From 91ec21d21e1072ea12a2e904c56224fcfa959612 Mon Sep 17 00:00:00 2001
From: Nicholas Jones <nj762h@att.com>
Date: Tue, 18 Apr 2017 10:32:31 -0500
Subject: [PATCH] Replace pycrypto with cryptography in translations
pycrypto is no longer maintained [1]. This patch rewrites functions
using pycrypto and replaces them with the cryptography equivalent
[1] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113568
Change-Id: Iff2ddccf0ff588599576a476fa3bace4715e2ea8
---
barbican/plugin/util/translations.py | 47 ++++++++++++++++++++++------
barbican/tests/keys.py | 6 ++--
2 files changed, 42 insertions(+), 11 deletions(-)
diff --git a/barbican/plugin/util/translations.py b/barbican/plugin/util/translations.py
index 35118d149..cf97f2643 100644
--- a/barbican/plugin/util/translations.py
+++ b/barbican/plugin/util/translations.py
@@ -11,7 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-from Crypto.PublicKey import RSA
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization
from OpenSSL import crypto
from oslo_serialization import base64
import six
@@ -137,26 +138,54 @@ def convert_der_to_pem(der, secret_type):
def _convert_private_pem_to_der(pem):
- private_key = RSA.importKey(pem)
- der = private_key.exportKey('DER', pkcs=8)
+ private_key = serialization.load_pem_private_key(
+ pem,
+ password=None,
+ backend=default_backend()
+ )
+ der = private_key.private_bytes(
+ encoding=serialization.Encoding.DER,
+ format=serialization.PrivateFormat.PKCS8,
+ encryption_algorithm=serialization.NoEncryption()
+ )
return der
def _convert_private_der_to_pem(der):
- private_key = RSA.importKey(der)
- pem = private_key.exportKey('PEM', pkcs=8)
+ private_key = serialization.load_der_private_key(
+ der,
+ password=None,
+ backend=default_backend()
+ )
+ pem = private_key.private_bytes(
+ encoding=serialization.Encoding.PEM,
+ format=serialization.PrivateFormat.PKCS8,
+ encryption_algorithm=serialization.NoEncryption()
+ )
return pem
def _convert_public_pem_to_der(pem):
- pubkey = RSA.importKey(pem)
- der = pubkey.exportKey('DER')
+ public_key = serialization.load_pem_public_key(
+ pem,
+ backend=default_backend()
+ )
+ der = public_key.public_bytes(
+ encoding=serialization.Encoding.DER,
+ format=serialization.PublicFormat.SubjectPublicKeyInfo
+ )
return der
def _convert_public_der_to_pem(der):
- pubkey = RSA.importKey(der)
- pem = pubkey.exportKey('PEM')
+ public_key = serialization.load_der_public_key(
+ der,
+ backend=default_backend()
+ )
+ pem = public_key.public_bytes(
+ encoding=serialization.Encoding.PEM,
+ format=serialization.PublicFormat.SubjectPublicKeyInfo
+ )
return pem
diff --git a/barbican/tests/keys.py b/barbican/tests/keys.py
index 43d1337f6..a461a5b07 100644
--- a/barbican/tests/keys.py
+++ b/barbican/tests/keys.py
@@ -53,7 +53,8 @@ jIeFW9U1C6OcOGvm40Lr3UKzMa5Yrtq6MW4ri7uSCwKBgQDfdqVjT4uXmGwOh1z4
Pzv6GCoc+6GobXg4DvvCUjP9MR+2+5sX0AY/f+aVCD05/Nj0RqpAwUc03zZU5ZtL
2uNe6XDjEugfFtlzea6+rbD6KpFS+nxPJA8YyWYRpNhpRWGWQakHedr3BtMtGs0h
pKNAQG72HKWtSfJQMXvn2RlicA==
------END PRIVATE KEY-----"""
+-----END PRIVATE KEY-----
+"""
def get_private_key_der():
@@ -174,7 +175,8 @@ udQQn4RlVt+cOdjmP9t8eTHjuMr8eZsj3HJ8TFUONirg68yqowZUo5gZ3KRmMdCY
Ak/rMhZh7JfKzpKgjzxS6NuGEJ/uP6a9QGMGmQGzE5fc6C7REI+rMUnLh3EvXvJ4
qbQ8ZbGy0IKhlWhnRNde7LQveUB+1LyE27mM3Y2cARXNUoM/Bmf9oS0rB7oyYiEH
LwIDAQAB
------END PUBLIC KEY-----"""
+-----END PUBLIC KEY-----
+"""
def get_public_key_der():