Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.11/site-packages/google/auth/crypt/__init__.py: 65%

Shortcuts on this page

r m x   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

23 statements  

1# Copyright 2016 Google LLC 

2# 

3# Licensed under the Apache License, Version 2.0 (the "License"); 

4# you may not use this file except in compliance with the License. 

5# You may obtain a copy of the License at 

6# 

7# http://www.apache.org/licenses/LICENSE-2.0 

8# 

9# Unless required by applicable law or agreed to in writing, software 

10# distributed under the License is distributed on an "AS IS" BASIS, 

11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 

12# See the License for the specific language governing permissions and 

13# limitations under the License. 

14 

15"""Cryptography helpers for verifying and signing messages. 

16 

17The simplest way to verify signatures is using :func:`verify_signature`:: 

18 

19 cert = open('certs.pem').read() 

20 valid = crypt.verify_signature(message, signature, cert) 

21 

22If you're going to verify many messages with the same certificate, you can use 

23:class:`RSAVerifier`:: 

24 

25 cert = open('certs.pem').read() 

26 verifier = crypt.RSAVerifier.from_string(cert) 

27 valid = verifier.verify(message, signature) 

28 

29To sign messages use :class:`RSASigner` with a private key:: 

30 

31 private_key = open('private_key.pem').read() 

32 signer = crypt.RSASigner.from_string(private_key) 

33 signature = signer.sign(message) 

34 

35The code above also works for :class:`ES256Signer` and :class:`ES256Verifier`. 

36Note that these two classes are only available if your `cryptography` dependency 

37version is at least 1.4.0. 

38""" 

39 

40from google.auth.crypt import base 

41from google.auth.crypt import es 

42from google.auth.crypt import es256 

43from google.auth.crypt import rsa 

44 

45EsSigner = es.EsSigner 

46EsVerifier = es.EsVerifier 

47ES256Signer = es256.ES256Signer 

48ES256Verifier = es256.ES256Verifier 

49 

50 

51# Aliases to maintain the v1.0.0 interface, as the crypt module was split 

52# into submodules. 

53Signer = base.Signer 

54Verifier = base.Verifier 

55RSASigner = rsa.RSASigner 

56RSAVerifier = rsa.RSAVerifier 

57 

58 

59def verify_signature(message, signature, certs, verifier_cls=rsa.RSAVerifier): 

60 """Verify an RSA or ECDSA cryptographic signature. 

61 

62 Checks that the provided ``signature`` was generated from ``bytes`` using 

63 the private key associated with the ``cert``. 

64 

65 Args: 

66 message (Union[str, bytes]): The plaintext message. 

67 signature (Union[str, bytes]): The cryptographic signature to check. 

68 certs (Union[Sequence, str, bytes]): The certificate or certificates 

69 to use to check the signature. 

70 verifier_cls (Optional[~google.auth.crypt.base.Signer]): Which verifier 

71 class to use for verification. This can be used to select different 

72 algorithms, such as RSA or ECDSA. Default value is :class:`RSAVerifier`. 

73 

74 Returns: 

75 bool: True if the signature is valid, otherwise False. 

76 """ 

77 if isinstance(certs, (str, bytes)): 

78 certs = [certs] 

79 

80 for cert in certs: 

81 verifier = verifier_cls.from_string(cert) 

82 if verifier.verify(message, signature): 

83 return True 

84 return False 

85 

86 

87__all__ = [ 

88 "EsSigner", 

89 "EsVerifier", 

90 "ES256Signer", 

91 "ES256Verifier", 

92 "RSASigner", 

93 "RSAVerifier", 

94 "Signer", 

95 "Verifier", 

96]