From 3e5ba21c47136f561feb60540d785941ccbd2600 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Mon, 18 Mar 2024 19:02:22 +0900
Subject: [PATCH] Remove unused test utils

These utils are not used by any of the test codes so can be removed.
This allos us to reduce dependency on crypto module of pyOpenSSL which
is discouraged now[1]

[1] https://www.pyopenssl.org/en/latest/api/crypto.html

Change-Id: I10d7d3f611bc884549ab8c01f69ffc87fcd6f451
---
 barbican/tests/certificate_utils.py | 95 -----------------------------
 barbican/tests/utils.py             | 20 ------
 2 files changed, 115 deletions(-)
 delete mode 100644 barbican/tests/certificate_utils.py

diff --git a/barbican/tests/certificate_utils.py b/barbican/tests/certificate_utils.py
deleted file mode 100644
index b993f3571..000000000
--- a/barbican/tests/certificate_utils.py
+++ /dev/null
@@ -1,95 +0,0 @@
-# Copyright (c) 2015 Cisco Systems
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-"""
-The following functions were created for testing purposes.
-"""
-
-from OpenSSL import crypto
-
-
-def create_key_pair(type, bits):
-    key_pair = crypto.PKey()
-    key_pair.generate_key(type, bits)
-    return key_pair
-
-
-def get_valid_csr_object():
-    """Create a valid X509Req object"""
-    key_pair = create_key_pair(crypto.TYPE_RSA, 2048)
-    csr = crypto.X509Req()
-    subject = csr.get_subject()
-    setattr(subject, "CN", "host.example.net")
-    csr.set_pubkey(key_pair)
-    csr.sign(key_pair, "sha256")
-    return csr
-
-
-def create_good_csr():
-    """Generate a CSR that will pass validation."""
-    csr = get_valid_csr_object()
-    pem = crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr)
-    return pem
-
-
-def create_csr_that_has_not_been_signed():
-    """Return a CSR that has not been signed."""
-    # NOTE(xek): This method was relying on unsupported behaviour
-    # in OpenSSL to create an unsigned CSR in the past, so just
-    # return a pre-generated certificate request.
-    return b"""-----BEGIN CERTIFICATE REQUEST-----
-MIIBUTCCAUgCAQAwGzEZMBcGA1UEAwwQaG9zdC5leGFtcGxlLm5ldDCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAPPO24Fzfoh4pAqfzGrJGEwINi42MY4S
-NMI8+l53vwD0Ld5FN9O044NAuDrGv5KbCoKI6APRYsESZ3adaiHKXfIiEX9QPn8D
-wJVU388O7gi43tUFl02a65ffczDDYQqHc05rFACvYhYzsjXescqeQjQydI8GcSe0
-UGsi4IEyU3iI9hKgYwGRRbPezlkpK5t/wW08Qv1muPNkJi1kJklSrNbVYfN+lj7U
-e3hntigVIo9AP7d++YcMVelrQqFRkhC9+LPo75cKZ5qONQKp5qbDXuHyXh8/H3gv
-G903n2Dy9QqqV3zNbDyhBLcjv6802ITtSZSv/GuGM2UUj1o+Eo4B2ycCAwEAAaAA
-MAADAQA=
------END CERTIFICATE REQUEST-----
-"""
-
-
-def create_csr_signed_with_wrong_key():
-    """Generate a CSR that has been signed by the wrong key."""
-    key_pair1 = create_key_pair(crypto.TYPE_RSA, 2048)
-    key_pair2 = create_key_pair(crypto.TYPE_RSA, 2048)
-    csr = crypto.X509Req()
-    subject = csr.get_subject()
-    setattr(subject, "CN", "host.example.net")
-    # set public key from key pair 1
-    csr.set_pubkey(key_pair1)
-    # sign with public key from key pair 2
-    csr.sign(key_pair2, "sha256")
-    pem = crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr)
-    return pem
-
-
-def create_bad_csr():
-    """Generate a CSR that will not parse."""
-    return b"Bad PKCS10 Data"
-
-
-def create_csr_with_bad_subject_dn():
-    """Generate a CSR that has a bad subject dn."""
-    key_pair = create_key_pair(crypto.TYPE_RSA, 2048)
-    csr = crypto.X509Req()
-    subject = csr.get_subject()
-    # server certs require attribute 'CN'
-    setattr(subject, "UID", "bar")
-    csr.set_pubkey(key_pair)
-    csr.sign(key_pair, "sha256")
-    pem = crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr)
-    return pem
diff --git a/barbican/tests/utils.py b/barbican/tests/utils.py
index 3991406d1..7b95de1d9 100644
--- a/barbican/tests/utils.py
+++ b/barbican/tests/utils.py
@@ -21,7 +21,6 @@ import time
 import types
 from unittest import mock
 
-from OpenSSL import crypto
 from oslo_config import cfg
 from oslo_utils import uuidutils
 import oslotest.base as oslotest
@@ -657,25 +656,6 @@ def get_triple_des_key():
     return s
 
 
-def is_cert_valid(expected, observed):
-    c1 = crypto.load_certificate(crypto.FILETYPE_PEM, expected)
-    c2 = crypto.load_certificate(crypto.FILETYPE_PEM, observed)
-    return (crypto.dump_certificate(crypto.FILETYPE_PEM, c1) ==
-            crypto.dump_certificate(crypto.FILETYPE_PEM, c2))
-
-
-def is_private_key_valid(expected, observed):
-    k1 = crypto.load_privatekey(crypto.FILETYPE_PEM, expected)
-    k2 = crypto.load_privatekey(crypto.FILETYPE_PEM, observed)
-    return (crypto.dump_privatekey(crypto.FILETYPE_PEM, k1) ==
-            crypto.dump_privatekey(crypto.FILETYPE_PEM, k2))
-
-
-def is_public_key_valid(expected, observed):
-    # TODO(alee) fill in the relevant test here
-    return True
-
-
 def is_kmip_enabled():
     return os.environ.get('KMIP_PLUGIN_ENABLED') is not None