diff options
author | Fraser Tweedale <frase@frase.id.au> | 2016-11-12 01:28:56 +1000 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-11-11 07:28:56 -0800 |
commit | 01ee6f5e391eee76e6cd3062de8fc84851bd06e3 (patch) | |
tree | 3309443a73201bcec03c5bb14df019e49eae798c /src/cryptography/hazmat/backends/openssl/decode_asn1.py | |
parent | 44eb89e911db7298a29640c9073c9e2ff4d5f806 (diff) | |
download | cryptography-01ee6f5e391eee76e6cd3062de8fc84851bd06e3.tar.gz cryptography-01ee6f5e391eee76e6cd3062de8fc84851bd06e3.tar.bz2 cryptography-01ee6f5e391eee76e6cd3062de8fc84851bd06e3.zip |
Name: add support for multi-value RDNs (#3202)
Update the Name class to accept and internally store a list of
RelativeDistinguishedName objects. Add the 'rdns' attribute to give
access to the RDNs. Update ASN.1 routines to correctly decode and
encode multi-value RDNs.
Fixes: https://github.com/pyca/cryptography/issues/3199
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/decode_asn1.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/decode_asn1.py | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index f8e8c95c..2cbc349e 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -45,11 +45,19 @@ def _decode_x509_name_entry(backend, x509_name_entry): def _decode_x509_name(backend, x509_name): count = backend._lib.X509_NAME_entry_count(x509_name) attributes = [] + prev_set_id = -1 for x in range(count): entry = backend._lib.X509_NAME_get_entry(x509_name, x) - attributes.append(_decode_x509_name_entry(backend, entry)) + attribute = _decode_x509_name_entry(backend, entry) + set_id = backend._lib.Cryptography_X509_NAME_ENTRY_set(entry) + if set_id != prev_set_id: + attributes.append(set([attribute])) + else: + # is in the same RDN a previous entry + attributes[-1].add(attribute) + prev_set_id = set_id - return x509.Name(attributes) + return x509.Name(x509.RelativeDistinguishedName(rdn) for rdn in attributes) def _decode_general_names(backend, gns): @@ -552,13 +560,13 @@ def _decode_crl_distribution_points(backend, cdps): else: rns = cdp.distpoint.name.relativename rnum = backend._lib.sk_X509_NAME_ENTRY_num(rns) - attributes = [] + attributes = set() for i in range(rnum): rn = backend._lib.sk_X509_NAME_ENTRY_value( rns, i ) backend.openssl_assert(rn != backend._ffi.NULL) - attributes.append( + attributes.add( _decode_x509_name_entry(backend, rn) ) |