diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-08 06:50:39 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-08 06:51:37 -0500 |
| commit | 93decfb272864655f0b88a119cf8d2986bfd656e (patch) | |
| tree | 9f592539e7888a50b2f9ba5b19c5a9f856f935b3 /src | |
| parent | bdf425cb183764c23aa7551909369aa8a57a2d65 (diff) | |
| download | cryptography-93decfb272864655f0b88a119cf8d2986bfd656e.tar.gz cryptography-93decfb272864655f0b88a119cf8d2986bfd656e.tar.bz2 cryptography-93decfb272864655f0b88a119cf8d2986bfd656e.zip | |
switch ReasonFlags bit string setting to use a dict mapping
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 58 |
1 files changed, 18 insertions, 40 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 941f8c38..393ddfc8 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -359,6 +359,18 @@ def _encode_extended_key_usage(backend, extended_key_usage): return pp, r +_CRLREASONFLAGS = { + x509.ReasonFlags.key_compromise: 1, + x509.ReasonFlags.ca_compromise: 2, + x509.ReasonFlags.affiliation_changed: 3, + x509.ReasonFlags.superseded: 4, + x509.ReasonFlags.cessation_of_operation: 5, + x509.ReasonFlags.certificate_hold: 6, + x509.ReasonFlags.privilege_withdrawn: 7, + x509.ReasonFlags.aa_compromise: 8, +} + + def _encode_crl_distribution_points(backend, crl_distribution_points): cdp = backend._lib.sk_DIST_POINT_new_null() cdp = backend._ffi.gc(cdp, backend._lib.sk_DIST_POINT_free) @@ -367,48 +379,14 @@ def _encode_crl_distribution_points(backend, crl_distribution_points): assert dp != backend._ffi.NULL if point.reasons: - # TODO: determining reason flag is quadratic bitmask = backend._lib.ASN1_BIT_STRING_new() - res = backend._lib.ASN1_BIT_STRING_set_bit( - bitmask, 1, x509.ReasonFlags.key_compromise in point.reasons - ) - assert res == 1 - res = backend._lib.ASN1_BIT_STRING_set_bit( - bitmask, 2, x509.ReasonFlags.ca_compromise in point.reasons - ) - assert res == 1 - res = backend._lib.ASN1_BIT_STRING_set_bit( - bitmask, - 3, - x509.ReasonFlags.affiliation_changed in point.reasons - ) - assert res == 1 - res = backend._lib.ASN1_BIT_STRING_set_bit( - bitmask, 4, x509.ReasonFlags.superseded in point.reasons - ) - assert res == 1 - res = backend._lib.ASN1_BIT_STRING_set_bit( - bitmask, - 5, - x509.ReasonFlags.cessation_of_operation in point.reasons - ) - assert res == 1 - res = backend._lib.ASN1_BIT_STRING_set_bit( - bitmask, 6, x509.ReasonFlags.certificate_hold in point.reasons - ) - assert res == 1 - res = backend._lib.ASN1_BIT_STRING_set_bit( - bitmask, - 7, - x509.ReasonFlags.privilege_withdrawn in point.reasons - ) - assert res == 1 - res = backend._lib.ASN1_BIT_STRING_set_bit( - bitmask, 8, x509.ReasonFlags.aa_compromise in point.reasons - ) - assert res == 1 - + assert bitmask != backend._ffi.NULL dp.reasons = bitmask + for reason in point.reasons: + res = backend._lib.ASN1_BIT_STRING_set_bit( + bitmask, _CRLREASONFLAGS[reason], 1 + ) + assert res == 1 if point.full_name: dpn = backend._lib.DIST_POINT_NAME_new() |