diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-10-07 03:37:13 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-10-06 15:37:13 -0400 |
| commit | 55c33109b92b0e8ec38e4d19f3f2c6c203a0694e (patch) | |
| tree | c071f5e7e1e395af5605609145a92f19aae4e964 /src/cryptography/x509 | |
| parent | cdb7a2d7262ee016d39a7a59d29fc0437f7422e6 (diff) | |
| download | cryptography-55c33109b92b0e8ec38e4d19f3f2c6c203a0694e.tar.gz cryptography-55c33109b92b0e8ec38e4d19f3f2c6c203a0694e.tar.bz2 cryptography-55c33109b92b0e8ec38e4d19f3f2c6c203a0694e.zip | |
consolidate the duplicate extension check (#4483)
Diffstat (limited to 'src/cryptography/x509')
| -rw-r--r-- | src/cryptography/x509/base.py | 30 |
1 files changed, 11 insertions, 19 deletions
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index 0b353008..a3b334a1 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -20,6 +20,13 @@ from cryptography.x509.name import Name _UNIX_EPOCH = datetime.datetime(1970, 1, 1) +def _reject_duplicate_extension(extension, extensions): + # This is quadratic in the number of extensions + for e in extensions: + if e.oid == extension.oid: + raise ValueError('This extension has already been set.') + + def _convert_to_naive_utc_time(time): """Normalizes a datetime to a naive datetime in UTC. @@ -406,11 +413,8 @@ class CertificateSigningRequestBuilder(object): raise TypeError("extension must be an ExtensionType") extension = Extension(extension.oid, critical, extension) + _reject_duplicate_extension(extension, self._extensions) - # TODO: This is quadratic in the number of extensions - for e in self._extensions: - if e.oid == extension.oid: - raise ValueError('This extension has already been set.') return CertificateSigningRequestBuilder( self._subject_name, self._extensions + [extension] ) @@ -558,11 +562,7 @@ class CertificateBuilder(object): raise TypeError("extension must be an ExtensionType") extension = Extension(extension.oid, critical, extension) - - # TODO: This is quadratic in the number of extensions - for e in self._extensions: - if e.oid == extension.oid: - raise ValueError('This extension has already been set.') + _reject_duplicate_extension(extension, self._extensions) return CertificateBuilder( self._issuer_name, self._subject_name, @@ -658,11 +658,7 @@ class CertificateRevocationListBuilder(object): raise TypeError("extension must be an ExtensionType") extension = Extension(extension.oid, critical, extension) - - # TODO: This is quadratic in the number of extensions - for e in self._extensions: - if e.oid == extension.oid: - raise ValueError('This extension has already been set.') + _reject_duplicate_extension(extension, self._extensions) return CertificateRevocationListBuilder( self._issuer_name, self._last_update, self._next_update, self._extensions + [extension], self._revoked_certificates @@ -736,11 +732,7 @@ class RevokedCertificateBuilder(object): raise TypeError("extension must be an ExtensionType") extension = Extension(extension.oid, critical, extension) - - # TODO: This is quadratic in the number of extensions - for e in self._extensions: - if e.oid == extension.oid: - raise ValueError('This extension has already been set.') + _reject_duplicate_extension(extension, self._extensions) return RevokedCertificateBuilder( self._serial_number, self._revocation_date, self._extensions + [extension] |