move ExtendedKeyUsage, CertificatePolicies, and InhibitAnyPolicy
diff --git a/src/cryptography/x509/__init__.py b/src/cryptography/x509/__init__.py
index 0beff1f..8e345ae 100644
--- a/src/cryptography/x509/__init__.py
+++ b/src/cryptography/x509/__init__.py
@@ -5,21 +5,21 @@
from __future__ import absolute_import, division, print_function
from cryptography.x509.base import (
- Certificate, CertificateBuilder,
- CertificatePolicies, CertificateRevocationList, CertificateSigningRequest,
- CertificateSigningRequestBuilder,
- DuplicateExtension, ExtendedKeyUsage, Extension, ExtensionNotFound,
- ExtensionType, Extensions, GeneralNames, InhibitAnyPolicy,
+ Certificate, CertificateBuilder, CertificateRevocationList,
+ CertificateSigningRequest, CertificateSigningRequestBuilder,
+ DuplicateExtension, Extension, ExtensionNotFound,
+ ExtensionType, Extensions, GeneralNames,
InvalidVersion, IssuerAlternativeName, KeyUsage, NameConstraints,
- NoticeReference, OCSPNoCheck, ObjectIdentifier,
- PolicyInformation, RevokedCertificate, SubjectAlternativeName,
- UnsupportedExtension, UserNotice, Version, load_der_x509_certificate,
+ ObjectIdentifier, RevokedCertificate, SubjectAlternativeName,
+ UnsupportedExtension, Version, load_der_x509_certificate,
load_der_x509_csr, load_pem_x509_certificate, load_pem_x509_csr,
)
from cryptography.x509.extensions import (
AccessDescription, AuthorityInformationAccess,
AuthorityKeyIdentifier, BasicConstraints, CRLDistributionPoints,
- DistributionPoint, ReasonFlags, SubjectKeyIdentifier
+ CertificatePolicies, DistributionPoint, ExtendedKeyUsage,
+ InhibitAnyPolicy, NoticeReference, OCSPNoCheck, PolicyInformation,
+ ReasonFlags, SubjectKeyIdentifier, UserNotice
)
from cryptography.x509.general_name import (
DNSName, DirectoryName, GeneralName, IPAddress, OtherName, RFC822Name,
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py
index 7e755de..2b4eeb5 100644
--- a/src/cryptography/x509/base.py
+++ b/src/cryptography/x509/base.py
@@ -132,42 +132,6 @@
@utils.register_interface(ExtensionType)
-class ExtendedKeyUsage(object):
- oid = ExtensionOID.EXTENDED_KEY_USAGE
-
- def __init__(self, usages):
- if not all(isinstance(x, ObjectIdentifier) for x in usages):
- raise TypeError(
- "Every item in the usages list must be an ObjectIdentifier"
- )
-
- self._usages = usages
-
- def __iter__(self):
- return iter(self._usages)
-
- def __len__(self):
- return len(self._usages)
-
- def __repr__(self):
- return "<ExtendedKeyUsage({0})>".format(self._usages)
-
- def __eq__(self, other):
- if not isinstance(other, ExtendedKeyUsage):
- return NotImplemented
-
- return self._usages == other._usages
-
- def __ne__(self, other):
- return not self == other
-
-
-@utils.register_interface(ExtensionType)
-class OCSPNoCheck(object):
- oid = ExtensionOID.OCSP_NO_CHECK
-
-
-@utils.register_interface(ExtensionType)
class KeyUsage(object):
oid = ExtensionOID.KEY_USAGE
@@ -254,146 +218,6 @@
@utils.register_interface(ExtensionType)
-class CertificatePolicies(object):
- oid = ExtensionOID.CERTIFICATE_POLICIES
-
- def __init__(self, policies):
- if not all(isinstance(x, PolicyInformation) for x in policies):
- raise TypeError(
- "Every item in the policies list must be a "
- "PolicyInformation"
- )
-
- self._policies = policies
-
- def __iter__(self):
- return iter(self._policies)
-
- def __len__(self):
- return len(self._policies)
-
- def __repr__(self):
- return "<CertificatePolicies({0})>".format(self._policies)
-
- def __eq__(self, other):
- if not isinstance(other, CertificatePolicies):
- return NotImplemented
-
- return self._policies == other._policies
-
- def __ne__(self, other):
- return not self == other
-
-
-class PolicyInformation(object):
- def __init__(self, policy_identifier, policy_qualifiers):
- if not isinstance(policy_identifier, ObjectIdentifier):
- raise TypeError("policy_identifier must be an ObjectIdentifier")
-
- self._policy_identifier = policy_identifier
- if policy_qualifiers and not all(
- isinstance(
- x, (six.text_type, UserNotice)
- ) for x in policy_qualifiers
- ):
- raise TypeError(
- "policy_qualifiers must be a list of strings and/or UserNotice"
- " objects or None"
- )
-
- self._policy_qualifiers = policy_qualifiers
-
- def __repr__(self):
- return (
- "<PolicyInformation(policy_identifier={0.policy_identifier}, polic"
- "y_qualifiers={0.policy_qualifiers})>".format(self)
- )
-
- def __eq__(self, other):
- if not isinstance(other, PolicyInformation):
- return NotImplemented
-
- return (
- self.policy_identifier == other.policy_identifier and
- self.policy_qualifiers == other.policy_qualifiers
- )
-
- def __ne__(self, other):
- return not self == other
-
- policy_identifier = utils.read_only_property("_policy_identifier")
- policy_qualifiers = utils.read_only_property("_policy_qualifiers")
-
-
-class UserNotice(object):
- def __init__(self, notice_reference, explicit_text):
- if notice_reference and not isinstance(
- notice_reference, NoticeReference
- ):
- raise TypeError(
- "notice_reference must be None or a NoticeReference"
- )
-
- self._notice_reference = notice_reference
- self._explicit_text = explicit_text
-
- def __repr__(self):
- return (
- "<UserNotice(notice_reference={0.notice_reference}, explicit_text="
- "{0.explicit_text!r})>".format(self)
- )
-
- def __eq__(self, other):
- if not isinstance(other, UserNotice):
- return NotImplemented
-
- return (
- self.notice_reference == other.notice_reference and
- self.explicit_text == other.explicit_text
- )
-
- def __ne__(self, other):
- return not self == other
-
- notice_reference = utils.read_only_property("_notice_reference")
- explicit_text = utils.read_only_property("_explicit_text")
-
-
-class NoticeReference(object):
- def __init__(self, organization, notice_numbers):
- self._organization = organization
- if not isinstance(notice_numbers, list) or not all(
- isinstance(x, int) for x in notice_numbers
- ):
- raise TypeError(
- "notice_numbers must be a list of integers"
- )
-
- self._notice_numbers = notice_numbers
-
- def __repr__(self):
- return (
- "<NoticeReference(organization={0.organization!r}, notice_numbers="
- "{0.notice_numbers})>".format(self)
- )
-
- def __eq__(self, other):
- if not isinstance(other, NoticeReference):
- return NotImplemented
-
- return (
- self.organization == other.organization and
- self.notice_numbers == other.notice_numbers
- )
-
- def __ne__(self, other):
- return not self == other
-
- organization = utils.read_only_property("_organization")
- notice_numbers = utils.read_only_property("_notice_numbers")
-
-
-@utils.register_interface(ExtensionType)
class NameConstraints(object):
oid = ExtensionOID.NAME_CONSTRAINTS
@@ -460,34 +284,6 @@
excluded_subtrees = utils.read_only_property("_excluded_subtrees")
-@utils.register_interface(ExtensionType)
-class InhibitAnyPolicy(object):
- oid = ExtensionOID.INHIBIT_ANY_POLICY
-
- def __init__(self, skip_certs):
- if not isinstance(skip_certs, six.integer_types):
- raise TypeError("skip_certs must be an integer")
-
- if skip_certs < 0:
- raise ValueError("skip_certs must be a non-negative integer")
-
- self._skip_certs = skip_certs
-
- def __repr__(self):
- return "<InhibitAnyPolicy(skip_certs={0.skip_certs})>".format(self)
-
- def __eq__(self, other):
- if not isinstance(other, InhibitAnyPolicy):
- return NotImplemented
-
- return self.skip_certs == other.skip_certs
-
- def __ne__(self, other):
- return not self == other
-
- skip_certs = utils.read_only_property("_skip_certs")
-
-
class GeneralNames(object):
def __init__(self, general_names):
if not all(isinstance(x, GeneralName) for x in general_names):
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index eef9f11..f227dfe 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -18,7 +18,7 @@
from cryptography.x509.general_name import GeneralName
from cryptography.x509.name import Name
from cryptography.x509.oid import (
- AuthorityInformationAccessOID, ExtensionOID
+ AuthorityInformationAccessOID, ExtensionOID, ObjectIdentifier
)
@@ -375,3 +375,207 @@
privilege_withdrawn = "privilegeWithdrawn"
aa_compromise = "aACompromise"
remove_from_crl = "removeFromCRL"
+
+
+@utils.register_interface(ExtensionType)
+class CertificatePolicies(object):
+ oid = ExtensionOID.CERTIFICATE_POLICIES
+
+ def __init__(self, policies):
+ if not all(isinstance(x, PolicyInformation) for x in policies):
+ raise TypeError(
+ "Every item in the policies list must be a "
+ "PolicyInformation"
+ )
+
+ self._policies = policies
+
+ def __iter__(self):
+ return iter(self._policies)
+
+ def __len__(self):
+ return len(self._policies)
+
+ def __repr__(self):
+ return "<CertificatePolicies({0})>".format(self._policies)
+
+ def __eq__(self, other):
+ if not isinstance(other, CertificatePolicies):
+ return NotImplemented
+
+ return self._policies == other._policies
+
+ def __ne__(self, other):
+ return not self == other
+
+
+class PolicyInformation(object):
+ def __init__(self, policy_identifier, policy_qualifiers):
+ if not isinstance(policy_identifier, ObjectIdentifier):
+ raise TypeError("policy_identifier must be an ObjectIdentifier")
+
+ self._policy_identifier = policy_identifier
+ if policy_qualifiers and not all(
+ isinstance(
+ x, (six.text_type, UserNotice)
+ ) for x in policy_qualifiers
+ ):
+ raise TypeError(
+ "policy_qualifiers must be a list of strings and/or UserNotice"
+ " objects or None"
+ )
+
+ self._policy_qualifiers = policy_qualifiers
+
+ def __repr__(self):
+ return (
+ "<PolicyInformation(policy_identifier={0.policy_identifier}, polic"
+ "y_qualifiers={0.policy_qualifiers})>".format(self)
+ )
+
+ def __eq__(self, other):
+ if not isinstance(other, PolicyInformation):
+ return NotImplemented
+
+ return (
+ self.policy_identifier == other.policy_identifier and
+ self.policy_qualifiers == other.policy_qualifiers
+ )
+
+ def __ne__(self, other):
+ return not self == other
+
+ policy_identifier = utils.read_only_property("_policy_identifier")
+ policy_qualifiers = utils.read_only_property("_policy_qualifiers")
+
+
+class UserNotice(object):
+ def __init__(self, notice_reference, explicit_text):
+ if notice_reference and not isinstance(
+ notice_reference, NoticeReference
+ ):
+ raise TypeError(
+ "notice_reference must be None or a NoticeReference"
+ )
+
+ self._notice_reference = notice_reference
+ self._explicit_text = explicit_text
+
+ def __repr__(self):
+ return (
+ "<UserNotice(notice_reference={0.notice_reference}, explicit_text="
+ "{0.explicit_text!r})>".format(self)
+ )
+
+ def __eq__(self, other):
+ if not isinstance(other, UserNotice):
+ return NotImplemented
+
+ return (
+ self.notice_reference == other.notice_reference and
+ self.explicit_text == other.explicit_text
+ )
+
+ def __ne__(self, other):
+ return not self == other
+
+ notice_reference = utils.read_only_property("_notice_reference")
+ explicit_text = utils.read_only_property("_explicit_text")
+
+
+class NoticeReference(object):
+ def __init__(self, organization, notice_numbers):
+ self._organization = organization
+ if not isinstance(notice_numbers, list) or not all(
+ isinstance(x, int) for x in notice_numbers
+ ):
+ raise TypeError(
+ "notice_numbers must be a list of integers"
+ )
+
+ self._notice_numbers = notice_numbers
+
+ def __repr__(self):
+ return (
+ "<NoticeReference(organization={0.organization!r}, notice_numbers="
+ "{0.notice_numbers})>".format(self)
+ )
+
+ def __eq__(self, other):
+ if not isinstance(other, NoticeReference):
+ return NotImplemented
+
+ return (
+ self.organization == other.organization and
+ self.notice_numbers == other.notice_numbers
+ )
+
+ def __ne__(self, other):
+ return not self == other
+
+ organization = utils.read_only_property("_organization")
+ notice_numbers = utils.read_only_property("_notice_numbers")
+
+
+@utils.register_interface(ExtensionType)
+class ExtendedKeyUsage(object):
+ oid = ExtensionOID.EXTENDED_KEY_USAGE
+
+ def __init__(self, usages):
+ if not all(isinstance(x, ObjectIdentifier) for x in usages):
+ raise TypeError(
+ "Every item in the usages list must be an ObjectIdentifier"
+ )
+
+ self._usages = usages
+
+ def __iter__(self):
+ return iter(self._usages)
+
+ def __len__(self):
+ return len(self._usages)
+
+ def __repr__(self):
+ return "<ExtendedKeyUsage({0})>".format(self._usages)
+
+ def __eq__(self, other):
+ if not isinstance(other, ExtendedKeyUsage):
+ return NotImplemented
+
+ return self._usages == other._usages
+
+ def __ne__(self, other):
+ return not self == other
+
+
+@utils.register_interface(ExtensionType)
+class OCSPNoCheck(object):
+ oid = ExtensionOID.OCSP_NO_CHECK
+
+
+@utils.register_interface(ExtensionType)
+class InhibitAnyPolicy(object):
+ oid = ExtensionOID.INHIBIT_ANY_POLICY
+
+ def __init__(self, skip_certs):
+ if not isinstance(skip_certs, six.integer_types):
+ raise TypeError("skip_certs must be an integer")
+
+ if skip_certs < 0:
+ raise ValueError("skip_certs must be a non-negative integer")
+
+ self._skip_certs = skip_certs
+
+ def __repr__(self):
+ return "<InhibitAnyPolicy(skip_certs={0.skip_certs})>".format(self)
+
+ def __eq__(self, other):
+ if not isinstance(other, InhibitAnyPolicy):
+ return NotImplemented
+
+ return self.skip_certs == other.skip_certs
+
+ def __ne__(self, other):
+ return not self == other
+
+ skip_certs = utils.read_only_property("_skip_certs")