martinzink commented on code in PR #2133:
URL: https://github.com/apache/nifi-minifi-cpp/pull/2133#discussion_r3112339695
##########
behave_framework/src/minifi_test_framework/core/ssl_utils.py:
##########
@@ -13,149 +13,79 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+import datetime
-import time
-import logging
-import random
-
-from M2Crypto import X509, EVP, RSA, ASN1
-from OpenSSL import crypto
-
-
-def gen_cert():
- """
- Generate TLS certificate request for testing
- """
-
- req, key = gen_req()
- pub_key = req.get_pubkey()
- subject = req.get_subject()
- cert = X509.X509()
- # noinspection PyTypeChecker
- cert.set_serial_number(1)
- cert.set_version(2)
- cert.set_subject(subject)
- t = int(time.time())
- now = ASN1.ASN1_UTCTIME()
- now.set_time(t)
- now_plus_year = ASN1.ASN1_UTCTIME()
- now_plus_year.set_time(t + 60 * 60 * 24 * 365)
- cert.set_not_before(now)
- cert.set_not_after(now_plus_year)
- issuer = X509.X509_Name()
- issuer.C = 'US'
- issuer.CN = 'minifi-listen'
- cert.set_issuer(issuer)
- cert.set_pubkey(pub_key)
- cert.sign(key, 'sha256')
-
- return cert, key
-
-
-def rsa_gen_key_callback():
- pass
-
-
-def gen_req():
- """
- Generate TLS certificate request for testing
- """
-
- logging.info('Generating test certificate request')
- key = EVP.PKey()
- req = X509.Request()
- rsa = RSA.gen_key(1024, 65537, rsa_gen_key_callback)
- key.assign_rsa(rsa)
- req.set_pubkey(key)
- name = req.get_subject()
- name.C = 'US'
- name.CN = 'minifi-listen'
- req.sign(key, 'sha256')
-
- return req, key
+from cryptography import x509
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey
+from cryptography.x509 import Certificate, ExtendedKeyUsage
+from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID
-def make_self_signed_cert(common_name):
- ca_key = crypto.PKey()
- ca_key.generate_key(crypto.TYPE_RSA, 2048)
+def gen_cert() -> tuple[Certificate, RSAPrivateKey]:
+ key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
- ca_cert = crypto.X509()
- ca_cert.set_version(2)
- ca_cert.set_serial_number(random.randint(50000000, 100000000))
+ subject = issuer = x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME,
u"US"), x509.NameAttribute(NameOID.COMMON_NAME, u"minifi-listen"), ])
- ca_subj = ca_cert.get_subject()
- ca_subj.commonName = common_name
+ cert =
x509.CertificateBuilder().subject_name(subject).issuer_name(issuer).public_key(key.public_key()).serial_number(
+
x509.random_serial_number()).not_valid_before(datetime.datetime.now(datetime.timezone.utc)).not_valid_after(
+ datetime.datetime.now(datetime.timezone.utc) +
datetime.timedelta(days=365)).sign(key, hashes.SHA256())
- ca_cert.add_extensions([
- crypto.X509Extension(b"subjectKeyIdentifier", False, b"hash",
subject=ca_cert),
- ])
-
- ca_cert.add_extensions([
- crypto.X509Extension(b"authorityKeyIdentifier", False,
b"keyid:always", issuer=ca_cert),
- ])
-
- ca_cert.add_extensions([
- crypto.X509Extension(b"basicConstraints", False, b"CA:TRUE"),
- crypto.X509Extension(b"keyUsage", False, b"keyCertSign, cRLSign"),
- ])
-
- ca_cert.set_issuer(ca_subj)
- ca_cert.set_pubkey(ca_key)
+ return cert, key
- ca_cert.gmtime_adj_notBefore(0)
- ca_cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60)
- ca_cert.sign(ca_key, 'sha256')
+def make_self_signed_cert(common_name: str) -> tuple[Certificate,
RSAPrivateKey]:
+ key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
- return ca_cert, ca_key
+ subject = issuer = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME,
common_name), ])
+ cert =
x509.CertificateBuilder().subject_name(subject).issuer_name(issuer).public_key(key.public_key()).serial_number(
+
x509.random_serial_number()).not_valid_before(datetime.datetime.now(datetime.timezone.utc)).not_valid_after(
+ datetime.datetime.now(datetime.timezone.utc) +
datetime.timedelta(days=3650)).add_extension(
+ x509.SubjectKeyIdentifier.from_public_key(key.public_key()),
critical=False, ).add_extension(x509.BasicConstraints(ca=True,
path_length=None),
Review Comment:
flake8 didnt like it,
i've reformatted the whole file with ruff instead how about this?
[ruff format
behave_framework/src/minifi_test_framework/core/ssl_utils.py](https://github.com/apache/nifi-minifi-cpp/pull/2133/commits/4bcc95b0cd95aa29b0a1bdc8d5f072e78e7e66ca)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
