154,7 @@
05afe3
             string, The signature of the message for the given key.
05afe3
         """
05afe3
         message = _helpers._to_bytes(message, encoding='utf-8')
05afe3
-        return rsa.pkcs1.sign(message, self._key, 'SHA-256')
05afe3
+        return self._key.sign(message, padding.PKCS1v15(), hashes.SHA256())
05afe3
 
05afe3
     @classmethod
05afe3
     def from_string(cls, key, password='notasecret'):
4d1913
@@ -163,27 +172,24 @@
4d1913
             ValueError if the key cannot be parsed as PKCS#1 or PKCS#8 in
4d1913
             PEM format.
4d1913
         """
4d1913
-        global _PKCS8_SPEC
4d1913
         key = _helpers._from_bytes(key)  # pem expects str in Py3
4d1913
         marker_id, key_bytes = pem.readPemBlocksFromFile(
05afe3
             six.StringIO(key), _PKCS1_MARKER, _PKCS8_MARKER)
05afe3
 
05afe3
         if marker_id == 0:
05afe3
-            pkey = rsa.key.PrivateKey.load_pkcs1(key_bytes,
05afe3
-                                                 format='DER')
4d1913
-        elif marker_id == 1:
4d1913
-            from pyasn1.codec.der import decoder
4d1913
-            from pyasn1_modules import rfc5208
05afe3
+            pkey = serialization.load_der_private_key(
05afe3
+                key_bytes, password=None,
05afe3
+                backend=default_backend())
4d1913
 
4d1913
-            if _PKCS8_SPEC is None:
4d1913
-              _PKCS8_SPEC = rfc5208.PrivateKeyInfo()
4d1913
+        elif marker_id == 1:
05afe3
             key_info, remaining = decoder.decode(
05afe3
                 key_bytes, asn1Spec=_PKCS8_SPEC)
05afe3
             if remaining != b'':
05afe3
                 raise ValueError('Unused bytes', remaining)
05afe3
             pkey_info = key_info.getComponentByName('privateKey')
05afe3
-            pkey = rsa.key.PrivateKey.load_pkcs1(pkey_info.asOctets(),
05afe3
-                                                 format='DER')
05afe3
+            pkey = serialization.load_der_private_key(
05afe3
+                pkey_info.asOctets(), password=None,
05afe3
+                backend=default_backend())
05afe3
         else:
05afe3
             raise ValueError('No key could be detected.')
05afe3