AttributeError: '_RSAPublicKey' object has no attribute 'verifier'
falencastro opened this issue · 1 comments
falencastro commented
journalctl -u certmonger output:
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: 2024-09-17 16:33:49,102 __main__:ERROR:Traceback (most recent call last):
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: File "/usr/libexec/certmonger/cepces-submit", line 72, in main
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: result = operation()
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: ^^^^^^^^^^^
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: File "/usr/lib/python3/dist-packages/cepces/certmonger/operation.py", line 254, in __call__
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: certs = list(self._service.certificate_chain or [])
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: File "/usr/lib/python3/dist-packages/cepces/core.py", line 161, in certificate_chain
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: return reversed(self._resolve_chain(data))
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: File "/usr/lib/python3/dist-packages/cepces/core.py", line 325, in _resolve_chain
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: parent = self._resolve_chain(r.text, cert)
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: File "/usr/lib/python3/dist-packages/cepces/core.py", line 295, in _resolve_chain
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: elif self._verify_certificate_signature(child, cert):
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: File "/usr/lib/python3/dist-packages/cepces/core.py", line 250, in _verify_certificate_signature
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: verifier = issuer_public_key.verifier(
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: ^^^^^^^^^^^^^^^^^^^^^^^^^^
Sep 17 16:33:49 server1.domain1.local certmonger[37970]: AttributeError: '_RSAPublicKey' object has no attribute 'verifier'Environment:
OS: Ubuntu 24.04.1 LTS
Python: 3.12.3
python3-cepces: 0.3.7-0ubuntu1
python3-cryptography: 41.0.7-4ubuntu0.1
Cryptography deprecated _RSAPublicKey.verifier method in release 2.0 and removed it in release 37 pr changelog in favor of .verify, which also requires an additional parameter.
We managed to workaround with this patch:
diff --git a/cepces/core.py b/cepces/core.py
index d642f09..a54aeaa 100644
--- a/cepces/core.py
+++ b/cepces/core.py
@@ -243,25 +243,23 @@ class Service(Base):
"""
sig_hash_alg = cert.signature_hash_algorithm
sig_bytes = cert.signature
+ sig_data = cert.tbs_certificate_bytes
issuer_public_key = issuer.public_key()
# Check the type of public key
if isinstance(issuer_public_key, rsa.RSAPublicKey):
- verifier = issuer_public_key.verifier(
- sig_bytes, padding.PKCS1v15(), sig_hash_alg,
+ verifier = issuer_public_key.verify(
+ sig_bytes, sig_data, padding.PKCS1v15(), sig_hash_alg,
)
elif isinstance(issuer_public_key, ec.EllipticCurvePublicKey):
- verifier = issuer_public_key.verifier(
- sig_bytes, ec.ECDSA(sig_hash_alg),
+ verifier = issuer_public_key.verify(
+ sig_bytes, sig_data, ec.ECDSA(sig_hash_alg),
)
else:
- verifier = issuer_public_key.verifier(
- sig_bytes, sig_hash_alg,
+ verifier = issuer_public_key.verify(
+ sig_bytes, sig_data, sig_hash_alg,
)
- verifier.update(cert.tbs_certificate_bytes)
- verifier.verify()
-
return True
def _resolve_chain(self, data, child=None):dmulder commented
Please submit your patches as an MR, and reference this issue.