From 724be8848a64bd668facdb11538efce932b4f436 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 18 Dec 2024 18:54:44 -0500 Subject: [PATCH] Convert `http01_example.py` to use cryptography's APIs (#10098) Co-authored-by: ohemorange --- acme/examples/http01_example.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/acme/examples/http01_example.py b/acme/examples/http01_example.py index ab62ecbcc..4a240afa0 100644 --- a/acme/examples/http01_example.py +++ b/acme/examples/http01_example.py @@ -28,6 +28,7 @@ Workflow: from contextlib import contextmanager from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa import josepy as jose import OpenSSL @@ -68,10 +69,9 @@ def new_csr_comp(domain_name, pkey_pem=None): """Create certificate signing request.""" if pkey_pem is None: # Create private key. - pkey = OpenSSL.crypto.PKey() - pkey.generate_key(OpenSSL.crypto.TYPE_RSA, CERT_PKEY_BITS) - pkey_pem = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, - pkey) + pkey = rsa.generate_private_key(public_exponent=65537, key_size=CERT_PKEY_BITS) + pkey_pem = pkey.public_bytes(serialization.Encoding.PEM) + csr_pem = crypto_util.make_csr(pkey_pem, [domain_name]) return pkey_pem, csr_pem @@ -201,8 +201,10 @@ def example_http(): # Revoke certificate fullchain_com = jose.ComparableX509( - OpenSSL.crypto.load_certificate( - OpenSSL.crypto.FILETYPE_PEM, fullchain_pem)) + OpenSSL.crypto.X509.from_cryptography( + x509.load_pem_x509_certificate(fullchain_pem) + ) + ) try: client_acme.revoke(fullchain_com, 0) # revocation reason = 0