upstream/oracle/pkg-gate: comparison src/modules/client/image.py

equal deleted inserted replaced

-:f727edff50bd
+:52e8eec3014c
 #
 # Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
 #
-import M2Crypto as m2
 import atexit
 import calendar
 import collections
 import copy
 import datetime
 import sys
 import tempfile
 import time
 from contextlib import contextmanager
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
 from six.moves.urllib.parse import quote, unquote
 import pkg.actions
 import pkg.catalog
 import pkg.client.api_errors            as apx
 for fn in os.listdir(trust_anchor_loc):
 pth = os.path.join(trust_anchor_loc, fn)
 if os.path.islink(pth):
 continue
 try:
-trusted_ca = m2.X509.load_cert(pth)
+with open(pth, "rb") as f:
-except m2.X509.X509Error as e:
+raw = f.read()
+trusted_ca = \
+x509.load_pem_x509_certificate(
+raw, default_backend())
+except (ValueError, IOError) as e:
 self.__bad_trust_anchors.append(
 (pth, str(e)))
 else:
-# M2Crypto's subject hash doesn't match
+# We store certificates internally by
-# openssl's subject hash so recompute it
+# the SHA-1 hash of its subject.
-# so all hashes are in the same
+s = hashlib.sha1(misc.force_bytes(
-# universe.
+trusted_ca.subject)).hexdigest()
-s = trusted_ca.get_subject().as_hash()
 self.__trust_anchors.setdefault(s, [])
 self.__trust_anchors[s].append(
 trusted_ca)
 for s in pkg_trust_anchors:
 if s not in self.__trust_anchors: