diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-05-09 19:46:13 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-05-09 19:46:13 -0500 |
| commit | 3fd0260a3dd110d99c0174c3937aa3d86b0d9ba0 (patch) | |
| tree | 20a7d72dff19761a5dc4498d713f8285e02e4113 | |
| parent | f2c072bf271f1ae0081a58fdf232110cc5af815d (diff) | |
| download | cryptography-3fd0260a3dd110d99c0174c3937aa3d86b0d9ba0.tar.gz cryptography-3fd0260a3dd110d99c0174c3937aa3d86b0d9ba0.tar.bz2 cryptography-3fd0260a3dd110d99c0174c3937aa3d86b0d9ba0.zip | |
switch reasons to frozenset
| -rw-r--r-- | docs/x509.rst | 2 | ||||
| -rw-r--r-- | src/cryptography/x509.py | 6 | ||||
| -rw-r--r-- | tests/test_x509_ext.py | 78 |
3 files changed, 46 insertions, 40 deletions
diff --git a/docs/x509.rst b/docs/x509.rst index f9992e20..86673e3b 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -835,7 +835,7 @@ X.509 Extensions .. attribute:: reasons - :type: list of :class:`ReasonFlags` or None + :type: frozenset of :class:`ReasonFlags` or None The reasons a given distribution point may be used for when performing revocation checks. diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index cee0cc39..dfc0af8c 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -536,10 +536,10 @@ class DistributionPoint(object): "crl_issuer must be None or a list of general names" ) - if reasons and not all( + if reasons and (not isinstance(reasons, frozenset) or not all( isinstance(x, ReasonFlags) for x in reasons - ): - raise TypeError("reasons must be None or list of ReasonFlags") + )): + raise TypeError("reasons must be None or frozenset of ReasonFlags") if reasons and ( ReasonFlags.unspecified in reasons or diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index e0858c76..a18a443b 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1342,7 +1342,16 @@ class TestDistributionPoint(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, - ["notreasonflags"], + frozenset(["notreasonflags"]), + None + ) + + def test_reason_not_frozenset(self): + with pytest.raises(TypeError): + x509.DistributionPoint( + [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], + None, + [x509.ReasonFlags.ca_compromise], None ) @@ -1351,7 +1360,7 @@ class TestDistributionPoint(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, - [x509.ReasonFlags.unspecified], + frozenset([x509.ReasonFlags.unspecified]), None ) @@ -1359,7 +1368,7 @@ class TestDistributionPoint(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, - [x509.ReasonFlags.remove_from_crl], + frozenset([x509.ReasonFlags.remove_from_crl]), None ) @@ -1368,7 +1377,7 @@ class TestDistributionPoint(object): x509.DistributionPoint( None, None, - [x509.ReasonFlags.aa_compromise], + frozenset([x509.ReasonFlags.aa_compromise]), None ) @@ -1376,7 +1385,7 @@ class TestDistributionPoint(object): dp = x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, - [x509.ReasonFlags.superseded], + frozenset([x509.ReasonFlags.superseded]), [ x509.DirectoryName( x509.Name([ @@ -1390,7 +1399,7 @@ class TestDistributionPoint(object): dp2 = x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, - [x509.ReasonFlags.superseded], + frozenset([x509.ReasonFlags.superseded]), [ x509.DirectoryName( x509.Name([ @@ -1407,9 +1416,7 @@ class TestDistributionPoint(object): dp = x509.DistributionPoint( [x509.UniformResourceIdentifier(u"http://crypt.og/crl")], None, - [ - x509.ReasonFlags.superseded, - ], + frozenset([x509.ReasonFlags.superseded]), [ x509.DirectoryName( x509.Name([ @@ -1435,10 +1442,10 @@ class TestDistributionPoint(object): x509.Name([ x509.NameAttribute(x509.OID_COMMON_NAME, "myCN") ]), - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), [ x509.DirectoryName( x509.Name([ @@ -1452,10 +1459,11 @@ class TestDistributionPoint(object): assert repr(dp) == ( "<DistributionPoint(full_name=None, relative_name=<Name([<NameAtt" "ribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, val" - "ue='myCN')>])>, reasons=[<ReasonFlags.key_compromise: 'keyCompro" - "mise'>, <ReasonFlags.ca_compromise: 'cACompromise'>], crl_issuer" - "=[<DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentifi" - "er(oid=2.5.4.3, name=commonName)>, value='Important CA')>])>)>])>" + "ue='myCN')>])>, reasons=frozenset([<ReasonFlags.key_compromise: " + "'keyCompromise'>, <ReasonFlags.ca_compromise: 'cACompromise'>])," + " crl_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Obj" + "ectIdentifier(oid=2.5.4.3, name=commonName)>, value='Important C" + "A')>])>)>])>" ) @@ -1475,10 +1483,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), None ), ]) @@ -1493,10 +1501,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), None ), ] @@ -1506,18 +1514,18 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), None ), ]) assert repr(cdp) == ( "<CRLDistributionPoints([<DistributionPoint(full_name=[<UniformRes" "ourceIdentifier(value=ftp://domain)>], relative_name=None, reason" - "s=[<ReasonFlags.key_compromise: 'keyCompromise'>, <ReasonFlags.ca" - "_compromise: 'cACompromise'>], crl_issuer=None)>])>" + "s=frozenset([<ReasonFlags.key_compromise: 'keyCompromise'>, <Reas" + "onFlags.ca_compromise: 'cACompromise'>]), crl_issuer=None)>])>" ) def test_eq(self): @@ -1525,10 +1533,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) @@ -1536,10 +1544,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) @@ -1550,10 +1558,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) @@ -1561,10 +1569,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain2")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) @@ -1572,9 +1580,7 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ - x509.ReasonFlags.key_compromise, - ], + frozenset([x509.ReasonFlags.key_compromise]), [x509.UniformResourceIdentifier(u"uri://thing")], ), ]) @@ -1582,10 +1588,10 @@ class TestCRLDistributionPoints(object): x509.DistributionPoint( [x509.UniformResourceIdentifier(u"ftp://domain")], None, - [ + frozenset([ x509.ReasonFlags.key_compromise, x509.ReasonFlags.ca_compromise, - ], + ]), [x509.UniformResourceIdentifier(u"uri://thing2")], ), ]) |