Stop using removed verifier and signer methods
These methods is removed in [1] so we move to our wrappers for verifiers introduced in [2] and then updateo ur testing to not use signer as well. [1] https://github.com/pyca/cryptography/pull/6639 [2] https://review.opendev.org/c/x/cursive/+/547146 Change-Id: I07b2d9c41c5c659692e5bfd6570b66fd646faa2b
This commit is contained in:
parent
45eba574e3
commit
c3c1dfb97c
@ -21,6 +21,8 @@ from oslo_utils import timeutils
|
|||||||
|
|
||||||
from cursive import exception
|
from cursive import exception
|
||||||
from cursive import signature_utils
|
from cursive import signature_utils
|
||||||
|
from cursive import verifiers
|
||||||
|
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
@ -135,16 +137,19 @@ def verify_certificate_signature(signing_certificate, certificate):
|
|||||||
signer_public_key = signing_certificate.public_key()
|
signer_public_key = signing_certificate.public_key()
|
||||||
|
|
||||||
if isinstance(signer_public_key, rsa.RSAPublicKey):
|
if isinstance(signer_public_key, rsa.RSAPublicKey):
|
||||||
verifier = signer_public_key.verifier(
|
verifier = verifiers.RSAVerifier(
|
||||||
signature_bytes, padding.PKCS1v15(), signature_hash_algorithm
|
signature_bytes, signature_hash_algorithm,
|
||||||
|
signer_public_key, padding.PKCS1v15(),
|
||||||
)
|
)
|
||||||
elif isinstance(signer_public_key, ec.EllipticCurvePublicKey):
|
elif isinstance(signer_public_key, ec.EllipticCurvePublicKey):
|
||||||
verifier = signer_public_key.verifier(
|
verifier = verifiers.ECCVerifier(
|
||||||
signature_bytes, ec.ECDSA(signature_hash_algorithm)
|
signature_bytes, signature_hash_algorithm,
|
||||||
|
signer_public_key,
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
verifier = signer_public_key.verifier(
|
verifier = verifiers.DSAVerifier(
|
||||||
signature_bytes, signature_hash_algorithm
|
signature_bytes, signature_hash_algorithm,
|
||||||
|
signer_public_key,
|
||||||
)
|
)
|
||||||
|
|
||||||
verifier.update(certificate.tbs_certificate_bytes)
|
verifier.update(certificate.tbs_certificate_bytes)
|
||||||
|
@ -145,15 +145,15 @@ class TestSignatureUtils(base.TestCase):
|
|||||||
data = b'224626ae19824466f2a7f39ab7b80f7f'
|
data = b'224626ae19824466f2a7f39ab7b80f7f'
|
||||||
mock_get_pub_key.return_value = TEST_RSA_PRIVATE_KEY.public_key()
|
mock_get_pub_key.return_value = TEST_RSA_PRIVATE_KEY.public_key()
|
||||||
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
|
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
|
||||||
signer = TEST_RSA_PRIVATE_KEY.signer(
|
sig = TEST_RSA_PRIVATE_KEY.sign(
|
||||||
|
data,
|
||||||
padding.PSS(
|
padding.PSS(
|
||||||
mgf=padding.MGF1(hash_alg),
|
mgf=padding.MGF1(hash_alg),
|
||||||
salt_length=padding.PSS.MAX_LENGTH
|
salt_length=padding.PSS.MAX_LENGTH
|
||||||
),
|
),
|
||||||
hash_alg
|
hash_alg
|
||||||
)
|
)
|
||||||
signer.update(data)
|
signature = base64.b64encode(sig)
|
||||||
signature = base64.b64encode(signer.finalize())
|
|
||||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||||
verifier = signature_utils.get_verifier(None, img_sig_cert_uuid,
|
verifier = signature_utils.get_verifier(None, img_sig_cert_uuid,
|
||||||
hash_name, signature,
|
hash_name, signature,
|
||||||
@ -179,11 +179,11 @@ class TestSignatureUtils(base.TestCase):
|
|||||||
default_backend())
|
default_backend())
|
||||||
mock_get_pub_key.return_value = private_key.public_key()
|
mock_get_pub_key.return_value = private_key.public_key()
|
||||||
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
|
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
|
||||||
signer = private_key.signer(
|
sig = private_key.sign(
|
||||||
|
data,
|
||||||
ec.ECDSA(hash_alg)
|
ec.ECDSA(hash_alg)
|
||||||
)
|
)
|
||||||
signer.update(data)
|
signature = base64.b64encode(sig)
|
||||||
signature = base64.b64encode(signer.finalize())
|
|
||||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||||
verifier = signature_utils.get_verifier(None,
|
verifier = signature_utils.get_verifier(None,
|
||||||
img_sig_cert_uuid,
|
img_sig_cert_uuid,
|
||||||
@ -197,11 +197,11 @@ class TestSignatureUtils(base.TestCase):
|
|||||||
data = b'224626ae19824466f2a7f39ab7b80f7f'
|
data = b'224626ae19824466f2a7f39ab7b80f7f'
|
||||||
mock_get_pub_key.return_value = TEST_DSA_PRIVATE_KEY.public_key()
|
mock_get_pub_key.return_value = TEST_DSA_PRIVATE_KEY.public_key()
|
||||||
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
|
for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
|
||||||
signer = TEST_DSA_PRIVATE_KEY.signer(
|
sig = TEST_DSA_PRIVATE_KEY.sign(
|
||||||
|
data,
|
||||||
hash_alg
|
hash_alg
|
||||||
)
|
)
|
||||||
signer.update(data)
|
signature = base64.b64encode(sig)
|
||||||
signature = base64.b64encode(signer.finalize())
|
|
||||||
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
img_sig_cert_uuid = 'fea14bc2-d75f-4ba5-bccc-b5c924ad0693'
|
||||||
verifier = signature_utils.get_verifier(None, img_sig_cert_uuid,
|
verifier = signature_utils.get_verifier(None, img_sig_cert_uuid,
|
||||||
hash_name, signature,
|
hash_name, signature,
|
||||||
|
Loading…
Reference in New Issue
Block a user