diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-04-30 18:41:17 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-04-30 18:41:17 -0400 |
| commit | 12953e390654ae5ea0195558a4f78cf2ae01cb8f (patch) | |
| tree | d1542ec6c10e9ca7f37eaeb88ae4362632a3b77f | |
| parent | dd1d15143e2690d1aba58dc1dab8282e40706ba5 (diff) | |
| parent | 8bbdc6f5af5a47bd2b069314c1d3d87da1da1874 (diff) | |
| download | cryptography-12953e390654ae5ea0195558a4f78cf2ae01cb8f.tar.gz cryptography-12953e390654ae5ea0195558a4f78cf2ae01cb8f.tar.bz2 cryptography-12953e390654ae5ea0195558a4f78cf2ae01cb8f.zip | |
Merge pull request #1883 from reaperhulk/fix-1866
add support for equality testing to x509.Certificate
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 10 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/x509.py | 1 | ||||
| -rw-r--r-- | src/cryptography/x509.py | 12 | ||||
| -rw-r--r-- | tests/test_x509.py | 30 |
4 files changed, 53 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 5558f140..7f633c76 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -123,6 +123,16 @@ class _Certificate(object): self._backend = backend self._x509 = x509 + def __eq__(self, other): + if not isinstance(other, x509.Certificate): + return NotImplemented + + res = self._backend._lib.X509_cmp(self._x509, other._x509) + return res == 0 + + def __ne__(self, other): + return not self == other + def fingerprint(self, algorithm): h = hashes.Hash(algorithm, self._backend) bio = self._backend._create_mem_bio() diff --git a/src/cryptography/hazmat/bindings/openssl/x509.py b/src/cryptography/hazmat/bindings/openssl/x509.py index fd7a12a2..a1fb7ffb 100644 --- a/src/cryptography/hazmat/bindings/openssl/x509.py +++ b/src/cryptography/hazmat/bindings/openssl/x509.py @@ -115,6 +115,7 @@ FUNCTIONS = """ X509 *X509_new(void); void X509_free(X509 *); X509 *X509_dup(X509 *); +int X509_cmp(const X509 *, const X509 *); int X509_print_ex(BIO *, X509 *, unsigned long, unsigned long); diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index dd6ea926..b22ac8be 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -730,6 +730,18 @@ class Certificate(object): in the certificate. """ + @abc.abstractmethod + def __eq__(self, other): + """ + Checks equality. + """ + + @abc.abstractmethod + def __ne__(self, other): + """ + Checks not equal. + """ + @six.add_metaclass(abc.ABCMeta) class CertificateSigningRequest(object): diff --git a/tests/test_x509.py b/tests/test_x509.py index df291de2..8561f1f4 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -313,6 +313,36 @@ class TestRSACertificate(object): assert exc.value.parsed_version == 7 + def test_eq(self, backend): + cert = _load_cert( + os.path.join("x509", "custom", "post2000utctime.pem"), + x509.load_pem_x509_certificate, + backend + ) + cert2 = _load_cert( + os.path.join("x509", "custom", "post2000utctime.pem"), + x509.load_pem_x509_certificate, + backend + ) + assert cert == cert2 + + def test_ne(self, backend): + cert = _load_cert( + os.path.join("x509", "custom", "post2000utctime.pem"), + x509.load_pem_x509_certificate, + backend + ) + cert2 = _load_cert( + os.path.join( + "x509", "PKITS_data", "certs", + "ValidGeneralizedTimenotAfterDateTest8EE.crt" + ), + x509.load_der_x509_certificate, + backend + ) + assert cert != cert2 + assert cert != object() + def test_version_1_cert(self, backend): cert = _load_cert( os.path.join("x509", "v1_cert.pem"), |