diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-12-23 07:35:39 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-12-23 07:35:39 -0500 |
| commit | 7e5c96fcc3773960dcb2c44520954dc14db5d72d (patch) | |
| tree | 1ed96ca76ea67b24c6fe209f63f56d586a2ed107 | |
| parent | 53f45f92d8594ce97f6af99edba1ddca0c4fd838 (diff) | |
| parent | a9718fce3687a6a787ae8a03b989580dc68be260 (diff) | |
| download | cryptography-7e5c96fcc3773960dcb2c44520954dc14db5d72d.tar.gz cryptography-7e5c96fcc3773960dcb2c44520954dc14db5d72d.tar.bz2 cryptography-7e5c96fcc3773960dcb2c44520954dc14db5d72d.zip | |
Merge pull request #2552 from reaperhulk/crlnumber
CRLNumber needs to be a class for reasons
| -rw-r--r-- | CHANGELOG.rst | 2 | ||||
| -rw-r--r-- | docs/x509/reference.rst | 20 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 2 | ||||
| -rw-r--r-- | src/cryptography/x509/__init__.py | 3 | ||||
| -rw-r--r-- | src/cryptography/x509/extensions.py | 25 | ||||
| -rw-r--r-- | tests/test_x509.py | 2 | ||||
| -rw-r--r-- | tests/test_x509_ext.py | 19 |
7 files changed, 69 insertions, 4 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 3dc5249c..3e24633e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -29,7 +29,7 @@ Changelog * :class:`~cryptography.x509.AuthorityInformationAccess` * :class:`~cryptography.x509.AuthorityKeyIdentifier` - * ``CRLNumber`` + * :class:`~cryptography.x509.CRLNumber` * :class:`~cryptography.x509.IssuerAlternativeName` 1.1.2 - 2015-12-10 diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index dace8c1b..4f4ce4fa 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -1695,6 +1695,26 @@ X.509 Extensions :type: int +.. class:: CRLNumber(crl_number) + + .. versionadded:: 1.2 + + The CRL number is a CRL extension that conveys a monotonically increasing + sequence number for a given CRL scope and CRL issuer. This extension allows + users to easily determine when a particular CRL supersedes another CRL. + :rfc:`5280` requires that this extension be present in conforming CRLs. + + .. attribute:: oid + + :type: :class:`ObjectIdentifier` + + Returns + :attr:`~cryptography.x509.oid.ExtensionOID.CRL_NUMBER`. + + .. attribute:: crl_number + + :type: int + .. class:: CertificatePolicies(policies) .. versionadded:: 0.9 diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 45c0df50..7e89ac67 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -182,7 +182,7 @@ def _decode_ocsp_no_check(backend, ext): def _decode_crl_number(backend, ext): asn1_int = backend._ffi.cast("ASN1_INTEGER *", ext) asn1_int = backend._ffi.gc(asn1_int, backend._lib.ASN1_INTEGER_free) - return backend._asn1_integer_to_int(asn1_int) + return x509.CRLNumber(backend._asn1_integer_to_int(asn1_int)) class _X509ExtensionParser(object): diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py index 70e1d3da..c4434fd1 100644 --- a/src/cryptography/x509/__init__.py +++ b/src/cryptography/x509/__init__.py @@ -14,7 +14,7 @@ from cryptography.x509.base import ( from cryptography.x509.extensions import ( AccessDescription, AuthorityInformationAccess, AuthorityKeyIdentifier, BasicConstraints, CRLDistributionPoints, - CertificatePolicies, DistributionPoint, DuplicateExtension, + CRLNumber, CertificatePolicies, DistributionPoint, DuplicateExtension, ExtendedKeyUsage, Extension, ExtensionNotFound, ExtensionType, Extensions, GeneralNames, InhibitAnyPolicy, IssuerAlternativeName, KeyUsage, NameConstraints, NoticeReference, OCSPNoCheck, PolicyInformation, @@ -124,6 +124,7 @@ __all__ = [ "ExtendedKeyUsage", "OCSPNoCheck", "BasicConstraints", + "CRLNumber", "KeyUsage", "AuthorityInformationAccess", "AccessDescription", diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index 71ce8a15..15feb717 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -109,6 +109,31 @@ class Extensions(object): @utils.register_interface(ExtensionType) +class CRLNumber(object): + oid = ExtensionOID.CRL_NUMBER + + def __init__(self, crl_number): + if not isinstance(crl_number, six.integer_types): + raise TypeError("crl_number must be an integer") + + self._crl_number = crl_number + + def __eq__(self, other): + if not isinstance(other, CRLNumber): + return NotImplemented + + return self.crl_number == other.crl_number + + def __ne__(self, other): + return not self == other + + def __repr__(self): + return "<CRLNumber({0})>".format(self.crl_number) + + crl_number = utils.read_only_property("_crl_number") + + +@utils.register_interface(ExtensionType) class AuthorityKeyIdentifier(object): oid = ExtensionOID.AUTHORITY_KEY_IDENTIFIER diff --git a/tests/test_x509.py b/tests/test_x509.py index b39e1891..ae2746e3 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -192,7 +192,7 @@ class TestCertificateRevocationList(object): ian = crl.extensions.get_extension_for_class( x509.IssuerAlternativeName ) - assert crl_number.value == 1 + assert crl_number.value == x509.CRLNumber(1) assert crl_number.critical is False assert aki.value == x509.AuthorityKeyIdentifier( key_identifier=( diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 83145cd0..d9743c8e 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1488,6 +1488,25 @@ class TestRSAIssuerAlternativeNameExtension(object): ] +class TestCRLNumber(object): + def test_eq(self): + crl_number = x509.CRLNumber(15) + assert crl_number == x509.CRLNumber(15) + + def test_ne(self): + crl_number = x509.CRLNumber(15) + assert crl_number != x509.CRLNumber(14) + assert crl_number != object() + + def test_repr(self): + crl_number = x509.CRLNumber(15) + assert repr(crl_number) == "<CRLNumber(15)>" + + def test_invalid_number(self): + with pytest.raises(TypeError): + x509.CRLNumber("notanumber") + + class TestSubjectAlternativeName(object): def test_get_values_for_type(self): san = x509.SubjectAlternativeName( |