Migrate certbot-compatibility-test to cryptography (as much as possible (#10117)

Also fixed a typing error.
2026-06-04 22:33:00 -04:00 · 2025-01-06 16:39:16 -05:00 · 2025-01-06 16:39:16 -05:00 · 4004589cbf
commit 4004589cbf
parent 8f7c3756b3
2 changed files with 7 additions and 7 deletions
--- a/certbot-compatibility-test/certbot_compatibility_test/test_driver.py
+++ b/certbot-compatibility-test/certbot_compatibility_test/test_driver.py
@ -18,7 +18,7 @@ from typing import Optional
 from typing import Tuple
 from typing import Type

-from OpenSSL import crypto
+from cryptography.hazmat.primitives import serialization
 from urllib3.util import connection

 from acme import challenges
@ -147,10 +147,10 @@ def test_installer(args: argparse.Namespace, plugin: common.Proxy, config: str,

 def test_deploy_cert(plugin: common.Proxy, temp_dir: str, domains: List[str]) -> bool:
    """Tests deploy_cert returning True if the tests are successful"""
-    cert = crypto_util.gen_ss_cert(util.KEY, domains)
+    cert = crypto_util.gen_ss_cert(util.KEY, domains).to_cryptography()
    cert_path = os.path.join(temp_dir, "cert.pem")
    with open(cert_path, "wb") as f:
-        f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
+        f.write(cert.public_bytes(serialization.Encoding.PEM))

    for domain in domains:
        try:
@ -390,7 +390,7 @@ def _fake_dns_resolution(resolved_ip: str) -> Generator[None, None, None]:
    """Monkey patch urllib3 to make any hostname be resolved to the provided IP"""
    _original_create_connection = connection.create_connection

-    def _patched_create_connection(address: Tuple[str, str],
+    def _patched_create_connection(address: Tuple[str, int],
                                   *args: Any, **kwargs: Any) -> socket.socket:
        _, port = address
        return _original_create_connection((resolved_ip, port), *args, **kwargs)
--- a/certbot-compatibility-test/certbot_compatibility_test/validator.py
+++ b/certbot-compatibility-test/certbot_compatibility_test/validator.py
@ -6,7 +6,7 @@ from typing import Mapping
 from typing import Optional
 from typing import Union

-from OpenSSL import crypto
+from cryptography import x509
 import requests

 from acme import crypto_util
@ -21,7 +21,7 @@ _VALIDATION_TIMEOUT = 10
 class Validator:
    """Collection of functions to test a live webserver's configuration"""

-    def certificate(self, cert: crypto.X509, name: Union[str, bytes],
+    def certificate(self, cert: x509.Certificate, name: Union[str, bytes],
                    alt_host: Optional[str] = None, port: int = 443) -> bool:
        """Verifies the certificate presented at name is cert"""
        if alt_host is None:
@ -39,7 +39,7 @@ class Validator:
            logger.exception(str(error))
            return False

-        return presented_cert.digest("sha256") == cert.digest("sha256")
+        return presented_cert.to_cryptography() == cert

    def redirect(self, name: str, port: int = 80,
                 headers: Optional[Mapping[str, str]] = None) -> bool: