openstack/barbican
Code Issues Proposed changes

func tests: Use cryptography to manage certificates and keys

Browse Source 
... instead of crypto module of pyOpenSSL which is now discouraged.

Change-Id: If3ed1af038ba856d89050054e1de35be75aac1c7
This commit is contained in:
Takashi Kajinami 2024-03-18 22:13:35 +09:00
parent 3e5ba21c47
commit ebc729b0a7
1 changed files with 8 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
functionaltests/api/v1/functional/test_rsa.py
View File

@ -16,7 +16,7 @@ import base64
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives import serialization
from OpenSSL import crypto from cryptography import x509
import testtools import testtools
from testtools import testcase from testtools import testcase
@ -122,7 +122,7 @@ class RSATestCase(base.TestCase):
# prove pyOpenSSL can parse the original private key # prove pyOpenSSL can parse the original private key
pem = keys.get_private_key_pem() pem = keys.get_private_key_pem()
crypto.load_privatekey(crypto.FILETYPE_PEM, pem) serialization.load_pem_private_key(pem, None)
# prove cryptography can parse the original public key # prove cryptography can parse the original public key
serialization.load_pem_public_key( serialization.load_pem_public_key(
@ -133,13 +133,11 @@ class RSATestCase(base.TestCase):
# prove pyOpenSSL can parse the original encrypted private key # prove pyOpenSSL can parse the original encrypted private key
pem = keys.get_encrypted_private_key_pem() pem = keys.get_encrypted_private_key_pem()
passphrase = keys.get_passphrase_txt() passphrase = keys.get_passphrase_txt()
crypto.load_privatekey(crypto.FILETYPE_PEM, serialization.load_pem_private_key(pem, passphrase)
pem,
passphrase)
# prove OpenSSL can parse the original certificate # prove OpenSSL can parse the original certificate
pem = keys.get_certificate_pem() pem = keys.get_certificate_pem()
crypto.load_certificate(crypto.FILETYPE_PEM, pem) x509.load_pem_x509_certificate(pem)
@testcase.attr('positive') @testcase.attr('positive')
def test_rsa_store_and_get_private_key(self): def test_rsa_store_and_get_private_key(self):
@ -471,15 +469,14 @@ class RSATestCase(base.TestCase):
with_passphrase=False): with_passphrase=False):
# verify generated keys can be parsed # verify generated keys can be parsed
if with_passphrase: if with_passphrase:
crypto.load_privatekey( serialization.load_pem_private_key(
crypto.FILETYPE_PEM,
secret_dict['private_key'], secret_dict['private_key'],
secret_dict['private_key_passphrase']) secret_dict['private_key_passphrase'])
else: else:
self.assertNotIn('private_key_passphrase', secret_dict) self.assertNotIn('private_key_passphrase', secret_dict)
crypto.load_privatekey( serialization.load_pem_private_key(
crypto.FILETYPE_PEM, secret_dict['private_key'],
secret_dict['private_key']) None)
serialization.load_pem_public_key( serialization.load_pem_public_key(
secret_dict['public_key'], secret_dict['public_key'],
backend=default_backend() backend=default_backend()