Merge PyCryptoSignedJwtAssertionCredentials into oauth2client

[GoogleCodeExporter]

Hello,

This request is related to #133 -- but I do consider this a slightly different 
ball of wax.

I'm the author of PyCryptoSignedJwtAssertionCredentials hosted here:
https://github.com/richieforeman/google-api-python-client-pycryptojwt

I'm currently using this code in my local environment, and on production 
AppEngine (This code helped advocate PyCrypto 2.6 support in AppEngine).

I'd love to see my code merged in for use in the core.  There's a bit of 
duplication between my code and oauth2client.crypt as that module expects 
openssl to even successfully import.  There's a lot of ways to go about this 
(perhaps preferring OpenSSL, and falling back to PyCrypto?).

However, my module does not work on the development sandbox server for 
AppEngine, due to this bug:
http://code.google.com/p/googleappengine/issues/detail?id=7998

Thanks,
Richie Foreman

Original issue reported on code.google.com by richie.f...@gmail.com on 25 Aug 2012 at 9:38

[GoogleCodeExporter]

Thanks for the contribution! Have you signed the CLA? 
http://code.google.com/p/google-api-python-client/wiki/BecomingAContributor

There are two issues I can see, the first being the dev_appserver as you 
mentioned. The second being all steps with the openssl command line tool you 
have to go through to convert the pkcs12 file into a pem file. Let's wait on 
this at least until 7998 is resolved.

Original comment by jcgregorio@google.com on 5 Sep 2012 at 12:53

• Changed state: Accepted
• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

Hello,

I finally got a breather to tinker with this and have put up a very simple 
sample site.  I can verify that my code works in both dev_appserver.py and 
production:
https://pycrypt.appspot.com/

Now that this works, I think there's certainly a few options as far as how to 
merge this in.  I've got a few ideas, but I certainly want to align this with 
your direction.  There's a fair amount of duplication in my code regarding 
Base64 and JWT creation/verification.

Original comment by richie.f...@gmail.com on 6 Nov 2012 at 12:27

[GoogleCodeExporter]

Yeah, now that 7998 is fixed we can start moving forward on this. With respect 
to choosing between openssl and PyCrypto, I'd like to have minimal changes to 
the external interface of the library, so import openssl, and if that fails 
import PyCrypto. I'd optimally like the private_key parameter to the 
SignedJwtAssertionCredentials constructor be allowed to be either a PEM or a 
PKCS12 file. It should be possible to distinguish between the two by inspecting 
the bytes passed in. Once the type of file is determined use either openssl or 
PyCrypto to do the work. The only time this would be a problem is when the user 
passes in a PKCS12 file and on PyCrypto is available, at which point it would 
become a runtime error.

http://google-api-python-client.googlecode.com/hg/docs/epy/oauth2client.client.S
ignedJwtAssertionCredentials-class.html#__init__

Original comment by jcgregorio@google.com on 6 Nov 2012 at 4:27

[GoogleCodeExporter]

FTR, I looked at our records, and yes, Richie has signed the CLA.

Original comment by nherr...@google.com on 18 Dec 2012 at 6:59

[GoogleCodeExporter]

PEM support added in 
https://code.google.com/p/google-api-python-client/source/detail?r=b4888423b1d3b
890ed8300469232f8a3ed133bf6

Original comment by jcgregorio@google.com on 24 Jan 2013 at 8:56

• Changed state: Closed