commit cde1ecbf1815f004888d0ef49e24502b5aa3c613
author Alex Gaynor <alex.gaynor@gmail.com> Fri Jun 26 20:25:45 2015 -0400
committer Alex Gaynor <alex.gaynor@gmail.com> Fri Jun 26 20:25:45 2015 -0400
tree 66c2bd317350604dfbaa18f0bb4b779f3b50616f
parent de9e584d5c685581ba4f9110daa5d76f1508bcd6
parent f728ee53970387e40cb119a5e9a65d55b450fb6e

Merge branch 'master' into param-ordering

src/cryptography/x509.py

diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 51e25f7..0f72abb 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1468,6 +1468,10 @@
         """
         if isinstance(extension, BasicConstraints):
             extension = Extension(OID_BASIC_CONSTRAINTS, critical, extension)
+        elif isinstance(extension, SubjectAlternativeName):
+            extension = Extension(
+                OID_SUBJECT_ALTERNATIVE_NAME, critical, extension
+            )
         else:
             raise NotImplementedError('Unsupported X.509 extension.')
         # TODO: This is quadratic in the number of extensions

tests/test_x509.py

diff --git a/tests/test_x509.py b/tests/test_x509.py
index 971f149..03e9515 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -824,7 +824,7 @@
         assert basic_constraints.value.ca is True
         assert basic_constraints.value.path_length == 2
 
-    def test_add_duplicate_extension(self, backend):
+    def test_add_duplicate_extension(self):
         builder = x509.CertificateSigningRequestBuilder().add_extension(
             x509.BasicConstraints(True, 2), critical=True,
         )
@@ -833,12 +833,12 @@
                 x509.BasicConstraints(True, 2), critical=True,
             )
 
-    def test_set_invalid_subject(self, backend):
+    def test_set_invalid_subject(self):
         builder = x509.CertificateSigningRequestBuilder()
         with pytest.raises(TypeError):
             builder.subject_name('NotAName')
 
-    def test_add_unsupported_extension(self, backend):
+    def test_add_unsupported_extension(self):
         builder = x509.CertificateSigningRequestBuilder()
         with pytest.raises(NotImplementedError):
             builder.add_extension(
@@ -846,6 +846,34 @@
                 critical=False,
             )
 
+    def test_add_unsupported_extension_in_backend(self, backend):
+        private_key = RSA_KEY_2048.private_key(backend)
+        builder = x509.CertificateSigningRequestBuilder()
+        builder = builder.subject_name(
+            x509.Name([
+                x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+            ])
+        ).add_extension(
+            x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]),
+            critical=False,
+        )
+        with pytest.raises(NotImplementedError):
+            builder.sign(backend, private_key, hashes.SHA256())
+
+    def test_set_subject_twice(self):
+        builder = x509.CertificateSigningRequestBuilder()
+        builder = builder.subject_name(
+            x509.Name([
+                x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+            ])
+        )
+        with pytest.raises(ValueError):
+            builder.subject_name(
+                x509.Name([
+                    x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+                ])
+            )
+
 
 @pytest.mark.requires_backend_interface(interface=DSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)