diff --git a/changelogs/fragments/313-unicode-names.yml b/changelogs/fragments/313-unicode-names.yml new file mode 100644 index 00000000..759b4595 --- /dev/null +++ b/changelogs/fragments/313-unicode-names.yml @@ -0,0 +1,2 @@ +bugfixes: + - "cryptography backend - improve Unicode handling for Python 2 (https://github.com/ansible-collections/community.crypto/pull/313)." diff --git a/plugins/module_utils/crypto/cryptography_support.py b/plugins/module_utils/crypto/cryptography_support.py index 7fff8c54..ba56ce40 100644 --- a/plugins/module_utils/crypto/cryptography_support.py +++ b/plugins/module_utils/crypto/cryptography_support.py @@ -311,11 +311,11 @@ def _dn_escape_value(value): ''' Escape Distinguished Name's attribute value. ''' - value = value.replace('\\', '\\\\') - for ch in [',', '#', '+', '<', '>', ';', '"', '=', '/']: - value = value.replace(ch, '\\%s' % ch) - if value.startswith(' '): - value = r'\ ' + value[1:] + value = value.replace(u'\\', u'\\\\') + for ch in [u',', u'#', u'+', u'<', u'>', u';', u'"', u'=', u'/']: + value = value.replace(ch, u'\\%s' % ch) + if value.startswith(u' '): + value = u'\\ ' + value[1:] return value @@ -325,24 +325,24 @@ def cryptography_decode_name(name): Raises an OpenSSLObjectError if the name is not supported. ''' if isinstance(name, x509.DNSName): - return 'DNS:{0}'.format(name.value) + return u'DNS:{0}'.format(name.value) if isinstance(name, x509.IPAddress): if isinstance(name.value, (ipaddress.IPv4Network, ipaddress.IPv6Network)): - return 'IP:{0}/{1}'.format(name.value.network_address.compressed, name.value.prefixlen) - return 'IP:{0}'.format(name.value.compressed) + return u'IP:{0}/{1}'.format(name.value.network_address.compressed, name.value.prefixlen) + return u'IP:{0}'.format(name.value.compressed) if isinstance(name, x509.RFC822Name): - return 'email:{0}'.format(name.value) + return u'email:{0}'.format(name.value) if isinstance(name, x509.UniformResourceIdentifier): - return 'URI:{0}'.format(name.value) + return u'URI:{0}'.format(name.value) if isinstance(name, x509.DirectoryName): - return 'dirName:' + ''.join([ - '/{0}={1}'.format(cryptography_oid_to_name(attribute.oid, short=True), _dn_escape_value(attribute.value)) + return u'dirName:' + u''.join([ + u'/{0}={1}'.format(to_text(cryptography_oid_to_name(attribute.oid, short=True)), _dn_escape_value(attribute.value)) for attribute in name.value ]) if isinstance(name, x509.RegisteredID): - return 'RID:{0}'.format(name.value.dotted_string) + return u'RID:{0}'.format(name.value.dotted_string) if isinstance(name, x509.OtherName): - return 'otherName:{0};{1}'.format(name.type_id.dotted_string, _get_hex(name.value)) + return u'otherName:{0};{1}'.format(name.type_id.dotted_string, _get_hex(name.value)) raise OpenSSLObjectError('Cannot decode name "{0}"'.format(name)) diff --git a/tests/integration/targets/x509_certificate_info/tasks/impl.yml b/tests/integration/targets/x509_certificate_info/tasks/impl.yml index ae783213..2e274852 100644 --- a/tests/integration/targets/x509_certificate_info/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate_info/tasks/impl.yml @@ -19,6 +19,13 @@ - "['organizationalUnitName', 'ACME Department'] in result.subject_ordered" - result.public_key_type == 'RSA' - result.public_key_data.size == (default_rsa_key_size_certifiates | int) + - "result.subject_alt_name == [ + 'DNS:www.ansible.com', + 'IP:1.2.3.4', + 'IP:::1', + 'email:test@example.org', + 'URI:https://example.org/test/index.html' + ]" - name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier assert: