From 16811815b63870c21822da0c964490889bd67f26 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Mon, 18 Mar 2024 22:25:16 +0900
Subject: [PATCH] Replace pyOpenSSL by cryptography

The crypto module of the pyOpenSSL library is now discouraged and
the cryptography library should be used to manage certificates and
keys[1].

[1] https://www.pyopenssl.org/en/latest/api/crypto.html

Change-Id: I004e97dfe6444d0278013901005f104461bd8d1a
---
 barbican/plugin/util/translations.py | 10 +++++-----
 requirements.txt                     |  1 -
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/barbican/plugin/util/translations.py b/barbican/plugin/util/translations.py
index 880694e2d..35ae95d87 100644
--- a/barbican/plugin/util/translations.py
+++ b/barbican/plugin/util/translations.py
@@ -13,7 +13,7 @@
 
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
-from OpenSSL import crypto
+from cryptography import x509
 from oslo_serialization import base64
 
 from barbican import i18n as u  # noqa
@@ -188,12 +188,12 @@ def _convert_public_der_to_pem(der):
 
 
 def _convert_certificate_pem_to_der(pem):
-    cert = crypto.load_certificate(crypto.FILETYPE_PEM, pem)
-    der = crypto.dump_certificate(crypto.FILETYPE_ASN1, cert)
+    cert = x509.load_pem_x509_certificate(pem)
+    der = cert.public_bytes(serialization.Encoding.DER)
     return der
 
 
 def _convert_certificate_der_to_pem(der):
-    cert = crypto.load_certificate(crypto.FILETYPE_ASN1, der)
-    pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
+    cert = x509.load_der_x509_certificate(der)
+    pem = cert.public_bytes(serialization.Encoding.PEM)
     return pem
diff --git a/requirements.txt b/requirements.txt
index a4213186e..47012c680 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,7 +20,6 @@ Paste>=2.0.2 # MIT
 PasteDeploy>=1.5.0 # MIT
 pbr!=2.1.0,>=2.0.0 # Apache-2.0
 pecan!=1.0.2,!=1.0.3,!=1.0.4,!=1.2,>=1.0.0 # BSD
-pyOpenSSL>=17.1.0 # Apache-2.0
 ldap3>=1.0.2 # LGPLv3
 keystonemiddleware>=9.5.0 # Apache-2.0
 SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT