ipatests: Add compatibility against python-cryptography 3.0

The recently released python-cryptography 3.0 has backward incompatible changes. One of them [0] breaks FreeIPA self-tests. Note: this requires python-cryptography 2.7+. [0] 3b2102af54 Fixes: https://pagure.io/freeipa/issue/8428 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-07-23 15:04:49 +03:00 · 2020-07-23 15:04:49 +03:00 · 06a344a5d9
commit 06a344a5d9
parent 999485909a
1 changed files with 17 additions and 6 deletions
--- a/ipatests/pytest_ipa/integration/create_caless_pki.py
+++ b/ipatests/pytest_ipa/integration/create_caless_pki.py
@ -20,11 +20,13 @@ import os
 import os.path
 import six

+from cryptography import __version__ as cryptography_version
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.x509.oid import NameOID
+from pkg_resources import parse_version
 from pyasn1.type import univ, char, namedtype, tag
 from pyasn1.codec.der import encoder as der_encoder
 from pyasn1.codec.native import decoder as native_decoder
@ -150,13 +152,22 @@ def profile_ca(builder, ca_nick, ca):
            critical=False,
        )
    else:
-        ski = ca.cert.extensions.get_extension_for_class(
-                    x509.SubjectKeyIdentifier)
-        builder = builder.add_extension(
-            x509.AuthorityKeyIdentifier
-            .from_issuer_subject_key_identifier(ski),
-            critical=False,
+        ski_ext = ca.cert.extensions.get_extension_for_class(
+            x509.SubjectKeyIdentifier
        )
+        auth_keyidentifier = (x509.AuthorityKeyIdentifier
+                              .from_issuer_subject_key_identifier)
+        '''
+        cryptography < 2.7 accepts only Extension object.
+        Remove this workaround when all supported platforms update
+        python-cryptography.
+        '''
+        if (parse_version(cryptography_version) >= parse_version('2.7')):
+            extension = auth_keyidentifier(ski_ext.value)
+        else:
+            extension = auth_keyidentifier(ski_ext)
+
+        builder = builder.add_extension(extension, critical=False)
    return builder