test: fix test_certauthority_root.py (#10762)

it does not work with python3 ``` 2025-04-18T10:43:58.5235913Z 2025-04-18 10:32:20,503 - CRITICAL - EXCEPTION: Failure:: ['Traceback (most recent call last):\n', ' File "/opt/hostedtoolcache/Python/3.10.17/x64/lib/python3.10/unittest/case.py", line 59, in testPartExecutor\n yield\n', ' File "/opt/hostedtoolcache/Python/3.10.17/x64/lib/python3.10/unittest/case.py", line 591, in run\n self._callTestMethod(testMethod)\n', ' File "/opt/hostedtoolcache/Python/3.10.17/x64/lib/python3.10/unittest/case.py", line 549, in _callTestMethod\n method()\n', ' File "/home/runner/.local/lib/python3.10/site-packages/nose/failure.py", line 35, in runTest\n raise self.exc_val.with_traceback(self.tb)\n', ' File "/home/runner/.local/lib/python3.10/site-packages/nose/loader.py", line 335, in loadTestsFromName\n module = self.importer.importFromPath(\n', ' File "/home/runner/.local/lib/python3.10/site-packages/nose/importer.py", line 162, in importFromPath\n return self.importFromDir(dir_path, fqname)\n', ' File "/home/runner/.local/lib/python3.10/site-packages/nose/importer.py", line 198, in importFromDir\n mod = load_module(part_fqname, fh, filename, desc)\n', ' File "/home/runner/.local/lib/python3.10/site-packages/nose/importer.py", line 128, in load_module\n spec.loader.exec_module(mod)\n', ' File "<frozen importlib._bootstrap_external>", line 883, in exec_module\n', ' File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed\n', ' File "/home/runner/work/cloudstack/cloudstack/test/integration/smoke/test_certauthority_root.py", line 27, in <module>\n from OpenSSL.crypto import FILETYPE_PEM, verify, X509\n', "ImportError: cannot import name 'verify' from 'OpenSSL.crypto' (unknown location)\n"] ```
2025-10-26 08:42:29 +01:00 · 2025-04-24 10:43:20 +02:00 · 2025-04-24 10:43:20 +02:00 · 55c8138a1a
commit 55c8138a1a
parent 422264f005
1 changed files with 17 additions and 19 deletions
--- a/test/integration/smoke/test_certauthority_root.py
+++ b/test/integration/smoke/test_certauthority_root.py
@ -24,13 +24,7 @@ from marvin.lib.common import list_hosts
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
-from OpenSSL.crypto import FILETYPE_PEM, verify, X509
-
-PUBKEY_VERIFY=True
-try:
-    from OpenSSL.crypto import load_publickey
-except ImportError:
-    PUBKEY_VERIFY=False
+from cryptography.hazmat.primitives.asymmetric import padding


 class TestCARootProvider(cloudstackTestCase):
@ -52,6 +46,20 @@ class TestCARootProvider(cloudstackTestCase):
            raise Exception("Warning: Exception during cleanup : %s" % e)


+    def verifySignature(self, caCert, cert):
+        print("Verifying Certificate")
+        caPublicKey = caCert.public_key()
+        try:
+            caPublicKey.verify(
+                cert.signature,
+                cert.tbs_certificate_bytes,
+                padding.PKCS1v15(),
+                cert.signature_hash_algorithm,
+            )
+            print("Certificate is valid!")
+        except Exception as e:
+            print(f"Certificate verification failed: {e}")
+
    def setUp(self):
        self.apiclient = self.testClient.getApiClient()
        self.dbclient = self.testClient.getDbConnection()
@ -136,13 +144,8 @@ class TestCARootProvider(cloudstackTestCase):
            self.assertTrue(address in [str(x) for x in altNames.value.get_values_for_type(x509.IPAddress)])

        # Validate certificate against CA public key
-        global PUBKEY_VERIFY
-        if not PUBKEY_VERIFY:
-            return
        caCert =  x509.load_pem_x509_certificate(self.getCaCertificate().encode(), default_backend())
-        x = X509()
-        x.set_pubkey(load_publickey(FILETYPE_PEM, caCert.public_key().public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo)))
-        verify(x, cert.signature, cert.tbs_certificate_bytes, cert.signature_hash_algorithm.name)
+        self.verifySignature(caCert, cert)


    @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)
@ -165,13 +168,8 @@ class TestCARootProvider(cloudstackTestCase):
        self.assertEqual(cert.subject.get_attributes_for_oid(x509.oid.NameOID.COMMON_NAME)[0].value, 'v-1-VM')

        # Validate certificate against CA public key
-        global PUBKEY_VERIFY
-        if not PUBKEY_VERIFY:
-            return
        caCert =  x509.load_pem_x509_certificate(self.getCaCertificate().encode(), default_backend())
-        x = X509()
-        x.set_pubkey(load_publickey(FILETYPE_PEM, caCert.public_key().public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo)))
-        verify(x, cert.signature, cert.tbs_certificate_bytes, cert.signature_hash_algorithm.name)
+        self.verifySignature(caCert, cert)


    @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)