Added an API for converting X509 to/from cryptography

CHANGELOG.rst

@@ -31,6 +31,7 @@ Deprecations:
 Changes:
 ^^^^^^^^
 
+- Added ``OpenSSL.crypto.X509.from_cryptography`` and ``OpenSSL.crypto.X509.to_cryptography`` for converting X.509 certificate to and from pyca/cryptography objects. `#640 <https://github.com/pyca/pyopenssl/pull/640>`_
 - Added ``OpenSSL.debug`` that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using ``python -m OpenSSL.debug``.
   `#620 <https://github.com/pyca/pyopenssl/pull/620>`_
 

src/OpenSSL/crypto.py

@@ -10,6 +10,7 @@
     text_type as _text_type,
     PY3 as _PY3)
 
+from cryptography import x509
 from cryptography.hazmat.primitives.asymmetric import dsa, rsa
 
 from OpenSSL._util import (
@@ -996,6 +997,37 @@ def __init__(self):
         _openssl_assert(x509 != _ffi.NULL)
         self._x509 = _ffi.gc(x509, _lib.X509_free)
 
+    def to_cryptography(self):
+        """
+        Export as a ``cryptography`` certificate.
+
+        :rtype: ``cryptography.x509.Certificate``
+
+        .. versionadded:: 17.1.0
+        """
+        from cryptography.hazmat.backends.openssl.x509 import _Certificate
+        backend = _get_backend()
+        return _Certificate(backend, self._x509)
+
+    @classmethod
+    def from_cryptography(cls, crypto_cert):
+        """
+        Construct based on a ``cryptography`` *crypto_cert*.
+
+        :param crypto_key: A ``cryptography`` X.509 certificate.
+        :type crypto_key: ``cryptography.x509.Certificate``
+
+        :rtype: PKey
+
+        .. versionadded:: 17.1.0
+        """
+        if not isinstance(crypto_cert, x509.Certificate):
+            raise TypeError("Must be a certificate")
+
+        cert = cls()
+        cert._x509 = crypto_cert._x509
+        return cert
+
     def set_version(self, version):
         """
         Set the version number of the certificate.

tests/test_crypto.py

@@ -17,6 +17,7 @@
 
 from six import binary_type
 
+from cryptography import x509
 from cryptography.hazmat.backends.openssl.backend import backend
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
@@ -1922,6 +1923,26 @@ def test_sign_bad_pubkey_type(self):
         with pytest.raises(TypeError):
             cert.sign(object(), b"sha256")
 
+    def test_convert_from_cryptography(self):
+        crypto_cert = x509.load_pem_x509_certificate(
+            intermediate_cert_pem, backend
+        )
+        cert = X509.from_cryptography(crypto_cert)
+
+        assert isinstance(cert, X509)
+        assert cert.get_version() == crypto_cert.version.value
+
+    def test_convert_from_cryptography_unsupported_type(self):
+        with pytest.raises(TypeError):
+            X509.from_cryptography(object())
+
+    def test_convert_to_cryptography_key(self):
+        cert = load_certificate(FILETYPE_PEM, intermediate_cert_pem)
+        crypto_cert = cert.to_cryptography()
+
+        assert isinstance(crypto_cert, x509.Certificate)
+        assert crypto_cert.version.value == cert.get_version()
+
 
 class TestX509Store(object):
     """