RubyGems - gcloud - Versions diffs - 0.0.2 → 0.0.4 - Mend

gcloud 0.0.2 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

data/packages/gcutil-1.7.1/lib/google_api_python_client/oauth2client/clientsecrets.py ADDED Viewed

@@ -0,0 +1,105 @@
+# Copyright (C) 2011 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Utilities for reading OAuth 2.0 client secret files.
+A client_secrets.json file contains all the information needed to interact with
+an OAuth 2.0 protected service.
+"""
+from anyjson import simplejson
+# Properties that make a client_secrets.json file valid.
+TYPE_WEB = 'web'
+TYPE_INSTALLED = 'installed'
+VALID_CLIENT = {
+    TYPE_WEB: {
+        'required': [
+            'client_id',
+            'client_secret',
+            'redirect_uris',
+            'auth_uri',
+            'token_uri'],
+        'string': [
+            'client_id',
+            'client_secret'
+            ]
+        },
+    TYPE_INSTALLED: {
+        'required': [
+            'client_id',
+            'client_secret',
+            'redirect_uris',
+            'auth_uri',
+            'token_uri'],
+        'string': [
+            'client_id',
+            'client_secret'
+            ]
+      }
+    }
+class Error(Exception):
+  """Base error for this module."""
+  pass
+class InvalidClientSecretsError(Error):
+  """Format of ClientSecrets file is invalid."""
+  pass
+def _validate_clientsecrets(obj):
+  if obj is None or len(obj) != 1:
+    raise InvalidClientSecretsError('Invalid file format.')
+  client_type = obj.keys()[0]
+  if client_type not in VALID_CLIENT.keys():
+    raise InvalidClientSecretsError('Unknown client type: %s.' % client_type)
+  client_info = obj[client_type]
+  for prop_name in VALID_CLIENT[client_type]['required']:
+    if prop_name not in client_info:
+      raise InvalidClientSecretsError(
+        'Missing property "%s" in a client type of "%s".' % (prop_name,
+                                                           client_type))
+  for prop_name in VALID_CLIENT[client_type]['string']:
+    if client_info[prop_name].startswith('[['):
+      raise InvalidClientSecretsError(
+        'Property "%s" is not configured.' % prop_name)
+  return client_type, client_info
+def load(fp):
+  obj = simplejson.load(fp)
+  return _validate_clientsecrets(obj)
+def loads(s):
+  obj = simplejson.loads(s)
+  return _validate_clientsecrets(obj)
+def loadfile(filename):
+  try:
+    fp = file(filename, 'r')
+    try:
+      obj = simplejson.load(fp)
+    finally:
+      fp.close()
+  except IOError:
+    raise InvalidClientSecretsError('File not found: "%s"' % filename)
+  return _validate_clientsecrets(obj)

data/packages/gcutil-1.7.1/lib/google_api_python_client/oauth2client/crypt.py ADDED Viewed

@@ -0,0 +1,244 @@
+#!/usr/bin/python2.4
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2011 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import base64
+import hashlib
+import logging
+import time
+from OpenSSL import crypto
+from anyjson import simplejson
+CLOCK_SKEW_SECS = 300  # 5 minutes in seconds
+AUTH_TOKEN_LIFETIME_SECS = 300  # 5 minutes in seconds
+MAX_TOKEN_LIFETIME_SECS = 86400  # 1 day in seconds
+class AppIdentityError(Exception):
+  pass
+class Verifier(object):
+  """Verifies the signature on a message."""
+  def __init__(self, pubkey):
+    """Constructor.
+    Args:
+      pubkey, OpenSSL.crypto.PKey, The public key to verify with.
+    """
+    self._pubkey = pubkey
+  def verify(self, message, signature):
+    """Verifies a message against a signature.
+    Args:
+      message: string, The message to verify.
+      signature: string, The signature on the message.
+    Returns:
+      True if message was singed by the private key associated with the public
+      key that this object was constructed with.
+    """
+    try:
+      crypto.verify(self._pubkey, signature, message, 'sha256')
+      return True
+    except:
+      return False
+  @staticmethod
+  def from_string(key_pem, is_x509_cert):
+    """Construct a Verified instance from a string.
+    Args:
+      key_pem: string, public key in PEM format.
+      is_x509_cert: bool, True if key_pem is an X509 cert, otherwise it is
+        expected to be an RSA key in PEM format.
+    Returns:
+      Verifier instance.
+    Raises:
+      OpenSSL.crypto.Error if the key_pem can't be parsed.
+    """
+    if is_x509_cert:
+      pubkey = crypto.load_certificate(crypto.FILETYPE_PEM, key_pem)
+    else:
+      pubkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key_pem)
+    return Verifier(pubkey)
+class Signer(object):
+  """Signs messages with a private key."""
+  def __init__(self, pkey):
+    """Constructor.
+    Args:
+      pkey, OpenSSL.crypto.PKey, The private key to sign with.
+    """
+    self._key = pkey
+  def sign(self, message):
+    """Signs a message.
+    Args:
+      message: string, Message to be signed.
+    Returns:
+      string, The signature of the message for the given key.
+    """
+    return crypto.sign(self._key, message, 'sha256')
+  @staticmethod
+  def from_string(key, password='notasecret'):
+    """Construct a Signer instance from a string.
+    Args:
+      key: string, private key in P12 format.
+      password: string, password for the private key file.
+    Returns:
+      Signer instance.
+    Raises:
+      OpenSSL.crypto.Error if the key can't be parsed.
+    """
+    pkey = crypto.load_pkcs12(key, password).get_privatekey()
+    return Signer(pkey)
+def _urlsafe_b64encode(raw_bytes):
+  return base64.urlsafe_b64encode(raw_bytes).rstrip('=')
+def _urlsafe_b64decode(b64string):
+  # Guard against unicode strings, which base64 can't handle.
+  b64string = b64string.encode('ascii')
+  padded = b64string + '=' * (4 - len(b64string) % 4)
+  return base64.urlsafe_b64decode(padded)
+def _json_encode(data):
+  return simplejson.dumps(data, separators = (',', ':'))
+def make_signed_jwt(signer, payload):
+  """Make a signed JWT.
+  See http://self-issued.info/docs/draft-jones-json-web-token.html.
+  Args:
+    signer: crypt.Signer, Cryptographic signer.
+    payload: dict, Dictionary of data to convert to JSON and then sign.
+  Returns:
+    string, The JWT for the payload.
+  """
+  header = {'typ': 'JWT', 'alg': 'RS256'}
+  segments = [
+          _urlsafe_b64encode(_json_encode(header)),
+          _urlsafe_b64encode(_json_encode(payload)),
+  ]
+  signing_input = '.'.join(segments)
+  signature = signer.sign(signing_input)
+  segments.append(_urlsafe_b64encode(signature))
+  logging.debug(str(segments))
+  return '.'.join(segments)
+def verify_signed_jwt_with_certs(jwt, certs, audience):
+  """Verify a JWT against public certs.
+  See http://self-issued.info/docs/draft-jones-json-web-token.html.
+  Args:
+    jwt: string, A JWT.
+    certs: dict, Dictionary where values of public keys in PEM format.
+    audience: string, The audience, 'aud', that this JWT should contain. If
+      None then the JWT's 'aud' parameter is not verified.
+  Returns:
+    dict, The deserialized JSON payload in the JWT.
+  Raises:
+    AppIdentityError if any checks are failed.
+  """
+  segments = jwt.split('.')
+  if (len(segments) != 3):
+    raise AppIdentityError(
+      'Wrong number of segments in token: %s' % jwt)
+  signed = '%s.%s' % (segments[0], segments[1])
+  signature = _urlsafe_b64decode(segments[2])
+  # Parse token.
+  json_body = _urlsafe_b64decode(segments[1])
+  try:
+    parsed = simplejson.loads(json_body)
+  except:
+    raise AppIdentityError('Can\'t parse token: %s' % json_body)
+  # Check signature.
+  verified = False
+  for (keyname, pem) in certs.items():
+    verifier = Verifier.from_string(pem, True)
+    if (verifier.verify(signed, signature)):
+      verified = True
+      break
+  if not verified:
+    raise AppIdentityError('Invalid token signature: %s' % jwt)
+  # Check creation timestamp.
+  iat = parsed.get('iat')
+  if iat is None:
+    raise AppIdentityError('No iat field in token: %s' % json_body)
+  earliest = iat - CLOCK_SKEW_SECS
+  # Check expiration timestamp.
+  now = long(time.time())
+  exp = parsed.get('exp')
+  if exp is None:
+    raise AppIdentityError('No exp field in token: %s' % json_body)
+  if exp >= now + MAX_TOKEN_LIFETIME_SECS:
+    raise AppIdentityError(
+      'exp field too far in future: %s' % json_body)
+  latest = exp + CLOCK_SKEW_SECS
+  if now < earliest:
+    raise AppIdentityError('Token used too early, %d < %d: %s' %
+      (now, earliest, json_body))
+  if now > latest:
+    raise AppIdentityError('Token used too late, %d > %d: %s' %
+      (now, latest, json_body))
+  # Check audience.
+  if audience is not None:
+    aud = parsed.get('aud')
+    if aud is None:
+      raise AppIdentityError('No aud field in token: %s' % json_body)
+    if aud != audience:
+      raise AppIdentityError('Wrong recipient, %s != %s: %s' %
+          (aud, audience, json_body))
+  return parsed

data/packages/gcutil-1.7.1/lib/google_api_python_client/oauth2client/django_orm.py ADDED Viewed

@@ -0,0 +1,124 @@
+# Copyright (C) 2010 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""OAuth 2.0 utilities for Django.
+Utilities for using OAuth 2.0 in conjunction with
+the Django datastore.
+"""
+import oauth2client
+import base64
+import pickle
+from django.db import models
+from oauth2client.client import Storage as BaseStorage
+class CredentialsField(models.Field):
+  __metaclass__ = models.SubfieldBase
+  def get_internal_type(self):
+    return "TextField"
+  def to_python(self, value):
+    if value is None:
+      return None
+    if isinstance(value, oauth2client.client.Credentials):
+      return value
+    return pickle.loads(base64.b64decode(value))
+  def get_db_prep_value(self, value, connection, prepared=False):
+    if value is None:
+      return None
+    return base64.b64encode(pickle.dumps(value))
+class FlowField(models.Field):
+  __metaclass__ = models.SubfieldBase
+  def get_internal_type(self):
+    return "TextField"
+  def to_python(self, value):
+    if value is None:
+      return None
+    if isinstance(value, oauth2client.client.Flow):
+      return value
+    return pickle.loads(base64.b64decode(value))
+  def get_db_prep_value(self, value, connection, prepared=False):
+    if value is None:
+      return None
+    return base64.b64encode(pickle.dumps(value))
+class Storage(BaseStorage):
+  """Store and retrieve a single credential to and from
+  the datastore.
+  This Storage helper presumes the Credentials
+  have been stored as a CredenialsField
+  on a db model class.
+  """
+  def __init__(self, model_class, key_name, key_value, property_name):
+    """Constructor for Storage.
+    Args:
+      model: db.Model, model class
+      key_name: string, key name for the entity that has the credentials
+      key_value: string, key value for the entity that has the credentials
+      property_name: string, name of the property that is an CredentialsProperty
+    """
+    self.model_class = model_class
+    self.key_name = key_name
+    self.key_value = key_value
+    self.property_name = property_name
+  def locked_get(self):
+    """Retrieve Credential from datastore.
+    Returns:
+      oauth2client.Credentials
+    """
+    credential = None
+    query = {self.key_name: self.key_value}
+    entities = self.model_class.objects.filter(**query)
+    if len(entities) > 0:
+      credential = getattr(entities[0], self.property_name)
+      if credential and hasattr(credential, 'set_store'):
+        credential.set_store(self)
+    return credential
+  def locked_put(self, credentials):
+    """Write a Credentials to the datastore.
+    Args:
+      credentials: Credentials, the credentials to store.
+    """
+    args = {self.key_name: self.key_value}
+    entity = self.model_class(**args)
+    setattr(entity, self.property_name, credentials)
+    entity.save()
+  def locked_delete(self):
+    """Delete Credentials from the datastore."""
+    query = {self.key_name: self.key_value}
+    entities = self.model_class.objects.filter(**query).delete()