diff options
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index e5bf9726..cc805755 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -186,16 +186,17 @@ class _X509ExtensionParser(object): raise x509.DuplicateExtension( "Duplicate {0} extension found".format(oid), oid ) - for handler_oid, f in self.handlers: - if handler_oid == oid: - value = f(backend, ext) - extensions.append(x509.Extension(oid, critical, value)) - break - else: + try: + handler = self.handlers[oid] + except KeyError: if critical: raise x509.UnsupportedExtension( "{0} is not currently supported".format(oid), oid ) + else: + value = handler(backend, ext) + extensions.append(x509.Extension(oid, critical, value)) + seen_oids.add(oid) return x509.Extensions(extensions) @@ -712,29 +713,28 @@ class _CertificateSigningRequest(object): _CERTIFICATE_EXTENSION_PARSER = _X509ExtensionParser( ext_count=lambda backend, x: backend._lib.X509_get_ext_count(x), get_ext=lambda backend, x, i: backend._lib.X509_get_ext(x, i), - handlers=[ - (x509.OID_BASIC_CONSTRAINTS, _decode_basic_constraints), - (x509.OID_SUBJECT_KEY_IDENTIFIER, _decode_subject_key_identifier), - (x509.OID_KEY_USAGE, _decode_key_usage), - (x509.OID_SUBJECT_ALTERNATIVE_NAME, _decode_subject_alt_name), - (x509.OID_EXTENDED_KEY_USAGE, _decode_extended_key_usage), - (x509.OID_AUTHORITY_KEY_IDENTIFIER, _decode_authority_key_identifier), - ( - x509.OID_AUTHORITY_INFORMATION_ACCESS, + handlers={ + x509.OID_BASIC_CONSTRAINTS: _decode_basic_constraints, + x509.OID_SUBJECT_KEY_IDENTIFIER: _decode_subject_key_identifier, + x509.OID_KEY_USAGE: _decode_key_usage, + x509.OID_SUBJECT_ALTERNATIVE_NAME: _decode_subject_alt_name, + x509.OID_EXTENDED_KEY_USAGE: _decode_extended_key_usage, + x509.OID_AUTHORITY_KEY_IDENTIFIER: _decode_authority_key_identifier, + x509.OID_AUTHORITY_INFORMATION_ACCESS: ( _decode_authority_information_access ), - (x509.OID_CERTIFICATE_POLICIES, _decode_certificate_policies), - (x509.OID_CRL_DISTRIBUTION_POINTS, _decode_crl_distribution_points), - (x509.OID_OCSP_NO_CHECK, _decode_ocsp_no_check), - (x509.OID_INHIBIT_ANY_POLICY, _decode_inhibit_any_policy), - (x509.OID_ISSUER_ALTERNATIVE_NAME, _decode_issuer_alt_name), - ] + x509.OID_CERTIFICATE_POLICIES: _decode_certificate_policies, + x509.OID_CRL_DISTRIBUTION_POINTS: _decode_crl_distribution_points, + x509.OID_OCSP_NO_CHECK: _decode_ocsp_no_check, + x509.OID_INHIBIT_ANY_POLICY: _decode_inhibit_any_policy, + x509.OID_ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name, + } ) _CSR_EXTENSION_PARSER = _X509ExtensionParser( ext_count=lambda backend, x: backend._lib.sk_X509_EXTENSION_num(x), get_ext=lambda backend, x, i: backend._lib.sk_X509_EXTENSION_value(x, i), - handlers=[ - (x509.OID_BASIC_CONSTRAINTS, _decode_basic_constraints), - ] + handlers={ + x509.OID_BASIC_CONSTRAINTS: _decode_basic_constraints, + } ) |