Stop using removed verifier and signer methods

These methods is removed in [1] so we move to our
wrappers for verifiers introduced in [2] and then
updateo ur testing to not use signer as well.

[1] https://github.com/pyca/cryptography/pull/6639
[2] https://review.opendev.org/c/x/cursive/+/547146

Closes-Bug: #1750633
Change-Id: I07b2d9c41c5c659692e5bfd6570b66fd646faa2b
This commit is contained in:
Tobias Urdin 2022-11-17 08:35:27 +00:00 committed by Tobias Urdin
parent 45eba574e3
commit ad4437300d
2 changed files with 20 additions and 15 deletions

View File

@ -21,6 +21,8 @@ from oslo_utils import timeutils
from cursive import exception
from cursive import signature_utils
from cursive import verifiers
LOG = logging.getLogger(__name__)
@ -135,16 +137,19 @@ def verify_certificate_signature(signing_certificate, certificate):
signer_public_key = signing_certificate.public_key()
if isinstance(signer_public_key, rsa.RSAPublicKey):
verifier = signer_public_key.verifier(
signature_bytes, padding.PKCS1v15(), signature_hash_algorithm
verifier = verifiers.RSAVerifier(
signature_bytes, signature_hash_algorithm,
signer_public_key, padding.PKCS1v15(),
)
elif isinstance(signer_public_key, ec.EllipticCurvePublicKey):
verifier = signer_public_key.verifier(
signature_bytes, ec.ECDSA(signature_hash_algorithm)
verifier = verifiers.ECCVerifier(
signature_bytes, signature_hash_algorithm,
signer_public_key,
)
else:
verifier = signer_public_key.verifier(
signature_bytes, signature_hash_algorithm
verifier = verifiers.DSAVerifier(
signature_bytes, signature_hash_algorithm,
signer_public_key,
)
verifier.update(certificate.tbs_certificate_bytes)

View File

@ -145,15 +145,15 @@ class TestSignatureUtils(base.TestCase):
data = b'224626ae19824466f2a7f39ab7b80f7f'
mock_get_pub_key.return_value = TEST_RSA_PRIVATE_KEY.public_key()
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
signer = TEST_RSA_PRIVATE_KEY.signer(
sig = TEST_RSA_PRIVATE_KEY.sign(
data,
padding.PSS(
mgf=padding.MGF1(hash_alg),
salt_length=padding.PSS.MAX_LENGTH
),
hash_alg
)
signer.update(data)
signature = base64.b64encode(signer.finalize())
signature = base64.b64encode(sig)
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
verifier = signature_utils.get_verifier(None, img_sig_cert_uuid,
hash_name, signature,
@ -179,11 +179,11 @@ class TestSignatureUtils(base.TestCase):
default_backend())
mock_get_pub_key.return_value = private_key.public_key()
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
signer = private_key.signer(
sig = private_key.sign(
data,
ec.ECDSA(hash_alg)
)
signer.update(data)
signature = base64.b64encode(signer.finalize())
signature = base64.b64encode(sig)
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
verifier = signature_utils.get_verifier(None,
img_sig_cert_uuid,
@ -197,11 +197,11 @@ class TestSignatureUtils(base.TestCase):
data = b'224626ae19824466f2a7f39ab7b80f7f'
mock_get_pub_key.return_value = TEST_DSA_PRIVATE_KEY.public_key()
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
signer = TEST_DSA_PRIVATE_KEY.signer(
sig = TEST_DSA_PRIVATE_KEY.sign(
data,
hash_alg
)
signer.update(data)
signature = base64.b64encode(signer.finalize())
signature = base64.b64encode(sig)
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
verifier = signature_utils.get_verifier(None, img_sig_cert_uuid,
hash_name, signature,