Allow passing iterators where collections are expected (#3078)
Iterators can only be enumerated once, breaking code like this in
Python 3 for example:
san = SubjectAlternativeName(map(DNSName, lst))
This is also a slight behavior change if the caller modifies the list
after passing it to the constructor, because input lists are now copied.
Which seems like a good thing.
Also:
* Name now checks that attributes elements are of type NameAttribute
* NoticeReference now allows notice_numbers to be any iterablediff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index f3677d1..749e52f 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -268,6 +268,11 @@
with pytest.raises(TypeError):
x509.NoticeReference("org", None)
+ def test_iter_input(self):
+ numbers = [1, 3, 4]
+ nr = x509.NoticeReference(u"org", iter(numbers))
+ assert list(nr.notice_numbers) == numbers
+
def test_repr(self):
nr = x509.NoticeReference(u"org", [1, 3, 4])
@@ -357,6 +362,11 @@
with pytest.raises(TypeError):
x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), [1, 2])
+ def test_iter_input(self):
+ qual = [u"foo", u"bar"]
+ pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), iter(qual))
+ assert list(pi.policy_qualifiers) == qual
+
def test_repr(self):
pq = [u"string", x509.UserNotice(None, u"hi")]
pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
@@ -414,6 +424,13 @@
for policyinfo in cp:
assert policyinfo == pi
+ def test_iter_input(self):
+ policies = [
+ x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), [u"string"])
+ ]
+ cp = x509.CertificatePolicies(iter(policies))
+ assert list(cp) == policies
+
def test_repr(self):
pq = [u"string"]
pi = x509.PolicyInformation(x509.ObjectIdentifier("1.2.3"), pq)
@@ -859,6 +876,15 @@
assert aki.authority_cert_issuer == [dns]
assert aki.authority_cert_serial_number == 0
+ def test_iter_input(self):
+ dirnames = [
+ x509.DirectoryName(
+ x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'myCN')])
+ )
+ ]
+ aki = x509.AuthorityKeyIdentifier(b"digest", iter(dirnames), 1234)
+ assert list(aki.authority_cert_issuer) == dirnames
+
def test_repr(self):
dirname = x509.DirectoryName(
x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'myCN')])
@@ -973,6 +999,14 @@
ExtendedKeyUsageOID.CLIENT_AUTH
]
+ def test_iter_input(self):
+ usages = [
+ x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
+ x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
+ ]
+ aia = x509.ExtendedKeyUsage(iter(usages))
+ assert list(aia) == usages
+
def test_repr(self):
eku = x509.ExtendedKeyUsage([
x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
@@ -1417,18 +1451,16 @@
def test_repr(self):
name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'value1')])
- gn = x509.DirectoryName(x509.Name([name]))
+ gn = x509.DirectoryName(name)
if six.PY3:
assert repr(gn) == (
- "<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<Object"
- "Identifier(oid=2.5.4.3, name=commonName)>, value='value1')>])"
- ">])>)>"
+ "<DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentif"
+ "ier(oid=2.5.4.3, name=commonName)>, value='value1')>])>)>"
)
else:
assert repr(gn) == (
- "<DirectoryName(value=<Name([<Name([<NameAttribute(oid=<Object"
- "Identifier(oid=2.5.4.3, name=commonName)>, value=u'value1')>]"
- ")>])>)>"
+ "<DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentif"
+ "ier(oid=2.5.4.3, name=commonName)>, value=u'value1')>])>)>"
)
def test_eq(self):
@@ -1438,8 +1470,8 @@
name2 = x509.Name([
x509.NameAttribute(x509.ObjectIdentifier('2.999.1'), u'value1')
])
- gn = x509.DirectoryName(x509.Name([name]))
- gn2 = x509.DirectoryName(x509.Name([name2]))
+ gn = x509.DirectoryName(name)
+ gn2 = x509.DirectoryName(name2)
assert gn == gn2
def test_ne(self):
@@ -1449,8 +1481,8 @@
name2 = x509.Name([
x509.NameAttribute(x509.ObjectIdentifier('2.999.2'), u'value2')
])
- gn = x509.DirectoryName(x509.Name([name]))
- gn2 = x509.DirectoryName(x509.Name([name2]))
+ gn = x509.DirectoryName(name)
+ gn2 = x509.DirectoryName(name2)
assert gn != gn2
assert gn != object()
@@ -1649,6 +1681,14 @@
x509.DNSName(u"crypto.local"),
]
+ def test_iter_input(self):
+ names = [
+ x509.DNSName(u"cryptography.io"),
+ x509.DNSName(u"crypto.local"),
+ ]
+ gns = x509.GeneralNames(iter(names))
+ assert list(gns) == names
+
def test_indexing(self):
gn = x509.GeneralNames([
x509.DNSName(u"cryptography.io"),
@@ -2371,6 +2411,16 @@
)
]
+ def test_iter_input(self):
+ desc = [
+ x509.AccessDescription(
+ AuthorityInformationAccessOID.OCSP,
+ x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
+ )
+ ]
+ aia = x509.AuthorityInformationAccess(iter(desc))
+ assert list(aia) == desc
+
def test_repr(self):
aia = x509.AuthorityInformationAccess([
x509.AccessDescription(
@@ -2743,6 +2793,12 @@
assert nc.permitted_subtrees is not None
assert nc.excluded_subtrees is None
+ def test_iter_input(self):
+ subtrees = [x509.IPAddress(ipaddress.IPv4Network(u"192.168.0.0/24"))]
+ nc = x509.NameConstraints(iter(subtrees), iter(subtrees))
+ assert list(nc.permitted_subtrees) == subtrees
+ assert list(nc.excluded_subtrees) == subtrees
+
def test_repr(self):
permitted = [x509.DNSName(u"name.local"), x509.DNSName(u"name2.local")]
nc = x509.NameConstraints(
@@ -3050,6 +3106,24 @@
assert dp != dp2
assert dp != object()
+ def test_iter_input(self):
+ name = [x509.UniformResourceIdentifier(u"http://crypt.og/crl")]
+ issuer = [
+ x509.DirectoryName(
+ x509.Name([
+ x509.NameAttribute(NameOID.COMMON_NAME, u"Important CA")
+ ])
+ )
+ ]
+ dp = x509.DistributionPoint(
+ iter(name),
+ None,
+ frozenset([x509.ReasonFlags.ca_compromise]),
+ iter(issuer),
+ )
+ assert list(dp.full_name) == name
+ assert list(dp.crl_issuer) == issuer
+
def test_repr(self):
dp = x509.DistributionPoint(
None,
@@ -3129,6 +3203,18 @@
),
]
+ def test_iter_input(self):
+ points = [
+ x509.DistributionPoint(
+ [x509.UniformResourceIdentifier(u"http://domain")],
+ None,
+ None,
+ None
+ ),
+ ]
+ cdp = x509.CRLDistributionPoints(iter(points))
+ assert list(cdp) == points
+
def test_repr(self):
cdp = x509.CRLDistributionPoints([
x509.DistributionPoint(