x509: use python-cryptography to process certs

Update x509.load_certificate and related functions to return python-cryptography ``Certificate`` objects. Update the call sites accordingly, including removal of NSS initialisation code. Also update GeneralName parsing code to return python-cryptography GeneralName values, for consistency with other code that processes GeneralNames. The new function, `get_san_general_names`, and associated helper functions, can be removed when python-cryptography provides a way to deal with unrecognised critical extensions. Part of: https://fedorahosted.org/freeipa/ticket/6398 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
author: Fraser Tweedale <ftweedal@redhat.com> 2016-10-13 17:12:31 +1000
committer: David Kupka <dkupka@redhat.com> 2016-11-10 10:21:47 +0100
commit: db116f73fe5fc199bb2e28103cf5e3e2a24eab4c (patch)
tree: ff1a043b376ec4d98b6399040a868e8b45725ee0 /ipatests/test_ipaserver/test_ldap.py
parent: c57dc890b2bf447ab575f2e91249179bce3f05d5 (diff)
download: freeipa-db116f73fe5fc199bb2e28103cf5e3e2a24eab4c.tar.gz
freeipa-db116f73fe5fc199bb2e28103cf5e3e2a24eab4c.tar.xz
freeipa-db116f73fe5fc199bb2e28103cf5e3e2a24eab4c.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/ipatests/test_ipaserver/test_ldap.py b/ipatests/test_ipaserver/test_ldap.py
index 904c8415c..1ea995999 100644
--- a/ipatests/test_ipaserver/test_ldap.py
+++ b/ipatests/test_ipaserver/test_ldap.py
@@ -80,7 +80,7 @@ class test_ldap(object):
         entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
         cert = entry_attrs.get('usercertificate')
         cert = cert[0]
-        serial = unicode(x509.get_serial_number(cert, x509.DER))
+        serial = x509.load_certificate(cert, x509.DER).serial
         assert serial is not None
 
     def test_simple(self):
@@ -99,7 +99,7 @@ class test_ldap(object):
         entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
         cert = entry_attrs.get('usercertificate')
         cert = cert[0]
-        serial = unicode(x509.get_serial_number(cert, x509.DER))
+        serial = x509.load_certificate(cert, x509.DER).serial
         assert serial is not None
 
     def test_Backend(self):
@@ -127,7 +127,7 @@ class test_ldap(object):
         entry_attrs = result['result']
         cert = entry_attrs.get('usercertificate')
         cert = cert[0]
-        serial = unicode(x509.get_serial_number(cert, x509.DER))
+        serial = x509.load_certificate(cert, x509.DER).serial
         assert serial is not None
 
     def test_autobind(self):
@@ -143,7 +143,7 @@ class test_ldap(object):
         entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
         cert = entry_attrs.get('usercertificate')
         cert = cert[0]
-        serial = unicode(x509.get_serial_number(cert, x509.DER))
+        serial = x509.load_certificate(cert, x509.DER).serial
         assert serial is not None
author	Fraser Tweedale <ftweedal@redhat.com>	2016-10-13 17:12:31 +1000
committer	David Kupka <dkupka@redhat.com>	2016-11-10 10:21:47 +0100
commit	db116f73fe5fc199bb2e28103cf5e3e2a24eab4c (patch)
tree	ff1a043b376ec4d98b6399040a868e8b45725ee0 /ipatests/test_ipaserver/test_ldap.py
parent	c57dc890b2bf447ab575f2e91249179bce3f05d5 (diff)
download	freeipa-db116f73fe5fc199bb2e28103cf5e3e2a24eab4c.tar.gz freeipa-db116f73fe5fc199bb2e28103cf5e3e2a24eab4c.tar.xz freeipa-db116f73fe5fc199bb2e28103cf5e3e2a24eab4c.zip