diff options
author | James E. Blair <jeblair@redhat.com> | 2017-03-17 10:59:37 -0700 |
---|---|---|
committer | James E. Blair <jeblair@redhat.com> | 2017-03-29 12:44:44 -0700 |
commit | bf1a4f21924a5dff5fbafc061702c009e1078dd8 (patch) | |
tree | a16bbfd9ac926f77c6067241e4968d9d76b8f3a5 /tests/encrypt_secret.py | |
parent | c49e5e713f2c3ae2c86f27c57e5b657921b17968 (diff) | |
download | zuul-bf1a4f21924a5dff5fbafc061702c009e1078dd8.tar.gz |
Isolate encryption-related methods
Create an interface to the cryptography library so that internally
Zuul uses simple facade methods. Unit test that interface, and
that it is compatible with OpenSSL.
Change-Id: I57da1081c8d43b0b44af5967d075908459c91687
Diffstat (limited to 'tests/encrypt_secret.py')
-rw-r--r-- | tests/encrypt_secret.py | 27 |
1 files changed, 5 insertions, 22 deletions
diff --git a/tests/encrypt_secret.py b/tests/encrypt_secret.py index ab45018d5..ab2c1df6c 100644 --- a/tests/encrypt_secret.py +++ b/tests/encrypt_secret.py @@ -15,10 +15,7 @@ import sys import os -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives.asymmetric import padding -from cryptography.hazmat.primitives import serialization -from cryptography.hazmat.primitives import hashes +from zuul.lib import encryption FIXTURE_DIR = os.path.join(os.path.dirname(__file__), 'fixtures') @@ -27,24 +24,10 @@ FIXTURE_DIR = os.path.join(os.path.dirname(__file__), def main(): private_key_file = os.path.join(FIXTURE_DIR, 'private.pem') with open(private_key_file, "rb") as f: - private_key = serialization.load_pem_private_key( - f.read(), - password=None, - backend=default_backend() - ) - - # Extract public key from private - public_key = private_key.public_key() - - # https://cryptography.io/en/stable/hazmat/primitives/asymmetric/rsa/#encryption - ciphertext = public_key.encrypt( - sys.argv[1], - padding.OAEP( - mgf=padding.MGF1(algorithm=hashes.SHA1()), - algorithm=hashes.SHA1(), - label=None - ) - ) + private_key, public_key = \ + encryption.deserialize_rsa_keypair(f.read()) + + ciphertext = encryption.encrypt_pkcs1(sys.argv[1], public_key) print(ciphertext.encode('base64')) if __name__ == '__main__': |