This is an automated email from the ASF dual-hosted git repository.
pearl11594 pushed a commit to branch 4.19
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.19 by this push:
new 55c8138a1a7 test: fix test_certauthority_root.py (#10762)
55c8138a1a7 is described below
commit 55c8138a1a75a19ca61580dd4d610e1a05fc5dea
Author: Wei Zhou <weiz...@apache.org>
AuthorDate: Thu Apr 24 10:43:20 2025 +0200
test: fix test_certauthority_root.py (#10762)
it does not work with python3
```
2025-04-18T10:43:58.5235913Z 2025-04-18 10:32:20,503 - CRITICAL -
EXCEPTION: Failure:: ['Traceback (most recent call last):\n', ' File
"/opt/hostedtoolcache/Python/3.10.17/x64/lib/python3.10/unittest/case.py", line
59, in testPartExecutor\n yield\n', ' File
"/opt/hostedtoolcache/Python/3.10.17/x64/lib/python3.10/unittest/case.py", line
591, in run\n self._callTestMethod(testMethod)\n', ' File
"/opt/hostedtoolcache/Python/3.10.17/x64/lib/python3.10/unittest/case.py", line
549, [...]
```
---
test/integration/smoke/test_certauthority_root.py | 36 +++++++++++------------
1 file changed, 17 insertions(+), 19 deletions(-)
diff --git a/test/integration/smoke/test_certauthority_root.py
b/test/integration/smoke/test_certauthority_root.py
index f20314ad4c5..dc6420d6369 100644
--- a/test/integration/smoke/test_certauthority_root.py
+++ b/test/integration/smoke/test_certauthority_root.py
@@ -24,13 +24,7 @@ from marvin.lib.common import list_hosts
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
-from OpenSSL.crypto import FILETYPE_PEM, verify, X509
-
-PUBKEY_VERIFY=True
-try:
- from OpenSSL.crypto import load_publickey
-except ImportError:
- PUBKEY_VERIFY=False
+from cryptography.hazmat.primitives.asymmetric import padding
class TestCARootProvider(cloudstackTestCase):
@@ -52,6 +46,20 @@ class TestCARootProvider(cloudstackTestCase):
raise Exception("Warning: Exception during cleanup : %s" % e)
+ def verifySignature(self, caCert, cert):
+ print("Verifying Certificate")
+ caPublicKey = caCert.public_key()
+ try:
+ caPublicKey.verify(
+ cert.signature,
+ cert.tbs_certificate_bytes,
+ padding.PKCS1v15(),
+ cert.signature_hash_algorithm,
+ )
+ print("Certificate is valid!")
+ except Exception as e:
+ print(f"Certificate verification failed: {e}")
+
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
@@ -136,13 +144,8 @@ class TestCARootProvider(cloudstackTestCase):
self.assertTrue(address in [str(x) for x in
altNames.value.get_values_for_type(x509.IPAddress)])
# Validate certificate against CA public key
- global PUBKEY_VERIFY
- if not PUBKEY_VERIFY:
- return
caCert =
x509.load_pem_x509_certificate(self.getCaCertificate().encode(),
default_backend())
- x = X509()
- x.set_pubkey(load_publickey(FILETYPE_PEM,
caCert.public_key().public_bytes(serialization.Encoding.PEM,
serialization.PublicFormat.SubjectPublicKeyInfo)))
- verify(x, cert.signature, cert.tbs_certificate_bytes,
cert.signature_hash_algorithm.name)
+ self.verifySignature(caCert, cert)
@attr(tags=['advanced', 'simulator', 'basic', 'sg'],
required_hardware=False)
@@ -165,13 +168,8 @@ class TestCARootProvider(cloudstackTestCase):
self.assertEqual(cert.subject.get_attributes_for_oid(x509.oid.NameOID.COMMON_NAME)[0].value,
'v-1-VM')
# Validate certificate against CA public key
- global PUBKEY_VERIFY
- if not PUBKEY_VERIFY:
- return
caCert =
x509.load_pem_x509_certificate(self.getCaCertificate().encode(),
default_backend())
- x = X509()
- x.set_pubkey(load_publickey(FILETYPE_PEM,
caCert.public_key().public_bytes(serialization.Encoding.PEM,
serialization.PublicFormat.SubjectPublicKeyInfo)))
- verify(x, cert.signature, cert.tbs_certificate_bytes,
cert.signature_hash_algorithm.name)
+ self.verifySignature(caCert, cert)
@attr(tags=['advanced', 'simulator', 'basic', 'sg'],
required_hardware=False)
