diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-10-10 16:08:52 +1000 |
|---|---|---|
| committer | David Kupka <dkupka@redhat.com> | 2016-11-10 10:21:47 +0100 |
| commit | 9522970bfa28900abc90e959de483f59c79a3e5f (patch) | |
| tree | 421ead9477447aacefe7de33e078275b5a6c4175 /ipapython | |
| parent | 9bb6d8643f4eb7214897de28821839a14a3bcb37 (diff) | |
| download | freeipa-9522970bfa28900abc90e959de483f59c79a3e5f.tar.gz freeipa-9522970bfa28900abc90e959de483f59c79a3e5f.tar.xz freeipa-9522970bfa28900abc90e959de483f59c79a3e5f.zip | |
dn: support conversion from python-cryptography Name
The upcoming change to using python-cryptography for certificate
process will require a way to convert
``cryptography.x509.name.Name`` values to ``ipapython.dn.DN``.
Update the ``DN`` constructor to accept a ``Name``.
Part of: https://fedorahosted.org/freeipa/ticket/6398
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/dn.py | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/ipapython/dn.py b/ipapython/dn.py index 3ee35c626..2f7655d27 100644 --- a/ipapython/dn.py +++ b/ipapython/dn.py @@ -422,6 +422,7 @@ from __future__ import print_function import sys import functools +import cryptography.x509 from ldap.dn import str2dn, dn2str from ldap import DECODING_ERROR import six @@ -976,6 +977,8 @@ class DN(object): to yield one or more RDN's which will be appended in order to the DN. The parsing recognizes the DN syntax escaping rules. + * A single ``cryptography.x509.name.Name`` object. + * A RDN object, the RDN will copied respecting the constructors keyword configuration parameters and appended in order. @@ -1125,9 +1128,17 @@ class DN(object): rdns = [[ava]] elif isinstance(value, RDN): rdns = [value.to_openldap()] + elif isinstance(value, cryptography.x509.name.Name): + rdns = list(reversed([ + [get_ava( + _ATTR_NAME_BY_OID.get(ava.oid, ava.oid.dotted_string), + ava.value)] + for ava in value + ])) else: - raise TypeError("must be str, unicode, tuple, or RDN or DN, got %s instead" % - type(value)) + raise TypeError( + "must be str, unicode, tuple, Name, RDN or DN, got %s instead" + % type(value)) return rdns def _rdns_from_sequence(self, seq): @@ -1407,3 +1418,32 @@ class DN(object): if i == -1: raise ValueError("pattern not found") return i + + +_ATTR_NAME_BY_OID = { + cryptography.x509.oid.NameOID.COMMON_NAME: 'CN', + cryptography.x509.oid.NameOID.COUNTRY_NAME: 'C', + cryptography.x509.oid.NameOID.LOCALITY_NAME: 'L', + cryptography.x509.oid.NameOID.STATE_OR_PROVINCE_NAME: 'ST', + cryptography.x509.oid.NameOID.ORGANIZATION_NAME: 'O', + cryptography.x509.oid.NameOID.ORGANIZATIONAL_UNIT_NAME: 'OU', + cryptography.x509.oid.NameOID.SERIAL_NUMBER: 'serialNumber', + cryptography.x509.oid.NameOID.SURNAME: 'SN', + cryptography.x509.oid.NameOID.GIVEN_NAME: 'givenName', + cryptography.x509.oid.NameOID.TITLE: 'title', + cryptography.x509.oid.NameOID.GENERATION_QUALIFIER: 'generationQualifier', + cryptography.x509.oid.NameOID.DN_QUALIFIER: 'dnQualifier', + cryptography.x509.oid.NameOID.PSEUDONYM: 'pseudonym', + cryptography.x509.oid.NameOID.DOMAIN_COMPONENT: 'DC', + cryptography.x509.oid.NameOID.EMAIL_ADDRESS: 'E', + cryptography.x509.oid.NameOID.JURISDICTION_COUNTRY_NAME: + 'incorporationCountry', + cryptography.x509.oid.NameOID.JURISDICTION_LOCALITY_NAME: + 'incorporationLocality', + cryptography.x509.oid.NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME: + 'incorporationState', + cryptography.x509.oid.NameOID.BUSINESS_CATEGORY: 'businessCategory', + cryptography.x509.ObjectIdentifier('2.5.4.9'): 'STREET', + cryptography.x509.ObjectIdentifier('2.5.4.17'): 'postalCode', + cryptography.x509.ObjectIdentifier('0.9.2342.19200300.100.1.1'): 'UID', +} |