freeipa

Clone
Source Code
GIT

#8428 [ipatests] fails due to new python-cryptography 3.0
Closed: fixed 3 years ago by frenaud. Opened 3 years ago by slev.

Closed: fixed
Reopen Issue 
cls = <class 'ipatests.test_integration.test_caless.TestServerReplicaCALessToCAFull'>
mh = <pytest_multihost.plugin.MultihostFixture object at 0x7f28ac50c040>

    @classmethod
    def install(cls, mh):
        cls.cert_dir = tempfile.mkdtemp(prefix="ipatest-")
        cls.pem_filename = os.path.join(cls.cert_dir, 'root.pem')
        cls.ca2_crt = 'ca2_crt.pem'
        cls.ca2_kdc_crt = 'ca2_kdc_crt.pem'
        cls.cert_password = cls.master.config.admin_password
        cls.crl_path = os.path.join(cls.master.config.test_dir, 'crl')

        if cls.replicas:  # pylint: disable=using-constant-test
            replica_hostname = cls.replicas[0].hostname
        else:
            replica_hostname = 'unused-replica.test'
        if cls.clients:  # pylint: disable=using-constant-test
            client_hostname = cls.clients[0].hostname
        else:
            client_hostname = 'unused-client.test'

        create_caless_pki.domain = unicode(cls.master.domain.name)
        create_caless_pki.realm = unicode(cls.master.domain.name.upper())
        create_caless_pki.server1 = unicode(cls.master.hostname)
        create_caless_pki.server2 = unicode(replica_hostname)
        create_caless_pki.client = unicode(client_hostname)
        create_caless_pki.password = unicode(cls.master.config.dirman_password)
        create_caless_pki.cert_dir = unicode(cls.cert_dir)

        # here we generate our certificates (not yet converted to .p12)
        logger.info('Generating certificates to %s', cls.cert_dir)
>       create_caless_pki.create_pki()

test_integration/test_caless.py:152: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
pytest_ipa/integration/create_caless_pki.py:563: in create_pki
    gen_subtree(u'subca', u'Subsidiary Example Organization', ca1)
pytest_ipa/integration/create_caless_pki.py:498: in gen_subtree
    subca = gen_cert(profile_ca, nick_base,
pytest_ipa/integration/create_caless_pki.py:312: in gen_cert
    builder = profile(builder, ca_nick, ca, **kwargs)
pytest_ipa/integration/create_caless_pki.py:156: in profile_ca
    x509.AuthorityKeyIdentifier
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

cls = <class 'cryptography.x509.extensions.AuthorityKeyIdentifier'>
ski = <Extension(oid=<ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>, critical=False, value=<SubjectKeyIdentifier(digest=b"*\xcd\xe1\xbcX7L\xfb\x8c\xc4\xa2\xa4\xf2i\\'\x84\x95\xde{")>)>

    @classmethod
    def from_issuer_subject_key_identifier(cls, ski):
        return cls(
>           key_identifier=ski.digest,
            authority_cert_issuer=None,
            authority_cert_serial_number=None,
        )
E       AttributeError: 'Extension' object has no attribute 'digest'

../cryptography/x509/extensions.py:221: AttributeError

python-cryptography deprecated passing an Extension object in favor of SubjectKeyIdentifier since 2.7 and turned this into the error in 3.0 [0].

[0]: https://github.com/pyca/cryptography/commit/3b2102af549c1095d5478bb1243ee4cf76b9762b

master:

  • 06a344a ipatests: Add compatibility against python-cryptography 3.0

ipa-4-8:

  • a55ccdb ipatests: Add compatibility against python-cryptography 3.0

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.