From 55c8138a1a75a19ca61580dd4d610e1a05fc5dea Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Thu, 24 Apr 2025 10:43:20 +0200
Subject: [PATCH] test: fix test_certauthority_root.py (#10762)

it does not work with python3
```
2025-04-18T10:43:58.5235913Z 2025-04-18 10:32:20,503 - CRITICAL - EXCEPTION: Failure:: ['Traceback (most recent call last):\n', '  File "/opt/hostedtoolcache/Python/3.10.17/x64/lib/python3.10/unittest/case.py", line 59, in testPartExecutor\n    yield\n', '  File "/opt/hostedtoolcache/Python/3.10.17/x64/lib/python3.10/unittest/case.py", line 591, in run\n    self._callTestMethod(testMethod)\n', '  File "/opt/hostedtoolcache/Python/3.10.17/x64/lib/python3.10/unittest/case.py", line 549, in _callTestMethod\n    method()\n', '  File "/home/runner/.local/lib/python3.10/site-packages/nose/failure.py", line 35, in runTest\n    raise self.exc_val.with_traceback(self.tb)\n', '  File "/home/runner/.local/lib/python3.10/site-packages/nose/loader.py", line 335, in loadTestsFromName\n    module = self.importer.importFromPath(\n', '  File "/home/runner/.local/lib/python3.10/site-packages/nose/importer.py", line 162, in importFromPath\n    return self.importFromDir(dir_path, fqname)\n', '  File "/home/runner/.local/lib/python3.10/site-packages/nose/importer.py", line 198, in importFromDir\n    mod = load_module(part_fqname, fh, filename, desc)\n', '  File "/home/runner/.local/lib/python3.10/site-packages/nose/importer.py", line 128, in load_module\n    spec.loader.exec_module(mod)\n', '  File "<frozen importlib._bootstrap_external>", line 883, in exec_module\n', '  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed\n', '  File "/home/runner/work/cloudstack/cloudstack/test/integration/smoke/test_certauthority_root.py", line 27, in <module>\n    from OpenSSL.crypto import FILETYPE_PEM, verify, X509\n', "ImportError: cannot import name 'verify' from 'OpenSSL.crypto' (unknown location)\n"]
```
---
 .../smoke/test_certauthority_root.py          | 36 +++++++++----------
 1 file changed, 17 insertions(+), 19 deletions(-)

diff --git a/test/integration/smoke/test_certauthority_root.py b/test/integration/smoke/test_certauthority_root.py
index f20314ad4c5..dc6420d6369 100644
--- a/test/integration/smoke/test_certauthority_root.py
+++ b/test/integration/smoke/test_certauthority_root.py
@@ -24,13 +24,7 @@ from marvin.lib.common import list_hosts
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
-from OpenSSL.crypto import FILETYPE_PEM, verify, X509
-
-PUBKEY_VERIFY=True
-try:
-    from OpenSSL.crypto import load_publickey
-except ImportError:
-    PUBKEY_VERIFY=False
+from cryptography.hazmat.primitives.asymmetric import padding
 
 
 class TestCARootProvider(cloudstackTestCase):
@@ -52,6 +46,20 @@ class TestCARootProvider(cloudstackTestCase):
             raise Exception("Warning: Exception during cleanup : %s" % e)
 
 
+    def verifySignature(self, caCert, cert):
+        print("Verifying Certificate")
+        caPublicKey = caCert.public_key()
+        try:
+            caPublicKey.verify(
+                cert.signature,
+                cert.tbs_certificate_bytes,
+                padding.PKCS1v15(),
+                cert.signature_hash_algorithm,
+            )
+            print("Certificate is valid!")
+        except Exception as e:
+            print(f"Certificate verification failed: {e}")
+
     def setUp(self):
         self.apiclient = self.testClient.getApiClient()
         self.dbclient = self.testClient.getDbConnection()
@@ -136,13 +144,8 @@ class TestCARootProvider(cloudstackTestCase):
             self.assertTrue(address in [str(x) for x in altNames.value.get_values_for_type(x509.IPAddress)])
 
         # Validate certificate against CA public key
-        global PUBKEY_VERIFY
-        if not PUBKEY_VERIFY:
-            return
         caCert =  x509.load_pem_x509_certificate(self.getCaCertificate().encode(), default_backend())
-        x = X509()
-        x.set_pubkey(load_publickey(FILETYPE_PEM, caCert.public_key().public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo)))
-        verify(x, cert.signature, cert.tbs_certificate_bytes, cert.signature_hash_algorithm.name)
+        self.verifySignature(caCert, cert)
 
 
     @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)
@@ -165,13 +168,8 @@ class TestCARootProvider(cloudstackTestCase):
         self.assertEqual(cert.subject.get_attributes_for_oid(x509.oid.NameOID.COMMON_NAME)[0].value, 'v-1-VM')
 
         # Validate certificate against CA public key
-        global PUBKEY_VERIFY
-        if not PUBKEY_VERIFY:
-            return
         caCert =  x509.load_pem_x509_certificate(self.getCaCertificate().encode(), default_backend())
-        x = X509()
-        x.set_pubkey(load_publickey(FILETYPE_PEM, caCert.public_key().public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo)))
-        verify(x, cert.signature, cert.tbs_certificate_bytes, cert.signature_hash_algorithm.name)
+        self.verifySignature(caCert, cert)
 
 
     @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)