Allow any OID for access_method, validate OIDs at creation time, fix tests.

2 files changed, 9 insertions, 5 deletions

diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index 46ba5a28..017e0989 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -238,11 +238,8 @@ class AuthorityInformationAccess(object):
 
 class AccessDescription(object):
     def __init__(self, access_method, access_location):
-        if not (access_method == AuthorityInformationAccessOID.OCSP or
-                access_method == AuthorityInformationAccessOID.CA_ISSUERS):
-            raise ValueError(
-                "access_method must be OID_OCSP or OID_CA_ISSUERS"
-            )
+        if not isinstance(access_method, ObjectIdentifier):
+          raise TypeError("access_method must be an ObjectIdentifier")
 
         if not isinstance(access_location, GeneralName):
             raise TypeError("access_location must be a GeneralName")
diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py
index ead40169..977d770f 100644
--- a/src/cryptography/x509/oid.py
+++ b/src/cryptography/x509/oid.py
@@ -12,6 +12,13 @@ class ObjectIdentifier(object):
     def __init__(self, dotted_string):
         self._dotted_string = dotted_string
 
+        # Basic validation for being well-formed
+        for part in self._dotted_string.split("."):
+            try:
+                val = int(part, 0)
+            except ValueError:
+                raise ValueError("Malformed OID: %s" % (self._dotted_string))
+
     def __eq__(self, other):
         if not isinstance(other, ObjectIdentifier):
             return NotImplemented