search

Mastercard / oauth1-signer-python

Python library for generating a Mastercard API compliant OAuth signature.
https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/
MIT License
29 stars 22 forks source link

[BUG] OAuth Signer incompatible with cryptography 41.0.5 #49

Closed aarontraynor closed 10 months ago

aarontraynor commented 10 months ago

Bug Report Checklist

Description When installing mastercard-oauth-signer, it pulls the latest version of cryptography as a dependency. 41.0.5 (released 24-Oct-2023) breaks the OAuth signer.

To Reproduce

import oauth1.authenticationutils as authenticationutils

signing_key = authenticationutils.load_signing_key(
    pkcs12_filename="./signing_certificate.p12",
    password="signing_password",
)

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/aaron/poetry-test/.venv/lib/python3.10/site-packages/oauth1/authenticationutils.py", line 33, in load_signing_key
    p12 = crypto.load_pkcs12(private_key_file.read(), password.encode("utf-8"))
  File "/Users/aaron/poetry-test/.venv/lib/python3.10/site-packages/cryptography/utils.py", line 71, in __getattr__
    obj = getattr(self._module, attr)
AttributeError: module 'OpenSSL.crypto' has no attribute 'load_pkcs12'

Expected behavior The code snippet provided should return a string containing the signing key.

Screenshots N/A

Additional context Downgrading to cryptography@41.0.4 resolves the issue.

Related issues/PRs N/A

Suggest a fix/enhancement It seems that OpenSSL.crypto.load_pkcs12 points to the Python interface rather than the concrete implementation of OpenSSL when using mastercard-oauth-signer@1.6.1 with cryptography@41.0.5.

ShimonaR-MC commented 10 months ago

Hi @aarontraynor

Thanks for raising this issue.

The latest version of pyOpenSSL - version 23.3.0 (2023-10-25) has removed support for OpenSSL.crypto.load_pkcs12, which is causing the build issue: AttributeError: module 'OpenSSL.crypto' has no attribute 'load_pkcs12' As a quick fix, we have restricted pyOpenSSL version to the previous version 23.2.0 for which this oauth signer library works. Refer: 23.3.0 (2023-10-25) https://pypi.org/project/pyOpenSSL/ https://github.com/pyca/pyopenssl/pull/1223/files

This issue has been addressed in the latest release v1.7.0.

Closing this thread.