Recently released cryptography 43.0.0 (https://cryptography.io/en/latest/changelog/#v43-0-0)
cryptography 43.0.0
Added Certificate public_key_algorithm_oid and Certificate Signing Request public_key_algorithm_oid to determine the PublicKeyAlgorithmOID Object Identifier of the public key found inside the certificate.
https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Certificate.public_key_algorithm_oid
This caught by pylint:
************* Module ipalib.x509 ipalib/x509.py:453: [E0110(abstract-class-instantiated), load_pem_x509_certificate] Abstract class 'IPACertificate' with abstract methods instantiated) ipalib/x509.py:465: [E0110(abstract-class-instantiated), load_der_x509_certificate] Abstract class 'IPACertificate' with abstract methods instantiated)
and by unit tests, for example:
______________________ test_x509.test_1_load_base64_cert _______________________ self = <ipatests.test_ipalib.test_x509.test_x509 object at 0x7faee8551520> def test_1_load_base64_cert(self): """ Test loading a base64-encoded certificate. """ # Load a good cert > x509.load_pem_x509_certificate(goodcert_headers) test_ipalib/test_x509.py:205: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ data = b'-----BEGIN CERTIFICATE-----\nMIICAjCCAWugAwIBAgICBEUwDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGU...h6m7TCp0eDgRpo77zNuvd3U4Qpm0Qk+KEjtHQDjNNG6N4ZnCQPmjFPScElvc/GgW7XMbywJy2euF+3/Uip8cnPgSH4=\n-----END CERTIFICATE-----' def load_pem_x509_certificate(data): """ Load an X.509 certificate in PEM format. :returns: a ``IPACertificate`` object. :raises: ``ValueError`` if unable to load the certificate. """ > return IPACertificate( crypto_x509.load_pem_x509_certificate(data, backend=default_backend()) ) E TypeError: Can't instantiate abstract class IPACertificate without an implementation for abstract method 'public_key_algorithm_oid' ../ipalib/x509.py:453: TypeError
Moved TripleDES and ARC4 into Decrepit cryptography and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0.
causes:
/usr/lib64/python3/site-packages/ipalib/constants.py:380: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
(actually there is other usage of TripleDES in IPA code)
TripleDES
Metadata Update from @ftrivino: - Issue assigned to ftrivino
this was also caught by openQA testing a rawhide update including cryptography 43.0.0.
Submitted https://github.com/freeipa/freeipa/pull/7469
I am still on vacation this week so if somebody can take over this and Fedora updates, would be great.
master:
ipa-4-12:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
public_key_algorithm_oid
property
Certificate
()
load_pem_x509_certificate(cert).public_key_algorithm_oid ... load_pem_x509_certificate(cert).public_key_algorithm_oid File "/usr/src/RPM/BUILD/freeipa-4.11.2/ipalib/x509.py", line 304, in public_key_algorithm_oid return self._cert.public_key_algorithm_oid() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: 'cryptography.hazmat.bindings._rust.ObjectIdentifier' object is not callable
See for details: https://github.com/pyca/cryptography/blob/817a1f451508ec8306242ec81a1fba7c75e3e5f1/src/cryptography/x509/base.py#L190-L192 https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Certificate.public_key_algorithm_oid
Metadata Update from @ftrivino: - Assignee reset
Metadata Update from @rcritten: - Custom field affects_doc adjusted to on - Custom field knownissue adjusted to on - Issue status updated to: Open (was: Closed)
I'll fix up the public_key_algorithm_oid property. I totally missed that and during verification only confirmed that the property was there but didn't call it.
I'll see what I can do about suppressing the TripleDES error. I don't think it will be a problem.
PR https://github.com/freeipa/freeipa/pull/7476
@slev this should fix things up for you.
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-54304
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @rcritten: - Custom field changelog adjusted to Added support for python-cryptography up to 43.0.0
Log in to comment on this ticket.