test_acme: Use ipalib.x509

Use IPA's x509 module instead of `cryptography.x509`. This fixes a regression which was introduced in commit a45a7a20. Related: https://pagure.io/freeipa/issue/9518 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
2025-02-25 18:55:28 -06:00 · 2024-01-25 08:56:11 +01:00 · 2024-01-25 08:56:11 +01:00 · 22875ea2c6
commit 22875ea2c6
parent a45a7a20d9
2 changed files with 6 additions and 8 deletions
--- a/ipatests/test_integration/test_acme.py
+++ b/ipatests/test_integration/test_acme.py
@ -4,11 +4,10 @@

 import time

-from cryptography.hazmat.backends import default_backend
-from cryptography import x509
 import pytest

 from ipalib.constants import IPA_CA_RECORD
+from ipalib import x509
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.pytest_ipa.integration.firewall import Firewall
 from ipatests.pytest_ipa.integration import tasks
@ -278,7 +277,7 @@ class TestACME(CALessBase):
        cert_path = \
            f'/etc/letsencrypt/live/{self.clients[0].hostname}/cert.pem'
        data = self.clients[0].get_file_contents(cert_path)
-        cert = x509.load_pem_x509_certificate(data, backend=default_backend())
+        cert = x509.load_pem_x509_certificate(data)

        # revoke cert via ACME
        self.clients[0].run_command(
@ -669,7 +668,7 @@ class TestACMERenew(IntegrationTest):
        data = self.clients[0].get_file_contents(
            f'/etc/letsencrypt/live/{self.clients[0].hostname}/cert.pem'
        )
-        cert = x509.load_pem_x509_certificate(data, backend=default_backend())
+        cert = x509.load_pem_x509_certificate(data)
        initial_expiry = cert.not_valid_after_utc

        self.clients[0].run_command(['certbot', 'renew'])
@ -677,7 +676,7 @@ class TestACMERenew(IntegrationTest):
        data = self.clients[0].get_file_contents(
            f'/etc/letsencrypt/live/{self.clients[0].hostname}/cert.pem'
        )
-        cert = x509.load_pem_x509_certificate(data, backend=default_backend())
+        cert = x509.load_pem_x509_certificate(data)
        renewed_expiry = cert.not_valid_after_utc

        assert initial_expiry != renewed_expiry
--- a/ipatests/test_integration/test_ipa_cert_fix.py
+++ b/ipatests/test_integration/test_ipa_cert_fix.py
@ -5,13 +5,12 @@
 """
 Module provides tests for ipa-cert-fix CLI.
 """
-from cryptography.hazmat.backends import default_backend
-from cryptography import x509
 from datetime import datetime, date
 import pytest
 import time

 import logging
+from ipalib import x509
 from ipaplatform.paths import paths
 from ipapython.ipaldap import realm_to_serverid
 from ipatests.pytest_ipa.integration import tasks
@ -91,7 +90,7 @@ def get_cert_expiry(host, nssdb_path, cert_nick):
        '-o', '/root/cert.pem'
    ])
    data = host.get_file_contents('/root/cert.pem')
-    cert = x509.load_pem_x509_certificate(data, backend=default_backend())
+    cert = x509.load_pem_x509_certificate(data)
    return cert.not_valid_after_utc