From 6b1293fd6f5bcb35f317f36c540f543b1192928c Mon Sep 17 00:00:00 2001
From: Sean Dague <sean@dague.net>
Date: Tue, 10 May 2016 11:39:11 -0400
Subject: [PATCH] Drop paramiko < 2 compat code

This drops the paramiko < 2 compatibility code so we only need to
support one major version.

Depends-On: I2369638282b4fefccd8484a5039fcfa9795069a7
(global requirements change)

Change-Id: Ife4df9e64299e1182d77d568d1deed5ec3b608b3
Closes-Bug: #1483132
---
 nova/crypto.py                 | 33 +--------------------------------
 nova/tests/unit/test_crypto.py |  2 +-
 requirements.txt               |  1 -
 3 files changed, 2 insertions(+), 34 deletions(-)

diff --git a/nova/crypto.py b/nova/crypto.py
index 4db8ce02cb6b..f0b4e4ebb963 100644
--- a/nova/crypto.py
+++ b/nova/crypto.py
@@ -128,39 +128,8 @@ def generate_x509_fingerprint(pem_key):
                      'Error message: %s') % ex)
 
 
-def generate_key(bits):
-    """Generate a paramiko RSAKey"""
-    # NOTE(dims): pycryptodome has changed the signature of the RSA.generate
-    # call. specifically progress_func has been dropped. paramiko still uses
-    # pycrypto. However some projects like latest pysaml2 have switched from
-    # pycrypto to pycryptodome as pycrypto seems to have been abandoned.
-    # paramiko project has started transition to pycryptodome as well but
-    # there is no release yet with that support. So at the moment depending on
-    # which version of pysaml2 is installed, Nova is likely to break. So we
-    # call "RSA.generate(bits)" which works on both pycrypto and pycryptodome
-    # and then wrap it into a paramiko.RSAKey
-    #
-    # NOTE(coreywright): Paramiko 2 avoids this conundrum by migrating from
-    # PyCrypto/PyCryptodome to cryptography.
-    #
-    # TODO(coreywright): When Paramiko constraint is upgraded to 2.x, then
-    # remove this abstraction and replace the call to this function with a call
-    # to `paramiko.RSAKey.generate(bits)`.
-
-    if paramiko.__version_info__[0] == 2:
-        key = paramiko.RSAKey.generate(bits)
-    else:  # paramiko 1.x
-        from Crypto.PublicKey import RSA
-        rsa = RSA.generate(bits)
-        key = paramiko.RSAKey(vals=(rsa.e, rsa.n))
-        key.d = rsa.d
-        key.p = rsa.p
-        key.q = rsa.q
-    return key
-
-
 def generate_key_pair(bits=2048):
-    key = generate_key(bits)
+    key = paramiko.RSAKey.generate(bits)
     keyout = six.StringIO()
     key.write_private_key(keyout)
     private_key = keyout.getvalue()
diff --git a/nova/tests/unit/test_crypto.py b/nova/tests/unit/test_crypto.py
index ee733b0c5923..3d509fc46794 100644
--- a/nova/tests/unit/test_crypto.py
+++ b/nova/tests/unit/test_crypto.py
@@ -362,7 +362,7 @@ class KeyPairTest(test.NoDBTestCase):
         keyin.seek(0)
         key = paramiko.RSAKey.from_private_key(keyin)
 
-        with mock.patch.object(crypto, 'generate_key') as mock_generate:
+        with mock.patch.object(paramiko.RSAKey, 'generate') as mock_generate:
             mock_generate.return_value = key
             (private_key, public_key, fingerprint) = crypto.generate_key_pair()
             self.assertEqual(self.rsa_pub, public_key)
diff --git a/requirements.txt b/requirements.txt
index 4aaf74e8720c..3f73ac8dc759 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,7 +13,6 @@ lxml>=2.3 # BSD
 Routes!=2.0,!=2.1,!=2.3.0,>=1.12.3;python_version=='2.7' # MIT
 Routes!=2.0,!=2.3.0,>=1.12.3;python_version!='2.7' # MIT
 cryptography!=1.3.0,>=1.0 # BSD/Apache-2.0
-pycrypto>=2.6  # Public Domain
 WebOb>=1.2.3 # MIT
 greenlet>=0.3.2 # MIT
 PasteDeploy>=1.5.0 # MIT