Python cryptography.x509.oid.NameOID.COUNTRY_NAME Examples

The following are 30 code examples of cryptography.x509.oid.NameOID.COUNTRY_NAME(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module cryptography.x509.oid.NameOID , or try the search function .
Example #1
Source File: backend.py    From oss-ftp with MIT License 6 votes vote down vote up
def _encode_name(backend, attributes):
    """
    The X509_NAME created will not be gc'd. Use _encode_name_gc if needed.
    """
    subject = backend._lib.X509_NAME_new()
    for attribute in attributes:
        value = attribute.value.encode('utf8')
        obj = _txt2obj_gc(backend, attribute.oid.dotted_string)
        if attribute.oid == NameOID.COUNTRY_NAME:
            # Per RFC5280 Appendix A.1 countryName should be encoded as
            # PrintableString, not UTF8String
            type = backend._lib.MBSTRING_ASC
        else:
            type = backend._lib.MBSTRING_UTF8
        res = backend._lib.X509_NAME_add_entry_by_OBJ(
            subject, obj, type, value, -1, -1, 0,
        )
        backend.openssl_assert(res == 1)
    return subject 
Example #2
Source File: name.py    From Safejumper-for-Desktop with GNU General Public License v2.0 6 votes vote down vote up
def __init__(self, oid, value):
        if not isinstance(oid, ObjectIdentifier):
            raise TypeError(
                "oid argument must be an ObjectIdentifier instance."
            )

        if not isinstance(value, six.text_type):
            raise TypeError(
                "value argument must be a text type."
            )

        if oid == NameOID.COUNTRY_NAME and len(value.encode("utf8")) != 2:
            raise ValueError(
                "Country name must be a 2 character country code"
            )

        self._oid = oid
        self._value = value 
Example #3
Source File: sslutils.py    From rpaas with BSD 3-Clause "New" or "Revised" License 6 votes vote down vote up
def generate_csr(key, domainname):
    private_key = serialization.load_pem_private_key(key, password=None,
                                                     backend=default_backend())
    csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
        # Provide various details about who we are.
        x509.NameAttribute(NameOID.COUNTRY_NAME, u"BR"),
        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"RJ"),
        x509.NameAttribute(NameOID.LOCALITY_NAME, u"Rio de Janeiro"),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"globo.com"),
        x509.NameAttribute(NameOID.COMMON_NAME, domainname),
    ])).add_extension(
        x509.SubjectAlternativeName([x509.DNSName(domainname)]),
        critical=False,
    ).sign(private_key, hashes.SHA256(), default_backend())

    return csr.public_bytes(serialization.Encoding.PEM) 
Example #4
Source File: tests_subject.py    From django-ca with GNU General Public License v3.0 6 votes vote down vote up
def test_get(self):
        self.assertEqual(Subject('/CN=example.com').get('CN'), 'example.com')
        self.assertEqual(Subject('/C=AT/CN=example.com').get('C'), 'AT')
        self.assertEqual(Subject('/C=AT/CN=example.com').get('CN'), 'example.com')

        # try NameOID:
        self.assertEqual(Subject('/CN=example.com').get(NameOID.COMMON_NAME), 'example.com')
        self.assertEqual(Subject('/C=AT/CN=example.com').get(NameOID.COUNTRY_NAME), 'AT')
        self.assertEqual(Subject('/C=AT/CN=example.com').get(NameOID.COMMON_NAME), 'example.com')

        # OUs
        self.assertEqual(Subject('/C=AT/OU=foo/CN=example.com').get('OU'), ['foo'])
        self.assertEqual(Subject('/C=AT/OU=foo/OU=bar/CN=example.com').get('OU'), ['foo', 'bar'])

        # test that default doesn't overwrite anytying
        self.assertEqual(Subject('/CN=example.com').get('CN', 'x'), 'example.com')
        self.assertEqual(Subject('/C=AT/CN=example.com').get('C', 'x'), 'AT')
        self.assertEqual(Subject('/C=AT/CN=example.com').get('CN', 'x'), 'example.com')

        # test default value
        self.assertIsNone(Subject('/C=AT/OU=foo/CN=example.com').get('L'))
        self.assertEqual(Subject('/C=AT/OU=foo/CN=example.com').get('L', 'foo'), 'foo')
        self.assertIsNone(Subject('/C=AT/OU=foo/CN=example.com').get(NameOID.LOCALITY_NAME))
        self.assertEqual(Subject('/C=AT/OU=foo/CN=example.com').get(NameOID.LOCALITY_NAME, 'foo'), 'foo') 
Example #5
Source File: tests_subject.py    From django-ca with GNU General Public License v3.0 6 votes vote down vote up
def test_getitem(self):
        self.assertEqual(Subject('/CN=example.com')['CN'], 'example.com')
        self.assertEqual(Subject('/C=AT/CN=example.com')['C'], 'AT')
        self.assertEqual(Subject('/C=AT/CN=example.com')['CN'], 'example.com')

        # try NameOID:
        self.assertEqual(Subject('/CN=example.com')[NameOID.COMMON_NAME], 'example.com')
        self.assertEqual(Subject('/C=AT/CN=example.com')[NameOID.COUNTRY_NAME], 'AT')
        self.assertEqual(Subject('/C=AT/CN=example.com')[NameOID.COMMON_NAME], 'example.com')

        # OUs
        self.assertEqual(Subject('/C=AT/OU=foo/CN=example.com')['OU'], ['foo'])
        self.assertEqual(Subject('/C=AT/OU=foo/OU=bar/CN=example.com')['OU'], ['foo', 'bar'])

        # test keyerror
        with self.assertRaisesRegex(KeyError, r"^'L'$"):
            Subject('/C=AT/OU=foo/CN=example.com')['L']

        with self.assertRaisesRegex(KeyError, r"^'L'$"):
            Subject('/C=AT/OU=foo/CN=example.com')[NameOID.LOCALITY_NAME] 
Example #6
Source File: test_mdmcert.py    From commandment with MIT License 6 votes vote down vote up
def csr(private_key: rsa.RSAPrivateKey) -> x509.CertificateSigningRequest:
    b = x509.CertificateSigningRequestBuilder()
    req = b.subject_name(x509.Name([
        x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
        x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"),
        x509.NameAttribute(NameOID.COMMON_NAME, u"Commandment"),
    ])).sign(private_key, hashes.SHA256(), default_backend())

    return req 
Example #7
Source File: conftest.py    From commandment with MIT License 6 votes vote down vote up
def certificate(private_key: rsa.RSAPrivateKey) -> x509.Certificate:
    b = x509.CertificateBuilder()
    name = x509.Name([
        x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
        x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"),
        x509.NameAttribute(NameOID.COMMON_NAME, u"CA-CERTIFICATE"),
    ])

    cer = b.subject_name(name).issuer_name(name).public_key(
        private_key.public_key()
    ).serial_number(1).not_valid_before(
        datetime.datetime.utcnow()
    ).not_valid_after(
        datetime.datetime.utcnow() + datetime.timedelta(days=10)
    ).add_extension(
        x509.BasicConstraints(ca=False, path_length=None), True
    ).sign(private_key, hashes.SHA256(), default_backend())

    return cer 
Example #8
Source File: conftest.py    From commandment with MIT License 6 votes vote down vote up
def ca_certificate(private_key: rsa.RSAPrivateKey) -> x509.Certificate:
    b = x509.CertificateBuilder()
    name = x509.Name([
        x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
        x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"),
        x509.NameAttribute(NameOID.COMMON_NAME, u"CA-CERTIFICATE"),
    ])

    cert = b.serial_number(1).issuer_name(
        name
    ).subject_name(
        name
    ).public_key(
        private_key.public_key()
    ).not_valid_before(
        datetime.datetime.utcnow()
    ).not_valid_after(
        datetime.datetime.utcnow() + datetime.timedelta(days=10)
    ).add_extension(
        x509.BasicConstraints(ca=True, path_length=None), True
    ).sign(private_key, hashes.SHA256(), default_backend())

    return cert 
Example #9
Source File: certificatemanager.py    From confidant with Apache License 2.0 5 votes vote down vote up
def generate_x509_name(self, cn):
        """
        For the given common name string, generate and return an x509.Name, with
        attributes configured in the settings.
        """
        name_attributes = [
            x509.NameAttribute(NameOID.COMMON_NAME, cn),
        ]
        if self.settings['csr_country_name']:
            name_attributes.append(
                x509.NameAttribute(
                    NameOID.COUNTRY_NAME,
                    self.settings['csr_country_name'],
                )
            )
        if self.settings['csr_state_or_province_name']:
            name_attributes.append(
                x509.NameAttribute(
                    NameOID.STATE_OR_PROVINCE_NAME,
                    self.settings['csr_state_or_province_name'],
                )
            )
        if self.settings['csr_locality_name']:
            name_attributes.append(
                x509.NameAttribute(
                    NameOID.LOCALITY_NAME,
                    self.settings['csr_locality_name'],
                )
            )
        if self.settings['csr_organization_name']:
            name_attributes.append(
                x509.NameAttribute(
                    NameOID.ORGANIZATION_NAME,
                    self.settings['csr_organization_name'],
                )
            )
        return x509.Name(name_attributes) 
Example #10
Source File: test_session_resumption.py    From rpaas with BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
def generate_ca(cls):
        key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048,
            backend=default_backend()
        )
        subject = issuer = x509.Name([
            x509.NameAttribute(NameOID.COUNTRY_NAME, u"BR"),
            x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"RJ"),
            x509.NameAttribute(NameOID.LOCALITY_NAME, u"Rio de Janeiro"),
            x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Tsuru Inc"),
            x509.NameAttribute(NameOID.COMMON_NAME, u"tsuru.io"),
        ])
        cert = x509.CertificateBuilder().subject_name(
            subject
        ).issuer_name(
            issuer
        ).public_key(
            key.public_key()
        ).serial_number(
            x509.random_serial_number()
        ).not_valid_before(
            datetime.datetime.utcnow()
        ).not_valid_after(
            datetime.datetime.utcnow() + datetime.timedelta(days=10)
        ).add_extension(
            x509.SubjectAlternativeName([x509.DNSName(u"tsuru.io")]),
            critical=False,
        ).sign(key, hashes.SHA256(), default_backend())

        key = key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.TraditionalOpenSSL,
            encryption_algorithm=serialization.NoEncryption(),
        )
        cert = cert.public_bytes(serialization.Encoding.PEM)
        return key, cert 
Example #11
Source File: __init__.py    From agent with MIT License 5 votes vote down vote up
def generate_cert(device_id):
    private_key = ec.generate_private_key(
        ec.SECP256R1(), default_backend()
    )
    builder = x509.CertificateSigningRequestBuilder()

    builder = builder.subject_name(x509.Name([
        x509.NameAttribute(NameOID.COMMON_NAME, u'{}'.format(device_id)),
        x509.NameAttribute(NameOID.COUNTRY_NAME, u'UK'),
        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'London'),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'Web of Trusted Things, Ltd'),
    ]))

    builder = builder.add_extension(
        x509.SubjectAlternativeName(
            [x509.DNSName(u'{}'.format(device_id))]
        ),
        critical=False
    )

    csr = builder.sign(private_key, hashes.SHA256(), default_backend())

    serialized_private_key = private_key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.PKCS8,
        encryption_algorithm=serialization.NoEncryption(),
    )
    serialized_csr = csr.public_bytes(serialization.Encoding.PEM)

    return {
        'csr': serialized_csr.decode(),
        'key': serialized_private_key.decode()
    } 
Example #12
Source File: name.py    From quickstart-git2s3 with Apache License 2.0 5 votes vote down vote up
def __init__(self, oid, value, _type=_SENTINEL):
        if not isinstance(oid, ObjectIdentifier):
            raise TypeError(
                "oid argument must be an ObjectIdentifier instance."
            )

        if not isinstance(value, six.text_type):
            raise TypeError(
                "value argument must be a text type."
            )

        if (
            oid == NameOID.COUNTRY_NAME or
            oid == NameOID.JURISDICTION_COUNTRY_NAME
        ):
            if len(value.encode("utf8")) != 2:
                raise ValueError(
                    "Country name must be a 2 character country code"
                )

            if _type == _SENTINEL:
                _type = _ASN1Type.PrintableString

        if len(value) == 0:
            raise ValueError("Value cannot be an empty string")

        # Set the default string type for encoding ASN1 strings to UTF8. This
        # is the default for newer OpenSSLs for several years (1.0.1h+) and is
        # recommended in RFC 2459.
        if _type == _SENTINEL:
            _type = _ASN1Type.UTF8String

        if not isinstance(_type, _ASN1Type):
            raise TypeError("_type must be from the _ASN1Type enum")

        self._oid = oid
        self._value = value
        self._type = _type 
Example #13
Source File: utils.py    From django-auth-adfs with BSD 2-Clause "Simplified" License 5 votes vote down vote up
def generate_key_and_cert():
    signing_key = rsa.generate_private_key(
        backend=crypto_default_backend(),
        public_exponent=65537,
        key_size=2048
    )
    subject = issuer = x509.Name([
        x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
        x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"My Company"),
        x509.NameAttribute(NameOID.COMMON_NAME, u"example.com"),
    ])
    signing_cert = x509.CertificateBuilder().subject_name(
        subject
    ).issuer_name(
        issuer
    ).public_key(
        signing_key.public_key()
    ).serial_number(
        x509.random_serial_number()
    ).not_valid_before(
        datetime.utcnow()
    ).not_valid_after(
        # Our certificate will be valid for 10 days
        datetime.utcnow() + timedelta(days=10)
        # Sign our certificate with our private key
    ).sign(
        signing_key, hashes.SHA256(), crypto_default_backend()
    ).public_bytes(crypto_serialization.Encoding.DER)
    return signing_key, signing_cert 
Example #14
Source File: ssl.py    From ripe-atlas-sagan with GNU General Public License v3.0 5 votes vote down vote up
def _parse_x509_name(name):
        cn = None
        o = None
        c = None
        for attr in name:
            if attr.oid == NameOID.COUNTRY_NAME:
                c = attr.value
            elif attr.oid == NameOID.ORGANIZATION_NAME:
                o = attr.value
            elif attr.oid == NameOID.COMMON_NAME:
                cn = attr.value
        return cn, o, c 
Example #15
Source File: tls.py    From dcos-e2e with Apache License 2.0 5 votes vote down vote up
def cert_name(common_name):
    """
    Create x509.Name
    """
    return x509.Name([
        x509.NameAttribute(NameOID.COUNTRY_NAME, "US"),
        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "CA"),
        x509.NameAttribute(NameOID.LOCALITY_NAME, "San Francisco"),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, "D2iQ, Inc."),
        x509.NameAttribute(NameOID.COMMON_NAME, common_name),
        ]) 
Example #16
Source File: tls.py    From dcos-e2e with Apache License 2.0 5 votes vote down vote up
def cert_name(common_name):
    """
    Create x509.Name
    """
    return x509.Name([
        x509.NameAttribute(NameOID.COUNTRY_NAME, "US"),
        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "CA"),
        x509.NameAttribute(NameOID.LOCALITY_NAME, "San Francisco"),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, "D2iQ, Inc."),
        x509.NameAttribute(NameOID.COMMON_NAME, common_name),
        ]) 
Example #17
Source File: name.py    From quickstart-redhat-openshift with Apache License 2.0 5 votes vote down vote up
def __init__(self, oid, value, _type=_SENTINEL):
        if not isinstance(oid, ObjectIdentifier):
            raise TypeError(
                "oid argument must be an ObjectIdentifier instance."
            )

        if not isinstance(value, six.text_type):
            raise TypeError(
                "value argument must be a text type."
            )

        if (
            oid == NameOID.COUNTRY_NAME or
            oid == NameOID.JURISDICTION_COUNTRY_NAME
        ):
            if len(value.encode("utf8")) != 2:
                raise ValueError(
                    "Country name must be a 2 character country code"
                )

        if len(value) == 0:
            raise ValueError("Value cannot be an empty string")

        # The appropriate ASN1 string type varies by OID and is defined across
        # multiple RFCs including 2459, 3280, and 5280. In general UTF8String
        # is preferred (2459), but 3280 and 5280 specify several OIDs with
        # alternate types. This means when we see the sentinel value we need
        # to look up whether the OID has a non-UTF8 type. If it does, set it
        # to that. Otherwise, UTF8!
        if _type == _SENTINEL:
            _type = _NAMEOID_DEFAULT_TYPE.get(oid, _ASN1Type.UTF8String)

        if not isinstance(_type, _ASN1Type):
            raise TypeError("_type must be from the _ASN1Type enum")

        self._oid = oid
        self._value = value
        self._type = _type 
Example #18
Source File: test_verifier.py    From alexa-skills-kit-sdk-for-python with Apache License 2.0 5 votes vote down vote up
def create_certificate(self):
        self.private_key = self.generate_private_key()

        subject = issuer = x509.Name([
            x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
            x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"WA"),
            x509.NameAttribute(NameOID.LOCALITY_NAME, u"Seattle"),
            x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Amazon Alexa"),
            x509.NameAttribute(
                NameOID.COMMON_NAME, u"{}".format(self.PREPOPULATED_CERT_URL)),
            ])

        self.mock_certificate = x509.CertificateBuilder().subject_name(
            name=subject).issuer_name(
            name=issuer).public_key(
            key=self.private_key.public_key()).serial_number(
            number=x509.random_serial_number()).not_valid_before(
            time=datetime.utcnow() - timedelta(minutes=1)).not_valid_after(
            time=datetime.utcnow() + timedelta(minutes=1)).add_extension(
            extension=x509.SubjectAlternativeName(
                [x509.DNSName(u"{}".format(CERT_CHAIN_DOMAIN))]),
            critical=False).sign(
            private_key=self.private_key,
            algorithm=SHA1(),
            backend=default_backend()
        )

        self.request_verifier._cert_cache[
            self.PREPOPULATED_CERT_URL] = self.mock_certificate 
Example #19
Source File: name.py    From Carnets with BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
def __init__(self, oid, value, _type=_SENTINEL):
        if not isinstance(oid, ObjectIdentifier):
            raise TypeError(
                "oid argument must be an ObjectIdentifier instance."
            )

        if not isinstance(value, six.text_type):
            raise TypeError(
                "value argument must be a text type."
            )

        if (
            oid == NameOID.COUNTRY_NAME or
            oid == NameOID.JURISDICTION_COUNTRY_NAME
        ):
            if len(value.encode("utf8")) != 2:
                raise ValueError(
                    "Country name must be a 2 character country code"
                )

        if len(value) == 0:
            raise ValueError("Value cannot be an empty string")

        # The appropriate ASN1 string type varies by OID and is defined across
        # multiple RFCs including 2459, 3280, and 5280. In general UTF8String
        # is preferred (2459), but 3280 and 5280 specify several OIDs with
        # alternate types. This means when we see the sentinel value we need
        # to look up whether the OID has a non-UTF8 type. If it does, set it
        # to that. Otherwise, UTF8!
        if _type == _SENTINEL:
            _type = _NAMEOID_DEFAULT_TYPE.get(oid, _ASN1Type.UTF8String)

        if not isinstance(_type, _ASN1Type):
            raise TypeError("_type must be from the _ASN1Type enum")

        self._oid = oid
        self._value = value
        self._type = _type 
Example #20
Source File: __init__.py    From lokey with GNU General Public License v3.0 5 votes vote down vote up
def serialize(self,
                  # password=None,
                  country=u"US",
                  state=u"CA",
                  city=u"San Francisco",
                  company=u"Lokey Examle",
                  common_name=u"example.com"):
        # This should be handled already
        # if not password:
        #     password = None
        key = serialization.load_pem_private_key(
            self.to('pem'),
            password=None,
            backend=default_backend())

        subject = x509.Name([
            x509.NameAttribute(NameOID.COUNTRY_NAME, country),
            x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, state),
            x509.NameAttribute(NameOID.LOCALITY_NAME, city),
            x509.NameAttribute(NameOID.ORGANIZATION_NAME, company),
            x509.NameAttribute(NameOID.COMMON_NAME, common_name),
        ])
        cert = x509.CertificateSigningRequestBuilder().subject_name(
            subject
        ).sign(key, hashes.SHA256(), default_backend())
        return cert.public_bytes(serialization.Encoding.PEM) 
Example #21
Source File: test_config.py    From python-tripleoclient with Apache License 2.0 5 votes vote down vote up
def get_certificate_and_private_key(self):
        private_key = rsa.generate_private_key(public_exponent=3,
                                               key_size=1024,
                                               backend=default_backend())
        issuer = x509.Name([
            x509.NameAttribute(NameOID.COUNTRY_NAME, u"FI"),
            x509.NameAttribute(NameOID.LOCALITY_NAME, u"Helsinki"),
            x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Some Company"),
            x509.NameAttribute(NameOID.COMMON_NAME, u"Test Certificate"),
        ])
        cert_builder = x509.CertificateBuilder(
            issuer_name=issuer, subject_name=issuer,
            public_key=private_key.public_key(),
            serial_number=x509.random_serial_number(),
            not_valid_before=datetime.utcnow(),
            not_valid_after=datetime.utcnow() + timedelta(days=10)
        )
        cert = cert_builder.sign(private_key,
                                 hashes.SHA256(),
                                 default_backend())
        cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM)
        key_pem = private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.TraditionalOpenSSL,
            encryption_algorithm=serialization.NoEncryption())
        return cert_pem, key_pem 
Example #22
Source File: tests_subject.py    From django-ca with GNU General Public License v3.0 5 votes vote down vote up
def test_fields(self):
        s = Subject('')
        self.assertEqual(list(s.fields), [])

        s = Subject('/C=AT')
        self.assertEqual(list(s.fields), [(NameOID.COUNTRY_NAME, 'AT')])

        s = Subject('/C=AT/CN=example.com')
        self.assertEqual(list(s.fields), [(NameOID.COUNTRY_NAME, 'AT'), (NameOID.COMMON_NAME, 'example.com')])

        s = Subject('/C=AT/OU=foo/CN=example.com')
        self.assertEqual(list(s.fields), [(NameOID.COUNTRY_NAME, 'AT'),
                                          (NameOID.ORGANIZATIONAL_UNIT_NAME, 'foo'),
                                          (NameOID.COMMON_NAME, 'example.com')])
        s = Subject('/C=AT/OU=foo/OU=bar/CN=example.com')
        self.assertEqual(list(s.fields), [(NameOID.COUNTRY_NAME, 'AT'),
                                          (NameOID.ORGANIZATIONAL_UNIT_NAME, 'foo'),
                                          (NameOID.ORGANIZATIONAL_UNIT_NAME, 'bar'),
                                          (NameOID.COMMON_NAME, 'example.com')])

        # Also test order
        s = Subject('/CN=example.com/C=AT/OU=foo/OU=bar')
        self.assertEqual(list(s.fields), [(NameOID.COUNTRY_NAME, 'AT'),
                                          (NameOID.ORGANIZATIONAL_UNIT_NAME, 'foo'),
                                          (NameOID.ORGANIZATIONAL_UNIT_NAME, 'bar'),
                                          (NameOID.COMMON_NAME, 'example.com')]) 
Example #23
Source File: tests_subject.py    From django-ca with GNU General Public License v3.0 5 votes vote down vote up
def test_contains(self):
        self.assertIn('CN', Subject('/CN=example.com'))
        self.assertIn(NameOID.COMMON_NAME, Subject('/CN=example.com'))
        self.assertNotIn(NameOID.LOCALITY_NAME, Subject('/CN=example.com'))
        self.assertNotIn(NameOID.COUNTRY_NAME, Subject('/CN=example.com'))
        self.assertIn(NameOID.COUNTRY_NAME, Subject('/C=AT/CN=example.com'))
        self.assertIn(NameOID.COMMON_NAME, Subject('/C=AT/CN=example.com')) 
Example #24
Source File: tests_subject.py    From django-ca with GNU General Public License v3.0 5 votes vote down vote up
def test_init_name(self):
        name = x509.Name(attributes=[
            x509.NameAttribute(oid=NameOID.COUNTRY_NAME, value=u'AT'),
            x509.NameAttribute(oid=NameOID.COMMON_NAME, value=u'example.com'),
        ])
        self.assertEqual(str(Subject(name)), '/C=AT/CN=example.com') 
Example #25
Source File: tests_utils.py    From django-ca with GNU General Public License v3.0 5 votes vote down vote up
def test_dirname(self):
        name = x509.DirectoryName(x509.Name([
            x509.NameAttribute(NameOID.COUNTRY_NAME, 'AT'),
            x509.NameAttribute(NameOID.COMMON_NAME, 'example.com'),
        ]))
        self.assertEqual(format_general_name(name), 'dirname:/C=AT/CN=example.com') 
Example #26
Source File: tests_utils.py    From django-ca with GNU General Public License v3.0 5 votes vote down vote up
def test_dirname(self):
        self.assertEqual(parse_general_name('/CN=example.com'), x509.DirectoryName(x509.Name([
            x509.NameAttribute(NameOID.COMMON_NAME, 'example.com'),
        ])))
        self.assertEqual(parse_general_name('dirname:/CN=example.com'), x509.DirectoryName(x509.Name([
            x509.NameAttribute(NameOID.COMMON_NAME, 'example.com'),
        ])))
        self.assertEqual(parse_general_name('dirname:/C=AT/CN=example.com'), x509.DirectoryName(x509.Name([
            x509.NameAttribute(NameOID.COUNTRY_NAME, 'AT'),
            x509.NameAttribute(NameOID.COMMON_NAME, 'example.com'),
        ]))) 
Example #27
Source File: conftest.py    From commandment with MIT License 5 votes vote down vote up
def csr(private_key: rsa.RSAPrivateKey) -> x509.CertificateSigningRequest:
    b = x509.CertificateSigningRequestBuilder()
    req = b.subject_name(x509.Name([
        x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"CA"),
        x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Commandment"),
        x509.NameAttribute(NameOID.COMMON_NAME, u"Commandment"),
    ])).sign(private_key, hashes.SHA256(), default_backend())

    return req 
Example #28
Source File: name.py    From learn_python3_spider with MIT License 5 votes vote down vote up
def __init__(self, oid, value, _type=_SENTINEL):
        if not isinstance(oid, ObjectIdentifier):
            raise TypeError(
                "oid argument must be an ObjectIdentifier instance."
            )

        if not isinstance(value, six.text_type):
            raise TypeError(
                "value argument must be a text type."
            )

        if (
            oid == NameOID.COUNTRY_NAME or
            oid == NameOID.JURISDICTION_COUNTRY_NAME
        ):
            if len(value.encode("utf8")) != 2:
                raise ValueError(
                    "Country name must be a 2 character country code"
                )

        if len(value) == 0:
            raise ValueError("Value cannot be an empty string")

        # The appropriate ASN1 string type varies by OID and is defined across
        # multiple RFCs including 2459, 3280, and 5280. In general UTF8String
        # is preferred (2459), but 3280 and 5280 specify several OIDs with
        # alternate types. This means when we see the sentinel value we need
        # to look up whether the OID has a non-UTF8 type. If it does, set it
        # to that. Otherwise, UTF8!
        if _type == _SENTINEL:
            _type = _NAMEOID_DEFAULT_TYPE.get(oid, _ASN1Type.UTF8String)

        if not isinstance(_type, _ASN1Type):
            raise TypeError("_type must be from the _ASN1Type enum")

        self._oid = oid
        self._value = value
        self._type = _type 
Example #29
Source File: name.py    From teleport with Apache License 2.0 5 votes vote down vote up
def __init__(self, oid, value, _type=_SENTINEL):
        if not isinstance(oid, ObjectIdentifier):
            raise TypeError(
                "oid argument must be an ObjectIdentifier instance."
            )

        if not isinstance(value, six.text_type):
            raise TypeError(
                "value argument must be a text type."
            )

        if (
            oid == NameOID.COUNTRY_NAME or
            oid == NameOID.JURISDICTION_COUNTRY_NAME
        ):
            if len(value.encode("utf8")) != 2:
                raise ValueError(
                    "Country name must be a 2 character country code"
                )

        # The appropriate ASN1 string type varies by OID and is defined across
        # multiple RFCs including 2459, 3280, and 5280. In general UTF8String
        # is preferred (2459), but 3280 and 5280 specify several OIDs with
        # alternate types. This means when we see the sentinel value we need
        # to look up whether the OID has a non-UTF8 type. If it does, set it
        # to that. Otherwise, UTF8!
        if _type == _SENTINEL:
            _type = _NAMEOID_DEFAULT_TYPE.get(oid, _ASN1Type.UTF8String)

        if not isinstance(_type, _ASN1Type):
            raise TypeError("_type must be from the _ASN1Type enum")

        self._oid = oid
        self._value = value
        self._type = _type 
Example #30
Source File: name.py    From teleport with Apache License 2.0 5 votes vote down vote up
def __init__(self, oid, value, _type=_SENTINEL):
        if not isinstance(oid, ObjectIdentifier):
            raise TypeError(
                "oid argument must be an ObjectIdentifier instance."
            )

        if not isinstance(value, six.text_type):
            raise TypeError(
                "value argument must be a text type."
            )

        if (
            oid == NameOID.COUNTRY_NAME or
            oid == NameOID.JURISDICTION_COUNTRY_NAME
        ):
            if len(value.encode("utf8")) != 2:
                raise ValueError(
                    "Country name must be a 2 character country code"
                )

        # The appropriate ASN1 string type varies by OID and is defined across
        # multiple RFCs including 2459, 3280, and 5280. In general UTF8String
        # is preferred (2459), but 3280 and 5280 specify several OIDs with
        # alternate types. This means when we see the sentinel value we need
        # to look up whether the OID has a non-UTF8 type. If it does, set it
        # to that. Otherwise, UTF8!
        if _type == _SENTINEL:
            _type = _NAMEOID_DEFAULT_TYPE.get(oid, _ASN1Type.UTF8String)

        if not isinstance(_type, _ASN1Type):
            raise TypeError("_type must be from the _ASN1Type enum")

        self._oid = oid
        self._value = value
        self._type = _type