diff options
| author | Rob Austein <sra@hactrn.net> | 2012-08-07 21:54:43 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2012-08-07 21:54:43 +0000 |
| commit | 0ffc84f40bf25c778e20d49be33eebab3c7612e5 (patch) | |
| tree | 5c8697f03aeebe645f4d8c84274c9c96f5ceb243 | |
| parent | 0d561ccb89555aae11482449dc8477c6cf4d0799 (diff) | |
Safe mapping functions for OIDs, now that we're using the same code to
deal with BPKI certificates with all the whacky distinguished name
fields allowed by X.509, or at least by PKIX. See #279.
svn path=/trunk/; revision=4621
| -rw-r--r-- | rpkid/rpki/oids.py | 30 | ||||
| -rw-r--r-- | rpkid/rpki/x509.py | 2 |
2 files changed, 31 insertions, 1 deletions
diff --git a/rpkid/rpki/oids.py b/rpkid/rpki/oids.py index 1e67dff9..2b8302aa 100644 --- a/rpkid/rpki/oids.py +++ b/rpkid/rpki/oids.py @@ -69,9 +69,39 @@ oid2name = { (2, 5, 4, 3) : "commonName", (2, 5, 4, 5) : "serialNumber", (2, 5, 4, 6) : "countryName", + (2, 5, 4, 7) : "localityName", + (2, 5, 4, 8) : "stateOrProvinceName", + (2, 5, 4, 9) : "streetAddress", + (2, 5, 4, 10) : "organizationName", + (2, 5, 4, 11) : "organizationalUnitName", } ## @var name2oid # Mapping table of string names to OIDs name2oid = dict((v, k) for k, v in oid2name.items()) + +def safe_name2oid(name): + """ + Map name to OID, also parsing numeric (dotted decimal) format. + """ + + try: + return name2oid[name] + except KeyError: + fields = name.split(".") + if all(field.isdigit() for field in fields): + return tuple(int(field) for field in fields) + else: + raise + +def safe_oid2name(oid): + """ + Map OID to name. If we have no mapping, generate numeric (dotted + decimal) format. + """ + + try: + return oid2name[oid] + except KeyError: + return ".".join(str(field) for field in oid) diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index 42b52f1d..92194a96 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -176,7 +176,7 @@ class X501DN(object): raise TypeError("Don't know how to interpret %r as an X.501 DN" % (ini,), ini) def __str__(self): - return "".join("/" + "+".join("%s=%s" % (rpki.oids.oid2name[a[0]], a[1][1]) + return "".join("/" + "+".join("%s=%s" % (rpki.oids.safe_oid2name(a[0]), a[1][1]) for a in rdn) for rdn in self.dn) |