diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/x509/extensions.py | 4 | ||||
| -rw-r--r-- | src/cryptography/x509/name.py | 70 | 
2 files changed, 70 insertions, 4 deletions
| diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py index 12071b66..bdd445d9 100644 --- a/src/cryptography/x509/extensions.py +++ b/src/cryptography/x509/extensions.py @@ -541,8 +541,8 @@ class DistributionPoint(object):      def __repr__(self):          return (              "<DistributionPoint(full_name={0.full_name}, relative_name={0.rela" -            "tive_name}, reasons={0.reasons}, crl_issuer={0.crl_is" -            "suer})>".format(self) +            "tive_name}, reasons={0.reasons}, crl_issuer={0.crl_issuer})>" +            .format(self)          )      def __eq__(self, other): diff --git a/src/cryptography/x509/name.py b/src/cryptography/x509/name.py index 5548eda8..470862c2 100644 --- a/src/cryptography/x509/name.py +++ b/src/cryptography/x509/name.py @@ -36,6 +36,41 @@ _NAMEOID_DEFAULT_TYPE = {      NameOID.DOMAIN_COMPONENT: _ASN1Type.IA5String,  } +#: Short attribute names from RFC 4514: +#: https://tools.ietf.org/html/rfc4514#page-7 +_NAMEOID_TO_NAME = { +    NameOID.COMMON_NAME: 'CN', +    NameOID.LOCALITY_NAME: 'L', +    NameOID.STATE_OR_PROVINCE_NAME: 'ST', +    NameOID.ORGANIZATION_NAME: 'O', +    NameOID.ORGANIZATIONAL_UNIT_NAME: 'OU', +    NameOID.COUNTRY_NAME: 'C', +    NameOID.STREET_ADDRESS: 'STREET', +    NameOID.DOMAIN_COMPONENT: 'DC', +    NameOID.USER_ID: 'UID', +} + + +def _escape_dn_value(val): +    """Escape special characters in RFC4514 Distinguished Name value.""" + +    # See https://tools.ietf.org/html/rfc4514#section-2.4 +    val = val.replace('\\', '\\\\') +    val = val.replace('"', '\\"') +    val = val.replace('+', '\\+') +    val = val.replace(',', '\\,') +    val = val.replace(';', '\\;') +    val = val.replace('<', '\\<') +    val = val.replace('>', '\\>') +    val = val.replace('\0', '\\00') + +    if val[0] in ('#', ' '): +        val = '\\' + val +    if val[-1] == ' ': +        val = val[:-1] + '\\ ' + +    return val +  class NameAttribute(object):      def __init__(self, oid, value, _type=_SENTINEL): @@ -80,6 +115,16 @@ class NameAttribute(object):      oid = utils.read_only_property("_oid")      value = utils.read_only_property("_value") +    def rfc4514_string(self): +        """ +        Format as RFC4514 Distinguished Name string. + +        Use short attribute name if available, otherwise fall back to OID +        dotted string. +        """ +        key = _NAMEOID_TO_NAME.get(self.oid, self.oid.dotted_string) +        return '%s=%s' % (key, _escape_dn_value(self.value)) +      def __eq__(self, other):          if not isinstance(other, NameAttribute):              return NotImplemented @@ -117,6 +162,15 @@ class RelativeDistinguishedName(object):      def get_attributes_for_oid(self, oid):          return [i for i in self if i.oid == oid] +    def rfc4514_string(self): +        """ +        Format as RFC4514 Distinguished Name string. + +        Within each RDN, attributes are joined by '+', although that is rarely +        used in certificates. +        """ +        return '+'.join(attr.rfc4514_string() for attr in self._attributes) +      def __eq__(self, other):          if not isinstance(other, RelativeDistinguishedName):              return NotImplemented @@ -136,7 +190,7 @@ class RelativeDistinguishedName(object):          return len(self._attributes)      def __repr__(self): -        return "<RelativeDistinguishedName({0!r})>".format(list(self)) +        return "<RelativeDistinguishedName({0})>".format(self.rfc4514_string())  class Name(object): @@ -154,6 +208,18 @@ class Name(object):                  " or a list RelativeDistinguishedName"              ) +    def rfc4514_string(self): +        """ +        Format as RFC4514 Distinguished Name string. +        For example 'CN=foobar.com,O=Foo Corp,C=US' + +        An X.509 name is a two-level structure: a list of sets of attributes. +        Each list element is separated by ',' and within each list element, set +        elements are separated by '+'. The latter is almost never used in +        real world certificates. +        """ +        return ', '.join(attr.rfc4514_string() for attr in self._attributes) +      def get_attributes_for_oid(self, oid):          return [i for i in self if i.oid == oid] @@ -187,4 +253,4 @@ class Name(object):          return sum(len(rdn) for rdn in self._attributes)      def __repr__(self): -        return "<Name({0!r})>".format(list(self)) +        return "<Name({0})>".format(self.rfc4514_string()) | 
