diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-04-02 19:31:03 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-04-12 09:31:26 -0400 |
| commit | 5508ee2b447f7cfcab619a309e4f370ff59ce9c7 (patch) | |
| tree | 53b653c6225b1d66a68b4a785c132e52659657c9 /src | |
| parent | d459a8a16c417e0db59de0a643aeb9079b45b9bb (diff) | |
| download | cryptography-5508ee2b447f7cfcab619a309e4f370ff59ce9c7.tar.gz cryptography-5508ee2b447f7cfcab619a309e4f370ff59ce9c7.tar.bz2 cryptography-5508ee2b447f7cfcab619a309e4f370ff59ce9c7.zip | |
keyusage support in the OpenSSL backend
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 5d47c5ea..13f57e84 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -14,7 +14,6 @@ from __future__ import absolute_import, division, print_function import datetime -import warnings from cryptography import utils, x509 from cryptography.exceptions import UnsupportedAlgorithm @@ -172,14 +171,8 @@ class _Certificate(object): value = self._build_basic_constraints(ext) elif oid == x509.OID_SUBJECT_KEY_IDENTIFIER: value = self._build_subject_key_identifier(ext) - elif oid == x509.OID_KEY_USAGE and critical: - # TODO: remove this obviously. - warnings.warn( - "Extension support is not fully implemented. A key usage " - "extension with the critical flag was seen and IGNORED." - ) - seen_oids.add(oid) - continue + elif oid == x509.OID_KEY_USAGE: + value = self._build_key_usage(ext) elif critical: raise x509.UnsupportedExtension( "{0} is not currently supported".format(oid), oid @@ -232,6 +225,32 @@ class _Certificate(object): self._backend._ffi.buffer(asn1_string.data, asn1_string.length)[:] ) + def _build_key_usage(self, ext): + bit_string = self._backend._lib.X509V3_EXT_d2i(ext) + assert bit_string != self._backend._ffi.NULL + bit_string = self._backend._ffi.cast("ASN1_BIT_STRING *", bit_string) + get_bit = self._backend._lib.ASN1_BIT_STRING_get_bit + digital_signature = get_bit(bit_string, 0) == 1 + content_commitment = get_bit(bit_string, 1) == 1 + key_encipherment = get_bit(bit_string, 2) == 1 + data_encipherment = get_bit(bit_string, 3) == 1 + key_agreement = get_bit(bit_string, 4) == 1 + key_cert_sign = get_bit(bit_string, 5) == 1 + crl_sign = get_bit(bit_string, 6) == 1 + encipher_only = get_bit(bit_string, 7) == 1 + decipher_only = get_bit(bit_string, 8) == 1 + return x509.KeyUsage( + digital_signature, + content_commitment, + key_encipherment, + data_encipherment, + key_agreement, + key_cert_sign, + crl_sign, + encipher_only, + decipher_only + ) + @utils.register_interface(x509.CertificateSigningRequest) class _CertificateSigningRequest(object): |