support DirectoryName encoding for general names

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-07-10 11:08:31 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-07-10 18:41:17 -0500
commit: 9ce25a9e624a43e47f677a764d4eedcdc7f6c86e (patch)
tree: e735eda05a0b5ffc187a78360684fe697879ed18
parent: 907cc81149e6a89db683c206f8fe4fc5bea7f87d (diff)
download: cryptography-9ce25a9e624a43e47f677a764d4eedcdc7f6c86e.tar.gz
cryptography-9ce25a9e624a43e47f677a764d4eedcdc7f6c86e.tar.bz2
cryptography-9ce25a9e624a43e47f677a764d4eedcdc7f6c86e.zip
2 files changed, 21 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index d6493778..194f295c 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -171,6 +171,15 @@ def _encode_subject_alt_name(backend, san):
             )
             assert obj != backend._ffi.NULL
             gn.d.registeredID = obj
+        elif isinstance(alt_name, x509.DirectoryName):
+            gn = backend._lib.GENERAL_NAME_new()
+            assert gn != backend._ffi.NULL
+            name = _encode_name(backend, alt_name.value)
+            # _encode_name registers the X509_NAME for gc so we'll duplicate
+            # a new one that is not gc'd for the struct
+            name = backend._lib.X509_NAME_dup(name)
+            gn.type = backend._lib.GEN_DIRNAME
+            gn.d.directoryName = name
         else:
             raise NotImplementedError(
                 "Only DNSName and RegisteredID supported right now"
diff --git a/tests/test_x509.py b/tests/test_x509.py
index ccb24d7f..00d36909 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -975,6 +975,12 @@ class TestCertificateSigningRequestBuilder(object):
                 x509.DNSName(u"example.com"),
                 x509.DNSName(u"*.example.com"),
                 x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")),
+                x509.DirectoryName(x509.Name([
+                    x509.NameAttribute(x509.OID_COMMON_NAME, u'PyCA'),
+                    x509.NameAttribute(
+                        x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122'
+                    )
+                ])),
             ]),
             critical=False,
         ).sign(private_key, hashes.SHA256(), backend)
@@ -989,6 +995,12 @@ class TestCertificateSigningRequestBuilder(object):
             x509.DNSName(u"example.com"),
             x509.DNSName(u"*.example.com"),
             x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")),
+            x509.DirectoryName(x509.Name([
+                x509.NameAttribute(x509.OID_COMMON_NAME, u'PyCA'),
+                x509.NameAttribute(
+                    x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122'
+                ),
+            ])),
         ]
 
     def test_subject_alt_name_unsupported_general_name(self, backend):
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-07-10 11:08:31 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-07-10 18:41:17 -0500
commit	9ce25a9e624a43e47f677a764d4eedcdc7f6c86e (patch)
tree	e735eda05a0b5ffc187a78360684fe697879ed18
parent	907cc81149e6a89db683c206f8fe4fc5bea7f87d (diff)
download	cryptography-9ce25a9e624a43e47f677a764d4eedcdc7f6c86e.tar.gz cryptography-9ce25a9e624a43e47f677a764d4eedcdc7f6c86e.tar.bz2 cryptography-9ce25a9e624a43e47f677a764d4eedcdc7f6c86e.zip