From 74ce48c5d00e4846740d248a65d35b874f15afe2 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 30 Oct 2018 10:23:30 +0800
Subject: Add eq/ne/hash to PrecertificateSignedCertificateTimestamps (#4534)

* Add eq/ne/hash to PrecertificateSignedCertificateTimestamps

This requires adding it to SignedCertificateTimestamps as well

* slightly more consistent

* right, these need to be conditional

* compare by signature

* don't use private API
---
 src/cryptography/hazmat/backends/openssl/x509.py | 20 ++++++++++++++++++++
 src/cryptography/x509/extensions.py              | 15 +++++++++++++++
 2 files changed, 35 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index ad838b7f..ac1838c6 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -534,3 +534,23 @@ class _SignedCertificateTimestamp(object):
         # we only have precerts.
         assert entry_type == self._backend._lib.CT_LOG_ENTRY_TYPE_PRECERT
         return x509.certificate_transparency.LogEntryType.PRE_CERTIFICATE
+
+    @property
+    def _signature(self):
+        ptrptr = self._backend._ffi.new("unsigned char **")
+        res = self._backend._lib.SCT_get0_signature(self._sct, ptrptr)
+        self._backend.openssl_assert(res > 0)
+        self._backend.openssl_assert(ptrptr[0] != self._backend._ffi.NULL)
+        return self._backend._ffi.buffer(ptrptr[0], res)[:]
+
+    def __hash__(self):
+        return hash(self._signature)
+
+    def __eq__(self, other):
+        if not isinstance(other, _SignedCertificateTimestamp):
+            return NotImplemented
+
+        return self._signature == other._signature
+
+    def __ne__(self, other):
+        return not self == other
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index b2d9908e..6301af5a 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -1402,6 +1402,21 @@ class PrecertificateSignedCertificateTimestamps(object):
             )
         )
 
+    def __hash__(self):
+        return hash(tuple(self._signed_certificate_timestamps))
+
+    def __eq__(self, other):
+        if not isinstance(other, PrecertificateSignedCertificateTimestamps):
+            return NotImplemented
+
+        return (
+            self._signed_certificate_timestamps ==
+            other._signed_certificate_timestamps
+        )
+
+    def __ne__(self, other):
+        return not self == other
+
 
 @utils.register_interface(ExtensionType)
 class OCSPNonce(object):
-- 
cgit v1.2.3