From c3d38b5d80a955aee4b160bb97464a20c4992da7 Mon Sep 17 00:00:00 2001
From: Marti Raudsepp <marti@juffo.org>
Date: Sat, 8 Dec 2018 03:26:07 +0200
Subject: Add RFC 4514 Distinguished Name formatting for Name, RDN and
 NameAttribute (#4304)

---
 tests/x509/test_x509.py     | 72 +++++++++++++++++++++------------------------
 tests/x509/test_x509_ext.py | 41 ++++++++------------------
 2 files changed, 46 insertions(+), 67 deletions(-)

(limited to 'tests')

diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py
index 15cfe43d..f4520811 100644
--- a/tests/x509/test_x509.py
+++ b/tests/x509/test_x509.py
@@ -1138,30 +1138,11 @@ class TestRSACertificate(object):
             x509.load_pem_x509_certificate,
             backend
         )
-        if not six.PY2:
-            assert repr(cert) == (
-                "<Certificate(subject=<Name([<NameAttribute(oid=<ObjectIdentif"
-                "ier(oid=2.5.4.11, name=organizationalUnitName)>, value='GT487"
-                "42965')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.11, "
-                "name=organizationalUnitName)>, value='See www.rapidssl.com/re"
-                "sources/cps (c)14')>, <NameAttribute(oid=<ObjectIdentifier(oi"
-                "d=2.5.4.11, name=organizationalUnitName)>, value='Domain Cont"
-                "rol Validated - RapidSSL(R)')>, <NameAttribute(oid=<ObjectIde"
-                "ntifier(oid=2.5.4.3, name=commonName)>, value='www.cryptograp"
-                "hy.io')>])>, ...)>"
-            )
-        else:
-            assert repr(cert) == (
-                "<Certificate(subject=<Name([<NameAttribute(oid=<ObjectIdentif"
-                "ier(oid=2.5.4.11, name=organizationalUnitName)>, value=u'GT48"
-                "742965')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.11,"
-                " name=organizationalUnitName)>, value=u'See www.rapidssl.com/"
-                "resources/cps (c)14')>, <NameAttribute(oid=<ObjectIdentifier("
-                "oid=2.5.4.11, name=organizationalUnitName)>, value=u'Domain C"
-                "ontrol Validated - RapidSSL(R)')>, <NameAttribute(oid=<Object"
-                "Identifier(oid=2.5.4.3, name=commonName)>, value=u'www.crypto"
-                "graphy.io')>])>, ...)>"
-            )
+        assert repr(cert) == (
+            "<Certificate(subject=<Name(OU=GT48742965, OU=See www.rapidssl.com"
+            "/resources/cps (c)14, OU=Domain Control Validated - RapidSSL(R), "
+            "CN=www.cryptography.io)>, ...)>"
+        )
 
     def test_parse_tls_feature_extension(self, backend):
         cert = _load_cert(
@@ -3933,6 +3914,18 @@ class TestNameAttribute(object):
                 "nName)>, value=u'value')>"
             )
 
+    def test_distinugished_name(self):
+        # Escaping
+        na = x509.NameAttribute(NameOID.COMMON_NAME, u'James "Jim" Smith, III')
+        assert na.rfc4514_string() == r'CN=James \"Jim\" Smith\, III'
+        na = x509.NameAttribute(NameOID.USER_ID, u'# escape+,;\0this ')
+        assert na.rfc4514_string() == r'UID=\# escape\+\,\;\00this\ '
+
+        # Nonstandard attribute OID
+        na = x509.NameAttribute(NameOID.EMAIL_ADDRESS, u'somebody@example.com')
+        assert (na.rfc4514_string() ==
+                '1.2.840.113549.1.9.1=somebody@example.com')
+
 
 class TestRelativeDistinguishedName(object):
     def test_init_empty(self):
@@ -4120,20 +4113,23 @@ class TestName(object):
             x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'),
         ])
 
-        if not six.PY2:
-            assert repr(name) == (
-                "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name"
-                "=commonName)>, value='cryptography.io')>, <NameAttribute(oid="
-                "<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, valu"
-                "e='PyCA')>])>"
-            )
-        else:
-            assert repr(name) == (
-                "<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name"
-                "=commonName)>, value=u'cryptography.io')>, <NameAttribute(oid"
-                "=<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, val"
-                "ue=u'PyCA')>])>"
-            )
+        assert repr(name) == "<Name(CN=cryptography.io, O=PyCA)>"
+
+    def test_rfc4514_string(self):
+        n = x509.Name([
+            x509.RelativeDistinguishedName([
+                x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, u'Sales'),
+                x509.NameAttribute(NameOID.COMMON_NAME, u'J.  Smith'),
+            ]),
+            x509.RelativeDistinguishedName([
+                x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'example'),
+            ]),
+            x509.RelativeDistinguishedName([
+                x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'net'),
+            ]),
+        ])
+        assert (n.rfc4514_string() ==
+                'OU=Sales+CN=J.  Smith, DC=example, DC=net')
 
     def test_not_nameattribute(self):
         with pytest.raises(TypeError):
diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
index 152db964..6de105fa 100644
--- a/tests/x509/test_x509_ext.py
+++ b/tests/x509/test_x509_ext.py
@@ -1135,16 +1135,14 @@ class TestAuthorityKeyIdentifier(object):
         if not six.PY2:
             assert repr(aki) == (
                 "<AuthorityKeyIdentifier(key_identifier=b'digest', authority_"
-                "cert_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid="
-                "<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='myC"
-                "N')>])>)>], authority_cert_serial_number=1234)>"
+                "cert_issuer=[<DirectoryName(value=<Name(CN=myCN)>)>], author"
+                "ity_cert_serial_number=1234)>"
             )
         else:
             assert repr(aki) == (
-                "<AuthorityKeyIdentifier(key_identifier='digest', authority_ce"
-                "rt_issuer=[<DirectoryName(value=<Name([<NameAttribute(oid=<Ob"
-                "jectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'myCN')"
-                ">])>)>], authority_cert_serial_number=1234)>"
+                "<AuthorityKeyIdentifier(key_identifier='digest', authority_"
+                "cert_issuer=[<DirectoryName(value=<Name(CN=myCN)>)>], author"
+                "ity_cert_serial_number=1234)>"
             )
 
     def test_eq(self):
@@ -1719,16 +1717,7 @@ class TestDirectoryName(object):
     def test_repr(self):
         name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u'value1')])
         gn = x509.DirectoryName(name)
-        if not six.PY2:
-            assert repr(gn) == (
-                "<DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentif"
-                "ier(oid=2.5.4.3, name=commonName)>, value='value1')>])>)>"
-            )
-        else:
-            assert repr(gn) == (
-                "<DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentif"
-                "ier(oid=2.5.4.3, name=commonName)>, value=u'value1')>])>)>"
-            )
+        assert repr(gn) == "<DirectoryName(value=<Name(CN=value1)>)>"
 
     def test_eq(self):
         name = x509.Name([
@@ -3656,22 +3645,16 @@ class TestDistributionPoint(object):
         if not six.PY2:
             assert repr(dp) == (
                 "<DistributionPoint(full_name=None, relative_name=<RelativeDis"
-                "tinguishedName([<NameAttribute(oid=<ObjectIdentifier(oid=2.5."
-                "4.3, name=commonName)>, value='myCN')>])>, reasons=frozenset("
-                "{<ReasonFlags.ca_compromise: 'cACompromise'>}), crl_issuer=[<"
-                "DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentifi"
-                "er(oid=2.5.4.3, name=commonName)>, value='Important CA')>])>)"
-                ">])>"
+                "tinguishedName(CN=myCN)>, reasons=frozenset({<ReasonFlags.ca_"
+                "compromise: 'cACompromise'>}), crl_issuer=[<DirectoryName(val"
+                "ue=<Name(CN=Important CA)>)>])>"
             )
         else:
             assert repr(dp) == (
                 "<DistributionPoint(full_name=None, relative_name=<RelativeDis"
-                "tinguishedName([<NameAttribute(oid=<ObjectIdentifier(oid=2.5."
-                "4.3, name=commonName)>, value=u'myCN')>])>, reasons=frozenset"
-                "([<ReasonFlags.ca_compromise: 'cACompromise'>]), crl_issuer=["
-                "<DirectoryName(value=<Name([<NameAttribute(oid=<ObjectIdentif"
-                "ier(oid=2.5.4.3, name=commonName)>, value=u'Important CA')>])"
-                ">)>])>"
+                "tinguishedName(CN=myCN)>, reasons=frozenset([<ReasonFlags.ca_"
+                "compromise: 'cACompromise'>]), crl_issuer=[<DirectoryName(val"
+                "ue=<Name(CN=Important CA)>)>])>"
             )
 
     def test_hash(self):
-- 
cgit v1.2.3