From 231fef29920b5798027ded944cfb0751623d9c6e Mon Sep 17 00:00:00 2001 From: Carl Lundin Date: Mon, 20 May 2024 16:30:35 -0700 Subject: [PATCH 1/2] feat: ECP Provider drop cryptography requirement The ECP provider can work with the Python std lib SSL library. This simplifies packaging, as cryptography can be omitted. This patch makes the code use the standard SSL library if a provider implementation is detected. --- google/auth/transport/_custom_tls_signer.py | 20 ++++++++--- google/auth/transport/requests.py | 13 +++----- system_tests/secrets.tar.enc | Bin 10324 -> 10324 bytes tests/transport/test__custom_tls_signer.py | 2 ++ tests/transport/test_requests.py | 35 ++++++++++++++++++++ 5 files changed, 58 insertions(+), 12 deletions(-) diff --git a/google/auth/transport/_custom_tls_signer.py b/google/auth/transport/_custom_tls_signer.py index 57a563d03..9279158d4 100644 --- a/google/auth/transport/_custom_tls_signer.py +++ b/google/auth/transport/_custom_tls_signer.py @@ -46,10 +46,17 @@ # Cast SSL_CTX* to void* -def _cast_ssl_ctx_to_void_p(ssl_ctx): +def _cast_ssl_ctx_to_void_p_pyopenssl(ssl_ctx): return ctypes.cast(int(cffi.FFI().cast("intptr_t", ssl_ctx)), ctypes.c_void_p) +# Cast SSL_CTX* to void* +def _cast_ssl_ctx_to_void_p_stdlib(context): + return ctypes.c_void_p.from_address( + id(context) + ctypes.sizeof(ctypes.c_void_p) * 2 + ) + + # Load offload library and set up the function types. def load_offload_lib(offload_lib_path): _LOGGER.debug("loading offload library from %s", offload_lib_path) @@ -249,10 +256,15 @@ def set_up_custom_key(self): self._signer_lib, self._enterprise_cert_file_path ) - def attach_to_ssl_context(self, ctx): + def should_use_provider(self): if self._provider_lib: + return True + return False + + def attach_to_ssl_context(self, ctx): + if self.should_use_provider(): if not self._provider_lib.ECP_attach_to_ctx( - _cast_ssl_ctx_to_void_p(ctx._ctx._context), + _cast_ssl_ctx_to_void_p_stdlib(ctx), self._enterprise_cert_file_path.encode("ascii"), ): raise exceptions.MutualTLSChannelError( @@ -262,7 +274,7 @@ def attach_to_ssl_context(self, ctx): if not self._offload_lib.ConfigureSslContext( self._sign_callback, ctypes.c_char_p(self._cert), - _cast_ssl_ctx_to_void_p(ctx._ctx._context), + _cast_ssl_ctx_to_void_p_pyopenssl(ctx._ctx._context), ): raise exceptions.MutualTLSChannelError( "failed to configure ECP Offload SSL context" diff --git a/google/auth/transport/requests.py b/google/auth/transport/requests.py index aa1611322..63a2b4596 100644 --- a/google/auth/transport/requests.py +++ b/google/auth/transport/requests.py @@ -262,19 +262,16 @@ class _MutualTlsOffloadAdapter(requests.adapters.HTTPAdapter): def __init__(self, enterprise_cert_file_path): import certifi - import urllib3.contrib.pyopenssl - from google.auth.transport import _custom_tls_signer - # Call inject_into_urllib3 to activate certificate checking. See the - # following links for more info: - # (1) doc: https://github.com/urllib3/urllib3/blob/cb9ebf8aac5d75f64c8551820d760b72b619beff/src/urllib3/contrib/pyopenssl.py#L31-L32 - # (2) mTLS example: https://github.com/urllib3/urllib3/issues/474#issuecomment-253168415 - urllib3.contrib.pyopenssl.inject_into_urllib3() - self.signer = _custom_tls_signer.CustomTlsSigner(enterprise_cert_file_path) self.signer.load_libraries() + if not self.signer.should_use_provider(): + import urllib3.contrib.pyopenssl + + urllib3.contrib.pyopenssl.inject_into_urllib3() + poolmanager = create_urllib3_context() poolmanager.load_verify_locations(cafile=certifi.where()) self.signer.attach_to_ssl_context(poolmanager) diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc index 883ab77496f8072ded5cf8e53a919214cea12ec9..104243c2c5af16beff9e04049342857ae34f0235 100644 GIT binary patch literal 10324 zcmV-aD67{BB>?tKRTJ-_ws4YSuCraI=m+~uG|UyKky@y2+k`UvqbZ})@G%mqPyjE~ zv){nFYD}Y?dJ2R8Ld~KhGVVU4+55;fDiDV-)b47!X-OcO#{Qadx26h6AvXxoI84s5 z28EP}tuO7L{m9F}L-B^R(Semn9z~a(ep<0LJ}j*%_g1<_y4*HWD!bAb5I%!{BBKD&bxl{ zkBU?>)Bt5-6{{iD$`6QgD)Bj@Mb;9!xd%L@Oc@)4o$Dn@eklBwuMYb5`k~nE4FC7h z2eTH;cD)ls!59q&$(niJLRQ|wW=w_1(%4)wmNVW3XDBR4HliifOd-z;FNXigip=x9 z8Y$_4&wf{=no{HD)<>*$voqnJbKb)jj3rV#ryR^C_X(yEk=}satJ#@ zXq^#Xr3&^>2hF9qCpFJxx7=D^l%lJ!kF}FU|sv;F%isYH`u!|0B|KJkh zW2SV!A-iBZ9I^i4TvC$)9Ccp>wCif48x;R)lpv6UnB5nA4H*P`H7$g{EqPAB^!~&F zoMD$|a^{I@t?=J6iOeJJ`r|qPQUemo!~V6E-Kw|X?i5aMpL6*U+gv7mJhX%j_c>*@ zf5QTRCDJuQU9}o&J<ycB-U z&XG#AL+)SO+CljvNMwz(3f%AJb$0L5gF(^05MyRTcDTR~I)k z$!1r{*m~@1;UVWf_S|GW>L}@GX=ysrXcApg-Vh9ByT`ZWwfzV`e;6Ck+*SxzmMKVz z|LiZLaOP(OFo2QBOeyU^S`6cYx;Bjb_W(0W`J~b(-s}2}y$6iQ7W|G2&$iA-egceM zf`!!#;2`zfJmw{#Ag5NQaBwkJ38B1f&zfBu!PpoaY@>?AaPma@nQUMYqQ5GoVpycN zC-hg4q0*wAfoF$y*U$-#jHaPjq%r)Zc0pw!K4a2qU#j!ytiDkvTVar~>bj3oF6Dwp z{PchZSm)f#c>wPGb&+%%*XVf8-4;})bfDfC*rl|5Z?vYcFqAPIEQ>V2v#03b!xuAAc-~Hy^oURHgd3%DAkW^`y z&&RY)laFr0(vc*3Q_haau>RILP3i;1-|4E|;yMa#N*$)qG%{_yva*IK5BXJiXb?ei z-N(>wWWwF$>10ROW*e{1pXGY5pjRX9)EI9k!PH(XaMKWIsGSJm+;SH1z2d8rbg20s zYpNDftaf|$9x@fH03;9o>Cb*6Ni&J?+^&Y+zyX~DhypnWkOa+1MO3Wx?F`fcx1HT~~ba(Y8LL!5^ zPEWzRpgGBH@;Z7Vzk$fG%|fk*hclfx85RPb<|%4z4>W2{jZKiI>z=~$+UREs@U;KS zTfjC{B!NbP0J~VyPmozaTm)Fm)RRiH>|&_qp{@iRFQAd|#^GC-1rzX|e?i}_%aHEqeLAJc=m-^keq8oh@+30uTPO9=z zs^bGRsD+L3WIht5QxjddoS<+84LlXbYRqRs6*`T`jP{XqD-19jmGQfCFB?kM+br)@ zWnW)JzVlC^u=vEOMf9yuOagH-TVeldDH+eqZo6NLY}%iLyu7a~Tx)IyQNU9f8l1e6 z%?B6RoMen}qSwvs2g7){A1<+~@(*8GF%}lkl2$+`07F}{-?$aBMtXWrw{*qMC;5&D z@+RkI1^Xy5+F82)>M`fkrQKu<4Syix~#_@x~awxW9N{*!MXJ9jHKF zB6e3M>bn{wIQOc##o>T&WRu@4dkp`)UX<{6Q?@-9=#L9_eUv`M5=7Y7`vu_b-&O~K z6Ra?%Z>_*Ykif&ET6(HAlsJ2pHI=}$y)N|E;j*pH(SrR#Z?@op3q1xsqGdn2Kmk*c z9w+eSMb>1`=jJ>Chho0Niuq=9y(4YBOX^C9MH!O1T(x{F`{av7*VL5-!B;r!U?oJY zr(8g$=VxKOob;Y6daHJbPT{TL{0XCLL}Bxi9?}RIty`VsE@a?EJe>0ewbcj%q)<*f zvPpyBgTu2v>_}H2{Y`7tgoxjLdgK}hd>(XmwyXKMZ86Nj`Kg=p0S%Ol`aelC3o?W; zq(>!>$(!>j90)XtuTbYl6Gu8+IWlI%CNGzWq?34o=e$^q-&{%nd{gi)SZlam_@i7R z!!P~{^nA52E$cs(X@Ma6deuZzc!&rc_=W8 zaeEJ#b45Z5oHWIA{gVv3DDgi+%Kilgc-+Ie=Mk6F0yG^j)E74ut~FlieWPhQo!Q@# z>q`fv%O_8qmMVby)Ts~Fiu@C;h!kz}dO3@9?Tx;y(_P9Z$LB&U1jj>n+QkiC=I$u0Phi(J0ls*E)S7(>E0q=hRIr77`E-WrvTorsAjt{ zw(k#V*?VMHPmaTTbx|2&pD$1*wE>ya-KC8{x{u6Hw`Sk<6L(^LL+v8IVUpZ=(tv$7 zPB3PsEz5D!$|Q;b_SWI_(4+>TAd1{eMj{P|=mLn~E@+=$kuLlo=cX}Y$tLDV`Y zw?I|WgU6~9ZP?&Xm;$0Ml`h`-PZ1%d7iqsO-Z5|>dk#+%Lp1J0NnqNcS3%ppFIG{^ zyksab^#)AArY08%3yo zhg0qvKPwJHHJ&K8_-9Kfkt;`s(q}i=n4M0U?aRw*u%*<%Pp^5DQHaZy6G88J8u^I8 z5WsCe6I=IFG-UF?2U9@_^|QaHgYxyR{H5P>IhR%{TrpkxYvpCzkUrYLI$P^fu48kV zfM7)W>D322E!-q@pjoJ5*%`8fSIH_W#G&Q~C&ONvgV4)> zXRIMuWJ)m88tHJg|8t|7^nb2~Ugx(Kb#U}i$!xYi)ZJOBpX|nV3_OYC<)bkB_qi|5 zVcQ$CNXc0zVm0cfg+OOgmTl9nVsFZd=Nz5H149@QH9zSDx!-8{@~hIYPnqig&DL%o z8$oTEcVD6^An=T$f(WuHG6Gm8(g(%Gp@^)$)dy#%%0N?q&isDKUu#os1FUjXW19GR&v^sW&l=YsI9 zZ*}Q(e~es(=jS4u_R_vroa=1YPj%FCA*e4R(vNoG9v>G`_Hx&&g3~4_NAEm|Q2XpU zQx!oyxlC)rwShXS2&`J>r%1j?0IamU+1n^pTZX$g*_9n-z2CSC;X;9H!C6>mvRbV{eJZN=1=o;|) zm9@bPWysQaK~RfjkOYLoDhhN4HYC$<7RKRtg)2#{2mBw-hp>(3Vr%kqVtm(^%x+lr zE=oop388qvDDK=wTdD*!ltpJ;XiqlmKOS8RD*a`P3S1T2?NfaQAZRSL*bo~b!zZ%U zPk_JTi`JQWmO}UY$n~iEDC4AKtlEr1(5nB#7}GP&8PJ{v`vB$mw1~XVOJW z5j%GeD(LO$v4?+G40oP;c=W+Gh=Ym~A6Z&H7Q)3k z7jR)R2u`JZ2+Ml{uVl=6?MFm)tQEJV0${3_FmJFG&P#7(%^0(WvL{~>dtAhhd^AM=aNr7+ zEnn5oWA1UriXi@9tXnYJ$?kMGQf8+j4i_>k#1WC;720u+jJtXLJ82kmDbi^Hk_0J~ zzPB-D!36QA5(jpA6rS9uBq3$tw;V3_%U50LLZ5h(P2qUOR4DdDz9`4Vsi?@>%)^Rj ztB)^V3+V1qbWw^p0_!`7mU-YStm{rN^L@6fqhSWC#tVCw%I8@WWE^}^FyPzozXpB% z^!LY`Fy51-dI5$LZIO(yOU(Jg6Sg>Id8!wO+ciOx$!~J}No~g=6(i51Y;d85Nln|_ zL`=IpFRJN24=~>1he^WUjhBuF*nX6Ui9?1w$q5@gzuBN0@H$w^+hOOfu+lSyEEdO8 zgY>f&nd7&%I}qPc>QH#-Rt8XV+6z7)+G|ltG7cvU6OvL56=}TJvbCP7{o6Dxa+KTQ zWyt2VskibZPuF1$XtKJ`oEDh2T&sKJ5NEpMoc!Tnw__xgJ6Z#>UuyC6kI8Ui_+M9^ z!2JL>ojjYin|=5I8nfBVnevEgG$Rb3{(P`f%h)4)GSk~+eRCpR)4nAL)6t&h(V-Ac zOYxyqfqp^H?lhvloo5Khf0AX3(Btn8TLxBETw2o2B%L_VNlx>xOP9j0zWjJ18%QwLF)-q~iHJ|8f$O%Q(+B=j+?nY$Ga*S>MV|GTggjm`xDtJ?MM(RC^kz*1?gbhxr&_?NyZ?!hNnRm>BGW9vvJPUTqE*gSo==%*;7<8f z>|bzB-U(K2qF>pX4;QLpF4>;x!R~81WvF@9%een|?6vE-iB$%>&^w+UV|3%-MJ5~a zsem(6QWU@{M~lSP-}@8Q#HNQZ#!~4Kt;?KY>shyHPq!#y-scg7Vu((p;To2(fbTlg z7Ts~Z3uhgj-G4Uner)0=_tu`M$luL{;dv}3*~K#=QaE#Jx_iVW*DsT&XgtJZNF7Or zX`QjtdM)Ui?w!|a=LmoVc?>dpfvpOShk~AzMsVk=UjM)m>)$1M@qYn|D_L2KKsP%@&e3O5yVre z)bAbc%9H?OB|XDY{KSjvl4ydUpdHuo{_`H*==BB{9=;03c%G2C_|$beY_Gz*q6;DK ztk3rQxuE;h<`_J>r^8G&D@$U}(=xCwnM07*?=GqcXz;V{p^a7f=<3D$b5`zCZ~Yy1p#MrgY`#rq@^)T;0>=LfkqBWdUhjEYNYsR5lB37w zx{YpY=#r!{E;|t`r&s;`E^;4)_{x5TR&4M%oixduJJDfeVC|H4+Op9Kj%bWpIP;vS zmD4YFuW9NQPZ*H4+bZT`%GLuRu_Ni&sUiyWQz=TS*_DJv#dE1d&v4pc_+<<&PTd*6 z=`a1T-!8UPJUwHJmPdLntDOo-dzY0f#(a9z_e~;Rkx*f&rEuoWim=TSt@T&j_~<54 zD?!oYC%g72%5%BO3q>k>FaL_dKk`jpCeC~y^13)CR|O;YM`fQ??@y5+^A;hN^(mAN zT6@I!Kl*;B~Kxt%IS~WIpv9vbK0b z>-3bpH}*(`Pc^>4G9ObVjQA|HEkL@iA>)hfpg>{n zLN_B9FlaRHF-r8ECDV?mAY?j)ug4JyjIoHvvu+rrtX3k!-Qm}r#SG4cx37y}wdc~< z`tL?CC*~zX2ig(->#k1+x086`??rJ?3_#e8`}bKO{+a0TNQn?&l{F4xzK0(I_;Ak$ zbC&tt z7tf*~$oI<6Wcby#n{`_xp8G{{3yWv;`YnO!%tD7gVex`EC%AQA1;?0g(zCXG5(f>H z`%~&LGOjzNXLNEh6NEEe6my|#iZ_l}pZ}A61M&}wDbq)h{^6}{mtqOV+(`1WzzPg$ zd)BxRD~6s{)auFXdabJ!i2cNyxi!Qy{i-wr1A^f)XZ@SfIL=Yt!Nt`nGkT$!})QwMGG%Xpkz*X(n5g`ARyw-uf6>_K%O~7{1Yn#95 z6q3e&a^FOh6)N!fFa&2BKPb%SIK_<2`u?iV+*aj4p|MhGQO|7$B6;Dnv;yR>RZo z5Thmx9Ko!Bq9Y!BX1TFWYf%TcCZw&sMmUeC*cbvz`4jav8!*zv2t%iRXy7e)Vzvf2 z{&8lzIJo-IlmMMtFTf~Z|KZ_A){sGheVQFe>-_;Ytgabmjn^7pR z(BRE}b=Ev(>0N|3i7gF3Wg`7wLoCrp^&PeY#v-f4o_qu}_E&pp)|I3=?6Lh*Dhw20sF1!=YiS4s}1q&SzEw zCAn03%#c@Ltcs=S!U$%2yf51r3Sg|UAi4kpVVEtd+s5Rti>8-T@UAXhzvMzNo|W3d z-f`ubOf2qB%<*iwF5v4P%}bFG7}TEr; zkqnTY)BEukWny=&eUFoFtMyb}{QLSn0GrPf6r%+l(bfy|(Y&8YBEs%TpTy~VMA0Bp zTX%k2Crj4vCV7ZtKTx~7F1BNn(de01hdGqoeZ2T%lLd73y=pK-7BYb@I-ECr_JCNV zM>AAYm><~r!uTj|;e5qzl*W1ogOTV$p`=?^+Od9-M*`VbU}mk&|6ks-6Yv_RL$Fwd zJ4uCJ!4wlMD;Ls2oc`a|hW4y{{PK$(=TMU@e`Fp*;+$p0d9Ynfi))oX4sDkDqj>a6 z)V%u_eux)F&&HawKWxg*K&Mq`aUa!Ymz{o9YBtQ6&XUsu49jz{7~1-Mm5ZAnAx1QP z6w(-*#`jlw6vN7>CRy&Y&YaY)4?^z3Ay(u*UBP~0Vou#kgW0tNKg4q)$tXbADw=|A$eJS1vcMSsxNq~8isMyoH1>WJjBs|9< zkF^$XyHS6t2}184SvLBzhdcJf%aW=tEH%X*&xmk_2OYr`|%nK7S~Q z#{AnntgS(mK(ITKac%1e!-#@BCSXX;Rh0O~QL?WN?of}4_NGwuu)of`_TnK?DZcFx zrF8tW^RCvwD0{e=L@suTE#lz#<;C#O03m%3>1jVY;da1%L9dc5NOfgU80(VcYZ{rC z*4=cY=}B|FF1(4X7fypoMGZ0;mTxgN3fI-bFgQS?eGrk)yqgHBacGmumvn_^p6V!tI^-CKP_Gb1A$~Ou3OwUFO*74#vEgYtzK0AYDW-0 z2oX!}A&I>SO+5 zmtc}-bG?y6T?MNCJTizgX{5CBzychi@w0tL$^Zz@D4mVbr4TOFL(L{bM1^=CYv9sJ z4j8&Z__?snQS2_Nx=@-+*!Ob*^>J0tuqE?JsiVZmM|kP--TY(>i>|gxm6IlOh82q; z@mcZyw{kl1{ma+Ej(5O0Z?!XTkbTT5iVdcaGZ#!6J%j{|;x-|VUMqb~5dhoHkG9wn zL$~$hJ*q2oNeo-=-#`m!8OisMR2jf;7`maVKPIlL4Z|y@uRq_$Kf2=^hjGkL-sb$Xo97pYJvS;pXf_ znJ)`NTbjdacyl2a(T4=@?XKU*NiT1lfc^kluEwt;?=T+TRA5jTO_HPVt}mrdxp3mK zm4xOR-Dy5WF$8|(VA^6m7}Q!haKLm63}#a>w@s`u;d!vHDXpjGzvM*#4oTd|m;ykm zJ+i>G*O!l*O^@wlQZERyW&`BloNUwBA8$0kXT7&|H6A$Yuq>)VJ$)xBy{04^+I_+c75qfaaOCeF!uvnv z%pfm;SCs_N@I}>39Nq=5_tNjw#`|AHP?dA3NFAx3Km$^b@d9Y6Gw|Z1_y-VzWyKTc z!vk!_(;2Ey0ak(l2wAdJTCosaL{KX7r^WULv*P(iN{eK`+|d2eS~YHLRM-(YdMD+n zMek5A+pD-8f321rp5_S`gyK_Iyw`lFd?F)lwEfR%j6O}#6nD7iY2z808d*iTO;=i? zt7l-wDmcZ7wb4qBNg_GXfA1danxuBEUvSlr_jIBeym~0bq318sTFY6> zeTUeVpNLw-)HR}(>qtUiY050VYV-a6#Y$WFq8a8J@l;x85g&!p(!5(0B_W_3Mz$DB zct@-u@7n1SD^u=>*q5#v;3_=E_Bp>ark=D*>W9tBAInp)-GlR zlG~jg*u1L9V!kd-2t_(uh-4h5VMHIYbR(Ng@tWS=$uV5L%rGt!B^gi2 zxXbJh-iIQs88BK;V+qSE#pEYSx$lj;?CC@k(`udu08Yy`^~W}~-8ZpCD*t?#PG zLob|WF(~Z6MST8Lo-gI6&WM}}Y`MlnctBSM7Mu$}K^-Dw(-;=4+^{lA)U?0BH#8;V zinJzK@}!C(Xe0DNG$MTIPqin9zUUczgN(It0CC7vSv|kJE19M3a5Kr5q*3bUza`G0 zgXdqU2+OjDc<)ZT`>L80^}W{O;M0kN0_P~q#^IzV0l4TO;%#TaBlqm=xqqu#bQF8` zUX`#N^-1NE$Y4*R!x@iM&W5xwrZH6q>Lf{yK=%CzH-bvr5|?#fVNncHtqpl>4`u#z z0KNv%0U%pt6t6KZ-tk0(B~)yG8JLNnGuM-DSuyoR@=Fp|qXj?}FnS$e53fR$@3bgXBbqc4IJ>w{ z&}Tm9+%4oUs!s?tk_2&=_u|-y4i%*9JXjz%^&BEADO&?YX4^*vL4lJ)CV0$}oNkF| zuZxI-tbN`!yioOy!vN(8{o>yLC>K6TP9$Y4&C0IHY%*Cg725je2)zp*Y$N~9MV<`o zr7%DCHr7OW*iTvEq&G4OGD47kMY|MGW!Sy>6GDWPVhcuQ_2O27rMK{E_6HxNV{jjI z%is@6-4o(2;yM1I&aiNy&tdu6tDE`0^es;qe%dfUf?a6P0}LKfwtUcqPAFh~E_BCX zT9+=UF0*#xA_JCtK_WhWC1>A0_d^tp1&}5L2o{an6i6;jYr}Te+}tx7ci(>MWgl_; zd}GpnXng%z6JSON#9No9(>qgN!&m)N+~l1WwYT~?2jYo}ZQ973qS>16l mRu;3~3PLW&?tKRTKJOPb=t?zz)gltAPyjE~ zv)`I#%{#gfToycaS1+~h7La{L0HF8_qy>1(9qR+iH@xh^F>SpdA`eS2Lt-; zjd*)S3D|a8Mz>A_6$ab-wsX6+-9y4Ytf)T)+U(5HG)fm;8cQ=(_{$$CCLb< zdRM4izAV=pk}ylF@TD;pc#I%q)8itsEa68wK1H93VuGMoga1Er=&$YrP}93K0v0LF zZ|-HT$*ntV(bNXA^8ygHM0J=yVG)3n)2R)gm98c&GRd2_tjP*Se%8Bk<`=k+X93pn z-hJyC@)|L*eQ&f#w_zDuD`QHG zT(qJ}#2B1Sx=)cYhDtq(l`IY%B<@@K_4!F(WW_11c6FlVcaNjXMVa56bNky^?YP8? z*Q2_{8+Y>!ebP_C|F~`gF2)#wW&vV` zq&7&}9RMN4Sv~aRe-kEu@E**p#iQu}`#qJl3-eqq%`gPz+&GR99yxBw_8Lmxo&>g; z(?H^L^b4f`BFCej!#N$WG(pG~0apjkc5Q;1$=LfRJu!0geZNpXpX)PtnvAv z^zq&14Y&f`Kus{NUy3E3WmIf}a|VPwW6qG;H&0N4UwPOYbce~8S4Q+rm#81UACVsc5kSnj1k1k@VtMmy!sYX`)6 z${-#yFSR*V8&=IW1NK?leW2hZ_WnqxRG3i53*Sn zlz2k49YSM6Nvm5-G#ST^z#H#@H zn0%E%Jr09QH`TtYf6HP*-<5D2VD;X@@Qat-d1OpKOfD=riy#Q*JA|k7ifm8NuZ&vq zZ0Bkk)0zU+t(8R^vCdy^jzioBNi@{}x@U^J!YVtdG|h5UZ~9@x{dsql1dQCfUBhHr z0ZiTBcym^g7V8ZYOfB$+Y6RxqPg0yQjaS}KRjAYugN3D@+qiI5J8Rk!IX)SR5`*-b zm?BB1<$XP~fdBXx%jyld`J8&TJJ?q1*i7$28XKYh#_T_IEB5yeNVyl_$4r$g&gBV0Q&!S(lv9LBdFfw3B_GK5kT zLL_o4>Ccf^JH=zwsdVKY8#%G>(NQ52fBqd>JlMUzev?T30LUm$PjBH_T3Vfac`0Pp z6*L9-or(MK0+8S3isLD{2h+-I606U+&uwRNFSCw~-lwIQ`~H`fUH*8L zd|BXAbd=l5C_XiKyOfvhHw^g@UZg=T!~>)Jsw{5YDMx9*_O54@*C?H)5Jzk%mia53 zj->MIB5&|Zw1@>EZw6iCFh4K6QTacI2(hoK1z`QRBdcW$ z1ByQ!et3!76qNPexWPpp=jP}_Y|CZ2)|@7N7s6Q(itB?KZ)@)0OrJd6?hN&Uk;JZ> zz78}s5{HcW;Qh(NFy(?xY?y`I++yHy<)dxQxgoPV401rqz*;CELG@*iuIGQ0#b?n7 zHAu(SADxW|JBY-88k^%X-m-%nF6oGWtX!7WkolFI1ouO)_6=3ygjN=r+`}&dL~9SY-LQM27C#_%Ew2)}c05i;Eg)b3Glu_9Vf_VkSG~c);eOws3AnS<~p;CO&>EE;%qpw=D-WFgDdSb#pPwql+MR}2(rMkanK8@g<#p8{Gn-d zjM3tIGvt|daya1LlJ;oqjLhNV^VqE6Ck6hM z$iZ%9SGiuwqf~LNmz-7Gmv==AZN9@Gna9cOE;7AiBUJjQsp@uE^wR&lS7Et?uG}8DQM}hCao>?~TmW5o0qGA73fjVA;~xz8>{ss)_>qZAo5k z9sUIyh?9B+QE7SfS9~)NDlHdYDej7ySjOxeUF(sKE1Q`XYpin|;l^s)x%pF&az1pX z?f`O;?Vxe<%l_9t?@lU5?#Tvflz=oK3&J(rY2O9J`sdC7#ve=pDAQxN=vlZBqL6aC zRl#kY}Ka1i`f$0{A|S-AB?ruPgp>stQW*63eS4^p+?($Gk=B<3h>-I z+7mHGZMERBt4lh37H*t{rPlV?o5ZVaGZVxf7iskldc8nic|SZ$A+1OgUsLUx1Wm4R zglhg`^5v>$1^nBPA*zT}X@d)g?P-D`ECiP9VKUU4$ycf;1BeTBarakT74t;p<6R$+ z<)@GA7-MjLd3_2eh@$`y7U8DetQeozaOmNtOM_Ni>G8wi)HY7g-f2WzlU~TKlXsoY z-M7ka&@)yyxxFC7%c93)NBRd*S6W`1(+nRoLN8xR)Y3Divt-$Je>n*WnLs*gCc=Ct zvao27{TGhDlsFpOn>OIf&7>nEB^zshe#aS1^_MIbTBrmEAmgaj^e#Xo)u%jqCZHBF z&uqf%g#+?@3Jto5zt7?G94=Pxj)K~|!-eP)A|9I=UDBSru8sZJAHE(r{mS89o1K@m+jx?M(XmXJ5F;NUwVqhOTNo| zk^#VF>(!5KEA-gsv;UZp|7=aF>wUl=gwI1$lFj>~udWRUwS3ehI68D~#KlsJQ_wKf z)h7+|jRbfg0aQY+Whpy^`NW1p)&dLNsbET60{`*znmC?rT;an1Ox=K}1=G8BnF^pc z2Tv}xrYFYp_A5CfQ_Tb>oO(+dW!E3G4??3!k{K)rQ%NJQs+L!|#0R0tKU&3)jKT&i z>Ds8u@YcWkjZm{Gg}mzG7ZQw_=2Vqmoem2x3_*=bIIbZ&s0Kk_sPF`=R!YKOvL`p~ zUwN6rk#jGe#WOZ1kDWExTB=l5ch@1)Y6$r!p%SFTvB?O6da$6v#F+!JnJzjXh*ca_)jt z;pwiDYNb^77egNz55-N^tWihvEfU8*o!By+yx8#kHXA`nvX3og7EwZu1*u_f24&mY z`F4YJQx$=-}n~>%YZzlwL-5Wp~3gt81+7~;x8U(if?_v+Z&z4R7Z=K90o#|TnIs+y7uhAO)M(>oy}&wK9#$wa-2smci=IHstIAB$%rEZRo&GmUeE> zxdFx*J2Ssqsg1ZKH0IE)yglua2&Qk5CfdKuYR$ePsK=x zbHRbmASjG1$E8LfX!Fb0(a2*pqsrbFaHMORmMN&@E@EIzBwg*_iEHi}8e9ocBCI9w zoF6{@g+Z-#s>G1*9WAT{3N_1c2CqawN{RUu=i{zj-EzM+xQ^-V*mFqCSrDI&r&4U( zr;ToqWpSQgareEH>RAeu=qfxnci%9LXRAcFhbp{->xi1KtaG@$k-sVMv+TU zRkN;1FA9a_wof~!SkF=jsZ1%KFQ_OeV-7vsgofN{qeIpDU|?K>Ac-Ign7{lJ*VTdJ zWI4!TVUX%}f0TchqE@*{Cu;x*eA**#IT|y3-aL)ETft(0Xh{W-sJV+StcKc8>bs2U z&fc|p(gK{G!|8bJO~i~5g^H?{Mt#(ku~a|XB~<>If#Bo}3xGLT>ouP9s7Ir?t+L25 z(+2I-zr7R?)^;{uUSM{nnIz6xi{@auE2Rc;Qn}*p^a`C|`khPyeV*4i!hkUz)6r)8 z^FSO@%-RSPX~h}X9aqrl6Fs|>Vg2{d*T4&9Lt4tn`HbJ7mcFoppOg)k7Jl&}>cNJX zBXRr!h_Zji~BWGFQAB5>NLLdX=$Vs6%N2 zHU!gme>{((3lR+ivhy+bJ#}5<-LjQTYNF9@0dYq5(wX^s#QPRaGdg_@!pDTjUZ`(Pc+iSb^ zPLmz?_x9L*ui`>qzAk2n;&mo4VEARzD?-BLC%6Py@7%o#48JvyPvBwQPl~kziH#&5 zPkrZ&loSN```s_Ni8pb&KOR}zH%RL=?K~62pLJ;b^H=H|{ZQ=;Lj!Hk)MC=P+vC{! z-l(khRhnH#Z9sn(E>M`Vc>_nK?Jge+2VXyyRwv5J$Ip0bq^wJHd(>aLVY6B^7VsBD zWBiVy(IBGJH#ENwP4cF_Vk*iDN3yS%e1Ojbjn&OE(K6`$v*S=%0^eJ1tk$Qhc|k>H z2Ap4f?_QHo!sqk0Xgr&3;dzac)122)U`inv(T61;S+w;x;=V8J)6}^j`V0Jje}$hG z*~jZ86vaUjwlQ!?JLh{Eet{O{ea36O%7kQu$ z5=+%wvb>P5qtOi~UDT>%Km9X_RP~DI(N1$^vQ5lv1%? zK=aX$$8cJW3WD$k`h<6ZZx)xwJy>s@6a>wrMEM=Q0jce`CPlY?SHar)p?$Rj2cak= zs2rf&_hjIQqN576nE=kfN1g70VWs19v#TwfAf0b?j{7UGq2cIay&Axbl%l}N0D-OT zX|7ODZxS5XT!IF9)@BlzlT}|pe+pqKxAyEEysvmkn1y@Kk~o_ZQg8avhrk}`uP}6y^b3BQA%S>zr+AWy9Wh6Z0<%ErmY>99T3+xq9L#YwoNtHAWzy#9bg1v9s-7^ zcqgQ=wjV)DKS#ins#pZH(T#&rwh;Or7CCgojo^kyJ-F@Egi+Ll{uXz(UiE3qSY(9( z8Igr??N&?*=&Sd{mkH%~`;tA`*-Dyz=ROU(ykWMc?PWE7^HslgArs#0`c?a>(MB`5wctM|p?wMME#|+>W6UHFHl? z2sw_MWg;aDBbTmjw#4bj4nO1J_&K08pK^eGs&8dyL_Oq?A#X8kt|B0V0&Fj(nIudis@6Ifnt zL5D`pl9ItYxSQX`8o z`~!DDO+xr)`WL;7h2Qbw9IU$J(L5f-Da|%f5jnpKmfJyry3&QJ$9WNlLu?oy`DjV| zJbe_N+#x8L&^BPA95j~OJ{1Z&y6F=-9^lG?;;OK!qM6_jcj`_nv9t^_-P6r3$n7TebV2OL~sgWH?^74Ne*XB|&$ z89XSf*`Nx%SMu%WJ@3%dY-6>jKuS8+5sTj0Oa6f&dXS4{RPHOJIYJd5-P}EJ_J@$! ze3}t9rxGpq5Xx0%m|_B6DiOuwyt-*e-C&l6;l@UF{x=(9i`_IUNCD7E8Hon-i=FBr ziTB_X{*KC&*u1A?LsUYSUPPGzEGlEaca+;Q4gICtSV?t{Qa=Lst`|}zNLY}gOm?vM z9gV9xTvQmaf$gfh<$4jLFWF$Us1^Z4_Vyfo>uF~H3=0%-J|Fnj?20C zO_}k9x7>$*Cf^^oK{gqvI{~*88l9x0A{0*RS@#^WXclid<`8T3S8h7RXn`nP&gPw5 zB@_u2L3RsBR8wHc4i$90k?3~q499$KW{5)JWCSTVs&|5r@O1IFIzB4%@k2D@(r#rW zc3-kru8Hpne82{7S$BX?pLMink*+0XV(#m@_oy0Iq_*UK>!!q50* z{C<}hTC>REBufAv z8jH_MOyv3< z)i`d(;?}(}pucg{J-~d!ezfN=$6IFd`|vZPdsi$&8G`K*sO6Ue_Zmh++EWU?1lr7k zOWB;b31AC@Y|%si^_H|Y*KA@JK-DTX?q$o@?4n-t>lg}(hyVoPsD3}@^mKla8b#!RU6DYUsj12tq8c z9d*NH$;MW4*VDyE7&QWkYD$5uE!?WIm{(2mpHVgX=>m3KElwTr$C*9(=a-KqD&Pye?4qk8%jQ*5n-7M)=2<0 zKbFwzJ1{in2<-9N(#MXe^WPAKpGve;2W)nymQ`=V{l-Iv5Kj_esj^7Xbf52L0KD~06}N7u z6~A`a|Hez3mRPz@k1O%%gS~x)KVIjEcXcJK+w~RHpnTv9Rvw!hWP^z|Gr^=w@vR$d zBbLXvN{k3_Jc*d<>OC{uz;BPZwxRGLP95I-O_%4-jH;mvI*@>5I2iQ;0}{RvDQ&pB z0-W{ZPSuXe%+VJ2Ri!Zh-2xOq4i_}Lc(o0eK5};$L$XY;s+Wm$J?EX&zoVgOj_>J= zdf~0bR*_Hg>Gz=?^muDf{ZluW4k*2riIDLy{DTEHuX+GkN{CXuxJouI6MYwEW9`9V zZD;eGv3Tm7+duP~SlihgDJSHkpnkq{LG575RJQ}*z{5q27;jdsp}tdxj{t9koP2H1 zk+J-opMiJ`!$U6JEyo~-7i5@wup-};k}2>gwtuDP^Ad9>VjlLX9F*csQ^;KB2iz&s zccArS#C?l6CuEpoQ!yZzf@AV=!Gf0yjbJmg3#A}MOygwI$dar$O?LPIm)Ideos zsp4lkq#^?{LcWGFtroRLB=IKd?wzpKh2b~9b)98$qskal>?hdB48~P2@aSS@aWqTl zho}!>jS}N%z1DAItO>YXU=S#7oNmF(o$PI|FP*!+a-Uw$_N^|ITzP>GmnSA}#YjrP zadzF^MbN!@+JB_kQ_9a7I0L$m@wMya=@{A1ZiBihwmQBYwzTT*EkrSk} z6QvbbcDK!<7Oi{wHx7EkzR#`?heDn(?ubkwzn|mb;Ef8rq3fy(0-oqapDrb##b~Mg^BIvcHeBkmQq->(Lus6Rt^J*P?X1b%MlvOG^>Z6}O|2~E zv~XW2>;k|lmT3*+ppPT+{$t7TsLUHdm{RJ%HT0bZ-N>>a*Dm{$y)pADrArqTF!m4# zn}6^Q@$UN#Ov(mgIgWS*&VB+h7qEB14Jm`KOjZyux^P0yHu!_hBrQ6DeD_c==%5d~ zHBDo~t^n>`L+*Egn{hjVQg_FJ(q|uOtyw$|XNDxoSK7OJ74|MSLES84K!{ zvHH|72KS8_h7_NZiWiWXIm@4|8S6j^M^ULknb4RIp9wvw7%ftNq!APZ>mp)3)9~Af z*R-MmznO6PVTp~e+kqIPW=NfW2(#|XaZOhTjYXNOmX`g5$Q;_o8xC2TLZ6np{LkU1 zp~{L*-o^@Q;p7HN=I*+CCJ_fl3G8OH#u<^O;3vf4zraBO*d*kPys=M(2M;e0$;5|) z4m(u|JI}xq|HUTR#`zRsF7lUo@?j^)$lD4bT+}#5c()p&<4^ADKCLQQRBcIko{HLW zM?r*7{?d`1?@vY9bt5KbpXW!UaYHZP=?6fyaB_6y|4?4ZiKEB~0TW#mxs*GUgcZi388O~mGUVGhCMcs(Ko+$&*P>dbXef0_0{ zC*eH$ELZNpE>@YGUkr_3G9C`>?R4>#?75*TARd7m?9Ic3lYqMq`W;K#L$rge#<@Q) zcS55dWoZmuqBo#@@EYd_mgkMsZOj0@Iz@|ie$>#MLbKr!)}NL1r)>WP(KmZ{c-NoE zSo+>9JJgliDcWW;(gx&W)j=OAlfv%kEi5v!`LkW2ISU6oNLOssZY!uDQgr|b&6=R{ zPJlimuV-safQP;@Zf(hyRJ-eY7$ix(%sc5mZ-5i(Qdg%ap9rm?&XLPd?G+WKt`KPA z*;xZARgjWUqzjBRJ^1%PJnOR>*0Bm~6E97;NUonV&tdiQGnAIk)AO321x~bSIi!Rd zC;Ed8S8DLSKW+fG`5RIEca|Y_!$0Rl>!@CMK7Q6OqhKCvD-0>>w zy@SF(y1jz$+7-bY{VpOA)bB#;Oq(cIX zky2mU?ch2MBh*%*Ae^N<0IGQo6m;{uFVi^dGjq_@@?%~ejJ}fsL-Ff{(HGdxb8Ek$ zh37SFQhncQ%a6nf>hpDf2K%rLS%ObwFXm4S}5Y$e|9P43eulRtMHBA zyZwc<3na$DSYiFKBUdh;7Xa1e#GNSXrh6Tb?PWK`bg|eWQWp7t7(G+f6VH&b@LXn! z4MyX?3&C8Y2p7GBR1c+YtgJ^=!P*fibW0_8<4K#fw>?qz$X}x450#kz3o1Y>Dp9%~hsH{6tt m@9`y5AZ|!$`WsRjf+wQ)I%1A!CC{z9#LlsN>U{P3GI7z<`%Fjx diff --git a/tests/transport/test__custom_tls_signer.py b/tests/transport/test__custom_tls_signer.py index d2907bad2..37e1d6e58 100644 --- a/tests/transport/test__custom_tls_signer.py +++ b/tests/transport/test__custom_tls_signer.py @@ -195,6 +195,7 @@ def test_custom_tls_signer(): get_cert.assert_called_once() get_sign_callback.assert_called_once() offload_lib.ConfigureSslContext.assert_called_once() + assert signer_object.should_use_provider() == False assert signer_object._enterprise_cert_file_path == ENTERPRISE_CERT_FILE assert signer_object._offload_lib == offload_lib assert signer_object._signer_lib == signer_lib @@ -216,6 +217,7 @@ def test_custom_tls_signer_provider(): signer_object.load_libraries() signer_object.attach_to_ssl_context(mock.MagicMock()) + assert signer_object.should_use_provider() assert signer_object._enterprise_cert_file_path == ENTERPRISE_CERT_FILE_PROVIDER assert signer_object._provider_lib == provider_lib load_provider_lib.assert_called_with("/path/to/provider/lib") diff --git a/tests/transport/test_requests.py b/tests/transport/test_requests.py index aadc1ddbf..0da3e36d9 100644 --- a/tests/transport/test_requests.py +++ b/tests/transport/test_requests.py @@ -568,3 +568,38 @@ def test_success( adapter.proxy_manager_for() mock_proxy_manager_for.assert_called_with(ssl_context=adapter._ctx_proxymanager) + + @mock.patch.object(requests.adapters.HTTPAdapter, "init_poolmanager") + @mock.patch.object(requests.adapters.HTTPAdapter, "proxy_manager_for") + @mock.patch.object( + google.auth.transport._custom_tls_signer.CustomTlsSigner, "should_use_provider" + ) + @mock.patch.object( + google.auth.transport._custom_tls_signer.CustomTlsSigner, "load_libraries" + ) + @mock.patch.object( + google.auth.transport._custom_tls_signer.CustomTlsSigner, + "attach_to_ssl_context", + ) + def test_success_should_use_provider( + self, + mock_attach_to_ssl_context, + mock_load_libraries, + mock_should_use_provider, + mock_proxy_manager_for, + mock_init_poolmanager, + ): + enterprise_cert_file_path = "/path/to/enterprise/cert/json" + adapter = google.auth.transport.requests._MutualTlsOffloadAdapter( + enterprise_cert_file_path + ) + + mock_should_use_provider.side_effect = True + mock_load_libraries.assert_called_once() + assert mock_attach_to_ssl_context.call_count == 2 + + adapter.init_poolmanager() + mock_init_poolmanager.assert_called_with(ssl_context=adapter._ctx_poolmanager) + + adapter.proxy_manager_for() + mock_proxy_manager_for.assert_called_with(ssl_context=adapter._ctx_proxymanager) From 0cf8ea6b5b745b46d2e50535410a697d7ab61990 Mon Sep 17 00:00:00 2001 From: Carl Lundin Date: Tue, 21 May 2024 08:02:15 -0700 Subject: [PATCH 2/2] Fix linter. --- tests/transport/test__custom_tls_signer.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/transport/test__custom_tls_signer.py b/tests/transport/test__custom_tls_signer.py index 37e1d6e58..3a33c2c02 100644 --- a/tests/transport/test__custom_tls_signer.py +++ b/tests/transport/test__custom_tls_signer.py @@ -195,7 +195,7 @@ def test_custom_tls_signer(): get_cert.assert_called_once() get_sign_callback.assert_called_once() offload_lib.ConfigureSslContext.assert_called_once() - assert signer_object.should_use_provider() == False + assert not signer_object.should_use_provider() assert signer_object._enterprise_cert_file_path == ENTERPRISE_CERT_FILE assert signer_object._offload_lib == offload_lib assert signer_object._signer_lib == signer_lib