diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-04-02 17:18:23 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-04-02 17:18:23 -0500 |
| commit | c053129791404f5f03df2c2243878f08352fb88d (patch) | |
| tree | d93bfd399e978e237af4c3a4b874b697a2f45a5f /src | |
| parent | 7209d3e2071d4e66e1da0c4c99e71c9bf5601b1a (diff) | |
| parent | 738407ba87472f7f474c164e2fd33ab037bab93f (diff) | |
| download | cryptography-c053129791404f5f03df2c2243878f08352fb88d.tar.gz cryptography-c053129791404f5f03df2c2243878f08352fb88d.tar.bz2 cryptography-c053129791404f5f03df2c2243878f08352fb88d.zip | |
Merge pull request #1802 from reaperhulk/x509-keyusage
add KeyUsage extension
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/x509.py | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 791d1ef0..63c8767d 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -266,6 +266,53 @@ class BasicConstraints(object): "path_length={0.path_length})>").format(self) +class KeyUsage(object): + def __init__(self, digital_signature, content_commitment, key_encipherment, + data_encipherment, key_agreement, key_cert_sign, crl_sign, + encipher_only, decipher_only): + if not key_agreement and (encipher_only or decipher_only): + raise ValueError( + "encipher_only and decipher_only can only be true when " + "key_agreement is true" + ) + + self._digital_signature = digital_signature + self._content_commitment = content_commitment + self._key_encipherment = key_encipherment + self._data_encipherment = data_encipherment + self._key_agreement = key_agreement + self._key_cert_sign = key_cert_sign + self._crl_sign = crl_sign + self._encipher_only = encipher_only + self._decipher_only = decipher_only + + digital_signature = utils.read_only_property("_digital_signature") + content_commitment = utils.read_only_property("_content_commitment") + key_encipherment = utils.read_only_property("_key_encipherment") + data_encipherment = utils.read_only_property("_data_encipherment") + key_agreement = utils.read_only_property("_key_agreement") + key_cert_sign = utils.read_only_property("_key_cert_sign") + crl_sign = utils.read_only_property("_crl_sign") + + @property + def encipher_only(self): + if not self.key_agreement: + raise ValueError( + "encipher_only is undefined unless key_agreement is true" + ) + else: + return self._encipher_only + + @property + def decipher_only(self): + if not self.key_agreement: + raise ValueError( + "decipher_only is undefined unless key_agreement is true" + ) + else: + return self._decipher_only + + OID_COMMON_NAME = ObjectIdentifier("2.5.4.3") OID_COUNTRY_NAME = ObjectIdentifier("2.5.4.6") OID_LOCALITY_NAME = ObjectIdentifier("2.5.4.7") |