Move cert_sha1_fingerprint to to internal apache_util

2026-06-06 23:32:06 -04:00 · 2020-04-22 20:56:48 +03:00 · 2020-04-22 20:56:48 +03:00 · 839b86871d
commit 839b86871d
parent 1e5d13f212
4 changed files with 33 additions and 27 deletions
--- a/certbot-apache/certbot_apache/_internal/apache_util.py
+++ b/certbot-apache/certbot_apache/_internal/apache_util.py
@ -9,6 +9,8 @@ import struct
 import subprocess
 import time

+
+from cryptography.hazmat.primitives import hashes  # type: ignore
 import pkg_resources

 from certbot import crypto_util
@ -17,6 +19,7 @@ from certbot import util

 from certbot.compat import os

+
 logger = logging.getLogger(__name__)


@ -58,7 +61,7 @@ def certid_sha1(cert_path):
    :rtype: `str`

    """
-    return crypto_util.cert_sha1_fingerprint(cert_path)
+    return cert_sha1_fingerprint(cert_path)


 def safe_copy(source, target):
@ -338,6 +341,7 @@ def _get_runtime_cfg(command):

    return stdout

+
 def find_ssl_apache_conf(prefix):
    """
    Find a TLS Apache config file in the dedicated storage.
@ -348,3 +352,16 @@ def find_ssl_apache_conf(prefix):
    return pkg_resources.resource_filename(
        "certbot_apache",
        os.path.join("_internal", "tls_configs", "{0}-options-ssl-apache.conf".format(prefix)))
+
+
+def cert_sha1_fingerprint(cert_path):
+    """Read a certificate by its file path and return its SHA-1 fingerprint.
+
+    :param str cert_path: File path to the x509 certificate file
+
+    :returns: SHA-1 fingerprint of the certificate
+    :rtype: bytes
+    """
+
+    cert = crypto_util.load_cert(cert_path)
+    return cert.fingerprint(hashes.SHA1())
--- a/certbot-apache/tests/ocsp_prefetch_test.py
+++ b/certbot-apache/tests/ocsp_prefetch_test.py
@ -118,7 +118,7 @@ class OCSPPrefetchTest(util.ApacheTest):

        ver_path = "certbot_apache._internal.configurator.ApacheConfigurator.get_version"
        res_path = "certbot_apache._internal.prefetch_ocsp.OCSPPrefetchMixin.restart"
-        cry_path = "certbot.crypto_util.cert_sha1_fingerprint"
+        cry_path = "certbot_apache._internal.apache_util.cert_sha1_fingerprint"

        with mock.patch(ver_path) as mock_ver:
            mock_ver.return_value = (2, 4, 10)
@ -485,6 +485,20 @@ class OCSPPrefetchTest(util.ApacheTest):
        self.assertTrue(mock_rest.called)


+class CertFingerprintTest(unittest.TestCase):
+    """Tests for certbot_apache._internal.apache_util.cert_sha1_fingerprint"""
+
+    def test_cert_sha1_fingerprint(self):
+        import certbot.tests.util as test_util
+        from certbot_apache._internal.apache_util import cert_sha1_fingerprint
+
+        cert_path = test_util.vector_path('cert_512.pem')
+        self.assertEqual(
+            cert_sha1_fingerprint(cert_path),
+            b'\t\xf8\xce\x01E\r(\x84g\xc32j\xc0E~5\x199\xc7.'
+        )
+
+
 def _read_dbm(filename):

    """Helper method for reading the dbm using context manager.
--- a/certbot/certbot/crypto_util.py
+++ b/certbot/certbot/crypto_util.py
@ -13,7 +13,6 @@ import re
 from cryptography import x509  # type: ignore
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import hashes  # type: ignore
 from cryptography.hazmat.primitives.asymmetric.ec import ECDSA
 from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey
 from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
@ -237,19 +236,6 @@ def load_cert(cert_path):
    return x509.load_pem_x509_certificate(cert_pem, default_backend())


-def cert_sha1_fingerprint(cert_path):
-    """Read a certificate by its file path and return its SHA-1 fingerprint.
-
-    :param str cert_path: File path to the x509 certificate file
-
-    :returns: SHA-1 fingerprint of the certificate
-    :rtype: bytes
-    """
-
-    cert = load_cert(cert_path)
-    return cert.fingerprint(hashes.SHA1())
-
-
 def verify_renewable_cert_sig(renewable_cert):
    """Verifies the signature of a RenewableCert object.

--- a/certbot/tests/crypto_util_test.py
+++ b/certbot/tests/crypto_util_test.py
@ -410,16 +410,5 @@ class CertAndChainFromFullchainTest(unittest.TestCase):
        self.assertRaises(errors.Error, cert_and_chain_from_fullchain, cert_pem)


-class CertFingerprintTest(unittest.TestCase):
-    """Tests for certbot.crypto_util.cert_sha1_fingerprint"""
-
-    def test_cert_sha1_fingerprint(self):
-        from certbot.crypto_util import cert_sha1_fingerprint
-        self.assertEqual(
-            cert_sha1_fingerprint(CERT_PATH),
-            b'\t\xf8\xce\x01E\r(\x84g\xc32j\xc0E~5\x199\xc7.'
-        )
-
-
 if __name__ == '__main__':
    unittest.main()  # pragma: no cover