From 8802a5bae7138d10c289361e5204fb1ea72fc099 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Fri, 13 Feb 2015 12:06:57 -0600
Subject: implement signature_hash_algorithm instead

---
 src/cryptography/hazmat/backends/openssl/x509.py | 12 +++++++++++-
 src/cryptography/x509.py                         | 23 ++++++++++++++++++++---
 2 files changed, 31 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index a3dddc49..989a9dd7 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -16,6 +16,7 @@ from __future__ import absolute_import, division, print_function
 import datetime
 
 from cryptography import utils, x509
+from cryptography.exceptions import UnsupportedAlgorithm
 from cryptography.hazmat.primitives import hashes
 
 
@@ -138,7 +139,16 @@ class _Certificate(object):
         return x509.Name(attributes)
 
     @property
-    def signature_algorithm(self):
+    def signature_hash_algorithm(self):
+        oid = self._signature_algorithm()
+        try:
+            return x509._SIG_OIDS_TO_HASH[oid.dotted_string]
+        except KeyError:
+            raise UnsupportedAlgorithm(
+                "Signature algorithm {0} not recognized".format(oid)
+            )
+
+    def _signature_algorithm(self):
         buf_len = 50
         buf = self._backend._ffi.new("char[]", buf_len)
         res = self._backend._lib.OBJ_obj2txt(
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index c4d87bb7..c6ce61d1 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -10,6 +10,7 @@ from enum import Enum
 import six
 
 from cryptography import utils
+from cryptography.hazmat.primitives import hashes
 
 
 _OID_NAMES = {
@@ -170,6 +171,22 @@ OID_DSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10040.4.3")
 OID_DSA_WITH_SHA224 = ObjectIdentifier("2.16.840.1.101.3.4.3.1")
 OID_DSA_WITH_SHA256 = ObjectIdentifier("2.16.840.1.101.3.4.3.2")
 
+_SIG_OIDS_TO_HASH = {
+    "1.2.840.113549.1.1.4": hashes.MD5(),
+    "1.2.840.113549.1.1.5": hashes.SHA1(),
+    "1.2.840.113549.1.1.14": hashes.SHA224(),
+    "1.2.840.113549.1.1.11": hashes.SHA256(),
+    "1.2.840.113549.1.1.12": hashes.SHA384(),
+    "1.2.840.113549.1.1.13": hashes.SHA512(),
+    "1.2.840.10045.4.3.1": hashes.SHA224(),
+    "1.2.840.10045.4.3.2": hashes.SHA256(),
+    "1.2.840.10045.4.3.3": hashes.SHA384(),
+    "1.2.840.10045.4.3.4": hashes.SHA512(),
+    "1.2.840.10040.4.3": hashes.SHA1(),
+    "2.16.840.1.101.3.4.3.1": hashes.SHA224(),
+    "2.16.840.1.101.3.4.3.2": hashes.SHA256()
+}
+
 
 @six.add_metaclass(abc.ABCMeta)
 class Certificate(object):
@@ -222,8 +239,8 @@ class Certificate(object):
         """
 
     @abc.abstractproperty
-    def signature_algorithm(self):
+    def signature_hash_algorithm(self):
         """
-        Returns an ObjectIdentifier corresponding to the signature algorithm of
-        the certificate.
+        Returns a HashAlgorithm corresponding to the type of the digest signed
+        in the certificate.
         """
-- 
cgit v1.2.3