simplify the CSRBuilder

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-08-08 22:50:19 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-08-08 22:52:28 -0500
commit: e59fd22f572ed8cabb8ae304aa1969e1922f833f (patch)
tree: f237a8349dc88af65133b74a9f264e023373b0e2
parent: 08f950e7ab86da8687b5ad7a12153e766284a76a (diff)
download: cryptography-e59fd22f572ed8cabb8ae304aa1969e1922f833f.tar.gz
cryptography-e59fd22f572ed8cabb8ae304aa1969e1922f833f.tar.bz2
cryptography-e59fd22f572ed8cabb8ae304aa1969e1922f833f.zip
3 files changed, 15 insertions, 32 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index faa3ee55..2712abcb 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1193,15 +1193,10 @@ class Backend(object):
             self._lib.sk_X509_EXTENSION_free,
         )
         for extension in builder._extensions:
-            if isinstance(extension.value, x509.BasicConstraints):
-                pp, r = _encode_basic_constraints(self, extension.value)
-            elif isinstance(extension.value, x509.SubjectAlternativeName):
-                pp, r = _encode_subject_alt_name(self, extension.value)
-            elif isinstance(extension.value, x509.KeyUsage):
-                pp, r = _encode_key_usage(self, extension.value)
-            elif isinstance(extension.value, x509.ExtendedKeyUsage):
-                pp, r = _encode_extended_key_usage(self, extension.value)
-            else:
+            try:
+                encode = _EXTENSION_ENCODE_HANDLERS[extension.oid]
+                pp, r = encode(self, extension.value)
+            except KeyError:
                 raise NotImplementedError('Extension not yet supported.')
 
             obj = _txt2obj_gc(self, extension.oid.dotted_string)
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 7b1de8b8..a1d0b2f9 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1665,20 +1665,11 @@ class CertificateSigningRequestBuilder(object):
         """
         Adds an X.509 extension to the certificate request.
         """
-        if isinstance(extension, BasicConstraints):
-            extension = Extension(OID_BASIC_CONSTRAINTS, critical, extension)
-        elif isinstance(extension, ExtendedKeyUsage):
-            extension = Extension(OID_EXTENDED_KEY_USAGE, critical, extension)
-        elif isinstance(extension, SubjectAlternativeName):
-            extension = Extension(
-                OID_SUBJECT_ALTERNATIVE_NAME, critical, extension
-            )
-        elif isinstance(extension, KeyUsage):
-            extension = Extension(OID_KEY_USAGE, critical, extension)
-        elif isinstance(extension, InhibitAnyPolicy):
-            extension = Extension(OID_INHIBIT_ANY_POLICY, critical, extension)
-        else:
-            raise NotImplementedError('Unsupported X.509 extension.')
+        if not isinstance(extension, ExtensionType):
+            raise TypeError("extension must be an ExtensionType")
+
+        extension = Extension(extension.oid, critical, extension)
+
         # TODO: This is quadratic in the number of extensions
         for e in self._extensions:
             if e.oid == extension.oid:
diff --git a/tests/test_x509.py b/tests/test_x509.py
index e0f8d574..26bd3cb8 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -1701,15 +1701,13 @@ class TestCertificateSigningRequestBuilder(object):
         with pytest.raises(TypeError):
             builder.subject_name('NotAName')
 
-    def test_add_unsupported_extension(self):
+    def test_add_invalid_extension_type(self):
         builder = x509.CertificateSigningRequestBuilder()
-        with pytest.raises(NotImplementedError):
-            builder.add_extension(
-                x509.AuthorityKeyIdentifier('keyid', None, None),
-                critical=False,
-            )
 
-    def test_add_unsupported_extension_in_backend(self, backend):
+        with pytest.raises(TypeError):
+            builder.add_extension(object(), False)
+
+    def test_add_unsupported_extension(self, backend):
         private_key = RSA_KEY_2048.private_key(backend)
         builder = x509.CertificateSigningRequestBuilder()
         builder = builder.subject_name(
@@ -1720,8 +1718,7 @@ class TestCertificateSigningRequestBuilder(object):
             x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]),
             critical=False,
         ).add_extension(
-            x509.InhibitAnyPolicy(0),
-            critical=False
+            x509.IssuerAlternativeName([x509.DNSName(u"crypto.io")]), False
         )
         with pytest.raises(NotImplementedError):
             builder.sign(private_key, hashes.SHA256(), backend)
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-08-08 22:50:19 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-08-08 22:52:28 -0500
commit	e59fd22f572ed8cabb8ae304aa1969e1922f833f (patch)
tree	f237a8349dc88af65133b74a9f264e023373b0e2
parent	08f950e7ab86da8687b5ad7a12153e766284a76a (diff)
download	cryptography-e59fd22f572ed8cabb8ae304aa1969e1922f833f.tar.gz cryptography-e59fd22f572ed8cabb8ae304aa1969e1922f833f.tar.bz2 cryptography-e59fd22f572ed8cabb8ae304aa1969e1922f833f.zip