Merge pull request #2525 from nbastin/20151112-access-method

issue-2524
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-12-20 12:07:02 -0600
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-12-20 12:07:02 -0600
commit: 45b8752fd2e7c40dcdbe655461815206d3372baf (patch)
tree: 0cd97e7f01345cf128c1658bec3f8425c4f5d289
parent: fc504fee938a5223e790e4c221c20177bca6aa14 (diff)
parent: 7b0c6940cf95c0444b192c3864f8b85f343b011e (diff)
download: cryptography-45b8752fd2e7c40dcdbe655461815206d3372baf.tar.gz
cryptography-45b8752fd2e7c40dcdbe655461815206d3372baf.tar.bz2
cryptography-45b8752fd2e7c40dcdbe655461815206d3372baf.zip
3 files changed, 43 insertions, 11 deletions
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index 46ba5a28..71ce8a15 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -18,9 +18,7 @@ from cryptography import utils
 from cryptography.hazmat.primitives import constant_time, serialization
 from cryptography.x509.general_name import GeneralName, IPAddress, OtherName
 from cryptography.x509.name import Name
-from cryptography.x509.oid import (
-    AuthorityInformationAccessOID, ExtensionOID, ObjectIdentifier
-)
+from cryptography.x509.oid import ExtensionOID, ObjectIdentifier
 
 
 class _SubjectPublicKeyInfo(univ.Sequence):
@@ -238,11 +236,8 @@ class AuthorityInformationAccess(object):
 
 class AccessDescription(object):
     def __init__(self, access_method, access_location):
-        if not (access_method == AuthorityInformationAccessOID.OCSP or
-                access_method == AuthorityInformationAccessOID.CA_ISSUERS):
-            raise ValueError(
-                "access_method must be OID_OCSP or OID_CA_ISSUERS"
-            )
+        if not isinstance(access_method, ObjectIdentifier):
+            raise TypeError("access_method must be an ObjectIdentifier")
 
         if not isinstance(access_location, GeneralName):
             raise TypeError("access_location must be a GeneralName")
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 67066f04..1a4c484b 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -1295,6 +1295,36 @@ class TestCertificateBuilder(object):
 
     @pytest.mark.requires_backend_interface(interface=RSABackend)
     @pytest.mark.requires_backend_interface(interface=X509Backend)
+    def test_encode_nonstandard_aia(self, backend):
+        private_key = RSA_KEY_2048.private_key(backend)
+
+        aia = x509.AuthorityInformationAccess([
+            x509.AccessDescription(
+                x509.ObjectIdentifier("2.999.7"),
+                x509.UniformResourceIdentifier(u"http://example.com")
+            ),
+        ])
+
+        builder = x509.CertificateBuilder().subject_name(x509.Name([
+            x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
+        ])).issuer_name(x509.Name([
+            x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
+        ])).public_key(
+            private_key.public_key()
+        ).serial_number(
+            777
+        ).not_valid_before(
+            datetime.datetime(1999, 1, 1)
+        ).not_valid_after(
+            datetime.datetime(2020, 1, 1)
+        ).add_extension(
+            aia, False
+        )
+
+        builder.sign(private_key, hashes.SHA256(), backend)
+
+    @pytest.mark.requires_backend_interface(interface=RSABackend)
+    @pytest.mark.requires_backend_interface(interface=X509Backend)
     def test_no_subject_name(self, backend):
         subject_private_key = RSA_KEY_2048.private_key(backend)
         builder = x509.CertificateBuilder().serial_number(
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 751de08d..83145cd0 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -18,8 +18,8 @@ from cryptography.hazmat.backends.interfaces import (
 )
 from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.x509.oid import (
-    AuthorityInformationAccessOID, ExtendedKeyUsageOID,
-    ExtensionOID, NameOID
+    AuthorityInformationAccessOID, ExtendedKeyUsageOID, ExtensionOID,
+    NameOID, ObjectIdentifier
 )
 
 from .hazmat.primitives.test_ec import _skip_curve_unsupported
@@ -1861,7 +1861,7 @@ class TestExtendedKeyUsageExtension(object):
 
 class TestAccessDescription(object):
     def test_invalid_access_method(self):
-        with pytest.raises(ValueError):
+        with pytest.raises(TypeError):
             x509.AccessDescription("notanoid", x509.DNSName(u"test"))
 
     def test_invalid_access_location(self):
@@ -1870,6 +1870,13 @@ class TestAccessDescription(object):
                 AuthorityInformationAccessOID.CA_ISSUERS, "invalid"
             )
 
+    def test_valid_nonstandard_method(self):
+        ad = x509.AccessDescription(
+            ObjectIdentifier("2.999.1"),
+            x509.UniformResourceIdentifier(u"http://example.com")
+        )
+        assert ad is not None
+
     def test_repr(self):
         ad = x509.AccessDescription(
             AuthorityInformationAccessOID.OCSP,
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-12-20 12:07:02 -0600
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-12-20 12:07:02 -0600
commit	45b8752fd2e7c40dcdbe655461815206d3372baf (patch)
tree	0cd97e7f01345cf128c1658bec3f8425c4f5d289
parent	fc504fee938a5223e790e4c221c20177bca6aa14 (diff)
parent	7b0c6940cf95c0444b192c3864f8b85f343b011e (diff)
download	cryptography-45b8752fd2e7c40dcdbe655461815206d3372baf.tar.gz cryptography-45b8752fd2e7c40dcdbe655461815206d3372baf.tar.bz2 cryptography-45b8752fd2e7c40dcdbe655461815206d3372baf.zip