add create_x509_revoked_certificate to x509backend interface
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 29abee1..73011dd 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -589,6 +589,15 @@
:returns: A new instance of
:class:`~cryptography.x509.CertificateRevocationList`.
+ .. method:: create_x509_revoked_certificate(builder)
+
+ .. versionadded:: 1.2
+
+ :param builder: An instance of RevokedCertificateBuilder.
+
+ :returns: A new instance of
+ :class:`~cryptography.x509.RevokedCertificate`.
+
.. class:: DHBackend
.. versionadded:: 0.9
diff --git a/src/cryptography/hazmat/backends/interfaces.py b/src/cryptography/hazmat/backends/interfaces.py
index a1d6f81..5b9e6f3 100644
--- a/src/cryptography/hazmat/backends/interfaces.py
+++ b/src/cryptography/hazmat/backends/interfaces.py
@@ -299,6 +299,13 @@
CertificateRevocationListBuilder object.
"""
+ @abc.abstractmethod
+ def create_x509_revoked_certificate(self, builder):
+ """
+ Create a RevokedCertificate object from a RevokedCertificateBuilder
+ object.
+ """
+
@six.add_metaclass(abc.ABCMeta)
class DHBackend(object):
diff --git a/src/cryptography/hazmat/backends/multibackend.py b/src/cryptography/hazmat/backends/multibackend.py
index ebecb36..65f1853 100644
--- a/src/cryptography/hazmat/backends/multibackend.py
+++ b/src/cryptography/hazmat/backends/multibackend.py
@@ -393,3 +393,12 @@
"This backend does not support X.509.",
_Reasons.UNSUPPORTED_X509
)
+
+ def create_x509_revoked_certificate(self, builder):
+ for b in self._filtered_backends(X509Backend):
+ return b.create_x509_revoked_certificate(builder)
+
+ raise UnsupportedAlgorithm(
+ "This backend does not support X.509.",
+ _Reasons.UNSUPPORTED_X509
+ )
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 65792c3..a60bf82 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1558,6 +1558,9 @@
res = add_func(x509_obj, x509_extension, i)
self.openssl_assert(res >= 1)
+ def create_x509_revoked_certificate(self, builder):
+ raise NotImplementedError("Not yet implemented")
+
def load_pem_private_key(self, data, password):
return self._load_key(
self._lib.PEM_read_bio_PrivateKey,
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index e9edf5f..7483571 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -221,6 +221,9 @@
def create_x509_crl(self, builder, private_key, algorithm):
pass
+ def create_x509_revoked_certificate(self, builder):
+ pass
+
class TestMultiBackend(object):
def test_ciphers(self):
@@ -518,6 +521,7 @@
backend.create_x509_csr(object(), b"privatekey", hashes.SHA1())
backend.create_x509_certificate(object(), b"privatekey", hashes.SHA1())
backend.create_x509_crl(object(), b"privatekey", hashes.SHA1())
+ backend.create_x509_revoked_certificate(object())
backend = MultiBackend([])
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
@@ -542,3 +546,5 @@
backend.create_x509_crl(
object(), b"privatekey", hashes.SHA1()
)
+ with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_X509):
+ backend.create_x509_revoked_certificate(object())
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index c1fa653..af064d1 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -509,6 +509,12 @@
backend.create_x509_crl(object(), private_key, hashes.SHA256())
+class TestOpenSSLCreateRevokedCertificate(object):
+ def test_not_yet_implemented(self):
+ with pytest.raises(NotImplementedError):
+ backend.create_x509_revoked_certificate(object())
+
+
class TestOpenSSLSerializationWithOpenSSL(object):
def test_pem_password_cb_buffer_too_small(self):
ffi_cb, userdata = backend._pem_password_cb(b"aa")