Fix cryptography deprecation warnings. Closes #108

Author: kislyuk

signxml/__init__.py

@@ -363,15 +363,13 @@ def sign(self, data, key=None, passphrase=None, cert=None, reference_uri=None, k
 
             hash_alg = self._get_signature_digest_method_by_tag(self.sign_alg)
             if self.sign_alg.startswith("dsa-"):
-                signer = key.signer(signature_algorithm=hash_alg)
+                signature = key.sign(signed_info_c14n, algorithm=hash_alg)
             elif self.sign_alg.startswith("ecdsa-"):
-                signer = key.signer(signature_algorithm=ec.ECDSA(algorithm=hash_alg))
+                signature = key.sign(signed_info_c14n, signature_algorithm=ec.ECDSA(algorithm=hash_alg))
             elif self.sign_alg.startswith("rsa-"):
-                signer = key.signer(padding=PKCS1v15(), algorithm=hash_alg)
+                signature = key.sign(signed_info_c14n, padding=PKCS1v15(), algorithm=hash_alg)
             else:
                 raise NotImplementedError()
-            signer.update(signed_info_c14n)
-            signature = signer.finalize()
             if self.sign_alg.startswith("dsa-"):
                 # Note: The output of the DSA signer is a DER-encoded ASN.1 sequence of two DER integers.
                 from asn1crypto.algos import DSASignature
@@ -534,7 +532,9 @@ def _verify_signature_with_pubkey(self, signed_info_c14n, raw_signature, key_val
             y = bytes_to_long(key_data[len(key_data)//2:])
             curve_class = self.known_ecdsa_curves[named_curve.get("URI")]
             key = ec.EllipticCurvePublicNumbers(x=x, y=y, curve=curve_class()).public_key(backend=default_backend())
-            verifier = key.verifier(raw_signature, ec.ECDSA(self._get_signature_digest_method(signature_alg)))
+            key.verify(raw_signature,
+                       data=signed_info_c14n,
+                       signature_algorithm=ec.ECDSA(self._get_signature_digest_method(signature_alg)))
         elif "dsa-" in signature_alg:
             dsa_key_value = self._find(key_value, "DSAKeyValue")
             p = self._get_long(dsa_key_value, "P")
@@ -545,20 +545,21 @@ def _verify_signature_with_pubkey(self, signed_info_c14n, raw_signature, key_val
             key = pn.public_key(backend=default_backend())
             from asn1crypto.algos import DSASignature
             sig_as_der_seq = DSASignature.from_p1363(raw_signature).dump()
-            verifier = key.verifier(sig_as_der_seq, self._get_signature_digest_method(signature_alg))
+            key.verify(sig_as_der_seq,
+                       data=signed_info_c14n,
+                       algorithm=self._get_signature_digest_method(signature_alg))
         elif "rsa-" in signature_alg:
             rsa_key_value = self._find(key_value, "RSAKeyValue")
             modulus = self._get_long(rsa_key_value, "Modulus")
             exponent = self._get_long(rsa_key_value, "Exponent")
             key = rsa.RSAPublicNumbers(e=exponent, n=modulus).public_key(backend=default_backend())
-            verifier = key.verifier(raw_signature, padding=PKCS1v15(),
-                                    algorithm=self._get_signature_digest_method(signature_alg))
+            key.verify(raw_signature,
+                       data=signed_info_c14n,
+                       padding=PKCS1v15(),
+                       algorithm=self._get_signature_digest_method(signature_alg))
         else:
             raise NotImplementedError()
 
-        verifier.update(signed_info_c14n)
-        verifier.verify()
-
     def _get_inclusive_ns_prefixes(self, transform_node):
         inclusive_namespaces = transform_node.find("./ec:InclusiveNamespaces[@PrefixList]", namespaces=namespaces)
         if inclusive_namespaces is None: