diff options
| -rw-r--r-- | src/cryptography/x509.py | 18 | ||||
| -rw-r--r-- | tests/test_x509.py | 59 |
2 files changed, 42 insertions, 35 deletions
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 2ee1c3ef..c59de606 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1445,13 +1445,13 @@ class RevokedCertificate(object): class CertificateSigningRequestBuilder(object): - def __init__(self): + def __init__(self, version=Version.v1, subject_name=None, extensions=[]): """ Creates an empty X.509 certificate request (v1). """ self._version = Version.v1 - self._subject_name = None - self._extensions = [] + self._subject_name = subject_name + self._extensions = extensions[:] def set_version(self, version): """ @@ -1459,7 +1459,9 @@ class CertificateSigningRequestBuilder(object): """ if not isinstance(version, Version): raise TypeError('Expecting x509.Version object.') - self._version = version + return CertificateSigningRequestBuilder( + version, self._subject_name, self._extensions + ) def set_subject_name(self, name): """ @@ -1467,7 +1469,9 @@ class CertificateSigningRequestBuilder(object): """ if not isinstance(name, Name): raise TypeError('Expecting x509.Name object.') - self._subject_name = name + return CertificateSigningRequestBuilder( + self._version, name, self._extensions + ) def add_extension(self, extension): """ @@ -1478,7 +1482,9 @@ class CertificateSigningRequestBuilder(object): for e in self._extensions: if e.oid == extension.oid: raise ValueError('This extension has already been set.') - self._extensions.append(extension) + return CertificateSigningRequestBuilder( + self._version, self._subject_name, self._extensions + [extension] + ) def sign(self, backend, private_key, algorithm): """ diff --git a/tests/test_x509.py b/tests/test_x509.py index 85ef4b5c..981ad528 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -699,21 +699,21 @@ class TestCertificateSigningRequestBuilder(object): backend=backend, ) - builder = x509.CertificateSigningRequestBuilder() - builder.set_version(x509.Version.v3) - builder.set_subject_name(x509.Name([ + request = x509.CertificateSigningRequestBuilder().set_version( + x509.Version.v3 + ).set_subject_name(x509.Name([ x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), - ])) - builder.add_extension(x509.Extension( + ])).add_extension(x509.Extension( x509.OID_BASIC_CONSTRAINTS, True, x509.BasicConstraints(True, 2), - )) - request = builder.sign(backend, private_key, hashes.SHA1()) + )).sign( + backend, private_key, hashes.SHA1() + ) assert isinstance(request.signature_hash_algorithm, hashes.SHA1) public_key = request.public_key() @@ -740,21 +740,21 @@ class TestCertificateSigningRequestBuilder(object): backend=backend, ) - builder = x509.CertificateSigningRequestBuilder() - builder.set_version(x509.Version.v3) - builder.set_subject_name(x509.Name([ + request = x509.CertificateSigningRequestBuilder().set_version( + x509.Version.v3 + ).set_subject_name(x509.Name([ x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'PyCA'), x509.NameAttribute(x509.OID_COMMON_NAME, 'cryptography.io'), - ])) - builder.add_extension(x509.Extension( + ])).add_extension(x509.Extension( x509.OID_BASIC_CONSTRAINTS, True, x509.BasicConstraints(False, None), - )) - request = builder.sign(backend, private_key, hashes.SHA1()) + )).sign( + backend, private_key, hashes.SHA1() + ) assert isinstance(request.signature_hash_algorithm, hashes.SHA1) public_key = request.public_key() @@ -775,12 +775,13 @@ class TestCertificateSigningRequestBuilder(object): assert basic_constraints.value.path_length is None def test_add_duplicate_extension(self, backend): - builder = x509.CertificateSigningRequestBuilder() - builder.add_extension(x509.Extension( - x509.OID_BASIC_CONSTRAINTS, - True, - x509.BasicConstraints(True, 2), - )) + builder = x509.CertificateSigningRequestBuilder().add_extension( + x509.Extension( + x509.OID_BASIC_CONSTRAINTS, + True, + x509.BasicConstraints(True, 2), + ) + ) with pytest.raises(ValueError): builder.add_extension(x509.Extension( x509.OID_BASIC_CONSTRAINTS, @@ -809,15 +810,15 @@ class TestCertificateSigningRequestBuilder(object): key_size=2048, backend=backend, ) - builder = x509.CertificateSigningRequestBuilder() - builder.set_subject_name(x509.Name([ - x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), - x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), - ])) - builder.add_extension(x509.Extension( + builder = x509.CertificateSigningRequestBuilder().set_subject_name( + x509.Name([ + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'), + x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'), + x509.NameAttribute(x509.OID_ORGANIZATION_NAME, u'PyCA'), + x509.NameAttribute(x509.OID_COMMON_NAME, u'cryptography.io'), + ]) + ).add_extension(x509.Extension( x509.ObjectIdentifier('1.2.3.4'), False, 'value', |