From e06cab4de07897fecf6da40b29b460f7d4c258d3 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 30 Apr 2015 10:23:33 -0500 Subject: add support for rfc822name general names --- src/cryptography/hazmat/backends/openssl/x509.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 5558f140..a3cf4618 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -15,6 +15,7 @@ from __future__ import absolute_import, division, print_function import datetime import ipaddress +from email.utils import parseaddr import idna @@ -107,6 +108,21 @@ def _build_general_name(backend, gn): return x509.DirectoryName( _build_x509_name(backend, gn.d.directoryName) ) + elif gn.type == backend._lib.GEN_EMAIL: + data = backend._ffi.buffer( + gn.d.rfc822Name.data, gn.d.rfc822Name.length + )[:].decode("ascii") + name, address = parseaddr(data) + parts = address.split("@") + if name or len(parts) > 2: + raise ValueError("Invalid rfc822name value") + else: + if len(parts) == 1: + return x509.RFC822Name(address) + else: + return x509.RFC822Name( + parts[0] + u"@" + idna.decode(parts[1]) + ) else: # otherName, x400Address or ediPartyName raise x509.UnsupportedGeneralNameType( -- cgit v1.2.3 From cf2a5a504e8082477788aa627f2e8f132dbc4461 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 1 May 2015 23:01:40 -0500 Subject: improve if/elif chain, add some comments --- src/cryptography/hazmat/backends/openssl/x509.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index a3cf4618..13684bcc 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -115,14 +115,19 @@ def _build_general_name(backend, gn): name, address = parseaddr(data) parts = address.split("@") if name or len(parts) > 2: + # parseaddr has found a name (e.g. Name ) or the split + # has found more than 2 parts (which means more than one @ sign) raise ValueError("Invalid rfc822name value") + elif len(parts) == 1: + # Single label email name. This is valid for local delivery. No + # IDNA decoding can be done since there is no domain component. + return x509.RFC822Name(address) else: - if len(parts) == 1: - return x509.RFC822Name(address) - else: - return x509.RFC822Name( - parts[0] + u"@" + idna.decode(parts[1]) - ) + # A normal email of the form user@domain.com. Let's attempt to + # decode the domain component and return the entire address. + return x509.RFC822Name( + parts[0] + u"@" + idna.decode(parts[1]) + ) else: # otherName, x400Address or ediPartyName raise x509.UnsupportedGeneralNameType( -- cgit v1.2.3 From 778bc6092139dca93f1a9ac4311eafeaa7ebf107 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 2 May 2015 15:16:41 -0500 Subject: u prefixes for everyone --- src/cryptography/hazmat/backends/openssl/x509.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 13684bcc..e311e6ab 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -113,7 +113,7 @@ def _build_general_name(backend, gn): gn.d.rfc822Name.data, gn.d.rfc822Name.length )[:].decode("ascii") name, address = parseaddr(data) - parts = address.split("@") + parts = address.split(u"@") if name or len(parts) > 2: # parseaddr has found a name (e.g. Name ) or the split # has found more than 2 parts (which means more than one @ sign) -- cgit v1.2.3 From e518faefba934a2bbf2589458170d50a69f9bdfc Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 2 May 2015 18:50:56 -0500 Subject: error if it's all empty --- src/cryptography/hazmat/backends/openssl/x509.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index e311e6ab..25cb5704 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -114,9 +114,10 @@ def _build_general_name(backend, gn): )[:].decode("ascii") name, address = parseaddr(data) parts = address.split(u"@") - if name or len(parts) > 2: + if name or len(parts) > 2 or not address: # parseaddr has found a name (e.g. Name ) or the split # has found more than 2 parts (which means more than one @ sign) + # or the entire value is an empty string. raise ValueError("Invalid rfc822name value") elif len(parts) == 1: # Single label email name. This is valid for local delivery. No -- cgit v1.2.3