From 5a48552b4b7fc4d108b6d45232769f111fe38896 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 6 May 2015 00:29:12 -0500 Subject: add CRLDistributionPoints and associated classes --- src/cryptography/x509.py | 144 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) (limited to 'src') diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 0d87cd51..671294e2 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -481,6 +481,150 @@ class SubjectKeyIdentifier(object): return not self == other +class CRLDistributionPoints(object): + def __init__(self, distribution_points): + if not all( + isinstance(x, DistributionPoint) for x in distribution_points + ): + raise TypeError( + "distribution_points must be a list of DistributionPoint " + "objects" + ) + + self._distribution_points = distribution_points + + def __iter__(self): + return iter(self._distribution_points) + + def __len__(self): + return len(self._distribution_points) + + def __repr__(self): + return "".format(self._distribution_points) + + def __eq__(self, other): + if not isinstance(other, CRLDistributionPoints): + return NotImplemented + + return self._distribution_points == other._distribution_points + + def __ne__(self, other): + return not self == other + + +class DistributionPoint(object): + def __init__(self, distribution_point, reasons, crl_issuer): + if distribution_point: + if ( + ( + isinstance(distribution_point, list) and + not all( + isinstance(x, GeneralName) for x in distribution_point + ) + ) or not isinstance(distribution_point, (list, Name)) + ): + raise TypeError( + "distribution_point must be None, a list of general names" + ", or a Name" + ) + + if crl_issuer and not all( + isinstance(x, GeneralName) for x in crl_issuer + ): + raise TypeError( + "crl_issuer must be None or a list of general names" + ) + + if reasons and not isinstance(reasons, ReasonFlags): + raise TypeError("reasons must be None or ReasonFlags") + + if reasons and not crl_issuer and not distribution_point: + raise ValueError( + "You must supply crl_issuer or distribution_point when " + "reasons is not None" + ) + + self._distribution_point = distribution_point + self._reasons = reasons + self._crl_issuer = crl_issuer + + def __repr__(self): + return ( + "".format(self) + ) + + def __eq__(self, other): + if not isinstance(other, DistributionPoint): + return NotImplemented + + return ( + self.distribution_point == other.distribution_point and + self.reasons == other.reasons and + self.crl_issuer == other.crl_issuer + ) + + def __ne__(self, other): + return not self == other + + distribution_point = utils.read_only_property("_distribution_point") + reasons = utils.read_only_property("_reasons") + crl_issuer = utils.read_only_property("_crl_issuer") + + +class ReasonFlags(object): + def __init__(self, key_compromise, ca_compromise, affiliation_changed, + superseded, cessation_of_operation, certificate_hold, + privilege_withdrawn, aa_compromise): + self._key_compromise = key_compromise + self._ca_compromise = ca_compromise + self._affiliation_changed = affiliation_changed + self._superseded = superseded + self._cessation_of_operation = cessation_of_operation + self._certificate_hold = certificate_hold + self._privilege_withdrawn = privilege_withdrawn + self._aa_compromise = aa_compromise + + def __repr__(self): + return ( + "".format(self) + ) + + def __eq__(self, other): + if not isinstance(other, ReasonFlags): + return NotImplemented + + return ( + self.key_compromise == other.key_compromise and + self.ca_compromise == other.ca_compromise and + self.affiliation_changed == other.affiliation_changed and + self.superseded == other.superseded and + self.cessation_of_operation == other.cessation_of_operation and + self.certificate_hold == other.certificate_hold and + self.privilege_withdrawn == other.privilege_withdrawn and + self.aa_compromise == other.aa_compromise + ) + + def __ne__(self, other): + return not self == other + + key_compromise = utils.read_only_property("_key_compromise") + ca_compromise = utils.read_only_property("_ca_compromise") + affiliation_changed = utils.read_only_property("_affiliation_changed") + superseded = utils.read_only_property("_superseded") + cessation_of_operation = utils.read_only_property( + "_cessation_of_operation" + ) + certificate_hold = utils.read_only_property("_certificate_hold") + privilege_withdrawn = utils.read_only_property("_privilege_withdrawn") + aa_compromise = utils.read_only_property("_aa_compromise") + + @six.add_metaclass(abc.ABCMeta) class GeneralName(object): @abc.abstractproperty -- cgit v1.2.3 From 4e8dacd02ec4c4b8238e5ebdfcd5ab26348ec658 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 9 May 2015 10:38:23 -0500 Subject: separate full_name/relative_name and change reasons to an enumeration --- src/cryptography/x509.py | 124 +++++++++++++++++++---------------------------- 1 file changed, 50 insertions(+), 74 deletions(-) (limited to 'src') diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 671294e2..cee0cc39 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -513,20 +513,21 @@ class CRLDistributionPoints(object): class DistributionPoint(object): - def __init__(self, distribution_point, reasons, crl_issuer): - if distribution_point: - if ( - ( - isinstance(distribution_point, list) and - not all( - isinstance(x, GeneralName) for x in distribution_point - ) - ) or not isinstance(distribution_point, (list, Name)) - ): - raise TypeError( - "distribution_point must be None, a list of general names" - ", or a Name" - ) + def __init__(self, full_name, relative_name, reasons, crl_issuer): + if full_name and relative_name: + raise ValueError( + "At least one of full_name and relative_name must be None" + ) + + if full_name and not all( + isinstance(x, GeneralName) for x in full_name + ): + raise TypeError( + "full_name must be a list of GeneralName objects" + ) + + if relative_name and not isinstance(relative_name, Name): + raise TypeError("relative_name must be a Name") if crl_issuer and not all( isinstance(x, GeneralName) for x in crl_issuer @@ -535,23 +536,36 @@ class DistributionPoint(object): "crl_issuer must be None or a list of general names" ) - if reasons and not isinstance(reasons, ReasonFlags): - raise TypeError("reasons must be None or ReasonFlags") + if reasons and not all( + isinstance(x, ReasonFlags) for x in reasons + ): + raise TypeError("reasons must be None or list of ReasonFlags") + + if reasons and ( + ReasonFlags.unspecified in reasons or + ReasonFlags.remove_from_crl in reasons + ): + raise ValueError( + "unspecified and remove_from_crl are not valid reasons in a " + "DistributionPoint" + ) - if reasons and not crl_issuer and not distribution_point: + if reasons and not crl_issuer and not (full_name or relative_name): raise ValueError( - "You must supply crl_issuer or distribution_point when " + "You must supply crl_issuer, full_name, or relative_name when " "reasons is not None" ) - self._distribution_point = distribution_point + self._full_name = full_name + self._relative_name = relative_name self._reasons = reasons self._crl_issuer = crl_issuer def __repr__(self): return ( - "".format(self) + "".format(self) ) def __eq__(self, other): @@ -559,7 +573,8 @@ class DistributionPoint(object): return NotImplemented return ( - self.distribution_point == other.distribution_point and + self.full_name == other.full_name and + self.relative_name == other.relative_name and self.reasons == other.reasons and self.crl_issuer == other.crl_issuer ) @@ -567,62 +582,23 @@ class DistributionPoint(object): def __ne__(self, other): return not self == other - distribution_point = utils.read_only_property("_distribution_point") + full_name = utils.read_only_property("_full_name") + relative_name = utils.read_only_property("_relative_name") reasons = utils.read_only_property("_reasons") crl_issuer = utils.read_only_property("_crl_issuer") -class ReasonFlags(object): - def __init__(self, key_compromise, ca_compromise, affiliation_changed, - superseded, cessation_of_operation, certificate_hold, - privilege_withdrawn, aa_compromise): - self._key_compromise = key_compromise - self._ca_compromise = ca_compromise - self._affiliation_changed = affiliation_changed - self._superseded = superseded - self._cessation_of_operation = cessation_of_operation - self._certificate_hold = certificate_hold - self._privilege_withdrawn = privilege_withdrawn - self._aa_compromise = aa_compromise - - def __repr__(self): - return ( - "".format(self) - ) - - def __eq__(self, other): - if not isinstance(other, ReasonFlags): - return NotImplemented - - return ( - self.key_compromise == other.key_compromise and - self.ca_compromise == other.ca_compromise and - self.affiliation_changed == other.affiliation_changed and - self.superseded == other.superseded and - self.cessation_of_operation == other.cessation_of_operation and - self.certificate_hold == other.certificate_hold and - self.privilege_withdrawn == other.privilege_withdrawn and - self.aa_compromise == other.aa_compromise - ) - - def __ne__(self, other): - return not self == other - - key_compromise = utils.read_only_property("_key_compromise") - ca_compromise = utils.read_only_property("_ca_compromise") - affiliation_changed = utils.read_only_property("_affiliation_changed") - superseded = utils.read_only_property("_superseded") - cessation_of_operation = utils.read_only_property( - "_cessation_of_operation" - ) - certificate_hold = utils.read_only_property("_certificate_hold") - privilege_withdrawn = utils.read_only_property("_privilege_withdrawn") - aa_compromise = utils.read_only_property("_aa_compromise") +class ReasonFlags(Enum): + unspecified = "unspecified" + key_compromise = "keyCompromise" + ca_compromise = "cACompromise" + affiliation_changed = "affiliationChanged" + superseded = "superseded" + cessation_of_operation = "cessationOfOperation" + certificate_hold = "certificateHold" + privilege_withdrawn = "privilegeWithdrawn" + aa_compromise = "aACompromise" + remove_from_crl = "removeFromCRL" @six.add_metaclass(abc.ABCMeta) -- cgit v1.2.3 From 3fd0260a3dd110d99c0174c3937aa3d86b0d9ba0 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 9 May 2015 19:46:13 -0500 Subject: switch reasons to frozenset --- src/cryptography/x509.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index cee0cc39..dfc0af8c 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -536,10 +536,10 @@ class DistributionPoint(object): "crl_issuer must be None or a list of general names" ) - if reasons and not all( + if reasons and (not isinstance(reasons, frozenset) or not all( isinstance(x, ReasonFlags) for x in reasons - ): - raise TypeError("reasons must be None or list of ReasonFlags") + )): + raise TypeError("reasons must be None or frozenset of ReasonFlags") if reasons and ( ReasonFlags.unspecified in reasons or -- cgit v1.2.3