From ebc729b0a7e6dddca94b72e7187cf9c9369e406b Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 18 Mar 2024 22:13:35 +0900 Subject: [PATCH] func tests: Use cryptography to manage certificates and keys ... instead of crypto module of pyOpenSSL which is now discouraged. Change-Id: If3ed1af038ba856d89050054e1de35be75aac1c7 --- functionaltests/api/v1/functional/test_rsa.py | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/functionaltests/api/v1/functional/test_rsa.py b/functionaltests/api/v1/functional/test_rsa.py index 15ebd0ac3..75217bd04 100644 --- a/functionaltests/api/v1/functional/test_rsa.py +++ b/functionaltests/api/v1/functional/test_rsa.py @@ -16,7 +16,7 @@ import base64 from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization -from OpenSSL import crypto +from cryptography import x509 import testtools from testtools import testcase @@ -122,7 +122,7 @@ class RSATestCase(base.TestCase): # prove pyOpenSSL can parse the original private key pem = keys.get_private_key_pem() - crypto.load_privatekey(crypto.FILETYPE_PEM, pem) + serialization.load_pem_private_key(pem, None) # prove cryptography can parse the original public key serialization.load_pem_public_key( @@ -133,13 +133,11 @@ class RSATestCase(base.TestCase): # prove pyOpenSSL can parse the original encrypted private key pem = keys.get_encrypted_private_key_pem() passphrase = keys.get_passphrase_txt() - crypto.load_privatekey(crypto.FILETYPE_PEM, - pem, - passphrase) + serialization.load_pem_private_key(pem, passphrase) # prove OpenSSL can parse the original certificate pem = keys.get_certificate_pem() - crypto.load_certificate(crypto.FILETYPE_PEM, pem) + x509.load_pem_x509_certificate(pem) @testcase.attr('positive') def test_rsa_store_and_get_private_key(self): @@ -471,15 +469,14 @@ class RSATestCase(base.TestCase): with_passphrase=False): # verify generated keys can be parsed if with_passphrase: - crypto.load_privatekey( - crypto.FILETYPE_PEM, + serialization.load_pem_private_key( secret_dict['private_key'], secret_dict['private_key_passphrase']) else: self.assertNotIn('private_key_passphrase', secret_dict) - crypto.load_privatekey( - crypto.FILETYPE_PEM, - secret_dict['private_key']) + serialization.load_pem_private_key( + secret_dict['private_key'], + None) serialization.load_pem_public_key( secret_dict['public_key'], backend=default_backend()