From 719d536dd691e84e208534798f2eb4f82aaa2e07 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 1 Jan 2015 20:03:52 -0600 Subject: X509 distinguished name parsing support in the OpenSSL backend --- docs/x509.rst | 137 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) (limited to 'docs') diff --git a/docs/x509.rst b/docs/x509.rst index 26dd2a07..33047262 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -166,6 +166,143 @@ X.509 Certificate Object >>> cert.not_valid_after datetime.datetime(2030, 12, 31, 8, 30) + .. attribute:: issuer + + .. versionadded:: 0.8 + + :type: :class:`Name` + + The :class:`Name` of the issuer. + + .. attribute:: subject + + .. versionadded:: 0.8 + + :type: :class:`Name` + + The :class:`Name` of the subject. + + +.. class:: Name + + .. versionadded:: 0.8 + + An X509 Name is an ordered list of attributes. The entire list can be + obtained with :attr:`attributes` or you can use the helper properties to + obtain the specific type you want. Names are sometimes represented as a + slash or comma delimited string (e.g. ``/CN=mydomain.com/O=My Org/C=US``). + + .. attribute:: attributes + + :type: :class:`list` + + A list of all the :class:`NameAttribute` objects. + + .. doctest:: + + >>> len(cert.subject.attributes) + 3 + + .. attribute:: country_name + + :type: :class:`list` + + A list of country name :class:`NameAttribute` objects. + + .. doctest:: + + >>> cert.subject.country_name == [ + ... x509.NameAttribute( + ... x509.OID_COUNTRY_NAME, + ... 'US' + ... ) + ... ] + True + + .. attribute:: organization_name + + :type: :class:`list` + + A list of organization name :class:`NameAttribute` objects. + + .. attribute:: organizational_unit_name + + :type: :class:`list` + + A list of organizational unit name :class:`NameAttribute` objects. + + .. attribute:: dn_qualifier + + :type: :class:`list` + + A list of DN qualifier :class:`NameAttribute` objects. + + .. attribute:: state_or_province_name + + :type: :class:`list` + + A list of state or province name :class:`NameAttribute` objects. + + .. attribute:: common_name + + :type: :class:`list` + + A list of common name :class:`NameAttribute` objects. + + .. attribute:: serial_number + + :type: :class:`list` + + A list of serial number :class:`NameAttribute` objects. This is not the + same as the certificate's serial number. + + .. attribute:: locality_name + + :type: :class:`list` + + A list of locality name :class:`NameAttribute` objects. + + .. attribute:: title + + :type: :class:`list` + + A list of title :class:`NameAttribute` objects. + + .. attribute:: surname + + :type: :class:`list` + + A list of surname :class:`NameAttribute` objects. + + .. attribute:: given_name + + :type: :class:`list` + + A list of given name :class:`NameAttribute` objects. + + .. attribute:: pseudonym + + :type: :class:`list` + + A list of pseudonym :class:`NameAttribute` objects. + + .. attribute:: generation_qualifier + + :type: :class:`list` + + A list of generation qualifier :class:`NameAttribute` objects. + + .. attribute:: domain_component + + :type: :class:`list` + + A list of domain component :class:`NameAttribute` objects. + + .. attribute:: email_address + + :type: :class:`list` + + A list of email address :class:`NameAttribute` objects. .. class:: Version -- cgit v1.2.3 From e901d642548dd268dcdc2efa60087a3fa1774fa6 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 11 Feb 2015 18:50:58 -0600 Subject: refactor x509.Name to use get_attributes_by_oid --- docs/x509.rst | 101 ++++------------------------------------------------------ 1 file changed, 6 insertions(+), 95 deletions(-) (limited to 'docs') diff --git a/docs/x509.rst b/docs/x509.rst index 33047262..282744f3 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -203,106 +203,17 @@ X.509 Certificate Object >>> len(cert.subject.attributes) 3 - .. attribute:: country_name + .. method:: get_attributes_for_oid(oid) - :type: :class:`list` + :param oid: An :class:`ObjectIdentifier` instance. - A list of country name :class:`NameAttribute` objects. + :returns: A list of :class:`NameAttribute` instances that match the + OID provided. If nothing matches an empty list will be returned. .. doctest:: - >>> cert.subject.country_name == [ - ... x509.NameAttribute( - ... x509.OID_COUNTRY_NAME, - ... 'US' - ... ) - ... ] - True - - .. attribute:: organization_name - - :type: :class:`list` - - A list of organization name :class:`NameAttribute` objects. - - .. attribute:: organizational_unit_name - - :type: :class:`list` - - A list of organizational unit name :class:`NameAttribute` objects. - - .. attribute:: dn_qualifier - - :type: :class:`list` - - A list of DN qualifier :class:`NameAttribute` objects. - - .. attribute:: state_or_province_name - - :type: :class:`list` - - A list of state or province name :class:`NameAttribute` objects. - - .. attribute:: common_name - - :type: :class:`list` - - A list of common name :class:`NameAttribute` objects. - - .. attribute:: serial_number - - :type: :class:`list` - - A list of serial number :class:`NameAttribute` objects. This is not the - same as the certificate's serial number. - - .. attribute:: locality_name - - :type: :class:`list` - - A list of locality name :class:`NameAttribute` objects. - - .. attribute:: title - - :type: :class:`list` - - A list of title :class:`NameAttribute` objects. - - .. attribute:: surname - - :type: :class:`list` - - A list of surname :class:`NameAttribute` objects. - - .. attribute:: given_name - - :type: :class:`list` - - A list of given name :class:`NameAttribute` objects. - - .. attribute:: pseudonym - - :type: :class:`list` - - A list of pseudonym :class:`NameAttribute` objects. - - .. attribute:: generation_qualifier - - :type: :class:`list` - - A list of generation qualifier :class:`NameAttribute` objects. - - .. attribute:: domain_component - - :type: :class:`list` - - A list of domain component :class:`NameAttribute` objects. - - .. attribute:: email_address - - :type: :class:`list` - - A list of email address :class:`NameAttribute` objects. + >>> cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME) + [, value=u'Good CA')>] .. class:: Version -- cgit v1.2.3 From 53d8d49454d7cef5cd41fc854116090ca78026ce Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 13 Feb 2015 18:47:30 -0600 Subject: make x509.Name iterable and address other review feedback --- docs/spelling_wordlist.txt | 1 + docs/x509.rst | 23 +++++++++++------------ 2 files changed, 12 insertions(+), 12 deletions(-) (limited to 'docs') diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index 003e37d5..fefd26b3 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -29,6 +29,7 @@ interoperable introspectability invariants iOS +iterable Koblitz Lange metadata diff --git a/docs/x509.rst b/docs/x509.rst index 282744f3..473efc36 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -187,21 +187,20 @@ X.509 Certificate Object .. versionadded:: 0.8 - An X509 Name is an ordered list of attributes. The entire list can be - obtained with :attr:`attributes` or you can use the helper properties to + An X509 Name is an ordered list of attributes. The object is iterable to + get every attribute or you can use the helper properties to obtain the specific type you want. Names are sometimes represented as a - slash or comma delimited string (e.g. ``/CN=mydomain.com/O=My Org/C=US``). + slash or comma delimited string (e.g. ``/CN=mydomain.com/O=My Org/C=US`` or + ``CN=mydomain.com, O=My Org, C=US``). - .. attribute:: attributes + .. doctest:: - :type: :class:`list` - - A list of all the :class:`NameAttribute` objects. - - .. doctest:: - - >>> len(cert.subject.attributes) - 3 + >>> assert len(cert.subject) == 3 + >>> attributes = [] + >>> for attribute in cert.subject: + ... attributes.append(attribute) + >>> len(attributes) + 3 .. method:: get_attributes_for_oid(oid) -- cgit v1.2.3 From 8b21a4a34a82ca0e73ca67bd3f148b25d6c7bdc6 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 14 Feb 2015 07:56:36 -0600 Subject: simplify things based on review feedback --- docs/x509.rst | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'docs') diff --git a/docs/x509.rst b/docs/x509.rst index 473efc36..099d3f87 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -195,12 +195,13 @@ X.509 Certificate Object .. doctest:: - >>> assert len(cert.subject) == 3 - >>> attributes = [] - >>> for attribute in cert.subject: - ... attributes.append(attribute) - >>> len(attributes) + >>> len(cert.subject) 3 + >>> for attribute in cert.subject: + ... print(attribute) + , value=u'US')> + , value=u'Test Certificates 2011')> + , value=u'Good CA')> .. method:: get_attributes_for_oid(oid) -- cgit v1.2.3 From d21596e1704103d6345cd7979d1f97a2d8ca8bea Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 14 Feb 2015 09:17:26 -0600 Subject: update docs --- docs/x509.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/x509.rst b/docs/x509.rst index 099d3f87..6067ca55 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -188,7 +188,7 @@ X.509 Certificate Object .. versionadded:: 0.8 An X509 Name is an ordered list of attributes. The object is iterable to - get every attribute or you can use the helper properties to + get every attribute or you can use :meth:`Name.get_attributes_for_oid` to obtain the specific type you want. Names are sometimes represented as a slash or comma delimited string (e.g. ``/CN=mydomain.com/O=My Org/C=US`` or ``CN=mydomain.com, O=My Org, C=US``). -- cgit v1.2.3