From 08f950e7ab86da8687b5ad7a12153e766284a76a Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 8 Aug 2015 22:14:42 -0500 Subject: remove a lot of if/elif chains in the certificate builder --- .../hazmat/backends/openssl/backend.py | 42 ++++++++++------------ src/cryptography/x509.py | 38 +++----------------- 2 files changed, 23 insertions(+), 57 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index c583214d..faa3ee55 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -473,6 +473,21 @@ def _encode_crl_distribution_points(backend, crl_distribution_points): return pp, r +_EXTENSION_ENCODE_HANDLERS = { + x509.OID_BASIC_CONSTRAINTS: _encode_basic_constraints, + x509.OID_SUBJECT_KEY_IDENTIFIER: _encode_subject_key_identifier, + x509.OID_KEY_USAGE: _encode_key_usage, + x509.OID_SUBJECT_ALTERNATIVE_NAME: _encode_subject_alt_name, + x509.OID_EXTENDED_KEY_USAGE: _encode_extended_key_usage, + x509.OID_AUTHORITY_KEY_IDENTIFIER: _encode_authority_key_identifier, + x509.OID_AUTHORITY_INFORMATION_ACCESS: ( + _encode_authority_information_access + ), + x509.OID_CRL_DISTRIBUTION_POINTS: _encode_crl_distribution_points, + x509.OID_INHIBIT_ANY_POLICY: _encode_inhibit_any_policy, +} + + @utils.register_interface(CipherBackend) @utils.register_interface(CMACBackend) @utils.register_interface(DERSerializationBackend) @@ -1279,29 +1294,10 @@ class Backend(object): # Add extensions. for i, extension in enumerate(builder._extensions): - if isinstance(extension.value, x509.BasicConstraints): - pp, r = _encode_basic_constraints(self, extension.value) - elif isinstance(extension.value, x509.AuthorityKeyIdentifier): - pp, r = _encode_authority_key_identifier(self, extension.value) - elif isinstance(extension.value, x509.KeyUsage): - pp, r = _encode_key_usage(self, extension.value) - elif isinstance(extension.value, x509.InhibitAnyPolicy): - pp, r = _encode_inhibit_any_policy(self, extension.value) - elif isinstance(extension.value, x509.ExtendedKeyUsage): - pp, r = _encode_extended_key_usage(self, extension.value) - elif isinstance(extension.value, x509.SubjectAlternativeName): - pp, r = _encode_subject_alt_name(self, extension.value) - elif isinstance(extension.value, x509.SubjectKeyIdentifier): - pp, r = _encode_subject_key_identifier(self, extension.value) - elif isinstance(extension.value, x509.AuthorityInformationAccess): - pp, r = _encode_authority_information_access( - self, extension.value - ) - elif isinstance(extension.value, x509.CRLDistributionPoints): - pp, r = _encode_crl_distribution_points( - self, extension.value - ) - else: + try: + encode = _EXTENSION_ENCODE_HANDLERS[extension.oid] + pp, r = encode(self, extension.value) + except KeyError: raise NotImplementedError('Extension not yet supported.') obj = _txt2obj_gc(self, extension.oid.dotted_string) diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index bcda7217..7b1de8b8 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1810,40 +1810,10 @@ class CertificateBuilder(object): """ Adds an X.509 extension to the certificate. """ - if isinstance(extension, BasicConstraints): - extension = Extension(OID_BASIC_CONSTRAINTS, critical, extension) - elif isinstance(extension, AuthorityKeyIdentifier): - extension = Extension( - OID_AUTHORITY_KEY_IDENTIFIER, critical, extension - ) - elif isinstance(extension, KeyUsage): - extension = Extension(OID_KEY_USAGE, critical, extension) - elif isinstance(extension, InhibitAnyPolicy): - extension = Extension(OID_INHIBIT_ANY_POLICY, critical, extension) - elif isinstance(extension, ExtendedKeyUsage): - extension = Extension(OID_EXTENDED_KEY_USAGE, critical, extension) - elif isinstance(extension, SubjectAlternativeName): - extension = Extension( - OID_SUBJECT_ALTERNATIVE_NAME, critical, extension - ) - elif isinstance(extension, AuthorityInformationAccess): - extension = Extension( - OID_AUTHORITY_INFORMATION_ACCESS, critical, extension - ) - elif isinstance(extension, SubjectKeyIdentifier): - extension = Extension( - OID_SUBJECT_KEY_IDENTIFIER, critical, extension - ) - elif isinstance(extension, CRLDistributionPoints): - extension = Extension( - OID_CRL_DISTRIBUTION_POINTS, critical, extension - ) - elif isinstance(extension, IssuerAlternativeName): - extension = Extension( - OID_ISSUER_ALTERNATIVE_NAME, critical, extension - ) - else: - raise NotImplementedError('Unsupported X.509 extension.') + if not isinstance(extension, ExtensionType): + raise TypeError("extension must be an ExtensionType") + + extension = Extension(extension.oid, critical, extension) # TODO: This is quadratic in the number of extensions for e in self._extensions: -- cgit v1.2.3 From e59fd22f572ed8cabb8ae304aa1969e1922f833f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 8 Aug 2015 22:50:19 -0500 Subject: simplify the CSRBuilder --- src/cryptography/hazmat/backends/openssl/backend.py | 13 ++++--------- src/cryptography/x509.py | 19 +++++-------------- 2 files changed, 9 insertions(+), 23 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index faa3ee55..2712abcb 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1193,15 +1193,10 @@ class Backend(object): self._lib.sk_X509_EXTENSION_free, ) for extension in builder._extensions: - if isinstance(extension.value, x509.BasicConstraints): - pp, r = _encode_basic_constraints(self, extension.value) - elif isinstance(extension.value, x509.SubjectAlternativeName): - pp, r = _encode_subject_alt_name(self, extension.value) - elif isinstance(extension.value, x509.KeyUsage): - pp, r = _encode_key_usage(self, extension.value) - elif isinstance(extension.value, x509.ExtendedKeyUsage): - pp, r = _encode_extended_key_usage(self, extension.value) - else: + try: + encode = _EXTENSION_ENCODE_HANDLERS[extension.oid] + pp, r = encode(self, extension.value) + except KeyError: raise NotImplementedError('Extension not yet supported.') obj = _txt2obj_gc(self, extension.oid.dotted_string) diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 7b1de8b8..a1d0b2f9 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1665,20 +1665,11 @@ class CertificateSigningRequestBuilder(object): """ Adds an X.509 extension to the certificate request. """ - if isinstance(extension, BasicConstraints): - extension = Extension(OID_BASIC_CONSTRAINTS, critical, extension) - elif isinstance(extension, ExtendedKeyUsage): - extension = Extension(OID_EXTENDED_KEY_USAGE, critical, extension) - elif isinstance(extension, SubjectAlternativeName): - extension = Extension( - OID_SUBJECT_ALTERNATIVE_NAME, critical, extension - ) - elif isinstance(extension, KeyUsage): - extension = Extension(OID_KEY_USAGE, critical, extension) - elif isinstance(extension, InhibitAnyPolicy): - extension = Extension(OID_INHIBIT_ANY_POLICY, critical, extension) - else: - raise NotImplementedError('Unsupported X.509 extension.') + if not isinstance(extension, ExtensionType): + raise TypeError("extension must be an ExtensionType") + + extension = Extension(extension.oid, critical, extension) + # TODO: This is quadratic in the number of extensions for e in self._extensions: if e.oid == extension.oid: -- cgit v1.2.3 From 84e7f1e04e694e115b207d51a3e6812918df212b Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 9 Aug 2015 09:43:11 -0500 Subject: move encode out of try blocks --- src/cryptography/hazmat/backends/openssl/backend.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 2712abcb..ad88dd9d 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1195,10 +1195,10 @@ class Backend(object): for extension in builder._extensions: try: encode = _EXTENSION_ENCODE_HANDLERS[extension.oid] - pp, r = encode(self, extension.value) except KeyError: raise NotImplementedError('Extension not yet supported.') + pp, r = encode(self, extension.value) obj = _txt2obj_gc(self, extension.oid.dotted_string) extension = self._lib.X509_EXTENSION_create_by_OBJ( self._ffi.NULL, @@ -1291,10 +1291,10 @@ class Backend(object): for i, extension in enumerate(builder._extensions): try: encode = _EXTENSION_ENCODE_HANDLERS[extension.oid] - pp, r = encode(self, extension.value) except KeyError: raise NotImplementedError('Extension not yet supported.') + pp, r = encode(self, extension.value) obj = _txt2obj_gc(self, extension.oid.dotted_string) extension = self._lib.X509_EXTENSION_create_by_OBJ( self._ffi.NULL, -- cgit v1.2.3