Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 61ff35662049f02da8d2c0f54ef6e84f97c14b1a^! / .
commit61ff35662049f02da8d2c0f54ef6e84f97c14b1a[log] [tgz]
authorPaul Kehrer <paul.l.kehrer@gmail.com>Fri Mar 11 22:51:27 2016 -0400
committerPaul Kehrer <paul.l.kehrer@gmail.com>Fri Mar 11 23:02:01 2016 -0400
tree9ed62e6417eb49cec6c9230047a4c3f8ee0e0599
parente40a03f61e907d0de5fb07624cb6306323de543d [diff]
Add AuthorityKeyIdentifier.from_issuer_subject_key_identifier

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 0bbbcde..1c11f02 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst

@@ -14,6 +14,8 @@
   to :class:`~cryptography.x509.CertificateSigningRequest`.
 * Fixed an intermittent ``AssertionError`` when performing an RSA decryption on
   an invalid ciphertext, ``ValueError`` is now correctly raised in all cases.
+* Added
+  :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`.
 
 1.2.3 - 2016-03-01
 ~~~~~~~~~~~~~~~~~~

diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 67427dd..1e8aeba 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst

@@ -1568,6 +1568,32 @@
             >>> x509.AuthorityKeyIdentifier.from_issuer_public_key(issuer_cert.public_key())
             <AuthorityKeyIdentifier(key_identifier='X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)>
 
+    .. classmethod:: from_issuer_subject_key_identifier(ski)
+
+        .. versionadded:: 1.3
+
+        Creates a new AuthorityKeyIdentifier instance using the
+        SubjectKeyIdentifier from the issuer certificate. The resulting object
+        will contain
+        :attr:`~cryptography.x509.AuthorityKeyIdentifier.key_identifier`, but
+        :attr:`~cryptography.x509.AuthorityKeyIdentifier.authority_cert_issuer`
+        and
+        :attr:`~cryptography.x509.AuthorityKeyIdentifier.authority_cert_serial_number`
+        will be None.
+
+        :param ski: The
+            :class:`~cryptography.x509.SubjectKeyIdentifier` from the issuer
+            certificate.
+
+        .. doctest::
+
+            >>> from cryptography import x509
+            >>> from cryptography.hazmat.backends import default_backend
+            >>> issuer_cert = x509.load_pem_x509_certificate(pem_data, default_backend())
+            >>> ski = issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier)
+            >>> x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(ski)
+            <AuthorityKeyIdentifier(key_identifier='X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9', authority_cert_issuer=None, authority_cert_serial_number=None)>
+
 .. class:: SubjectKeyIdentifier(digest)
 
     .. versionadded:: 0.9

diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index 0aa6721..87d2de1 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py

@@ -191,6 +191,14 @@
             authority_cert_serial_number=None
         )
 
+    @classmethod
+    def from_issuer_subject_key_identifier(cls, ski):
+        return cls(
+            key_identifier=ski.value.digest,
+            authority_cert_issuer=None,
+            authority_cert_serial_number=None
+        )
+
     def __repr__(self):
         return (
             "<AuthorityKeyIdentifier(key_identifier={0.key_identifier!r}, "

diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index d85b4bb..28ddab8 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py

@@ -2634,6 +2634,28 @@
         )
         assert ext.value == aki
 
+    def test_from_issuer_subject_key_identifier(self, backend):
+        issuer_cert = _load_cert(
+            os.path.join("x509", "rapidssl_sha256_ca_g3.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        cert = _load_cert(
+            os.path.join("x509", "cryptography.io.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        ext = cert.extensions.get_extension_for_oid(
+            ExtensionOID.AUTHORITY_KEY_IDENTIFIER
+        )
+        ski = issuer_cert.extensions.get_extension_for_class(
+            x509.SubjectKeyIdentifier
+        )
+        aki = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
+            ski
+        )
+        assert ext.value == aki
+
 
 class TestNameConstraints(object):
     def test_ipaddress_wrong_type(self):