From 8a49f9217d2148c4c60d0c0c92e736bbb202c169 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 25 Jul 2015 20:44:51 +0100
Subject: encode authority information access

---
 src/_cffi_src/openssl/x509v3.py                    |  6 ++++++
 .../hazmat/backends/openssl/backend.py             | 24 ++++++++++++++++++++++
 2 files changed, 30 insertions(+)

(limited to 'src')

diff --git a/src/_cffi_src/openssl/x509v3.py b/src/_cffi_src/openssl/x509v3.py
index a61ad321..fc3c6d46 100644
--- a/src/_cffi_src/openssl/x509v3.py
+++ b/src/_cffi_src/openssl/x509v3.py
@@ -203,6 +203,9 @@ int i2d_GENERAL_NAMES(GENERAL_NAMES *, unsigned char **);
 
 int i2d_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE *, unsigned char **);
 
+int i2d_AUTHORITY_INFO_ACCESS(Cryptography_STACK_OF_ACCESS_DESCRIPTION *,
+                              unsigned char **);
+
 int sk_GENERAL_NAME_num(struct stack_st_GENERAL_NAME *);
 int sk_GENERAL_NAME_push(struct stack_st_GENERAL_NAME *, GENERAL_NAME *);
 GENERAL_NAME *sk_GENERAL_NAME_value(struct stack_st_GENERAL_NAME *, int);
@@ -216,6 +219,9 @@ void sk_ACCESS_DESCRIPTION_free(Cryptography_STACK_OF_ACCESS_DESCRIPTION *);
 int sk_ACCESS_DESCRIPTION_push(Cryptography_STACK_OF_ACCESS_DESCRIPTION *,
                                ACCESS_DESCRIPTION *);
 
+ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
+void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *);
+
 X509_EXTENSION *X509V3_EXT_conf_nid(Cryptography_LHASH_OF_CONF_VALUE *,
                                     X509V3_CTX *, int, char *);
 
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 0176de21..7917402f 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -202,6 +202,30 @@ def _encode_basic_constraints(backend, basic_constraints):
     return pp, r
 
 
+def _encode_authority_information_access(backend, authority_info_access):
+    aia = backend._lib.sk_ACCESS_DESCRIPTION_new_null()
+    assert aia != backend._ffi.NULL
+    aia = backend._ffi.gc(
+        aia, backend._lib.sk_ACCESS_DESCRIPTION_free
+    )
+    for access_description in authority_info_access:
+        ad = backend._lib.ACCESS_DESCRIPTION_new()
+        method = _txt2obj(backend, access_description.access_method)
+        gn = _encode_general_name(backend, access_description.access_location)
+        ad.method = method
+        ad.location = gn
+        res = backend._lib.sk_ACCESS_DESCRIPTION_push(aia, ad)
+        assert res >= 1
+
+    pp = backend._ffi.new('unsigned char **')
+    r = backend._lib.i2d_AUTHORITY_INFO_ACCESS(aia, pp)
+    assert r > 0
+    pp = backend._ffi.gc(
+        pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0])
+    )
+    return pp, r
+
+
 def _encode_subject_alt_name(backend, san):
     general_names = backend._lib.GENERAL_NAMES_new()
     assert general_names != backend._ffi.NULL
-- 
cgit v1.2.3


From 3b54ce272df125430907f27c61c86d27531b7f33 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 3 Aug 2015 16:44:57 +0100
Subject: add support for AIA to CertificateBuilder and OpenSSL backend

---
 src/cryptography/hazmat/backends/openssl/backend.py | 8 +++++++-
 src/cryptography/x509.py                            | 4 ++++
 2 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 7917402f..570782a2 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -210,7 +210,9 @@ def _encode_authority_information_access(backend, authority_info_access):
     )
     for access_description in authority_info_access:
         ad = backend._lib.ACCESS_DESCRIPTION_new()
-        method = _txt2obj(backend, access_description.access_method)
+        method = _txt2obj(
+            backend, access_description.access_method.dotted_string
+        )
         gn = _encode_general_name(backend, access_description.access_location)
         ad.method = method
         ad.location = gn
@@ -1163,6 +1165,10 @@ class Backend(object):
                 pp, r = _encode_basic_constraints(self, extension.value)
             elif isinstance(extension.value, x509.SubjectAlternativeName):
                 pp, r = _encode_subject_alt_name(self, extension.value)
+            elif isinstance(extension.value, x509.AuthorityInformationAccess):
+                pp, r = _encode_authority_information_access(
+                    self, extension.value
+                )
             else:
                 raise NotImplementedError('Extension not yet supported.')
 
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index f35582b0..6e27cdb7 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1724,6 +1724,10 @@ class CertificateBuilder(object):
             extension = Extension(
                 OID_SUBJECT_ALTERNATIVE_NAME, critical, extension
             )
+        elif isinstance(extension, AuthorityInformationAccess):
+            extension = Extension(
+                OID_AUTHORITY_INFORMATION_ACCESS, critical, extension
+            )
         elif isinstance(extension, InhibitAnyPolicy):
             extension = Extension(OID_INHIBIT_ANY_POLICY, critical, extension)
         else:
-- 
cgit v1.2.3