From b76bcf88bd272dcde26858c936a743a229aefd5a Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 24 Sep 2017 08:44:12 +0800
Subject: FreshestCRL extension support (#3937)

* add freshest CRL support

* add tests

* add changelog

* add tests for FreshestCRL generation
---
 src/cryptography/x509/__init__.py   |  7 ++++---
 src/cryptography/x509/extensions.py | 41 +++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 3 deletions(-)

(limited to 'src/cryptography/x509')

diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py
index e168adb7..224c9af6 100644
--- a/src/cryptography/x509/__init__.py
+++ b/src/cryptography/x509/__init__.py
@@ -19,9 +19,9 @@ from cryptography.x509.extensions import (
     AuthorityKeyIdentifier, BasicConstraints, CRLDistributionPoints,
     CRLNumber, CRLReason, CertificateIssuer, CertificatePolicies,
     DeltaCRLIndicator, DistributionPoint, DuplicateExtension, ExtendedKeyUsage,
-    Extension, ExtensionNotFound, ExtensionType, Extensions, GeneralNames,
-    InhibitAnyPolicy, InvalidityDate, IssuerAlternativeName, KeyUsage,
-    NameConstraints, NoticeReference, OCSPNoCheck, PolicyConstraints,
+    Extension, ExtensionNotFound, ExtensionType, Extensions, FreshestCRL,
+    GeneralNames, InhibitAnyPolicy, InvalidityDate, IssuerAlternativeName,
+    KeyUsage, NameConstraints, NoticeReference, OCSPNoCheck, PolicyConstraints,
     PolicyInformation, PrecertificateSignedCertificateTimestamps, ReasonFlags,
     SubjectAlternativeName, SubjectKeyIdentifier, TLSFeature, TLSFeatureType,
     UnrecognizedExtension, UserNotice
@@ -131,6 +131,7 @@ __all__ = [
     "Extensions",
     "Extension",
     "ExtendedKeyUsage",
+    "FreshestCRL",
     "TLSFeature",
     "TLSFeatureType",
     "OCSPNoCheck",
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index beb20bad..eb4b927f 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -444,6 +444,47 @@ class CRLDistributionPoints(object):
         return hash(tuple(self._distribution_points))
 
 
+@utils.register_interface(ExtensionType)
+class FreshestCRL(object):
+    oid = ExtensionOID.FRESHEST_CRL
+
+    def __init__(self, distribution_points):
+        distribution_points = list(distribution_points)
+        if not all(
+            isinstance(x, DistributionPoint) for x in distribution_points
+        ):
+            raise TypeError(
+                "distribution_points must be a list of DistributionPoint "
+                "objects"
+            )
+
+        self._distribution_points = distribution_points
+
+    def __iter__(self):
+        return iter(self._distribution_points)
+
+    def __len__(self):
+        return len(self._distribution_points)
+
+    def __repr__(self):
+        return "<FreshestCRL({0})>".format(self._distribution_points)
+
+    def __eq__(self, other):
+        if not isinstance(other, FreshestCRL):
+            return NotImplemented
+
+        return self._distribution_points == other._distribution_points
+
+    def __ne__(self, other):
+        return not self == other
+
+    def __getitem__(self, idx):
+        return self._distribution_points[idx]
+
+    def __hash__(self):
+        return hash(tuple(self._distribution_points))
+
+
 class DistributionPoint(object):
     def __init__(self, full_name, relative_name, reasons, crl_issuer):
         if full_name and relative_name:
-- 
cgit v1.2.3