diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-12-02 23:43:20 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-12-02 23:44:10 -0600 |
| commit | c65393798c1b22cd39542d5ca10e0023b84537b2 (patch) | |
| tree | 4c085c722b3480dfc114ed6e6e8c78d9d3b90574 | |
| parent | 8b399b77b127870b82caddcaa1008d07fcca7ebf (diff) | |
| download | cryptography-c65393798c1b22cd39542d5ca10e0023b84537b2.tar.gz cryptography-c65393798c1b22cd39542d5ca10e0023b84537b2.tar.bz2 cryptography-c65393798c1b22cd39542d5ca10e0023b84537b2.zip | |
move _encode_name_constraints and _encode_general_subtrees
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 72 |
1 files changed, 36 insertions, 36 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 9811e3ba..8d9e5e0e 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -58,42 +58,6 @@ from cryptography.x509.oid import ExtensionOID, NameOID _MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"]) -def _encode_name_constraints(backend, name_constraints): - nc = backend._lib.NAME_CONSTRAINTS_new() - assert nc != backend._ffi.NULL - nc = backend._ffi.gc(nc, backend._lib.NAME_CONSTRAINTS_free) - permitted = _encode_general_subtree( - backend, name_constraints.permitted_subtrees - ) - nc.permittedSubtrees = permitted - excluded = _encode_general_subtree( - backend, name_constraints.excluded_subtrees - ) - nc.excludedSubtrees = excluded - - pp = backend._ffi.new('unsigned char **') - r = backend._lib.Cryptography_i2d_NAME_CONSTRAINTS(nc, pp) - assert r > 0 - pp = backend._ffi.gc( - pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0]) - ) - return pp, r - - -def _encode_general_subtree(backend, subtrees): - if subtrees is None: - return backend._ffi.NULL - else: - general_subtrees = backend._lib.sk_GENERAL_SUBTREE_new_null() - for name in subtrees: - gs = backend._lib.GENERAL_SUBTREE_new() - gs.base = _encode_general_name(backend, name) - res = backend._lib.sk_GENERAL_SUBTREE_push(general_subtrees, gs) - assert res >= 1 - - return general_subtrees - - def _encode_asn1_int(backend, x): """ Converts a python integer to an ASN1_INTEGER. The returned ASN1_INTEGER @@ -606,6 +570,42 @@ def _encode_crl_distribution_points(backend, crl_distribution_points): return pp, r +def _encode_name_constraints(backend, name_constraints): + nc = backend._lib.NAME_CONSTRAINTS_new() + assert nc != backend._ffi.NULL + nc = backend._ffi.gc(nc, backend._lib.NAME_CONSTRAINTS_free) + permitted = _encode_general_subtree( + backend, name_constraints.permitted_subtrees + ) + nc.permittedSubtrees = permitted + excluded = _encode_general_subtree( + backend, name_constraints.excluded_subtrees + ) + nc.excludedSubtrees = excluded + + pp = backend._ffi.new('unsigned char **') + r = backend._lib.Cryptography_i2d_NAME_CONSTRAINTS(nc, pp) + assert r > 0 + pp = backend._ffi.gc( + pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0]) + ) + return pp, r + + +def _encode_general_subtree(backend, subtrees): + if subtrees is None: + return backend._ffi.NULL + else: + general_subtrees = backend._lib.sk_GENERAL_SUBTREE_new_null() + for name in subtrees: + gs = backend._lib.GENERAL_SUBTREE_new() + gs.base = _encode_general_name(backend, name) + res = backend._lib.sk_GENERAL_SUBTREE_push(general_subtrees, gs) + assert res >= 1 + + return general_subtrees + + _EXTENSION_ENCODE_HANDLERS = { ExtensionOID.BASIC_CONSTRAINTS: _encode_basic_constraints, ExtensionOID.SUBJECT_KEY_IDENTIFIER: _encode_subject_key_identifier, |