- Add crypto-39.patch to make it work with python-cryptography >= 39.0.0

gh#OpenKMIP/PyKMIP#689

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-PyKMIP?expand=0&rev=14

crypto-39.patch

@@ -0,0 +1,79 @@
+From 3a50c8484e355e03bea1399f1e72b1c1ef716680 Mon Sep 17 00:00:00 2001
+From: Daniel Garcia Moreno <daniel.garcia@suse.com>
+Date: Thu, 26 Jan 2023 13:07:54 +0100
+Subject: [PATCH] Add cryptography >= 39.0.0 support
+
+The cryptography release 39.0.0 added a new parameter to the serializer
+that's required.
+
+https://cryptography.io/en/latest/changelog/#v39-0-0
+
+This patch fixes the tests test_encrypt_decrypt_asymmetric
+---
+ kmip/services/server/crypto/engine.py | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/kmip/services/server/crypto/engine.py b/kmip/services/server/crypto/engine.py
+index 838e1b92..e9e8593e 100644
+--- a/kmip/services/server/crypto/engine.py
++++ b/kmip/services/server/crypto/engine.py
+@@ -16,6 +16,7 @@
+ import logging
+ import os
+ 
++import cryptography
+ from cryptography import exceptions as errors
+ from cryptography.hazmat.backends import default_backend
+ from cryptography.hazmat.primitives import serialization, hashes, hmac, cmac
+@@ -930,17 +931,22 @@ def _decrypt_asymmetric(
+                 )
+ 
+             backend = default_backend()
++            params = {}
++            if cryptography.__version__ >= "39.0.0":
++                params["unsafe_skip_rsa_key_validation"] = False
+ 
+             try:
+                 private_key = backend.load_der_private_key(
+                     decryption_key,
+-                    None
++                    None,
++                    **params,
+                 )
+             except Exception:
+                 try:
+                     private_key = backend.load_pem_private_key(
+                         decryption_key,
+-                        None
++                        None,
++                        **params,
+                     )
+                 except Exception:
+                     raise exceptions.CryptographicFailure(
+@@ -1279,18 +1285,24 @@ def _create_RSA_private_key(self,
+                 RSA private key created from key bytes.
+         """
+ 
++        params = {}
++        if cryptography.__version__ >= "39.0.0":
++            params["unsafe_skip_rsa_key_validation"] = False
++
+         try:
+             private_key = serialization.load_pem_private_key(
+                 bytes,
+                 password=None,
+-                backend=default_backend()
++                backend=default_backend(),
++                **params,
+             )
+             return private_key
+         except Exception:
+             private_key = serialization.load_der_private_key(
+                 bytes,
+                 password=None,
+-                backend=default_backend()
++                backend=default_backend(),
++                **params,
+             )
+             return private_key
+ 

python-PyKMIP.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jan 26 12:36:34 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add crypto-39.patch to make it work with python-cryptography >= 39.0.0
+  gh#OpenKMIP/PyKMIP#689
+
 -------------------------------------------------------------------
 Wed May  4 09:55:17 UTC 2022 - pgajdos@suse.com
 

python-PyKMIP.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-PyKMIP
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,7 +16,6 @@
 #
 
 
-%{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %bcond_without python2
 Name:           python-PyKMIP
 Version:        0.10.0
@@ -31,6 +30,8 @@ Source:         https://files.pythonhosted.org/packages/source/P/PyKMIP/PyKMIP-%
 Patch0:         fix-tests-SQLAlchemy-140.patch
 # https://github.com/OpenKMIP/PyKMIP/issues/668
 Patch1:         python-PyKMIP-no-mock.patch
+# PATCH-FIX-OPENSUSE crypto-39.patch gh#OpenKMIP/PyKMIP#689
+Patch2:         crypto-39.patch
 BuildRequires:  %{python_module SQLAlchemy}
 BuildRequires:  %{python_module cryptography}
 BuildRequires:  %{python_module devel}
@@ -87,7 +88,8 @@ Standards`_ (OASIS). PyKMIP supports a subset of features in versions
 %files %{python_files}
 %license LICENSE.txt
 %doc README.rst
-%{python_sitelib}/*
+%{python_sitelib}/kmip
+%{python_sitelib}/PyKMIP-%{version}*-info
 %python_alternative %{_bindir}/pykmip-server
 
 %changelog