commit 7b6be923e24481c2db75b3737a3ee07e7f3fb292
author Paul Kehrer <paul.l.kehrer@gmail.com> Thu Sep 14 07:43:07 2017 +0800
committer Alex Gaynor <alex.gaynor@gmail.com> Wed Sep 13 19:43:07 2017 -0400
tree ed87ea8cc8a5d763c29b06de2d70e26fb6e4c03d
parent ab96a53bc9020a4d605d57dc972e45df5c8c4862

implement __hash__ on KeyUsage and ExtendedKeyUsage (#3913)

* implement __hash__ on KeyUsage and ExtendedKeyUsage

* properly use private values and alter test to catch that bug

src/cryptography/x509/extensions.py

diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index 9d6b3e7..f6957b9 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -755,6 +755,9 @@
     def __ne__(self, other):
         return not self == other
 
+    def __hash__(self):
+        return hash(tuple(self._usages))
+
 
 @utils.register_interface(ExtensionType)
 class OCSPNoCheck(object):
@@ -933,6 +936,15 @@
     def __ne__(self, other):
         return not self == other
 
+    def __hash__(self):
+        return hash((
+            self.digital_signature, self.content_commitment,
+            self.key_encipherment, self.data_encipherment,
+            self.key_agreement, self.key_cert_sign,
+            self.crl_sign, self._encipher_only,
+            self._decipher_only
+        ))
+
 
 @utils.register_interface(ExtensionType)
 class NameConstraints(object):

tests/x509/test_x509_ext.py

diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
index 8d13753..62ce905 100644
--- a/tests/x509/test_x509_ext.py
+++ b/tests/x509/test_x509_ext.py
@@ -896,6 +896,43 @@
         assert ku != ku2
         assert ku != object()
 
+    def test_hash(self):
+        ku = x509.KeyUsage(
+            digital_signature=False,
+            content_commitment=False,
+            key_encipherment=False,
+            data_encipherment=False,
+            key_agreement=True,
+            key_cert_sign=False,
+            crl_sign=False,
+            encipher_only=False,
+            decipher_only=True
+        )
+        ku2 = x509.KeyUsage(
+            digital_signature=False,
+            content_commitment=False,
+            key_encipherment=False,
+            data_encipherment=False,
+            key_agreement=True,
+            key_cert_sign=False,
+            crl_sign=False,
+            encipher_only=False,
+            decipher_only=True
+        )
+        ku3 = x509.KeyUsage(
+            digital_signature=False,
+            content_commitment=True,
+            key_encipherment=False,
+            data_encipherment=False,
+            key_agreement=False,
+            key_cert_sign=False,
+            crl_sign=False,
+            encipher_only=False,
+            decipher_only=False
+        )
+        assert hash(ku) == hash(ku2)
+        assert hash(ku) != hash(ku3)
+
 
 class TestSubjectKeyIdentifier(object):
     def test_properties(self):
@@ -1177,6 +1214,17 @@
         assert eku != eku2
         assert eku != object()
 
+    def test_hash(self):
+        eku = x509.ExtendedKeyUsage([
+            x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
+        ])
+        eku2 = x509.ExtendedKeyUsage([
+            x509.ObjectIdentifier("1.3.6"), x509.ObjectIdentifier("1.3.7")
+        ])
+        eku3 = x509.ExtendedKeyUsage([x509.ObjectIdentifier("1.3.6")])
+        assert hash(eku) == hash(eku2)
+        assert hash(eku) != hash(eku3)
+
 
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)