diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-07-24 16:09:11 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-07-24 16:09:11 -0400 |
| commit | b095374c64a413f8569a6b34883655d7a230a5c8 (patch) | |
| tree | 9e98941f42f4dcf4fa53ca96e8ee0030b6938e75 | |
| parent | 534c3ee4923aa95655997bfac6c1168d5435f3e5 (diff) | |
| parent | a5e8a75a0cd475877c3a8e8b07d00fd9f6dbb9e6 (diff) | |
| download | cryptography-b095374c64a413f8569a6b34883655d7a230a5c8.tar.gz cryptography-b095374c64a413f8569a6b34883655d7a230a5c8.tar.bz2 cryptography-b095374c64a413f8569a6b34883655d7a230a5c8.zip | |
Merge pull request #2171 from reaperhulk/refactor-gn-encoding
refactor general name encoding to its own function
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 171 |
1 files changed, 88 insertions, 83 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 64d518a1..2d2ecc81 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -203,89 +203,7 @@ def _encode_subject_alt_name(backend, san): ) for alt_name in san: - if isinstance(alt_name, x509.DNSName): - gn = backend._lib.GENERAL_NAME_new() - assert gn != backend._ffi.NULL - gn.type = backend._lib.GEN_DNS - - ia5 = backend._lib.ASN1_IA5STRING_new() - assert ia5 != backend._ffi.NULL - - if alt_name.value.startswith(u"*."): - value = b"*." + idna.encode(alt_name.value[2:]) - else: - value = idna.encode(alt_name.value) - - res = backend._lib.ASN1_STRING_set(ia5, value, len(value)) - assert res == 1 - gn.d.dNSName = ia5 - elif isinstance(alt_name, x509.RegisteredID): - gn = backend._lib.GENERAL_NAME_new() - assert gn != backend._ffi.NULL - gn.type = backend._lib.GEN_RID - obj = backend._lib.OBJ_txt2obj( - alt_name.value.dotted_string.encode('ascii'), 1 - ) - assert obj != backend._ffi.NULL - gn.d.registeredID = obj - elif isinstance(alt_name, x509.DirectoryName): - gn = backend._lib.GENERAL_NAME_new() - assert gn != backend._ffi.NULL - name = _encode_name(backend, alt_name.value) - gn.type = backend._lib.GEN_DIRNAME - gn.d.directoryName = name - elif isinstance(alt_name, x509.IPAddress): - gn = backend._lib.GENERAL_NAME_new() - assert gn != backend._ffi.NULL - ipaddr = _encode_asn1_str( - backend, alt_name.value.packed, len(alt_name.value.packed) - ) - gn.type = backend._lib.GEN_IPADD - gn.d.iPAddress = ipaddr - elif isinstance(alt_name, x509.OtherName): - gn = backend._lib.GENERAL_NAME_new() - assert gn != backend._ffi.NULL - other_name = backend._lib.OTHERNAME_new() - assert other_name != backend._ffi.NULL - - type_id = backend._lib.OBJ_txt2obj( - alt_name.type_id.dotted_string.encode('ascii'), 1 - ) - assert type_id != backend._ffi.NULL - data = backend._ffi.new("unsigned char[]", alt_name.value) - data_ptr_ptr = backend._ffi.new("unsigned char **") - data_ptr_ptr[0] = data - value = backend._lib.d2i_ASN1_TYPE( - backend._ffi.NULL, data_ptr_ptr, len(alt_name.value) - ) - if value == backend._ffi.NULL: - backend._consume_errors() - raise ValueError("Invalid ASN.1 data") - other_name.type_id = type_id - other_name.value = value - gn.type = backend._lib.GEN_OTHERNAME - gn.d.otherName = other_name - elif isinstance(alt_name, x509.RFC822Name): - gn = backend._lib.GENERAL_NAME_new() - assert gn != backend._ffi.NULL - asn1_str = _encode_asn1_str( - backend, alt_name._encoded, len(alt_name._encoded) - ) - gn.type = backend._lib.GEN_EMAIL - gn.d.rfc822Name = asn1_str - elif isinstance(alt_name, x509.UniformResourceIdentifier): - gn = backend._lib.GENERAL_NAME_new() - assert gn != backend._ffi.NULL - asn1_str = _encode_asn1_str( - backend, alt_name._encoded, len(alt_name._encoded) - ) - gn.type = backend._lib.GEN_URI - gn.d.uniformResourceIdentifier = asn1_str - else: - raise ValueError( - "{0} is an unknown GeneralName type".format(alt_name) - ) - + gn = _encode_general_name(backend, alt_name) res = backend._lib.sk_GENERAL_NAME_push(general_names, gn) assert res != 0 @@ -298,6 +216,93 @@ def _encode_subject_alt_name(backend, san): return pp, r +def _encode_general_name(backend, name): + if isinstance(name, x509.DNSName): + gn = backend._lib.GENERAL_NAME_new() + assert gn != backend._ffi.NULL + gn.type = backend._lib.GEN_DNS + + ia5 = backend._lib.ASN1_IA5STRING_new() + assert ia5 != backend._ffi.NULL + + if name.value.startswith(u"*."): + value = b"*." + idna.encode(name.value[2:]) + else: + value = idna.encode(name.value) + + res = backend._lib.ASN1_STRING_set(ia5, value, len(value)) + assert res == 1 + gn.d.dNSName = ia5 + elif isinstance(name, x509.RegisteredID): + gn = backend._lib.GENERAL_NAME_new() + assert gn != backend._ffi.NULL + gn.type = backend._lib.GEN_RID + obj = backend._lib.OBJ_txt2obj( + name.value.dotted_string.encode('ascii'), 1 + ) + assert obj != backend._ffi.NULL + gn.d.registeredID = obj + elif isinstance(name, x509.DirectoryName): + gn = backend._lib.GENERAL_NAME_new() + assert gn != backend._ffi.NULL + dir_name = _encode_name(backend, name.value) + gn.type = backend._lib.GEN_DIRNAME + gn.d.directoryName = dir_name + elif isinstance(name, x509.IPAddress): + gn = backend._lib.GENERAL_NAME_new() + assert gn != backend._ffi.NULL + ipaddr = _encode_asn1_str( + backend, name.value.packed, len(name.value.packed) + ) + gn.type = backend._lib.GEN_IPADD + gn.d.iPAddress = ipaddr + elif isinstance(name, x509.OtherName): + gn = backend._lib.GENERAL_NAME_new() + assert gn != backend._ffi.NULL + other_name = backend._lib.OTHERNAME_new() + assert other_name != backend._ffi.NULL + + type_id = backend._lib.OBJ_txt2obj( + name.type_id.dotted_string.encode('ascii'), 1 + ) + assert type_id != backend._ffi.NULL + data = backend._ffi.new("unsigned char[]", name.value) + data_ptr_ptr = backend._ffi.new("unsigned char **") + data_ptr_ptr[0] = data + value = backend._lib.d2i_ASN1_TYPE( + backend._ffi.NULL, data_ptr_ptr, len(name.value) + ) + if value == backend._ffi.NULL: + backend._consume_errors() + raise ValueError("Invalid ASN.1 data") + other_name.type_id = type_id + other_name.value = value + gn.type = backend._lib.GEN_OTHERNAME + gn.d.otherName = other_name + elif isinstance(name, x509.RFC822Name): + gn = backend._lib.GENERAL_NAME_new() + assert gn != backend._ffi.NULL + asn1_str = _encode_asn1_str( + backend, name._encoded, len(name._encoded) + ) + gn.type = backend._lib.GEN_EMAIL + gn.d.rfc822Name = asn1_str + elif isinstance(name, x509.UniformResourceIdentifier): + gn = backend._lib.GENERAL_NAME_new() + assert gn != backend._ffi.NULL + asn1_str = _encode_asn1_str( + backend, name._encoded, len(name._encoded) + ) + gn.type = backend._lib.GEN_URI + gn.d.uniformResourceIdentifier = asn1_str + else: + raise ValueError( + "{0} is an unknown GeneralName type".format(name) + ) + + return gn + + def _encode_extended_key_usage(backend, extended_key_usage): eku = backend._lib.sk_ASN1_OBJECT_new_null() eku = backend._ffi.gc(eku, backend._lib.sk_ASN1_OBJECT_free) |