http: Do not use chained add_extension syntax on a single statement.

For consistency with other places in caucase.

http: Do not use chained add_extension syntax on a single statement.
For consistency with other places in caucase.
59e7da94 · Vincent Pelletier · Vincent Pelletier · f15d0bad · 59e7da94 · 59e7da94
Commit 59e7da94 authored Jul 14, 2018 by Vincent Pelletier Committed by Vincent Pelletier Jul 15, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 24 deletions

caucase/ca.py caucase/ca.py +1 -1

caucase/http.py caucase/http.py +26 -23

No files found.
--- a/caucase/ca.py
+++ b/caucase/ca.py
@@ -37,7 +37,7 @@ from .exceptions import (
  NotACertificateSigningRequest,
 )

-__all__ = ('CertificateAuthority', 'UserCertificateAuthority')
+__all__ = ('CertificateAuthority', 'UserCertificateAuthority', 'Extension')

 _cryptography_backend = default_backend()
 _AUTO_SIGNED_NO = 0

--- a/caucase/http.py
+++ b/caucase/http.py
@@ -41,7 +41,7 @@ import pem
 from . import exceptions
 from . import utils
 from .wsgi import Application
-from .ca import CertificateAuthority, UserCertificateAuthority
+from .ca import CertificateAuthority, UserCertificateAuthority, Extension
 from .storage import SQLite3Storage
 from .http_wsgirequesthandler import WSGIRequestHandler

@@ -226,33 +226,36 @@ def getSSLContext(
    csr_id = cas.appendCertificateSigningRequest(
      csr_pem=utils.dump_certificate_request(
        x509.CertificateSigningRequestBuilder(
-        ).subject_name(
-          x509.Name([
+          subject_name=x509.Name([
            x509.NameAttribute(
              oid=x509.oid.NameOID.COMMON_NAME,
              value=hostname.decode('ascii'),
            ),
          ]),
-        ).add_extension(
-          x509.KeyUsage(
-            # pylint: disable=bad-whitespace
-            digital_signature =True,
-            content_commitment=False,
-            key_encipherment  =True,
-            data_encipherment =False,
-            key_agreement     =False,
-            key_cert_sign     =False,
-            crl_sign          =False,
-            encipher_only     =False,
-            decipher_only     =False,
-            # pylint: enable=bad-whitespace
-          ),
-          critical=True,
-        ).add_extension(
-          x509.SubjectAlternativeName([
-            x509.DNSName(hostname.decode('ascii')),
-          ]),
-          critical=True,
+          extensions=[
+            Extension(
+              x509.KeyUsage(
+                # pylint: disable=bad-whitespace
+                digital_signature =True,
+                content_commitment=False,
+                key_encipherment  =True,
+                data_encipherment =False,
+                key_agreement     =False,
+                key_cert_sign     =False,
+                crl_sign          =False,
+                encipher_only     =False,
+                decipher_only     =False,
+                # pylint: enable=bad-whitespace
+              ),
+              critical=True,
+            ),
+            Extension(
+              x509.SubjectAlternativeName([
+                x509.DNSName(hostname.decode('ascii')),
+              ]),
+              critical=True,
+            ),
+          ],
        ).sign(
          private_key=new_key,
          algorithm=utils.DEFAULT_DIGEST_CLASS(),