Isolate encryption-related methods

Create an interface to the cryptography library so that internally
Zuul uses simple facade methods.  Unit test that interface, and
that it is compatible with OpenSSL.

Change-Id: I57da1081c8d43b0b44af5967d075908459c91687
diff --git a/tests/encrypt_secret.py b/tests/encrypt_secret.py
index ab45018..ab2c1df 100644
--- a/tests/encrypt_secret.py
+++ b/tests/encrypt_secret.py
@@ -15,10 +15,7 @@
 import sys
 import os
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives.asymmetric import padding
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives import hashes
+from zuul.lib import encryption
 
 FIXTURE_DIR = os.path.join(os.path.dirname(__file__),
                            'fixtures')
@@ -27,24 +24,10 @@
 def main():
     private_key_file = os.path.join(FIXTURE_DIR, 'private.pem')
     with open(private_key_file, "rb") as f:
-        private_key = serialization.load_pem_private_key(
-            f.read(),
-            password=None,
-            backend=default_backend()
-        )
+        private_key, public_key = \
+            encryption.deserialize_rsa_keypair(f.read())
 
-    # Extract public key from private
-    public_key = private_key.public_key()
-
-    # https://cryptography.io/en/stable/hazmat/primitives/asymmetric/rsa/#encryption
-    ciphertext = public_key.encrypt(
-        sys.argv[1],
-        padding.OAEP(
-            mgf=padding.MGF1(algorithm=hashes.SHA1()),
-            algorithm=hashes.SHA1(),
-            label=None
-        )
-    )
+    ciphertext = encryption.encrypt_pkcs1(sys.argv[1], public_key)
     print(ciphertext.encode('base64'))
 
 if __name__ == '__main__':