diff --git a/paas2/VERSION b/paas2/VERSION index 24b487400..2efc6321d 100644 --- a/paas2/VERSION +++ b/paas2/VERSION @@ -1 +1 @@ -2.14.66 +2.14.67 diff --git a/paas2/esb/esb/utils/jwt_utils.py b/paas2/esb/esb/utils/jwt_utils.py index 9ae347869..d9dd6eaa7 100644 --- a/paas2/esb/esb/utils/jwt_utils.py +++ b/paas2/esb/esb/utils/jwt_utils.py @@ -10,21 +10,33 @@ specific language governing permissions and limitations under the License. """ -from builtins import object import time +from builtins import object import jwt -from Crypto.PublicKey import RSA +from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives.asymmetric import rsa + from esb.utils.func_ctrl import FunctionControllerClient -from jwt.algorithms import has_crypto -from jwt.contrib.algorithms.pycrypto import RSAAlgorithm class JWTKey(object): def generate(self, length=2048): - key = RSA.generate(length) - private_key = key.exportKey() - public_key = key.publickey().exportKey() + # public_exponent (int) – The public exponent of the new key. Either 65537 or 3 (for legacy purposes). + # Almost everyone should use 65537. + # more: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#generation + key = rsa.generate_private_key(public_exponent=65537, key_size=length) + + private_key = key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption(), + ) + + public_key = key.public_key().public_bytes( + encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo + ) + return private_key, public_key def get_private_key(self): @@ -84,10 +96,3 @@ def encode(self): self.prepare_payload(now) return jwt.encode(self.payload, private_key, algorithm=self.ALGORITHM, headers=self.headers) - - -# replace cryptography with pycrypto -if has_crypto: - jwt.unregister_algorithm(JWTClient.ALGORITHM) - -jwt.register_algorithm(JWTClient.ALGORITHM, RSAAlgorithm(RSAAlgorithm.SHA512)) diff --git a/paas2/esb/pyproject.toml b/paas2/esb/pyproject.toml index ab1cf2e8e..8bfdbe571 100644 --- a/paas2/esb/pyproject.toml +++ b/paas2/esb/pyproject.toml @@ -27,7 +27,7 @@ gevent = "1.1.2" cachetools = "3.1.1" enum34 = "1.1.6" ConcurrentLogHandler = "0.9.1" -pycryptodome = "3.20.0" +cryptography==3.4.8 PyJWT = "1.4.2" gunicorn = "19.9.0" uWSGI = "2.0.13.1" diff --git a/paas2/esb/requirements.txt b/paas2/esb/requirements.txt index c289c925b..25728fd7c 100644 --- a/paas2/esb/requirements.txt +++ b/paas2/esb/requirements.txt @@ -29,7 +29,7 @@ pluggy==0.13.1; python_version >= "2.7" and python_full_version < "3.0.0" or pyt py==1.10.0; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" pyasn1==0.4.8 pycparser==2.20; (python_version >= "2.7" and python_full_version < "3.0.0") or (python_full_version >= "3.4.0") -pycryptodome==3.20.0 +cryptography==3.4.8 pygments==2.1.3 pyjwt==1.4.2 pymysql==0.6.7 diff --git a/paas2/esb/requirements_dev.txt b/paas2/esb/requirements_dev.txt index 4b8b5ed15..c3e2f47c4 100644 --- a/paas2/esb/requirements_dev.txt +++ b/paas2/esb/requirements_dev.txt @@ -55,7 +55,7 @@ py==1.10.0; python_version >= "2.7" and python_full_version < "3.0.0" or python_ pyasn1==0.4.8 pycodestyle==2.7.0; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" pycparser==2.20; (python_version >= "2.7" and python_full_version < "3.0.0") or (python_full_version >= "3.4.0") -pycryptodome==3.20.0 +cryptography==3.4.8 pyflakes==2.3.0; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.5.0" pygments==2.1.3 pyjwt==1.4.2 diff --git a/paas2/release.md b/paas2/release.md index c5697a8ee..169727393 100644 --- a/paas2/release.md +++ b/paas2/release.md @@ -1,5 +1,8 @@ Release Log =============================== +# 2.14.67 + - esb: use cryptography==3.4.8 + # 2.14.66 - all: replace pycrypto with pycryptodome==3.20.0