RFC 2459 name comparison.

net/data/verify_name_match_unittest/scripts/generate-names.py

+#!/usr/bin/env python
+# Copyright 2015 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+import copy
+import os
+import subprocess
+import tempfile
+
+
+class RDN:
+  def __init__(self):
+    self.attrs = []
+
+  def add_attr(self, attr_type, attr_value_type, attr_value,
+               attr_modifier=None):
+    self.attrs.append((attr_type, attr_value_type, attr_value, attr_modifier))
+    return self
+
+  def __str__(self):
+    s = ''
+    for n, attr in enumerate(self.attrs):
+      s += 'attrTypeAndValue%i=SEQUENCE:attrTypeAndValueSequence%i_%i\n' % (
+          n, id(self), n)
+
+    s += '\n'
+    for n, attr in enumerate(self.attrs):
+      attr_type, attr_value_type, attr_value, attr_modifier = attr
+      s += '[attrTypeAndValueSequence%i_%i]\n' % (id(self), n)
+      # Note the quotes around the string value here, which is necessary for
+      # trailing whitespace to be included by openssl.
+      s += 'type=OID:%s\n' % attr_type
+      s += 'value='
+      if attr_modifier:
+        s += attr_modifier + ','
+      s += '%s:"%s"\n' % (attr_value_type, attr_value)
+
+    return s
+
+
+class NameGenerator:
+  def __init__(self):
+    self.rdns = []
+
+  def add_rdn(self):
+    rdn = RDN()
+    self.rdns.append(rdn)
+    return rdn
+
+  def __str__(self):
+    s = 'asn1 = SEQUENCE:rdnSequence\n\n[rdnSequence]\n'
+    for n, rdn in enumerate(self.rdns):
+      s += 'rdn%i = SET:rdnSet%i\n' % (n, n)
+
+    s += '\n'
+
+    for n, rdn in enumerate(self.rdns):
+      s += '[rdnSet%i]\n%s\n' % (n, rdn)
+
+    return s
+
+
+def generate(s, fn):
+  outfn = os.path.join('..', 'names', fn)
+  f = tempfile.NamedTemporaryFile()
+  f.write(str(s))
+  f.flush()
+  subprocess.check_call(['openssl', 'asn1parse', '-genconf', f.name, '-noout',
+                         '-out', outfn])
+  f.close()
+
+
+def unmangled(s):
+  return s
+
+
+def extra_whitespace(s):
+  return '  ' + s.replace(' ', '   ') + '  '
+
+
+def case_swap(s):
+  return s.swapcase()
+
+
+def main():
+  for valuetype in ('PRINTABLESTRING', 'T61STRING', 'UTF8', 'BMPSTRING',
+                    'UNIVERSALSTRING'):
+    for string_mangler in (unmangled, extra_whitespace, case_swap):
+      n=NameGenerator()
+      n.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'US')
+      n.add_rdn().add_attr('stateOrProvinceName',
+                           valuetype,
+                           string_mangler('New York'))
+      n.add_rdn().add_attr('localityName',
+                           valuetype,
+                           string_mangler("ABCDEFGHIJKLMNOPQRSTUVWXYZ "
+                                          "abcdefghijklmnopqrstuvwxyz "
+                                          "0123456789 '()+,-./:=?"))
+
+      n_extra_attr = copy.deepcopy(n)
+      n_extra_attr.rdns[-1].add_attr('organizationName',
+                                     valuetype,
+                                     string_mangler('Name of company'))
+
+      n_extra_rdn = copy.deepcopy(n)
+      n_extra_rdn.add_rdn().add_attr('organizationName',
+                                     valuetype,
+                                     string_mangler('Name of company'))
+
+      filename_base = 'ascii-' + valuetype + '-' + string_mangler.__name__
+
+      generate(n, filename_base + '.der')
+      generate(n_extra_attr, filename_base + '-extra_attr.der')
+      generate(n_extra_rdn, filename_base + '-extra_rdn.der')
+
+  for valuetype in ('UTF8', 'BMPSTRING', 'UNIVERSALSTRING'):
+    n=NameGenerator()
+    n.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'JP')
+    n.add_rdn().add_attr('localityName',
+                         valuetype,
+                         "\xe6\x9d\xb1\xe4\xba\xac",
+                         "FORMAT:UTF8")
+
+    filename_base = 'unicode_bmp-' + valuetype + '-' + 'unmangled'
+    generate(n, filename_base + '.der')
+
+  for valuetype in ('UTF8', 'UNIVERSALSTRING'):
+    n=NameGenerator()
+    n.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'JP')
+    n.add_rdn().add_attr('localityName',
+                         valuetype,
+                         "\xf0\x9d\x90\x80\xf0\x9d\x90\x99",
+                         "FORMAT:UTF8")
+
+    filename_base = 'unicode_supplementary-' + valuetype + '-' + 'unmangled'
+    generate(n, filename_base + '.der')
+
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+rdn0 = SET:rdnSet0
+[rdnSet0]
+attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0
+[attrTypeAndValueSequence0_0]
+type=OID:countryName
+value=PRINTABLESTRING:"US"
+extra=PRINTABLESTRING:"hello world"
+""", "invalid-AttributeTypeAndValue-extradata.der")
+
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+rdn0 = SET:rdnSet0
+[rdnSet0]
+attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0
+[attrTypeAndValueSequence0_0]
+type=OID:countryName
+""", "invalid-AttributeTypeAndValue-onlyOneElement.der")
+
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+rdn0 = SET:rdnSet0
+[rdnSet0]
+attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0
+[attrTypeAndValueSequence0_0]
+""", "invalid-AttributeTypeAndValue-empty.der")
+
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+rdn0 = SET:rdnSet0
+[rdnSet0]
+attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0
+[attrTypeAndValueSequence0_0]
+type=PRINTABLESTRING:"hello world"
+value=PRINTABLESTRING:"US"
+""", "invalid-AttributeTypeAndValue-badAttributeType.der")
+
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+rdn0 = SET:rdnSet0
+[rdnSet0]
+attrTypeAndValue0=SET:attrTypeAndValueSequence0_0
+[attrTypeAndValueSequence0_0]
+type=OID:countryName
+value=PRINTABLESTRING:"US"
+""", "invalid-AttributeTypeAndValue-setNotSequence.der")
+
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+rdn0 = SEQUENCE:rdnSet0
+[rdnSet0]
+attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0
+[attrTypeAndValueSequence0_0]
+type=OID:countryName
+value=PRINTABLESTRING:"US"
+""", "invalid-RDN-sequenceInsteadOfSet.der")
+
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+rdn0 = SET:rdnSet0
+[rdnSet0]
+""", "invalid-RDN-empty.der")
+
+  generate("""asn1 = SET:rdnSequence
+[rdnSequence]
+rdn0 = SET:rdnSet0
+[rdnSet0]
+attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0
+[attrTypeAndValueSequence0_0]
+type=OID:countryName
+value=PRINTABLESTRING:"US"
+""", "invalid-Name-setInsteadOfSequence.der")
+
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+""", "invalid-Name-empty.der")
+
+  # Certs with a RDN that is sorted differently due to length of the values, but
+  # which should compare equal when normalized.
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+rdn0 = SET:rdnSet0
+[rdnSet0]
+attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0
+attrTypeAndValue1=SEQUENCE:attrTypeAndValueSequence0_1
+[attrTypeAndValueSequence0_0]
+type=OID:stateOrProvinceName
+value=PRINTABLESTRING:"    state"
+[attrTypeAndValueSequence0_1]
+type=OID:localityName
+value=PRINTABLESTRING:"locality"
+""", "ascii-PRINTABLESTRING-rdn_sorting_1.der")
+
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+rdn0 = SET:rdnSet0
+[rdnSet0]
+attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0
+attrTypeAndValue1=SEQUENCE:attrTypeAndValueSequence0_1
+[attrTypeAndValueSequence0_0]
+type=OID:stateOrProvinceName
+value=PRINTABLESTRING:"state"
+[attrTypeAndValueSequence0_1]
+type=OID:localityName
+value=PRINTABLESTRING:" locality"
+""", "ascii-PRINTABLESTRING-rdn_sorting_2.der")
+
+  # Certs with a RDN that is sorted differently due to length of the values, and
+  # also contains multiple values with the same type.
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+rdn0 = SET:rdnSet0
+[rdnSet0]
+attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0
+attrTypeAndValue1=SEQUENCE:attrTypeAndValueSequence0_1
+attrTypeAndValue2=SEQUENCE:attrTypeAndValueSequence0_2
+attrTypeAndValue3=SEQUENCE:attrTypeAndValueSequence0_3
+attrTypeAndValue4=SEQUENCE:attrTypeAndValueSequence0_4
+[attrTypeAndValueSequence0_0]
+type=OID:domainComponent
+value=IA5STRING:"     cOm"
+[attrTypeAndValueSequence0_1]
+type=OID:domainComponent
+value=IA5STRING:"eXaMple"
+[attrTypeAndValueSequence0_2]
+type=OID:domainComponent
+value=IA5STRING:"wWw"
+[attrTypeAndValueSequence0_3]
+type=OID:localityName
+value=PRINTABLESTRING:"NEw"
+[attrTypeAndValueSequence0_4]
+type=OID:localityName
+value=PRINTABLESTRING:"   yORk    "
+""", "ascii-mixed-rdn_dupetype_sorting_1.der")
+
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+rdn0 = SET:rdnSet0
+[rdnSet0]
+attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0
+attrTypeAndValue1=SEQUENCE:attrTypeAndValueSequence0_1
+attrTypeAndValue2=SEQUENCE:attrTypeAndValueSequence0_2
+attrTypeAndValue3=SEQUENCE:attrTypeAndValueSequence0_3
+attrTypeAndValue4=SEQUENCE:attrTypeAndValueSequence0_4
+[attrTypeAndValueSequence0_0]
+type=OID:domainComponent
+value=IA5STRING:"cOM"
+[attrTypeAndValueSequence0_1]
+type=OID:domainComponent
+value=IA5STRING:"eXampLE"
+[attrTypeAndValueSequence0_2]
+type=OID:domainComponent
+value=IA5STRING:"    Www  "
+[attrTypeAndValueSequence0_3]
+type=OID:localityName
+value=PRINTABLESTRING:"   nEw            "
+[attrTypeAndValueSequence0_4]
+type=OID:localityName
+value=PRINTABLESTRING:"yoRK"
+""", "ascii-mixed-rdn_dupetype_sorting_2.der")
+
+  # Minimal valid config. Copy and modify this one when generating new invalid
+  # configs.
+  generate("""asn1 = SEQUENCE:rdnSequence
+[rdnSequence]
+rdn0 = SET:rdnSet0
+[rdnSet0]
+attrTypeAndValue0=SEQUENCE:attrTypeAndValueSequence0_0
+[attrTypeAndValueSequence0_0]
+type=OID:countryName
+value=PRINTABLESTRING:"US"
+""", "valid-minimal.der")
+
+if __name__ == '__main__':
+  main()