diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-06-13 07:31:03 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-06-13 07:31:03 -0400 |
| commit | 926f8ac4927bdc9977f2d960c7def3f2927d1198 (patch) | |
| tree | 860e57b4a7e2652ce2a34ea49c74f20d9764183c | |
| parent | 9692dbc36d3c7eb4c40b6a50f17067e16a892f4d (diff) | |
| parent | 99125c9addfa68b21f736781390f56195ad2c2ac (diff) | |
| download | cryptography-926f8ac4927bdc9977f2d960c7def3f2927d1198.tar.gz cryptography-926f8ac4927bdc9977f2d960c7def3f2927d1198.tar.bz2 cryptography-926f8ac4927bdc9977f2d960c7def3f2927d1198.zip | |
Merge pull request #2017 from reaperhulk/issuer-alternative-name
issuer alternative name support
| -rw-r--r-- | docs/x509.rst | 22 | ||||
| -rw-r--r-- | src/cryptography/x509.py | 26 | ||||
| -rw-r--r-- | tests/test_x509_ext.py | 56 |
3 files changed, 104 insertions, 0 deletions
diff --git a/docs/x509.rst b/docs/x509.rst index bdcd60b1..ed7b8716 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -885,6 +885,23 @@ X.509 Extensions [u'www.cryptography.io', u'cryptography.io'] +.. class:: IssuerAlternativeName + + .. versionadded:: 1.0 + + Issuer alternative name is an X.509 extension that provides a list of + :ref:`general name <general_name_classes>` instances that provide a set + of identities for the certificate issuer. The object is iterable to + get every element. + + .. method:: get_values_for_type(type) + + :param type: A :class:`GeneralName` provider. This is one of the + :ref:`general name classes <general_name_classes>`. + + :returns: A list of values extracted from the matched general names. + + .. class:: AuthorityInformationAccess .. versionadded:: 0.9 @@ -1342,6 +1359,11 @@ Extension OIDs Corresponds to the dotted string ``"2.5.29.17"``. The identifier for the :class:`SubjectAlternativeName` extension type. +.. data:: OID_ISSUER_ALTERNATIVE_NAME + + Corresponds to the dotted string ``"2.5.29.18"``. The identifier for the + :class:`IssuerAlternativeName` extension type. + .. data:: OID_SUBJECT_KEY_IDENTIFIER Corresponds to the dotted string ``"2.5.29.14"``. The identifier for the diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 6592684b..87028be1 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1033,6 +1033,32 @@ class SubjectAlternativeName(object): return not self == other +class IssuerAlternativeName(object): + def __init__(self, general_names): + self._general_names = GeneralNames(general_names) + + def __iter__(self): + return iter(self._general_names) + + def __len__(self): + return len(self._general_names) + + def get_values_for_type(self, type): + return self._general_names.get_values_for_type(type) + + def __repr__(self): + return "<IssuerAlternativeName({0})>".format(self._general_names) + + def __eq__(self, other): + if not isinstance(other, IssuerAlternativeName): + return NotImplemented + + return self._general_names == other._general_names + + def __ne__(self, other): + return not self == other + + class AuthorityKeyIdentifier(object): def __init__(self, key_identifier, authority_cert_issuer, authority_cert_serial_number): diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index f16db337..1b575b6c 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1194,6 +1194,62 @@ class TestGeneralNames(object): assert gns != object() +class TestIssuerAlternativeName(object): + def test_get_values_for_type(self): + san = x509.IssuerAlternativeName( + [x509.DNSName(u"cryptography.io")] + ) + names = san.get_values_for_type(x509.DNSName) + assert names == [u"cryptography.io"] + + def test_iter_names(self): + san = x509.IssuerAlternativeName([ + x509.DNSName(u"cryptography.io"), + x509.DNSName(u"crypto.local"), + ]) + assert len(san) == 2 + assert list(san) == [ + x509.DNSName(u"cryptography.io"), + x509.DNSName(u"crypto.local"), + ] + + def test_invalid_general_names(self): + with pytest.raises(TypeError): + x509.IssuerAlternativeName( + [x509.DNSName(u"cryptography.io"), "invalid"] + ) + + def test_repr(self): + san = x509.IssuerAlternativeName( + [ + x509.DNSName(u"cryptography.io") + ] + ) + assert repr(san) == ( + "<IssuerAlternativeName(" + "<GeneralNames([<DNSName(value=cryptography.io)>])>)>" + ) + + def test_eq(self): + san = x509.IssuerAlternativeName( + [x509.DNSName(u"cryptography.io")] + ) + san2 = x509.IssuerAlternativeName( + [x509.DNSName(u"cryptography.io")] + ) + assert san == san2 + + def test_ne(self): + san = x509.IssuerAlternativeName( + [x509.DNSName(u"cryptography.io")] + ) + san2 = x509.IssuerAlternativeName( + [x509.RFC822Name(u"admin@cryptography.io")] + ) + assert san != san2 + assert san != object() + + class TestSubjectAlternativeName(object): def test_get_values_for_type(self): san = x509.SubjectAlternativeName( |