1 files changed, 45 insertions, 23 deletions

diff --git a/netlib/certutils.py b/netlib/certutils.py
index 507241b2..05408a0c 100644
--- a/netlib/certutils.py
+++ b/netlib/certutils.py
@@ -1,12 +1,15 @@
 from __future__ import (absolute_import, print_function, division)
-import os, ssl, time, datetime
+import os
+import ssl
+import time
+import datetime
 import itertools
 from pyasn1.type import univ, constraint, char, namedtype, tag
 from pyasn1.codec.der.decoder import decode
 from pyasn1.error import PyAsn1Error
 import OpenSSL
 
-DEFAULT_EXP = 157680000 # = 24 * 60 * 60 * 365 * 5
+DEFAULT_EXP = 157680000  # = 24 * 60 * 60 * 365 * 5
 # Generated with "openssl dhparam". It's too slow to generate this on startup.
 DEFAULT_DHPARAM = """
 -----BEGIN DH PARAMETERS-----
@@ -24,31 +27,47 @@ rD693XKIHUCWOjMh1if6omGXKHH40QuME2gNa50+YPn1iYDl88uDbbMCAQI=
 -----END DH PARAMETERS-----
 """
 
+
 def create_ca(o, cn, exp):
     key = OpenSSL.crypto.PKey()
     key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
     cert = OpenSSL.crypto.X509()
-    cert.set_serial_number(int(time.time()*10000))
+    cert.set_serial_number(int(time.time() * 10000))
     cert.set_version(2)
     cert.get_subject().CN = cn
     cert.get_subject().O = o
-    cert.gmtime_adj_notBefore(-3600*48)
+    cert.gmtime_adj_notBefore(-3600 * 48)
     cert.gmtime_adj_notAfter(exp)
     cert.set_issuer(cert.get_subject())
     cert.set_pubkey(key)
     cert.add_extensions([
-      OpenSSL.crypto.X509Extension("basicConstraints", True,
-                                   "CA:TRUE"),
-      OpenSSL.crypto.X509Extension("nsCertType", False,
-                                   "sslCA"),
-      OpenSSL.crypto.X509Extension("extendedKeyUsage", False,
-                                    "serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC"
-                                    ),
-      OpenSSL.crypto.X509Extension("keyUsage", True,
-                                   "keyCertSign, cRLSign"),
-      OpenSSL.crypto.X509Extension("subjectKeyIdentifier", False, "hash",
-                                   subject=cert),
-      ])
+        OpenSSL.crypto.X509Extension(
+            "basicConstraints", 
+            True,
+            "CA:TRUE"
+        ),
+        OpenSSL.crypto.X509Extension(
+            "nsCertType",
+            False,
+            "sslCA"
+        ),
+        OpenSSL.crypto.X509Extension(
+            "extendedKeyUsage",
+            False,
+            "serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC"
+        ),
+        OpenSSL.crypto.X509Extension(
+            "keyUsage",
+            True,
+            "keyCertSign, cRLSign"
+        ),
+        OpenSSL.crypto.X509Extension(
+            "subjectKeyIdentifier",
+            False,
+            "hash",
+            subject=cert
+        ),
+    ])
     cert.sign(key, "sha256")
     return key, cert
 
@@ -66,15 +85,15 @@ def dummy_cert(privkey, cacert, commonname, sans):
     """
     ss = []
     for i in sans:
-        ss.append("DNS: %s"%i)
+        ss.append("DNS: %s" % i)
     ss = ", ".join(ss)
 
     cert = OpenSSL.crypto.X509()
-    cert.gmtime_adj_notBefore(-3600*48)
+    cert.gmtime_adj_notBefore(-3600 * 48)
     cert.gmtime_adj_notAfter(DEFAULT_EXP)
     cert.set_issuer(cacert.get_subject())
     cert.get_subject().CN = commonname
-    cert.set_serial_number(int(time.time()*10000))
+    cert.set_serial_number(int(time.time() * 10000))
     if ss:
         cert.set_version(2)
         cert.add_extensions([OpenSSL.crypto.X509Extension("subjectAltName", False, ss)])
@@ -124,6 +143,7 @@ def dummy_cert(privkey, cacert, commonname, sans):
 
 
 class CertStoreEntry(object):
+
     def __init__(self, cert, privatekey, chain_file):
         self.cert = cert
         self.privatekey = privatekey
@@ -131,6 +151,7 @@ class CertStoreEntry(object):
 
 
 class CertStore(object):
+
     """
         Implements an in-memory certificate store.
     """
@@ -154,8 +175,8 @@ class CertStore(object):
         if bio != OpenSSL.SSL._ffi.NULL:
             bio = OpenSSL.SSL._ffi.gc(bio, OpenSSL.SSL._lib.BIO_free)
             dh = OpenSSL.SSL._lib.PEM_read_bio_DHparams(
-                    bio, OpenSSL.SSL._ffi.NULL, OpenSSL.SSL._ffi.NULL, OpenSSL.SSL._ffi.NULL
-                )
+                bio, OpenSSL.SSL._ffi.NULL, OpenSSL.SSL._ffi.NULL, OpenSSL.SSL._ffi.NULL
+            )
             dh = OpenSSL.SSL._ffi.gc(dh, OpenSSL.SSL._lib.DH_free)
             return dh
 
@@ -287,8 +308,8 @@ class _GeneralName(univ.Choice):
     # other types.
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('dNSName', char.IA5String().subtype(
-                implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)
-            )
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)
+        )
         ),
     )
 
@@ -299,6 +320,7 @@ class _GeneralNames(univ.SequenceOf):
 
 
 class SSLCert(object):
+
     def __init__(self, cert):
         """
             Returns a (common name, [subject alternative names]) tuple.