diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2017-06-25 16:28:24 -0400 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-06-25 10:28:24 -1000 |
commit | 9939ba1658868b68654501aac24c97db8d9335ae (patch) | |
tree | 46d036201c23060762b1044f89289f32e7e10c0d | |
parent | f8022d6a1d315ebcfe6cc25ae07dd8d3bd0cf1b4 (diff) | |
download | pyopenssl-9939ba1658868b68654501aac24c97db8d9335ae.tar.gz |
Added an API for converting X509 to/from cryptography (#640)
* Added an API for converting X509 to/from cryptography
* changelog
-rw-r--r-- | CHANGELOG.rst | 1 | ||||
-rw-r--r-- | src/OpenSSL/crypto.py | 32 | ||||
-rw-r--r-- | tests/test_crypto.py | 21 |
3 files changed, 54 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 5bd844c..ee372c3 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -31,6 +31,7 @@ Deprecations: Changes: ^^^^^^^^ +- Added ``OpenSSL.crypto.X509.from_cryptography`` and ``OpenSSL.crypto.X509.to_cryptography`` for converting X.509 certificate to and from pyca/cryptography objects. `#640 <https://github.com/pyca/pyopenssl/pull/640>`_ - Added ``OpenSSL.debug`` that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using ``python -m OpenSSL.debug``. `#620 <https://github.com/pyca/pyopenssl/pull/620>`_ diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index ae05ede..cdbcc22 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -10,6 +10,7 @@ from six import ( text_type as _text_type, PY3 as _PY3) +from cryptography import x509 from cryptography.hazmat.primitives.asymmetric import dsa, rsa from OpenSSL._util import ( @@ -996,6 +997,37 @@ class X509(object): _openssl_assert(x509 != _ffi.NULL) self._x509 = _ffi.gc(x509, _lib.X509_free) + def to_cryptography(self): + """ + Export as a ``cryptography`` certificate. + + :rtype: ``cryptography.x509.Certificate`` + + .. versionadded:: 17.1.0 + """ + from cryptography.hazmat.backends.openssl.x509 import _Certificate + backend = _get_backend() + return _Certificate(backend, self._x509) + + @classmethod + def from_cryptography(cls, crypto_cert): + """ + Construct based on a ``cryptography`` *crypto_cert*. + + :param crypto_key: A ``cryptography`` X.509 certificate. + :type crypto_key: ``cryptography.x509.Certificate`` + + :rtype: PKey + + .. versionadded:: 17.1.0 + """ + if not isinstance(crypto_cert, x509.Certificate): + raise TypeError("Must be a certificate") + + cert = cls() + cert._x509 = crypto_cert._x509 + return cert + def set_version(self, version): """ Set the version number of the certificate. diff --git a/tests/test_crypto.py b/tests/test_crypto.py index 5efb904..2bcc933 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -17,6 +17,7 @@ import pytest from six import binary_type +from cryptography import x509 from cryptography.hazmat.backends.openssl.backend import backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa @@ -1922,6 +1923,26 @@ tgI5 with pytest.raises(TypeError): cert.sign(object(), b"sha256") + def test_convert_from_cryptography(self): + crypto_cert = x509.load_pem_x509_certificate( + intermediate_cert_pem, backend + ) + cert = X509.from_cryptography(crypto_cert) + + assert isinstance(cert, X509) + assert cert.get_version() == crypto_cert.version.value + + def test_convert_from_cryptography_unsupported_type(self): + with pytest.raises(TypeError): + X509.from_cryptography(object()) + + def test_convert_to_cryptography_key(self): + cert = load_certificate(FILETYPE_PEM, intermediate_cert_pem) + crypto_cert = cert.to_cryptography() + + assert isinstance(crypto_cert, x509.Certificate) + assert crypto_cert.version.value == cert.get_version() + class TestX509Store(object): """ |