def _get_name_constraints(self): try: nc_ext = self.csr.extensions.get_extension_for_class( x509.NameConstraints) permitted = [ cryptography_decode_name(san) for san in nc_ext.value.permitted_subtrees or [] ] excluded = [ cryptography_decode_name(san) for san in nc_ext.value.excluded_subtrees or [] ] return permitted, excluded, nc_ext.critical except cryptography.x509.ExtensionNotFound: return None, None, False
def _get_subject_alt_name(self): try: san_ext = self.cert.extensions.get_extension_for_class(x509.SubjectAlternativeName) result = [cryptography_decode_name(san) for san in san_ext.value] return result, san_ext.critical except cryptography.x509.ExtensionNotFound: return None, False
def _get_authority_key_identifier(self): try: ext = self.cert.extensions.get_extension_for_class(x509.AuthorityKeyIdentifier) issuer = None if ext.value.authority_cert_issuer is not None: issuer = [cryptography_decode_name(san) for san in ext.value.authority_cert_issuer] return ext.value.key_identifier, issuer, ext.value.authority_cert_serial_number except cryptography.x509.ExtensionNotFound: return None, None, None