diff options
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/dn.py | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/ipapython/dn.py b/ipapython/dn.py index 3ee35c626..2f7655d27 100644 --- a/ipapython/dn.py +++ b/ipapython/dn.py @@ -422,6 +422,7 @@ from __future__ import print_function import sys import functools +import cryptography.x509 from ldap.dn import str2dn, dn2str from ldap import DECODING_ERROR import six @@ -976,6 +977,8 @@ class DN(object): to yield one or more RDN's which will be appended in order to the DN. The parsing recognizes the DN syntax escaping rules. + * A single ``cryptography.x509.name.Name`` object. + * A RDN object, the RDN will copied respecting the constructors keyword configuration parameters and appended in order. @@ -1125,9 +1128,17 @@ class DN(object): rdns = [[ava]] elif isinstance(value, RDN): rdns = [value.to_openldap()] + elif isinstance(value, cryptography.x509.name.Name): + rdns = list(reversed([ + [get_ava( + _ATTR_NAME_BY_OID.get(ava.oid, ava.oid.dotted_string), + ava.value)] + for ava in value + ])) else: - raise TypeError("must be str, unicode, tuple, or RDN or DN, got %s instead" % - type(value)) + raise TypeError( + "must be str, unicode, tuple, Name, RDN or DN, got %s instead" + % type(value)) return rdns def _rdns_from_sequence(self, seq): @@ -1407,3 +1418,32 @@ class DN(object): if i == -1: raise ValueError("pattern not found") return i + + +_ATTR_NAME_BY_OID = { + cryptography.x509.oid.NameOID.COMMON_NAME: 'CN', + cryptography.x509.oid.NameOID.COUNTRY_NAME: 'C', + cryptography.x509.oid.NameOID.LOCALITY_NAME: 'L', + cryptography.x509.oid.NameOID.STATE_OR_PROVINCE_NAME: 'ST', + cryptography.x509.oid.NameOID.ORGANIZATION_NAME: 'O', + cryptography.x509.oid.NameOID.ORGANIZATIONAL_UNIT_NAME: 'OU', + cryptography.x509.oid.NameOID.SERIAL_NUMBER: 'serialNumber', + cryptography.x509.oid.NameOID.SURNAME: 'SN', + cryptography.x509.oid.NameOID.GIVEN_NAME: 'givenName', + cryptography.x509.oid.NameOID.TITLE: 'title', + cryptography.x509.oid.NameOID.GENERATION_QUALIFIER: 'generationQualifier', + cryptography.x509.oid.NameOID.DN_QUALIFIER: 'dnQualifier', + cryptography.x509.oid.NameOID.PSEUDONYM: 'pseudonym', + cryptography.x509.oid.NameOID.DOMAIN_COMPONENT: 'DC', + cryptography.x509.oid.NameOID.EMAIL_ADDRESS: 'E', + cryptography.x509.oid.NameOID.JURISDICTION_COUNTRY_NAME: + 'incorporationCountry', + cryptography.x509.oid.NameOID.JURISDICTION_LOCALITY_NAME: + 'incorporationLocality', + cryptography.x509.oid.NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME: + 'incorporationState', + cryptography.x509.oid.NameOID.BUSINESS_CATEGORY: 'businessCategory', + cryptography.x509.ObjectIdentifier('2.5.4.9'): 'STREET', + cryptography.x509.ObjectIdentifier('2.5.4.17'): 'postalCode', + cryptography.x509.ObjectIdentifier('0.9.2342.19200300.100.1.1'): 'UID', +} |