From d8bab3010c11fc8f51cb62b9c7f5745c4e7e5ca0 Mon Sep 17 00:00:00 2001
From: Packit Service <user-cont-team+packit-service@redhat.com>
Date: Dec 09 2020 08:10:44 +0000
Subject: Prepare for a new update


Reverting patches so we can apply the latest update
and changes can be seen in the spec file and sources.

---

diff --git a/awscli/customizations/cloudfront.py b/awscli/customizations/cloudfront.py
index 48d6d8a..968a1c6 100644
--- a/awscli/customizations/cloudfront.py
+++ b/awscli/customizations/cloudfront.py
@@ -14,9 +14,7 @@ import sys
 import time
 import random
 
-from cryptography.hazmat.primitives import serialization, hashes
-from cryptography.hazmat.primitives.asymmetric import padding
-from cryptography.hazmat.backends import default_backend
+import rsa
 from botocore.utils import parse_to_aware_datetime
 from botocore.signers import CloudFrontSigner
 
@@ -256,16 +254,7 @@ class SignCommand(BasicCommand):
 
 class RSASigner(object):
     def __init__(self, private_key):
-        try:
-            self.priv_key = serialization.load_pem_private_key(
-                private_key.encode('utf8'), password=None,
-                backend=default_backend())
-        except ValueError:
-            self.priv_key = ''
+        self.priv_key = rsa.PrivateKey.load_pkcs1(private_key.encode('utf8'))
 
     def sign(self, message):
-        try:
-            return self.priv_key.sign(
-                message, padding.PKCS1v15(), hashes.SHA1())
-        except AttributeError:
-            return b''
+        return rsa.sign(message, self.priv_key, 'SHA-1')
diff --git a/awscli/customizations/cloudtrail/validation.py b/awscli/customizations/cloudtrail/validation.py
index 05cfec8..7079121 100644
--- a/awscli/customizations/cloudtrail/validation.py
+++ b/awscli/customizations/cloudtrail/validation.py
@@ -22,10 +22,8 @@ from zlib import error as ZLibError
 from datetime import datetime, timedelta
 from dateutil import tz, parser
 
-from cryptography.hazmat.primitives import serialization, hashes
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives.asymmetric import padding
-from cryptography.exceptions import InvalidSignature
+from pyasn1.error import PyAsn1Error
+import rsa
 
 from awscli.customizations.cloudtrail.utils import get_trail_by_arn, \
     get_account_id_from_arn
@@ -532,18 +530,20 @@ class Sha256RSADigestValidator(object):
         """
         try:
             decoded_key = base64.b64decode(public_key)
-            public_key = serialization.load_der_public_key(decoded_key,
-                backend=default_backend())
+            public_key = rsa.PublicKey.load_pkcs1(decoded_key, format='DER')
             to_sign = self._create_string_to_sign(digest_data, inflated_digest)
             signature_bytes = binascii.unhexlify(digest_data['_signature'])
-            public_key.verify(signature_bytes, to_sign, padding.PKCS1v15(),
-                hashes.SHA256())
-        except (ValueError, TypeError):
+            rsa.verify(to_sign, signature_bytes, public_key)
+        except PyAsn1Error:
             raise DigestError(
                 ('Digest file\ts3://%s/%s\tINVALID: Unable to load PKCS #1 key'
                  ' with fingerprint %s')
                 % (bucket, key, digest_data['digestPublicKeyFingerprint']))
-        except InvalidSignature:
+        except rsa.pkcs1.VerificationError:
+            # Note from the Python-RSA docs: Never display the stack trace of
+            # a rsa.pkcs1.VerificationError exception. It shows where in the
+            # code the exception occurred, and thus leaks information about
+            # the key.
             raise DigestSignatureError(bucket, key)
 
     def _create_string_to_sign(self, digest_data, inflated_digest):
diff --git a/awscli/customizations/ec2/decryptpassword.py b/awscli/customizations/ec2/decryptpassword.py
index 091b39f..9d11063 100644
--- a/awscli/customizations/ec2/decryptpassword.py
+++ b/awscli/customizations/ec2/decryptpassword.py
@@ -13,9 +13,7 @@
 import logging
 import os
 import base64
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives.asymmetric import padding
+import rsa
 from awscli.compat import six
 
 from botocore import model
@@ -111,11 +109,9 @@ class LaunchKeyArgument(BaseCLIArgument):
             try:
                 with open(self._key_path) as pk_file:
                     pk_contents = pk_file.read()
-                    private_key = serialization.load_pem_private_key(
-                        six.b(pk_contents), password=None,
-                        backend=default_backend())
+                    private_key = rsa.PrivateKey.load_pkcs1(six.b(pk_contents))
                     value = base64.b64decode(value)
-                    value = private_key.decrypt(value, padding.PKCS1v15())
+                    value = rsa.decrypt(value, private_key)
                     logger.debug(parsed)
                     parsed['PasswordData'] = value.decode('utf-8')
                     logger.debug(parsed)
diff --git a/requirements.txt b/requirements.txt
index 1c284d0..cb9be8e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,6 +9,6 @@ docutils>=0.10
 nose==1.3.0
 colorama>=0.2.5,<=0.3.7
 mock==1.3.0
-cryptography==2.0.3
+rsa>=3.1.2,<=3.5.0
 wheel==0.24.0
 PyYAML>=3.10,<=3.12