From ebc729b0a7e6dddca94b72e7187cf9c9369e406b Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Mon, 18 Mar 2024 22:13:35 +0900
Subject: [PATCH] func tests: Use cryptography to manage certificates and keys

... instead of crypto module of pyOpenSSL which is now discouraged.

Change-Id: If3ed1af038ba856d89050054e1de35be75aac1c7
---
 functionaltests/api/v1/functional/test_rsa.py | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/functionaltests/api/v1/functional/test_rsa.py b/functionaltests/api/v1/functional/test_rsa.py
index 15ebd0ac3..75217bd04 100644
--- a/functionaltests/api/v1/functional/test_rsa.py
+++ b/functionaltests/api/v1/functional/test_rsa.py
@@ -16,7 +16,7 @@ import base64
 
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
-from OpenSSL import crypto
+from cryptography import x509
 import testtools
 from testtools import testcase
 
@@ -122,7 +122,7 @@ class RSATestCase(base.TestCase):
 
         # prove pyOpenSSL can parse the original private key
         pem = keys.get_private_key_pem()
-        crypto.load_privatekey(crypto.FILETYPE_PEM, pem)
+        serialization.load_pem_private_key(pem, None)
 
         # prove cryptography can parse the original public key
         serialization.load_pem_public_key(
@@ -133,13 +133,11 @@ class RSATestCase(base.TestCase):
         # prove pyOpenSSL can parse the original encrypted private key
         pem = keys.get_encrypted_private_key_pem()
         passphrase = keys.get_passphrase_txt()
-        crypto.load_privatekey(crypto.FILETYPE_PEM,
-                               pem,
-                               passphrase)
+        serialization.load_pem_private_key(pem, passphrase)
 
         # prove OpenSSL can parse the original certificate
         pem = keys.get_certificate_pem()
-        crypto.load_certificate(crypto.FILETYPE_PEM, pem)
+        x509.load_pem_x509_certificate(pem)
 
     @testcase.attr('positive')
     def test_rsa_store_and_get_private_key(self):
@@ -471,15 +469,14 @@ class RSATestCase(base.TestCase):
                                     with_passphrase=False):
         # verify generated keys can be parsed
         if with_passphrase:
-            crypto.load_privatekey(
-                crypto.FILETYPE_PEM,
+            serialization.load_pem_private_key(
                 secret_dict['private_key'],
                 secret_dict['private_key_passphrase'])
         else:
             self.assertNotIn('private_key_passphrase', secret_dict)
-            crypto.load_privatekey(
-                crypto.FILETYPE_PEM,
-                secret_dict['private_key'])
+            serialization.load_pem_private_key(
+                secret_dict['private_key'],
+                None)
         serialization.load_pem_public_key(
             secret_dict['public_key'],
             backend=default_backend()