From c94e07fbac6c85e64b5ca1fae6d6bd0ac3250a16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <40151420+ldericher@users.noreply.github.com> Date: Tue, 5 Apr 2022 00:42:55 +0000 Subject: [PATCH] EasyRSA: pyopenssl -> cryptography --- api/kiwi_vpn_api/easyrsa.py | 23 +++++++++-------------- api/poetry.lock | 21 +-------------------- api/pyproject.toml | 2 +- 3 files changed, 11 insertions(+), 35 deletions(-) diff --git a/api/kiwi_vpn_api/easyrsa.py b/api/kiwi_vpn_api/easyrsa.py index 967fb64..4c082dd 100644 --- a/api/kiwi_vpn_api/easyrsa.py +++ b/api/kiwi_vpn_api/easyrsa.py @@ -5,11 +5,10 @@ Python interface to EasyRSA CA. from __future__ import annotations import subprocess -from datetime import datetime from enum import Enum, auto from pathlib import Path -from OpenSSL import crypto +from cryptography import x509 from passlib import pwd from pydantic import BaseModel @@ -196,7 +195,7 @@ class EasyRSA: cert_filename: Path, *easyrsa_cmd: str, **easyrsa_env: str, - ) -> crypto.X509: + ) -> x509.Certificate: """ Create an X.509 certificate """ @@ -231,8 +230,8 @@ class EasyRSA: with open( self.output_directory.joinpath(cert_filename), "rb" ) as cert_file: - return crypto.load_certificate( - crypto.FILETYPE_PEM, cert_file.read() + return x509.load_pem_x509_certificate( + cert_file.read() ) def init_pki(self) -> None: @@ -242,7 +241,7 @@ class EasyRSA: self.__easyrsa("init-pki") - def build_ca(self) -> crypto.X509: + def build_ca(self) -> x509.Certificate: """ Build the CA certificate """ @@ -263,7 +262,7 @@ class EasyRSA: self, cert_type: CertificateType = CertificateType.client, dn: DistinguishedName | None = None, - ) -> crypto.X509 | None: + ) -> x509.Certificate | None: """ Issue a client or server certificate """ @@ -308,12 +307,8 @@ if __name__ == "__main__": client = easy_rsa.issue(dn=dn) - date_format, encoding = "%Y%m%d%H%M%SZ", "ascii" - for cert in (ca, server, client): if cert is not None: - print(cert.get_subject().CN) - print(cert.get_signature_algorithm().decode(encoding)) - - assert (na := cert.get_notAfter()) is not None - print(datetime.strptime(na.decode(encoding), date_format)) + print(cert.subject) + print(cert.signature_hash_algorithm) + print(cert.not_valid_after) diff --git a/api/poetry.lock b/api/poetry.lock index f441c4f..52536fe 100644 --- a/api/poetry.lock +++ b/api/poetry.lock @@ -292,21 +292,6 @@ typing-extensions = ">=3.7.4.3" dotenv = ["python-dotenv (>=0.10.4)"] email = ["email-validator (>=1.0.3)"] -[[package]] -name = "pyopenssl" -version = "22.0.0" -description = "Python wrapper module around the OpenSSL library" -category = "main" -optional = false -python-versions = ">=3.6" - -[package.dependencies] -cryptography = ">=35.0" - -[package.extras] -docs = ["sphinx", "sphinx-rtd-theme"] -test = ["flaky", "pretend", "pytest (>=3.0.1)"] - [[package]] name = "pyparsing" version = "3.0.7" @@ -501,7 +486,7 @@ standard = ["websockets (>=10.0)", "httptools (>=0.4.0)", "watchgod (>=0.6)", "p [metadata] lock-version = "1.1" python-versions = "^3.10" -content-hash = "ec07664a3624e6204beb2371bccc164ca1029f6e80663a9bd5946f4eaea04ca1" +content-hash = "36a56b6982734607590597302276605f8977119869934f35116e72377905b6b5" [metadata.files] anyio = [ @@ -790,10 +775,6 @@ pydantic = [ {file = "pydantic-1.9.0-py3-none-any.whl", hash = "sha256:085ca1de245782e9b46cefcf99deecc67d418737a1fd3f6a4f511344b613a5b3"}, {file = "pydantic-1.9.0.tar.gz", hash = "sha256:742645059757a56ecd886faf4ed2441b9c0cd406079c2b4bee51bcc3fbcd510a"}, ] -pyopenssl = [ - {file = "pyOpenSSL-22.0.0-py2.py3-none-any.whl", hash = "sha256:ea252b38c87425b64116f808355e8da644ef9b07e429398bfece610f893ee2e0"}, - {file = "pyOpenSSL-22.0.0.tar.gz", hash = "sha256:660b1b1425aac4a1bea1d94168a85d99f0b3144c869dd4390d27629d0087f1bf"}, -] pyparsing = [ {file = "pyparsing-3.0.7-py3-none-any.whl", hash = "sha256:a6c06a88f252e6c322f65faf8f418b16213b51bdfaece0524c1c1bc30c63c484"}, {file = "pyparsing-3.0.7.tar.gz", hash = "sha256:18ee9022775d270c55187733956460083db60b37d0d0fb357445f3094eed3eea"}, diff --git a/api/pyproject.toml b/api/pyproject.toml index 4967d16..d500a97 100644 --- a/api/pyproject.toml +++ b/api/pyproject.toml @@ -9,11 +9,11 @@ python = "^3.10" fastapi = "^0.75.0" passlib = {extras = ["argon2", "bcrypt"], version = "^1.7.4"} -pyOpenSSL = "^22.0.0" python-jose = {extras = ["cryptography"], version = "^3.3.0"} python-multipart = "^0.0.5" sqlmodel = "^0.0.6" uvicorn = "^0.17.6" +cryptography = "^36.0.2" [tool.poetry.dev-dependencies] pytest = "^7.1.0"