x509: use python-cryptography to process certs

Update x509.load_certificate and related functions to return python-cryptography ``Certificate`` objects. Update the call sites accordingly, including removal of NSS initialisation code. Also update GeneralName parsing code to return python-cryptography GeneralName values, for consistency with other code that processes GeneralNames. The new function, `get_san_general_names`, and associated helper functions, can be removed when python-cryptography provides a way to deal with unrecognised critical extensions. Part of: https://fedorahosted.org/freeipa/ticket/6398 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-10-13 17:12:31 +10:00
parent c57dc890b2
commit db116f73fe
16 changed files with 369 additions and 397 deletions
--- a/ipatests/test_ipaserver/test_ldap.py
+++ b/ipatests/test_ipaserver/test_ldap.py
@@ -80,7 +80,7 @@ class test_ldap(object):
        entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
        cert = entry_attrs.get('usercertificate')
        cert = cert[0]
-        serial = unicode(x509.get_serial_number(cert, x509.DER))
+        serial = x509.load_certificate(cert, x509.DER).serial
        assert serial is not None

    def test_simple(self):
@@ -99,7 +99,7 @@ class test_ldap(object):
        entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
        cert = entry_attrs.get('usercertificate')
        cert = cert[0]
-        serial = unicode(x509.get_serial_number(cert, x509.DER))
+        serial = x509.load_certificate(cert, x509.DER).serial
        assert serial is not None

    def test_Backend(self):
@@ -127,7 +127,7 @@ class test_ldap(object):
        entry_attrs = result['result']
        cert = entry_attrs.get('usercertificate')
        cert = cert[0]
-        serial = unicode(x509.get_serial_number(cert, x509.DER))
+        serial = x509.load_certificate(cert, x509.DER).serial
        assert serial is not None

    def test_autobind(self):
@@ -143,7 +143,7 @@ class test_ldap(object):
        entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
        cert = entry_attrs.get('usercertificate')
        cert = cert[0]
-        serial = unicode(x509.get_serial_number(cert, x509.DER))
+        serial = x509.load_certificate(cert, x509.DER).serial
        assert serial is not None