Compatibility issue with recent versions of the cryptography package

[gonzague]

Issue summary

Using recent versions of cryptography leads to errors like Traceback (most recent call last): File "/Users/Gonzague/GitHub/codetowallet/AppleWalletServer/main.py", line 223, in generate_pass pkpass_data = apple_pass.create( File "/Users/Gonzague/GitHub/codetowallet/AppleWalletServer/venv/lib/python3.9/site-packages/applepassgenerator/models.py", line 323, in create signature = self._create_signature_crypto( File "/Users/Gonzague/GitHub/codetowallet/AppleWalletServer/venv/lib/python3.9/site-packages/applepassgenerator/models.py", line 372, in _create_signature_crypto pkcs7.PKCS7SignatureBuilder() File "/Users/Gonzague/GitHub/codetowallet/AppleWalletServer/venv/lib/python3.9/site-packages/cryptography/hazmat/primitives/serialization/pkcs7.py", line 100, in add_signer raise TypeError( TypeError: hash_algorithm must be one of hashes.SHA224, SHA256, SHA384, or SHA512

Expected behaviour

This should work

Actual behaviour

Crashes with an error

Steps to reproduce the problem

Install this package / library without a specific "cryptography==37.0.2" requirement

---

Checklist

• [X] I have searched the issues of this repo and believe that this is not a duplicate.

[jensimik]

You could do a hack/patch to fix it up: https://github.com/twopointone/applepassgenerator/blob/52e1db18ed08b24cec5283b90fcc64bb25b2f59a/src/applepassgenerator/models.py#L371

instead do something like this (i use my own library for apple wallet and do it like this):

pkcs7.PKCS7SignatureBuilder( manifest.encode("UTF-8"), # data [ (cert, priv_key, hashes.SHA1(), None), ], # hack to allow using newest cryptography lib and still use SHA1 which is deprecated otherwise? ) .add_certificate(wwdr_cert) .sign(serialization.Encoding.DER, options)