From f23bd5de23c5d5a90723dcb5ff8c5fbba4dfe988 Mon Sep 17 00:00:00 2001
From: Jon Wayne Parrott <jonwayne@google.com>
Date: Wed, 15 Feb 2017 16:46:25 -0800
Subject: [PATCH] Add public property google.auth.credentials.Signing.signer

---
 google/auth/app_engine.py            | 8 +++++++-
 google/auth/credentials.py           | 7 +++++++
 google/auth/jwt.py                   | 5 +++++
 google/oauth2/service_account.py     | 5 +++++
 tests/oauth2/test_service_account.py | 3 +++
 tests/test_app_engine.py             | 4 ++++
 tests/test_jwt.py                    | 3 +++
 7 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/google/auth/app_engine.py b/google/auth/app_engine.py
index 8b17e76ce..e6e84d26a 100644
--- a/google/auth/app_engine.py
+++ b/google/auth/app_engine.py
@@ -123,6 +123,7 @@ def __init__(self, scopes=None, service_account_id=None):
         super(Credentials, self).__init__()
         self._scopes = scopes
         self._service_account_id = service_account_id
+        self._signer = Signer()
 
     @_helpers.copy_docstring(credentials.Credentials)
     def refresh(self, request):
@@ -156,9 +157,14 @@ def with_scopes(self, scopes):
 
     @_helpers.copy_docstring(credentials.Signing)
     def sign_bytes(self, message):
-        return Signer().sign(message)
+        return self._signer.sign(message)
 
     @property
     @_helpers.copy_docstring(credentials.Signing)
     def signer_email(self):
         return self.service_account_email
+
+    @property
+    @_helpers.copy_docstring(credentials.Signing)
+    def signer(self):
+        return self._signer
diff --git a/google/auth/credentials.py b/google/auth/credentials.py
index 360dc0e93..2358b1d93 100644
--- a/google/auth/credentials.py
+++ b/google/auth/credentials.py
@@ -236,3 +236,10 @@ def signer_email(self):
         # pylint: disable=missing-raises-doc
         # (pylint doesn't recognize that this is abstract)
         raise NotImplementedError('Signer email must be implemented.')
+
+    @abc.abstractproperty
+    def signer(self):
+        """google.auth.crypt.Signer: The signer used to sign bytes."""
+        # pylint: disable=missing-raises-doc
+        # (pylint doesn't recognize that this is abstract)
+        raise NotImplementedError('Signer must be implemented.')
diff --git a/google/auth/jwt.py b/google/auth/jwt.py
index dfaf2e684..418be6ba8 100644
--- a/google/auth/jwt.py
+++ b/google/auth/jwt.py
@@ -468,6 +468,11 @@ def sign_bytes(self, message):
     def signer_email(self):
         return self._issuer
 
+    @property
+    @_helpers.copy_docstring(credentials.Signing)
+    def signer(self):
+        return self._signer
+
     def before_request(self, request, method, url, headers):
         """Performs credential-specific before request logic.
 
diff --git a/google/oauth2/service_account.py b/google/oauth2/service_account.py
index 48b537de1..b71b8acc8 100644
--- a/google/oauth2/service_account.py
+++ b/google/oauth2/service_account.py
@@ -318,6 +318,11 @@ def refresh(self, request):
     def sign_bytes(self, message):
         return self._signer.sign(message)
 
+    @property
+    @_helpers.copy_docstring(credentials.Signing)
+    def signer(self):
+        return self._signer
+
     @property
     @_helpers.copy_docstring(credentials.Signing)
     def signer_email(self):
diff --git a/tests/oauth2/test_service_account.py b/tests/oauth2/test_service_account.py
index e6ce63133..f40ebf224 100644
--- a/tests/oauth2/test_service_account.py
+++ b/tests/oauth2/test_service_account.py
@@ -134,6 +134,9 @@ def test_sign_bytes(self):
         signature = self.credentials.sign_bytes(to_sign)
         assert crypt.verify_signature(to_sign, signature, PUBLIC_CERT_BYTES)
 
+    def test_signer(self):
+        assert isinstance(self.credentials.signer, crypt.Signer)
+
     def test_signer_email(self):
         assert self.credentials.signer_email == self.SERVICE_ACCOUNT_EMAIL
 
diff --git a/tests/test_app_engine.py b/tests/test_app_engine.py
index dd410d9d2..af60bcfdb 100644
--- a/tests/test_app_engine.py
+++ b/tests/test_app_engine.py
@@ -139,6 +139,10 @@ def test_sign_bytes(self, app_identity_mock):
         assert signature == mock.sentinel.signature
         app_identity_mock.sign_blob.assert_called_with(to_sign)
 
+    def test_signer(self, app_identity_mock):
+        credentials = app_engine.Credentials()
+        assert isinstance(credentials.signer, app_engine.Signer)
+
     def test_signer_email(self, app_identity_mock):
         credentials = app_engine.Credentials()
         assert credentials.signer_email == credentials.service_account_email
diff --git a/tests/test_jwt.py b/tests/test_jwt.py
index 3959260e2..e4a9a0a28 100644
--- a/tests/test_jwt.py
+++ b/tests/test_jwt.py
@@ -264,6 +264,9 @@ def test_sign_bytes(self):
         signature = self.credentials.sign_bytes(to_sign)
         assert crypt.verify_signature(to_sign, signature, PUBLIC_CERT_BYTES)
 
+    def test_signer(self):
+        assert isinstance(self.credentials.signer, crypt.Signer)
+
     def test_signer_email(self):
         assert (self.credentials.signer_email ==
                 SERVICE_ACCOUNT_INFO['client_email'])