IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipatests: Add compatibility against python-cryptography 3.0

Browse Source 
The recently released python-cryptography 3.0 has backward incompatible
changes. One of them [0] breaks FreeIPA self-tests.

Note: this requires python-cryptography 2.7+.

[0] 3b2102af54

Fixes: https://pagure.io/freeipa/issue/8428
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Stanislav Levin 2020-07-23 15:04:49 +03:00 committed by Rob Crittenden
parent 999485909a
commit 06a344a5d9
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ipatests/pytest_ipa/integration/create_caless_pki.py
View File

@ -20,11 +20,13 @@ import os
import os.path import os.path
import six import six
from cryptography import __version__ as cryptography_version
from cryptography import x509 from cryptography import x509
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.x509.oid import NameOID from cryptography.x509.oid import NameOID
from pkg_resources import parse_version
from pyasn1.type import univ, char, namedtype, tag from pyasn1.type import univ, char, namedtype, tag
from pyasn1.codec.der import encoder as der_encoder from pyasn1.codec.der import encoder as der_encoder
from pyasn1.codec.native import decoder as native_decoder from pyasn1.codec.native import decoder as native_decoder
@ -150,13 +152,22 @@ def profile_ca(builder, ca_nick, ca):
critical=False, critical=False,
) )
else: else:
ski = ca.cert.extensions.get_extension_for_class( ski_ext = ca.cert.extensions.get_extension_for_class(
x509.SubjectKeyIdentifier) x509.SubjectKeyIdentifier
builder = builder.add_extension(
x509.AuthorityKeyIdentifier
.from_issuer_subject_key_identifier(ski),
critical=False,
) )
auth_keyidentifier = (x509.AuthorityKeyIdentifier
.from_issuer_subject_key_identifier)
'''
cryptography < 2.7 accepts only Extension object.
Remove this workaround when all supported platforms update
python-cryptography.
'''
if (parse_version(cryptography_version) >= parse_version('2.7')):
extension = auth_keyidentifier(ski_ext.value)
else:
extension = auth_keyidentifier(ski_ext)
builder = builder.add_extension(extension, critical=False)
return builder return builder