aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2015-05-04 17:35:47 -0500
committerPaul Kehrer <paul.l.kehrer@gmail.com>2015-05-04 22:10:51 -0500
commita147699cabf935b0c770d5c72fb8d2305737d66a (patch)
tree9f0ea62b9fa6dacd0aa14ff81f5dcad09aaef580 /src
parentcfbbc30f00ec335e441b24762eeb3f31a01f7404 (diff)
downloadcryptography-a147699cabf935b0c770d5c72fb8d2305737d66a.tar.gz
cryptography-a147699cabf935b0c770d5c72fb8d2305737d66a.tar.bz2
cryptography-a147699cabf935b0c770d5c72fb8d2305737d66a.zip
add support for authority information access in the openssl backend
Diffstat (limited to 'src')
-rw-r--r--src/cryptography/hazmat/backends/openssl/x509.py23
-rw-r--r--src/cryptography/hazmat/bindings/openssl/x509v3.py14
2 files changed, 37 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index c6b85c9f..42ca138d 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -271,6 +271,8 @@ class _Certificate(object):
value = self._build_extended_key_usage(ext)
elif oid == x509.OID_AUTHORITY_KEY_IDENTIFIER:
value = self._build_authority_key_identifier(ext)
+ elif oid == x509.OID_AUTHORITY_INFORMATION_ACCESS:
+ value = self._build_authority_information_access(ext)
elif critical:
raise x509.UnsupportedExtension(
"{0} is not currently supported".format(oid), oid
@@ -362,6 +364,27 @@ class _Certificate(object):
key_identifier, authority_cert_issuer, authority_cert_serial_number
)
+ def _build_authority_information_access(self, ext):
+ aia = self._backend._lib.X509V3_EXT_d2i(ext)
+ assert aia != self._backend._ffi.NULL
+ aia = self._backend._ffi.cast(
+ "Cryptography_STACK_OF_ACCESS_DESCRIPTION *", aia
+ )
+ aia = self._backend._ffi.gc(
+ aia, self._backend._lib.sk_ACCESS_DESCRIPTION_free
+ )
+ num = self._backend._lib.sk_ACCESS_DESCRIPTION_num(aia)
+ access_descriptions = []
+ for i in range(num):
+ ad = self._backend._lib.sk_ACCESS_DESCRIPTION_value(aia, i)
+ assert ad.method != self._backend._ffi.NULL
+ oid = x509.ObjectIdentifier(_obj2txt(self._backend, ad.method))
+ assert ad.location != self._backend._ffi.NULL
+ gn = _build_general_name(self._backend, ad.location)
+ access_descriptions.append(x509.AccessDescription(oid, gn))
+
+ return x509.AuthorityInformationAccess(access_descriptions)
+
def _build_key_usage(self, ext):
bit_string = self._backend._lib.X509V3_EXT_d2i(ext)
assert bit_string != self._backend._ffi.NULL
diff --git a/src/cryptography/hazmat/bindings/openssl/x509v3.py b/src/cryptography/hazmat/bindings/openssl/x509v3.py
index 311261f0..c2b6860f 100644
--- a/src/cryptography/hazmat/bindings/openssl/x509v3.py
+++ b/src/cryptography/hazmat/bindings/openssl/x509v3.py
@@ -19,9 +19,12 @@ typedef LHASH_OF(CONF_VALUE) Cryptography_LHASH_OF_CONF_VALUE;
#else
typedef LHASH Cryptography_LHASH_OF_CONF_VALUE;
#endif
+typedef STACK_OF(ACCESS_DESCRIPTION) Cryptography_STACK_OF_ACCESS_DESCRIPTION;
"""
TYPES = """
+typedef ... Cryptography_STACK_OF_ACCESS_DESCRIPTION;
+
typedef struct {
X509 *issuer_cert;
X509 *subject_cert;
@@ -92,6 +95,11 @@ typedef struct {
ASN1_INTEGER *serial;
} AUTHORITY_KEYID;
+typedef struct {
+ ASN1_OBJECT *method;
+ GENERAL_NAME *location;
+} ACCESS_DESCRIPTION;
+
typedef ... Cryptography_LHASH_OF_CONF_VALUE;
"""
@@ -117,6 +125,12 @@ int sk_GENERAL_NAME_num(struct stack_st_GENERAL_NAME *);
int sk_GENERAL_NAME_push(struct stack_st_GENERAL_NAME *, GENERAL_NAME *);
GENERAL_NAME *sk_GENERAL_NAME_value(struct stack_st_GENERAL_NAME *, int);
+int sk_ACCESS_DESCRIPTION_num(Cryptography_STACK_OF_ACCESS_DESCRIPTION *);
+ACCESS_DESCRIPTION *sk_ACCESS_DESCRIPTION_value(
+ Cryptography_STACK_OF_ACCESS_DESCRIPTION *, int
+);
+void sk_ACCESS_DESCRIPTION_free(Cryptography_STACK_OF_ACCESS_DESCRIPTION *);
+
X509_EXTENSION *X509V3_EXT_conf_nid(Cryptography_LHASH_OF_CONF_VALUE *,
X509V3_CTX *, int, char *);
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-15 09:58:46 +0000