mendix · jeohist · Jun 6, 2024 · Jun 6, 2024 · Jun 6, 2024 · Jun 11, 2024
diff --git a/buildpack/util.py b/buildpack/util.py
@@ -581,7 +581,7 @@ def _upsert_config(config, key, value, overwrite=False, append=False):
         if not append and overwrite:
             config[key] = value
         else:
-            if append and type(config[key]) == type(value):
+            if append and type(config[key]) is type(value):
                 if isinstance(value, list):
                     config[key].extend(value)
                 elif isinstance(value, (dict, set)):

diff --git a/dependencies.yml b/dependencies.yml
@@ -24,14 +24,14 @@ dependencies:
       version: 4.37.0
     trace-agent:
       artifact: datadog/dd-java-agent-{{ version }}.jar
-      version: 1.27.0
+      version: 1.37.0
   dynatrace:
     agent:
       artifact: "{{ url }}/e/{{ environment }}/api/v1/deployment/installer/agent/unix/paas/latest?include=java&bitness=64&Api-Token={{ token }}"
       managed: false
   fluentbit:
     artifact: fluentbit/fluent-bit-{{ version }}-cflinuxfs4.tar.gz
-    version: 1.9.2
+    version: 3.1.2
   java:
     keyutil:
       artifact: java-keyutil/keyutil-{{ version }}.jar

diff --git a/requirements-dev.in b/requirements-dev.in
@@ -3,9 +3,9 @@ idna==3.7
 pytest==8.2.2
 pytest-timer==1.0.0
 pytest-timeout==2.3.1
-pylint==3.2.3
-pyopenssl==24.0.0
+pytest-timestamper==0.0.10
+pylint==3.2.6
 randomname==0.2.1
 requests-mock==1.12.1
-ruff==0.4.8
+ruff==0.5.7
 parameterized==0.9.0
diff --git a/requirements.in b/requirements.in
@@ -8,4 +8,4 @@ omegaconf==2.3.0
 psycopg2-binary==2.9.9
 pyyaml==6.0.1
 requests==2.32.3
-urllib3==2.2.1
+urllib3==2.2.2
diff --git a/tests/integration/test_newrelic.py → tests/integration/disabled_test_newrelic.py b/tests/integration/test_newrelic.py → tests/integration/disabled_test_newrelic.py
diff --git a/tests/integration/test_splunk.py → tests/integration/disabled_test_splunk.py b/tests/integration/test_splunk.py → tests/integration/disabled_test_splunk.py
diff --git a/tests/integration/test_certificate_authorities.py b/tests/integration/test_certificate_authorities.py
@@ -1,7 +1,11 @@
 import base64
+from datetime import datetime, timedelta
 from socket import gethostname
 
-from OpenSSL import crypto
+from cryptography import x509
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.x509.oid import NameOID
 
 from tests.integration import basetest
 
@@ -15,28 +19,40 @@ def setUp(self):
         self.certificate = self._create_self_signed_cert()
 
     def _create_self_signed_cert(self):
+        # Generate a private key
+        private_key = rsa.generate_private_key(
+            public_exponent=65537,
+            key_size=2048,
+        )
+
+        # Create a self-signed certificate
+        subject = issuer = x509.Name([
+            x509.NameAttribute(NameOID.COUNTRY_NAME, "NL"),
+            x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Rotterdam"),
+            x509.NameAttribute(NameOID.LOCALITY_NAME, "Rotterdam"),
+            x509.NameAttribute(NameOID.ORGANIZATION_NAME, "Mendix"),
+            x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Mendix"),
+            x509.NameAttribute(NameOID.COMMON_NAME, gethostname()),
+        ])
+        cert = x509.CertificateBuilder().subject_name(
+            subject
+        ).issuer_name(
+            issuer
+        ).public_key(
+            private_key.public_key()
+        ).serial_number(
+            1000
+        ).not_valid_before(
+            datetime.utcnow()
+        ).not_valid_after(
+            datetime.utcnow() + timedelta(days=365*10)
+        ).add_extension(
+            x509.BasicConstraints(ca=True, path_length=None), critical=True,
+        ).sign(private_key, hashes.SHA256())
+
+        cert_pem = cert.public_bytes(serialization.Encoding.PEM)
 
-        # Create a key pair
-        k = crypto.PKey()
-        k.generate_key(crypto.TYPE_RSA, 1024)
-
-        # Create a self-signed cert
-        cert = crypto.X509()
-        cert.get_subject().C = "NL"
-        cert.get_subject().ST = "Rotterdam"
-        cert.get_subject().L = "Rotterdam"
-        cert.get_subject().O = "Mendix"  # noqa: E741
-        cert.get_subject().OU = "Mendix"
-        cert.get_subject().CN = gethostname()
-        cert.set_serial_number(1000)
-        cert.gmtime_adj_notBefore(0)
-        cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60)
-        cert.set_issuer(cert.get_subject())
-        cert.set_pubkey(k)
-        cert.sign(k, "sha1")
-
-        # Return a .PEM certificate
-        return crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
+        return cert_pem
 
     def test_certificate_authorities(self):
         self.stage_container(

diff --git a/tests/unit/test_runtime_configuration.py b/tests/unit/test_runtime_configuration.py
@@ -1,13 +1,19 @@
 import base64
 import json
 import os
+from datetime import datetime, timedelta
 from socket import gethostname
 from unittest import TestCase, mock
 
+from cryptography import x509
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives.serialization import pkcs12
+from cryptography.x509.oid import NameOID
+
 from buildpack import util
 from buildpack.core import runtime, security
 from lib.m2ee.version import MXVersion
-from OpenSSL import crypto
 
 
 class M2EEMock:
@@ -87,34 +93,49 @@ def test_custom_runtime_setting_is_set(self):
         )
 
 
-def _create_self_signed_cert():
-    # Create a key pair
-    k = crypto.PKey()
-    k.generate_key(crypto.TYPE_RSA, 1024)
-
-    # Create a self-signed cert
-    cert = crypto.X509()
-    cert.get_subject().C = "NL"
-    cert.get_subject().ST = "Rotterdam"
-    cert.get_subject().L = "Rotterdam"
-    cert.get_subject().O = "Mendix"  # noqa: E741
-    cert.get_subject().OU = "Mendix"
-    cert.get_subject().CN = gethostname()
-    cert.set_serial_number(1000)
-    cert.gmtime_adj_notBefore(0)
-    cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60)
-    cert.set_issuer(cert.get_subject())
-    cert.set_pubkey(k)
-    cert.sign(k, "sha1")
-
-    # Create a P12 container
-    p12 = crypto.PKCS12()
-    p12.set_certificate(cert)
-
-    return p12.export()
+class TestClientCertificateConfiguration(TestCase):
+    def _create_self_signed_cert():  # pylint: disable=no-method-argument
+        # Generate a private key
+        private_key = rsa.generate_private_key(
+            public_exponent=65537,
+            key_size=2048,
+        )
 
+        # Create a self-signed certificate
+        subject = issuer = x509.Name([
+            x509.NameAttribute(NameOID.COUNTRY_NAME, "NL"),
+            x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Rotterdam"),
+            x509.NameAttribute(NameOID.LOCALITY_NAME, "Rotterdam"),
+            x509.NameAttribute(NameOID.ORGANIZATION_NAME, "Mendix"),
+            x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Mendix"),
+            x509.NameAttribute(NameOID.COMMON_NAME, gethostname()),
+        ])
+        cert = x509.CertificateBuilder().subject_name(
+            subject
+        ).issuer_name(
+            issuer
+        ).public_key(
+            private_key.public_key()
+        ).serial_number(
+            1000
+        ).not_valid_before(
+            datetime.utcnow()
+        ).not_valid_after(
+            datetime.utcnow() + timedelta(days=365*10)
+        ).add_extension(
+            x509.BasicConstraints(ca=True, path_length=None), critical=True,
+        ).sign(private_key, hashes.SHA256())
+
+        # Serialize private key and certificate to a PKCS12 container
+        p12 = pkcs12.serialize_key_and_certificates(
+            name=b"selfsigned",
+            key=private_key,
+            cert=cert,
+            cas=None,
+            encryption_algorithm=serialization.NoEncryption()
+        )
 
-class TestClientCertificateConfiguration(TestCase):
+        return p12
 
     CERTIFICATE_ENV = {
         "CLIENT_CERTIFICATES": json.dumps(