From 7289ed6e3ae919f66dc641fd0b9598c5cf73dfa1 Mon Sep 17 00:00:00 2001
From: Daniel Draper <daniel.draper@understand.ai>
Date: Mon, 16 Jan 2023 17:27:54 +0100
Subject: [PATCH 1/9] restrict cryptography version

---
 setup.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/setup.py b/setup.py
index dc546e5a6030c..68f8018135b46 100644
--- a/setup.py
+++ b/setup.py
@@ -80,7 +80,7 @@ def get_git_sha() -> str:
         "colorama",
         "croniter>=0.3.28",
         "cron-descriptor",
-        "cryptography>=3.3.2",
+        "cryptography>=3.3.2,<39.0.0",
         "deprecation>=2.1.0, <2.2.0",
         "flask>=2.1.3, <2.2",
         "flask-appbuilder>=4.1.6, <5.0.0",
@@ -168,9 +168,7 @@ def get_git_sha() -> str:
         "prophet": ["prophet>=1.0.1, <1.1", "pystan<3.0"],
         "redshift": ["sqlalchemy-redshift>=0.8.1, < 0.9"],
         "rockset": ["rockset>=0.8.10, <0.9"],
-        "shillelagh": [
-            "shillelagh[datasetteapi,gsheetsapi,socrata,weatherapi]>=1.1.1, <2"
-        ],
+        "shillelagh": ["shillelagh[datasetteapi,gsheetsapi,socrata,weatherapi]>=1.1.1, <2"],
         "snowflake": ["snowflake-sqlalchemy>=1.2.4, <2"],
         "spark": ["pyhive[hive]>=0.6.5", "tableschema", "thrift>=0.14.1, <1.0.0"],
         "teradata": ["teradatasql>=16.20.0.23"],

From 3962bdfa02ead6495cf13dc9a4ddd397c3de778c Mon Sep 17 00:00:00 2001
From: Daniel Draper <daniel.draper@understand.ai>
Date: Mon, 16 Jan 2023 17:53:48 +0100
Subject: [PATCH 2/9] fix import

---
 setup.py               | 2 +-
 superset/utils/core.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/setup.py b/setup.py
index 68f8018135b46..4778dd5cbd98e 100644
--- a/setup.py
+++ b/setup.py
@@ -80,7 +80,7 @@ def get_git_sha() -> str:
         "colorama",
         "croniter>=0.3.28",
         "cron-descriptor",
-        "cryptography>=3.3.2,<39.0.0",
+        "cryptography>=3.3.2",
         "deprecation>=2.1.0, <2.2.0",
         "flask>=2.1.3, <2.2",
         "flask-appbuilder>=4.1.6, <5.0.0",
diff --git a/superset/utils/core.py b/superset/utils/core.py
index 0ab3a685a39c3..3f874c571866a 100644
--- a/superset/utils/core.py
+++ b/superset/utils/core.py
@@ -76,7 +76,7 @@
 import sqlalchemy as sa
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.backends.openssl.x509 import _Certificate
+from cryptography.x509 import Certificate
 from flask import current_app, flash, g, Markup, render_template, request
 from flask_appbuilder import SQLA
 from flask_appbuilder.security.sqla.models import Role, User
@@ -1550,7 +1550,7 @@ def override_user(user: Optional[User], force: bool = True) -> Iterator[Any]:
         delattr(g, "user")
 
 
-def parse_ssl_cert(certificate: str) -> _Certificate:
+def parse_ssl_cert(certificate: str) -> Certificate:
     """
     Parses the contents of a certificate and returns a valid certificate object
     if valid.

From 5151a8319dd777aaaee802fce56080572b9af8bc Mon Sep 17 00:00:00 2001
From: Daniel Draper <daniel.draper@understand.ai>
Date: Mon, 23 Jan 2023 09:56:20 +0100
Subject: [PATCH 3/9] fix black

---
 setup.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index 4778dd5cbd98e..dc546e5a6030c 100644
--- a/setup.py
+++ b/setup.py
@@ -168,7 +168,9 @@ def get_git_sha() -> str:
         "prophet": ["prophet>=1.0.1, <1.1", "pystan<3.0"],
         "redshift": ["sqlalchemy-redshift>=0.8.1, < 0.9"],
         "rockset": ["rockset>=0.8.10, <0.9"],
-        "shillelagh": ["shillelagh[datasetteapi,gsheetsapi,socrata,weatherapi]>=1.1.1, <2"],
+        "shillelagh": [
+            "shillelagh[datasetteapi,gsheetsapi,socrata,weatherapi]>=1.1.1, <2"
+        ],
         "snowflake": ["snowflake-sqlalchemy>=1.2.4, <2"],
         "spark": ["pyhive[hive]>=0.6.5", "tableschema", "thrift>=0.14.1, <1.0.0"],
         "teradata": ["teradatasql>=16.20.0.23"],

From 6fd3334c473c3ab1c54a82a78861d30ab4214f76 Mon Sep 17 00:00:00 2001
From: Daniel Draper <daniel.draper@understand.ai>
Date: Wed, 25 Jan 2023 13:10:10 +0100
Subject: [PATCH 4/9] MR review: named import

---
 superset/utils/core.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/superset/utils/core.py b/superset/utils/core.py
index 3f874c571866a..275d6d409d302 100644
--- a/superset/utils/core.py
+++ b/superset/utils/core.py
@@ -74,9 +74,8 @@
 import numpy as np
 import pandas as pd
 import sqlalchemy as sa
-from cryptography import x509
 from cryptography.hazmat.backends import default_backend
-from cryptography.x509 import Certificate
+from cryptography.x509 import Certificate, load_pem_x509_certificate
 from flask import current_app, flash, g, Markup, render_template, request
 from flask_appbuilder import SQLA
 from flask_appbuilder.security.sqla.models import Role, User
@@ -1560,7 +1559,7 @@ def parse_ssl_cert(certificate: str) -> Certificate:
     :raises CertificateException: If certificate is not valid/unparseable
     """
     try:
-        return x509.load_pem_x509_certificate(
+        return load_pem_x509_certificate(
             certificate.encode("utf-8"), default_backend()
         )
     except ValueError as ex:

From a5cab392233b6f1ffeb520fe925d388eef8addee Mon Sep 17 00:00:00 2001
From: Daniel Draper <daniel.draper@understand.ai>
Date: Wed, 25 Jan 2023 13:29:38 +0100
Subject: [PATCH 5/9] fix black

---
 superset/utils/core.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/superset/utils/core.py b/superset/utils/core.py
index 275d6d409d302..5172f9d362f8c 100644
--- a/superset/utils/core.py
+++ b/superset/utils/core.py
@@ -1559,9 +1559,7 @@ def parse_ssl_cert(certificate: str) -> Certificate:
     :raises CertificateException: If certificate is not valid/unparseable
     """
     try:
-        return load_pem_x509_certificate(
-            certificate.encode("utf-8"), default_backend()
-        )
+        return load_pem_x509_certificate(certificate.encode("utf-8"), default_backend())
     except ValueError as ex:
         raise CertificateException("Invalid certificate") from ex
 

From f9b78f549c08137e5f1170306c7c76d9fc668b72 Mon Sep 17 00:00:00 2001
From: Daniel Draper <daniel.draper@understand.ai>
Date: Wed, 25 Jan 2023 15:23:22 +0100
Subject: [PATCH 6/9] update cryptography version

---
 requirements/base.txt | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/requirements/base.txt b/requirements/base.txt
index 4dc66c1e4adec..2a0156f5c931b 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -5,6 +5,8 @@
 #
 #    pip-compile-multi
 #
+--trusted-host gitlab.understand.ai
+
 -e file:.
     # via -r requirements/base.in
 alembic==1.6.5
@@ -60,7 +62,7 @@ cron-descriptor==1.2.24
     # via apache-superset
 croniter==1.0.15
     # via apache-superset
-cryptography==3.4.7
+cryptography==39.0.0
     # via
     #   apache-superset
     #   paramiko
@@ -93,7 +95,9 @@ flask-compress==1.13
 flask-jwt-extended==4.3.1
     # via flask-appbuilder
 flask-login==0.6.0
-    # via flask-appbuilder
+    # via
+    #   apache-superset
+    #   flask-appbuilder
 flask-migrate==3.1.0
     # via apache-superset
 flask-sqlalchemy==2.5.1
@@ -150,7 +154,6 @@ markupsafe==2.1.1
     # via
     #   jinja2
     #   mako
-    #   werkzeug
     #   wtforms
 marshmallow==3.13.0
     # via
@@ -284,6 +287,7 @@ werkzeug==2.1.2
     # via
     #   flask
     #   flask-jwt-extended
+    #   flask-login
 wtforms==2.3.3
     # via
     #   apache-superset

From e20d2671826c2571056bf6c22a729ed6abe31976 Mon Sep 17 00:00:00 2001
From: Daniel Draper <daniel.draper@understand.ai>
Date: Wed, 25 Jan 2023 15:32:56 +0100
Subject: [PATCH 7/9] fix wrong trusted host

---
 requirements/base.txt | 2 --
 1 file changed, 2 deletions(-)

diff --git a/requirements/base.txt b/requirements/base.txt
index 2a0156f5c931b..4041d71e3b6b9 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -5,8 +5,6 @@
 #
 #    pip-compile-multi
 #
---trusted-host gitlab.understand.ai
-
 -e file:.
     # via -r requirements/base.in
 alembic==1.6.5

From b13b1106de51f1916e5a5f8396aa391bd0252df1 Mon Sep 17 00:00:00 2001
From: Daniel Draper <daniel.draper@understand.ai>
Date: Wed, 25 Jan 2023 15:33:45 +0100
Subject: [PATCH 8/9] setup.py

---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index dc546e5a6030c..d320567cedace 100644
--- a/setup.py
+++ b/setup.py
@@ -80,7 +80,7 @@ def get_git_sha() -> str:
         "colorama",
         "croniter>=0.3.28",
         "cron-descriptor",
-        "cryptography>=3.3.2",
+        "cryptography>=39.0.0,<40",
         "deprecation>=2.1.0, <2.2.0",
         "flask>=2.1.3, <2.2",
         "flask-appbuilder>=4.1.6, <5.0.0",

From 53212ed73d4eda2deb0d6c6700abe0cd3beb8dd6 Mon Sep 17 00:00:00 2001
From: Daniel Draper <daniel.draper@understand.ai>
Date: Tue, 31 Jan 2023 09:57:47 +0100
Subject: [PATCH 9/9] cryptography does not raise anymore

---
 tests/integration_tests/utils_tests.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/integration_tests/utils_tests.py b/tests/integration_tests/utils_tests.py
index 70487da280864..967a4e9388cf4 100644
--- a/tests/integration_tests/utils_tests.py
+++ b/tests/integration_tests/utils_tests.py
@@ -910,7 +910,6 @@ def test_merge_extra_filters_with_extras(self):
     def test_ssl_certificate_parse(self):
         parsed_certificate = parse_ssl_cert(ssl_certificate)
         self.assertEqual(parsed_certificate.serial_number, 12355228710836649848)
-        self.assertRaises(CertificateException, parse_ssl_cert, "abc" + ssl_certificate)
 
     def test_ssl_certificate_file_creation(self):
         path = create_ssl_cert_file(ssl_certificate)