diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-05-12 23:27:32 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-05-13 08:55:47 -0500 |
| commit | 594a2edf1ead6b7ce3f4e217bada30f2f323dc36 (patch) | |
| tree | 56353aac74cafca601b1746005734f4ecb7974e8 /src | |
| parent | 9a10d59aaaf805a2aecef40df5338d2fc0602be9 (diff) | |
| download | cryptography-594a2edf1ead6b7ce3f4e217bada30f2f323dc36.tar.gz cryptography-594a2edf1ead6b7ce3f4e217bada30f2f323dc36.tar.bz2 cryptography-594a2edf1ead6b7ce3f4e217bada30f2f323dc36.zip | |
change approach for parsing CDP reason flags
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 43 |
1 files changed, 25 insertions, 18 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 7f487d35..07e54baa 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -28,18 +28,6 @@ from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.primitives import hashes -_REASONFLAGS_ENUM_MAPPING = { - 1: x509.ReasonFlags.key_compromise, - 2: x509.ReasonFlags.ca_compromise, - 3: x509.ReasonFlags.affiliation_changed, - 4: x509.ReasonFlags.superseded, - 5: x509.ReasonFlags.cessation_of_operation, - 6: x509.ReasonFlags.certificate_hold, - 7: x509.ReasonFlags.privilege_withdrawn, - 8: x509.ReasonFlags.aa_compromise -} - - def _obj2txt(backend, obj): # Set to 80 on the recommendation of # https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values @@ -551,7 +539,6 @@ class _Certificate(object): reasons = None cdp = self._backend._lib.sk_DIST_POINT_value(cdps, i) if cdp.reasons != self._backend._ffi.NULL: - reasons = [] # We will check each bit from RFC 5280 # ReasonFlags ::= BIT STRING { # unused (0), @@ -563,11 +550,31 @@ class _Certificate(object): # certificateHold (6), # privilegeWithdrawn (7), # aACompromise (8) } - for bit in range(1, 9): - if self._backend._lib.ASN1_BIT_STRING_get_bit( - cdp.reasons, bit - ): - reasons.append(_REASONFLAGS_ENUM_MAPPING[bit]) + reasons = [] + get_bit = self._backend._lib.ASN1_BIT_STRING_get_bit + if get_bit(cdp.reasons, 1): + reasons.append(x509.ReasonFlags.key_compromise) + + if get_bit(cdp.reasons, 2): + reasons.append(x509.ReasonFlags.ca_compromise) + + if get_bit(cdp.reasons, 3): + reasons.append(x509.ReasonFlags.affiliation_changed) + + if get_bit(cdp.reasons, 4): + reasons.append(x509.ReasonFlags.superseded) + + if get_bit(cdp.reasons, 5): + reasons.append(x509.ReasonFlags.cessation_of_operation) + + if get_bit(cdp.reasons, 6): + reasons.append(x509.ReasonFlags.certificate_hold) + + if get_bit(cdp.reasons, 7): + reasons.append(x509.ReasonFlags.privilege_withdrawn) + + if get_bit(cdp.reasons, 8): + reasons.append(x509.ReasonFlags.aa_compromise) reasons = frozenset(reasons) |