From 33fc7dc0afa71e66b2a9e2d85ff0c090ffedbdc6 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 1 Aug 2015 21:23:22 +0100
Subject: allow certificate and CSR to both parse the same set of extensions

---
 src/cryptography/hazmat/backends/openssl/x509.py | 44 +++++++++++-------------
 1 file changed, 21 insertions(+), 23 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 63e4a177..eb0426e5 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -744,35 +744,33 @@ class _CertificateSigningRequest(object):
         return self._backend._read_mem_bio(bio)
 
 
+_EXTENSION_HANDLERS = {
+    x509.OID_BASIC_CONSTRAINTS: _decode_basic_constraints,
+    x509.OID_SUBJECT_KEY_IDENTIFIER: _decode_subject_key_identifier,
+    x509.OID_KEY_USAGE: _decode_key_usage,
+    x509.OID_SUBJECT_ALTERNATIVE_NAME: _decode_subject_alt_name,
+    x509.OID_EXTENDED_KEY_USAGE: _decode_extended_key_usage,
+    x509.OID_AUTHORITY_KEY_IDENTIFIER: _decode_authority_key_identifier,
+    x509.OID_AUTHORITY_INFORMATION_ACCESS: (
+        _decode_authority_information_access
+    ),
+    x509.OID_CERTIFICATE_POLICIES: _decode_certificate_policies,
+    x509.OID_CRL_DISTRIBUTION_POINTS: _decode_crl_distribution_points,
+    x509.OID_OCSP_NO_CHECK: _decode_ocsp_no_check,
+    x509.OID_INHIBIT_ANY_POLICY: _decode_inhibit_any_policy,
+    x509.OID_ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name,
+    x509.OID_NAME_CONSTRAINTS: _decode_name_constraints,
+}
+
+
 _CERTIFICATE_EXTENSION_PARSER = _X509ExtensionParser(
     ext_count=lambda backend, x: backend._lib.X509_get_ext_count(x),
     get_ext=lambda backend, x, i: backend._lib.X509_get_ext(x, i),
-    handlers={
-        x509.OID_BASIC_CONSTRAINTS: _decode_basic_constraints,
-        x509.OID_SUBJECT_KEY_IDENTIFIER: _decode_subject_key_identifier,
-        x509.OID_KEY_USAGE: _decode_key_usage,
-        x509.OID_SUBJECT_ALTERNATIVE_NAME: _decode_subject_alt_name,
-        x509.OID_EXTENDED_KEY_USAGE: _decode_extended_key_usage,
-        x509.OID_AUTHORITY_KEY_IDENTIFIER: _decode_authority_key_identifier,
-        x509.OID_AUTHORITY_INFORMATION_ACCESS: (
-            _decode_authority_information_access
-        ),
-        x509.OID_CERTIFICATE_POLICIES: _decode_certificate_policies,
-        x509.OID_CRL_DISTRIBUTION_POINTS: _decode_crl_distribution_points,
-        x509.OID_OCSP_NO_CHECK: _decode_ocsp_no_check,
-        x509.OID_INHIBIT_ANY_POLICY: _decode_inhibit_any_policy,
-        x509.OID_ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name,
-        x509.OID_NAME_CONSTRAINTS: _decode_name_constraints,
-    }
+    handlers=_EXTENSION_HANDLERS
 )
 
 _CSR_EXTENSION_PARSER = _X509ExtensionParser(
     ext_count=lambda backend, x: backend._lib.sk_X509_EXTENSION_num(x),
     get_ext=lambda backend, x, i: backend._lib.sk_X509_EXTENSION_value(x, i),
-    handlers={
-        x509.OID_BASIC_CONSTRAINTS: _decode_basic_constraints,
-        x509.OID_KEY_USAGE: _decode_key_usage,
-        x509.OID_SUBJECT_ALTERNATIVE_NAME: _decode_subject_alt_name,
-        x509.OID_EXTENDED_KEY_USAGE: _decode_extended_key_usage,
-    }
+    handlers=_EXTENSION_HANDLERS
 )
-- 
cgit v1.2.3