Merge pull request #1883 from reaperhulk/fix-1866
add support for equality testing to x509.Certificate
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 5558f14..7f633c7 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -123,6 +123,16 @@
self._backend = backend
self._x509 = x509
+ def __eq__(self, other):
+ if not isinstance(other, x509.Certificate):
+ return NotImplemented
+
+ res = self._backend._lib.X509_cmp(self._x509, other._x509)
+ return res == 0
+
+ def __ne__(self, other):
+ return not self == other
+
def fingerprint(self, algorithm):
h = hashes.Hash(algorithm, self._backend)
bio = self._backend._create_mem_bio()
diff --git a/src/cryptography/hazmat/bindings/openssl/x509.py b/src/cryptography/hazmat/bindings/openssl/x509.py
index fd7a12a..a1fb7ff 100644
--- a/src/cryptography/hazmat/bindings/openssl/x509.py
+++ b/src/cryptography/hazmat/bindings/openssl/x509.py
@@ -115,6 +115,7 @@
X509 *X509_new(void);
void X509_free(X509 *);
X509 *X509_dup(X509 *);
+int X509_cmp(const X509 *, const X509 *);
int X509_print_ex(BIO *, X509 *, unsigned long, unsigned long);
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index dd6ea92..b22ac8b 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -730,6 +730,18 @@
in the certificate.
"""
+ @abc.abstractmethod
+ def __eq__(self, other):
+ """
+ Checks equality.
+ """
+
+ @abc.abstractmethod
+ def __ne__(self, other):
+ """
+ Checks not equal.
+ """
+
@six.add_metaclass(abc.ABCMeta)
class CertificateSigningRequest(object):
diff --git a/tests/test_x509.py b/tests/test_x509.py
index df291de..8561f1f 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -313,6 +313,36 @@
assert exc.value.parsed_version == 7
+ def test_eq(self, backend):
+ cert = _load_cert(
+ os.path.join("x509", "custom", "post2000utctime.pem"),
+ x509.load_pem_x509_certificate,
+ backend
+ )
+ cert2 = _load_cert(
+ os.path.join("x509", "custom", "post2000utctime.pem"),
+ x509.load_pem_x509_certificate,
+ backend
+ )
+ assert cert == cert2
+
+ def test_ne(self, backend):
+ cert = _load_cert(
+ os.path.join("x509", "custom", "post2000utctime.pem"),
+ x509.load_pem_x509_certificate,
+ backend
+ )
+ cert2 = _load_cert(
+ os.path.join(
+ "x509", "PKITS_data", "certs",
+ "ValidGeneralizedTimenotAfterDateTest8EE.crt"
+ ),
+ x509.load_der_x509_certificate,
+ backend
+ )
+ assert cert != cert2
+ assert cert != object()
+
def test_version_1_cert(self, backend):
cert = _load_cert(
os.path.join("x509", "v1_cert.pem"),