diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2016-02-26 21:01:29 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-02-26 21:01:29 -0500 |
| commit | c96ef9d5cd028e13186787d484bd7abba6f67906 (patch) | |
| tree | 0b94ca1cd30b9b13344be05c6189a3fcd81149db /src/cryptography/x509 | |
| parent | cce46b1c88d1d0aed63540a7bce309863c0f4f41 (diff) | |
| parent | 648c0fb14b762bd79243644ad5fcde586b94e098 (diff) | |
| download | cryptography-c96ef9d5cd028e13186787d484bd7abba6f67906.tar.gz cryptography-c96ef9d5cd028e13186787d484bd7abba6f67906.tar.bz2 cryptography-c96ef9d5cd028e13186787d484bd7abba6f67906.zip | |
Merge pull request #2733 from reaperhulk/policy-constraints
add policy constraints class
Diffstat (limited to 'src/cryptography/x509')
| -rw-r--r-- | src/cryptography/x509/__init__.py | 8 | ||||
| -rw-r--r-- | src/cryptography/x509/extensions.py | 56 |
2 files changed, 61 insertions, 3 deletions
diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py index 787f1a60..8d7bad27 100644 --- a/src/cryptography/x509/__init__.py +++ b/src/cryptography/x509/__init__.py @@ -20,9 +20,10 @@ from cryptography.x509.extensions import ( DistributionPoint, DuplicateExtension, ExtendedKeyUsage, Extension, ExtensionNotFound, ExtensionType, Extensions, GeneralNames, InhibitAnyPolicy, InvalidityDate, IssuerAlternativeName, KeyUsage, - NameConstraints, NoticeReference, OCSPNoCheck, PolicyInformation, - ReasonFlags, SubjectAlternativeName, SubjectKeyIdentifier, - UnrecognizedExtension, UnsupportedExtension, UserNotice + NameConstraints, NoticeReference, OCSPNoCheck, PolicyConstraints, + PolicyInformation, ReasonFlags, SubjectAlternativeName, + SubjectKeyIdentifier, UnrecognizedExtension, UnsupportedExtension, + UserNotice ) from cryptography.x509.general_name import ( DNSName, DirectoryName, GeneralName, IPAddress, OtherName, RFC822Name, @@ -178,4 +179,5 @@ __all__ = [ "CRLReason", "InvalidityDate", "UnrecognizedExtension", + "PolicyConstraints", ] diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index db55789e..0aa67212 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -490,6 +490,62 @@ class ReasonFlags(Enum): @utils.register_interface(ExtensionType) +class PolicyConstraints(object): + oid = ExtensionOID.POLICY_CONSTRAINTS + + def __init__(self, require_explicit_policy, inhibit_policy_mapping): + if require_explicit_policy is not None and not isinstance( + require_explicit_policy, six.integer_types + ): + raise TypeError( + "require_explicit_policy must be a non-negative integer or " + "None" + ) + + if inhibit_policy_mapping is not None and not isinstance( + inhibit_policy_mapping, six.integer_types + ): + raise TypeError( + "inhibit_policy_mapping must be a non-negative integer or None" + ) + + if inhibit_policy_mapping is None and require_explicit_policy is None: + raise ValueError( + "At least one of require_explicit_policy and " + "inhibit_policy_mapping must not be None" + ) + + self._require_explicit_policy = require_explicit_policy + self._inhibit_policy_mapping = inhibit_policy_mapping + + def __repr__(self): + return ( + u"<PolicyConstraints(require_explicit_policy={0.require_explicit" + u"_policy}, inhibit_policy_mapping={0.inhibit_policy_" + u"mapping})>".format(self) + ) + + def __eq__(self, other): + if not isinstance(other, PolicyConstraints): + return NotImplemented + + return ( + self.require_explicit_policy == other.require_explicit_policy and + self.inhibit_policy_mapping == other.inhibit_policy_mapping + ) + + def __ne__(self, other): + return not self == other + + require_explicit_policy = utils.read_only_property( + "_require_explicit_policy" + ) + inhibit_policy_mapping = utils.read_only_property( + "_inhibit_policy_mapping" + ) + + +@utils.register_interface(ExtensionType) class CertificatePolicies(object): oid = ExtensionOID.CERTIFICATE_POLICIES |