internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-06 13:22:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support otherName in subAltName in CSR for UTF8 strings (#53)

Browse Source 
* Support otherName in subAltName in CSR for UTF8 strings

* Remove uneeded docs and added changelog fragment

* Missed a merge conflict

* Fix up sanity issues and added test expectation

* Rename function
This commit is contained in:
Jordan Borean
2020-06-24 06:38:42 +10:00
committed by GitHub
parent ca58a1d2ee
commit 70683e540d
9 changed files with 309 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
plugins/module_utils/crypto/cryptography_support.py
View File

@@ -24,6 +24,7 @@ import binascii
import re
from ansible.module_utils._text import to_text
from ._asn1 import serialize_asn1_string_as_der
try:
import cryptography
@@ -205,10 +206,22 @@ def cryptography_get_name(name):
raise OpenSSLObjectError('Cannot parse Subject Alternative Name "{0}"'.format(name))
return x509.RegisteredID(x509.oid.ObjectIdentifier(m.group(1)))
if name.startswith('otherName:'):
# otherName can either be a raw ASN.1 hex string or in the format that OpenSSL works with.
m = re.match(r'^([0-9]+(?:\.[0-9]+)*);([0-9a-fA-F]{1,2}(?::[0-9a-fA-F]{1,2})*)$', to_text(name[10:]))
if not m:
raise OpenSSLObjectError('Cannot parse Subject Alternative Name "{0}"'.format(name))
return x509.OtherName(x509.oid.ObjectIdentifier(m.group(1)), _parse_hex(m.group(2)))
if m:
return x509.OtherName(x509.oid.ObjectIdentifier(m.group(1)), _parse_hex(m.group(2)))
# See https://www.openssl.org/docs/man1.0.2/man5/x509v3_config.html - Subject Alternative Name for more
# defailts on the format expected.
name = to_text(name[10:], errors='surrogate_or_strict')
if ';' not in name:
raise OpenSSLObjectError('Cannot parse Subject Alternative Name otherName "{0}", must be in the '
'format "otherName:<OID>;<ASN.1 OpenSSL Encoded String>" or '
'"otherName:<OID>;<hex string>"'.format(name))
oid, value = name.split(';', 1)
b_value = serialize_asn1_string_as_der(value)
return x509.OtherName(x509.ObjectIdentifier(oid), b_value)
if name.startswith('dirName:'):
return x509.DirectoryName(x509.Name(_parse_dn(to_text(name[8:]))))
except Exception as e: