#9597 Remove use of deprecated functions in custodia
Closed: fixed 8 months ago by rcritten. Opened 8 months ago by abbra.

jwcrypto library changed its JWK object interface to behave like a dictionary in 2020. Old property wrappers are deprecated. Replace their usage with a proper dictionary lookup.

# /usr/libexec/ipa/ipa-custodia-check `hostname`
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: Platform: Linux-6.7.7-200.fc39.x86_64-x86_64-with-glibc2.38
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: IPA version: 4.12.0.dev202403201320+git
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: IPA vendor version: 4.12.0.dev202403201320+git-0.fc39
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: Realm: IPA1.TEST
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: Host: master1.ipa1.test
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: Remote server: master1.ipa1.test
[2024-05-22T10:36:35 ipa-custodia-tester] <WARNING>: Performing self-test only.
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: File '/etc/ipa/default.conf' exists.
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: File '/etc/krb5.keytab' exists.
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: File '/etc/ipa/custodia/custodia.conf' exists.
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: File '/etc/ipa/custodia/server.keys' exists.
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: Custodia client created.
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: Loaded key for usage 'sig' from '/etc/ipa/custodia/server.keys'.
/usr/libexec/ipa/ipa-custodia-check:195: DeprecationWarning: Call to deprecated function (or staticmethod) key_id.
  if pkey.key_id != self.host_spn:
[2024-05-22T10:36:35 ipa-custodia-tester] <INFO>: JWK KID matches host's service principal name 'host/master1.ipa1.test@IPA1.TEST'.
[2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Checked host LDAP keys 'host/master1.ipa1.test@IPA1.TEST' for usage sig.
[2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Local key for usage 'sig' matches key in LDAP.
[2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Checked server LDAP keys 'host/master1.ipa1.test@IPA1.TEST' for usage sig.
[2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Loaded key for usage 'enc' from '/etc/ipa/custodia/server.keys'.
[2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: JWK KID matches host's service principal name 'host/master1.ipa1.test@IPA1.TEST'.
[2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Checked host LDAP keys 'host/master1.ipa1.test@IPA1.TEST' for usage enc.
[2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Local key for usage 'enc' matches key in LDAP.
[2024-05-22T10:36:36 ipa-custodia-tester] <INFO>: Checked server LDAP keys 'host/master1.ipa1.test@IPA1.TEST' for usage enc.
/usr/lib/python3.12/site-packages/ipaserver/custodia/message/kem.py:227: DeprecationWarning: Call to deprecated function (or staticmethod) key_id.
  header = {'kid': key.key_id, 'alg': alg}
/usr/lib/python3.12/site-packages/ipaserver/custodia/message/kem.py:238: DeprecationWarning: Call to deprecated function (or staticmethod) key_id.
  eprot = {'kid': enc_key.key_id, 'alg': enc[0], 'enc': enc[1]}
[2024-05-22T10:36:37 ipa-custodia-tester] <INFO>: Successfully retrieved 'dm/DMHash'.
[2024-05-22T10:36:37 ipa-custodia-tester] <INFO>: Successfully retrieved 'ra/ipaCert'.
[2024-05-22T10:36:39 ipa-custodia-tester] <INFO>: Successfully retrieved 'ca/auditSigningCert cert-pki-ca'.
[2024-05-22T10:36:41 ipa-custodia-tester] <INFO>: Successfully retrieved 'ca_wrapped/auditSigningCert cert-pki-ca'.
[2024-05-22T10:36:42 ipa-custodia-tester] <INFO>: Successfully retrieved 'ca_wrapped/auditSigningCert cert-pki-ca/1.2.840.113549.3.7'.
[2024-05-22T10:36:43 ipa-custodia-tester] <INFO>: Successfully retrieved 'ca/caSigningCert cert-pki-ca'.
[2024-05-22T10:36:44 ipa-custodia-tester] <INFO>: Successfully retrieved 'ca/ocspSigningCert cert-pki-ca'.
[2024-05-22T10:36:46 ipa-custodia-tester] <INFO>: Successfully retrieved 'ca/subsystemCert cert-pki-ca'.
All tests have passed successfully.

master:

  • 5368120 custodia: do not use deprecated jwcrypto wrappers

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

8 months ago

Log in to comment on this ticket.

Metadata