Added an API for converting X509 to/from cryptography (#640)

* Added an API for converting X509 to/from cryptography

* changelog

3 files changed, 54 insertions, 0 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 5bd844c..ee372c3 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -31,6 +31,7 @@ Deprecations:
 Changes:
 ^^^^^^^^
 
+- Added ``OpenSSL.crypto.X509.from_cryptography`` and ``OpenSSL.crypto.X509.to_cryptography`` for converting X.509 certificate to and from pyca/cryptography objects. `#640 <https://github.com/pyca/pyopenssl/pull/640>`_
 - Added ``OpenSSL.debug`` that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using ``python -m OpenSSL.debug``.
   `#620 <https://github.com/pyca/pyopenssl/pull/620>`_
 
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index ae05ede..cdbcc22 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -10,6 +10,7 @@ from six import (
     text_type as _text_type,
     PY3 as _PY3)
 
+from cryptography import x509
 from cryptography.hazmat.primitives.asymmetric import dsa, rsa
 
 from OpenSSL._util import (
@@ -996,6 +997,37 @@ class X509(object):
         _openssl_assert(x509 != _ffi.NULL)
         self._x509 = _ffi.gc(x509, _lib.X509_free)
 
+    def to_cryptography(self):
+        """
+        Export as a ``cryptography`` certificate.
+
+        :rtype: ``cryptography.x509.Certificate``
+
+        .. versionadded:: 17.1.0
+        """
+        from cryptography.hazmat.backends.openssl.x509 import _Certificate
+        backend = _get_backend()
+        return _Certificate(backend, self._x509)
+
+    @classmethod
+    def from_cryptography(cls, crypto_cert):
+        """
+        Construct based on a ``cryptography`` *crypto_cert*.
+
+        :param crypto_key: A ``cryptography`` X.509 certificate.
+        :type crypto_key: ``cryptography.x509.Certificate``
+
+        :rtype: PKey
+
+        .. versionadded:: 17.1.0
+        """
+        if not isinstance(crypto_cert, x509.Certificate):
+            raise TypeError("Must be a certificate")
+
+        cert = cls()
+        cert._x509 = crypto_cert._x509
+        return cert
+
     def set_version(self, version):
         """
         Set the version number of the certificate.
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index 5efb904..2bcc933 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -17,6 +17,7 @@ import pytest
 
 from six import binary_type
 
+from cryptography import x509
 from cryptography.hazmat.backends.openssl.backend import backend
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
@@ -1922,6 +1923,26 @@ tgI5
         with pytest.raises(TypeError):
             cert.sign(object(), b"sha256")
 
+    def test_convert_from_cryptography(self):
+        crypto_cert = x509.load_pem_x509_certificate(
+            intermediate_cert_pem, backend
+        )
+        cert = X509.from_cryptography(crypto_cert)
+
+        assert isinstance(cert, X509)
+        assert cert.get_version() == crypto_cert.version.value
+
+    def test_convert_from_cryptography_unsupported_type(self):
+        with pytest.raises(TypeError):
+            X509.from_cryptography(object())
+
+    def test_convert_to_cryptography_key(self):
+        cert = load_certificate(FILETYPE_PEM, intermediate_cert_pem)
+        crypto_cert = cert.to_cryptography()
+
+        assert isinstance(crypto_cert, x509.Certificate)
+        assert crypto_cert.version.value == cert.get_version()
+
 
 class TestX509Store(object):
     """