aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/x509.rst101
-rw-r--r--src/cryptography/hazmat/backends/openssl/x509.py2
-rw-r--r--src/cryptography/x509.py62
-rw-r--r--tests/test_x509.py150
4 files changed, 12 insertions, 303 deletions
diff --git a/docs/x509.rst b/docs/x509.rst
index 33047262..282744f3 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -203,106 +203,17 @@ X.509 Certificate Object
>>> len(cert.subject.attributes)
3
- .. attribute:: country_name
+ .. method:: get_attributes_for_oid(oid)
- :type: :class:`list`
+ :param oid: An :class:`ObjectIdentifier` instance.
- A list of country name :class:`NameAttribute` objects.
+ :returns: A list of :class:`NameAttribute` instances that match the
+ OID provided. If nothing matches an empty list will be returned.
.. doctest::
- >>> cert.subject.country_name == [
- ... x509.NameAttribute(
- ... x509.OID_COUNTRY_NAME,
- ... 'US'
- ... )
- ... ]
- True
-
- .. attribute:: organization_name
-
- :type: :class:`list`
-
- A list of organization name :class:`NameAttribute` objects.
-
- .. attribute:: organizational_unit_name
-
- :type: :class:`list`
-
- A list of organizational unit name :class:`NameAttribute` objects.
-
- .. attribute:: dn_qualifier
-
- :type: :class:`list`
-
- A list of DN qualifier :class:`NameAttribute` objects.
-
- .. attribute:: state_or_province_name
-
- :type: :class:`list`
-
- A list of state or province name :class:`NameAttribute` objects.
-
- .. attribute:: common_name
-
- :type: :class:`list`
-
- A list of common name :class:`NameAttribute` objects.
-
- .. attribute:: serial_number
-
- :type: :class:`list`
-
- A list of serial number :class:`NameAttribute` objects. This is not the
- same as the certificate's serial number.
-
- .. attribute:: locality_name
-
- :type: :class:`list`
-
- A list of locality name :class:`NameAttribute` objects.
-
- .. attribute:: title
-
- :type: :class:`list`
-
- A list of title :class:`NameAttribute` objects.
-
- .. attribute:: surname
-
- :type: :class:`list`
-
- A list of surname :class:`NameAttribute` objects.
-
- .. attribute:: given_name
-
- :type: :class:`list`
-
- A list of given name :class:`NameAttribute` objects.
-
- .. attribute:: pseudonym
-
- :type: :class:`list`
-
- A list of pseudonym :class:`NameAttribute` objects.
-
- .. attribute:: generation_qualifier
-
- :type: :class:`list`
-
- A list of generation qualifier :class:`NameAttribute` objects.
-
- .. attribute:: domain_component
-
- :type: :class:`list`
-
- A list of domain component :class:`NameAttribute` objects.
-
- .. attribute:: email_address
-
- :type: :class:`list`
-
- A list of email address :class:`NameAttribute` objects.
+ >>> cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME)
+ [<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value=u'Good CA')>]
.. class:: Version
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index e27d32f8..6bc7137c 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -107,7 +107,7 @@ class _Certificate(object):
def _build_x509_name(self, x509_name):
count = self._backend._lib.X509_NAME_entry_count(x509_name)
attributes = []
- for x in range(0, count):
+ for x in range(count):
entry = self._backend._lib.X509_NAME_get_entry(x509_name, x)
obj = self._backend._lib.X509_NAME_ENTRY_get_object(entry)
assert obj != self._backend._ffi.NULL
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 2371b36c..7eb9a608 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -108,70 +108,10 @@ class Name(object):
def __init__(self, attributes):
self._attributes = attributes
- def _filter_attr_list(self, oid):
+ def get_attributes_for_oid(self, oid):
return [i for i in self._attributes if i.oid == oid]
@property
- def common_name(self):
- return self._filter_attr_list(OID_COMMON_NAME)
-
- @property
- def country_name(self):
- return self._filter_attr_list(OID_COUNTRY_NAME)
-
- @property
- def locality_name(self):
- return self._filter_attr_list(OID_LOCALITY_NAME)
-
- @property
- def state_or_province_name(self):
- return self._filter_attr_list(OID_STATE_OR_PROVINCE_NAME)
-
- @property
- def organization_name(self):
- return self._filter_attr_list(OID_ORGANIZATION_NAME)
-
- @property
- def organizational_unit_name(self):
- return self._filter_attr_list(OID_ORGANIZATIONAL_UNIT_NAME)
-
- @property
- def serial_number(self):
- return self._filter_attr_list(OID_SERIAL_NUMBER)
-
- @property
- def surname(self):
- return self._filter_attr_list(OID_SURNAME)
-
- @property
- def given_name(self):
- return self._filter_attr_list(OID_GIVEN_NAME)
-
- @property
- def title(self):
- return self._filter_attr_list(OID_TITLE)
-
- @property
- def generation_qualifier(self):
- return self._filter_attr_list(OID_GENERATION_QUALIFIER)
-
- @property
- def dn_qualifier(self):
- return self._filter_attr_list(OID_DN_QUALIFIER)
-
- @property
- def pseudonym(self):
- return self._filter_attr_list(OID_PSEUDONYM)
-
- @property
- def domain_component(self):
- return self._filter_attr_list(OID_DOMAIN_COMPONENT)
-
- @property
- def email_address(self):
- return self._filter_attr_list(OID_EMAIL_ADDRESS)
-
- @property
def attributes(self):
return self._attributes[:]
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 4794f338..c5a9e50a 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -73,17 +73,9 @@ class TestRSACertificate(object):
),
x509.NameAttribute(x509.OID_COMMON_NAME, 'Good CA')
]
- assert issuer.common_name == [
+ assert issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
x509.NameAttribute(x509.OID_COMMON_NAME, 'Good CA')
]
- assert issuer.country_name == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'),
- ]
- assert issuer.organization_name == [
- x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME, 'Test Certificates 2011'
- ),
- ]
def test_all_issuer_name_types(self, backend):
cert = _load_cert(
@@ -130,67 +122,6 @@ class TestRSACertificate(object):
x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test1@test.local'),
]
- assert issuer.country_name == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'),
- x509.NameAttribute(x509.OID_COUNTRY_NAME, 'CA'),
- ]
- assert issuer.state_or_province_name == [
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Illinois'),
- ]
- assert issuer.locality_name == [
- x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Chicago'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Austin'),
- ]
- assert issuer.organization_name == [
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Zero, LLC'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'One, LLC'),
- ]
- assert issuer.common_name == [
- x509.NameAttribute(x509.OID_COMMON_NAME, 'common name 0'),
- x509.NameAttribute(x509.OID_COMMON_NAME, 'common name 1'),
- ]
- assert issuer.organizational_unit_name == [
- x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, 'OU 0'),
- x509.NameAttribute(x509.OID_ORGANIZATIONAL_UNIT_NAME, 'OU 1'),
- ]
- assert issuer.dn_qualifier == [
- x509.NameAttribute(x509.OID_DN_QUALIFIER, 'dnQualifier0'),
- x509.NameAttribute(x509.OID_DN_QUALIFIER, 'dnQualifier1'),
- ]
- assert issuer.serial_number == [
- x509.NameAttribute(x509.OID_SERIAL_NUMBER, '123'),
- x509.NameAttribute(x509.OID_SERIAL_NUMBER, '456'),
- ]
- assert issuer.title == [
- x509.NameAttribute(x509.OID_TITLE, 'Title 0'),
- x509.NameAttribute(x509.OID_TITLE, 'Title 1'),
- ]
- assert issuer.surname == [
- x509.NameAttribute(x509.OID_SURNAME, 'Surname 0'),
- x509.NameAttribute(x509.OID_SURNAME, 'Surname 1'),
- ]
- assert issuer.given_name == [
- x509.NameAttribute(x509.OID_GIVEN_NAME, 'Given Name 0'),
- x509.NameAttribute(x509.OID_GIVEN_NAME, 'Given Name 1'),
- ]
- assert issuer.pseudonym == [
- x509.NameAttribute(x509.OID_PSEUDONYM, 'Incognito 0'),
- x509.NameAttribute(x509.OID_PSEUDONYM, 'Incognito 1'),
- ]
- assert issuer.generation_qualifier == [
- x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Last Gen'),
- x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Next Gen'),
- ]
- assert issuer.domain_component == [
- x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc0'),
- x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc1'),
- ]
- assert issuer.email_address == [
- x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test0@test.local'),
- x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test1@test.local'),
- ]
-
def test_subject(self, backend):
cert = _load_cert(
os.path.join(
@@ -212,20 +143,12 @@ class TestRSACertificate(object):
'Valid pre2000 UTC notBefore Date EE Certificate Test3'
)
]
- assert subject.common_name == [
+ assert subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
x509.NameAttribute(
x509.OID_COMMON_NAME,
'Valid pre2000 UTC notBefore Date EE Certificate Test3'
)
]
- assert subject.country_name == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, 'US'),
- ]
- assert subject.organization_name == [
- x509.NameAttribute(
- x509.OID_ORGANIZATION_NAME, 'Test Certificates 2011'
- ),
- ]
def test_unicode_name(self, backend):
cert = _load_cert(
@@ -236,13 +159,13 @@ class TestRSACertificate(object):
x509.load_pem_x509_certificate,
backend
)
- assert cert.subject.common_name == [
+ assert cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
x509.NameAttribute(
x509.OID_COMMON_NAME,
b'We heart UTF8!\xe2\x84\xa2'.decode('utf8')
)
]
- assert cert.issuer.common_name == [
+ assert cert.issuer.get_attributes_for_oid(x509.OID_COMMON_NAME) == [
x509.NameAttribute(
x509.OID_COMMON_NAME,
b'We heart UTF8!\xe2\x84\xa2'.decode('utf8')
@@ -297,71 +220,6 @@ class TestRSACertificate(object):
x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test3@test.local'),
]
- assert subject.country_name == [
- x509.NameAttribute(x509.OID_COUNTRY_NAME, 'AU'),
- x509.NameAttribute(x509.OID_COUNTRY_NAME, 'DE'),
- ]
- assert subject.state_or_province_name == [
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'California'),
- x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'New York'),
- ]
- assert subject.locality_name == [
- x509.NameAttribute(x509.OID_LOCALITY_NAME, 'San Francisco'),
- x509.NameAttribute(x509.OID_LOCALITY_NAME, 'Ithaca'),
- ]
- assert subject.organization_name == [
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org Zero, LLC'),
- x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org One, LLC'),
- ]
- assert subject.common_name == [
- x509.NameAttribute(x509.OID_COMMON_NAME, 'CN 0'),
- x509.NameAttribute(x509.OID_COMMON_NAME, 'CN 1'),
- ]
- assert subject.organizational_unit_name == [
- x509.NameAttribute(
- x509.OID_ORGANIZATIONAL_UNIT_NAME, 'Engineering 0'
- ),
- x509.NameAttribute(
- x509.OID_ORGANIZATIONAL_UNIT_NAME, 'Engineering 1'
- ),
- ]
- assert subject.dn_qualifier == [
- x509.NameAttribute(x509.OID_DN_QUALIFIER, 'qualified0'),
- x509.NameAttribute(x509.OID_DN_QUALIFIER, 'qualified1'),
- ]
- assert subject.serial_number == [
- x509.NameAttribute(x509.OID_SERIAL_NUMBER, '789'),
- x509.NameAttribute(x509.OID_SERIAL_NUMBER, '012'),
- ]
- assert subject.title == [
- x509.NameAttribute(x509.OID_TITLE, 'Title IX'),
- x509.NameAttribute(x509.OID_TITLE, 'Title X'),
- ]
- assert subject.surname == [
- x509.NameAttribute(x509.OID_SURNAME, 'Last 0'),
- x509.NameAttribute(x509.OID_SURNAME, 'Last 1'),
- ]
- assert subject.given_name == [
- x509.NameAttribute(x509.OID_GIVEN_NAME, 'First 0'),
- x509.NameAttribute(x509.OID_GIVEN_NAME, 'First 1'),
- ]
- assert subject.pseudonym == [
- x509.NameAttribute(x509.OID_PSEUDONYM, 'Guy Incognito 0'),
- x509.NameAttribute(x509.OID_PSEUDONYM, 'Guy Incognito 1'),
- ]
- assert subject.generation_qualifier == [
- x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, '32X'),
- x509.NameAttribute(x509.OID_GENERATION_QUALIFIER, 'Dreamcast'),
- ]
- assert subject.domain_component == [
- x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc2'),
- x509.NameAttribute(x509.OID_DOMAIN_COMPONENT, 'dc3'),
- ]
- assert subject.email_address == [
- x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test2@test.local'),
- x509.NameAttribute(x509.OID_EMAIL_ADDRESS, 'test3@test.local'),
- ]
-
def test_load_good_ca_cert(self, backend):
cert = _load_cert(
os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-25 03:58:02 +0000