From 6cd0577b66686c82c34ffa2ed228e5c11596b338 Mon Sep 17 00:00:00 2001 From: Andrew Gorcester Date: Thu, 5 Oct 2023 11:16:19 -0700 Subject: [PATCH 1/4] fix: Serialize RSASigner key on __getstate__ for pickling --- google/auth/crypt/_cryptography_rsa.py | 15 +++++++++++++++ tests/crypt/test__cryptography_rsa.py | 15 +++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/google/auth/crypt/_cryptography_rsa.py b/google/auth/crypt/_cryptography_rsa.py index 4f2d61166..f2ced73d0 100644 --- a/google/auth/crypt/_cryptography_rsa.py +++ b/google/auth/crypt/_cryptography_rsa.py @@ -134,3 +134,18 @@ def from_string(cls, key, key_id=None): key, password=None, backend=_BACKEND ) return cls(private_key, key_id=key_id) + + def __getstate__(self): + """Pickle helper that serializes the _key attribute.""" + state = self.__dict__.copy() + state['_key'] = self._key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.NoEncryption() + ) + return state + + def __setstate__(self, state): + """Pickle helper that deserializes the _key attribute.""" + state['_key'] = serialization.load_pem_private_key(state['_key'], None) + self.__dict__.update(state) diff --git a/tests/crypt/test__cryptography_rsa.py b/tests/crypt/test__cryptography_rsa.py index 99d8fc37c..1199f8d1b 100644 --- a/tests/crypt/test__cryptography_rsa.py +++ b/tests/crypt/test__cryptography_rsa.py @@ -14,6 +14,7 @@ import json import os +import pickle from cryptography.hazmat.primitives.asymmetric import rsa import pytest # type: ignore @@ -159,3 +160,17 @@ def test_from_service_account_file(self): assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID] assert isinstance(signer._key, rsa.RSAPrivateKey) + + def test_pickle(self): + signer = _cryptography_rsa.RSASigner.from_service_account_file( + SERVICE_ACCOUNT_JSON_FILE + ) + + assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID] + assert isinstance(signer._key, rsa.RSAPrivateKey) + + pickled_signer = pickle.dumps(signer) + signer = pickle.loads(pickled_signer) + + assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID] + assert isinstance(signer._key, rsa.RSAPrivateKey) From c7239d2826e97f377b453ce6ced1cc65a3a2f38c Mon Sep 17 00:00:00 2001 From: Carl Lundin Date: Thu, 5 Oct 2023 11:19:59 -0700 Subject: [PATCH 2/4] chore: Refresh system test creds. --- system_tests/secrets.tar.enc | Bin 10324 -> 10324 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc index cae671c34fccbd1f7b67ad25e1883fb4b733ca0f..1e35ceb608aa3ca17b8d212e889573d579769066 100644 GIT binary patch literal 10324 zcmV-aD67{BB>?tKRTHq`zgcOy!rRdfB0$@F+&g!Oh^Io=QA$<+YvQ1v0@xC&Pyp}n zz;77Qbxx+#Rh)sKsG`&ZvfnZS|0lJ{$Mt4y24Im^zltD}_8$O4ob~3e1lD1e%!26W z?6?}?Vm)hlBHNOs@-h7D&F8>cn_E zjA@NV8E{Ee3Ty2XFKLQVNf{1HiRyk~$xi-Psr_^%B?Z9`{z>L_8S6#2jF6sr=`=lB zj6R14m6kcj#^w8@f%2M4ib8ZNy~v~kmIn>>Q@okhs7WKEMe7noZ5rv(hNVa- zSr(&l7gA$G#j*7s4ssM@}7iN}IPHzxyIJAU4+>5^s)Zv>Dlm*5(&a zd9nYR8v|GOutfN>{xcCj$4Ke#YmnlmE^v~ zmh|cVAc#=Gjk*9uU|Es^2j<2MNYo+g3xLV!JPJNCKU6RLXR&F~+YfoqC1VOh zyARnrtVsD|VO-UI=7Ul=MLg-QsvCePXnVK6rVrhbL&y=iu&ZFg5*4${&Drr7j;0htsI3B)iOLaZ2VPJ>W{?`NUi<7)9W@+aQD&}BE7Yf zA+Tftn!l7${fwq&_^L1uDC18wA?eNT3qY3?$X;b7LQ4*(``k|hKGfR7{Zv0sE=-> zcKfYZ98z%-bMs;@hNcdb5g3H$sYNALu?<nu~ zgu~$!uH_=yhY%ToM4_@&1b3KT`W_C}`U3$GIr_V-TGA0uxM9WUImFr?(I4zLF5}C) z(@OU~E-S7fJoqz3hD{?^q1C%FUPa&TdZ0*WHWFGBt=et*&XQd2+e*<4n*v1GcE+uq zP}1!mzQS?@HRtX4RYB$)X4~Wnai#OGYdyw*vurOhnzMvE5_0etdL!nbdFJ$D@1j`~ zLdGwrSefJswMd@md@==M@TaVF=n%m+~p+{zp;5&(B(h4_X-IQAU+37yK z;j)hX!zEmaTStWSxL>E#Yc{zXEVKI(jBp8p=t5-h@ESu$)+J|GsA7b`M89qdslUB$ zK8LDeELD{}$g8+9AwD^vDIt z)%gq$N7wd8%ZbzS;h&ZJS@8vhao_=-Z24;Ab=v%r9o$r+>3{e5&N_7iDH$qP%p`Fe zV)+)Z=zmfG@g~VZgw+jr3yp%~5?epWx3`%YtXSYRFMJCmnA-!6@4t9S1-!1U2$zJqhlV zkj)COJ7$ZuL>BqF$=!xL9$Tl@_6dRumB(|4%L*gVqGzAxbZw&h07e_+k-JiOT{N4T zr$ks?|9j2D2+36a>cW>GQ-Ch{Ifm`x;9g??2~i8?ot?fZc|9p6P(usn-y2xd!hAkr zEJq7ES^BZR7RMUm(n*)gsF%#HOBWsbFW_b8W0$Hmqh@6>MiNoU4lwCF zx)F5*1{z&f6Ziah`;a28hPKg2$jc=lfA*EV|HAadK7Lc-!Uz zts3VG6ZByAVzstQjwiuF_?afIIKkln7bto$Dr@TA$Z-I*{=J^%;HE8|;7M6KOA})= z8LhQwLt8Mo@phVF3ri7*Zvc-$efxyi{~NUw71WDpt-<5~E()f|ZGg)&!N$!}-|8mD zyyzuu@aQmKY4PWdb1-X*;-@DN>yfb@WLX6957C-7p?*&--$-nV74_GshI(P%3@lsd z8^{1Syi1tfGb;JVTH%dW41((5GZTk)zfbe@5@0IUq_Hj_bpjrCDa?Gsu;VIV6pVC^ z?4Yrc{Ikc;s@lhY)=Yw-*%*=lx0~u9e$2`&WryjR>h3JM4}S!6Xfb7SH#+gu&Ob!-R92M=3aLzxT$a)I?_nh5Wgc=sszm*;)S_wKs zQaWMH)9U!{^Wl{X7BQ(=ZCJS8zF!vn&I)jydYcYx!2sypctx7pb{m(jqvX z4k*!b4HwbO55$*hG61!opNiwzNg$`USLGgn^q^|T;K>lJS3{c1a8Qsbr6fU%CJ@|@WrdR~DhA5Z}cm>o0^=(GF5 zDWk8rxQe~Y!G>Vyi##I_(C|8*Wed8$ES?@R#efr z2ZkU2Rqt#pBhH>%a;`8jj&$bcTT*6;*bG=X4oV(5h9bVrr%jU3MX!W}^9HtVHMJk# zh!)D!EyCXgFl8R+BswU@ z71@Xg!Nu3Bpo~&cQ4K?fILCYTN`f$~62QR4fIDGAX*pWxmWrXv?OPT^!i&Wm{M5xk zM%*b6Ol3ui&~njqz_BsMykmzkZ|5jVq~P}ENJK>6k6@@?q>=vU>Yq#@GF&x=E7&Wq z@3jbb(@v(*?V^c^f^f2$Q-$1=h%ppEWPOL80^A;DV+uZ3s0-0Ee-Sfr3P9O9rIKLR zS{;pFJsW7-y#ty-zHQKf9C70@@oVT%t!0mnSJ!0ku!bGSJeAKSMLp1s!G`RJW7yw^ zFz`CQMh*YF$TR&*S!BjK$|4e*DtE%m^THX)!G& z)qWBe&Yu-xXN)}TAtxpssHU_Pw4Araiu7#KgkIQX1AvpBywAO+bybqzN9AZ!VZvd# zodbhg+;QI;eki=f*2Qt={lbY9dt_7P}b}3A>ya4t*Kx-vMgW*B<=BlblK{*)=%X& zRxu{g%!l%P><{{$ep=dE0TS{2!Gi#uFCkLx$uHCQ*7F620|Z7~t40E-l*1!_N%lOa zsO@*g5W$~6*ps`CE(?G@^nnXu#4TEb&qz=gPmrzyi2XPSh&0_eJF2j}IrlM52xx-3 zriGkZI3vcMbo^Nl*ZEspnGoh3sit{{H!CXrl)kL+NwbdX&sYVXAvrU}{s%4=$|%N_*=`se^mcUW{iPa+JK7s@NDgM0}nG;|cJSwcf9ut33VyQS{XGp&1| zCnOI+-&o9Ib-kTRPXK)ZHjS-nlD8BT)Xax#JeA`9{sLXGF9^`MN=}*u!7&fK1_r&40`dy*r$z82*+mFXd> z2|&gNg`*5U>4@IU>m!4Q=P-f4e$zBT1*Jx3E|RvlWf(-`j;LAgugkGWku-))?T@g5 zZ%^rCb~s0rsg~0Q*`W1mCMqShFC{TA{@Fj28d1>xJU+f+4el5Rjat z$6ukVYA9h5M(L0)s`ljhH%0IUl;{aG$~_$lN>71`2jEq^VY97T{1l)FAtuFx11#1R=KK z?PVcU{{N5peq+^nJ8RdZO;6Pd;FVzYgVWA9STV? zvy+s;X2@0p=d8d+#)8X5i93C#mNezwjfMa+o21cRjaaS6r@t$gdH4}wTCh%7mBFxH zSGXkJ?)P5}zVp^uSLzLJ6C|3i4J}_rTV)SmMLQ8a11Oxp{PKJLGG402-(T4NOIfNl z^HK_vHWqx-bM;Y6Q7sLH2FbcS%2LCo@*Dyd?_C$xYbYn68v!06LqXB3h*N_{Vho!T zZpi$w$-LJIfL?H<^4I^px1cDs-))3;1J=0aK$uY>+kC^QT@+ZRjymGD2AM~}=aXM6 z(bkn|X>gy3@%|8Dl-Z^FsroJkv$Uv+oaq12GOejc446uX@Q(xCosYgJe;c;GNShyH z1Qd8HYV>k^Cj+7!+S(YmtorfDA)EO;cpznQ0Hp^WLSuL$FX^Na$88ItwlQ`@=TBwS zK^>(*$t;Xrf_NDKz2n8|HzdOKBM)YC)sQ<~L{TKK!ugc5c!D*}A7< z!H#WTfZ2tJW@dszFvho&x>MejyoeC*4@^>E?p{C}62cz0s-t*P^0BE8Z|K2&|1ud3bscL$)R9cc_j!f9siHKsKvvtUn1Dpa_DFxnwa*Nfa|{Uug}9~ z{KEo^?QeFKskPE&L8bn)8Ut1hDn(-5sNVX!Yp;lx(<2gpk9eM>xcI|J?!aOwk)c+& z<|++A66F_WrAmCI&9p@dW2B0Le$l@2DQ~Cr*sC-kBB**zV{f*dx5J?tBFjRe?p{( z?NU*YkhK~U5E$2KAzlkOu+Gp?r}ih#XxEOr&TH&iS%B>)vu=U{ToQ-Mc(`L^kAL+{ z1~NR-`=L1YI*z8kc-tolu93x)SerSs-JrX^40#kC&dA;=nH~^fm(p?nD-GF=(&iV0 zV2eEgJQ3addUAvTvxkB|dgt~@yk-;OZNK9apAuLFKEEEj&E|X)IlkBRXdYD(2W088 zAGY9p26P>uhpGnk*TLY6+B?sYpKe6?)fe>DC}cK(*%UF?8euslZT8ETxLmY~r}Ss5!L;<6Vyr1E!W5-X(`~bXHC%0sK$^#b zuWzwoVu!H(R@q9+>GXdmT<0-8tys(_9UjK>J#M{KEG^Y9Lm zI6}$hFZo61%+f0IW22dY-Aa}t|;fC%9iBQ5(&~WH=xF- z@CleqXc*sVvLnOAOlf$A1mop$c_96FJx0-zL0xSh?*@YFxk;Trh$xW`m7x+#scyWQ zKqd42A68k#Lb9t5Q9ZO`oJUVW4u;5XdC*CWfFX_VmJ9#Ie_@3SeSvs{=+zp*cqZzf z3Ka3=zdJ@Ss4<3UrH3VNYP@SFN<=(!L_j!LRNG z$_r=;yGxe}7^Anoj>^6uu0ZBUkH9@3^!-7xCGn~2^Tq9OHlPZDGdII|vj4l*2uSN) zPS-rCQkp)Re;LYJwW2KyTlDyaWGp5&L!py{c5_C@X z1hOMQ4zfZ9woYzWm+0?g(En(~pt2M#!Q!e`U&-|J&=Vl7!+yxPM`pA#YK3AvXG_B? zYf-^z%*@?nw_r8CV(jN)m54BaAvlH=LYo27AsP7aF`cI<(}T0U>wCE*=Dbh%mK)R; zHZE~kgRZjtt^Y+Rf$i8lKwWPcb6D@th0iVy35|-tbiYDP%o_Q+Q_&SnITHu=E+b<=ntB z{~#aw>!9=SzMISbTIz*Ovf%i0^!_Cf0;wGk<`{SjWR<5Be{|&kf$`m}2s_q@A&@o> znKTp8@l~CZ4wcsY=-0`U-;Yi5M0mr^$-M+F(@qq&ghvxJK81%OHwT-d#<11sk8;HZ zQ92}@SU_*m0Sd4HHk)ipr{o)a-+^B(#3INCu<{ArKgEWR9hMtHD*!B>5+>}ztp$ae zgH`N#w8Uy;&GPXfkZi4)ZQr-okl=te$Yya15!rNGjgqVUwN+vp z71H&nEFOd2R<#Iy)amft(Q_VE&8g(d#Eh16?u$3#CDAET!)~;FOGT#87aDFsV-rDL z?Eqb`QOnFX;$79tW%I`A*fJ*H%+8^_o;w)8J|5#rC{!nrF7;hf5g3jPwa%cI-4!#_ zPh*00jesSiQi0qriMwZ~Gcj4;)Jh-`GtKI4UW$Veus7CnMReN_xSn{mHkyJwrFt!u z*K8@1O^-yCXOrS+9c*JS4-^F^c&gULK@qZA9CZPH5zML1=J?TN;QYfDfFE1B}mAjHa%QB+4b zZqJbRpN;7U^Ub5_y>O&K7;F~-srwuG_gC$wmB2(0R?29?qA>;Zu@d(>yMqJbBjbDtC%52p$a8u+jnK zouMAvCO69U7`KEf{P?AwQznC6)>FEkv)(3of$XmKeBlq$xpCWi^h&HUQ2M+k62?=t<#pa_)c{E zs5%DZHe7LdhCh+dO8px82d0aa5S#(SQdwchov1BITKWx*)_G1gl@?y@0xZ?``S5bP z%Pck8Cz~)Y@;|Qk_x}mw$a#w+C0#_ke9Hd$k|ySv)EPs@dJ@5V%}8_0bt8eN`UBMb{L%*Bqk>I=o|E7fF))DPK%u zxoA@_Y%q}ZNxH+RFjsl1%u%=_^j>L!DM10j!qB!B)uT6J_(Gb6hAl^@@_=>xp7gJI z7-7mO+u?@aBpNpju|4I-(16Ng`MP(0E?2P8N04$vuQWh?;Z_UV!}jlf`ucEUJFhDQ z+a(=%npSdI_`gL$Of2vVyEx)=s7RLyWLUXYr=a4E0dheOGmDNAF-u^_97ye2kTHEe zvx0Wz5;gj&PGi~O81YrewlzT+Df(vrQ- zh_6wClXAk-xkN&u*QW%m&# zXrMF%H4pd@>gg_>gqpsc8uT-#%hp+*UkWZP@)D602Zn%WZ>vV9`%ixqb0-YSI3PY6 zSJX&VvoDMw5)v>csrKug&gXzy;qeV5g}%gvbtC6Z6P(d;qvwn`yA zPfOwP{0S~_a!r%}=D(}HdS4!XqU&0_0{`k#RM!ts>A3Q=nuX8~d+W0~2iI|*#3mQX zk6YkNDOe66sqPCa}blnxBh*n9B-ur3Y!C;@2x=sG`##7i(noR87-504c2bE3y;#vAK+K^7d{s&h z%$X+LjW7UXH0$1WtwW68C4+c-&9G&YO&+jC8T3Qam8un zAa8n^@x-tiRC&HZh$Vyu%NhX<8pM|U5&?svkL(wFl(wye=giA1I=|MR`tuoeV=vZJ zeJcx@UfT6RttZHoAuk15Z(hBh0b1mi85v>E(XA`LbXdQHzSE!C44u!O zq@bM(G_|SKs{|ggqrU!=Vfp;ho-yqPUxMtz_ata<(CfP)Hrm1V-AG!A8=LJ)MUN@h-Bpn{=?4{^VKSYZmb$q z^%uarhtn?%iFRuaAtBC@psoUf7_7+P)C#07=bhB?d(Z*4J~S;K9lw@Hq?)CZ{xu~g z1-Sw#hhrBZGPj!@Na};%e0M}^L20efLWLaT92#nR_QGQ<8ep-axY!^tgsJV#w$3xp zA@Ew4JLh*3>y)YQf+jp5?W3<9_w+P0f*>VSuFW!bRf{rGOWmDHAKHUj{i30xTwtF< zL!3p@g$R2MaSE4*$NCszC=tLRaOb;v>z@Dch5^dh-iJ)oyU#ZdhA`Su#(ehsoH`Ud zwZGd|9^nI$5qr%@7a13{eE(5JB7!pGSTru*2H(`>EX#SPh8o~HNpsIt;F>w4=F*#Q zld@y806sa%moqd^dMQ(&KrFgdX0lK$Hmxz2)kpN{o&uDw4=?(mLOTb>LOEJ%bqNK( z!hn_+e!(pQT2;hJ7mtj$z7y6BSqct|ZW#}bmWu=p#?mDTRvA^(?I|{s*4|ER6jtfN z9A=u_r1fA&(h32S08~IqWh97SllkN#&aL<;eG_S z=@N|?pu+LS`t{qSs!2qw|Ajwz1bmh%qq>5OoV*KlZSk<=yX#I_QcV^R1z%}i96Y2i zg~%to7Tw$#_>n20Vqw({g#iTZT;*Uulib0*q9U*lb7)sngcQl;3x{|gk!@RTb~S!Y zgt+rJLjQR_u|$-aqNDh))69!fpLMXOR1=+nGvLI~G1LY@Q67g*alDN0A*6AP-Rhtn z5h{8JIIS&ahCBb*86q}_w!eAdU~wj!>WV`c1ZXX2@|1WdNG+Z4GWWwJaGNi8PQl|m zI%ranf$&w;>#BhhaI73euyCuzP3Wd>E93tj_8?Rfbyt{t>$E+AU9U5ea0VR6+((kRh86V? zfOAOoBI0_uGmj+Fl>W?$4m+wNp}`J7&@Fj=+{Zpy+$lb?*?rm-efL#x9i|wU zG5KBC$eDdjh0YZ%1HsRxQP$45j)|)IM^43TKIu9JAF^zh$RIm;-zWtFPa8>!NkO4 m7T>=;9*Eh&a6lB|#tBy#fcI=?tKRTC^)^r71YjgZ&V2K{a#dZebYOTR7BFK7Wuy75;f*OL;ePyp}n zz;CgF*mH2m{fji*yYKb&iC>)g{k8h}3$L9i#i~}i3YlLPlO0deQTQx;N2M4)0#!{) z9H1-eqVE-75jjBpJ{OqLJiRY82j}AJVoOpsLge&kNVffw(I;u{8RR@t-W(DGr=~zR zYy_$~pYZYERZ5i%H?LZIyT`E$Xc z`s6^$hM_M` z>ukNdEgp3W8J%rMYVT=`2Sv2o_lBfIKx$zM_e0o)pE;6qnctRQj`8mC20ii-06+Jl z>hEj$+~J+(W1RhBXAu3@C1v{Q>$2FPvjT-MHxy^QiFa--ORR@;dK#{wf+`&>jR1Wp zf~c@)oLGtn#NCV;o0le>xAT>`k79oFYu;FzR*$UB(d*fEkvPR*0fkjzXMS4N&u)nD z%x26&~&v{hJKLc!UWXb)^|tI5Q#!cZ?`c_|2hQp2&LKVZsqlnH_=#Z zzj*X!M3($?3-|EvY}5EFoya~Iz+5eVr;u#j^Ey!`Jf))FAo^ZkzNqOQM*QW^UN0o# z)4NOu;!r*Qp%~EzLlwcTv;AuSi$|nQVL-C4sbQ(hS{5@R?sr zZM}12y8#$gB|1JpE$cVD-v?*t{f)rusVL4`M1}+5JfH0w@&l-{UJP6!`Z6vttwwg@EkHI}03>>s$7p#SB~Tg}9oR8ue)Z@qKyyCrg5XpvhrH~h)xDjx z&fUIa;#@MV?<#uK@MR21sBOB18hIU~j2* z-*mGZdgN7&lSXP|b9-U*T z2emv6AEma_{p3@lsF>%lFdSJKY@577(lBL~XWy^GW{%lN(Ci#~`&V5ww)ivD z)V==_+~^@0=DI$69?sz=TTuHQ5{u12d3U<>LTfb?m_(*FAYPSHxEj_Hu1LToubHP- z=IM>ut$95a$v!J*QKxUwAN9tY%H%pm?gEeV<}a%w`E1;@P=alkDHGW8$o}JJBB{@{ z1Wg1=X5I<|iI|eU z>I@t(ZdDGlLYrMphu%5w41+KY2r54^ZG%K@L9;P9s_jw`& z4wOEy2rc>iG)<+Q!EO76a+I}zLeSrwag^lqXQmu?zI8%sDCca(*+9akY46lmp|_T6 z;4!c&VIFw6d!x5r7YahR$3Lao>c0dNi7BGz1I^k5u&wk{mK=33>Vnu}2nD(47fiU(%et}5e+r&Tz9 zi9pS}fh&4LU!YbTsi7EM%~OsaOTqoF#|r(cQaMCL{MeU*F~dJGV9VO(yw{(UJe1w= zZ9v(jSZ-p_QNVMge%iAohxszdnc1nv3~LeZX_Not2O!fAn2!(g+rhHk1t=ye@i=`l zg%x|@vJ${fOg4OQ`i@JrO%UX{=JF$NRJ2H~7)2r~Hr?tf%_WjV6# zyTRiCFO-T>j4?%fp>;t+)vIXX*532j9tLJLztJz6*-}NeGbS52HLhGwKqFjQALQl! zA6tg1*#}_d4@6v7Iw92@Cw(-cMTduxx8Bj0vUzOmZ|Y%5uWOjO9Tsd0$^rOPoF)Q! zE8TGtlwaB8Wtbt2+T)MuLaGy@V?^=T2Md}o6ludQB{)zI@8f7^<%9yVf`+sJ^rk{8 z2}_g(^kc#Na-^dBmfHO9^yI7jIA>}u1Y^;YzUY(VST<6xAsZi0C{_T0>GkahoCwD( zyVgF?yUT|(h=f7I>~fpieQR_RtXgO*<1I;xw2D@Pajlt`RQ?a@TPXncN>hHmic##OX3m zt^jfCFRHgcwTwb)2|qV>2l)54IHuO?vX>2Nv^Mg2>?yN+gvq~EuA?Ibwt~`b9RfT< z>tSUU=l~i>s;cT6_4hbP$T*Zw{EWC}W~j{mH44d(14YilHw-Tw84lGtnXgr!&(Qe>Y;sbxwzDh(5scw74n>q_6Qa@gojnIvtYDw|Dy z;ygkmSo^Ri0(D0x_PA9hSsix#EZ>kOE?`7_3t#>x%PVsVs-eBu^D@0VhsVziMFyKg zO&xZI+e2WE{a5dcK(1Gr0`H#Ximv_p`d0#H`_a9pki+|FM(io-OtrrcJ z=#C1vN0i0y@d})1gA^r#Y*YDxIT5dVfBI|k(MIOj)Y>vA2(cJcx+0|X@-^kzdh|)O z^jvQiNk}ma{pS$!@bbb-em9<6>C=MBKTJRY`03*7os!Gwt5&FH^|!*xnVdr$?8-Yy zril9UWR|6tNAhwjM-91uBh87o@wxM#%D>*ciO`It1SK%sY3Jps+Ru`rF zWwF?RbMwJfITfsCciU)e^>`pf|D@|h#o}8PwUhcrN*?0$KRv-$Sa4>9oxz45fK%)_ z&o58q7se@UvjkHPJ-Wm5n9~#>>B{q^>fi~YO(FHqU{mA0A~X6`nA4TTpbEd;0AN*UeCvYamQ0MwREaWJM)ozuFF7aDz;~_FZG(hTj#;!c_`k5>> z&)CptMSG6uxh7^vS_?rKFtonImHE>}4(GcbzM6_?J+{`gD^x4h)7(K|zOS)X^3^-3 z{UyU9pXaWVMcj)$Xalgt50(Ff|0-IV0^!P{XDOdSR*3ytt4hhFR01{+%}7D8lmX$J z>4hZmWg#6nd3sa^@-BUk2&Ze>)eY#y>fFumIc9?dNr^goe?l4UJ+NIcZcw1?I|G<1 zG{kaKgT=PhsQ);*G6yTYdm$!V6<6g#xXPE|o}@2N!YBcg@tJNkz{XsH^pmCcfT5A| zFleBDS7BXW7Ob=>z$pCi{!zc(nCrfuET3KID*j()g9yIN_qz@t(b!93%DHgvM4qY6 zMk?^n{)pKcgr52WQ9&j~9ym+!3iY_BmdQ9EIw!jmYoezu6eXjZWvfo2O?x8tkRvjC z-D4C13)ktYQk0u$-APsKjLHb3I$ZH;r6uKK{I#%d1m$9u?;Z!YOkK0zkZ1pp=fBU} zIC2sq6WPf58}mHwVg#g@C(b~99OVa%25S-XN4GsJykWq~fvo@j9_>a|HHx?RX6&0|)MxDz?Q$It(-c223IWRUVi|sy73l_+9%N zPcCY9tmq@EG}5Z~FEhx&DCJpx3n!9Tw-h7<|vWX$0}SyF2S zichX)g}`8DTJfL6<+STc zyHXn{c^!(v?4De~R;UAX>I;FZ1;*Rd!c!mXyMc(Ce>(h9r!Z~y2?=?IwKqF!Y$IhF zlZHu|@I7(eI{f!WpMa?b_?Jql+QFPVmhOgBSRxay6EZhYDE-nD)l%|!nzE#=-e}mi z4lBzAD2ew4Xm(%gdB~Qy=W_D4h<)jA_HK)S`vkF}gMFKb3V0ZX#GR~x-;0+jKMm;J zXjAEoi<;Q6AdK{98HiIbMXLXu;FmFtFxbB}BdYH>O46iBa>V0u`yw^5BV&bmxIjG3 z7Yczx>e)(baOkqBKo_O{-2;WCE*^w?yvu&dU*LCvVnxkG&XZwnGsb^adQzp4) zlC07tpCyBeLGr2FjAy~xq6)5l(S{diiaGeDCiIg&t&_T)fjpR6q;C*z*_<1RD(Leg0#iF}4l{9D$i4ws` zG+F0J6XQ~AdpUjiqfe(e(#`I2&v1g`4C$j_=Y@JJOH`Xv)vu%9zwqL`=)D!-wL~Lt z5SP3S9%D*gtbwDt_#@&CXaIe8qfI*jC?v=o5Io+`PbC7i7yeu<^r-MEWYLt%)iyxV zEWJ36)m3Y;C>2o`Eip^~3(i|iwj^K^h8^3_9-_keui&@BK#~oxcj2akLaco@wOlYy z4r`VQ2}E}uQH=s6%R@OTUwwoh7z>Bcb`ZcWgxsXk4Nf$QygF+)O)|9RdlSBbny+DKzayx01qra^ zEA|;v2G|S|Rn$d2!ceVCDSss%=O*YyrPlfiCmh^&iGK$}0~boeoi!ly?fvaIOg1;R4~r!DQV^>yJn=a5**QtfuneG<3fzHFK#_t{OD)tfK2;zJ*;{ z*%R56G(AT$CP{BAAUM3hqPuppj*a4N+4Wf#EH9mxG-OUk?E*kmA$!mVukNDSQ2-uJ>zYnO_eMP zaT5dAjH6?(5NmkIM0*1dsk8mt?0`n>`|6RcrCD%}O#(Y~DbHNKdYAqr7^Z&KJ?jP1 ztb)K->G*~2udfAeMWAB-7>#UsfN-j$aD1dM@ ze&8;OAD>%#C-pfCWdm{Z;l;|&9NCsybrvA2G1&gg&}Zd4oMU#GY>$># z6RPujm7k=HuihYztqFA5fqYMYjZEE9@~Ti6s4U7#WrhXrYm#n>wPrmu4jQs|=oI5i z9<8-jZP%*H_(cwgvsUan`B464e|Ukmu8yx9$k42_waGeH`@D$m0?*YT36ERP>IMT) zbfOD$edv2{MLqJajPL()EY*&4TnzgCcFs~3U2dU~=Xn(Zh#z?#y!hprWYY3cL&HIE z$~u`~SaDtxQeHn1@koU-+)i8>{)RU2&Gj!b_8Ddr6m%G}H^LQPeH7wx{2?TwQat;Q z5+xixYHjM~ej2|OnLMjt2I;lO)k`+d$RndeuSMR}kdsV(&qWYh7i`aK9UUbN2@d30JxF`yZg!WO# ze>7K3ZVSoK!50iYsDqbVIr6w`AU%xI|Ix6hkNVE94=jAJt}|kPRm8Tw`?d|)YcTAi z*CB>Ei51ENO-!d>L@;x?Pkg1D%;6Hh=w0_{cxw<(Lwmbr-OoWK)RAV4y^J^!<5(ts z^N+j&_3@p%EZR0f_!ixVZ#?z&i^CSnKi|ofBSM+1!WXoa4YS`AH0Qh2V6U5Rtj(y_ zUB@;N0!UT~zGF?8Ur+PLC-8PDwmX6&V}qRwmnx%~Q6nFe;%(8q=JIB=V~goY8hqp+ z=EO~Q=lxHsP|6EDMAf#_X3*4%n)%|yb>l*!%Xou&9X2N)EcZ#-vM4L1(^n@n zVm1ye3%vnTqdNUBEPo4S4ik1YI$31Lh@lrBD%lYgyo(OqF27zA3R5P^?6#j;^~vQY zwKterNuJpa{4aNZ3lOxX3X(8NWm4kc=Z%SxUNiVgJd(W2a?AQi^@JdjTzhkq;LkORO>BYC_)~I z@1@&GJA23GL5Wb=p$DYnGYulkICb14AOSqav)~V~aq#s~TQgWV!G4W0WFkj{ zS7*OpIlx=yTUBtHp%JBVkl1MPkYv4GfP{tC*-)Pi>9-xvvu72P&{Wq^jfQvRiiFJ% z$xB=L`~A;{dw_pM_m+QgL5rYTK*up2@nFbNfO~UCh_q<2{;yaSX$GPrQTU2#40R+! z#tivqiOFRowQjv^M5+H*%`dW9;Q#6cT9Y4;iX)l)fou;q$4l~Biw`H%nEhzQ+o<-G zG>BnjHc~B&0V{LBfw!FYN2%#p>lVb>|!No zyJ+!xY+nsb4LNH^VzleZ(S#KorSgs5?2E{0lT?(tt&5^a3we1_}* z48d7z(T2!WZEHVr1$Qt7#a-b}zBTc9FDIixu#@WuZmUsDLDilk3aHw_xWe<_BFl^R z3NOvbj%L8p=x=+6;sVt-$48rtJ`JrEKAr$=puT2}u zloL9cI*uAPlKLJZz^U76sNCjp%LkQ7m&6H+MW^mq42qmn`&h~L$lXC>2Z!MUr8O4h)OMkNtiI40-<|rcva97?dm1T!~Yz@)s zPDjWR#`BTt(txwio=Jf@MaYwl;i@kcLT*ZOO~90vw&Vp1@Oq9Wbk z8zE^%<#OGxrNb<_cJvfbYz*fDFKOpx{Q@+M7sucVxYM;$B`@|N+rxY8D|kdOr&*?! zFKP!eOf|esKh9o_YUdT9xHZoUh7)VgD+W*WX&B~&#tn)~Vp-|iM;9DbhcY@^c9$u>}vT2 zY`u}YDQfUAJ%uEg0Hy7+DHeQ1x?=^7Oa!A?rz(fh@!(ZF*oFX~Vkf6yJ2a2$U*!t@ zVocPUaoYjQMt;fEcX%fv^DPXL6ayryM!hX5Sx69X8jGh)j%ZD7>ljNh;#y>a8{0p1 zjVJ!so7#_gdqb=0#7V8B^;eS4jK2y8qvu+{#eZ8y;Yykfw(e-v35obx$gOQYFSI)O^!(oHIX9lO>pRe0(qP)M}(5SPIXLYP7 zswHQM6vu`%H%(l@xf^BKPS6E=w`xW9IqFcmTOS#q5N*@aT@LBF3)Bp-$wmK0X#uiZ zgU`v~ZzEEhx;lJr#qkZOHTA~O+Y6GSxD2XVgaQn0T@JHy5Sv8o(DJqo+I;`M>&0R) zdk+4I?u8(tPTU_mMyQ~x<@R8wVv*4d(cmHGmUMbDc&_Nc+CBF#`9l zeN(1Dm76H-qR`h1Pr*(y@=pE$#B6umMR7=j9>QO8k5@!ZIE zoNEGzBMp(^1wP>#jG`tSY?h$P)1NAlMDBoLvtZeAQHxa}7ji)xDLKjl`!SL>*)!u3mQt(gh>LEAd|77K8QNe;#4w`Z0h|1Bf8 ze@jS#qr+0VK{((TB)hnsr1C6L&;^EZ&nv1J`5&m!!DqZs_?4<)`K>|AA|S>|+Zd62 zQZ5=p^rciR5TDb-{3!7}%-JTy-#6JTZM4Zv`Do3MrJr7GlaJVgx1j9KGW-3BY6H+=>1-ca})I)B!0mrRiHul%1s!3jd@jn}jASU$`{99W}Yo2Z%_v`KX z*&ZEt`yO|_lTA3xV0Ac9A!1&U!OTYRqMMk*CJa+-$0|bAhNOf37=G|dmlu?Ai?~0B zDy;NaYJx(S83(HW4+2Vj_TBe27ny!#>*FZQLR@}m-MhFs`|kZ~zek1ZJ$y?tey>_! zvFRBNuO%TzFa(hp5XvV+^9?`YazfgWjX$bfv^tYFq4~(Cp)a4l&jpg*JadYGSXNQ6 zdI(kNMAs4epg{`7!yURE5Zw*E97Gfk*VbE*=*1D+1LjzWtmc!QaLQQbdS$Fd#-Zb7 zz1zoR(rsE&S`rmx;#w0m!ufph5xX_SwyK@&?+D24K^l-SB`6HyB%nv%#aigzwks;YqVNF$lS5P}842DJ@d2viLNyJr_f~-0{1V=h zVNW)AYMV)c;1C&KOJ2{eZA|lzJGRx1PCi83hlRObiv5CJozWy-Wx%Vt%;pr}4@zQQ zhj}!u+B*NIk8ax0GR2ITqh$4k*g?8LH>v%8?%CE|`!mJtob2}jyP>D`-LHE`$=f)}ezMrFaM5tqviL$fjvIUoJcY4BpM?#z!KI`#{ zhl~;YJ-rx!6z#xvc7hd&6JKHGUCcm@g+8a$qQp~{z#hPK0#`D+;|{

;_HD`Ipai2pfdX7#^J_ODKsNd7;1GaZk`?k5;WIdLp@ z(Vjgwm^d(hX)3ZBkFvfl0C%NQ0WTt?NABkg_(%tDSAFbjITd|ThRK^7RL!v&yKNJD z&VAQRJTxDAgzklfv<19fY>6vuc(EgzVhFl{zi_Mf%nT|q3p%5%Lr&(nK2`qTpXk~- zGWpl%FsT}dAYucekNEQe3RuevWuu z85Y-0n-6JsH9@H|JSYWYhyPC56id@UJVbsMYhi!+LmXGkDMLaS4S)sp)@DN=NOd^? zNS85Z8#d#~e#sYY--3JY3FG=g2z6BFj+ekDvV1doDkO)9gT=IMnHoI21fqsFgPy#) z5HKkInulH-t*M#QXN?L|uw>y6HQC=0GO@l|o0p?+v<`8v~Y7&JNkKkfGAR zDdAU#*|B3U8tPa@Fw%$F0JW``d$abRLomVMrC#89h;P8kRiUsL2Z_gau!+!%>6r^f zR-&A^_&})9$kVD+DqIrgjJdVbySBm2K|0PwmE?&P-CCldY-azdjA)EUoXlV`Xx4#0 z>J3AmKw_8h30%b_r1Z2Q$|?t#p1e|fdOdcG6|~+1XEuy^=kxE+j>oV3%ZQsYojmwr z^YhIo)73@3>9(ADK^i#2jSY!tCV2Z# zRvY)K4|%~}^Tcai4YL?j)ALT6EH{z^k&ofmzLI@l8c<13xU})`v~=WC$+6wf^3| zP;p2SmKEI9FaVAsJ!d&Q)tqNgECcB{FT&{|x4iP%&acY)O4C!*S=A%~Fr-=VHZ6VJ z`P6isl<&-0N@sxOVEAMQG~V~w?cHUKktrJr9{8ajaKB}khD2};H|lT0t16#+Y~Bmg mt;(Qt4Zc7n#)v%kH_)c*6;U8}`|pai%4<6iD}+!qd0w=o0u>AZ From f03076dcf3eca3d6ee77c7b724f9c5711f887f70 Mon Sep 17 00:00:00 2001 From: Owl Bot Date: Thu, 5 Oct 2023 18:26:42 +0000 Subject: [PATCH 3/4] =?UTF-8?q?=F0=9F=A6=89=20Updates=20from=20OwlBot=20po?= =?UTF-8?q?st-processor?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --- google/auth/crypt/_cryptography_rsa.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/google/auth/crypt/_cryptography_rsa.py b/google/auth/crypt/_cryptography_rsa.py index f2ced73d0..1a3e9ff52 100644 --- a/google/auth/crypt/_cryptography_rsa.py +++ b/google/auth/crypt/_cryptography_rsa.py @@ -138,14 +138,14 @@ def from_string(cls, key, key_id=None): def __getstate__(self): """Pickle helper that serializes the _key attribute.""" state = self.__dict__.copy() - state['_key'] = self._key.private_bytes( + state["_key"] = self._key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, - encryption_algorithm=serialization.NoEncryption() + encryption_algorithm=serialization.NoEncryption(), ) return state def __setstate__(self, state): """Pickle helper that deserializes the _key attribute.""" - state['_key'] = serialization.load_pem_private_key(state['_key'], None) + state["_key"] = serialization.load_pem_private_key(state["_key"], None) self.__dict__.update(state) From c6919933ab349e161fb7ad7e736e609aec8005b5 Mon Sep 17 00:00:00 2001 From: Andrew Gorcester Date: Thu, 5 Oct 2023 14:08:41 -0700 Subject: [PATCH 4/4] same for es --- google/auth/crypt/es256.py | 15 +++++++++++++++ tests/crypt/test_es256.py | 13 +++++++++++++ 2 files changed, 28 insertions(+) diff --git a/google/auth/crypt/es256.py b/google/auth/crypt/es256.py index 7920cc7ff..820e4becc 100644 --- a/google/auth/crypt/es256.py +++ b/google/auth/crypt/es256.py @@ -158,3 +158,18 @@ def from_string(cls, key, key_id=None): key, password=None, backend=_BACKEND ) return cls(private_key, key_id=key_id) + + def __getstate__(self): + """Pickle helper that serializes the _key attribute.""" + state = self.__dict__.copy() + state["_key"] = self._key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.NoEncryption(), + ) + return state + + def __setstate__(self, state): + """Pickle helper that deserializes the _key attribute.""" + state["_key"] = serialization.load_pem_private_key(state["_key"], None) + self.__dict__.update(state) diff --git a/tests/crypt/test_es256.py b/tests/crypt/test_es256.py index 33465ce6d..f87648db4 100644 --- a/tests/crypt/test_es256.py +++ b/tests/crypt/test_es256.py @@ -15,6 +15,7 @@ import base64 import json import os +import pickle from cryptography.hazmat.primitives.asymmetric import ec import pytest # type: ignore @@ -141,3 +142,15 @@ def test_from_service_account_file(self): assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID] assert isinstance(signer._key, ec.EllipticCurvePrivateKey) + + def test_pickle(self): + signer = es256.ES256Signer.from_service_account_file(SERVICE_ACCOUNT_JSON_FILE) + + assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID] + assert isinstance(signer._key, ec.EllipticCurvePrivateKey) + + pickled_signer = pickle.dumps(signer) + signer = pickle.loads(pickled_signer) + + assert signer.key_id == SERVICE_ACCOUNT_INFO[base._JSON_FILE_PRIVATE_KEY_ID] + assert isinstance(signer._key, ec.EllipticCurvePrivateKey)