From 1f9ad28193351382f53efac8a6427846fd81ba17 2024-02-23 22:17:59
From: Branko Majic <branko@majic.rs>
Date: 2024-02-23 22:17:59
Subject: [PATCH] GC-45: Upgrade to cryptographyt version 42.0:

- Passing in backend is no longer required/possible.

---

diff --git a/gimmecert/crypto.py b/gimmecert/crypto.py
index 4410a6c77c8235e537d02a986b86c44c9e525b05..a8a12b2a0068885dce889a8f0482ab2c3e2e60e0 100644
--- a/gimmecert/crypto.py
+++ b/gimmecert/crypto.py
@@ -85,13 +85,11 @@ class KeyGenerator:
 
             private_key = cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key(
                 public_exponent=rsa_public_exponent,
-                key_size=self._parameters,
-                backend=cryptography.hazmat.backends.default_backend()
+                key_size=self._parameters
             )
         else:
             private_key = cryptography.hazmat.primitives.asymmetric.ec.generate_private_key(
-                curve=self._parameters,
-                backend=cryptography.hazmat.backends.default_backend()
+                curve=self._parameters
             )
 
         return private_key
@@ -183,8 +181,7 @@ def issue_certificate(issuer_dn, subject_dn, signing_key, public_key, not_before
 
     certificate = builder.sign(
         private_key=signing_key,
-        algorithm=cryptography.hazmat.primitives.hashes.SHA256(),
-        backend=cryptography.hazmat.backends.default_backend()
+        algorithm=cryptography.hazmat.primitives.hashes.SHA256()
     )
 
     return certificate
@@ -434,8 +431,7 @@ def generate_csr(name, private_key):
 
     csr = builder.sign(
         private_key,
-        cryptography.hazmat.primitives.hashes.SHA256(),
-        cryptography.hazmat.backends.default_backend()
+        cryptography.hazmat.primitives.hashes.SHA256()
     )
 
     return csr
diff --git a/gimmecert/storage.py b/gimmecert/storage.py
index b9c8f0fe8677cbb6b6e53b822ee176a45c5f7255..cec0800dc2c1b196652bd68013f07f8ad0c97e6d 100644
--- a/gimmecert/storage.py
+++ b/gimmecert/storage.py
@@ -171,8 +171,7 @@ def read_private_key(private_key_path):
     with open(private_key_path, 'rb') as private_key_file:
         private_key = cryptography.hazmat.primitives.serialization.load_pem_private_key(
             private_key_file.read(),
-            None,  # no password
-            cryptography.hazmat.backends.default_backend()
+            None  # no password
         )
 
     return private_key
@@ -192,8 +191,7 @@ def read_certificate(certificate_path):
     """
     with open(certificate_path, 'rb') as certificate_file:
         certificate = cryptography.x509.load_pem_x509_certificate(
-            certificate_file.read(),
-            cryptography.hazmat.backends.default_backend()
+            certificate_file.read()
         )
 
     return certificate
@@ -232,8 +230,7 @@ def read_csr(csr_path):
 
     with open(csr_path, 'rb') as csr_file:
         csr = cryptography.x509.load_pem_x509_csr(
-            csr_file.read(),
-            cryptography.hazmat.backends.default_backend()
+            csr_file.read()
         )
 
     return csr
diff --git a/gimmecert/utils.py b/gimmecert/utils.py
index 8ae4d48c7ea16bbeb1e4e0a70827997e0190cb7d..86fa5e7378ca356088dc129196e82eb0ff3e75aa 100644
--- a/gimmecert/utils.py
+++ b/gimmecert/utils.py
@@ -156,8 +156,7 @@ def csr_from_pem(csr_pem):
     """
 
     csr = cryptography.x509.load_pem_x509_csr(
-        bytes(csr_pem, encoding='utf8'),
-        cryptography.hazmat.backends.default_backend()
+        bytes(csr_pem, encoding='utf8')
     )
 
     return csr
diff --git a/setup.py b/setup.py
index 03591a64bffa92e6b4943b5a8295eec63fc68e96..5246d1e57fa3b8c9094c0f0e91e1bacbd0e355a3 100755
--- a/setup.py
+++ b/setup.py
@@ -27,7 +27,7 @@ README = open(os.path.join(os.path.dirname(__file__), 'README.rst')).read()
 python_requirements = ">=3.8,<3.10"
 
 install_requirements = [
-    'cryptography>=3.2,<3.3',
+    'cryptography>=42.0,<42.1',
     'python-dateutil>=2.8,<2.9',
 ]
 
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 1000fc0efcd5a6dd7bbec9f4975dfe8d1e0c9f6f..77294cb724f0d25e4d11eff3c3be9ac5146d7cba 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -23,7 +23,6 @@ import datetime
 import io
 
 import cryptography.x509
-import cryptography.hazmat.backends
 
 import gimmecert.crypto
 import gimmecert.utils
@@ -40,8 +39,7 @@ def test_certificate_to_pem_returns_valid_pem():
     certificate_pem = gimmecert.utils.certificate_to_pem(certificate)
 
     assert isinstance(certificate_pem, str)
-    certificate_from_pem = cryptography.x509.load_pem_x509_certificate(bytes(certificate_pem, encoding='UTF-8'),
-                                                                       cryptography.hazmat.backends.default_backend())  # Should not throw
+    certificate_from_pem = cryptography.x509.load_pem_x509_certificate(bytes(certificate_pem, encoding='UTF-8'))  # Should not throw
     assert certificate_from_pem.subject == certificate.subject
     assert certificate_from_pem.issuer == certificate.issuer