From 6fb217234a596e882487cab8a1df05e0b2990ca0 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 10 Aug 2015 19:15:56 -0500
Subject: switch the openssl backend to use the OID namespace

---
 .../hazmat/backends/openssl/backend.py             | 23 ++++++++--------
 src/cryptography/hazmat/backends/openssl/x509.py   | 31 +++++++++++-----------
 2 files changed, 28 insertions(+), 26 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 3866c0d4..9eae69c7 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -53,6 +53,7 @@ from cryptography.hazmat.primitives.ciphers.algorithms import (
 from cryptography.hazmat.primitives.ciphers.modes import (
     CBC, CFB, CFB8, CTR, ECB, GCM, OFB
 )
+from cryptography.x509.oid import ExtensionOID
 
 
 _MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"])
@@ -482,19 +483,19 @@ def _encode_crl_distribution_points(backend, crl_distribution_points):
 
 
 _EXTENSION_ENCODE_HANDLERS = {
-    x509.OID_BASIC_CONSTRAINTS: _encode_basic_constraints,
-    x509.OID_SUBJECT_KEY_IDENTIFIER: _encode_subject_key_identifier,
-    x509.OID_KEY_USAGE: _encode_key_usage,
-    x509.OID_SUBJECT_ALTERNATIVE_NAME: _encode_alt_name,
-    x509.OID_ISSUER_ALTERNATIVE_NAME: _encode_alt_name,
-    x509.OID_EXTENDED_KEY_USAGE: _encode_extended_key_usage,
-    x509.OID_AUTHORITY_KEY_IDENTIFIER: _encode_authority_key_identifier,
-    x509.OID_AUTHORITY_INFORMATION_ACCESS: (
+    ExtensionOID.BASIC_CONSTRAINTS: _encode_basic_constraints,
+    ExtensionOID.SUBJECT_KEY_IDENTIFIER: _encode_subject_key_identifier,
+    ExtensionOID.KEY_USAGE: _encode_key_usage,
+    ExtensionOID.SUBJECT_ALTERNATIVE_NAME: _encode_alt_name,
+    ExtensionOID.ISSUER_ALTERNATIVE_NAME: _encode_alt_name,
+    ExtensionOID.EXTENDED_KEY_USAGE: _encode_extended_key_usage,
+    ExtensionOID.AUTHORITY_KEY_IDENTIFIER: _encode_authority_key_identifier,
+    ExtensionOID.AUTHORITY_INFORMATION_ACCESS: (
         _encode_authority_information_access
     ),
-    x509.OID_CRL_DISTRIBUTION_POINTS: _encode_crl_distribution_points,
-    x509.OID_INHIBIT_ANY_POLICY: _encode_inhibit_any_policy,
-    x509.OID_OCSP_NO_CHECK: _encode_ocsp_nocheck,
+    ExtensionOID.CRL_DISTRIBUTION_POINTS: _encode_crl_distribution_points,
+    ExtensionOID.INHIBIT_ANY_POLICY: _encode_inhibit_any_policy,
+    ExtensionOID.OCSP_NO_CHECK: _encode_ocsp_nocheck,
 }
 
 
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 564b2680..e9af97f3 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -17,6 +17,7 @@ from six.moves import urllib_parse
 from cryptography import utils, x509
 from cryptography.exceptions import UnsupportedAlgorithm
 from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.x509.oid import CertificatePoliciesOID, ExtensionOID
 
 
 def _obj2txt(backend, obj):
@@ -385,13 +386,13 @@ def _decode_certificate_policies(backend, cp):
                 pqualid = x509.ObjectIdentifier(
                     _obj2txt(backend, pqi.pqualid)
                 )
-                if pqualid == x509.OID_CPS_QUALIFIER:
+                if pqualid == CertificatePoliciesOID.CPS_QUALIFIER:
                     cpsuri = backend._ffi.buffer(
                         pqi.d.cpsuri.data, pqi.d.cpsuri.length
                     )[:].decode('ascii')
                     qualifiers.append(cpsuri)
                 else:
-                    assert pqualid == x509.OID_CPS_USER_NOTICE
+                    assert pqualid == CertificatePoliciesOID.CPS_USER_NOTICE
                     user_notice = _decode_user_notice(
                         backend, pqi.d.usernotice
                     )
@@ -756,21 +757,21 @@ class _CertificateSigningRequest(object):
 
 
 _EXTENSION_HANDLERS = {
-    x509.OID_BASIC_CONSTRAINTS: _decode_basic_constraints,
-    x509.OID_SUBJECT_KEY_IDENTIFIER: _decode_subject_key_identifier,
-    x509.OID_KEY_USAGE: _decode_key_usage,
-    x509.OID_SUBJECT_ALTERNATIVE_NAME: _decode_subject_alt_name,
-    x509.OID_EXTENDED_KEY_USAGE: _decode_extended_key_usage,
-    x509.OID_AUTHORITY_KEY_IDENTIFIER: _decode_authority_key_identifier,
-    x509.OID_AUTHORITY_INFORMATION_ACCESS: (
+    ExtensionOID.BASIC_CONSTRAINTS: _decode_basic_constraints,
+    ExtensionOID.SUBJECT_KEY_IDENTIFIER: _decode_subject_key_identifier,
+    ExtensionOID.KEY_USAGE: _decode_key_usage,
+    ExtensionOID.SUBJECT_ALTERNATIVE_NAME: _decode_subject_alt_name,
+    ExtensionOID.EXTENDED_KEY_USAGE: _decode_extended_key_usage,
+    ExtensionOID.AUTHORITY_KEY_IDENTIFIER: _decode_authority_key_identifier,
+    ExtensionOID.AUTHORITY_INFORMATION_ACCESS: (
         _decode_authority_information_access
     ),
-    x509.OID_CERTIFICATE_POLICIES: _decode_certificate_policies,
-    x509.OID_CRL_DISTRIBUTION_POINTS: _decode_crl_distribution_points,
-    x509.OID_OCSP_NO_CHECK: _decode_ocsp_no_check,
-    x509.OID_INHIBIT_ANY_POLICY: _decode_inhibit_any_policy,
-    x509.OID_ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name,
-    x509.OID_NAME_CONSTRAINTS: _decode_name_constraints,
+    ExtensionOID.CERTIFICATE_POLICIES: _decode_certificate_policies,
+    ExtensionOID.CRL_DISTRIBUTION_POINTS: _decode_crl_distribution_points,
+    ExtensionOID.OCSP_NO_CHECK: _decode_ocsp_no_check,
+    ExtensionOID.INHIBIT_ANY_POLICY: _decode_inhibit_any_policy,
+    ExtensionOID.ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name,
+    ExtensionOID.NAME_CONSTRAINTS: _decode_name_constraints,
 }
 
 
-- 
cgit v1.2.3