Merge pull request #2103 from alex/extra-unimplemented

Added a test with two extensions, and added key usage support to the frontend

2 files changed, 15 insertions, 0 deletions

diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 668bc2ef..afd28f20 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1472,6 +1472,8 @@ class CertificateSigningRequestBuilder(object):
             extension = Extension(
                 OID_SUBJECT_ALTERNATIVE_NAME, critical, extension
             )
+        elif isinstance(extension, KeyUsage):
+            extension = Extension(OID_KEY_USAGE, critical, extension)
         else:
             raise NotImplementedError('Unsupported X.509 extension.')
         # TODO: This is quadratic in the number of extensions
diff --git a/tests/test_x509.py b/tests/test_x509.py
index df315cc3..ac910392 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -866,6 +866,19 @@ class TestCertificateSigningRequestBuilder(object):
         ).add_extension(
             x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]),
             critical=False,
+        ).add_extension(
+            x509.KeyUsage(
+                digital_signature=True,
+                content_commitment=True,
+                key_encipherment=False,
+                data_encipherment=False,
+                key_agreement=False,
+                key_cert_sign=True,
+                crl_sign=False,
+                encipher_only=False,
+                decipher_only=False
+            ),
+            critical=False
         )
         with pytest.raises(NotImplementedError):
             builder.sign(private_key, hashes.SHA256(), backend)