Merge pull request #61 from alexanderjordanbaker/BumpCryptoMaxVersions

alexanderjordanbaker · web-flow · commit dbbd735e8c3e · 2024-02-22T00:30:07.000-08:00
Bump cryptography and pyOpenSSL maximum version
diff --git a/requirements.txt b/requirements.txt
@@ -1,7 +1,7 @@
 attrs >= 21.3.0
 PyJWT >= 2.6.0, < 3
 requests >= 2.28.0, < 3
-cryptography >= 40.0.0, < 42
-pyOpenSSL >= 23.1.1, < 24
+cryptography >= 40.0.0, < 43
+pyOpenSSL >= 23.1.1, < 25
 asn1==2.7.0
 cattrs==23.1.2
diff --git a/tests/util.py b/tests/util.py
@@ -15,11 +15,11 @@
 def create_signed_data_from_json(path: str) -> str:
     data = read_data_from_file(path)
     decoded_data = json.loads(data)
-    private_key = ec.generate_private_key(ES256).private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()).decode()
+    private_key = ec.generate_private_key(ec.SECP256R1).private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()).decode()
     return jwt.encode(payload=decoded_data, key=private_key, algorithm='ES256')
 
 def decode_json_from_signed_date(data: str) -> Dict[str, Any]:
-    public_key = ec.generate_private_key(ES256).public_key().public_bytes(encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo).decode()
+    public_key = ec.generate_private_key(ec.SECP256R1).public_key().public_bytes(encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo).decode()
     return decode_complete(jwt=data, key=public_key, algorithms=['ES256'], options={"verify_signature": False})
 
 def read_data_from_file(path: str) -> str:
@@ -32,10 +32,6 @@ def read_data_from_binary_file(path: str) -> str:
     with open(full_path, mode='rb') as test_file:
         return test_file.read()
 
-class ES256(ec.EllipticCurve):
-    name="prime256v1"
-    key_size = 256
-
 def get_signed_data_verifier(env: Environment, bundle_id: str, app_apple_id: int = 1234) -> SignedDataVerifier:
     verifier = SignedDataVerifier([read_data_from_binary_file('tests/resources/certs/testCA.der')], False, env, bundle_id, app_apple_id)
     verifier._chain_verifier.enable_strict_checks = False # We don't have authority identifiers on test certs
