diff options
-rw-r--r-- | docs/x509.rst | 101 | ||||
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 2 | ||||
-rw-r--r-- | src/cryptography/x509.py | 62 | ||||
-rw-r--r-- | tests/test_x509.py | 150 |
4 files changed, 12 insertions, 303 deletions
diff --git a/docs/x509.rst b/docs/x509.rst index 33047262..282744f3 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -203,106 +203,17 @@ X.509 Certificate Object >>> len(cert.subject.attributes) 3 - .. attribute:: country_name + .. method:: get_attributes_for_oid(oid) - :type: :class:`list` + :param oid: An :class:`ObjectIdentifier` instance. - A list of country name :class:`NameAttribute` objects. + :returns: A list of :class:`NameAttribute` instances that match the + OID provided. If nothing matches an empty list will be returned. .. doctest:: - >>> cert.subject.country_name == [ - ... x509.NameAttribute( - ... x509.OID_COUNTRY_NAME, - ... 'US' - ... ) - ... ] - True - - .. attribute:: organization_name - - :type: :class:`list` - - A list of organization name :class:`NameAttribute` objects. - - .. attribute:: organizational_unit_name - - :type: :class:`list` - - A list of organizational unit name :class:`NameAttribute` objects. - - .. attribute:: dn_qualifier - - :type: :class:`list` - - A list of DN qualifier :class:`NameAttribute` objects. - - .. attribute:: state_or_province_name - - :type: :class:`list` - - A list of state or province name :class:`NameAttribute` objects. - - .. attribute:: common_name - - :type: :class:`list` - - A list of common name :class:`NameAttribute` objects. - - .. attribute:: serial_number - - :type: :class:`list` - - A list of serial number :class:`NameAttribute` objects. This is not the - same as the certificate's serial number. - - .. attribute:: locality_name - - :type: :class:`list` - - A list of locality name :class:`NameAttribute` objects. - - .. attribute:: title - - :type: :class:`list` - - A list of title :class:`NameAttribute` objects. - - .. attribute:: surname - - :type: :class:`list` - - A list of surname :class:`NameAttribute` objects. - - .. attribute:: given_name - - :type: :class:`list` - - A list of given name :class:`NameAttribute` objects. - - .. attribute:: pseudonym - - :type: :class:`list` - - A list of pseudonym :class:`NameAttribute` objects. - - .. attribute:: generation_qualifier - - :type: :class:`list` - - A list of generation qualifier :class:`NameAttribute` objects. - - .. attribute:: domain_component - - :type: :class:`list` - - A list of domain component :class:`NameAttribute` objects. - - .. attribute:: email_address - - :type: :class:`list` - - A list of email address :class:`NameAttribute` objects. + >>> cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME) + [<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'Good CA')>] .. class:: Version diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index e27d32f8..6bc7137c 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -107,7 +107,7 @@ class _Certificate(object): def _build_x509_name(self, x509_name): count = self._backend._lib.X509_NAME_entry_count(x509_name) attributes = [] - for x in range(0, count): + for x in range(count): entry = self._backend._lib.X509_NAME_get_entry(x509_name, x) obj = self._backend._lib.X509_NAME_ENTRY_get_object(entry) assert obj != self._backend._ffi.NULL diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 2371b36c..7eb9a608 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -108,70 +108,10 @@ class Name(object): def __init__(self, attributes): self._attributes = attributes - def _filter_attr_list(self, oid): + def get_attributes_for_oid(self, oid): return [i for i in self._attributes if i.oid == oid] @property - def common_name(self): - return self._filter_attr_list(OID_COMMON_NAME) - - @property - def country_name(self): - return self._filter_attr_list(OID_COUNTRY_NAME) - - @property - def locality_name(self): - return self._filter_attr_list(OID_LOCALITY_NAME) - - @property - def state_or_province_name(self): - return self._filter_attr_list(OID_STATE_OR_PROVINCE_NAME) - - @property - def organization_name(self): - return self._filter_attr_list(OID_ORGANIZATION_NAME) - - @property - def organizational_unit_name(self): - return self._filter_attr_list(OID_ORGANIZATIONAL_UNIT_NAME) - - @property - def serial_number(self): - return self._filter_attr_list(OID_SERIAL_NUMBER) - - @property - def surname(self): - return self._filter_attr_list(OID_SURNAME) - - @property - def given_name(self): - return self._filter_attr_list(OID_GIVEN_NAME) - - @property - def title(self): - return self._filter_attr_list(OID_TITLE) - - @property - def generation_qualifier(self): - return self._filter_attr_list(OID_GENERATION_QUALIFIER) - - @property - def dn_qualifier(self): - return self._filter_attr_list(OID_DN_QUALIFIER) - - @property - def pseudonym(self): - return self._filter_attr_list(OID_PSEUDONYM) - - @property - def domain_component(self): - return self._filter_attr_list(OID_DOMAIN_COMPONENT) - - @property - def email_address(self): - return self._filter_attr_list(OID_EMAIL_ADDRESS) - - @property def attributes(self): return self._attributes[:] diff --git a/tests/test_x509.py b/tests/test_x509.py index 4794f338..c5a9e50a 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -73,17 +73,9 @@ class TestRSACertificate(object): ), x509.NameAttribute(x509.OID_COMMON_NAME, 'Good CA') ] - assert issuer.common_name == [ + assert issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [ x509.NameAttribute(x509.OID_COMMON_NAME, 'Good CA') ] - assert issuer.country_name == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - ] - assert issuer.organization_name == [ - x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, 'Test Certificates 2011' - ), - ] def test_all_issuer_name_types(self, backend): cert = _load_cert( @@ -130,67 +122,6 @@ class TestRSACertificate(object): x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test1@test.local'), ] - assert issuer.country_name == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'CA'), - ] - assert issuer.state_or_province_name == [ - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Illinois'), - ] - assert issuer.locality_name == [ - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Chicago'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'), - ] - assert issuer.organization_name == [ - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Zero, LLC'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'One, LLC'), - ] - assert issuer.common_name == [ - x509.NameAttribute(x509.OID_COMMON_NAME, 'common name 0'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'common name 1'), - ] - assert issuer.organizational_unit_name == [ - x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, 'OU 0'), - x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, 'OU 1'), - ] - assert issuer.dn_qualifier == [ - x509.NameAttribute(x509.OID_DN_QUALIFIER, 'dnQualifier0'), - x509.NameAttribute(x509.OID_DN_QUALIFIER, 'dnQualifier1'), - ] - assert issuer.serial_number == [ - x509.NameAttribute(x509.OID_SERIAL_NUMBER, '123'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, '456'), - ] - assert issuer.title == [ - x509.NameAttribute(x509.OID_TITLE, 'Title 0'), - x509.NameAttribute(x509.OID_TITLE, 'Title 1'), - ] - assert issuer.surname == [ - x509.NameAttribute(x509.OID_SURNAME, 'Surname 0'), - x509.NameAttribute(x509.OID_SURNAME, 'Surname 1'), - ] - assert issuer.given_name == [ - x509.NameAttribute(x509.OID_GIVEN_NAME, 'Given Name 0'), - x509.NameAttribute(x509.OID_GIVEN_NAME, 'Given Name 1'), - ] - assert issuer.pseudonym == [ - x509.NameAttribute(x509.OID_PSEUDONYM, 'Incognito 0'), - x509.NameAttribute(x509.OID_PSEUDONYM, 'Incognito 1'), - ] - assert issuer.generation_qualifier == [ - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Last Gen'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Next Gen'), - ] - assert issuer.domain_component == [ - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc0'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc1'), - ] - assert issuer.email_address == [ - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test0@test.local'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test1@test.local'), - ] - def test_subject(self, backend): cert = _load_cert( os.path.join( @@ -212,20 +143,12 @@ class TestRSACertificate(object): 'Valid pre2000 UTC notBefore Date EE Certificate Test3' ) ] - assert subject.common_name == [ + assert subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [ x509.NameAttribute( x509.OID_COMMON_NAME, 'Valid pre2000 UTC notBefore Date EE Certificate Test3' ) ] - assert subject.country_name == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'), - ] - assert subject.organization_name == [ - x509.NameAttribute( - x509.OID_ORGANIZATION_NAME, 'Test Certificates 2011' - ), - ] def test_unicode_name(self, backend): cert = _load_cert( @@ -236,13 +159,13 @@ class TestRSACertificate(object): x509.load_pem_x509_certificate, backend ) - assert cert.subject.common_name == [ + assert cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [ x509.NameAttribute( x509.OID_COMMON_NAME, b'We heart UTF8!\xe2\x84\xa2'.decode('utf8') ) ] - assert cert.issuer.common_name == [ + assert cert.issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [ x509.NameAttribute( x509.OID_COMMON_NAME, b'We heart UTF8!\xe2\x84\xa2'.decode('utf8') @@ -297,71 +220,6 @@ class TestRSACertificate(object): x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test3@test.local'), ] - assert subject.country_name == [ - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'AU'), - x509.NameAttribute(x509.OID_COUNTRY_NAME, 'DE'), - ] - assert subject.state_or_province_name == [ - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'California'), - x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'New York'), - ] - assert subject.locality_name == [ - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'San Francisco'), - x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Ithaca'), - ] - assert subject.organization_name == [ - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org Zero, LLC'), - x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org One, LLC'), - ] - assert subject.common_name == [ - x509.NameAttribute(x509.OID_COMMON_NAME, 'CN 0'), - x509.NameAttribute(x509.OID_COMMON_NAME, 'CN 1'), - ] - assert subject.organizational_unit_name == [ - x509.NameAttribute( - x509.OID_ORGANIZATIONAL_UNIT_NAME, 'Engineering 0' - ), - x509.NameAttribute( - x509.OID_ORGANIZATIONAL_UNIT_NAME, 'Engineering 1' - ), - ] - assert subject.dn_qualifier == [ - x509.NameAttribute(x509.OID_DN_QUALIFIER, 'qualified0'), - x509.NameAttribute(x509.OID_DN_QUALIFIER, 'qualified1'), - ] - assert subject.serial_number == [ - x509.NameAttribute(x509.OID_SERIAL_NUMBER, '789'), - x509.NameAttribute(x509.OID_SERIAL_NUMBER, '012'), - ] - assert subject.title == [ - x509.NameAttribute(x509.OID_TITLE, 'Title IX'), - x509.NameAttribute(x509.OID_TITLE, 'Title X'), - ] - assert subject.surname == [ - x509.NameAttribute(x509.OID_SURNAME, 'Last 0'), - x509.NameAttribute(x509.OID_SURNAME, 'Last 1'), - ] - assert subject.given_name == [ - x509.NameAttribute(x509.OID_GIVEN_NAME, 'First 0'), - x509.NameAttribute(x509.OID_GIVEN_NAME, 'First 1'), - ] - assert subject.pseudonym == [ - x509.NameAttribute(x509.OID_PSEUDONYM, 'Guy Incognito 0'), - x509.NameAttribute(x509.OID_PSEUDONYM, 'Guy Incognito 1'), - ] - assert subject.generation_qualifier == [ - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, '32X'), - x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Dreamcast'), - ] - assert subject.domain_component == [ - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc2'), - x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc3'), - ] - assert subject.email_address == [ - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test2@test.local'), - x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test3@test.local'), - ] - def test_load_good_ca_cert(self, backend): cert = _load_cert( os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), |