Merge branch 'main' into dependabot/pip/pycryptodome-3.19.1

Mastercard · Feb 20, 2024 · 72c3b16 · 72c3b16
2 parents d5fe2d1 + fa19709
commit 72c3b16
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 15 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -15,16 +15,10 @@ jobs:
     strategy:
       matrix:
         python-version:
-          - 3.6
-          - 3.7
           - 3.8
           - 3.9
         include:
           - os: "ubuntu-latest"
-          # There is no build for Python 3.6 in ubuntu>20.04.
-          # This unclude can be removed when we drop support for Python 3.6.
-          - os: "ubuntu-20.04"
-            python-version: "3.6"
     steps:
       - uses: actions/checkout@v2
         with:

diff --git a/README.md b/README.md
@@ -13,6 +13,7 @@
 - [Overview](#overview)
   * [Compatibility](#compatibility)
   * [References](#references)
+  * [Versioning and Deprecation Policy](#versioning)
 - [Usage](#usage)
   * [Prerequisites](#prerequisites)
   * [Adding the Library to Your Project](#adding-the-library-to-your-project)
@@ -26,12 +27,15 @@
 This is the Python version of the Mastercard compliant payload encryption/decryption.
 
 ### Compatibility <a name="compatibility"></a>
-Python 3.6+
+Python 3.8+
 
 ### References <a name="references"></a>
 * [JSON Web Encryption (JWE)](https://datatracker.ietf.org/doc/html/rfc7516)
 * [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/)
 
+### Versioning and Deprecation Policy <a name="versioning"></a>
+* [Mastercard Versioning and Deprecation Policy](https://github.com/Mastercard/.github/blob/main/CLIENT_LIBRARY_DEPRECATION_POLICY.md)
+
 ## Usage <a name="usage"></a>
 ### Prerequisites <a name="prerequisites"></a>
 Before using this library, you will need to set up a project in the [Mastercard Developers Portal](https://developer.mastercard.com). 

diff --git a/client_encryption/encryption_utils.py b/client_encryption/encryption_utils.py
@@ -1,8 +1,9 @@
 from Crypto.PublicKey import RSA
 from Crypto.Hash import SHA1, SHA224, SHA256, SHA384, SHA512
-from OpenSSL.crypto import load_certificate, load_pkcs12, dump_privatekey, FILETYPE_PEM, FILETYPE_ASN1, Error
+from OpenSSL.crypto import load_certificate, FILETYPE_PEM, FILETYPE_ASN1, Error
 from client_encryption.encryption_exception import CertificateError, PrivateKeyError, HashAlgorithmError
-
+from cryptography.hazmat.primitives.serialization import pkcs12 
+from cryptography.hazmat.primitives import serialization
 
 _SUPPORTED_HASH = {"SHA1": SHA1, "SHA224": SHA224, "SHA256": SHA256, "SHA384": SHA384, "SHA512": SHA512}
 
@@ -40,11 +41,10 @@ def load_decryption_key(key_file_path, decryption_key_password=None):
         raise PrivateKeyError("Wrong decryption key format.")
 
 
-def __load_pkcs12_private_key(pkcs12_key, password):
+def __load_pkcs12_private_key(pkcs_file, password):
     """Load a private key in ASN1 format out of a PKCS#12 container."""
-
-    pkcs12 = load_pkcs12(pkcs12_key, password.encode("utf-8")).get_privatekey()
-    return dump_privatekey(FILETYPE_ASN1, pkcs12)
+    private_key, certs, addcerts = pkcs12.load_key_and_certificates(pkcs_file, password.encode("utf-8"))
+    return private_key.private_bytes(serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, serialization.NoEncryption())
 
 
 def __get_crypto_file_type(file_content):

diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,4 @@
 pycryptodome==3.19.1
-pyOpenSSL>=22.1.0,<=23.2.0
 setuptools>=39.0.1
 coverage>=4.5.3
-cryptography>=39.0.0
+cryptography>=42.0.0