Replace pyOpenSSL by cryptography

The crypto module of the pyOpenSSL library is now discouraged and
the cryptography library should be used to manage certificates and
keys[1].

[1] https://www.pyopenssl.org/en/latest/api/crypto.html

Change-Id: I004e97dfe6444d0278013901005f104461bd8d1a
This commit is contained in:
Takashi Kajinami 2024-03-18 22:25:16 +09:00
parent ebc729b0a7
commit 16811815b6
2 changed files with 5 additions and 6 deletions

View File

@ -13,7 +13,7 @@
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from OpenSSL import crypto
from cryptography import x509
from oslo_serialization import base64
from barbican import i18n as u # noqa
@ -188,12 +188,12 @@ def _convert_public_der_to_pem(der):
def _convert_certificate_pem_to_der(pem):
cert = crypto.load_certificate(crypto.FILETYPE_PEM, pem)
der = crypto.dump_certificate(crypto.FILETYPE_ASN1, cert)
cert = x509.load_pem_x509_certificate(pem)
der = cert.public_bytes(serialization.Encoding.DER)
return der
def _convert_certificate_der_to_pem(der):
cert = crypto.load_certificate(crypto.FILETYPE_ASN1, der)
pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
cert = x509.load_der_x509_certificate(der)
pem = cert.public_bytes(serialization.Encoding.PEM)
return pem

View File

@ -20,7 +20,6 @@ Paste>=2.0.2 # MIT
PasteDeploy>=1.5.0 # MIT
pbr!=2.1.0,>=2.0.0 # Apache-2.0
pecan!=1.0.2,!=1.0.3,!=1.0.4,!=1.2,>=1.0.0 # BSD
pyOpenSSL>=17.1.0 # Apache-2.0
ldap3>=1.0.2 # LGPLv3
keystonemiddleware>=9.5.0 # Apache-2.0
SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT