diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-10-07 10:10:09 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-10-06 22:10:09 -0400 |
commit | 0c07580a216d4b75bfdca22254803cf48c602079 (patch) | |
tree | e308db30d277fab192a5b647037b12cb901c2129 /src/cryptography/x509 | |
parent | ff7e3971d8d1106a4377f6c8d436c4005c883066 (diff) | |
download | cryptography-0c07580a216d4b75bfdca22254803cf48c602079.tar.gz cryptography-0c07580a216d4b75bfdca22254803cf48c602079.tar.bz2 cryptography-0c07580a216d4b75bfdca22254803cf48c602079.zip |
support extensions in the OCSP request builder (#4481)
* support extensions in the OCSP request builder
* cover a missed branch
* refactor to use new func
* review feedback
Diffstat (limited to 'src/cryptography/x509')
-rw-r--r-- | src/cryptography/x509/ocsp.py | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py index fbf11336..c89f12ce 100644 --- a/src/cryptography/x509/ocsp.py +++ b/src/cryptography/x509/ocsp.py @@ -9,8 +9,9 @@ from enum import Enum import six +from cryptography import x509 from cryptography.hazmat.primitives import hashes -from cryptography.x509 import Certificate +from cryptography.x509.base import _reject_duplicate_extension _OIDS_TO_HASH = { @@ -54,8 +55,9 @@ def load_der_ocsp_response(data): class OCSPRequestBuilder(object): - def __init__(self, request=None): + def __init__(self, request=None, extensions=[]): self._request = request + self._extensions = extensions def add_certificate(self, cert, issuer, algorithm): if self._request is not None: @@ -70,12 +72,23 @@ class OCSPRequestBuilder(object): "Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512" ) if ( - not isinstance(cert, Certificate) or - not isinstance(issuer, Certificate) + not isinstance(cert, x509.Certificate) or + not isinstance(issuer, x509.Certificate) ): raise TypeError("cert and issuer must be a Certificate") - return OCSPRequestBuilder((cert, issuer, algorithm)) + return OCSPRequestBuilder((cert, issuer, algorithm), self._extensions) + + def add_extension(self, extension, critical): + if not isinstance(extension, x509.ExtensionType): + raise TypeError("extension must be an ExtensionType") + + extension = x509.Extension(extension.oid, critical, extension) + _reject_duplicate_extension(extension, self._extensions) + + return OCSPRequestBuilder( + self._request, self._extensions + [extension] + ) def build(self): from cryptography.hazmat.backends.openssl.backend import backend |