Refs #1947 -- add support for IAN to the OpenSSL backend

commit: f1c176743da9414649f45b03bcbc56055e39e83c [log] [tgz]
author: Alex Gaynor <alex.gaynor@gmail.com> Sat Jun 20 14:20:20 2015 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> Sat Jun 20 14:20:20 2015 -0400
tree: a12baeb21d7b632d156a06bed4f7f0bc65ff4ea4
parent: 49e6f66af155a6a11cc007315ad090e9bfc26aa0 [diff]
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 3b0c295..38dc8e7 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py

@@ -292,6 +292,8 @@
                 value = x509.OCSPNoCheck()
             elif oid == x509.OID_INHIBIT_ANY_POLICY:
                 value = _decode_inhibit_any_policy(self._backend, ext)
+            elif oid == x509.OID_ISSUER_ALTERNATIVE_NAME:
+                value = _decode_issuer_alt_name(self._backend, ext)
             elif critical:
                 raise x509.UnsupportedExtension(
                     "{0} is not currently supported".format(oid), oid
@@ -512,15 +514,26 @@
     )
 
 
-def _decode_subject_alt_name(backend, ext):
+def _decode_general_names_extension(backend, ext):
     gns = backend._ffi.cast(
         "GENERAL_NAMES *", backend._lib.X509V3_EXT_d2i(ext)
     )
     assert gns != backend._ffi.NULL
     gns = backend._ffi.gc(gns, backend._lib.GENERAL_NAMES_free)
     general_names = _decode_general_names(backend, gns)
+    return general_names
 
-    return x509.SubjectAlternativeName(general_names)
+
+def _decode_subject_alt_name(backend, ext):
+    return x509.SubjectAlternativeName(
+        _decode_general_names_extension(backend, ext)
+    )
+
+
+def _decode_issuer_alt_name(backend, ext):
+    return x509.IssuerAlternativeName(
+        _decode_general_names_extension(backend, ext)
+    )
 
 
 def _decode_extended_key_usage(backend, ext):

diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 6a23479..62d9f83 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py

@@ -1258,6 +1258,23 @@
         assert san != object()
 
 
+@pytest.mark.requires_backend_interface(interface=RSABackend)
+@pytest.mark.requires_backend_interface(interface=X509Backend)
+class TestRSAIssuerAlternativeNameExtension(object):
+    def test_uri(self, backend):
+        cert = _load_cert(
+            os.path.join("x509", "custom", "ian_uri.pem"),
+            x509.load_pem_x509_certificate,
+            backend,
+        )
+        ext = cert.extensions.get_extension_for_oid(
+            x509.OID_ISSUER_ALTERNATIVE_NAME
+        )
+        assert list(ext.value) == [
+            x509.UniformResourceIdentifier(u"http://path.to.root/root.crt"),
+        ]
+
+
 class TestSubjectAlternativeName(object):
     def test_get_values_for_type(self):
         san = x509.SubjectAlternativeName(
commit	f1c176743da9414649f45b03bcbc56055e39e83c	[log] [tgz]
author	Alex Gaynor <alex.gaynor@gmail.com>	Sat Jun 20 14:20:20 2015 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	Sat Jun 20 14:20:20 2015 -0400
tree	a12baeb21d7b632d156a06bed4f7f0bc65ff4ea4
parent	49e6f66af155a6a11cc007315ad090e9bfc26aa0 [diff]