From 3a15b03e92c9fdeadff04ddd2ce505028b279b86 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 13 Nov 2016 14:30:11 -0800
Subject: Add a bytes method to get the DER ASN.1 encoding of an X509 name.
 (#3236)

* Add a bytes method to get the DER ASN.1 encoding of an X509 name.

This is useful for creating an OpenSSL style subject_name_hash (#3011)

* add to backend interface and update multibackend

* bytes -> public_bytes
---
 src/cryptography/hazmat/backends/interfaces.py      |  6 ++++++
 src/cryptography/hazmat/backends/multibackend.py    |  9 +++++++++
 src/cryptography/hazmat/backends/openssl/backend.py | 11 +++++++++++
 src/cryptography/x509/name.py                       |  3 +++
 4 files changed, 29 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/interfaces.py b/src/cryptography/hazmat/backends/interfaces.py
index ad4a4364..7417f6ca 100644
--- a/src/cryptography/hazmat/backends/interfaces.py
+++ b/src/cryptography/hazmat/backends/interfaces.py
@@ -312,6 +312,12 @@ class X509Backend(object):
         object.
         """
 
+    @abc.abstractmethod
+    def x509_name_bytes(self, name):
+        """
+        Compute the DER encoded bytes of an X509 Name object.
+        """
+
 
 @six.add_metaclass(abc.ABCMeta)
 class DHBackend(object):
diff --git a/src/cryptography/hazmat/backends/multibackend.py b/src/cryptography/hazmat/backends/multibackend.py
index ab9127f7..36a83537 100644
--- a/src/cryptography/hazmat/backends/multibackend.py
+++ b/src/cryptography/hazmat/backends/multibackend.py
@@ -424,6 +424,15 @@ class MultiBackend(object):
             _Reasons.UNSUPPORTED_X509
         )
 
+    def x509_name_bytes(self, name):
+        for b in self._filtered_backends(X509Backend):
+            return b.x509_name_bytes(name)
+
+        raise UnsupportedAlgorithm(
+            "This backend does not support X.509.",
+            _Reasons.UNSUPPORTED_X509
+        )
+
     def derive_scrypt(self, key_material, salt, length, n, r, p):
         for b in self._filtered_backends(ScryptBackend):
             return b.derive_scrypt(key_material, salt, length, n, r, p)
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 79914293..b8e407b0 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1729,6 +1729,17 @@ class Backend(object):
                 serialization._ssh_write_string(public_numbers.encode_point())
             )
 
+    def x509_name_bytes(self, name):
+        x509_name = _encode_name_gc(self, name)
+        pp = self._ffi.new("unsigned char **")
+        res = self._lib.i2d_X509_NAME(x509_name, pp)
+        self.openssl_assert(pp[0] != self._ffi.NULL)
+        pp = self._ffi.gc(
+            pp, lambda pointer: self._lib.OPENSSL_free(pointer[0])
+        )
+        self.openssl_assert(res > 0)
+        return self._ffi.buffer(pp[0], res)[:]
+
     def derive_scrypt(self, key_material, salt, length, n, r, p):
         buf = self._ffi.new("unsigned char[]", length)
         res = self._lib.EVP_PBE_scrypt(key_material, len(key_material), salt,
diff --git a/src/cryptography/x509/name.py b/src/cryptography/x509/name.py
index fedfd78f..277128fa 100644
--- a/src/cryptography/x509/name.py
+++ b/src/cryptography/x509/name.py
@@ -109,6 +109,9 @@ class Name(object):
     def rdns(self):
         return self._attributes
 
+    def public_bytes(self, backend):
+        return backend.x509_name_bytes(self)
+
     def __eq__(self, other):
         if not isinstance(other, Name):
             return NotImplemented
-- 
cgit v1.2.3