Skip to content

Commit

Permalink
Use cryptography instead of OpenSSL.crypto
Browse files Browse the repository at this point in the history 
Signed-off-by: Flynn <[email protected]>
  • Loading branch information
@kflynn
kflynn committed Dec 4, 2024
1 parent 29e9606 commit def78bb
Showing 1 changed file with 24 additions and 17 deletions.
41 changes: 24 additions & 17 deletions python/tests/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,13 @@
from base64 import b64encode
from collections import namedtuple

from cryptography import x509
from cryptography.hazmat.primitives import hashes, serialization
# from cryptography.hazmat.primitives.asymmetric import rsa
# from cryptography.x509.oid import NameOID
from datetime import datetime, timedelta

import pytest
from OpenSSL import crypto

from ambassador import IR, Cache, Config, EnvoyConfig
from ambassador.compile import Compile
Expand Down Expand Up @@ -342,24 +347,26 @@ def assert_valid_envoy_config(config_dict, extra_dirs=[]):


def create_crl_pem_b64(issuerCert, issuerKey, revokedCerts):
when = b"20220516010101Z"
crl = crypto.CRL()
crl.set_lastUpdate(when)
when = datetime.datetime(year=2022, month=5, day=16, hour=1, minute=1, second=1, tz=datetime.timezone.utc)

crl_builder = x509.CertificateRevocationListBuilder()
crl_builder = crl_builder.last_update(when)
crl_builder = crl_builder.next_update(datetime.now(datetime.timezone.utc)() + timedelta(days=30))

for revokedCert in revokedCerts:
clientCert = crypto.load_certificate(crypto.FILETYPE_PEM, bytes(revokedCert, "utf-8"))
r = crypto.Revoked()
r.set_serial(bytes("{:x}".format(clientCert.get_serial_number()), "ascii"))
r.set_rev_date(when)
r.set_reason(None)
crl.add_revoked(r)

cert = crypto.load_certificate(crypto.FILETYPE_PEM, bytes(issuerCert, "utf-8"))
key = crypto.load_privatekey(crypto.FILETYPE_PEM, bytes(issuerKey, "utf-8"))
crl.sign(cert, key, b"sha256")
return b64encode(
(crypto.dump_crl(crypto.FILETYPE_PEM, crl).decode("utf-8") + "\n").encode("utf-8")
).decode("utf-8")
clientCert = x509.load_pem_x509_certificate(revokedCert.encode("utf-8"))
revoked_cert = x509.RevokedCertificateBuilder().serial_number(
clientCert.serial_number
).revocation_date(
when
).build()
crl_builder = crl_builder.add_revoked_certificate(revoked_cert)

# cert = x509.load_pem_x509_certificate(issuerCert.encode("utf-8"))
key = serialization.load_pem_private_key(issuerKey.encode("utf-8"), password=None)

crl = crl_builder.sign(private_key=key, algorithm=hashes.SHA256())
return b64encode(crl.public_bytes(serialization.Encoding.PEM)).decode("utf-8")


def skip_edgestack():
Expand Down

0 comments on commit def78bb

Please sign in to comment.