cryptography moved things around, adapt improvise overcome

tykling · Oct 2, 2023 · f38711f · f38711f
1 parent c8abfe9
commit f38711f
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 12 deletions.
diff --git a/client/certgrinder/certgrinder.py b/client/certgrinder/certgrinder.py
@@ -207,7 +207,7 @@ def configure(
     @staticmethod
     def load_keypair(
         path: str,
-    ) -> typing.Union[openssl.rsa._RSAPrivateKey, openssl.ed25519.Ed25519PrivateKey]:
+    ) -> typing.Union[openssl.rsa._RSAPrivateKey, primitives.asymmetric.ed25519.Ed25519PrivateKey]:
         """Load keypair bytes from disk, load key and return the object.
 
         Fixes keypair permissions to 640 if they are not 640.
@@ -240,7 +240,7 @@ def generate_private_key(
     ) -> typing.Union[
         openssl.rsa._RSAPrivateKey,
         openssl.ec._EllipticCurvePrivateKey,
-        openssl.ed25519.Ed25519PrivateKey,
+        primitives.asymmetric.ed25519.Ed25519PrivateKey,
     ]:
         """Generate and returns a private key.
 
@@ -270,7 +270,7 @@ def generate_private_key(
     @staticmethod
     def save_keypair(
         keypair: typing.Union[
-            openssl.rsa._RSAPrivateKey, openssl.ed25519.Ed25519PrivateKey
+            openssl.rsa._RSAPrivateKey, primitives.asymmetric.ed25519.Ed25519PrivateKey
         ],
         path: str,
     ) -> None:
@@ -288,7 +288,7 @@ def save_keypair(
         """
         if isinstance(keypair, openssl.rsa._RSAPrivateKey):
             keyformat = primitives.serialization.PrivateFormat.TraditionalOpenSSL
-        elif isinstance(keypair, openssl.ed25519.Ed25519PrivateKey):
+        elif isinstance(keypair, primitives.asymmetric.ed25519.Ed25519PrivateKey):
             keyformat = primitives.serialization.PrivateFormat.PKCS8
         elif isinstance(keypair, openssl.ec._EllipticCurvePrivateKey):
             keyformat = primitives.serialization.PrivateFormat.PKCS8
@@ -308,7 +308,7 @@ def save_keypair(
     @staticmethod
     def get_der_pubkey(
         keypair: typing.Union[
-            openssl.rsa._RSAPrivateKey, openssl.ed25519.Ed25519PrivateKey
+            openssl.rsa._RSAPrivateKey, primitives.asymmetric.ed25519.Ed25519PrivateKey
         ]
     ) -> bytes:
         """Return the DER formatted publickey.
@@ -330,7 +330,7 @@ def get_der_pubkey(
     @staticmethod
     def generate_csr(
         keypair: typing.Union[
-            openssl.rsa._RSAPrivateKey, openssl.ed25519.Ed25519PrivateKey
+            openssl.rsa._RSAPrivateKey, primitives.asymmetric.ed25519.Ed25519PrivateKey
         ],
         domains: typing.List[str],
     ) -> cryptography.x509.CertificateSigningRequest:
@@ -482,7 +482,7 @@ def check_certificate_expiry(
     def check_certificate_public_key(
         certificate: cryptography.x509.Certificate,
         public_key: typing.Union[
-            openssl.rsa._RSAPublicKey, openssl.ed25519.Ed25519PublicKey
+            openssl.rsa._RSAPublicKey, primitives.asymmetric.ed25519.Ed25519PublicKey
         ],
     ) -> bool:
         """Make sure certificate has the specified public key.
@@ -554,7 +554,7 @@ def check_certificate_validity(
         threshold_days: int,
         san_names: typing.List[str],
         public_key: typing.Optional[
-            typing.Union[openssl.rsa._RSAPublicKey, openssl.ed25519.Ed25519PublicKey]
+            typing.Union[openssl.rsa._RSAPublicKey, primitives.asymmetric.ed25519.Ed25519PublicKey]
         ] = None,
         subject: typing.Optional[cryptography.x509.Name] = None,
     ) -> bool:
@@ -625,7 +625,7 @@ def save_certificate(
     def save_concat_certkey(
         cls,
         keypair: typing.Union[
-            openssl.rsa._RSAPrivateKey, openssl.ed25519.Ed25519PrivateKey
+            openssl.rsa._RSAPrivateKey, primitives.asymmetric.ed25519.Ed25519PrivateKey
         ],
         certificate: cryptography.x509.Certificate,
         issuers: typing.List[cryptography.x509.Certificate],
@@ -931,7 +931,7 @@ def check_certificate(
         self,
         certificate: typing.Optional[cryptography.x509.Certificate] = None,
         public_key: typing.Optional[
-            typing.Union[openssl.rsa._RSAPublicKey, openssl.ed25519.Ed25519PublicKey]
+            typing.Union[openssl.rsa._RSAPublicKey, primitives.asymmetric.ed25519.Ed25519PublicKey]
         ] = None,
     ) -> bool:
         """Check certificate validity and returns True or False.

diff --git a/client/certgrinder/tests/test_certgrinder.py b/client/certgrinder/tests/test_certgrinder.py
@@ -513,7 +513,7 @@ def test_create_and_chmod_keypair(tmpdir_factory, caplog):
     with pytest.raises(ValueError):
         keypair = certgrinder.generate_private_key("foo")
     keypair = certgrinder.generate_private_key("ed25519")
-    assert isinstance(keypair, openssl.ed25519.Ed25519PrivateKey)
+    assert isinstance(keypair, primitives.asymmetric.ed25519.Ed25519PrivateKey)
     path = os.path.join(tmpdir_factory.mktemp("certificates"), "test.key")
     with pytest.raises(ValueError):
         certgrinder.save_keypair(keypair="notakey", path=path)

diff --git a/client/setup.py b/client/setup.py
@@ -31,6 +31,6 @@
         "Operating System :: OS Independent",
     ],
     python_requires=">=3.8",
-    install_requires=["PyYAML", "dnspython", "cryptography>38", "pid"],
+    install_requires=["PyYAML", "dnspython", "cryptography>41", "pid"],
     include_package_data=True,
 )