diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-07-03 08:29:14 -0500 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-07-03 08:29:14 -0500 |
commit | 82db219902113c954a0eeb049f9423b8ce8a49f3 (patch) | |
tree | 5bdab7833682e2ac6fb0b6392a22fc986a6ffda7 | |
parent | 23cafe861f4da2d7261a41bc57801b226e6b8c1b (diff) | |
parent | 887a40805a29b93907b48c9d27c38b4460f2e244 (diff) | |
download | cryptography-82db219902113c954a0eeb049f9423b8ce8a49f3.tar.gz cryptography-82db219902113c954a0eeb049f9423b8ce8a49f3.tar.bz2 cryptography-82db219902113c954a0eeb049f9423b8ce8a49f3.zip |
Merge pull request #2103 from alex/extra-unimplemented
Added a test with two extensions, and added key usage support to the frontend
-rw-r--r-- | src/cryptography/x509.py | 2 | ||||
-rw-r--r-- | tests/test_x509.py | 13 |
2 files changed, 15 insertions, 0 deletions
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 668bc2ef..afd28f20 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1472,6 +1472,8 @@ class CertificateSigningRequestBuilder(object): extension = Extension( OID_SUBJECT_ALTERNATIVE_NAME, critical, extension ) + elif isinstance(extension, KeyUsage): + extension = Extension(OID_KEY_USAGE, critical, extension) else: raise NotImplementedError('Unsupported X.509 extension.') # TODO: This is quadratic in the number of extensions diff --git a/tests/test_x509.py b/tests/test_x509.py index df315cc3..ac910392 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -866,6 +866,19 @@ class TestCertificateSigningRequestBuilder(object): ).add_extension( x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]), critical=False, + ).add_extension( + x509.KeyUsage( + digital_signature=True, + content_commitment=True, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=True, + crl_sign=False, + encipher_only=False, + decipher_only=False + ), + critical=False ) with pytest.raises(NotImplementedError): builder.sign(private_key, hashes.SHA256(), backend) |