From 2b62258a39880518403456bab487360b46ff02f7 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 15 Apr 2015 11:04:29 -0400 Subject: certificate policies extension support Adds a bunch of ancillary classes to support this. --- src/cryptography/x509.py | 119 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) (limited to 'src') diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index dfc0af8c..3509303f 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -69,6 +69,8 @@ _OID_NAMES = { "1.3.6.1.5.5.7.48.1.5": "OCSPNoCheck", "1.3.6.1.5.5.7.48.1": "OCSP", "1.3.6.1.5.5.7.48.2": "caIssuers", + "1.3.6.1.5.5.7.2.1": "id-qt-cps", + "1.3.6.1.5.5.7.2.2": "id-qt-unotice", } @@ -460,6 +462,120 @@ class AccessDescription(object): access_location = utils.read_only_property("_access_location") +class CertificatePolicies(object): + def __init__(self, policies): + if not all(map(lambda x: isinstance(x, PolicyInformation), policies)): + raise TypeError( + "Every item in the policies list must be a " + "PolicyInformation" + ) + + self._policies = policies + + def __iter__(self): + return iter(self._policies) + + def __len__(self): + return len(self._policies) + + def __repr__(self): + return "".format(self._policies) + + +class PolicyInformation(object): + def __init__(self, policy_identifier, policy_qualifiers): + if not isinstance(policy_identifier, ObjectIdentifier): + raise TypeError("policy_identifier must be an ObjectIdentifier") + + self._policy_identifier = policy_identifier + if policy_qualifiers and not all( + map( + lambda x: isinstance(x, PolicyQualifierInfo), policy_qualifiers + ) + ): + raise TypeError( + "policy_qualifiers must be a list of PolicyQualifierInfo " + "objects or None" + ) + + self._policy_qualifiers = policy_qualifiers + + def __repr__(self): + return ( + "".format(self) + ) + + policy_identifier = utils.read_only_property("_policy_identifier") + policy_qualifiers = utils.read_only_property("_policy_qualifiers") + + +class PolicyQualifierInfo(object): + def __init__(self, qualifier): + if not isinstance(qualifier, (six.string_types, UserNotice)): + raise ValueError("qualifier must be string or UserNotice") + + if isinstance(qualifier, six.string_types): + self._policy_qualifier_id = OID_CPS_QUALIFIER + else: + self._policy_qualifier_id = OID_CPS_USER_NOTICE + + self._qualifier = qualifier + + def __repr__(self): + return ( + "".format(self) + ) + + policy_qualifier_id = utils.read_only_property("_policy_qualifier_id") + qualifier = utils.read_only_property("_qualifier") + + +class UserNotice(object): + def __init__(self, notice_reference, explicit_text): + if notice_reference and not isinstance( + notice_reference, NoticeReference + ): + raise TypeError( + "notice_reference must be None or a NoticeReference" + ) + + self._notice_reference = notice_reference + self._explicit_text = explicit_text + + def __repr__(self): + return ( + "".format(self) + ) + + notice_reference = utils.read_only_property("_notice_reference") + explicit_text = utils.read_only_property("_explicit_text") + + +class NoticeReference(object): + def __init__(self, organization, notice_numbers): + self._organization = organization + if notice_numbers and not all( + map(lambda x: isinstance(x, int), notice_numbers) + ): + raise TypeError( + "notice_numbers must be a list of integers or None" + ) + + self._notice_numbers = notice_numbers + + def __repr__(self): + return ( + "".format(self) + ) + + organization = utils.read_only_property("_organization") + notice_numbers = utils.read_only_property("_notice_numbers") + + class SubjectKeyIdentifier(object): def __init__(self, digest): self._digest = digest @@ -874,6 +990,9 @@ OID_OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9") OID_CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2") OID_OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1") +OID_CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1") +OID_CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2") + @six.add_metaclass(abc.ABCMeta) class Certificate(object): -- cgit v1.2.3 From f61ec74821a341e0142297872c95e87b55b7da4d Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 18 Apr 2015 20:42:39 -0500 Subject: use list comprehension syntax to make this cleaner --- src/cryptography/x509.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 3509303f..eb7731fc 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -464,7 +464,7 @@ class AccessDescription(object): class CertificatePolicies(object): def __init__(self, policies): - if not all(map(lambda x: isinstance(x, PolicyInformation), policies)): + if not all(isinstance(x, PolicyInformation) for x in policies): raise TypeError( "Every item in the policies list must be a " "PolicyInformation" @@ -489,9 +489,7 @@ class PolicyInformation(object): self._policy_identifier = policy_identifier if policy_qualifiers and not all( - map( - lambda x: isinstance(x, PolicyQualifierInfo), policy_qualifiers - ) + isinstance(x, PolicyQualifierInfo) for x in policy_qualifiers ): raise TypeError( "policy_qualifiers must be a list of PolicyQualifierInfo " @@ -558,7 +556,7 @@ class NoticeReference(object): def __init__(self, organization, notice_numbers): self._organization = organization if notice_numbers and not all( - map(lambda x: isinstance(x, int), notice_numbers) + isinstance(x, int) for x in notice_numbers ): raise TypeError( "notice_numbers must be a list of integers or None" -- cgit v1.2.3 From ba35b3ba85c374dfd0659992cae01255c530679d Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 10 May 2015 13:07:59 -0500 Subject: remove policyqualifierinfo object --- src/cryptography/x509.py | 30 +++++------------------------- 1 file changed, 5 insertions(+), 25 deletions(-) (limited to 'src') diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index eb7731fc..b559ae03 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -489,11 +489,13 @@ class PolicyInformation(object): self._policy_identifier = policy_identifier if policy_qualifiers and not all( - isinstance(x, PolicyQualifierInfo) for x in policy_qualifiers + isinstance( + x, (six.text_type, UserNotice) + ) for x in policy_qualifiers ): raise TypeError( - "policy_qualifiers must be a list of PolicyQualifierInfo " - "objects or None" + "policy_qualifiers must be a list of strings and/or UserNotice" + " objects or None" ) self._policy_qualifiers = policy_qualifiers @@ -508,28 +510,6 @@ class PolicyInformation(object): policy_qualifiers = utils.read_only_property("_policy_qualifiers") -class PolicyQualifierInfo(object): - def __init__(self, qualifier): - if not isinstance(qualifier, (six.string_types, UserNotice)): - raise ValueError("qualifier must be string or UserNotice") - - if isinstance(qualifier, six.string_types): - self._policy_qualifier_id = OID_CPS_QUALIFIER - else: - self._policy_qualifier_id = OID_CPS_USER_NOTICE - - self._qualifier = qualifier - - def __repr__(self): - return ( - "".format(self) - ) - - policy_qualifier_id = utils.read_only_property("_policy_qualifier_id") - qualifier = utils.read_only_property("_qualifier") - - class UserNotice(object): def __init__(self, notice_reference, explicit_text): if notice_reference and not isinstance( -- cgit v1.2.3 From 9aaef9e516ae1c54c79f07b0441c21c29f8aeb15 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 11 May 2015 10:49:20 -0500 Subject: use !r for explicit_text in NoticeReference repr --- src/cryptography/x509.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index b559ae03..02277658 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -525,7 +525,7 @@ class UserNotice(object): def __repr__(self): return ( "".format(self) + "{0.explicit_text!r})>".format(self) ) notice_reference = utils.read_only_property("_notice_reference") -- cgit v1.2.3 From 73be2ca86049fd15f1ab37d7201a9b32264402ab Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 11 May 2015 21:22:38 -0500 Subject: alter the repr a bit, pass unicode everywhere --- src/cryptography/x509.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 02277658..50fae716 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -546,7 +546,7 @@ class NoticeReference(object): def __repr__(self): return ( - "".format(self) ) -- cgit v1.2.3