Added an API for converting X509 to/from cryptography (#640)
* Added an API for converting X509 to/from cryptography
* changelog
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index ae05ede..cdbcc22 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -10,6 +10,7 @@
text_type as _text_type,
PY3 as _PY3)
+from cryptography import x509
from cryptography.hazmat.primitives.asymmetric import dsa, rsa
from OpenSSL._util import (
@@ -996,6 +997,37 @@
_openssl_assert(x509 != _ffi.NULL)
self._x509 = _ffi.gc(x509, _lib.X509_free)
+ def to_cryptography(self):
+ """
+ Export as a ``cryptography`` certificate.
+
+ :rtype: ``cryptography.x509.Certificate``
+
+ .. versionadded:: 17.1.0
+ """
+ from cryptography.hazmat.backends.openssl.x509 import _Certificate
+ backend = _get_backend()
+ return _Certificate(backend, self._x509)
+
+ @classmethod
+ def from_cryptography(cls, crypto_cert):
+ """
+ Construct based on a ``cryptography`` *crypto_cert*.
+
+ :param crypto_key: A ``cryptography`` X.509 certificate.
+ :type crypto_key: ``cryptography.x509.Certificate``
+
+ :rtype: PKey
+
+ .. versionadded:: 17.1.0
+ """
+ if not isinstance(crypto_cert, x509.Certificate):
+ raise TypeError("Must be a certificate")
+
+ cert = cls()
+ cert._x509 = crypto_cert._x509
+ return cert
+
def set_version(self, version):
"""
Set the version number of the certificate.