diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-06-29 18:24:17 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-06-29 16:24:17 -0700 |
| commit | 41c1024c4664fbd81afebae22cf923b9f6352b74 (patch) | |
| tree | faec77372483d1fd67c597ed42e7bd35ac1a6664 | |
| parent | 10d30832462b4c44a4479dda462d4f35194a04a9 (diff) | |
| download | pyopenssl-41c1024c4664fbd81afebae22cf923b9f6352b74.tar.gz | |
add to_cryptography/from_cryptography on CRL and X509Req (#645)
* add to_cryptography/from_cryptography on CRL and X509Req
* add changelog entry
| -rw-r--r-- | CHANGELOG.rst | 1 | ||||
| -rw-r--r-- | src/OpenSSL/crypto.py | 66 | ||||
| -rw-r--r-- | tests/test_crypto.py | 32 |
3 files changed, 99 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 36d1b63..871b1d5 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -33,6 +33,7 @@ Changes: ^^^^^^^^ - Added ``OpenSSL.crypto.X509.from_cryptography`` and ``OpenSSL.crypto.X509.to_cryptography`` for converting X.509 certificate to and from pyca/cryptography objects. `#640 <https://github.com/pyca/pyopenssl/pull/640>`_ +- Added ``OpenSSL.crypto.X509Req.from_cryptography``, ``OpenSSL.crypto.X509Req.to_cryptography``, ``OpenSSL.crypto.CRL.from_cryptography``, and ``OpenSSL.crypto.CRL.to_cryptography`` for converting X.509 CSRs and CRLs to and from pyca/cryptography objects. `#645 <https://github.com/pyca/pyopenssl/pull/645>`_ - Added ``OpenSSL.debug`` that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using ``python -m OpenSSL.debug``. `#620 <https://github.com/pyca/pyopenssl/pull/620>`_ diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index ba918cc..ef2dcdf 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -843,6 +843,39 @@ class X509Req(object): # Default to version 0. self.set_version(0) + def to_cryptography(self): + """ + Export as a ``cryptography`` certificate signing request. + + :rtype: ``cryptography.x509.CertificateSigningRequest`` + + .. versionadded:: 17.1.0 + """ + from cryptography.hazmat.backends.openssl.x509 import ( + _CertificateSigningRequest + ) + backend = _get_backend() + return _CertificateSigningRequest(backend, self._req) + + @classmethod + def from_cryptography(cls, crypto_req): + """ + Construct based on a ``cryptography`` *crypto_req*. + + :param crypto_req: A ``cryptography`` X.509 certificate signing request + :type crypto_req: ``cryptography.x509.CertificateSigningRequest`` + + :rtype: PKey + + .. versionadded:: 17.1.0 + """ + if not isinstance(crypto_req, x509.CertificateSigningRequest): + raise TypeError("Must be a certificate signing request") + + req = cls() + req._req = crypto_req._x509_req + return req + def set_pubkey(self, pkey): """ Set the public key of the certificate signing request. @@ -2018,6 +2051,39 @@ class CRL(object): crl = _lib.X509_CRL_new() self._crl = _ffi.gc(crl, _lib.X509_CRL_free) + def to_cryptography(self): + """ + Export as a ``cryptography`` CRL. + + :rtype: ``cryptography.x509.CertificateRevocationList`` + + .. versionadded:: 17.1.0 + """ + from cryptography.hazmat.backends.openssl.x509 import ( + _CertificateRevocationList + ) + backend = _get_backend() + return _CertificateRevocationList(backend, self._crl) + + @classmethod + def from_cryptography(cls, crypto_crl): + """ + Construct based on a ``cryptography`` *crypto_crl*. + + :param crypto_crl: A ``cryptography`` certificate revocation list + :type crypto_crl: ``cryptography.x509.CertificateRevocationList`` + + :rtype: CRL + + .. versionadded:: 17.1.0 + """ + if not isinstance(crypto_crl, x509.CertificateRevocationList): + raise TypeError("Must be a certificate revocation list") + + crl = cls() + crl._crl = crypto_crl._x509_crl + return crl + def get_revoked(self): """ Return the revocations in this certificate revocation list. diff --git a/tests/test_crypto.py b/tests/test_crypto.py index 2bcc933..4197f11 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -1420,6 +1420,24 @@ class TestX509Req(_PKeyInteractionTestsMixin): request.sign(pkey, GOOD_DIGEST) assert request.verify(pkey) + def test_convert_from_cryptography(self): + crypto_req = x509.load_pem_x509_csr( + cleartextCertificateRequestPEM, backend + ) + req = X509Req.from_cryptography(crypto_req) + assert isinstance(req, X509Req) + + def test_convert_from_cryptography_unsupported_type(self): + with pytest.raises(TypeError): + X509Req.from_cryptography(object()) + + def test_convert_to_cryptography_key(self): + req = load_certificate_request( + FILETYPE_PEM, cleartextCertificateRequestPEM + ) + crypto_req = req.to_cryptography() + assert isinstance(crypto_req, x509.CertificateSigningRequest) + class TestX509(_PKeyInteractionTestsMixin): """ @@ -3437,6 +3455,20 @@ class TestCRL(object): assert err.value.args[0][2] == 'unable to get certificate CRL' assert err.value.certificate.get_subject().CN == 'intermediate-service' + def test_convert_from_cryptography(self): + crypto_crl = x509.load_pem_x509_crl(crlData, backend) + crl = CRL.from_cryptography(crypto_crl) + assert isinstance(crl, CRL) + + def test_convert_from_cryptography_unsupported_type(self): + with pytest.raises(TypeError): + CRL.from_cryptography(object()) + + def test_convert_to_cryptography_key(self): + crl = load_crl(FILETYPE_PEM, crlData) + crypto_crl = crl.to_cryptography() + assert isinstance(crypto_crl, x509.CertificateRevocationList) + class TestX509StoreContext(object): """ |