diff options
-rw-r--r-- | src/cryptography/x509/extensions.py | 13 | ||||
-rw-r--r-- | tests/x509/test_x509_ext.py | 21 |
2 files changed, 34 insertions, 0 deletions
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index 44d5be94..01378b38 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -973,6 +973,19 @@ class NameConstraints(object): u"excluded_subtrees={0.excluded_subtrees})>".format(self) ) + def __hash__(self): + if self.permitted_subtrees is not None: + ps = tuple(self.permitted_subtrees) + else: + ps = None + + if self.excluded_subtrees is not None: + es = tuple(self.excluded_subtrees) + else: + es = None + + return hash((ps, es)) + permitted_subtrees = utils.read_only_property("_permitted_subtrees") excluded_subtrees = utils.read_only_property("_excluded_subtrees") diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py index 808b3681..6010e77d 100644 --- a/tests/x509/test_x509_ext.py +++ b/tests/x509/test_x509_ext.py @@ -3119,6 +3119,27 @@ class TestNameConstraints(object): assert nc != nc3 assert nc != object() + def test_hash(self): + nc = x509.NameConstraints( + permitted_subtrees=[x509.DNSName(b"name.local")], + excluded_subtrees=[x509.DNSName(b"name2.local")] + ) + nc2 = x509.NameConstraints( + permitted_subtrees=[x509.DNSName(b"name.local")], + excluded_subtrees=[x509.DNSName(b"name2.local")] + ) + nc3 = x509.NameConstraints( + permitted_subtrees=[x509.DNSName(b"name.local")], + excluded_subtrees=None + ) + nc4 = x509.NameConstraints( + permitted_subtrees=None, + excluded_subtrees=[x509.DNSName(b"name.local")] + ) + assert hash(nc) == hash(nc2) + assert hash(nc) != hash(nc3) + assert hash(nc3) != hash(nc4) + @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) |