From f5db9801c23bde15d162a67d4fd6621e5bd09719 Mon Sep 17 00:00:00 2001 From: Hiromu Asahina Date: Fri, 17 Mar 2023 23:16:04 +0900 Subject: [PATCH] Remove Dependency on Cryptography >=36.0.0 The mTLS OAuth2.0 in Keystone uses a parameter that is only availble on cryptography 36.0.0 or later. Users may have to upgrade cryptography which is already installed, which can be unreasonably hassle. This patch introduces an alternative for that parameter. [1] https://cryptography.io/en/latest/changelog/#v36-0-0 Closes-bug: 2009600 Change-Id: Idffe269b62797bb2935429f4069e878a177db04f --- keystone/common/utils.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/keystone/common/utils.py b/keystone/common/utils.py index 792c179511..3f8088f279 100644 --- a/keystone/common/utils.py +++ b/keystone/common/utils.py @@ -479,8 +479,9 @@ def get_certificate_subject_dn(cert_pem): try: cert = x509.load_pem_x509_certificate(cert_pem.encode('utf-8')) for item in cert.subject: - name, value = item.rfc4514_string( - attr_name_overrides=ATTR_NAME_OVERRIDES).split('=') + name, value = item.rfc4514_string().split('=') + if item.oid in ATTR_NAME_OVERRIDES: + name = ATTR_NAME_OVERRIDES[item.oid] dn_dict[name] = value except Exception as error: LOG.exception(error) @@ -501,8 +502,9 @@ def get_certificate_issuer_dn(cert_pem): try: cert = x509.load_pem_x509_certificate(cert_pem.encode('utf-8')) for item in cert.issuer: - name, value = item.rfc4514_string( - attr_name_overrides=ATTR_NAME_OVERRIDES).split('=') + name, value = item.rfc4514_string().split('=') + if item.oid in ATTR_NAME_OVERRIDES: + name = ATTR_NAME_OVERRIDES[item.oid] dn_dict[name] = value except Exception as error: LOG.exception(error)