From 43d42d07dfd9faae5822018f800f08707c0b6bbe Mon Sep 17 00:00:00 2001
From: Rui Yuan Dou <rydou@fiberhome.com>
Date: Mon, 24 Apr 2017 16:44:59 +0800
Subject: [PATCH] Use cryptography instead of pycrypto

pycrypto is no longer maintained [1]. This patch rewrites functions
using pycrypto and replaces them with the cryptography equivalent

[1] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113568.html

Change-Id: I375b5876ec2f4c4f32b9f6b3f41d209a59a0f615
---
 kolla_ansible/cmd/genpwd.py | 21 +++++++++++++++++----
 requirements.txt            |  1 +
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/kolla_ansible/cmd/genpwd.py b/kolla_ansible/cmd/genpwd.py
index 3d0c01ea0b..cc2b1ee1be 100755
--- a/kolla_ansible/cmd/genpwd.py
+++ b/kolla_ansible/cmd/genpwd.py
@@ -19,7 +19,9 @@ import random
 import string
 import sys
 
-from Crypto.PublicKey import RSA
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives import serialization
 from hashlib import md5
 from hashlib import sha256
 from oslo_utils import uuidutils
@@ -35,9 +37,20 @@ if PROJECT_ROOT not in sys.path:
 
 
 def generate_RSA(bits=4096):
-    new_key = RSA.generate(bits, os.urandom)
-    private_key = new_key.exportKey("PEM")
-    public_key = new_key.publickey().exportKey("OpenSSH")
+    new_key = rsa.generate_private_key(
+        public_exponent=65537,
+        key_size=bits,
+        backend=default_backend()
+    )
+    private_key = new_key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.PKCS8,
+        encryption_algorithm=serialization.NoEncryption()
+    )
+    public_key = new_key.public_key().public_bytes(
+        encoding=serialization.Encoding.OpenSSH,
+        format=serialization.PublicFormat.OpenSSH
+    )
     return private_key, public_key
 
 
diff --git a/requirements.txt b/requirements.txt
index 15781f207f..049d7e5959 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,3 +10,4 @@ oslo.utils>=3.20.0 # Apache-2.0
 setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,!=34.3.2,>=16.0 # PSF/ZPL
 PyYAML>=3.10.0 # MIT
 netaddr!=0.7.16,>=0.7.13 # BSD
+cryptography>=1.6 # BSD/Apache-2.0