diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2016-03-27 16:39:49 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-03-27 16:39:49 -0400 |
| commit | beb25516644666c058d6d4ee83a87148a06e78d0 (patch) | |
| tree | 6eac80727b10f47c8e2f09ae476db3adbe1a57f3 | |
| parent | fe9eaa66cea202880b35a77a18faa42838b18a16 (diff) | |
| download | cryptography-beb25516644666c058d6d4ee83a87148a06e78d0.tar.gz cryptography-beb25516644666c058d6d4ee83a87148a06e78d0.tar.bz2 cryptography-beb25516644666c058d6d4ee83a87148a06e78d0.zip | |
Fixes #2856 -- add a fast path to _key_identifier_from_public_key for RSA keys
| -rw-r--r-- | src/cryptography/x509/extensions.py | 42 |
1 files changed, 25 insertions, 17 deletions
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index 87d2de1c..b3c007cd 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -17,6 +17,7 @@ import six from cryptography import utils from cryptography.hazmat.primitives import constant_time, serialization +from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey from cryptography.x509.general_name import GeneralName, IPAddress, OtherName from cryptography.x509.name import Name from cryptography.x509.oid import ( @@ -32,23 +33,30 @@ class _SubjectPublicKeyInfo(univ.Sequence): def _key_identifier_from_public_key(public_key): - # This is a very slow way to do this. - serialized = public_key.public_bytes( - serialization.Encoding.DER, - serialization.PublicFormat.SubjectPublicKeyInfo - ) - spki, remaining = decoder.decode( - serialized, asn1Spec=_SubjectPublicKeyInfo() - ) - assert not remaining - # the univ.BitString object is a tuple of bits. We need bytes and - # pyasn1 really doesn't want to give them to us. To get it we'll - # build an integer and convert that to bytes. - bits = 0 - for bit in spki.getComponentByName("subjectPublicKey"): - bits = bits << 1 | bit - - data = utils.int_to_bytes(bits) + if isinstance(public_key, RSAPublicKey): + data = public_key.public_bytes( + serialization.Encoding.DER, + serialization.PublicFormat.PKCS1, + ) + else: + # This is a very slow way to do this. + serialized = public_key.public_bytes( + serialization.Encoding.DER, + serialization.PublicFormat.SubjectPublicKeyInfo + ) + spki, remaining = decoder.decode( + serialized, asn1Spec=_SubjectPublicKeyInfo() + ) + assert not remaining + # the univ.BitString object is a tuple of bits. We need bytes and + # pyasn1 really doesn't want to give them to us. To get it we'll + # build an integer and convert that to bytes. + bits = 0 + for bit in spki.getComponentByName("subjectPublicKey"): + bits = bits << 1 | bit + + data = utils.int_to_bytes(bits) + return hashlib.sha1(data).digest() |