Skip to content

Try using default_backend() instead of None #18611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
LarryOsterman merged 1 commit into from
May 10, 2021
Merged

Try using default_backend() instead of None #18611

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion sdk/attestation/azure-security-attestation/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -297,7 +297,7 @@ Use `GetSigningCertificatesAsync` to retrieve the certificates which can be used
```python
signers = attest_client.get_signing_certificates()
for signer in signers:
cert = cryptography.x509.load_der_x509_certificate(signer.certificates[0], backend=None)
cert = cryptography.x509.load_der_x509_certificate(signer.certificates[0], backend=default_backend())
print('Cert iss:', cert.issuer, '; subject:', cert.subject)
```

Expand Down
5 changes: 3 additions & 2 deletions sdk/attestation/azure-security-attestation/azure/security/attestation/_models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
from ._common import Base64Url
from ._generated.models import PolicyResult, AttestationResult, StoredAttestationPolicy, JSONWebKey, CertificateModification, AttestationType
from typing import Any, Callable, List, Type, TypeVar, Generic, Union
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKey
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
from cryptography.x509 import Certificate, load_der_x509_certificate
Expand Down Expand Up @@ -132,7 +133,7 @@ class AttestationSigningKey(object):
def __init__(self, signing_key_der, certificate_der):
# type: (bytes, bytes) -> None
signing_key = serialization.load_der_private_key(signing_key_der, password=None)
certificate = load_der_x509_certificate(certificate_der, backend=None)
certificate = load_der_x509_certificate(certificate_der, backend=default_backend())

self._signing_key = signing_key
self._certificate = certificate
Expand Down Expand Up @@ -426,7 +427,7 @@ def _validate_signature(self, candidate_certificates):
signed_data = Base64Url.encode(
self.header_bytes)+'.'+Base64Url.encode(self.body_bytes)
for signer in candidate_certificates:
cert = load_der_x509_certificate(signer.certificates[0], backend=None)
cert = load_der_x509_certificate(signer.certificates[0], backend=default_backend())
signer_key = cert.public_key()
# Try to verify the signature with this candidate.
# If it doesn't work, try the next signer.
Expand Down
7 changes: 4 additions & 3 deletions sdk/attestation/azure-security-attestation/tests/test_attestation.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
from logging import fatal
from typing import Any, ByteString
import unittest
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from devtools_testutils import AzureTestCase, PowerShellPreparer
import functools
Expand Down Expand Up @@ -182,23 +183,23 @@ def test_shared_getsigningcertificates(self, attestation_location_short_name):
attest_client = self.shared_client(attestation_location_short_name)
signers = attest_client.get_signing_certificates()
for signer in signers:
x5c = cryptography.x509.load_der_x509_certificate(signer.certificates[0], backend=None)
x5c = cryptography.x509.load_der_x509_certificate(signer.certificates[0], backend=default_backend())

@AttestationPreparer()
def test_aad_getsigningcertificates(self, attestation_aad_url):
#type: (str) -> None
attest_client = self.create_client(attestation_aad_url)
signers = attest_client.get_signing_certificates()
for signer in signers:
cert = cryptography.x509.load_der_x509_certificate(signer.certificates[0], backend=None)
cert = cryptography.x509.load_der_x509_certificate(signer.certificates[0], backend=default_backend())

@AttestationPreparer()
def test_isolated_getsigningcertificates(self, attestation_isolated_url):
#type: (str) -> None
attest_client = self.create_client(attestation_isolated_url)
signers = attest_client.get_signing_certificates()
for signer in signers:
cert = cryptography.x509.load_der_x509_certificate(signer.certificates[0], backend=None)
cert = cryptography.x509.load_der_x509_certificate(signer.certificates[0], backend=default_backend())

def _test_attest_open_enclave(self, client_uri):
#type: (str) -> None
Expand Down