diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-03-30 14:58:38 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-03-31 20:18:28 -0500 |
| commit | cecbbbaef4fd71250914afc54f553d469feaad58 (patch) | |
| tree | 43b8c2f6991b593d5463d8caeb0aab984b9ea21c /src | |
| parent | 7209d3e2071d4e66e1da0c4c99e71c9bf5601b1a (diff) | |
| download | cryptography-cecbbbaef4fd71250914afc54f553d469feaad58.tar.gz cryptography-cecbbbaef4fd71250914afc54f553d469feaad58.tar.bz2 cryptography-cecbbbaef4fd71250914afc54f553d469feaad58.zip | |
add keyusage extension
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/x509.py | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 791d1ef0..b48a04dd 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -266,6 +266,54 @@ class BasicConstraints(object): "path_length={0.path_length})>").format(self) +class KeyUsage(object): + def __init__(self, digital_signature, content_commitment, key_encipherment, + data_encipherment, key_agreement, key_cert_sign, crl_sign, + encipher_only, decipher_only): + if not key_agreement and (encipher_only or decipher_only): + raise ValueError( + "encipher_only and decipher_only can only be true when " + "key_agreement is true" + ) + + self._digital_signature = digital_signature + self._content_commitment = content_commitment + self._key_encipherment = key_encipherment + self._data_encipherment = data_encipherment + self._key_agreement = key_agreement + self._key_cert_sign = key_cert_sign + self._crl_sign = crl_sign + self._encipher_only = encipher_only + self._decipher_only = decipher_only + + digital_signature = utils.read_only_property("_digital_signature") + content_commitment = utils.read_only_property("_content_commitment") + key_encipherment = utils.read_only_property("_key_encipherment") + data_encipherment = utils.read_only_property("_data_encipherment") + key_agreement = utils.read_only_property("_key_agreement") + key_cert_sign = utils.read_only_property("_key_cert_sign") + crl_sign = utils.read_only_property("_crl_sign") + + @property + def encipher_only(self): + if not self.key_agreement: + raise ValueError( + "encipher_only is undefined unless key_agreement is true" + ) + else: + return self._encipher_only + + @property + def decipher_only(self): + if not self.key_agreement: + raise ValueError( + "decipher_only is undefined unless key_agreement is true" + ) + else: + return self._decipher_only + + + OID_COMMON_NAME = ObjectIdentifier("2.5.4.3") OID_COUNTRY_NAME = ObjectIdentifier("2.5.4.6") OID_LOCALITY_NAME = ObjectIdentifier("2.5.4.7") |