From 7e8fe9df4328f0d3134a502b5d3bc05435de7e6e Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 18 May 2015 09:53:47 -0700
Subject: add policy constraints class

---
 src/cryptography/x509/extensions.py | 54 +++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index db55789e..ba9cb373 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -489,6 +489,60 @@ class ReasonFlags(Enum):
     remove_from_crl = "removeFromCRL"
 
 
+@utils.register_interface(ExtensionType)
+class PolicyConstraints(object):
+    def __init__(self, require_explicit_policy, inhibit_policy_mapping):
+        if require_explicit_policy is not None and not isinstance(
+            require_explicit_policy, six.integer_types
+        ):
+            raise TypeError(
+                "require_explicit_policy must be a non-negative integer or "
+                "None"
+            )
+
+        if inhibit_policy_mapping is not None and not isinstance(
+            inhibit_policy_mapping, six.integer_types
+        ):
+            raise TypeError(
+                "inhibit_policy_mapping must be a non-negative integer or None"
+            )
+
+        if inhibit_policy_mapping is None and require_explicit_policy is None:
+            raise ValueError(
+                "At least one of require_explicit_policy and "
+                "inhibit_policy_mapping must not be None"
+            )
+
+        self._require_explicit_policy = require_explicit_policy
+        self._inhibit_policy_mapping = inhibit_policy_mapping
+
+    def __repr__(self):
+        return (
+            u"<PolicyConstraints(require_explicit_policy={0.require_explicit"
+            u"_policy}, inhibit_policy_mapping={0.inhibit_policy_"
+            u"mapping})>".format(self)
+        )
+
+    def __eq__(self, other):
+        if not isinstance(other, PolicyConstraints):
+            return NotImplemented
+
+        return (
+            self.require_explicit_policy == other.require_explicit_policy and
+            self.inhibit_policy_mapping == other.inhibit_policy_mapping
+        )
+
+    def __ne__(self, other):
+        return not self == other
+
+    require_explicit_policy = utils.read_only_property(
+        "_require_explicit_policy"
+    )
+    inhibit_policy_mapping = utils.read_only_property(
+        "_inhibit_policy_mapping"
+    )
+
+
 @utils.register_interface(ExtensionType)
 class CertificatePolicies(object):
     oid = ExtensionOID.CERTIFICATE_POLICIES
-- 
cgit v1.2.3


From 159b3b5ba975fcc2ebebfc707961070fc5fefacf Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Fri, 26 Feb 2016 08:27:22 -0600
Subject: add the oid required by the extensiontype interface

---
 src/cryptography/x509/extensions.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index ba9cb373..0aa67212 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -491,6 +491,8 @@ class ReasonFlags(Enum):
 
 @utils.register_interface(ExtensionType)
 class PolicyConstraints(object):
+    oid = ExtensionOID.POLICY_CONSTRAINTS
+
     def __init__(self, require_explicit_policy, inhibit_policy_mapping):
         if require_explicit_policy is not None and not isinstance(
             require_explicit_policy, six.integer_types
-- 
cgit v1.2.3


From ed9163d0195a7d9bd555093641fabf5e18f5c733 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Fri, 26 Feb 2016 08:28:29 -0600
Subject: export PolicyConstraints

---
 src/cryptography/x509/__init__.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py
index a1deb7f4..3f0ac14d 100644
--- a/src/cryptography/x509/__init__.py
+++ b/src/cryptography/x509/__init__.py
@@ -19,9 +19,10 @@ from cryptography.x509.extensions import (
     DistributionPoint, DuplicateExtension, ExtendedKeyUsage, Extension,
     ExtensionNotFound, ExtensionType, Extensions, GeneralNames,
     InhibitAnyPolicy, InvalidityDate, IssuerAlternativeName, KeyUsage,
-    NameConstraints, NoticeReference, OCSPNoCheck, PolicyInformation,
-    ReasonFlags, SubjectAlternativeName, SubjectKeyIdentifier,
-    UnrecognizedExtension, UnsupportedExtension, UserNotice
+    NameConstraints, NoticeReference, OCSPNoCheck, PolicyConstraints,
+    PolicyInformation, ReasonFlags, SubjectAlternativeName,
+    SubjectKeyIdentifier, UnrecognizedExtension, UnsupportedExtension,
+    UserNotice
 )
 from cryptography.x509.general_name import (
     DNSName, DirectoryName, GeneralName, IPAddress, OtherName, RFC822Name,
@@ -170,4 +171,5 @@ __all__ = [
     "CRLReason",
     "InvalidityDate",
     "UnrecognizedExtension",
+    "PolicyConstraints",
 ]
-- 
cgit v1.2.3