diff options
author | Marko Kreen <markokr@gmail.com> | 2019-09-09 02:44:02 +0300 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2019-09-09 07:44:02 +0800 |
commit | f7c77712d6611dc72cb2ef6fb1fe72fee4ab88de (patch) | |
tree | 7ff0841b1c2e9b29737874ff76c215de50ce0ee0 /src/cryptography/x509/ocsp.py | |
parent | c918fef88670fc46433d3edd91957231c654ff05 (diff) | |
download | cryptography-f7c77712d6611dc72cb2ef6fb1fe72fee4ab88de.tar.gz cryptography-f7c77712d6611dc72cb2ef6fb1fe72fee4ab88de.tar.bz2 cryptography-f7c77712d6611dc72cb2ef6fb1fe72fee4ab88de.zip |
Finish ed25519 and ed448 support in x509 module (#4972)
* Support ed25519 in csr/crl creation
* Tests for ed25519/x509
* Support ed448 in crt/csr/crl creation
* Tests for ed448/x509
* Support ed25519/ed448 in OCSPResponseBuilder
* Tests for eddsa in OCSPResponseBuilder
* Builder check missing in create_x509_csr
* Documentation update for ed25519+ed448 in x509
Diffstat (limited to 'src/cryptography/x509/ocsp.py')
-rw-r--r-- | src/cryptography/x509/ocsp.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py index aae9b626..b15063d1 100644 --- a/src/cryptography/x509/ocsp.py +++ b/src/cryptography/x509/ocsp.py @@ -12,6 +12,7 @@ import six from cryptography import x509 from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import ed25519, ed448 from cryptography.x509.base import ( _EARLIEST_UTC_TIME, _convert_to_naive_utc_time, _reject_duplicate_extension ) @@ -241,7 +242,13 @@ class OCSPResponseBuilder(object): if self._responder_id is None: raise ValueError("You must add a responder_id before signing") - if not isinstance(algorithm, hashes.HashAlgorithm): + if isinstance(private_key, + (ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey)): + if algorithm is not None: + raise ValueError( + "algorithm must be None when signing via ed25519 or ed448" + ) + elif not isinstance(algorithm, hashes.HashAlgorithm): raise TypeError("Algorithm must be a registered hash algorithm.") return backend.create_ocsp_response( |