dn: handle multi-valued RDNs in Name conversion

When applying DN to a cryptography.x509.Name, multi-valued RDNs get
"flattened" into separate RDNs.  Update the constructor to correctly
handle Name values with multi-valued RDNs.

Fixes: https://pagure.io/freeipa/issue/7963
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Fraser Tweedale 2019-05-28 14:02:22 +10:00 committed by Alexander Bokovoy
parent 3f33ac88bd
commit 891d54e46f
2 changed files with 21 additions and 6 deletions

View File

@ -1138,8 +1138,8 @@ class DN:
rdns = list(reversed([ rdns = list(reversed([
[get_ava( [get_ava(
ATTR_NAME_BY_OID.get(ava.oid, ava.oid.dotted_string), ATTR_NAME_BY_OID.get(ava.oid, ava.oid.dotted_string),
ava.value)] ava.value) for ava in rdn]
for ava in value for rdn in value.rdns
])) ]))
else: else:
raise TypeError( raise TypeError(

View File

@ -661,10 +661,16 @@ class TestDN(unittest.TestCase):
self.base_container_dn = DN((self.attr1, self.value1), self.base_container_dn = DN((self.attr1, self.value1),
self.container_dn, self.base_dn) self.container_dn, self.base_dn)
self.x500name = x509.Name([ ou = x509.NameAttribute(
x509.NameAttribute( x509.NameOID.ORGANIZATIONAL_UNIT_NAME, self.value2)
x509.NameOID.ORGANIZATIONAL_UNIT_NAME, self.value2), cn = x509.NameAttribute(x509.NameOID.COMMON_NAME, self.value1)
x509.NameAttribute(x509.NameOID.COMMON_NAME, self.value1), c = x509.NameAttribute(x509.NameOID.COUNTRY_NAME, 'AU')
st = x509.NameAttribute(
x509.NameOID.STATE_OR_PROVINCE_NAME, 'Queensland')
self.x500name = x509.Name([ou, cn])
self.x500nameMultiRDN = x509.Name([
x509.RelativeDistinguishedName([c, st]),
x509.RelativeDistinguishedName([cn]),
]) ])
def assertExpectedClass(self, klass, obj, component): def assertExpectedClass(self, klass, obj, component):
@ -817,6 +823,15 @@ class TestDN(unittest.TestCase):
self.assertEqual(dn1[0], self.rdn1) self.assertEqual(dn1[0], self.rdn1)
self.assertEqual(dn1[1], self.rdn2) self.assertEqual(dn1[1], self.rdn2)
# Create from 'Name' with multi-valued RDN
dn1 = DN(self.x500nameMultiRDN)
self.assertEqual(len(dn1), 2)
self.assertEqual(len(dn1[1]), 2)
self.assertIn(AVA('c', 'au'), dn1[1])
self.assertIn(AVA('st', 'queensland'), dn1[1])
self.assertEqual(len(dn1[0]), 1)
self.assertIn(self.ava1, dn1[0])
# Create with RDN, and 2 DN's (e.g. attr + container + base) # Create with RDN, and 2 DN's (e.g. attr + container + base)
dn1 = DN((self.attr1, self.value1), self.container_dn, self.base_dn) dn1 = DN((self.attr1, self.value1), self.container_dn, self.base_dn)
self.assertEqual(len(dn1), 5) self.assertEqual(len(dn1), 5)