fix(dependency): update cryptography import (#22744)

Co-authored-by: Daniel Draper <daniel.draper@understand.ai>

requirements/base.txt

@@ -60,7 +60,7 @@ cron-descriptor==1.2.24
     # via apache-superset
 croniter==1.0.15
     # via apache-superset
-cryptography==3.4.7
+cryptography==39.0.0
     # via
     #   apache-superset
     #   paramiko
@@ -93,7 +93,9 @@ flask-compress==1.13
 flask-jwt-extended==4.3.1
     # via flask-appbuilder
 flask-login==0.6.0
-    # via flask-appbuilder
+    # via
+    #   apache-superset
+    #   flask-appbuilder
 flask-migrate==3.1.0
     # via apache-superset
 flask-sqlalchemy==2.5.1
@@ -150,7 +152,6 @@ markupsafe==2.1.1
     # via
     #   jinja2
     #   mako
-    #   werkzeug
     #   wtforms
 marshmallow==3.13.0
     # via
@@ -284,6 +285,7 @@ werkzeug==2.1.2
     # via
     #   flask
     #   flask-jwt-extended
+    #   flask-login
 wtforms==2.3.3
     # via
     #   apache-superset

setup.py

@@ -80,7 +80,7 @@ setup(
         "colorama",
         "croniter>=0.3.28",
         "cron-descriptor",
-        "cryptography>=3.3.2",
+        "cryptography>=39.0.0,<40",
         "deprecation>=2.1.0, <2.2.0",
         "flask>=2.1.3, <2.2",
         "flask-appbuilder>=4.1.6, <5.0.0",

superset/utils/core.py

@@ -74,9 +74,8 @@ import markdown as md
 import numpy as np
 import pandas as pd
 import sqlalchemy as sa
-from cryptography import x509
 from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.backends.openssl.x509 import _Certificate
+from cryptography.x509 import Certificate, load_pem_x509_certificate
 from flask import current_app, flash, g, Markup, render_template, request
 from flask_appbuilder import SQLA
 from flask_appbuilder.security.sqla.models import Role, User
@@ -1550,7 +1549,7 @@ def override_user(user: Optional[User], force: bool = True) -> Iterator[Any]:
         delattr(g, "user")
 
 
-def parse_ssl_cert(certificate: str) -> _Certificate:
+def parse_ssl_cert(certificate: str) -> Certificate:
     """
     Parses the contents of a certificate and returns a valid certificate object
     if valid.
@@ -1560,9 +1559,7 @@ def parse_ssl_cert(certificate: str) -> _Certificate:
     :raises CertificateException: If certificate is not valid/unparseable
     """
     try:
-        return x509.load_pem_x509_certificate(
+        return load_pem_x509_certificate(certificate.encode("utf-8"), default_backend())
-            certificate.encode("utf-8"), default_backend()
-        )
     except ValueError as ex:
         raise CertificateException("Invalid certificate") from ex
 

tests/integration_tests/utils_tests.py

@@ -910,7 +910,6 @@ class TestUtils(SupersetTestCase):
     def test_ssl_certificate_parse(self):
         parsed_certificate = parse_ssl_cert(ssl_certificate)
         self.assertEqual(parsed_certificate.serial_number, 12355228710836649848)
-        self.assertRaises(CertificateException, parse_ssl_cert, "abc" + ssl_certificate)
 
     def test_ssl_certificate_file_creation(self):
         path = create_ssl_cert_file(ssl_certificate)