Adding `cryptography` Signer. #185

dhermes · 2017-08-05T15:09:49Z

Fixes #183.

NOTE: This change is incomplete. It needs unit tests and a Verifier implementation.

Big H/T to @arthurdarcet for the implementation.

google/auth/_service_account_info.py

+if _cryptography_impl is None:
+    DefaultSigner = crypt.RSASigner
+else:
+    DefaultSigner = _cryptography_impl.CryptographySigner


google/auth/crypt.py

@@ -206,7 +206,59 @@ def sign(self, message):
        raise NotImplementedError('Sign must be implemented')


-class RSASigner(Signer):
+class _FromServiceAccountMixin(object):


theacodes · 2017-08-07T22:44:06Z

@dhermes how would you feel about splitting crypt into a package with the following structure?

crypt/
    __init__.py
    _helpers.py
    base.py
    rsa.py
    _python_rsa.py
    _cryptography_rsa.py
    ecc.py

__init__.py could keep the current module's interface and rsa could conditionally import the classes from _cryptography_rsa.py or fallback to _python_rsa.py.

dhermes · 2017-08-07T22:49:55Z

SGTM. Care to do the re-org in a separate PR without the cryptography impl. and then I can rebase this PR after that?

theacodes · 2017-08-07T22:50:35Z

Ya. Will do (soonish, I hope)

theacodes · 2017-08-11T21:37:27Z

Alright, with #189 in you should be good to rebase. :)

google/auth/crypt/base.py

@@ -62,3 +68,51 @@ def sign(self, message):
        # pylint: disable=missing-raises-doc,redundant-returns-doc
        # (pylint doesn't recognize that this is abstract)
        raise NotImplementedError('Sign must be implemented')
+
+
+class _FromServiceAccountMixin(object):


google/auth/crypt/rsa.py

+    from google.auth.crypt import _python_rsa
+
+    RSASigner = _python_rsa.RSASigner
+    RSAVerifier = _python_rsa.RSAVerifier


dhermes · 2017-08-11T22:56:09Z

@jonparrott Officially rebased (unit tests and Verifier impl. still not done)

theacodes

Looks mostly good so far.

google/auth/crypt/_cryptography_rsa.py

+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Verifier and signer that use the ``cryptography`` library.


google/auth/crypt/_cryptography_rsa.py

+_SHA256 = hashes.SHA256()
+
+
+class CryptographySigner(base.Signer, base._FromServiceAccountMixin):


google/auth/crypt/base.py

@@ -62,3 +68,51 @@ def sign(self, message):
        # pylint: disable=missing-raises-doc,redundant-returns-doc
        # (pylint doesn't recognize that this is abstract)
        raise NotImplementedError('Sign must be implemented')
+
+
+class _FromServiceAccountMixin(object):


google/auth/crypt/rsa.py

+    from google.auth.crypt import _python_rsa
+
+    RSASigner = _python_rsa.RSASigner
+    RSAVerifier = _python_rsa.RSAVerifier


dhermes · 2017-08-14T16:39:45Z

@jonparrott Updates sent for your review comments (including CryptographySigner -> RSASigner)

thomas-riccardi · 2017-12-20T13:38:32Z

Is there any plan to complete this PR?

theacodes · 2018-01-02T17:34:14Z

@thomas-riccardi yes, it's just low on the list as we already have working implementation here and this is just a "speed up" PR.

dhermes · 2018-01-02T17:45:55Z

@thomas-riccardi We don't actually have a local "expert" that knows the relevant methods to use for Verifier, so changes are welcome.

@jonparrott We could factor out the base class parts so this PR was more focused, but I don't know if it's worth it.

theacodes · 2018-01-02T17:49:23Z

@jonparrott We could factor out the base class parts so this PR was more focused, but I don't know if it's worth it.

Up to you.

Fixes googleapis#183. NOTE: This change is incomplete. It needs unit tests and a Verifier implementation.

Also making "RSA" explicit in `_cryptography_rsa` module docstring.

theacodes · 2018-02-08T23:21:46Z

Alright, I've brought this to the finish line with tests and a verifier implementation. Thank you @dhermes for getting this party started.

Will merge once CI is green. :)

dhermes · 2018-02-12T18:51:26Z

Thanks @jonparrott!

dhermes commented Aug 5, 2017

View reviewed changes

dhermes force-pushed the fix-183 branch from da12565 to 17c3414 Compare August 11, 2017 22:54

dhermes commented Aug 11, 2017

View reviewed changes

google/auth/crypt/rsa.py Outdated

from google.auth.crypt import _python_rsa

RSASigner = _python_rsa.RSASigner

RSAVerifier = _python_rsa.RSAVerifier

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

theacodes reviewed Aug 14, 2017

View reviewed changes

dhermes and others added 5 commits February 8, 2018 15:09

Adding cryptography Signer.

b70bb8e

Fixes googleapis#183. NOTE: This change is incomplete. It needs unit tests and a Verifier implementation.

Renaming cryptography signer.

feb9676

Also making "RSA" explicit in `_cryptography_rsa` module docstring.

A little reorganization and a few tests

b20aaa2

Flesh out verifier implementation

5644abb

Final cleanup

b26c210

theacodes force-pushed the fix-183 branch from a414ddb to b26c210 Compare February 8, 2018 23:20

theacodes approved these changes Feb 8, 2018

View reviewed changes

Oops

6868b71

theacodes merged commit 1cd8390 into googleapis:master Feb 8, 2018

dhermes deleted the fix-183 branch February 12, 2018 18:51

ktdreyer mentioned this pull request Jan 12, 2022

require cryptography in packaging metadata (and remove rsa) #941

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Adding `cryptography` Signer. #185

Adding `cryptography` Signer. #185

dhermes commented Aug 5, 2017 •

edited

Loading

This comment was marked as spam.

This comment was marked as spam.

theacodes commented Aug 7, 2017

dhermes commented Aug 7, 2017

theacodes commented Aug 7, 2017

theacodes commented Aug 11, 2017

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

dhermes commented Aug 11, 2017

theacodes left a comment

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

dhermes commented Aug 14, 2017

thomas-riccardi commented Dec 20, 2017

theacodes commented Jan 2, 2018

dhermes commented Jan 2, 2018

theacodes commented Jan 2, 2018

theacodes commented Feb 8, 2018

dhermes commented Feb 12, 2018

		_SHA256 = hashes.SHA256()


		class CryptographySigner(base.Signer, base._FromServiceAccountMixin):

Adding cryptography Signer. #185

Adding cryptography Signer. #185

Conversation

dhermes commented Aug 5, 2017 • edited Loading

This comment was marked as spam.

This comment was marked as spam.

theacodes commented Aug 7, 2017

dhermes commented Aug 7, 2017

theacodes commented Aug 7, 2017

theacodes commented Aug 11, 2017

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

dhermes commented Aug 11, 2017

theacodes left a comment

Choose a reason for hiding this comment

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

dhermes commented Aug 14, 2017

thomas-riccardi commented Dec 20, 2017

theacodes commented Jan 2, 2018

dhermes commented Jan 2, 2018

theacodes commented Jan 2, 2018

theacodes commented Feb 8, 2018

dhermes commented Feb 12, 2018

Adding `cryptography` Signer. #185

Adding `cryptography` Signer. #185

dhermes commented Aug 5, 2017 •

edited

Loading