Merge pull request #51 from liujin-google/master

Support X509 pem cert and signature verification using PyCrypto.

oauth2client/crypt.py

@@ -139,6 +139,7 @@ try:
   from Crypto.PublicKey import RSA
   from Crypto.Hash import SHA256
   from Crypto.Signature import PKCS1_v1_5
+  from Crypto.Util.asn1 import DerSequence
 
 
   class PyCryptoVerifier(object):
@@ -180,14 +181,15 @@ try:
 
       Returns:
         Verifier instance.
-
-      Raises:
-        NotImplementedError if is_x509_cert is true.
       """
       if is_x509_cert:
-        raise NotImplementedError(
-            'X509 certs are not supported by the PyCrypto library. '
-            'Try using PyOpenSSL if native code is an option.')
+        pemLines = key_pem.replace(' ', '').split()
+        certDer = _urlsafe_b64decode(''.join(pemLines[1:-1]))
+        certSeq = DerSequence()
+        certSeq.decode(certDer)
+        tbsSeq = DerSequence()
+        tbsSeq.decode(certSeq[0])
+        pubkey = RSA.importKey(tbsSeq[6])
       else:
         pubkey = RSA.importKey(key_pem)
       return PyCryptoVerifier(pubkey)

tests/test_jwt.py

@@ -189,7 +189,7 @@ class PEMCryptTestsPyCrypto(CryptTests):
   def setUp(self):
     self.format = 'pem'
     self.signer = crypt.PyCryptoSigner
-    self.verifier = crypt.OpenSSLVerifier
+    self.verifier = crypt.PyCryptoVerifier
 
 
 class PEMCryptTestsOpenSSL(CryptTests):