RubyGems - googlecloud - Versions diffs - 0.0.2 → 0.0.4 - Mend

googlecloud 0.0.2 → 0.0.4

Files changed (118) hide show

data/packages/gcutil-1.7.1/lib/google_api_python_client/oauth2client/clientsecrets.py ADDED

@@ -0,0 +1,105 @@
+# Copyright (C) 2011 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Utilities for reading OAuth 2.0 client secret files.
+A client_secrets.json file contains all the information needed to interact with
+an OAuth 2.0 protected service.
+"""
+from anyjson import simplejson
+# Properties that make a client_secrets.json file valid.
+TYPE_WEB = 'web'
+TYPE_INSTALLED = 'installed'
+VALID_CLIENT = {
+    TYPE_WEB: {
+        'required': [
+            'client_id',
+            'client_secret',
+            'redirect_uris',
+            'auth_uri',
+            'token_uri'],
+        'string': [
+            'client_id',
+            'client_secret'
+            ]
+        },
+    TYPE_INSTALLED: {
+        'required': [
+            'client_id',
+            'client_secret',
+            'redirect_uris',
+            'auth_uri',
+            'token_uri'],
+        'string': [
+            'client_id',
+            'client_secret'
+            ]
+      }
+    }
+class Error(Exception):
+  """Base error for this module."""
+  pass
+class InvalidClientSecretsError(Error):
+  """Format of ClientSecrets file is invalid."""
+  pass
+def _validate_clientsecrets(obj):
+  if obj is None or len(obj) != 1:
+    raise InvalidClientSecretsError('Invalid file format.')
+  client_type = obj.keys()[0]
+  if client_type not in VALID_CLIENT.keys():
+    raise InvalidClientSecretsError('Unknown client type: %s.' % client_type)
+  client_info = obj[client_type]
+  for prop_name in VALID_CLIENT[client_type]['required']:
+    if prop_name not in client_info:
+      raise InvalidClientSecretsError(
+        'Missing property "%s" in a client type of "%s".' % (prop_name,
+                                                           client_type))
+  for prop_name in VALID_CLIENT[client_type]['string']:
+    if client_info[prop_name].startswith('[['):
+      raise InvalidClientSecretsError(
+        'Property "%s" is not configured.' % prop_name)
+  return client_type, client_info
+def load(fp):
+  obj = simplejson.load(fp)
+  return _validate_clientsecrets(obj)
+def loads(s):
+  obj = simplejson.loads(s)
+  return _validate_clientsecrets(obj)
+def loadfile(filename):
+  try:
+    fp = file(filename, 'r')
+    try:
+      obj = simplejson.load(fp)
+    finally:
+      fp.close()
+  except IOError:
+    raise InvalidClientSecretsError('File not found: "%s"' % filename)
+  return _validate_clientsecrets(obj)

data/packages/gcutil-1.7.1/lib/google_api_python_client/oauth2client/crypt.py ADDED

@@ -0,0 +1,244 @@
+#!/usr/bin/python2.4
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2011 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import base64
+import hashlib
+import logging
+import time
+from OpenSSL import crypto
+from anyjson import simplejson
+CLOCK_SKEW_SECS = 300  # 5 minutes in seconds
+AUTH_TOKEN_LIFETIME_SECS = 300  # 5 minutes in seconds
+MAX_TOKEN_LIFETIME_SECS = 86400  # 1 day in seconds
+class AppIdentityError(Exception):
+  pass
+class Verifier(object):
+  """Verifies the signature on a message."""
+  def __init__(self, pubkey):
+    """Constructor.
+    Args:
+      pubkey, OpenSSL.crypto.PKey, The public key to verify with.
+    """
+    self._pubkey = pubkey
+  def verify(self, message, signature):
+    """Verifies a message against a signature.
+    Args:
+      message: string, The message to verify.
+      signature: string, The signature on the message.
+    Returns:
+      True if message was singed by the private key associated with the public
+      key that this object was constructed with.
+    """
+    try:
+      crypto.verify(self._pubkey, signature, message, 'sha256')
+      return True
+    except:
+      return False
+  @staticmethod
+  def from_string(key_pem, is_x509_cert):
+    """Construct a Verified instance from a string.
+    Args:
+      key_pem: string, public key in PEM format.
+      is_x509_cert: bool, True if key_pem is an X509 cert, otherwise it is
+        expected to be an RSA key in PEM format.
+    Returns:
+      Verifier instance.
+    Raises:
+      OpenSSL.crypto.Error if the key_pem can't be parsed.
+    """
+    if is_x509_cert:
+      pubkey = crypto.load_certificate(crypto.FILETYPE_PEM, key_pem)
+    else:
+      pubkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key_pem)
+    return Verifier(pubkey)
+class Signer(object):
+  """Signs messages with a private key."""
+  def __init__(self, pkey):
+    """Constructor.
+    Args:
+      pkey, OpenSSL.crypto.PKey, The private key to sign with.
+    """
+    self._key = pkey
+  def sign(self, message):
+    """Signs a message.
+    Args:
+      message: string, Message to be signed.
+    Returns:
+      string, The signature of the message for the given key.
+    """
+    return crypto.sign(self._key, message, 'sha256')
+  @staticmethod
+  def from_string(key, password='notasecret'):
+    """Construct a Signer instance from a string.
+    Args:
+      key: string, private key in P12 format.
+      password: string, password for the private key file.
+    Returns:
+      Signer instance.
+    Raises:
+      OpenSSL.crypto.Error if the key can't be parsed.
+    """
+    pkey = crypto.load_pkcs12(key, password).get_privatekey()
+    return Signer(pkey)
+def _urlsafe_b64encode(raw_bytes):
+  return base64.urlsafe_b64encode(raw_bytes).rstrip('=')
+def _urlsafe_b64decode(b64string):
+  # Guard against unicode strings, which base64 can't handle.
+  b64string = b64string.encode('ascii')
+  padded = b64string + '=' * (4 - len(b64string) % 4)
+  return base64.urlsafe_b64decode(padded)
+def _json_encode(data):
+  return simplejson.dumps(data, separators = (',', ':'))
+def make_signed_jwt(signer, payload):
+  """Make a signed JWT.
+  See http://self-issued.info/docs/draft-jones-json-web-token.html.
+  Args:
+    signer: crypt.Signer, Cryptographic signer.
+    payload: dict, Dictionary of data to convert to JSON and then sign.
+  Returns:
+    string, The JWT for the payload.
+  """
+  header = {'typ': 'JWT', 'alg': 'RS256'}
+  segments = [
+          _urlsafe_b64encode(_json_encode(header)),
+          _urlsafe_b64encode(_json_encode(payload)),
+  ]
+  signing_input = '.'.join(segments)
+  signature = signer.sign(signing_input)
+  segments.append(_urlsafe_b64encode(signature))
+  logging.debug(str(segments))
+  return '.'.join(segments)
+def verify_signed_jwt_with_certs(jwt, certs, audience):
+  """Verify a JWT against public certs.
+  See http://self-issued.info/docs/draft-jones-json-web-token.html.
+  Args:
+    jwt: string, A JWT.
+    certs: dict, Dictionary where values of public keys in PEM format.
+    audience: string, The audience, 'aud', that this JWT should contain. If
+      None then the JWT's 'aud' parameter is not verified.
+  Returns:
+    dict, The deserialized JSON payload in the JWT.
+  Raises:
+    AppIdentityError if any checks are failed.
+  """
+  segments = jwt.split('.')
+  if (len(segments) != 3):
+    raise AppIdentityError(
+      'Wrong number of segments in token: %s' % jwt)
+  signed = '%s.%s' % (segments[0], segments[1])
+  signature = _urlsafe_b64decode(segments[2])
+  # Parse token.
+  json_body = _urlsafe_b64decode(segments[1])
+  try:
+    parsed = simplejson.loads(json_body)
+  except:
+    raise AppIdentityError('Can\'t parse token: %s' % json_body)
+  # Check signature.
+  verified = False
+  for (keyname, pem) in certs.items():
+    verifier = Verifier.from_string(pem, True)
+    if (verifier.verify(signed, signature)):
+      verified = True
+      break
+  if not verified:
+    raise AppIdentityError('Invalid token signature: %s' % jwt)
+  # Check creation timestamp.
+  iat = parsed.get('iat')
+  if iat is None:
+    raise AppIdentityError('No iat field in token: %s' % json_body)
+  earliest = iat - CLOCK_SKEW_SECS
+  # Check expiration timestamp.
+  now = long(time.time())
+  exp = parsed.get('exp')
+  if exp is None:
+    raise AppIdentityError('No exp field in token: %s' % json_body)
+  if exp >= now + MAX_TOKEN_LIFETIME_SECS:
+    raise AppIdentityError(
+      'exp field too far in future: %s' % json_body)
+  latest = exp + CLOCK_SKEW_SECS
+  if now < earliest:
+    raise AppIdentityError('Token used too early, %d < %d: %s' %
+      (now, earliest, json_body))
+  if now > latest:
+    raise AppIdentityError('Token used too late, %d > %d: %s' %
+      (now, latest, json_body))
+  # Check audience.
+  if audience is not None:
+    aud = parsed.get('aud')
+    if aud is None:
+      raise AppIdentityError('No aud field in token: %s' % json_body)
+    if aud != audience:
+      raise AppIdentityError('Wrong recipient, %s != %s: %s' %
+          (aud, audience, json_body))
+  return parsed

data/packages/gcutil-1.7.1/lib/google_api_python_client/oauth2client/django_orm.py ADDED

@@ -0,0 +1,124 @@
+# Copyright (C) 2010 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""OAuth 2.0 utilities for Django.
+Utilities for using OAuth 2.0 in conjunction with
+the Django datastore.
+"""
+import oauth2client
+import base64
+import pickle
+from django.db import models
+from oauth2client.client import Storage as BaseStorage
+class CredentialsField(models.Field):
+  __metaclass__ = models.SubfieldBase
+  def get_internal_type(self):
+    return "TextField"
+  def to_python(self, value):
+    if value is None:
+      return None
+    if isinstance(value, oauth2client.client.Credentials):
+      return value
+    return pickle.loads(base64.b64decode(value))
+  def get_db_prep_value(self, value, connection, prepared=False):
+    if value is None:
+      return None
+    return base64.b64encode(pickle.dumps(value))
+class FlowField(models.Field):
+  __metaclass__ = models.SubfieldBase
+  def get_internal_type(self):
+    return "TextField"
+  def to_python(self, value):
+    if value is None:
+      return None
+    if isinstance(value, oauth2client.client.Flow):
+      return value
+    return pickle.loads(base64.b64decode(value))
+  def get_db_prep_value(self, value, connection, prepared=False):
+    if value is None:
+      return None
+    return base64.b64encode(pickle.dumps(value))
+class Storage(BaseStorage):
+  """Store and retrieve a single credential to and from
+  the datastore.
+  This Storage helper presumes the Credentials
+  have been stored as a CredenialsField
+  on a db model class.
+  """
+  def __init__(self, model_class, key_name, key_value, property_name):
+    """Constructor for Storage.
+    Args:
+      model: db.Model, model class
+      key_name: string, key name for the entity that has the credentials
+      key_value: string, key value for the entity that has the credentials
+      property_name: string, name of the property that is an CredentialsProperty
+    """
+    self.model_class = model_class
+    self.key_name = key_name
+    self.key_value = key_value
+    self.property_name = property_name
+  def locked_get(self):
+    """Retrieve Credential from datastore.
+    Returns:
+      oauth2client.Credentials
+    """
+    credential = None
+    query = {self.key_name: self.key_value}
+    entities = self.model_class.objects.filter(**query)
+    if len(entities) > 0:
+      credential = getattr(entities[0], self.property_name)
+      if credential and hasattr(credential, 'set_store'):
+        credential.set_store(self)
+    return credential
+  def locked_put(self, credentials):
+    """Write a Credentials to the datastore.
+    Args:
+      credentials: Credentials, the credentials to store.
+    """
+    args = {self.key_name: self.key_value}
+    entity = self.model_class(**args)
+    setattr(entity, self.property_name, credentials)
+    entity.save()
+  def locked_delete(self):
+    """Delete Credentials from the datastore."""
+    query = {self.key_name: self.key_value}
+    entities = self.model_class.objects.filter(**query).delete()