From 253929a85c45c1313fd68d10ec7a7a45e380d5c0 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 5 Aug 2015 17:30:39 +0100 Subject: add AuthorityKeyIdentifier from_issuer_public_key Refactored SKI's creation code into a separate function, added doctest examples --- src/cryptography/x509.py | 49 ++++++++++++++++++++++++++++++------------------ 1 file changed, 31 insertions(+), 18 deletions(-) (limited to 'src') diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 5ed3c094..3f306e3a 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -32,6 +32,27 @@ class _SubjectPublicKeyInfo(univ.Sequence): ) +def _key_identifier_from_public_key(public_key): + # This is a very slow way to do this. + serialized = public_key.public_bytes( + serialization.Encoding.DER, + serialization.PublicFormat.SubjectPublicKeyInfo + ) + spki, remaining = decoder.decode( + serialized, asn1Spec=_SubjectPublicKeyInfo() + ) + # the univ.BitString object is a tuple of bits. We need bytes and + # pyasn1 really doesn't want to give them to us. To get it we'll + # build an integer and convert that to bytes. + assert not remaining + bits = 0 + for bit in spki.getComponentByName("subjectPublicKey"): + bits = bits << 1 | bit + + data = utils.int_to_bytes(bits) + return hashlib.sha1(data).digest() + + _OID_NAMES = { "2.5.4.3": "commonName", "2.5.4.6": "countryName", @@ -710,24 +731,7 @@ class SubjectKeyIdentifier(object): @classmethod def from_public_key(cls, public_key): - # This is a very slow way to do this. - serialized = public_key.public_bytes( - serialization.Encoding.DER, - serialization.PublicFormat.SubjectPublicKeyInfo - ) - spki, remaining = decoder.decode( - serialized, asn1Spec=_SubjectPublicKeyInfo() - ) - assert not remaining - # the univ.BitString object is a tuple of bits. We need bytes and - # pyasn1 really doesn't want to give them to us. To get it we'll - # build an integer and convert that to bytes. - bits = 0 - for bit in spki.getComponentByName("subjectPublicKey"): - bits = bits << 1 | bit - - data = utils.int_to_bytes(bits) - return cls(hashlib.sha1(data).digest()) + return cls(_key_identifier_from_public_key(public_key)) digest = utils.read_only_property("_digest") @@ -1318,6 +1322,15 @@ class AuthorityKeyIdentifier(object): self._authority_cert_issuer = authority_cert_issuer self._authority_cert_serial_number = authority_cert_serial_number + @classmethod + def from_issuer_public_key(cls, public_key): + digest = _key_identifier_from_public_key(public_key) + return cls( + key_identifier=digest, + authority_cert_issuer=None, + authority_cert_serial_number=None + ) + def __repr__(self): return ( " Date: Sat, 8 Aug 2015 15:41:54 -0500 Subject: address review comments --- src/cryptography/x509.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 3f306e3a..713e92a2 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -41,10 +41,10 @@ def _key_identifier_from_public_key(public_key): spki, remaining = decoder.decode( serialized, asn1Spec=_SubjectPublicKeyInfo() ) + assert not remaining # the univ.BitString object is a tuple of bits. We need bytes and # pyasn1 really doesn't want to give them to us. To get it we'll # build an integer and convert that to bytes. - assert not remaining bits = 0 for bit in spki.getComponentByName("subjectPublicKey"): bits = bits << 1 | bit -- cgit v1.2.3