Merge pull request #1823 from reaperhulk/x509-ski

add subjectkeyidentifier support
author: Alex Gaynor <alex.gaynor@gmail.com> 2015-04-11 09:21:33 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2015-04-11 09:21:33 -0400
commit: 412a273d45c00dd7a58fe64390fddad74d12f453 (patch)
tree: 289d73a81087fcacc0b3665ee85f177d05288e55 /src
parent: de2c10753787f3cc563cf2880454ddc5bd945b18 (diff)
parent: 6c7dd24f350435f6362021822dcd7e51902088ec (diff)
download: cryptography-412a273d45c00dd7a58fe64390fddad74d12f453.tar.gz
cryptography-412a273d45c00dd7a58fe64390fddad74d12f453.tar.bz2
cryptography-412a273d45c00dd7a58fe64390fddad74d12f453.zip
2 files changed, 36 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 6a7032ba..5d47c5ea 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -170,6 +170,8 @@ class _Certificate(object):
                 )
             elif oid == x509.OID_BASIC_CONSTRAINTS:
                 value = self._build_basic_constraints(ext)
+            elif oid == x509.OID_SUBJECT_KEY_IDENTIFIER:
+                value = self._build_subject_key_identifier(ext)
             elif oid == x509.OID_KEY_USAGE and critical:
                 # TODO: remove this obviously.
                 warnings.warn(
@@ -217,6 +219,19 @@ class _Certificate(object):
 
         return x509.BasicConstraints(ca, path_length)
 
+    def _build_subject_key_identifier(self, ext):
+        asn1_string = self._backend._lib.X509V3_EXT_d2i(ext)
+        assert asn1_string != self._backend._ffi.NULL
+        asn1_string = self._backend._ffi.cast(
+            "ASN1_OCTET_STRING *", asn1_string
+        )
+        asn1_string = self._backend._ffi.gc(
+            asn1_string, self._backend._lib.ASN1_OCTET_STRING_free
+        )
+        return x509.SubjectKeyIdentifier(
+            self._backend._ffi.buffer(asn1_string.data, asn1_string.length)[:]
+        )
+
 
 @utils.register_interface(x509.CertificateSigningRequest)
 class _CertificateSigningRequest(object):
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 697d7d6e..28d16853 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -346,6 +346,27 @@ class KeyUsage(object):
             return self._decipher_only
 
 
+class SubjectKeyIdentifier(object):
+    def __init__(self, digest):
+        self._digest = digest
+
+    digest = utils.read_only_property("_digest")
+
+    def __repr__(self):
+        return "<SubjectKeyIdentifier(digest={0!r})>".format(self.digest)
+
+    def __eq__(self, other):
+        if not isinstance(other, SubjectKeyIdentifier):
+            return NotImplemented
+
+        return (
+            self.digest == other.digest
+        )
+
+    def __ne__(self, other):
+        return not self == other
+
+
 OID_COMMON_NAME = ObjectIdentifier("2.5.4.3")
 OID_COUNTRY_NAME = ObjectIdentifier("2.5.4.6")
 OID_LOCALITY_NAME = ObjectIdentifier("2.5.4.7")
author	Alex Gaynor <alex.gaynor@gmail.com>	2015-04-11 09:21:33 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2015-04-11 09:21:33 -0400
commit	412a273d45c00dd7a58fe64390fddad74d12f453 (patch)
tree	289d73a81087fcacc0b3665ee85f177d05288e55 /src
parent	de2c10753787f3cc563cf2880454ddc5bd945b18 (diff)
parent	6c7dd24f350435f6362021822dcd7e51902088ec (diff)
download	cryptography-412a273d45c00dd7a58fe64390fddad74d12f453.tar.gz cryptography-412a273d45c00dd7a58fe64390fddad74d12f453.tar.bz2 cryptography-412a273d45c00dd7a58fe64390fddad74d12f453.zip