Make copy of the name

Don't return a name which points back to the certificate internals anymore. Use copies of the name everywhere. Change-Id: I578df2de4128f5865c6c2363fee6f75a219bf9c7 Closes-bug: 1491083
2016-02-19 12:57:30 +11:00 · 2016-02-19 12:57:30 +11:00 · 9a2b7ebf79
commit 9a2b7ebf79
parent 1cd6e07b68
3 changed files with 20 additions and 2 deletions
--- a/anchor/X509/name.py
+++ b/anchor/X509/name.py
@ -121,8 +121,7 @@ class X509Name(object):
        if name_obj is not None:
            if not isinstance(name_obj, rfc5280.RDNSequence):
                raise TypeError("name is not an RDNSequence")
-            # TODO(stan): actual copy
-            self._name_obj = name_obj
+            self._name_obj = name_obj.clone(cloneValueFlag=True)
        else:
            self._name_obj = rfc5280.RDNSequence()

--- a/tests/X509/test_x509_name.py
+++ b/tests/X509/test_x509_name.py
@ -122,3 +122,11 @@ class TestX509Name(unittest.TestCase):
        val = [str(e) for e in self.name]
        self.assertEqual("countryName: UK", val[0])
        self.assertEqual("givenName: test_GN", val[8])
+
+    def test_deep_clone(self):
+        orig = x509_name.X509Name()
+        orig.add_name_entry(x509_name.OID_countryName, "UK")
+        clone = x509_name.X509Name(orig._name_obj)
+        self.assertEqual(str(orig), str(clone))
+        clone.add_name_entry(x509_name.OID_stateOrProvinceName, "test_ST")
+        self.assertNotEqual(str(orig), str(clone))
--- a/tests/validators/test_callable_validators.py
+++ b/tests/validators/test_callable_validators.py
@ -44,6 +44,7 @@ class TestValidators(tests.DefaultRequestMixin, unittest.TestCase):
        csr = x509_csr.X509Csr()
        name = csr.get_subject()
        name.add_name_entry(x509_name.OID_commonName, cn)
+        csr.set_subject(name)
        return csr

    def _csr_with_san_dns(self, dns):
@ -72,6 +73,7 @@ class TestValidators(tests.DefaultRequestMixin, unittest.TestCase):
        name = csr.get_subject()
        name.add_name_entry(x509_name.OID_commonName, "dummy_value")
        name.add_name_entry(x509_name.OID_commonName, "dummy_value")
+        csr.set_subject(name)

        with self.assertRaises(errors.ValidationError) as e:
            custom.common_name(
@ -95,6 +97,7 @@ class TestValidators(tests.DefaultRequestMixin, unittest.TestCase):
        csr = x509_csr.X509Csr()
        name = csr.get_subject()
        name.add_name_entry(x509_name.OID_commonName, "good.example.com")
+        csr.set_subject(name)

        self.assertEqual(
            None,
@ -108,6 +111,7 @@ class TestValidators(tests.DefaultRequestMixin, unittest.TestCase):
        csr = x509_csr.X509Csr()
        name = csr.get_subject()
        name.add_name_entry(x509_name.OID_commonName, 'bad.example.org')
+        csr.set_subject(name)

        with self.assertRaises(errors.ValidationError) as e:
            custom.common_name(
@ -120,6 +124,7 @@ class TestValidators(tests.DefaultRequestMixin, unittest.TestCase):
        csr = x509_csr.X509Csr()
        name = csr.get_subject()
        name.add_name_entry(x509_name.OID_commonName, '10.1.1.1')
+        csr.set_subject(name)

        self.assertEqual(
            None,
@ -134,6 +139,7 @@ class TestValidators(tests.DefaultRequestMixin, unittest.TestCase):
        csr = x509_csr.X509Csr()
        name = csr.get_subject()
        name.add_name_entry(x509_name.OID_commonName, '15.1.1.1')
+        csr.set_subject(name)

        with self.assertRaises(errors.ValidationError) as e:
            custom.common_name(
@ -216,6 +222,7 @@ class TestValidators(tests.DefaultRequestMixin, unittest.TestCase):
        csr = x509_csr.X509Csr()
        name = csr.get_subject()
        name.add_name_entry(x509_name.OID_commonName, "master.example.com")
+        csr.set_subject(name)

        self.assertEqual(
            None,
@ -230,6 +237,7 @@ class TestValidators(tests.DefaultRequestMixin, unittest.TestCase):
        csr = x509_csr.X509Csr()
        name = csr.get_subject()
        name.add_name_entry(x509_name.OID_commonName, "nv_master.example.com")
+        csr.set_subject(name)

        self.assertEqual(
            None,
@ -248,6 +256,7 @@ class TestValidators(tests.DefaultRequestMixin, unittest.TestCase):
        csr = x509_csr.X509Csr()
        name = csr.get_subject()
        name.add_name_entry(x509_name.OID_commonName, "nv_master.example.com")
+        csr.set_subject(name)

        self.assertEqual(
            None,
@ -265,6 +274,7 @@ class TestValidators(tests.DefaultRequestMixin, unittest.TestCase):
        csr = x509_csr.X509Csr()
        name = csr.get_subject()
        name.add_name_entry(x509_name.OID_commonName, "nv-master.example.com")
+        csr.set_subject(name)

        with self.assertRaises(errors.ValidationError) as e:
            custom.server_group(
@ -520,6 +530,7 @@ class TestValidators(tests.DefaultRequestMixin, unittest.TestCase):
        csr = x509_csr.X509Csr()
        name = csr.get_subject()
        name.add_name_entry(x509_name.OID_commonName, "bad.example.com")
+        csr.set_subject(name)

        with self.assertRaises(errors.ValidationError):
            custom.blacklist_names(