pool/python-Twisted
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

- add regenerate-cert-to-work-with-latest-service-identity.patch

Browse Source 
remove-pynacl-optional-dependency.patch: backports from main
  git to fix tests with newer dependency versions

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Twisted?expand=0&rev=137
This commit is contained in:
Dirk Mueller
2023-06-26 20:22:25 +00:00
committed by Git OBS Bridge
parent 3b762340f5
commit aeb654dcef
4 changed files with 784 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python-Twisted.changes
View File

@@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Jun 26 20:21:58 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add regenerate-cert-to-work-with-latest-service-identity.patch
remove-pynacl-optional-dependency.patch: backports from main
git to fix tests with newer dependency versions
-------------------------------------------------------------------
Sun Apr 23 23:34:51 UTC 2023 - Matej Cepl <mcepl@suse.com>

7
python-Twisted.spec
View File

@@ -52,6 +52,10 @@ Patch6: remove-dependency-version-upper-bounds.patch
Patch7: py311-tests-compat.patch
# PATCH-FIX-UPSTREAM gh#twisted/twisted#11787
Patch8: support-new-glibc.patch
# PATCH-FIX-UPSTREAM gh#twisted/twisted#11878
Patch9: regenerate-cert-to-work-with-latest-service-identity.patch
# PATCH-FIX-UPSTREAM gh#twisted/twisted#11873
Patch10: remove-pynacl-optional-dependency.patch
BuildRequires: %{python_module incremental >= 21.3.0}
BuildRequires: %{python_module setuptools}
BuildRequires: fdupes
@@ -124,15 +128,12 @@ Twisted Conch: The Twisted Shell. Terminal emulation, SSHv2 and telnet.
%package conch_nacl
Summary: Conch w/ NaCl for Twisted
Requires: python-PyNaCl
Requires: python-Twisted-conch = %{version}
%description conch_nacl
Twisted is an extensible framework for Python programming, with special focus
on event-based network programming and multiprotocol integration.
This metapackage is for the optional feature Conch with NaCl
%package serial
Summary: Serial support for Twisted
Requires: python-Twisted = %{version}

413
regenerate-cert-to-work-with-latest-service-identity.patch Normal file
View File

@@ -0,0 +1,413 @@
From 001fd99f209dce1ee853df87fc4e0627db3bc930 Mon Sep 17 00:00:00 2001
From: Glyph <code@glyph.im>
Date: Wed, 14 Jun 2023 13:41:33 -0700
Subject: [PATCH 1/4] regenerate certificate to work with latest
service_identity
also rewrite all the logic using cryptography rather than pyopenssl
---
src/twisted/newsfragments/11877.misc | 0
src/twisted/test/cert.pem.no_trailing_newline | 40 ++--
src/twisted/test/key.pem.no_trailing_newline | 55 +++---
src/twisted/test/server.pem | 178 ++++++++++--------
4 files changed, 150 insertions(+), 123 deletions(-)
create mode 100644 src/twisted/newsfragments/11877.misc
diff --git a/src/twisted/newsfragments/11877.misc b/src/twisted/newsfragments/11877.misc
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/src/twisted/test/cert.pem.no_trailing_newline b/src/twisted/test/cert.pem.no_trailing_newline
index 59f1bae563e..11eb4db8119 100644
--- a/src/twisted/test/cert.pem.no_trailing_newline
+++ b/src/twisted/test/cert.pem.no_trailing_newline
@@ -1,23 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIID6DCCAtACAwtEVjANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMCVFIxDzAN
-BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExEjAQBgNVBAMMCWxv
-Y2FsaG9zdDEcMBoGA1UECgwTVHdpc3RlZCBNYXRyaXggTGFiczEkMCIGA1UECwwb
-QXV0b21hdGVkIFRlc3RpbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpzZWN1
-cml0eUB0d2lzdGVkbWF0cml4LmNvbTAgFw0yMjA4MjMyMzUyNTJaGA8yMTIyMDcz
-MDIzNTI1MlowgbcxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0xFDASBgNV
-BAcMC0JhxZ9tYWvDp8SxMRIwEAYDVQQDDAlsb2NhbGhvc3QxHDAaBgNVBAoME1R3
+MIIEJDCCAwygAwIBAgIUKaSXgzt5gDMt9GbUzLz/A9HEyFEwDQYJKoZIhvcNAQEL
+BQAwgb0xGDAWBgNVBAMMD0EgSG9zdCwgTG9jYWxseTELMAkGA1UEBhMCVFIxDzAN
+BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExHDAaBgNVBAoME1R3
aXN0ZWQgTWF0cml4IExhYnMxJDAiBgNVBAsMG0F1dG9tYXRlZCBUZXN0aW5nIEF1
dGhvcml0eTEpMCcGCSqGSIb3DQEJARYac2VjdXJpdHlAdHdpc3RlZG1hdHJpeC5j
-b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Gk1skmQfONi+GdM2
-Rwb6a/2weSX7eM3MwT3vXYr+0dx9ScWERILTNkLGrvfslHKdUE7hBDKjtuj6KtAI
-rVjeDDMD6Ue77EcbL3QEO1QZeBjJ3hQbaB447PhE1wwgEsWndPMcDDVm93sODELN
-rzWMLhabgCJ5cJYo5RQs7IvVtE36KaoSgfC9rTP8Lva+MW5wNeHn2f0hDlUF8jLu
-o1W+eDb9CHV7vwL19DZ3w74UkQ3RnfNDnZzVhsNI4YGaSBGtOHY3ioDspGQZqHHf
-CSTjjMwq3ddEkPd7iNu4N5KUamnH69A0JfRODC8tXjFG9/WFROhYZkUQRhXkgRd3
-9Yy9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBABuOxiDnfrjQjbP4ZWrDj+doK8Zk
-CUwtyM3gFVF1LBZxBCxVa6hzD2N7/1o0+KHjmiGks7SnXb6aG2nEqypciZ4xkPjt
-wVIcTWCW8ddPrfMi4/esiQFlPck1p3QSfkPiAgHAjJiDDqDtqsMKr+5AkUaHlqjR
-VV3YE27x/QyLZbV7igiTPdh1fTV7+Yl8VHpBdnMRUVTFoZaIiCe0efmqsvzBd73A
-c75aKTwu6cPQ9dH/gIEOHCvrgweED7ZcabT7h/k7DXL2zhnJTPmQSJLWjfQebJOu
-4l1p7tn35xbjqu906l4iII+YqWCAj/gNT2qdcIWQmxg/reg2tRbU7Nv3M0c=
+b20wIBcNMjMwNjE0MTM0MDI4WhgPMjEyMzA1MjExMzQwMjhaMIG9MRgwFgYDVQQD
+DA9BIEhvc3QsIExvY2FsbHkxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0x
+FDASBgNVBAcMC0JhxZ9tYWvDp8SxMRwwGgYDVQQKDBNUd2lzdGVkIE1hdHJpeCBM
+YWJzMSQwIgYDVQQLDBtBdXRvbWF0ZWQgVGVzdGluZyBBdXRob3JpdHkxKTAnBgkq
+hkiG9w0BCQEWGnNlY3VyaXR5QHR3aXN0ZWRtYXRyaXguY29tMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rT5+hF+1BjE7qXms9PZWHskXZGXLPiYVmiY
+jsVeJAOtHAYq8igzA49KgR1xR9M4jQ6U46nwPsnGCh4liyxdWkBLw9maxMoE+r6d
+W1zZ8Tllunbdb/Da6L8P55SKb7QGet4CB1fZ2SqZD4GvTby6xpoR09AqrfjuEIYR
+8V/y+8dG3mR5W0HqaJ58IWihAwIQSakuc8jTadJY55t7UW6Ebj2X2WTO6Zh7gJ1d
+yHPMVkUHJF9Jsuj/4F4lx6hWGQzWO8Nf8Q7t364pagE3evUv/BECJLONNYLaFjLt
+WnsCEJDV9owCjaxu785KuA7OM/f3h3xVIfTBTo2AlHiQnXdyrwIDAQABoxgwFjAU
+BgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBAEHAErq/Fs8h
+M+kwGCt5Ochqyu/IzPbwgQ27n5IJehl7kmpoXBxGa/u+ajoxrZaOheg8E2MYVwQi
+FTKE9wJgaN3uGo4bzCbCYxDm7tflQORo6QOZlumfiQIzXON2RvgJpwFfkLNtq0t9
+e453kJ7+e11Wah46bc3RAvBZpwswh6hDv2FvFUZ+IUcO0tU8O4kWrLIFPpJbcHQq
+wezjky773X4CNEtoeuTb8/ws/eED/TGZ2AZO+BWT93OZJgwE2x3iUd3k8HbwxfoY
+bZ+NHgtM7iKRcL59asB0OMi3Ays0+IOfZ1+3aB82zYlxFBoDyalR7NJjJGdTwNFt
+3CPGCQ28cDk=
-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/src/twisted/test/key.pem.no_trailing_newline b/src/twisted/test/key.pem.no_trailing_newline
index 63845f8249f..5d489fd73ac 100644
--- a/src/twisted/test/key.pem.no_trailing_newline
+++ b/src/twisted/test/key.pem.no_trailing_newline
@@ -1,28 +1,27 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9Gk1skmQfONi+
-GdM2Rwb6a/2weSX7eM3MwT3vXYr+0dx9ScWERILTNkLGrvfslHKdUE7hBDKjtuj6
-KtAIrVjeDDMD6Ue77EcbL3QEO1QZeBjJ3hQbaB447PhE1wwgEsWndPMcDDVm93sO
-DELNrzWMLhabgCJ5cJYo5RQs7IvVtE36KaoSgfC9rTP8Lva+MW5wNeHn2f0hDlUF
-8jLuo1W+eDb9CHV7vwL19DZ3w74UkQ3RnfNDnZzVhsNI4YGaSBGtOHY3ioDspGQZ
-qHHfCSTjjMwq3ddEkPd7iNu4N5KUamnH69A0JfRODC8tXjFG9/WFROhYZkUQRhXk
-gRd39Yy9AgMBAAECggEAIvGt1f7VRpm8H6DpEVIdvX/gMNCqTqZ7rTcWaVmpWj5Q
-lsxflfoNDNetjkZ95PdnmJ9i/BzI+MzPj48Cw1+5GMs7UCE3EshuOV1S/Ic0GsLB
-HeiOYaQjVZSgqiPtBy5A3Rl05T1yTtUzpZxpadXTONS5c8HBXRyLewId8NFDY9ls
-76PYRq4ui7QGOmXw7VAVzg/7RxcupuSkecE7472Ek1jtEdRdplBga/XE5/+FZhrr
-NyAdVo/1VD8zpaenWiBgfqJTVc/VRBaE0kLa777E++ruqGGz/c5cQPOWzEp0vPbi
-kXz16X2TQDeTe6QfBBYjzD2+LyJh2TXfRtEn56MtJwKBgQDaTzHFOoiPS0+JpOBH
-yW2gIFigEH70Hi++m0okmewGLTGrjOsIVWx8u5QFMANEYXeXIT7sM1eyONYjtxNC
-gpeLyyN9zTyLPWdx3CzNodY2Dg/irTZtPQp7/efAHcn7kW8V0OxCGTyXAzdhKXmN
-thN9KMk6peQMU8L4FqypNznFrwKBgQDdwD0NBxqNk3/Q/qih2EJUOO7uuPAZnTJf
-neRnY4Pc94ticdQbd03ZArP3ybl9wWy+Ri9D+I9P753Hyfb7BSKwwIyYRgxSjGU/
-wqcmv0V/mSY7N4eCDaXqEjdovaZ76d3L60FPH5rJbn7yHZBYWaSqXgk0HDYUmQwg
-huPLNu8bUwKBgQCH/rGohbAwY9/mhRlaXva1u7C59czAUlW3zZFAf8pyhpDcp2p6
-xIxSn5+0I5bFcFpJgWJrTgihc5qioReUZTn20dMIOWQv8U6RtXELoHeLMPNgaDrx
-jgcL+r32BhifaJfk5UNoYcRG5rAHDQk16Gj3nQLOUC1iKIPafHWO7GJG7QKBgQCj
-yVfOhY6xP17K6S14zRjAyISCQorlAFyyjxai3rgIv7Zt8hFucAJJ5Vs0DAU7w2Ak
-cgZ7N93ydtOdO6l24uYqky3FUwfK+PPX0lhPoDse8elxF6S5BIeliervLBUJtUUj
-VxIX9QoI+do9zmRNPXkIdQhrOuMe96Qjaj5aXKrjDQKBgBS2LGghCFgqaxtHeIpl
-RLOnpxLaiitGH412O6VKHkkXaNYEOlbtFVlPuE1zHeyIvLQb666lW/w0+HMmfMTU
-SQI2gIndUb6pMzLjZUrCyYz618EoAmhx6+VnbRSY+iSEIdYqx6VBl0HY9RWJa18H
-4LPzH6dfRnKf2jCer3DtWALD
------END PRIVATE KEY-----
\ No newline at end of file
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA0rT5+hF+1BjE7qXms9PZWHskXZGXLPiYVmiYjsVeJAOtHAYq
+8igzA49KgR1xR9M4jQ6U46nwPsnGCh4liyxdWkBLw9maxMoE+r6dW1zZ8Tllunbd
+b/Da6L8P55SKb7QGet4CB1fZ2SqZD4GvTby6xpoR09AqrfjuEIYR8V/y+8dG3mR5
+W0HqaJ58IWihAwIQSakuc8jTadJY55t7UW6Ebj2X2WTO6Zh7gJ1dyHPMVkUHJF9J
+suj/4F4lx6hWGQzWO8Nf8Q7t364pagE3evUv/BECJLONNYLaFjLtWnsCEJDV9owC
+jaxu785KuA7OM/f3h3xVIfTBTo2AlHiQnXdyrwIDAQABAoH/Ib7aSjKDHXTaFV58
+lFBZftI6AMJQc+Ncgno99J+ndB0inFpghmfpw6gvRn5wphAt/mlXbx7IW0X1cali
+WefBC7NAbx1qrBmusnnUuc0lGn0WzcY7sLHiXWQ8J9qiUUGDyCnGKWbofN9VpCYg
+7VJMl4IVWNb9/t7fQcY3GXFEeQ4mzLo7p+gPxyeUcCLVrhVrHzw1HFTIlA51LjfI
+xQM+QVeaEWQQ4UsDdPe5iGthDd7ze2F5ciDzMkShrf7URSudS+Us6vr6gDVpKAky
+eCVyFPJXCfH4qJoa6mB6L6SFzMnN3OPp3RlYQWQ7sK/ELQfhPoyHyRvL1woUIO5C
+tK0pAoGBAPS6ZSZ26M0guZ2K/2fKMiGq0jZQLcxP3N0jWm8R8ENOnuIjhCl5aKsB
+DoV0BvPv1C2vWm+VgNArgTece9l8o5f8pcfjbT5r/k8zoqgcj9CmmDofBka4XxZb
+wxsut+8rBSIoVKIre4Pyqfa9u1IrEnoOzMqvF16xUME2t2EaryUzAoGBANxpb4Jz
+FjH7nfPc3iejd+cXovX6x2VTJzWaknA6hGsoc+UZ01KTaKyYpq+9q9VxXhWxYsh3
+TL1JWuIBy6ao5tdt4nPBu07J7tfu5bfr3Imd8waNQxDEfKeFedskxORs+FIUzqBb
+3nIkQH8sx0Syv620coIdtEn1raVXc9QfRgSVAoGAWNFhLoGPYgsTcnrk0N1QLmnZ
+mv6kcHc3mEZhZtgi07qv7TCooYi/lPhwNbzzXQrYfbAbaU3gDy0K24z+YeNbWCjI
+XfBLUJFPHZ2G1e5vv3EG5GkoFPiLAglRmQbumG2LkmcCuEyBqlSinLslRd/997Bx
+YMoE+EfwH/9ktGhD0oMCgYEAxaSqAFDQ00ssjTM95k94Qjn4wBf7WwmgfDm6HHbs
+rOZeXk61JzPVxgcwWSB8iG4bDtq8mMQZhRbVLxqrEiwcq4r2aBSNsI305Z5sUWtn
+m+ONvA9J1yxKFzHiXjbvc2GfnoLX8gXPR4zoZOGzYg/jP5EyqSiXtUZfSodL7yeH
+8q0CgYEA2OzA59AITJe8jhC5JsVbLs7Rj4kFTjD+iZ8P86FnWBf1iDeuywEZJqvG
+n6SNK4KczDJ//DBV06w4L6iwe5iOCdf06+V7Hnkbvrjk0ONnXX7VXNgJ3/e7aJTx
+gE42Ug0qu6lXtEfYqlhQoF2lAtnYq0fty/XWMVfpjVuh1lyd4C4=
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/src/twisted/test/server.pem b/src/twisted/test/server.pem
index 0c633e6e9e3..6d2be8be95b 100644
--- a/src/twisted/test/server.pem
+++ b/src/twisted/test/server.pem
@@ -1,97 +1,123 @@
# coding: utf-8
-from inspect import getsource
-from datetime import datetime
-from OpenSSL.crypto import FILETYPE_PEM, TYPE_RSA, X509, PKey, dump_privatekey, dump_certificate
+from datetime import datetime, timedelta
+from inspect import getsource
-key = PKey()
-key.generate_key(TYPE_RSA, 2048)
+from cryptography.hazmat.primitives.asymmetric.rsa import generate_private_key
+from cryptography.hazmat.primitives.hashes import SHA256
+from cryptography.hazmat.primitives.serialization import (
+ Encoding,
+ NoEncryption,
+ PrivateFormat,
+)
+from cryptography.x509 import (
+ CertificateBuilder,
+ Name,
+ NameAttribute,
+ NameOID,
+ SubjectAlternativeName,
+ DNSName,
+ random_serial_number,
+)
-cert = X509()
-issuer = cert.get_issuer()
-subject = cert.get_subject()
+pk = generate_private_key(key_size=2048, public_exponent=65537)
-for dn in [issuer, subject]:
- dn.C = b"TR"
- dn.ST = "Çorum".encode("utf-8")
- dn.L = "Başmakçı".encode("utf-8")
- dn.CN = b"localhost"
- dn.O = b"Twisted Matrix Labs"
- dn.OU = b"Automated Testing Authority"
- dn.emailAddress = b"security@twistedmatrix.com"
+me = Name(
+ [
+ NameAttribute(NameOID.COMMON_NAME, "A Host, Locally"),
+ NameAttribute(NameOID.COUNTRY_NAME, "TR"),
+ NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Çorum"),
+ NameAttribute(NameOID.LOCALITY_NAME, "Başmakçı"),
+ NameAttribute(NameOID.ORGANIZATION_NAME, "Twisted Matrix Labs"),
+ NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Automated Testing Authority"),
+ NameAttribute(NameOID.EMAIL_ADDRESS, "security@twistedmatrix.com"),
+ ]
+)
-cert.set_serial_number(datetime.now().toordinal())
-cert.gmtime_adj_notBefore(0)
-cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 100)
+certificate_bytes = (
+ CertificateBuilder()
+ .serial_number(random_serial_number())
+ .not_valid_before(datetime.now())
+ .not_valid_after(datetime.now() + timedelta(seconds=60 * 60 * 24 * 365 * 100))
+ .subject_name(me)
+ .add_extension(SubjectAlternativeName([DNSName("localhost")]), False)
+ .issuer_name(me)
+ .public_key(pk.public_key())
+ .sign(pk, algorithm=SHA256())
+).public_bytes(Encoding.PEM)
-cert.set_pubkey(key)
-cert.sign(key, "sha256")
+privkey_bytes = pk.private_bytes(
+ Encoding.PEM, PrivateFormat.TraditionalOpenSSL, NoEncryption()
+)
import __main__
+
source = getsource(__main__)
source = source.split("\n" + "-" * 5)[0].rsplit("\n", 1)[0]
with open("server.pem", "w") as fObj:
fObj.write(source)
fObj.write("\n")
- fObj.write("'''\n")
- fObj.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii"))
- fObj.write(dump_certificate(FILETYPE_PEM, cert).decode("ascii"))
- fObj.write("'''\n")
+ fObj.write('"""\n')
+ fObj.write(privkey_bytes.decode("ascii"))
+ fObj.write(certificate_bytes.decode("ascii"))
+ fObj.write('"""\n')
with open(b"key.pem.no_trailing_newline", "w") as fObj:
- fObj.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii").rstrip('\n'))
+ fObj.write(privkey_bytes.decode("ascii").rstrip("\n"))
with open(b"cert.pem.no_trailing_newline", "w") as fObj:
- fObj.write(dump_certificate(FILETYPE_PEM, cert).decode("ascii").rstrip('\n'))
-'''
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9Gk1skmQfONi+
-GdM2Rwb6a/2weSX7eM3MwT3vXYr+0dx9ScWERILTNkLGrvfslHKdUE7hBDKjtuj6
-KtAIrVjeDDMD6Ue77EcbL3QEO1QZeBjJ3hQbaB447PhE1wwgEsWndPMcDDVm93sO
-DELNrzWMLhabgCJ5cJYo5RQs7IvVtE36KaoSgfC9rTP8Lva+MW5wNeHn2f0hDlUF
-8jLuo1W+eDb9CHV7vwL19DZ3w74UkQ3RnfNDnZzVhsNI4YGaSBGtOHY3ioDspGQZ
-qHHfCSTjjMwq3ddEkPd7iNu4N5KUamnH69A0JfRODC8tXjFG9/WFROhYZkUQRhXk
-gRd39Yy9AgMBAAECggEAIvGt1f7VRpm8H6DpEVIdvX/gMNCqTqZ7rTcWaVmpWj5Q
-lsxflfoNDNetjkZ95PdnmJ9i/BzI+MzPj48Cw1+5GMs7UCE3EshuOV1S/Ic0GsLB
-HeiOYaQjVZSgqiPtBy5A3Rl05T1yTtUzpZxpadXTONS5c8HBXRyLewId8NFDY9ls
-76PYRq4ui7QGOmXw7VAVzg/7RxcupuSkecE7472Ek1jtEdRdplBga/XE5/+FZhrr
-NyAdVo/1VD8zpaenWiBgfqJTVc/VRBaE0kLa777E++ruqGGz/c5cQPOWzEp0vPbi
-kXz16X2TQDeTe6QfBBYjzD2+LyJh2TXfRtEn56MtJwKBgQDaTzHFOoiPS0+JpOBH
-yW2gIFigEH70Hi++m0okmewGLTGrjOsIVWx8u5QFMANEYXeXIT7sM1eyONYjtxNC
-gpeLyyN9zTyLPWdx3CzNodY2Dg/irTZtPQp7/efAHcn7kW8V0OxCGTyXAzdhKXmN
-thN9KMk6peQMU8L4FqypNznFrwKBgQDdwD0NBxqNk3/Q/qih2EJUOO7uuPAZnTJf
-neRnY4Pc94ticdQbd03ZArP3ybl9wWy+Ri9D+I9P753Hyfb7BSKwwIyYRgxSjGU/
-wqcmv0V/mSY7N4eCDaXqEjdovaZ76d3L60FPH5rJbn7yHZBYWaSqXgk0HDYUmQwg
-huPLNu8bUwKBgQCH/rGohbAwY9/mhRlaXva1u7C59czAUlW3zZFAf8pyhpDcp2p6
-xIxSn5+0I5bFcFpJgWJrTgihc5qioReUZTn20dMIOWQv8U6RtXELoHeLMPNgaDrx
-jgcL+r32BhifaJfk5UNoYcRG5rAHDQk16Gj3nQLOUC1iKIPafHWO7GJG7QKBgQCj
-yVfOhY6xP17K6S14zRjAyISCQorlAFyyjxai3rgIv7Zt8hFucAJJ5Vs0DAU7w2Ak
-cgZ7N93ydtOdO6l24uYqky3FUwfK+PPX0lhPoDse8elxF6S5BIeliervLBUJtUUj
-VxIX9QoI+do9zmRNPXkIdQhrOuMe96Qjaj5aXKrjDQKBgBS2LGghCFgqaxtHeIpl
-RLOnpxLaiitGH412O6VKHkkXaNYEOlbtFVlPuE1zHeyIvLQb666lW/w0+HMmfMTU
-SQI2gIndUb6pMzLjZUrCyYz618EoAmhx6+VnbRSY+iSEIdYqx6VBl0HY9RWJa18H
-4LPzH6dfRnKf2jCer3DtWALD
------END PRIVATE KEY-----
+ fObj.write(certificate_bytes.decode("ascii").rstrip("\n"))
+
+"""
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA0rT5+hF+1BjE7qXms9PZWHskXZGXLPiYVmiYjsVeJAOtHAYq
+8igzA49KgR1xR9M4jQ6U46nwPsnGCh4liyxdWkBLw9maxMoE+r6dW1zZ8Tllunbd
+b/Da6L8P55SKb7QGet4CB1fZ2SqZD4GvTby6xpoR09AqrfjuEIYR8V/y+8dG3mR5
+W0HqaJ58IWihAwIQSakuc8jTadJY55t7UW6Ebj2X2WTO6Zh7gJ1dyHPMVkUHJF9J
+suj/4F4lx6hWGQzWO8Nf8Q7t364pagE3evUv/BECJLONNYLaFjLtWnsCEJDV9owC
+jaxu785KuA7OM/f3h3xVIfTBTo2AlHiQnXdyrwIDAQABAoH/Ib7aSjKDHXTaFV58
+lFBZftI6AMJQc+Ncgno99J+ndB0inFpghmfpw6gvRn5wphAt/mlXbx7IW0X1cali
+WefBC7NAbx1qrBmusnnUuc0lGn0WzcY7sLHiXWQ8J9qiUUGDyCnGKWbofN9VpCYg
+7VJMl4IVWNb9/t7fQcY3GXFEeQ4mzLo7p+gPxyeUcCLVrhVrHzw1HFTIlA51LjfI
+xQM+QVeaEWQQ4UsDdPe5iGthDd7ze2F5ciDzMkShrf7URSudS+Us6vr6gDVpKAky
+eCVyFPJXCfH4qJoa6mB6L6SFzMnN3OPp3RlYQWQ7sK/ELQfhPoyHyRvL1woUIO5C
+tK0pAoGBAPS6ZSZ26M0guZ2K/2fKMiGq0jZQLcxP3N0jWm8R8ENOnuIjhCl5aKsB
+DoV0BvPv1C2vWm+VgNArgTece9l8o5f8pcfjbT5r/k8zoqgcj9CmmDofBka4XxZb
+wxsut+8rBSIoVKIre4Pyqfa9u1IrEnoOzMqvF16xUME2t2EaryUzAoGBANxpb4Jz
+FjH7nfPc3iejd+cXovX6x2VTJzWaknA6hGsoc+UZ01KTaKyYpq+9q9VxXhWxYsh3
+TL1JWuIBy6ao5tdt4nPBu07J7tfu5bfr3Imd8waNQxDEfKeFedskxORs+FIUzqBb
+3nIkQH8sx0Syv620coIdtEn1raVXc9QfRgSVAoGAWNFhLoGPYgsTcnrk0N1QLmnZ
+mv6kcHc3mEZhZtgi07qv7TCooYi/lPhwNbzzXQrYfbAbaU3gDy0K24z+YeNbWCjI
+XfBLUJFPHZ2G1e5vv3EG5GkoFPiLAglRmQbumG2LkmcCuEyBqlSinLslRd/997Bx
+YMoE+EfwH/9ktGhD0oMCgYEAxaSqAFDQ00ssjTM95k94Qjn4wBf7WwmgfDm6HHbs
+rOZeXk61JzPVxgcwWSB8iG4bDtq8mMQZhRbVLxqrEiwcq4r2aBSNsI305Z5sUWtn
+m+ONvA9J1yxKFzHiXjbvc2GfnoLX8gXPR4zoZOGzYg/jP5EyqSiXtUZfSodL7yeH
+8q0CgYEA2OzA59AITJe8jhC5JsVbLs7Rj4kFTjD+iZ8P86FnWBf1iDeuywEZJqvG
+n6SNK4KczDJ//DBV06w4L6iwe5iOCdf06+V7Hnkbvrjk0ONnXX7VXNgJ3/e7aJTx
+gE42Ug0qu6lXtEfYqlhQoF2lAtnYq0fty/XWMVfpjVuh1lyd4C4=
+-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIID6DCCAtACAwtEVjANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMCVFIxDzAN
-BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExEjAQBgNVBAMMCWxv
-Y2FsaG9zdDEcMBoGA1UECgwTVHdpc3RlZCBNYXRyaXggTGFiczEkMCIGA1UECwwb
-QXV0b21hdGVkIFRlc3RpbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpzZWN1
-cml0eUB0d2lzdGVkbWF0cml4LmNvbTAgFw0yMjA4MjMyMzUyNTJaGA8yMTIyMDcz
-MDIzNTI1MlowgbcxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0xFDASBgNV
-BAcMC0JhxZ9tYWvDp8SxMRIwEAYDVQQDDAlsb2NhbGhvc3QxHDAaBgNVBAoME1R3
+MIIEJDCCAwygAwIBAgIUKaSXgzt5gDMt9GbUzLz/A9HEyFEwDQYJKoZIhvcNAQEL
+BQAwgb0xGDAWBgNVBAMMD0EgSG9zdCwgTG9jYWxseTELMAkGA1UEBhMCVFIxDzAN
+BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExHDAaBgNVBAoME1R3
aXN0ZWQgTWF0cml4IExhYnMxJDAiBgNVBAsMG0F1dG9tYXRlZCBUZXN0aW5nIEF1
dGhvcml0eTEpMCcGCSqGSIb3DQEJARYac2VjdXJpdHlAdHdpc3RlZG1hdHJpeC5j
-b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Gk1skmQfONi+GdM2
-Rwb6a/2weSX7eM3MwT3vXYr+0dx9ScWERILTNkLGrvfslHKdUE7hBDKjtuj6KtAI
-rVjeDDMD6Ue77EcbL3QEO1QZeBjJ3hQbaB447PhE1wwgEsWndPMcDDVm93sODELN
-rzWMLhabgCJ5cJYo5RQs7IvVtE36KaoSgfC9rTP8Lva+MW5wNeHn2f0hDlUF8jLu
-o1W+eDb9CHV7vwL19DZ3w74UkQ3RnfNDnZzVhsNI4YGaSBGtOHY3ioDspGQZqHHf
-CSTjjMwq3ddEkPd7iNu4N5KUamnH69A0JfRODC8tXjFG9/WFROhYZkUQRhXkgRd3
-9Yy9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBABuOxiDnfrjQjbP4ZWrDj+doK8Zk
-CUwtyM3gFVF1LBZxBCxVa6hzD2N7/1o0+KHjmiGks7SnXb6aG2nEqypciZ4xkPjt
-wVIcTWCW8ddPrfMi4/esiQFlPck1p3QSfkPiAgHAjJiDDqDtqsMKr+5AkUaHlqjR
-VV3YE27x/QyLZbV7igiTPdh1fTV7+Yl8VHpBdnMRUVTFoZaIiCe0efmqsvzBd73A
-c75aKTwu6cPQ9dH/gIEOHCvrgweED7ZcabT7h/k7DXL2zhnJTPmQSJLWjfQebJOu
-4l1p7tn35xbjqu906l4iII+YqWCAj/gNT2qdcIWQmxg/reg2tRbU7Nv3M0c=
+b20wIBcNMjMwNjE0MTM0MDI4WhgPMjEyMzA1MjExMzQwMjhaMIG9MRgwFgYDVQQD
+DA9BIEhvc3QsIExvY2FsbHkxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0x
+FDASBgNVBAcMC0JhxZ9tYWvDp8SxMRwwGgYDVQQKDBNUd2lzdGVkIE1hdHJpeCBM
+YWJzMSQwIgYDVQQLDBtBdXRvbWF0ZWQgVGVzdGluZyBBdXRob3JpdHkxKTAnBgkq
+hkiG9w0BCQEWGnNlY3VyaXR5QHR3aXN0ZWRtYXRyaXguY29tMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rT5+hF+1BjE7qXms9PZWHskXZGXLPiYVmiY
+jsVeJAOtHAYq8igzA49KgR1xR9M4jQ6U46nwPsnGCh4liyxdWkBLw9maxMoE+r6d
+W1zZ8Tllunbdb/Da6L8P55SKb7QGet4CB1fZ2SqZD4GvTby6xpoR09AqrfjuEIYR
+8V/y+8dG3mR5W0HqaJ58IWihAwIQSakuc8jTadJY55t7UW6Ebj2X2WTO6Zh7gJ1d
+yHPMVkUHJF9Jsuj/4F4lx6hWGQzWO8Nf8Q7t364pagE3evUv/BECJLONNYLaFjLt
+WnsCEJDV9owCjaxu785KuA7OM/f3h3xVIfTBTo2AlHiQnXdyrwIDAQABoxgwFjAU
+BgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBAEHAErq/Fs8h
+M+kwGCt5Ochqyu/IzPbwgQ27n5IJehl7kmpoXBxGa/u+ajoxrZaOheg8E2MYVwQi
+FTKE9wJgaN3uGo4bzCbCYxDm7tflQORo6QOZlumfiQIzXON2RvgJpwFfkLNtq0t9
+e453kJ7+e11Wah46bc3RAvBZpwswh6hDv2FvFUZ+IUcO0tU8O4kWrLIFPpJbcHQq
+wezjky773X4CNEtoeuTb8/ws/eED/TGZ2AZO+BWT93OZJgwE2x3iUd3k8HbwxfoY
+bZ+NHgtM7iKRcL59asB0OMi3Ays0+IOfZ1+3aB82zYlxFBoDyalR7NJjJGdTwNFt
+3CPGCQ28cDk=
-----END CERTIFICATE-----
-'''
+"""
From 1f0c2a3a774d89fb10782a8abf62e219d1f4818f Mon Sep 17 00:00:00 2001
From: Glyph <code@glyph.im>
Date: Wed, 14 Jun 2023 14:06:56 -0700
Subject: [PATCH 2/4] todo server.pem should generate this too
---
src/twisted/protocols/test/test_tls.py | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/twisted/protocols/test/test_tls.py b/src/twisted/protocols/test/test_tls.py
index 5915d6bc5b2..37de80feb9f 100644
--- a/src/twisted/protocols/test/test_tls.py
+++ b/src/twisted/protocols/test/test_tls.py
@@ -522,9 +522,10 @@ def cbHandshook(ignored):
self.assertIsInstance(cert, crypto.X509)
self.assertEqual(
cert.digest("sha256"),
- # openssl x509 -noout -sha256 -fingerprint -in server.pem
- b"C4:F5:8E:9D:A0:AC:85:24:9B:2D:AA:2C:EC:87:DB:5F:33:22:94:"
- b"01:94:DC:D3:42:4C:E4:B9:F5:0F:45:F2:24",
+ # openssl x509 -noout -sha256 -fingerprint
+ # -in src/twisted/test/server.pem
+ b"D6:F2:2C:74:3B:E2:5E:F9:CA:DA:47:08:14:78:20:75:78:95:9E:52"
+ b":BD:D2:7C:77:DD:D4:EE:DE:33:BF:34:40",
)
handshakeDeferred.addCallback(cbHandshook)
From 137a3a6fa27374ecb879c67557197a3f0b37aab1 Mon Sep 17 00:00:00 2001
From: Glyph <code@glyph.im>
Date: Wed, 14 Jun 2023 14:08:13 -0700
Subject: [PATCH 3/4] address review
---
src/twisted/test/server.pem | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/twisted/test/server.pem b/src/twisted/test/server.pem
index 6d2be8be95b..33fdbbd1cac 100644
--- a/src/twisted/test/server.pem
+++ b/src/twisted/test/server.pem
@@ -41,7 +41,7 @@ certificate_bytes = (
.not_valid_before(datetime.now())
.not_valid_after(datetime.now() + timedelta(seconds=60 * 60 * 24 * 365 * 100))
.subject_name(me)
- .add_extension(SubjectAlternativeName([DNSName("localhost")]), False)
+ .add_extension(SubjectAlternativeName([DNSName("localhost")]), critical=False)
.issuer_name(me)
.public_key(pk.public_key())
.sign(pk, algorithm=SHA256())
From c8dce7b42b13466afd24ea5f9bbfc9a1c08c585f Mon Sep 17 00:00:00 2001
From: Glyph <code@glyph.im>
Date: Wed, 14 Jun 2023 14:17:12 -0700
Subject: [PATCH 4/4] hooray, type stubs are updated too
---
src/twisted/internet/_sslverify.py | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/src/twisted/internet/_sslverify.py b/src/twisted/internet/_sslverify.py
index 6824482dc5b..d8f62e40954 100644
--- a/src/twisted/internet/_sslverify.py
+++ b/src/twisted/internet/_sslverify.py
@@ -159,11 +159,8 @@ def _selectVerifyImplementation():
)
try:
- from service_identity import VerificationError # type: ignore[import]
- from service_identity.pyopenssl import ( # type: ignore[import]
- verify_hostname,
- verify_ip_address,
- )
+ from service_identity import VerificationError
+ from service_identity.pyopenssl import verify_hostname, verify_ip_address
return verify_hostname, verify_ip_address, VerificationError
except ImportError as e:

360
remove-pynacl-optional-dependency.patch Normal file
View File

@@ -0,0 +1,360 @@
From 1716d312600a9c49279e6c15da9ad8ca21431580 Mon Sep 17 00:00:00 2001
From: Glyph <code@glyph.im>
Date: Thu, 8 Jun 2023 18:13:11 -0700
Subject: [PATCH 1/2] remove PyNaCl optional dependency
---
docs/installation/howto/optional.rst | 3 -
pyproject.toml | 6 -
src/twisted/conch/newsfragments/11871.removal | 1 +
src/twisted/conch/ssh/_keys_pynacl.py | 104 ------------
src/twisted/conch/ssh/keys.py | 9 +-
src/twisted/conch/test/test_keys.py | 157 +-----------------
tox.ini | 4 +-
7 files changed, 6 insertions(+), 278 deletions(-)
create mode 100644 src/twisted/conch/newsfragments/11871.removal
delete mode 100644 src/twisted/conch/ssh/_keys_pynacl.py
Index: Twisted-22.10.0/docs/installation/howto/optional.rst
===================================================================
--- Twisted-22.10.0.orig/docs/installation/howto/optional.rst
+++ Twisted-22.10.0/docs/installation/howto/optional.rst
@@ -67,7 +67,6 @@ The following optional dependencies are
.. _service_identity: https://pypi.python.org/pypi/service_identity
.. _pyasn1: https://pypi.python.org/pypi/pyasn1
.. _cryptography: https://pypi.python.org/pypi/cryptography
-.. _PyNaCl: https://pypi.python.org/pypi/PyNaCl
.. _SOAPpy: https://pypi.python.org/pypi/SOAPpy
.. _pyserial: https://pypi.python.org/pypi/pyserial
.. _pyobjc: https://pypi.python.org/pypi/pyobjc
Index: Twisted-22.10.0/src/twisted/conch/newsfragments/11871.removal
===================================================================
--- /dev/null
+++ Twisted-22.10.0/src/twisted/conch/newsfragments/11871.removal
@@ -0,0 +1 @@
+Due to changes in the way raw private key byte serialization are handled in Cryptography, and widespread support for Ed25519 in current versions of OpenSSL, we no longer support PyNaCl as a fallback for Ed25519 keys in Conch.
Index: Twisted-22.10.0/src/twisted/conch/ssh/_keys_pynacl.py
===================================================================
--- Twisted-22.10.0.orig/src/twisted/conch/ssh/_keys_pynacl.py
+++ /dev/null
@@ -1,104 +0,0 @@
-# -*- test-case-name: twisted.conch.test.test_keys -*-
-# Copyright (c) Twisted Matrix Laboratories.
-# See LICENSE for details.
-
-"""
-Optional PyNaCl fallback code for Ed25519 keys.
-"""
-
-from cryptography.exceptions import InvalidSignature
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric import ed25519
-from nacl.exceptions import BadSignatureError
-from nacl.signing import SigningKey, VerifyKey
-
-
-class Ed25519PublicKey(ed25519.Ed25519PublicKey):
- def __init__(self, data: bytes):
- self._key = VerifyKey(data)
-
- def __bytes__(self) -> bytes:
- return bytes(self._key)
-
- def __hash__(self) -> int:
- return hash(bytes(self))
-
- def __eq__(self, other: object) -> bool:
- if not isinstance(other, self.__class__):
- return False
- return self._key == other._key
-
- def __ne__(self, other: object) -> bool:
- return not (self == other)
-
- @classmethod
- def from_public_bytes(cls, data: bytes) -> ed25519.Ed25519PublicKey:
- return cls(data)
-
- def public_bytes(
- self,
- encoding: serialization.Encoding,
- format: serialization.PublicFormat,
- ) -> bytes:
- if (
- encoding is not serialization.Encoding.Raw
- or format is not serialization.PublicFormat.Raw
- ):
- raise ValueError("Both encoding and format must be Raw")
- return bytes(self)
-
- def verify(self, signature: bytes, data: bytes) -> None:
- try:
- self._key.verify(data, signature)
- except BadSignatureError as e:
- raise InvalidSignature(str(e))
-
-
-class Ed25519PrivateKey(ed25519.Ed25519PrivateKey):
- def __init__(self, data: bytes):
- self._key = SigningKey(data)
-
- def __bytes__(self) -> bytes:
- return bytes(self._key)
-
- def __hash__(self) -> int:
- return hash(bytes(self))
-
- def __eq__(self, other: object) -> bool:
- if not isinstance(other, self.__class__):
- return False
- return self._key == other._key
-
- def __ne__(self, other: object) -> bool:
- return not (self == other)
-
- @classmethod
- def generate(cls) -> ed25519.Ed25519PrivateKey:
- return cls(bytes(SigningKey.generate()))
-
- @classmethod
- def from_private_bytes(cls, data: bytes) -> ed25519.Ed25519PrivateKey:
- return cls(data)
-
- def public_key(self) -> ed25519.Ed25519PublicKey:
- return Ed25519PublicKey(bytes(self._key.verify_key))
-
- def private_bytes(
- self,
- encoding: serialization.Encoding,
- format: serialization.PrivateFormat,
- encryption_algorithm: serialization.KeySerializationEncryption,
- ) -> bytes:
- if (
- encoding is not serialization.Encoding.Raw
- or format is not serialization.PrivateFormat.Raw
- or not isinstance(encryption_algorithm, serialization.NoEncryption)
- ):
- raise ValueError(
- "Encoding and format must be Raw and "
- "encryption_algorithm must be NoEncryption"
- )
- return bytes(self)
-
- def sign(self, data: bytes) -> bytes:
- return self._key.sign(data).signature
Index: Twisted-22.10.0/src/twisted/conch/ssh/keys.py
===================================================================
--- Twisted-22.10.0.orig/src/twisted/conch/ssh/keys.py
+++ Twisted-22.10.0/src/twisted/conch/ssh/keys.py
@@ -14,7 +14,6 @@ import unicodedata
import warnings
from base64 import b64encode, decodebytes, encodebytes
from hashlib import md5, sha256
-from typing import Optional, Type
import bcrypt
from cryptography import utils
@@ -68,18 +67,8 @@ _secToNist = {
}
-Ed25519PublicKey: Optional[Type[ed25519.Ed25519PublicKey]]
-Ed25519PrivateKey: Optional[Type[ed25519.Ed25519PrivateKey]]
-
-if default_backend().ed25519_supported():
- Ed25519PublicKey = ed25519.Ed25519PublicKey
- Ed25519PrivateKey = ed25519.Ed25519PrivateKey
-else: # pragma: no cover
- try:
- from twisted.conch.ssh._keys_pynacl import Ed25519PrivateKey, Ed25519PublicKey
- except ImportError:
- Ed25519PublicKey = None
- Ed25519PrivateKey = None
+Ed25519PublicKey = ed25519.Ed25519PublicKey
+Ed25519PrivateKey = ed25519.Ed25519PrivateKey
class BadKeyError(Exception):
Index: Twisted-22.10.0/src/twisted/conch/test/test_keys.py
===================================================================
--- Twisted-22.10.0.orig/src/twisted/conch/test/test_keys.py
+++ Twisted-22.10.0/src/twisted/conch/test/test_keys.py
@@ -22,20 +22,15 @@ if cryptography is None:
skipCryptography = "Cannot run without cryptography."
pyasn1 = requireModule("pyasn1")
-_keys_pynacl = requireModule("twisted.conch.ssh._keys_pynacl")
-
if cryptography and pyasn1:
- from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from twisted.conch.ssh import common, keys, sexpy
- ED25519_SUPPORTED = (
- default_backend().ed25519_supported() or _keys_pynacl is not None
- )
+ ED25519_SUPPORTED = default_backend().ed25519_supported()
else:
ED25519_SUPPORTED = False
@@ -1676,156 +1671,6 @@ attr n:
)
-class PyNaClKeyTests(KeyTests):
- """
- Key tests, but forcing the use of C{PyNaCl}.
- """
-
- if cryptography is None:
- skip = skipCryptography
- if _keys_pynacl is None:
- skip = "Cannot run without PyNaCl"
-
- def setUp(self):
- super().setUp()
- self.patch(keys, "Ed25519PublicKey", _keys_pynacl.Ed25519PublicKey)
- self.patch(keys, "Ed25519PrivateKey", _keys_pynacl.Ed25519PrivateKey)
-
- def test_naclPrivateBytes(self):
- """
- L{_keys_pynacl.Ed25519PrivateKey.private_bytes} and
- L{_keys_pynacl.Ed25519PrivateKey.from_private_bytes} round-trip.
- """
- from cryptography.hazmat.primitives import serialization
-
- key = _keys_pynacl.Ed25519PrivateKey.generate()
- key_bytes = key.private_bytes(
- serialization.Encoding.Raw,
- serialization.PrivateFormat.Raw,
- serialization.NoEncryption(),
- )
- self.assertIsInstance(key_bytes, bytes)
- self.assertEqual(
- key, _keys_pynacl.Ed25519PrivateKey.from_private_bytes(key_bytes)
- )
-
- def test_naclPrivateBytesInvalidParameters(self):
- """
- L{_keys_pynacl.Ed25519PrivateKey.private_bytes} only accepts certain parameters.
- """
- from cryptography.hazmat.primitives import serialization
-
- key = _keys_pynacl.Ed25519PrivateKey.generate()
- self.assertRaises(
- ValueError,
- key.private_bytes,
- serialization.Encoding.PEM,
- serialization.PrivateFormat.Raw,
- serialization.NoEncryption(),
- )
- self.assertRaises(
- ValueError,
- key.private_bytes,
- serialization.Encoding.Raw,
- serialization.PrivateFormat.PKCS8,
- serialization.NoEncryption(),
- )
- self.assertRaises(
- ValueError,
- key.private_bytes,
- serialization.Encoding.Raw,
- serialization.PrivateFormat.Raw,
- serialization.BestAvailableEncryption(b"password"),
- )
-
- def test_naclPrivateHash(self):
- """
- L{_keys_pynacl.Ed25519PrivateKey.__hash__} allows instances to be hashed.
- """
- key = _keys_pynacl.Ed25519PrivateKey.generate()
- d = {key: True}
- self.assertTrue(d[key])
-
- def test_naclPrivateEquality(self):
- """
- L{_keys_pynacl.Ed25519PrivateKey} implements equality test methods.
- """
- key1 = _keys_pynacl.Ed25519PrivateKey.generate()
- key2 = _keys_pynacl.Ed25519PrivateKey.generate()
- self.assertEqual(key1, key1)
- self.assertNotEqual(key1, key2)
- self.assertNotEqual(key1, bytes(key1))
-
- def test_naclPublicBytes(self):
- """
- L{_keys_pynacl.Ed25519PublicKey.public_bytes} and
- L{_keys_pynacl.Ed25519PublicKey.from_public_bytes} round-trip.
- """
- from cryptography.hazmat.primitives import serialization
-
- key = _keys_pynacl.Ed25519PrivateKey.generate().public_key()
- key_bytes = key.public_bytes(
- serialization.Encoding.Raw, serialization.PublicFormat.Raw
- )
- self.assertIsInstance(key_bytes, bytes)
- self.assertEqual(
- key, _keys_pynacl.Ed25519PublicKey.from_public_bytes(key_bytes)
- )
-
- def test_naclPublicBytesInvalidParameters(self):
- """
- L{_keys_pynacl.Ed25519PublicKey.public_bytes} only accepts certain parameters.
- """
- from cryptography.hazmat.primitives import serialization
-
- key = _keys_pynacl.Ed25519PrivateKey.generate().public_key()
- self.assertRaises(
- ValueError,
- key.public_bytes,
- serialization.Encoding.PEM,
- serialization.PublicFormat.Raw,
- )
- self.assertRaises(
- ValueError,
- key.public_bytes,
- serialization.Encoding.Raw,
- serialization.PublicFormat.PKCS1,
- )
-
- def test_naclPublicHash(self):
- """
- L{_keys_pynacl.Ed25519PublicKey.__hash__} allows instances to be hashed.
- """
- key = _keys_pynacl.Ed25519PrivateKey.generate().public_key()
- d = {key: True}
- self.assertTrue(d[key])
-
- def test_naclPublicEquality(self):
- """
- L{_keys_pynacl.Ed25519PublicKey} implements equality test methods.
- """
- key1 = _keys_pynacl.Ed25519PrivateKey.generate().public_key()
- key2 = _keys_pynacl.Ed25519PrivateKey.generate().public_key()
- self.assertEqual(key1, key1)
- self.assertNotEqual(key1, key2)
- self.assertNotEqual(key1, bytes(key1))
-
- def test_naclVerify(self):
- """
- L{_keys_pynacl.Ed25519PublicKey.verify} raises appropriate exceptions.
- """
- key = _keys_pynacl.Ed25519PrivateKey.generate()
- self.assertIsInstance(key, keys.Ed25519PrivateKey)
- signature = key.sign(b"test data")
- self.assertIsNone(key.public_key().verify(signature, b"test data"))
- self.assertRaises(
- InvalidSignature, key.public_key().verify, signature, b"wrong data"
- )
- self.assertRaises(
- InvalidSignature, key.public_key().verify, b"0" * 64, b"test data"
- )
-
-
class PersistentRSAKeyTests(unittest.TestCase):
"""
Tests for L{keys._getPersistentRSAKey}.