Skip to content

Commit

Permalink
Avoid module-level imports of oscrypt
Browse files Browse the repository at this point in the history 
Many dependents of minikerberos don't need `PKINIT`, so it makes sense
to import `oscrypt` only when needed. Especially because `oscrypt<=1.3.0` does
not work when `openssl>=3.0.10`.

See: wbond/oscrypto#78
  • Loading branch information
@AdrianVollmer
AdrianVollmer committed Dec 5, 2023
1 parent 1e8fa86 commit 0d45b19
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions minikerberos/pkinit.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,6 @@
from asn1crypto import x509
from asn1crypto import keys

from oscrypto.keys import parse_pkcs12
from oscrypto.asymmetric import rsa_pkcs1v15_sign, load_private_key

from minikerberos.protocol.constants import NAME_TYPE, MESSAGE_TYPE, PaDataType
from minikerberos.protocol.encryption import Enctype, _checksum_table, _enctype_table, Key
from minikerberos.protocol.structures import AuthenticatorChecksum
Expand Down Expand Up @@ -113,6 +110,8 @@ def from_windows_certstore(username, certstore_name = 'MY', cert_serial = None,

@staticmethod
def from_pfx(pfxfile, pfxpass, dh_params = None):
from oscrypto.keys import parse_pkcs12
from oscrypto.asymmetric import load_private_key
pkinit = PKINIT()
#print('Loading pfx12')
if isinstance(pfxpass, str):
Expand Down Expand Up @@ -330,6 +329,8 @@ def sign_authpack_native(self, data, wrap_signed = False):
2. the certificate used to sign the data blob
3. the singed 'signed_attrs' structure (ASN1) which points to the "data" structure (in point 1)
"""

from oscrypto.asymmetric import rsa_pkcs1v15_sign

da = {}
da['algorithm'] = algos.DigestAlgorithmId('1.3.14.3.2.26') # for sha1
Expand Down Expand Up @@ -456,4 +457,4 @@ def get_metadata(self, target = None):
md['Info'] = Info(info)
md['1'] = [CertIssuer({'data' : ci.dump()})]

return MetaData(md).dump()
return MetaData(md).dump()

0 comments on commit 0d45b19

Please sign in to comment.