Stop using removed verifier and signer methods
These methods is removed in [1] so we move to our wrappers for verifiers introduced in [2] and then updateo ur testing to not use signer as well. [1] https://github.com/pyca/cryptography/pull/6639 [2] https://review.opendev.org/c/x/cursive/+/547146 Closes-Bug: #1750633 Change-Id: I07b2d9c41c5c659692e5bfd6570b66fd646faa2b
This commit is contained in:
parent
45eba574e3
commit
ad4437300d
|
@ -21,6 +21,8 @@ from oslo_utils import timeutils
|
|||
|
||||
from cursive import exception
|
||||
from cursive import signature_utils
|
||||
from cursive import verifiers
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
@ -135,16 +137,19 @@ def verify_certificate_signature(signing_certificate, certificate):
|
|||
signer_public_key = signing_certificate.public_key()
|
||||
|
||||
if isinstance(signer_public_key, rsa.RSAPublicKey):
|
||||
verifier = signer_public_key.verifier(
|
||||
signature_bytes, padding.PKCS1v15(), signature_hash_algorithm
|
||||
verifier = verifiers.RSAVerifier(
|
||||
signature_bytes, signature_hash_algorithm,
|
||||
signer_public_key, padding.PKCS1v15(),
|
||||
)
|
||||
elif isinstance(signer_public_key, ec.EllipticCurvePublicKey):
|
||||
verifier = signer_public_key.verifier(
|
||||
signature_bytes, ec.ECDSA(signature_hash_algorithm)
|
||||
verifier = verifiers.ECCVerifier(
|
||||
signature_bytes, signature_hash_algorithm,
|
||||
signer_public_key,
|
||||
)
|
||||
else:
|
||||
verifier = signer_public_key.verifier(
|
||||
signature_bytes, signature_hash_algorithm
|
||||
verifier = verifiers.DSAVerifier(
|
||||
signature_bytes, signature_hash_algorithm,
|
||||
signer_public_key,
|
||||
)
|
||||
|
||||
verifier.update(certificate.tbs_certificate_bytes)
|
||||
|
|
|
@ -145,15 +145,15 @@ class TestSignatureUtils(base.TestCase):
|
|||
data = b'224626ae19824466f2a7f39ab7b80f7f'
|
||||
mock_get_pub_key.return_value = TEST_RSA_PRIVATE_KEY.public_key()
|
||||
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
|
||||
signer = TEST_RSA_PRIVATE_KEY.signer(
|
||||
sig = TEST_RSA_PRIVATE_KEY.sign(
|
||||
data,
|
||||
padding.PSS(
|
||||
mgf=padding.MGF1(hash_alg),
|
||||
salt_length=padding.PSS.MAX_LENGTH
|
||||
),
|
||||
hash_alg
|
||||
)
|
||||
signer.update(data)
|
||||
signature = base64.b64encode(signer.finalize())
|
||||
signature = base64.b64encode(sig)
|
||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||
verifier = signature_utils.get_verifier(None, img_sig_cert_uuid,
|
||||
hash_name, signature,
|
||||
|
@ -179,11 +179,11 @@ class TestSignatureUtils(base.TestCase):
|
|||
default_backend())
|
||||
mock_get_pub_key.return_value = private_key.public_key()
|
||||
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
|
||||
signer = private_key.signer(
|
||||
sig = private_key.sign(
|
||||
data,
|
||||
ec.ECDSA(hash_alg)
|
||||
)
|
||||
signer.update(data)
|
||||
signature = base64.b64encode(signer.finalize())
|
||||
signature = base64.b64encode(sig)
|
||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||
verifier = signature_utils.get_verifier(None,
|
||||
img_sig_cert_uuid,
|
||||
|
@ -197,11 +197,11 @@ class TestSignatureUtils(base.TestCase):
|
|||
data = b'224626ae19824466f2a7f39ab7b80f7f'
|
||||
mock_get_pub_key.return_value = TEST_DSA_PRIVATE_KEY.public_key()
|
||||
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
|
||||
signer = TEST_DSA_PRIVATE_KEY.signer(
|
||||
sig = TEST_DSA_PRIVATE_KEY.sign(
|
||||
data,
|
||||
hash_alg
|
||||
)
|
||||
signer.update(data)
|
||||
signature = base64.b64encode(signer.finalize())
|
||||
signature = base64.b64encode(sig)
|
||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||
verifier = signature_utils.get_verifier(None, img_sig_cert_uuid,
|
||||
hash_name, signature,
|
||||
|
|
Loading…
Reference in New Issue