diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-16 20:49:51 +0530 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-07-16 11:19:51 -0400 |
commit | 5d187402775bcb7bc8b0da1d972d36bf9ad9dbff (patch) | |
tree | caaf2870b516da1bfe027ef6b1886bc1ed66f300 /src/cryptography/hazmat/backends/openssl/x509.py | |
parent | 2e85a925b49e566776585f35a7c0653510d84262 (diff) | |
download | cryptography-5d187402775bcb7bc8b0da1d972d36bf9ad9dbff.tar.gz cryptography-5d187402775bcb7bc8b0da1d972d36bf9ad9dbff.tar.bz2 cryptography-5d187402775bcb7bc8b0da1d972d36bf9ad9dbff.zip |
add crl.get_revoked_certificate method (#4331)
* add crl.get_revoked_certificate method
* lexicographic is the best ographic
* rename
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/x509.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 9637fc0e..b870eeb7 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -16,6 +16,9 @@ from cryptography.hazmat.backends.openssl.decode_asn1 import ( _REVOKED_CERTIFICATE_EXTENSION_PARSER, _asn1_integer_to_int, _asn1_string_to_bytes, _decode_x509_name, _obj2txt, _parse_asn1_time ) +from cryptography.hazmat.backends.openssl.encode_asn1 import ( + _encode_asn1_int_gc +) from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa @@ -235,6 +238,22 @@ class _CertificateRevocationList(object): h.update(der) return h.finalize() + def get_revoked_certificate_by_serial_number(self, serial_number): + revoked = self._backend._ffi.new("X509_REVOKED **") + asn1_int = _encode_asn1_int_gc(self._backend, serial_number) + res = self._backend._lib.X509_CRL_get0_by_serial( + self._x509_crl, revoked, asn1_int + ) + if res == 0: + return None + else: + self._backend.openssl_assert( + revoked[0] != self._backend._ffi.NULL + ) + return _RevokedCertificate( + self._backend, self._x509_crl, revoked[0] + ) + @property def signature_hash_algorithm(self): oid = self.signature_algorithm_oid |