diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-10 19:15:56 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-10 19:15:56 -0500 |
| commit | 6fb217234a596e882487cab8a1df05e0b2990ca0 (patch) | |
| tree | bfa4e7f3695296290c509dd61ddf25dcc669a744 /src | |
| parent | fca629c1c6eff5357fce52505947834cc7f4d277 (diff) | |
| download | cryptography-6fb217234a596e882487cab8a1df05e0b2990ca0.tar.gz cryptography-6fb217234a596e882487cab8a1df05e0b2990ca0.tar.bz2 cryptography-6fb217234a596e882487cab8a1df05e0b2990ca0.zip | |
switch the openssl backend to use the OID namespace
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 23 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 31 |
2 files changed, 28 insertions, 26 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 3866c0d4..9eae69c7 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -53,6 +53,7 @@ from cryptography.hazmat.primitives.ciphers.algorithms import ( from cryptography.hazmat.primitives.ciphers.modes import ( CBC, CFB, CFB8, CTR, ECB, GCM, OFB ) +from cryptography.x509.oid import ExtensionOID _MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"]) @@ -482,19 +483,19 @@ def _encode_crl_distribution_points(backend, crl_distribution_points): _EXTENSION_ENCODE_HANDLERS = { - x509.OID_BASIC_CONSTRAINTS: _encode_basic_constraints, - x509.OID_SUBJECT_KEY_IDENTIFIER: _encode_subject_key_identifier, - x509.OID_KEY_USAGE: _encode_key_usage, - x509.OID_SUBJECT_ALTERNATIVE_NAME: _encode_alt_name, - x509.OID_ISSUER_ALTERNATIVE_NAME: _encode_alt_name, - x509.OID_EXTENDED_KEY_USAGE: _encode_extended_key_usage, - x509.OID_AUTHORITY_KEY_IDENTIFIER: _encode_authority_key_identifier, - x509.OID_AUTHORITY_INFORMATION_ACCESS: ( + ExtensionOID.BASIC_CONSTRAINTS: _encode_basic_constraints, + ExtensionOID.SUBJECT_KEY_IDENTIFIER: _encode_subject_key_identifier, + ExtensionOID.KEY_USAGE: _encode_key_usage, + ExtensionOID.SUBJECT_ALTERNATIVE_NAME: _encode_alt_name, + ExtensionOID.ISSUER_ALTERNATIVE_NAME: _encode_alt_name, + ExtensionOID.EXTENDED_KEY_USAGE: _encode_extended_key_usage, + ExtensionOID.AUTHORITY_KEY_IDENTIFIER: _encode_authority_key_identifier, + ExtensionOID.AUTHORITY_INFORMATION_ACCESS: ( _encode_authority_information_access ), - x509.OID_CRL_DISTRIBUTION_POINTS: _encode_crl_distribution_points, - x509.OID_INHIBIT_ANY_POLICY: _encode_inhibit_any_policy, - x509.OID_OCSP_NO_CHECK: _encode_ocsp_nocheck, + ExtensionOID.CRL_DISTRIBUTION_POINTS: _encode_crl_distribution_points, + ExtensionOID.INHIBIT_ANY_POLICY: _encode_inhibit_any_policy, + ExtensionOID.OCSP_NO_CHECK: _encode_ocsp_nocheck, } diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 564b2680..e9af97f3 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -17,6 +17,7 @@ from six.moves import urllib_parse from cryptography import utils, x509 from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.primitives import hashes, serialization +from cryptography.x509.oid import CertificatePoliciesOID, ExtensionOID def _obj2txt(backend, obj): @@ -385,13 +386,13 @@ def _decode_certificate_policies(backend, cp): pqualid = x509.ObjectIdentifier( _obj2txt(backend, pqi.pqualid) ) - if pqualid == x509.OID_CPS_QUALIFIER: + if pqualid == CertificatePoliciesOID.CPS_QUALIFIER: cpsuri = backend._ffi.buffer( pqi.d.cpsuri.data, pqi.d.cpsuri.length )[:].decode('ascii') qualifiers.append(cpsuri) else: - assert pqualid == x509.OID_CPS_USER_NOTICE + assert pqualid == CertificatePoliciesOID.CPS_USER_NOTICE user_notice = _decode_user_notice( backend, pqi.d.usernotice ) @@ -756,21 +757,21 @@ class _CertificateSigningRequest(object): _EXTENSION_HANDLERS = { - x509.OID_BASIC_CONSTRAINTS: _decode_basic_constraints, - x509.OID_SUBJECT_KEY_IDENTIFIER: _decode_subject_key_identifier, - x509.OID_KEY_USAGE: _decode_key_usage, - x509.OID_SUBJECT_ALTERNATIVE_NAME: _decode_subject_alt_name, - x509.OID_EXTENDED_KEY_USAGE: _decode_extended_key_usage, - x509.OID_AUTHORITY_KEY_IDENTIFIER: _decode_authority_key_identifier, - x509.OID_AUTHORITY_INFORMATION_ACCESS: ( + ExtensionOID.BASIC_CONSTRAINTS: _decode_basic_constraints, + ExtensionOID.SUBJECT_KEY_IDENTIFIER: _decode_subject_key_identifier, + ExtensionOID.KEY_USAGE: _decode_key_usage, + ExtensionOID.SUBJECT_ALTERNATIVE_NAME: _decode_subject_alt_name, + ExtensionOID.EXTENDED_KEY_USAGE: _decode_extended_key_usage, + ExtensionOID.AUTHORITY_KEY_IDENTIFIER: _decode_authority_key_identifier, + ExtensionOID.AUTHORITY_INFORMATION_ACCESS: ( _decode_authority_information_access ), - x509.OID_CERTIFICATE_POLICIES: _decode_certificate_policies, - x509.OID_CRL_DISTRIBUTION_POINTS: _decode_crl_distribution_points, - x509.OID_OCSP_NO_CHECK: _decode_ocsp_no_check, - x509.OID_INHIBIT_ANY_POLICY: _decode_inhibit_any_policy, - x509.OID_ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name, - x509.OID_NAME_CONSTRAINTS: _decode_name_constraints, + ExtensionOID.CERTIFICATE_POLICIES: _decode_certificate_policies, + ExtensionOID.CRL_DISTRIBUTION_POINTS: _decode_crl_distribution_points, + ExtensionOID.OCSP_NO_CHECK: _decode_ocsp_no_check, + ExtensionOID.INHIBIT_ANY_POLICY: _decode_inhibit_any_policy, + ExtensionOID.ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name, + ExtensionOID.NAME_CONSTRAINTS: _decode_name_constraints, } |