From 01d5d0b44256bed5e49f37e2f92e1f4e4fc0154e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 12 Jul 2015 09:41:21 -0500 Subject: expand RFC822Name to validate and (internally) IDNA encode This will be used in the CSR builder --- src/cryptography/x509.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'src') diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 33c64168..ca91b07a 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -6,8 +6,11 @@ from __future__ import absolute_import, division, print_function import abc import ipaddress +from email.utils import parseaddr from enum import Enum +import idna + import six from cryptography import utils @@ -901,7 +904,24 @@ class RFC822Name(object): if not isinstance(value, six.text_type): raise TypeError("value must be a unicode string") + name, address = parseaddr(value) + parts = address.split(u"@") + if name or len(parts) > 2 or not address: + # parseaddr has found a name (e.g. Name ) or the split + # has found more than 2 parts (which means more than one @) + # or the entire value is an empty string. + raise ValueError("Invalid rfc822name value") + elif len(parts) == 1: + # Single label email name. This is valid for local delivery. + # No IDNA encoding needed since there is no domain component. + encoded = address.encode("ascii") + else: + # A normal email of the form user@domain.com. Let's attempt to + # encode the domain component and reconstruct the address. + encoded = parts[0].encode("ascii") + b"@" + idna.encode(parts[1]) + self._value = value + self._encoded = encoded value = utils.read_only_property("_value") -- cgit v1.2.3 From 828908623ac1714e9b66de56e6707e399a1aa5b8 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 12 Jul 2015 12:08:28 -0500 Subject: simplify logic, it doesn't appear parts > 2 is possible --- src/cryptography/x509.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index ca91b07a..8bed79e2 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -906,10 +906,9 @@ class RFC822Name(object): name, address = parseaddr(value) parts = address.split(u"@") - if name or len(parts) > 2 or not address: - # parseaddr has found a name (e.g. Name ) or the split - # has found more than 2 parts (which means more than one @) - # or the entire value is an empty string. + if name or not address: + # parseaddr has found a name (e.g. Name ) or the entire + # value is an empty string. raise ValueError("Invalid rfc822name value") elif len(parts) == 1: # Single label email name. This is valid for local delivery. -- cgit v1.2.3