diff options
| -rw-r--r-- | src/cryptography/x509/name.py | 7 | ||||
| -rw-r--r-- | tests/test_x509.py | 14 |
2 files changed, 20 insertions, 1 deletions
diff --git a/src/cryptography/x509/name.py b/src/cryptography/x509/name.py index 9d93ece1..d62341d7 100644 --- a/src/cryptography/x509/name.py +++ b/src/cryptography/x509/name.py @@ -7,7 +7,7 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.x509.oid import ObjectIdentifier +from cryptography.x509.oid import NameOID, ObjectIdentifier class NameAttribute(object): @@ -22,6 +22,11 @@ class NameAttribute(object): "value argument must be a text type." ) + if oid == NameOID.COUNTRY_NAME and len(value.encode("utf8")) != 2: + raise ValueError( + "Country name must be a 2 character country code" + ) + self._oid = oid self._value = value diff --git a/tests/test_x509.py b/tests/test_x509.py index 6145edb1..9054c4ed 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -3327,6 +3327,20 @@ class TestNameAttribute(object): b'bytes' ) + def test_init_bad_country_code_value(self): + with pytest.raises(ValueError): + x509.NameAttribute( + NameOID.COUNTRY_NAME, + u'United States' + ) + + # unicode string of length 2, but > 2 bytes + with pytest.raises(ValueError): + x509.NameAttribute( + NameOID.COUNTRY_NAME, + u'\U0001F37A\U0001F37A' + ) + def test_eq(self): assert x509.NameAttribute( x509.ObjectIdentifier('2.999.1'), u'value' |