From 931a61aac547cb4847d97acdc1b0dc073992328d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Sep 2024 00:26:51 +0000 Subject: [PATCH 1/2] chore(deps): Bump cryptography from 42.0.8 to 43.0.1 Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.8 to 43.0.1. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/42.0.8...43.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- requirements.in | 2 +- requirements.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 434f4e83..2f39f580 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -40,7 +40,7 @@ colorama==0.4.6 # via tox coverage==7.6.1 # via -r requirements-dev.in -cryptography==42.0.8 +cryptography==43.0.1 # via # -c requirements.txt # secretstorage diff --git a/requirements.in b/requirements.in index c4d2cfa6..664524fd 100644 --- a/requirements.in +++ b/requirements.in @@ -6,7 +6,7 @@ # git+https://github.com/example/example.git@example-vcs-ref#egg=example-pkg[foo,bar]==1.42.3 backports-zoneinfo==0.2.1 ; python_version < "3.9" # Used by `djangorestframework`. -cryptography==42.0.8 +cryptography==43.0.1 defusedxml==0.7.1 django-filter>=24.2 Django>=2.2.24 diff --git a/requirements.txt b/requirements.txt index a39604f7..ecc55476 100644 --- a/requirements.txt +++ b/requirements.txt @@ -21,7 +21,7 @@ certifi==2024.7.4 # via signxml cffi==1.16.0 # via cryptography -cryptography==42.0.8 +cryptography==43.0.1 # via # -r requirements.in # pyopenssl From 2ab23f6deff425b0fcdaac83d82e03a540378548 Mon Sep 17 00:00:00 2001 From: svillegas-cdd Date: Tue, 24 Sep 2024 15:24:56 -0300 Subject: [PATCH 2/2] chore: load key and certificated from `pkcs12` - `cryptography` has deprecated the function `load_key_and_certificates_from_pkcs12` so, the certificated should load from `primitives.serialization.pkcs12` --- src/cl_sii/rut/crypto_utils.py | 4 +++- src/tests/test_libs_crypto_utils.py | 5 +++-- src/tests/test_rut_crypto_utils.py | 14 +++++++------- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/src/cl_sii/rut/crypto_utils.py b/src/cl_sii/rut/crypto_utils.py index d9a05069..d8f03c8a 100644 --- a/src/cl_sii/rut/crypto_utils.py +++ b/src/cl_sii/rut/crypto_utils.py @@ -4,6 +4,7 @@ import cryptography import cryptography.x509 from cryptography.hazmat.backends.openssl import backend as crypto_x509_backend +from cryptography.hazmat.primitives.serialization import pkcs12 from . import Rut, constants @@ -21,9 +22,10 @@ def get_subject_rut_from_certificate_pfx(pfx_file_bytes: bytes, password: Option private_key, x509_cert, additional_certs, - ) = crypto_x509_backend.load_key_and_certificates_from_pkcs12( + ) = pkcs12.load_key_and_certificates( data=pfx_file_bytes, password=password.encode() if password is not None else None, + backend=crypto_x509_backend, ) # https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#cryptography.hazmat.primitives.serialization.pkcs12.load_key_and_certificates # noqa: E501 diff --git a/src/tests/test_libs_crypto_utils.py b/src/tests/test_libs_crypto_utils.py index f30d8b27..d0c18304 100644 --- a/src/tests/test_libs_crypto_utils.py +++ b/src/tests/test_libs_crypto_utils.py @@ -916,7 +916,8 @@ def test_load_der_x509_cert_fail_value_error(self) -> None: with self.assertRaises(ValueError) as cm: load_der_x509_cert(b'hello') self.assertEqual( - cm.exception.args, ("error parsing asn1 value: ParseError { kind: ShortData }",) + cm.exception.args, + ("error parsing asn1 value: ParseError { kind: ShortData { needed: 98 } }",), ) def test_load_pem_x509_cert_ok(self) -> None: @@ -1004,7 +1005,7 @@ def test_load_pem_x509_cert_fail_value_error(self) -> None: ( "Unable to load PEM file. See " "https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file " - "for more details. InvalidData(InvalidLength)", + "for more details. InvalidData(InvalidLength(5))", ), ) diff --git a/src/tests/test_rut_crypto_utils.py b/src/tests/test_rut_crypto_utils.py index 1e852025..810894cc 100644 --- a/src/tests/test_rut_crypto_utils.py +++ b/src/tests/test_rut_crypto_utils.py @@ -2,7 +2,7 @@ from unittest.mock import Mock, patch import cryptography.x509 -from cryptography.hazmat.backends.openssl import backend as crypto_x509_backend +from cryptography.hazmat.primitives.serialization import pkcs12 from cl_sii import rut from cl_sii.libs.crypto_utils import load_der_x509_cert @@ -19,8 +19,8 @@ def test_get_subject_rut_from_certificate_pfx_ok(self) -> None: x509_cert = load_der_x509_cert(cert_der_bytes) with patch.object( - crypto_x509_backend, - 'load_key_and_certificates_from_pkcs12', + pkcs12, + 'load_key_and_certificates', Mock(return_value=(None, x509_cert, None)), ): pfx_file_bytes = b'hello' @@ -40,8 +40,8 @@ def test_get_subject_rut_from_certificate_pfx_fails_if_rut_info_is_missing(self) x509_cert = load_der_x509_cert(cert_der_bytes) with patch.object( - crypto_x509_backend, - 'load_key_and_certificates_from_pkcs12', + pkcs12, + 'load_key_and_certificates', Mock(return_value=(None, x509_cert, None)), ): pfx_file_bytes = b'hello' @@ -81,8 +81,8 @@ def test_get_subject_rut_from_certificate_pfx_does_not_throw_attribute_error_if_ ) with patch.object( - crypto_x509_backend, - 'load_key_and_certificates_from_pkcs12', + pkcs12, + 'load_key_and_certificates', Mock(return_value=(None, x509_cert, None)), ), patch.object( x509_cert.extensions,