Remove unused test utils
These utils are not used by any of the test codes so can be removed. This allos us to reduce dependency on crypto module of pyOpenSSL which is discouraged now[1] [1] https://www.pyopenssl.org/en/latest/api/crypto.html Change-Id: I10d7d3f611bc884549ab8c01f69ffc87fcd6f451
This commit is contained in:
parent
b6edfda344
commit
3e5ba21c47
@ -1,95 +0,0 @@
|
|||||||
# Copyright (c) 2015 Cisco Systems
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
||||||
# implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
"""
|
|
||||||
The following functions were created for testing purposes.
|
|
||||||
"""
|
|
||||||
|
|
||||||
from OpenSSL import crypto
|
|
||||||
|
|
||||||
|
|
||||||
def create_key_pair(type, bits):
|
|
||||||
key_pair = crypto.PKey()
|
|
||||||
key_pair.generate_key(type, bits)
|
|
||||||
return key_pair
|
|
||||||
|
|
||||||
|
|
||||||
def get_valid_csr_object():
|
|
||||||
"""Create a valid X509Req object"""
|
|
||||||
key_pair = create_key_pair(crypto.TYPE_RSA, 2048)
|
|
||||||
csr = crypto.X509Req()
|
|
||||||
subject = csr.get_subject()
|
|
||||||
setattr(subject, "CN", "host.example.net")
|
|
||||||
csr.set_pubkey(key_pair)
|
|
||||||
csr.sign(key_pair, "sha256")
|
|
||||||
return csr
|
|
||||||
|
|
||||||
|
|
||||||
def create_good_csr():
|
|
||||||
"""Generate a CSR that will pass validation."""
|
|
||||||
csr = get_valid_csr_object()
|
|
||||||
pem = crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr)
|
|
||||||
return pem
|
|
||||||
|
|
||||||
|
|
||||||
def create_csr_that_has_not_been_signed():
|
|
||||||
"""Return a CSR that has not been signed."""
|
|
||||||
# NOTE(xek): This method was relying on unsupported behaviour
|
|
||||||
# in OpenSSL to create an unsigned CSR in the past, so just
|
|
||||||
# return a pre-generated certificate request.
|
|
||||||
return b"""-----BEGIN CERTIFICATE REQUEST-----
|
|
||||||
MIIBUTCCAUgCAQAwGzEZMBcGA1UEAwwQaG9zdC5leGFtcGxlLm5ldDCCASIwDQYJ
|
|
||||||
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAPPO24Fzfoh4pAqfzGrJGEwINi42MY4S
|
|
||||||
NMI8+l53vwD0Ld5FN9O044NAuDrGv5KbCoKI6APRYsESZ3adaiHKXfIiEX9QPn8D
|
|
||||||
wJVU388O7gi43tUFl02a65ffczDDYQqHc05rFACvYhYzsjXescqeQjQydI8GcSe0
|
|
||||||
UGsi4IEyU3iI9hKgYwGRRbPezlkpK5t/wW08Qv1muPNkJi1kJklSrNbVYfN+lj7U
|
|
||||||
e3hntigVIo9AP7d++YcMVelrQqFRkhC9+LPo75cKZ5qONQKp5qbDXuHyXh8/H3gv
|
|
||||||
G903n2Dy9QqqV3zNbDyhBLcjv6802ITtSZSv/GuGM2UUj1o+Eo4B2ycCAwEAAaAA
|
|
||||||
MAADAQA=
|
|
||||||
-----END CERTIFICATE REQUEST-----
|
|
||||||
"""
|
|
||||||
|
|
||||||
|
|
||||||
def create_csr_signed_with_wrong_key():
|
|
||||||
"""Generate a CSR that has been signed by the wrong key."""
|
|
||||||
key_pair1 = create_key_pair(crypto.TYPE_RSA, 2048)
|
|
||||||
key_pair2 = create_key_pair(crypto.TYPE_RSA, 2048)
|
|
||||||
csr = crypto.X509Req()
|
|
||||||
subject = csr.get_subject()
|
|
||||||
setattr(subject, "CN", "host.example.net")
|
|
||||||
# set public key from key pair 1
|
|
||||||
csr.set_pubkey(key_pair1)
|
|
||||||
# sign with public key from key pair 2
|
|
||||||
csr.sign(key_pair2, "sha256")
|
|
||||||
pem = crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr)
|
|
||||||
return pem
|
|
||||||
|
|
||||||
|
|
||||||
def create_bad_csr():
|
|
||||||
"""Generate a CSR that will not parse."""
|
|
||||||
return b"Bad PKCS10 Data"
|
|
||||||
|
|
||||||
|
|
||||||
def create_csr_with_bad_subject_dn():
|
|
||||||
"""Generate a CSR that has a bad subject dn."""
|
|
||||||
key_pair = create_key_pair(crypto.TYPE_RSA, 2048)
|
|
||||||
csr = crypto.X509Req()
|
|
||||||
subject = csr.get_subject()
|
|
||||||
# server certs require attribute 'CN'
|
|
||||||
setattr(subject, "UID", "bar")
|
|
||||||
csr.set_pubkey(key_pair)
|
|
||||||
csr.sign(key_pair, "sha256")
|
|
||||||
pem = crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr)
|
|
||||||
return pem
|
|
@ -21,7 +21,6 @@ import time
|
|||||||
import types
|
import types
|
||||||
from unittest import mock
|
from unittest import mock
|
||||||
|
|
||||||
from OpenSSL import crypto
|
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_utils import uuidutils
|
from oslo_utils import uuidutils
|
||||||
import oslotest.base as oslotest
|
import oslotest.base as oslotest
|
||||||
@ -657,25 +656,6 @@ def get_triple_des_key():
|
|||||||
return s
|
return s
|
||||||
|
|
||||||
|
|
||||||
def is_cert_valid(expected, observed):
|
|
||||||
c1 = crypto.load_certificate(crypto.FILETYPE_PEM, expected)
|
|
||||||
c2 = crypto.load_certificate(crypto.FILETYPE_PEM, observed)
|
|
||||||
return (crypto.dump_certificate(crypto.FILETYPE_PEM, c1) ==
|
|
||||||
crypto.dump_certificate(crypto.FILETYPE_PEM, c2))
|
|
||||||
|
|
||||||
|
|
||||||
def is_private_key_valid(expected, observed):
|
|
||||||
k1 = crypto.load_privatekey(crypto.FILETYPE_PEM, expected)
|
|
||||||
k2 = crypto.load_privatekey(crypto.FILETYPE_PEM, observed)
|
|
||||||
return (crypto.dump_privatekey(crypto.FILETYPE_PEM, k1) ==
|
|
||||||
crypto.dump_privatekey(crypto.FILETYPE_PEM, k2))
|
|
||||||
|
|
||||||
|
|
||||||
def is_public_key_valid(expected, observed):
|
|
||||||
# TODO(alee) fill in the relevant test here
|
|
||||||
return True
|
|
||||||
|
|
||||||
|
|
||||||
def is_kmip_enabled():
|
def is_kmip_enabled():
|
||||||
return os.environ.get('KMIP_PLUGIN_ENABLED') is not None
|
return os.environ.get('KMIP_PLUGIN_ENABLED') is not None
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user