From 3fd0260a3dd110d99c0174c3937aa3d86b0d9ba0 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 9 May 2015 19:46:13 -0500 Subject: switch reasons to frozenset --- docs/x509.rst | 2 +- src/cryptography/x509.py | 6 ++-- tests/test_x509_ext.py | 78 ++++++++++++++++++++++++++---------------------- 3 files changed, 46 insertions(+), 40 deletions(-) diff --git a/docs/x509.rst b/docs/x509.rst index f9992e20..86673e3b 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -835,7 +835,7 @@ X.509 Extensions .. attribute:: reasons - :type: list of :class:`ReasonFlags` or None + :type: frozenset of :class:`ReasonFlags` or None The reasons a given distribution point may be used for when performing revocation checks. diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index cee0cc39..dfc0af8c 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -536,10 +536,10 @@ class DistributionPoint(object): "crl_issuer must be None or a list of general names" ) - if reasons and not all( + if reasons and (not isinstance(reasons, frozenset) or not all( isinstance(x, ReasonFlags) for x in reasons - ): - raise TypeError("reasons must be None or list of ReasonFlags") + )): + raise TypeError("reasons must be None or frozenset of ReasonFlags") if reasons and ( ReasonFlags.unspecified in reasons or diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index e0858c76..a18a443b 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1342,7 +1342,16 @@ class TestDistributionPoint(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, - ["notreasonflags"], + frozenset(["notreasonflags"]), + None + ) + + def test_reason_not_frozenset(self): + with pytest.raises(TypeError): + x509.DistributionPoint( + [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], + None, + [x509.ReasonFlags.ca_compromise], None ) @@ -1351,7 +1360,7 @@ class TestDistributionPoint(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, - [x509.ReasonFlags.unspecified], + frozenset([x509.ReasonFlags.unspecified]), None ) @@ -1359,7 +1368,7 @@ class TestDistributionPoint(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, - [x509.ReasonFlags.remove_from_crl], + frozenset([x509.ReasonFlags.remove_from_crl]), None ) @@ -1368,7 +1377,7 @@ class TestDistributionPoint(object): x509.DistributionPoint( None, None, - [x509.ReasonFlags.aa_compromise], + frozenset([x509.ReasonFlags.aa_compromise]), None ) @@ -1376,7 +1385,7 @@ class TestDistributionPoint(object): dp = x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, - [x509.ReasonFlags.superseded], + frozenset([x509.ReasonFlags.superseded]), [ x509.DirectoryName( x509.Name([ @@ -1390,7 +1399,7 @@ class TestDistributionPoint(object): dp2 = x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, - [x509.ReasonFlags.superseded], + frozenset([x509.ReasonFlags.superseded]), [ x509.DirectoryName( x509.Name([ @@ -1407,9 +1416,7 @@ class TestDistributionPoint(object): dp = x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, - [ - x509.ReasonFlags.superseded, - ], + frozenset([x509.ReasonFlags.superseded]), [ x509.DirectoryName( x509.Name([ @@ -1435,10 +1442,10 @@ class TestDistributionPoint(object): x509.Name([ x509.NameAttribute(x509.OID_COMMON_NAME, "myCN") ]), - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), [ x509.DirectoryName( x509.Name([ @@ -1452,10 +1459,11 @@ class TestDistributionPoint(object): assert repr(dp) == ( ", val" - "ue='myCN')>])>, reasons=[, ], crl_issuer" - "=[, value='Important CA')>])>)>])>" + "ue='myCN')>])>, reasons=frozenset([, ])," + " crl_issuer=[, value='Important C" + "A')>])>)>])>" ) @@ -1475,10 +1483,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), None ), ]) @@ -1493,10 +1501,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), None ), ] @@ -1506,18 +1514,18 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), None ), ]) assert repr(cdp) == ( "], relative_name=None, reason" - "s=[, ], crl_issuer=None)>])>" + "s=frozenset([, ]), crl_issuer=None)>])>" ) def test_eq(self): @@ -1525,10 +1533,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) @@ -1536,10 +1544,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) @@ -1550,10 +1558,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) @@ -1561,10 +1569,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain2")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) @@ -1572,9 +1580,7 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ - x509.ReasonFlags.key_compromise, - ], + frozenset([x509.ReasonFlags.key_compromise]), [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) @@ -1582,10 +1588,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), [x509.UniformResourceIdentifier(u"uri://thing2")], ), ]) -- cgit v1.2.3