From 0d943bbd2d239db90bfea61fdcd94bb87adfeb83 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 5 Jan 2016 19:02:32 -0600 Subject: refactor the init validation of AuthorityKeyIdentifier Fixes #2640 --- src/cryptography/x509/extensions.py | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) (limited to 'src') diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index f7b5d7f5..3e6fc3b3 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -155,25 +155,28 @@ class AuthorityKeyIdentifier(object): def __init__(self, key_identifier, authority_cert_issuer, authority_cert_serial_number): - if authority_cert_issuer or authority_cert_serial_number: - if not authority_cert_issuer or not authority_cert_serial_number: - raise ValueError( - "authority_cert_issuer and authority_cert_serial_number " - "must both be present or both None" - ) + if (authority_cert_issuer is None) != ( + authority_cert_serial_number is None + ): + raise ValueError( + "authority_cert_issuer and authority_cert_serial_number " + "must both be present or both None" + ) - if not all( - isinstance(x, GeneralName) for x in authority_cert_issuer - ): - raise TypeError( - "authority_cert_issuer must be a list of GeneralName " - "objects" - ) + if authority_cert_issuer is not None and not all( + isinstance(x, GeneralName) for x in authority_cert_issuer + ): + raise TypeError( + "authority_cert_issuer must be a list of GeneralName " + "objects" + ) - if not isinstance(authority_cert_serial_number, six.integer_types): - raise TypeError( - "authority_cert_serial_number must be an integer" - ) + if authority_cert_serial_number is not None and not isinstance( + authority_cert_serial_number, six.integer_types + ): + raise TypeError( + "authority_cert_serial_number must be an integer" + ) self._key_identifier = key_identifier self._authority_cert_issuer = authority_cert_issuer -- cgit v1.2.3