From 32bbfe0f27c284d6c268f2998e64f62083465faf Mon Sep 17 00:00:00 2001 From: Erik Trauschke Date: Wed, 21 Oct 2015 08:04:55 -0700 Subject: remove convenience functions for revoked extensions fix docs regarding CRL PEM format --- docs/x509/reference.rst | 3 +-- src/cryptography/hazmat/backends/openssl/x509.py | 30 ------------------------ tests/test_x509.py | 21 +++++++++-------- 3 files changed, 12 insertions(+), 42 deletions(-) diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 5ab6caa5..fe52727c 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -153,8 +153,7 @@ Loading Certificate Revocation Lists Deserialize a certificate revocation list (CRL) from PEM encoded data. PEM requests are base64 decoded and have delimiters that look like - ``-----BEGIN X509 CRL-----``. This format is also known as - PKCS#10. + ``-----BEGIN X509 CRL-----``. :param bytes data: The PEM encoded request data. diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 1c0f87fd..2790ec7d 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -744,36 +744,6 @@ class _RevokedCertificate(object): self._backend, self._x509_revoked ) - def get_reason(self): - """ - Returns the CRLReason extension if it exists. - """ - try: - return self.extensions.get_extension_for_oid( - x509.OID_CRL_REASON).value - except x509.ExtensionNotFound: - return None - - def get_invalidity_date(self): - """ - Returns the InvalidityDate extension if it exists. - """ - try: - return self.extensions.get_extension_for_oid( - x509.OID_INVALIDITY_DATE).value - except x509.ExtensionNotFound: - return None - - def get_certificate_issuer(self): - """ - Returns the CertificateIssuer extension if it exists. - """ - try: - return self.extensions.get_extension_for_oid( - x509.OID_CERTIFICATE_ISSUER).value - except x509.ExtensionNotFound: - return None - @utils.register_interface(x509.CertificateRevocationList) class _CertificateRevocationList(object): diff --git a/tests/test_x509.py b/tests/test_x509.py index b9304c37..9567b649 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -219,10 +219,8 @@ class TestRevokedCertificate(object): assert len(rev0.extensions) == 0 with pytest.raises(x509.ExtensionNotFound): rev0.extensions.get_extension_for_oid(x509.OID_CRL_REASON) - - assert rev0.get_invalidity_date() is None - assert rev0.get_certificate_issuer() is None - assert rev0.get_reason() is None + rev0.extensions.get_extension_for_oid(x509.OID_CERTIFICATE_ISSUER) + rev0.extensions.get_extension_for_oid(x509.OID_INVALIDITY_DATE) # Test manual retrieval of extension values. rev1 = crl[1] @@ -241,14 +239,17 @@ class TestRevokedCertificate(object): assert isinstance(date, datetime.datetime) assert date.isoformat() == "2015-01-01T00:00:00" - # Test convenience function. - assert rev1.get_invalidity_date().isoformat() == "2015-01-01T00:00:00" - assert rev1.get_certificate_issuer() == exp_issuer - # Check if all reason flags can be found in the CRL. flags = set(x509.ReasonFlags) - for r in crl: - flags.discard(r.get_reason()) + for rev in crl: + try: + r = rev.extensions.get_extension_for_oid(x509.OID_CRL_REASON) + except x509.ExtensionNotFound: + # Not all revoked certs have a reason extension. + pass + else: + flags.discard(r.value) + assert len(flags) == 0 def test_duplicate_entry_ext(self, backend): -- cgit v1.2.3