From 49bb7565120b181752dc2574cd0e3660393c707c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 25 Dec 2015 16:17:40 -0600 Subject: start switching the CRL entry extensions to be full-fledged classes first up: CertificateIssuer --- src/cryptography/hazmat/backends/openssl/x509.py | 2 +- src/cryptography/x509/__init__.py | 8 +++--- src/cryptography/x509/extensions.py | 33 +++++++++++++++++++++++- 3 files changed, 38 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index f3286b05..05390809 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -743,7 +743,7 @@ def _decode_cert_issuer(backend, ext): CRLEntryExtensionOID.CERTIFICATE_ISSUER)) gns = backend._ffi.gc(gns, backend._lib.GENERAL_NAMES_free) - return x509.GeneralNames(_decode_general_names(backend, gns)) + return x509.CertificateIssuer(_decode_general_names(backend, gns)) @utils.register_interface(x509.RevokedCertificate) diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py index 32543e67..9946daa0 100644 --- a/src/cryptography/x509/__init__.py +++ b/src/cryptography/x509/__init__.py @@ -15,9 +15,10 @@ from cryptography.x509.base import ( from cryptography.x509.extensions import ( AccessDescription, AuthorityInformationAccess, AuthorityKeyIdentifier, BasicConstraints, CRLDistributionPoints, - CRLNumber, CertificatePolicies, DistributionPoint, DuplicateExtension, - ExtendedKeyUsage, Extension, ExtensionNotFound, ExtensionType, Extensions, - GeneralNames, InhibitAnyPolicy, IssuerAlternativeName, KeyUsage, + CRLNumber, CertificateIssuer, CertificatePolicies, + DistributionPoint, DuplicateExtension, ExtendedKeyUsage, Extension, + ExtensionNotFound, ExtensionType, Extensions, GeneralNames, + InhibitAnyPolicy, IssuerAlternativeName, KeyUsage, NameConstraints, NoticeReference, OCSPNoCheck, PolicyInformation, ReasonFlags, SubjectAlternativeName, SubjectKeyIdentifier, UnsupportedExtension, UserNotice @@ -165,4 +166,5 @@ __all__ = [ "OID_OCSP", "_GENERAL_NAMES", "CRLExtensionOID", + "CertificateIssuer", ] diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index 15feb717..8eb1d34e 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -18,7 +18,9 @@ from cryptography import utils from cryptography.hazmat.primitives import constant_time, serialization from cryptography.x509.general_name import GeneralName, IPAddress, OtherName from cryptography.x509.name import Name -from cryptography.x509.oid import ExtensionOID, ObjectIdentifier +from cryptography.x509.oid import ( + CRLEntryExtensionOID, ExtensionOID, ObjectIdentifier +) class _SubjectPublicKeyInfo(univ.Sequence): @@ -942,3 +944,32 @@ class IssuerAlternativeName(object): def __ne__(self, other): return not self == other + + +@utils.register_interface(ExtensionType) +class CertificateIssuer(object): + oid = CRLEntryExtensionOID.CERTIFICATE_ISSUER + + def __init__(self, general_names): + self._general_names = GeneralNames(general_names) + + def __iter__(self): + return iter(self._general_names) + + def __len__(self): + return len(self._general_names) + + def get_values_for_type(self, type): + return self._general_names.get_values_for_type(type) + + def __repr__(self): + return "".format(self._general_names) + + def __eq__(self, other): + if not isinstance(other, CertificateIssuer): + return NotImplemented + + return self._general_names == other._general_names + + def __ne__(self, other): + return not self == other -- cgit v1.2.3