def get_attribute_for_oid(self, oid: x509.ObjectIdentifier) -> bytes:
obj = _txt2obj_gc(self._backend, oid.dotted_string)
pos = self._backend._lib.X509_REQ_get_attr_by_OBJ(
self._x509_req, obj, -1)
if pos == -1:
raise x509.AttributeNotFound(
"No {} attribute was found".format(oid), oid)
attr = self._backend._lib.X509_REQ_get_attr(self._x509_req, pos)
self._backend.openssl_assert(attr != self._backend._ffi.NULL)
# We don't support multiple valued attributes for now.
self._backend.openssl_assert(
self._backend._lib.X509_ATTRIBUTE_count(attr) == 1)
asn1_type = self._backend._lib.X509_ATTRIBUTE_get0_type(attr, 0)
self._backend.openssl_assert(asn1_type != self._backend._ffi.NULL)
# We need this to ensure that our C type cast is safe.
# Also this should always be a sane string type, but we'll see if
# that is true in the real world...
if asn1_type.type not in (
_ASN1Type.UTF8String.value,
_ASN1Type.PrintableString.value,
_ASN1Type.IA5String.value,
):
raise ValueError("OID {} has a disallowed ASN.1 type: {}".format(
oid, asn1_type.type))
data = self._backend._lib.X509_ATTRIBUTE_get0_data(
attr, 0, asn1_type.type, self._backend._ffi.NULL)
self._backend.openssl_assert(data != self._backend._ffi.NULL)
# This cast is safe iff we assert on the type above to ensure
# that it is always a type of ASN1_STRING
data = self._backend._ffi.cast("ASN1_STRING *", data)
return _asn1_string_to_bytes(self._backend, data)
def test_obj2txt_buffer_sizing(self):
# This test exercises a branch for larger than default buffer sizing
# in _obj2txt
oid_str = ("1.2.3.182382138123818.1293813123.12381238123.3434834834888"
".383488234284.2348234.234819299576434.23482434203")
obj = encode_asn1._txt2obj_gc(backend, oid_str)
assert decode_asn1._obj2txt(backend, obj) == oid_str