From 89ee06810e7f3578c8d86b7bd60625160137523f Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@jrother.eu>
Date: Thu, 26 Aug 2021 20:18:24 +0200
Subject: [PATCH] Further refactored dn code
DN handling now fully conforms to RFC4514 and has a high test coverage.
Still lacks a lot of documentation.
---
docs/api.rst | 6 +
ldapserver/dn.py | 336 ++++++++++++++++++++++++++++++-----------------
tests/test_dn.py | 246 ++++++++++++++++++++++++++++++++++
3 files changed, 470 insertions(+), 118 deletions(-)
create mode 100644 tests/test_dn.py
diff --git a/docs/api.rst b/docs/api.rst
index fb9d587..9b39ba7 100644
--- a/docs/api.rst
+++ b/docs/api.rst
@@ -10,6 +10,12 @@ Request Handler
.. autoclass:: ldapserver.SimpleLDAPRequestHandler
:members:
+Distinguished Names
+-------------------
+
+.. automodule:: ldapserver.dn
+ :members:
+
Directory Objects
-----------------
diff --git a/ldapserver/dn.py b/ldapserver/dn.py
index c6f6bb8..5b09b95 100644
--- a/ldapserver/dn.py
+++ b/ldapserver/dn.py
@@ -1,47 +1,78 @@
-from string import hexdigits as HEXDIGITS, ascii_letters as ASCII_LETTERS, digits as DIGITS
+'''LDAP Distinguished Name Utilities
-from .util import encode_attribute
+Distinguished Names (DNs) identifiy objects in an LDAP directory. In LDAP
+protocol messages and when stored in attribute values DNs are encoded with
+a string representation scheme described in RFC4514.
-DN_ESCAPED = ('"', '+', ',', ';', '<', '>')
-DN_SPECIAL = DN_ESCAPED + (' ', '#', '=')
+This module provides classes to represent `DN` objects and theirs parts
+(`RD` and `RDNAssertion`) that correctly implement encoding, decoding and
+comparing.
+
+Limitations:
+
+* Supported attribute types: `cn`, `l`, `st`, `o`, `ou`, `c`, `street`, `dc`, `uid`
+* Dotted-decimal/OID attribute types are not supported
+* Hexstring attribute values (`foo=#ABCDEF...`) are not supported
+'''
+
+import typing
+import unicodedata
+from string import hexdigits as HEXDIGITS
+
+__all__ = ['DN', 'RDN', 'RDNAssertion']
class DN(tuple):
- def __new__(cls, *args):
+ '''Distinguished Name consiting of zero ore more `RDN` objects'''
+ def __new__(cls, *args, **kwargs):
if len(args) == 1 and isinstance(args[0], DN):
- return args[0]
+ args = args[0]
if len(args) == 1 and isinstance(args[0], str):
- return cls.from_str(args[0])
- return super().__new__(cls, [RDN(rdn) for rdn in args])
+ args = cls.from_str(args[0])
+ for rdn in args:
+ if not isinstance(rdn, RDN):
+ raise TypeError(f'Argument {repr(rdn)} is of type {repr(type(rdn))}, expected ldapserver.dn.RDN object')
+ rdns = tuple(args)
+ if kwargs:
+ rdns = (RDN(**kwargs),) + rdns
+ return super().__new__(cls, rdns)
- def __repr__(self):
- return '<DN(%s)>'%repr(str(self))
+ # Syntax definiton from RFC4514:
+ # distinguishedName = [ relativeDistinguishedName *( COMMA relativeDistinguishedName ) ]
@classmethod
- def from_str(cls, dn, case_ignore_attrs=None):
- if not dn:
- return tuple()
+ def from_str(cls, expr):
escaped = False
rdns = []
- rdn = ''
- for char in dn:
+ token = ''
+ for char in expr:
if escaped:
escaped = False
- rdn += char
+ token += char
elif char == ',':
- rdns.append(RDN.from_str(rdn, case_ignore_attrs=case_ignore_attrs))
- rdn = ''
+ rdns.append(RDN.from_str(token))
+ token = ''
else:
if char == '\\':
escaped = True
- rdn += char
- rdns.append(RDN.from_str(rdn, case_ignore_attrs=case_ignore_attrs))
+ token += char
+ if token:
+ rdns.append(RDN.from_str(token))
return cls(*rdns)
def __str__(self):
return ','.join(map(str, self))
def __bytes__(self):
- return str(self).encode()
+ return str(self).encode('utf8')
+
+ def __repr__(self):
+ return '<ldapserver.dn.DN %s>'%str(self)
+
+ def __eq__(self, obj):
+ return type(self) is type(obj) and super().__eq__(obj)
+
+ def __hash__(self):
+ return hash((type(self), tuple(self)))
def __add__(self, value):
if isinstance(value, DN):
@@ -49,159 +80,228 @@ class DN(tuple):
elif isinstance(value, RDN):
return self + DN(value)
else:
- raise ValueError()
+ raise TypeError(f'Can only add DN or RDN to DN, not {type(value)}')
def __getitem__(self, key):
if isinstance(key, slice):
- return DN(*super().__getitem__(key))
+ return type(self)(*super().__getitem__(key))
return super().__getitem__(key)
- def strip_common_suffix(self, value):
+ def __strip_common_suffix(self, value):
value = DN(value)
minlen = min(len(self), len(value))
for i in range(minlen):
if self[-1 - i] != value[-1 - i]:
return self[:-i or None], value[:-i or None]
- return self[:-minlen], value[:-minlen]
+ return self[:-minlen or None], value[:-minlen or None]
def is_direct_child_of(self, base):
- rchild, rbase = self.strip_common_suffix(DN(base))
+ rchild, rbase = self.__strip_common_suffix(DN(base))
+ print(repr(self), repr(base), repr(rchild), repr(rbase))
return not rbase and len(rchild) == 1
def in_subtree_of(self, base):
- rchild, rbase = self.strip_common_suffix(DN(base)) # pylint: disable=unused-variable
+ rchild, rbase = self.__strip_common_suffix(DN(base)) # pylint: disable=unused-variable
return not rbase
class RDN(tuple):
- '''Group of one or more `RDNAssertion` objects'''
- def __new__(cls, *args):
- if len(args) == 1 and isinstance(args[0], cls):
- return args[0]
- if len(args) == 1 and isinstance(args[0], str):
- return cls.from_str(args[0])
- if len(args) == 1 and isinstance(args[0], dict):
- args = args[0].items()
- assertions = []
- for value in args:
- assertion = RDNAssertion(value)
- if assertion not in assertions:
- assertions.append(assertion)
- assertions.sort()
+ '''Relative Distinguished Name consisting of one or more `RDNAssertion` objects'''
+ def __new__(cls, *assertions, **kwargs):
+ for assertion in assertions:
+ if not isinstance(assertion, RDNAssertion):
+ raise TypeError(f'Argument {repr(assertion)} is of type {repr(type(assertion))}, expected ldapserver.dn.RDNAssertion')
+ assertions = set(assertions)
+ for key, value in kwargs.items():
+ assertions.add(RDNAssertion(key, value))
if not assertions:
- raise ValueError('Invalid RDN "%s"'%repr(args))
- return super().__new__(cls, assertions)
+ raise ValueError('RDN must have at least one assertion')
+ return super().__new__(cls, sorted(assertions, key=lambda assertion: (assertion.attribute, assertion.value_normalized)))
- def __add__(self, value):
- if isinstance(value, RDN):
- return DN(self, value)
- elif isinstance(value, DN):
- return DN(self) + value
- else:
- raise ValueError()
-
- def __repr__(self):
- return '<RDN(%s)>'%repr(str(self))
+ # Syntax definiton from RFC4514:
+ # relativeDistinguishedName = attributeTypeAndValue *( PLUS attributeTypeAndValue )
@classmethod
- def from_str(cls, rdn, case_ignore_attrs=None):
+ def from_str(cls, expr):
escaped = False
assertions = []
token = ''
- for char in rdn:
+ for char in expr:
if escaped:
escaped = False
token += char
elif char == '+':
- assertions.append(RDNAssertion.from_str(token, case_ignore_attrs=case_ignore_attrs))
+ assertions.append(RDNAssertion.from_str(token))
token = ''
else:
if char == '\\':
escaped = True
token += char
- assertions.append(RDNAssertion.from_str(token, case_ignore_attrs=case_ignore_attrs))
+ if token:
+ assertions.append(RDNAssertion.from_str(token))
return cls(*assertions)
def __str__(self):
return '+'.join(map(str, self))
-class RDNAssertion(tuple):
- '''A single assertion (attribute=value)'''
- def __new__(cls, *args):
- if len(args) == 1:
- args = args[0]
- if isinstance(args, RDNAssertion):
- return args
- if isinstance(args, str):
- return cls.from_str(args)
- attribute, value = args
+ def __repr__(self):
+ return '<ldapserver.dn.RDN %s>'%str(self)
+
+ def __eq__(self, obj):
+ return type(self) is type(obj) and super().__eq__(obj)
+
+ def __hash__(self):
+ return hash((type(self), tuple(self)))
+
+ def __add__(self, value):
+ if isinstance(value, RDN):
+ return DN(self, value)
+ elif isinstance(value, DN):
+ return DN(self) + value
+ else:
+ raise TypeError(f'Can only add DN or RDN to RDN, not {type(value)}')
+
+ @property
+ def attribute(self):
+ if len(self) != 1:
+ return None
+ return self[0].attribute
+
+ @property
+ def value(self):
+ if len(self) != 1:
+ return None
+ return self[0].value
+
+ @property
+ def value_normalized(self):
+ if len(self) != 1:
+ return None
+ return self[0].value_normalized
+
+# Mandatory attribute types (RFC4514)
+STRI_ATTRIBUTES = ('cn', 'l', 'st', 'o', 'ou', 'c', 'street', 'dc', 'uid')
+
+DN_ESCAPED = ('"', '+', ',', ';', '<', '>')
+DN_SPECIAL = DN_ESCAPED + (' ', '#', '=')
+
+class RDNAssertion:
+ '''A single attribute value assertion'''
+ __slots__ = ['attribute', 'value', 'value_normalized']
+ attribute: str
+ value: typing.Any
+ value_normalized: typing.Any
+
+ def __init__(self, attribute, value):
if not isinstance(attribute, str):
- raise TypeError('Attribute name in RDN assertion %s=%s must be str not %s'%(repr(attribute), repr(value), repr(type(attribute))))
- for index, char in enumerate(attribute):
- if char not in ASCII_LETTERS+DIGITS+'-':
- raise ValueError('Invalid character in attribute name %s at position %d'%(repr(attribute), index+1))
+ raise TypeError(f'RDNAssertion attribute {repr(attribute)} must be a string but is {type(attribute)}')
attribute = attribute.lower()
- value = encode_attribute(value)
- return super().__new__(cls, (attribute, value))
+ value_normalized = value
+ if attribute in STRI_ATTRIBUTES:
+ if not isinstance(value, str):
+ raise TypeError(f'RDNAssertion value {repr(value)} for attribute "{attribute}" must be a string but is {type(value)}')
+ if value == '':
+ raise ValueError(f'RDNAssertion value for attribute "{attribute}" must not be empty')
+ value_normalized = unicodedata.normalize('NFC', value.lower())
+ else:
+ raise ValueError(f'RDNAssertion attribute "{attribute}" is unsupported')
+ super().__setattr__('value', value)
+ super().__setattr__('value_normalized', value_normalized)
+ super().__setattr__('attribute', attribute)
- def __repr__(self):
- return '<RDNAssertion(%s)>'%repr(str(self))
+ # Syntax definiton from RFC4514 and 4512:
+ #
+ # attributeTypeAndValue = attributeType EQUALS attributeValue
+ # attributeType = descr / numericoid
+ # attributeValue = string / hexstring
+ #
+ # descr = ALPHA *( ALPHA / DIGIT / HYPHEN )
+ # numericoid = number 1*( DOT number )
+ # number = DIGIT / ( LDIGIT 1*DIGIT )
+ #
+ # ; The following characters are to be escaped when they appear
+ # ; in the value to be encoded: ESC, one of <escaped>, leading
+ # ; SHARP or SPACE, trailing SPACE, and NULL.
+ # string = [ ( leadchar / pair ) [ *( stringchar / pair ) ( trailchar / pair ) ] ]
+ #
+ # leadchar = LUTF1 / UTFMB
+ # LUTF1 = %x01-1F / %x21 / %x24-2A / %x2D-3A / %x3D / %x3F-5B / %x5D-7F
+ #
+ # trailchar = TUTF1 / UTFMB
+ # TUTF1 = %x01-1F / %x21 / %x23-2A / %x2D-3A / %x3D / %x3F-5B / %x5D-7F
+ #
+ # stringchar = SUTF1 / UTFMB
+ # SUTF1 = %x01-21 / %x23-2A / %x2D-3A / %x3D / %x3F-5B / %x5D-7F
+ #
+ # pair = ESC ( ESC / special / hexpair )
+ # special = escaped / SPACE / SHARP / EQUALS
+ # escaped = DQUOTE / PLUS / COMMA / SEMI / LANGLE / RANGLE
+ #
+ # hexstring = SHARP 1*hexpair
+ # hexpair = HEX HEX
@classmethod
- def from_str(cls, expr, case_ignore_attrs=None):
- case_ignore_attrs = case_ignore_attrs or []
- hexdigit = None
+ def from_str(cls, expr):
+ attribute, escaped_value = expr.split('=', 1)
+ if escaped_value.startswith('#'):
+ # The "#..." form is used for unknown attribute types and those without
+ # an LDAP string encoding. Supporting it would require us to somehow
+ # handle the hex-encoded BER encoding of the data. We'll stay away from
+ # this mess for now.
+ raise ValueError('Hex-encoded RDN assertion values are not supported')
escaped = False
- tokens = []
- token = b''
- for char in expr:
+ hexdigit = None
+ # We store the unescaped value temporarily as bytes to correctly handle
+ # hex-escaped multi-byte UTF8 sequences
+ encoded_value = b''
+ for char in escaped_value:
if hexdigit is not None:
- if char not in HEXDIGITS:
- raise ValueError('Invalid hexpair: \\%s%s'%(hexdigit, char))
- token += bytes.fromhex('%s%s'%(hexdigit, char))
+ encoded_value += bytes.fromhex('%s%s'%(hexdigit, char))
hexdigit = None
elif escaped:
- escaped = False
- if char in DN_SPECIAL or char == '\\':
- token += char.encode()
+ if char in DN_SPECIAL + ('\\',):
+ encoded_value += char.encode('utf8')
elif char in HEXDIGITS:
hexdigit = char
else:
raise ValueError('Invalid escape: \\%s'%char)
+ escaped = False
elif char == '\\':
escaped = True
- elif char == '=':
- tokens.append(token)
- token = b''
else:
- token += char.encode()
- tokens.append(token)
- if len(tokens) != 2:
- raise ValueError('Invalid assertion in RDN: "%s"'%expr)
- name = tokens[0].decode().lower()
- value = tokens[1]
- if not name or not value:
- raise ValueError('Invalid assertion in RDN: "%s"'%expr)
- if name in case_ignore_attrs:
- value = value.lower()
- return cls(name, value)
+ encoded_value += char.encode('utf8')
+ value = encoded_value.decode('utf8')
+ return cls(attribute, value)
def __str__(self):
- valuestr = ''
- for byte in self.value:
- byte = bytes((byte,))
- try:
- chars = byte.decode()
- except UnicodeDecodeError:
- chars = '\\'+byte.hex()
- if chars in DN_SPECIAL:
- chars = '\\'+chars
- valuestr += chars
- return '%s=%s'%(self.attribute, valuestr)
+ escaped_value = ''
+ for char in self.value:
+ if char in DN_ESCAPED + ('\\',):
+ escaped_value += '\\' + char
+ # Escape non-printable characters for readability. This goes beyond
+ # what the standard requires.
+ elif char in ('\x00',) or not char.isprintable():
+ for codepoint in char.encode('utf8'):
+ escaped_value += '\\%02x'%codepoint
+ else:
+ escaped_value += char
+ if escaped_value.startswith(' ') or escaped_value.startswith('#'):
+ escaped_value = '\\' + escaped_value
+ if escaped_value.endswith(' '):
+ escaped_value = escaped_value[:-1] + '\\' + escaped_value[-1]
+ return '%s=%s'%(self.attribute, escaped_value)
- @property
- def attribute(self):
- return self[0]
+ def __repr__(self):
+ return '<ldapserver.dn.RDNAssertion %s>'%str(self)
- @property
- def value(self):
- return self[1]
+ def __eq__(self, obj):
+ return type(self) is type(obj) and self.attribute == obj.attribute and \
+ self.value_normalized == obj.value_normalized
+
+ def __hash__(self):
+ return hash((type(self), self.attribute, self.value_normalized))
+
+ def __setattr__(self, *args):
+ raise TypeError('RDNAssertion object is immutable')
+
+ def __delattr__(self, *args):
+ raise TypeError('RDNAssertion object is immutable')
diff --git a/tests/test_dn.py b/tests/test_dn.py
new file mode 100644
index 0000000..cfcb2c8
--- /dev/null
+++ b/tests/test_dn.py
@@ -0,0 +1,246 @@
+import unittest
+import enum
+
+from ldapserver.dn import DN, RDN, RDNAssertion
+
+class TestDN(unittest.TestCase):
+ def test_equal(self):
+ self.assertEqual(DN(), DN())
+ self.assertEqual(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')), DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')))
+ self.assertNotEqual(DN(RDN(dc='example'), RDN(dc='net')), DN(RDN(dc='net'), RDN(dc='example')))
+
+ def test_hash(self):
+ self.assertEqual(hash(DN()), hash(DN()))
+ self.assertEqual(hash(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net'))), hash(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net'))))
+
+ def test_repr(self):
+ repr(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')))
+ repr(DN(RDN(cn='James "Jim" Smith, III'), RDN(dc='example'), RDN(dc='net')))
+
+ def test_init(self):
+ self.assertEqual(DN(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net'))), DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(DN(r'uid=jsmith,dc=example,dc=net'), DN.from_str(r'uid=jsmith,dc=example,dc=net'))
+ self.assertEqual(DN(uid='jsmith'), DN(RDN(uid='jsmith')))
+ self.assertEqual(DN(ou='Sales', cn='J. Smith'), DN(RDN(ou='Sales', cn='J. Smith')))
+ self.assertEqual(DN(RDN(dc='example'), RDN(dc='net'), uid='jsmith'), DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(DN(r'dc=example,dc=net', uid='jsmith'), DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')))
+
+ def test_is_direct_child_of(self):
+ self.assertTrue(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')).is_direct_child_of(DN(RDN(dc='example'), RDN(dc='net'))))
+ self.assertFalse(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')).is_direct_child_of(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net'))))
+ self.assertFalse(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')).is_direct_child_of(DN(RDN(dc='foobar'), RDN(dc='net'))))
+ self.assertFalse(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')).is_direct_child_of(DN(RDN(dc='net'))))
+ self.assertFalse(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')).is_direct_child_of(DN(RDN(cn='foobar'), RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net'))))
+ self.assertFalse(DN().is_direct_child_of(DN()))
+ self.assertTrue(DN(RDN(cn='Subschema')).is_direct_child_of(DN()))
+
+ def test_in_subtree_of(self):
+ self.assertTrue(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')).in_subtree_of(DN(RDN(dc='example'), RDN(dc='net'))))
+ self.assertTrue(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')).in_subtree_of(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net'))))
+ self.assertFalse(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')).in_subtree_of(DN(RDN(dc='foobar'), RDN(dc='net'))))
+ self.assertTrue(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')).in_subtree_of(DN(RDN(dc='net'))))
+ self.assertFalse(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')).in_subtree_of(DN(RDN(cn='foobar'), RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net'))))
+ self.assertTrue(DN().in_subtree_of(DN()))
+ self.assertTrue(DN(RDN(cn='Subschema')).in_subtree_of(DN()))
+
+ def test_add(self):
+ self.assertEqual(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')) + DN(), DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(DN() + DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')), DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(DN(RDN(uid='jsmith'), RDN(dc='example')) + RDN(dc='net'), DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(DN(RDN(uid='jsmith')) + DN(RDN(dc='example') + RDN(dc='net')), DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')))
+
+ def test_encode(self):
+ self.assertEqual(str(DN()), r'')
+ self.assertIn(str(DN(RDN(uid='j,smith'), RDN(dc='example'), RDN(dc='net'))), [r'uid=j\,smith,dc=example,dc=net', r'uid=j\2csmith,dc=example,dc=net'])
+ # Examples from RFC4514
+ self.assertEqual(str(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net'))), r'uid=jsmith,dc=example,dc=net')
+ self.assertIn(str(DN(RDN(ou='Sales', cn='J. Smith'), RDN(dc='example'), RDN(dc='net'))), [r'ou=Sales+cn=J. Smith,dc=example,dc=net',
+ r'cn=J. Smith+ou=Sales,dc=example,dc=net'])
+ self.assertIn(str(DN(RDN(cn='James "Jim" Smith, III'), RDN(dc='example'), RDN(dc='net'))), [r'cn=James \"Jim\" Smith\, III,dc=example,dc=net',
+ r'cn=James \22Jim\22 Smith\2c III,dc=example,dc=net'])
+ self.assertEqual(str(DN(RDN(cn='Before\rAfter'), RDN(dc='example'), RDN(dc='net'))), r'cn=Before\0dAfter,dc=example,dc=net')
+ self.assertIn(str(DN(RDN(cn='LuÄić'))), [r'cn=LuÄić', r'cn=Lu\c4\8di\c4\87'])
+
+ def test_decode(self):
+ self.assertEqual(DN.from_str(r''), DN())
+ self.assertEqual(DN.from_str(r'uid=j\,smith,dc=example,dc=net'), DN(RDN(uid='j,smith'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(DN.from_str(r'uid=j\2csmith,dc=example,dc=net'), DN(RDN(uid='j,smith'), RDN(dc='example'), RDN(dc='net')))
+ # Examples from RFC4514
+ self.assertEqual(DN.from_str(r'uid=jsmith,dc=example,dc=net'), DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(DN.from_str(r'ou=Sales+cn=J. Smith,dc=example,dc=net'), DN(RDN(ou='Sales', cn='J. Smith'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(DN.from_str(r'cn=J. Smith+ou=Sales,dc=example,dc=net'), DN(RDN(ou='Sales', cn='J. Smith'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(DN.from_str(r'cn=James \"Jim\" Smith\, III,dc=example,dc=net'), DN(RDN(cn='James "Jim" Smith, III'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(DN.from_str(r'cn=James \22Jim\22 Smith\2c III,dc=example,dc=net'), DN(RDN(cn='James "Jim" Smith, III'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(DN.from_str(r'cn=Before\0dAfter,dc=example,dc=net'), DN(RDN(cn='Before\rAfter'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(DN.from_str(r'cn=LuÄić'), DN(RDN(cn='LuÄić')))
+ self.assertEqual(DN.from_str(r'cn=Lu\c4\8di\c4\87'), DN(RDN(cn='LuÄić')))
+ with self.assertRaises(ValueError):
+ DN.from_str(r'invalidAttributeType=foobar,dc=example,dc=net')
+ with self.assertRaises(ValueError):
+ DN.from_str(r'cn=,dc=example,dc=net')
+ with self.assertRaises(ValueError):
+ DN.from_str(r',')
+
+ def test_slice(self):
+ self.assertEqual(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net'))[1], RDN(dc='example'))
+ self.assertEqual(DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net'))[1:], DN(RDN(dc='example'), RDN(dc='net')))
+
+class TestRDN(unittest.TestCase):
+ def test_equal(self):
+ self.assertEqual(RDN(RDNAssertion('uid', 'jsmith')), RDN(RDNAssertion('uid', 'Jsmith')))
+ self.assertEqual(RDN(RDNAssertion('uid', 'jsmith')), RDN(RDNAssertion('UID', 'jsmith')))
+ self.assertEqual(RDN(RDNAssertion('ou', 'Sales'), RDNAssertion('cn', 'J. Smith'), RDNAssertion('ou', 'HR')),
+ RDN(RDNAssertion('cn', 'J. Smith'), RDNAssertion('ou', 'HR'), RDNAssertion('ou', 'Sales')))
+
+ def test_hash(self):
+ self.assertEqual(hash(RDN(RDNAssertion('uid', 'jsmith'))), hash(RDN(RDNAssertion('uid', 'Jsmith'))))
+ self.assertEqual(hash(RDN(RDNAssertion('uid', 'jsmith'))), hash(RDN(RDNAssertion('UID', 'jsmith'))))
+ self.assertEqual(hash(RDN(RDNAssertion('ou', 'Sales'), RDNAssertion('cn', 'J. Smith'), RDNAssertion('ou', 'HR'))),
+ hash(RDN(RDNAssertion('cn', 'J. Smith'), RDNAssertion('ou', 'HR'), RDNAssertion('ou', 'Sales'))))
+
+ def test_repr(self):
+ repr(RDN(cn='J. Smith', ou='Sales'))
+ repr(RDN(cn='James "Jim" Smith, III'))
+
+ def test_init(self):
+ self.assertEqual(RDN(cn='J. Smith', ou='Sales'),
+ RDN(RDNAssertion('cn', 'J. Smith'), RDNAssertion('ou', 'Sales')))
+ self.assertEqual(RDN(RDNAssertion('cn', 'J. Smith'), RDNAssertion('ou', 'Sales'), ou='HR'),
+ RDN(RDNAssertion('cn', 'J. Smith'), RDNAssertion('ou', 'Sales'), RDNAssertion('ou', 'HR')))
+ with self.assertRaises(ValueError):
+ RDN()
+
+ def test_add(self):
+ self.assertEqual(RDN(uid='jsmith') + DN(RDN(dc='example'), RDN(dc='net')), DN(RDN(uid='jsmith'), RDN(dc='example'), RDN(dc='net')))
+ self.assertEqual(RDN(uid='jsmith') + RDN(dc='example'), DN(RDN(uid='jsmith'), RDN(dc='example')))
+
+ def test_encode(self):
+ self.assertEqual(str(RDN(cn='foo')), r'cn=foo')
+ self.assertIn(str(RDN(cn='foo', ou='bar')), [r'cn=foo+ou=bar', r'ou=bar+cn=foo'])
+ self.assertIn(str(RDN(cn='foo+bar', ou='bar')), [r'cn=foo\+bar+ou=bar', r'cn=foo\2bbar+ou=bar',
+ r'ou=bar+cn=foo\+bar', r'ou=bar+cn=foo\2bbar'])
+ # Examples from RFC4514
+ self.assertIn(str(RDN(ou='Sales', cn='J. Smith')), [r'ou=Sales+cn=J. Smith', r'cn=J. Smith+ou=Sales'])
+ self.assertEqual(str(RDN(cn='James "Jim" Smith, III')), r'cn=James \"Jim\" Smith\, III')
+
+ def test_decode(self):
+ self.assertEqual(RDN.from_str(r'cn=foo'), RDN(cn='foo'))
+ self.assertEqual(RDN.from_str(r'cn=foo+ou=bar'), RDN(cn='foo', ou='bar'))
+ self.assertEqual(RDN.from_str(r'cn=foo\+bar+ou=bar'), RDN(cn='foo+bar', ou='bar'))
+ # Examples from RFC4514
+ self.assertEqual(RDN.from_str(r'OU=Sales+CN=J. Smith'), RDN(ou='Sales', cn='J. Smith'))
+ self.assertEqual(RDN.from_str(r'CN=James \"Jim\" Smith\, III'), RDN(cn='James "Jim" Smith, III'))
+ with self.assertRaises(ValueError):
+ RDN.from_str(r'')
+ with self.assertRaises(ValueError):
+ RDN.from_str(r'cn')
+ with self.assertRaises(ValueError):
+ RDN.from_str(r'cn=')
+ with self.assertRaises(ValueError):
+ RDN.from_str(r'cn=foo+ou+dc=bar')
+
+class TestRDNAssertion(unittest.TestCase):
+ def test_init(self):
+ with self.assertRaises(ValueError):
+ RDNAssertion('invalidAttributeType', 'foobar')
+ with self.assertRaises(ValueError):
+ RDNAssertion('cn', '')
+
+ def test_equal(self):
+ # NFD vs. NFC of string value
+ self.assertEqual(RDNAssertion('cn', b'fooa\xcc\x88bar'.decode()), RDNAssertion('CN', b'foo\xc3\xa4bar'.decode()))
+ # Different case of string value
+ self.assertEqual(RDNAssertion('cn', 'foo bar'), RDNAssertion('cn', 'Foo Bar'))
+ self.assertEqual(RDNAssertion('cn', 'ä'), RDNAssertion('cn', 'Ä'))
+ # Different case of type
+ self.assertEqual(RDNAssertion('cn', 'foo'), RDNAssertion('CN', 'foo'))
+
+ def test_hash(self):
+ # NFD vs. NFC of string value
+ self.assertEqual(hash(RDNAssertion('cn', b'fooa\xcc\x88bar'.decode())), hash(RDNAssertion('CN', b'foo\xc3\xa4bar'.decode())))
+ # Different case of string value
+ self.assertEqual(hash(RDNAssertion('cn', 'foo bar')), hash(RDNAssertion('cn', 'Foo Bar')))
+ self.assertEqual(hash(RDNAssertion('cn', 'ä')), hash(RDNAssertion('cn', 'Ä')))
+ # Different case of type
+ self.assertEqual(hash(RDNAssertion('cn', 'foo')), hash(RDNAssertion('CN', 'foo')))
+
+ def test_repr(self):
+ repr(RDNAssertion('cn', 'foobar'))
+ repr(RDNAssertion('cn', 'foo\x00bar'))
+
+ def test_immutability(self):
+ assertion = RDNAssertion('cn', 'foobar')
+ with self.assertRaises(TypeError):
+ assertion.attribute = 'uid'
+ with self.assertRaises(TypeError):
+ assertion.value = 'something'
+ with self.assertRaises(TypeError):
+ assertion.value_normalized = 'something'
+ with self.assertRaises(TypeError):
+ del assertion.attribute
+ with self.assertRaises(TypeError):
+ del assertion.value
+ with self.assertRaises(TypeError):
+ del assertion.value_normalized
+
+ def test_encode(self):
+ self.assertIn(str(RDNAssertion('cn', ' foobar')), [r'cn=\ foobar', r'cn=\20foobar'])
+ self.assertIn(str(RDNAssertion('cn', '#foobar')), [r'cn=\#foobar', r'cn=\23foobar'])
+ self.assertIn(str(RDNAssertion('cn', 'foobar ')), [r'cn=foobar\ ', r'cn=foobar\20'])
+ self.assertIn(str(RDNAssertion('cn', 'foo\\bar')), [r'cn=foo\\bar', r'cn=foo\5cbar'])
+ self.assertIn(str(RDNAssertion('cn', 'foo,bar')), [r'cn=foo\,bar', r'cn=foo\2cbar'])
+ self.assertIn(str(RDNAssertion('cn', 'foo+bar')), [r'cn=foo\+bar', r'cn=foo\2bbar'])
+ self.assertEqual(str(RDNAssertion('cn', 'foo\x00bar')), r'cn=foo\00bar')
+ self.assertIn(str(RDNAssertion('cn', 'foo"bar')), [r'cn=foo\"bar', r'cn=foo\22bar'])
+ self.assertIn(str(RDNAssertion('cn', 'foo;bar')), [r'cn=foo\;bar', r'cn=foo\3bbar'])
+ self.assertIn(str(RDNAssertion('cn', 'foo<bar')), [r'cn=foo\<bar', r'cn=foo\3cbar'])
+ self.assertIn(str(RDNAssertion('cn', 'foo>bar')), [r'cn=foo\>bar', r'cn=foo\3ebar'])
+ # Examples from RFC4514
+ self.assertEqual(str(RDNAssertion('cn', 'Before\rAfter')), r'cn=Before\0dAfter')
+ self.assertIn(str(RDNAssertion('cn', 'James "Jim" Smith')), [r'cn=James \"Jim\" Smith', r'cn=James \22Jim\22 Smith'])
+ self.assertIn(str(RDNAssertion('cn', 'LuÄić')), [r'cn=LuÄić', r'cn=Lu\c4\8di\c4\87'])
+
+ def test_decode(self):
+ self.assertEqual(RDNAssertion.from_str(r'cn=\ foobar'), RDNAssertion('cn', ' foobar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=\20foobar'), RDNAssertion('cn', ' foobar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=\#foobar'), RDNAssertion('cn', '#foobar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=\23foobar'), RDNAssertion('cn', '#foobar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foobar\ '), RDNAssertion('cn', 'foobar '))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foobar\20'), RDNAssertion('cn', 'foobar '))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\\bar'), RDNAssertion('cn', 'foo\\bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\5cbar'), RDNAssertion('cn', 'foo\\bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\,bar'), RDNAssertion('cn', 'foo,bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\2cbar'), RDNAssertion('cn', 'foo,bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\+bar'), RDNAssertion('cn', 'foo+bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\2bbar'), RDNAssertion('cn', 'foo+bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\00bar'), RDNAssertion('cn', 'foo\x00bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\"bar'), RDNAssertion('cn', 'foo"bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\;bar'), RDNAssertion('cn', 'foo;bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\<bar'), RDNAssertion('cn', 'foo<bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\>bar'), RDNAssertion('cn', 'foo>bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\>bar'), RDNAssertion('cn', 'foo>bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo#bar'), RDNAssertion('cn', 'foo#bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\#bar'), RDNAssertion('cn', 'foo#bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo bar'), RDNAssertion('cn', 'foo bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\ bar'), RDNAssertion('cn', 'foo bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo=bar'), RDNAssertion('cn', 'foo=bar'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=foo\=bar'), RDNAssertion('cn', 'foo=bar'))
+ self.assertEqual(RDNAssertion.from_str(r'CN=Before\0dAfter'), RDNAssertion('cn', 'Before\rAfter'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=James \"Jim\" Smith'), RDNAssertion('cn', 'James "Jim" Smith'))
+ self.assertEqual(RDNAssertion.from_str(r'cn=James \22Jim\22 Smith'), RDNAssertion('cn', 'James "Jim" Smith'))
+ self.assertEqual(RDNAssertion.from_str(r'CN=LuÄić'), RDNAssertion('cn', 'LuÄić'))
+ self.assertEqual(RDNAssertion.from_str(r'CN=Lu\C4\8Di\C4\87'), RDNAssertion('cn', 'LuÄić'))
+ with self.assertRaises(ValueError):
+ RDNAssertion.from_str(r'1.3.6.1.4.1.1466.0=#04024869')
+ with self.assertRaises(ValueError):
+ RDNAssertion.from_str(r'cn=foo\Xbar')
+ with self.assertRaises(ValueError):
+ RDNAssertion.from_str(r'invalidAttributeType=test')
+ with self.assertRaises(ValueError):
+ RDNAssertion.from_str(r'cn=')
+ with self.assertRaises(ValueError):
+ RDNAssertion.from_str(r'=foo')
+ with self.assertRaises(ValueError):
+ RDNAssertion.from_str(r'')
+ with self.assertRaises(ValueError):
+ RDNAssertion.from_str(r'foo')
--
GitLab