#8428 [ipatests] fails due to new python-cryptography 3.0
Closed: fixed 3 months ago by frenaud. Opened 4 months ago by slev.

cls = <class 'ipatests.test_integration.test_caless.TestServerReplicaCALessToCAFull'>
mh = <pytest_multihost.plugin.MultihostFixture object at 0x7f28ac50c040>

    @classmethod
    def install(cls, mh):
        cls.cert_dir = tempfile.mkdtemp(prefix="ipatest-")
        cls.pem_filename = os.path.join(cls.cert_dir, 'root.pem')
        cls.ca2_crt = 'ca2_crt.pem'
        cls.ca2_kdc_crt = 'ca2_kdc_crt.pem'
        cls.cert_password = cls.master.config.admin_password
        cls.crl_path = os.path.join(cls.master.config.test_dir, 'crl')

        if cls.replicas:  # pylint: disable=using-constant-test
            replica_hostname = cls.replicas[0].hostname
        else:
            replica_hostname = 'unused-replica.test'
        if cls.clients:  # pylint: disable=using-constant-test
            client_hostname = cls.clients[0].hostname
        else:
            client_hostname = 'unused-client.test'

        create_caless_pki.domain = unicode(cls.master.domain.name)
        create_caless_pki.realm = unicode(cls.master.domain.name.upper())
        create_caless_pki.server1 = unicode(cls.master.hostname)
        create_caless_pki.server2 = unicode(replica_hostname)
        create_caless_pki.client = unicode(client_hostname)
        create_caless_pki.password = unicode(cls.master.config.dirman_password)
        create_caless_pki.cert_dir = unicode(cls.cert_dir)

        # here we generate our certificates (not yet converted to .p12)
        logger.info('Generating certificates to %s', cls.cert_dir)
>       create_caless_pki.create_pki()

test_integration/test_caless.py:152: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
pytest_ipa/integration/create_caless_pki.py:563: in create_pki
    gen_subtree(u'subca', u'Subsidiary Example Organization', ca1)
pytest_ipa/integration/create_caless_pki.py:498: in gen_subtree
    subca = gen_cert(profile_ca, nick_base,
pytest_ipa/integration/create_caless_pki.py:312: in gen_cert
    builder = profile(builder, ca_nick, ca, **kwargs)
pytest_ipa/integration/create_caless_pki.py:156: in profile_ca
    x509.AuthorityKeyIdentifier
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

cls = <class 'cryptography.x509.extensions.AuthorityKeyIdentifier'>
ski = <Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(digest=b"*\xcd\xe1\xbcX7L\xfb\x8c\xc4\xa2\xa4\xf2i\\'\x84\x95\xde{")>)>

    @classmethod
    def from_issuer_subject_key_identifier(cls, ski):
        return cls(
>           key_identifier=ski.digest,
            authority_cert_issuer=None,
            authority_cert_serial_number=None,
        )
E       AttributeError: 'Extension' object has no attribute 'digest'

../cryptography/x509/extensions.py:221: AttributeError

python-cryptography deprecated passing an Extension object in favor of SubjectKeyIdentifier since 2.7 and turned this into the error in 3.0 [0].

[0]: https://github.com/pyca/cryptography/commit/3b2102af549c1095d5478bb1243ee4cf76b9762b


master:

  • 06a344a ipatests: Add compatibility against python-cryptography 3.0

ipa-4-8:

  • a55ccdb ipatests: Add compatibility against python-cryptography 3.0

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 months ago

Login to comment on this ticket.

Metadata