From 1eb82a604175923acd6c0512e86a746df7acbb59 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 31 Mar 2015 20:00:33 -0500
Subject: add subjectkeyidentifier support

---
 src/cryptography/hazmat/backends/openssl/x509.py | 12 +++++++++++
 src/cryptography/x509.py                         | 26 ++++++++++++++++++++++++
 2 files changed, 38 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 6a7032ba..8b77a11b 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -170,6 +170,8 @@ class _Certificate(object):
                 )
             elif oid == x509.OID_BASIC_CONSTRAINTS:
                 value = self._build_basic_constraints(ext)
+            elif oid == x509.OID_SUBJECT_KEY_IDENTIFIER:
+                value = self._build_subject_key_identifier(ext)
             elif oid == x509.OID_KEY_USAGE and critical:
                 # TODO: remove this obviously.
                 warnings.warn(
@@ -217,6 +219,16 @@ class _Certificate(object):
 
         return x509.BasicConstraints(ca, path_length)
 
+    def _build_subject_key_identifier(self, ext):
+        asn1_string = self._backend._lib.X509V3_EXT_d2i(ext)
+        assert asn1_string != self._backend._ffi.NULL
+        asn1_string = self._backend._ffi.cast(
+            "ASN1_OCTET_STRING *", asn1_string
+        )
+        return x509.SubjectKeyIdentifier(
+            self._backend._ffi.buffer(asn1_string.data, asn1_string.length)[:]
+        )
+
 
 @utils.register_interface(x509.CertificateSigningRequest)
 class _CertificateSigningRequest(object):
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 697d7d6e..df37934a 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -5,6 +5,7 @@
 from __future__ import absolute_import, division, print_function
 
 import abc
+import binascii
 from enum import Enum
 
 import six
@@ -346,6 +347,31 @@ class KeyUsage(object):
             return self._decipher_only
 
 
+class SubjectKeyIdentifier(object):
+    def __init__(self, digest):
+        self._digest = digest
+
+    digest = utils.read_only_property("_digest")
+
+    @property
+    def hexdigest(self):
+        return binascii.hexlify(self.digest).decode("ascii")
+
+    def __repr__(self):
+        return "<SubjectKeyIdentifier(value={0})>".format(self.hexdigest)
+
+    def __eq__(self, other):
+        if not isinstance(other, SubjectKeyIdentifier):
+            return NotImplemented
+
+        return (
+            self.digest == other.digest
+        )
+
+    def __ne__(self, other):
+        return not self == other
+
+
 OID_COMMON_NAME = ObjectIdentifier("2.5.4.3")
 OID_COUNTRY_NAME = ObjectIdentifier("2.5.4.6")
 OID_LOCALITY_NAME = ObjectIdentifier("2.5.4.7")
-- 
cgit v1.2.3


From 0f5a66b1d60063b7e7afc5ad2f001fa00cc8ac1e Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 9 Apr 2015 14:23:03 -0400
Subject: free the ASN1_OCTET_STRING instance

---
 src/cryptography/hazmat/backends/openssl/x509.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 8b77a11b..5d47c5ea 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -225,6 +225,9 @@ class _Certificate(object):
         asn1_string = self._backend._ffi.cast(
             "ASN1_OCTET_STRING *", asn1_string
         )
+        asn1_string = self._backend._ffi.gc(
+            asn1_string, self._backend._lib.ASN1_OCTET_STRING_free
+        )
         return x509.SubjectKeyIdentifier(
             self._backend._ffi.buffer(asn1_string.data, asn1_string.length)[:]
         )
-- 
cgit v1.2.3


From cbfb1015d9750a276456411a2b638585b6e4d7de Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Fri, 10 Apr 2015 20:57:20 -0400
Subject: alter approach to just use digest, no hexdigest

---
 src/cryptography/x509.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index df37934a..d635d4af 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -353,12 +353,8 @@ class SubjectKeyIdentifier(object):
 
     digest = utils.read_only_property("_digest")
 
-    @property
-    def hexdigest(self):
-        return binascii.hexlify(self.digest).decode("ascii")
-
     def __repr__(self):
-        return "<SubjectKeyIdentifier(value={0})>".format(self.hexdigest)
+        return "<SubjectKeyIdentifier(digest={0!r})>".format(self.digest)
 
     def __eq__(self, other):
         if not isinstance(other, SubjectKeyIdentifier):
-- 
cgit v1.2.3


From 6c7dd24f350435f6362021822dcd7e51902088ec Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 11 Apr 2015 08:16:52 -0400
Subject: unused import I left in as a test. Yeah, that's why...

---
 src/cryptography/x509.py | 1 -
 1 file changed, 1 deletion(-)

(limited to 'src')

diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index d635d4af..28d16853 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -5,7 +5,6 @@
 from __future__ import absolute_import, division, print_function
 
 import abc
-import binascii
 from enum import Enum
 
 import six
-- 
cgit v1.2.3