Allow custom attribute shortnames in rfc4514_string (#6490)

`rfc4514_string()` and related methods now have an optional `attr_name_overrides` parameter to supply custom OID to name mappings, which can be used to match vendor-specific extensions. **BACKWARDS INCOMPATIBLE:** Reverted the nonstandard formatting of email address fields as `E` in `rfc4514_string()` methods from version 35.0. The previous behavior can be restored with: `name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})` Expanded documentation of `Name.rfc4514_string`.
author: Marti Raudsepp <marti@juffo.org> 2021-11-01 02:41:00 +0200
committer: GitHub <noreply@github.com> 2021-11-01 08:41:00 +0800
commit: 0ac3e5037d36ce9409552d57d4a93231ac5d0d4f (patch)
tree: d8cf6562f6ea0b7ae57211d549e2d31fe692a9d7 /docs
parent: 2a654d46dc50c2c6bca9a31719333a8c391e1353 (diff)
download: cryptography-0ac3e5037d36ce9409552d57d4a93231ac5d0d4f.tar.gz
1 files changed, 53 insertions, 5 deletions
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index e646520f0..7d5e0575a 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -1292,12 +1292,42 @@ X.509 CSR (Certificate Signing Request) Builder Object
 
         :return bytes: The DER encoded name.
 
-    .. method:: rfc4514_string()
+    .. method:: rfc4514_string(attr_name_overrides=None)
 
         .. versionadded:: 2.5
+        .. versionchanged:: 36.0
 
-        :return str: Format the given name as a :rfc:`4514` Distinguished Name
-            string, for example ``CN=mydomain.com,O=My Org,C=US``.
+            Added ``attr_name_overrides`` parameter.
+
+        Format the given name as a :rfc:`4514` Distinguished Name
+        string, for example ``CN=mydomain.com,O=My Org,C=US``.
+
+        By default, attributes ``CN``, ``L``, ``ST``, ``O``, ``OU``, ``C``,
+        ``STREET``, ``DC``, ``UID`` are represented by their short name.
+        Unrecognized attributes are formatted as dotted OID strings.
+
+        Example:
+
+        .. doctest::
+
+            >>> name = x509.Name([
+            ...     x509.NameAttribute(NameOID.EMAIL_ADDRESS, "santa@north.pole"),
+            ...     x509.NameAttribute(NameOID.COMMON_NAME, "Santa Claus"),
+            ... ])
+            >>> name.rfc4514_string()
+            'CN=Santa Claus,1.2.840.113549.1.9.1=santa@north.pole'
+            >>> name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})
+            'CN=Santa Claus,E=santa@north.pole'
+
+        :type attr_name_overrides:
+            Dict-like mapping from :class:`~cryptography.x509.ObjectIdentifier`
+            to ``str``
+        :param attr_name_overrides: Specify custom OID to name mappings, which
+            can be used to match vendor-specific extensions. See
+            :class:`~cryptography.x509.oid.NameOID` for common attribute
+            OIDs.
+
+        :rtype: str
 
 
 .. class:: Version
@@ -1342,13 +1372,22 @@ X.509 CSR (Certificate Signing Request) Builder Object
         The :rfc:`4514` short attribute name (for example "CN"),
         or the OID dotted string if a short name is unavailable.
 
-    .. method:: rfc4514_string()
+    .. method:: rfc4514_string(attr_name_overrides=None)
 
         .. versionadded:: 2.5
+        .. versionchanged:: 36.0
+
+            Added ``attr_name_overrides`` parameter.
 
         :return str: Format the given attribute as a :rfc:`4514` Distinguished
             Name string.
 
+        :type attr_name_overrides:
+            Dict-like mapping from :class:`~cryptography.x509.ObjectIdentifier`
+            to ``str``
+        :param attr_name_overrides: Specify custom OID to name mappings, which
+            can be used to match vendor-specific extensions.
+
 
 .. class:: RelativeDistinguishedName(attributes)
 
@@ -1365,13 +1404,22 @@ X.509 CSR (Certificate Signing Request) Builder Object
         :returns: A list of :class:`NameAttribute` instances that match the OID
             provided.  The list should contain zero or one values.
 
-    .. method:: rfc4514_string()
+    .. method:: rfc4514_string(attr_name_overrides=None)
 
         .. versionadded:: 2.5
+        .. versionchanged:: 36.0
+
+            Added ``attr_name_overrides`` parameter.
 
         :return str: Format the given RDN set as a :rfc:`4514` Distinguished
             Name string.
 
+        :type attr_name_overrides:
+            Dict-like mapping from :class:`~cryptography.x509.ObjectIdentifier`
+            to ``str``
+        :param attr_name_overrides: Specify custom OID to name mappings, which
+            can be used to match vendor-specific extensions.
+
 
 .. class:: ObjectIdentifier
author	Marti Raudsepp <marti@juffo.org>	2021-11-01 02:41:00 +0200
committer	GitHub <noreply@github.com>	2021-11-01 08:41:00 +0800
commit	0ac3e5037d36ce9409552d57d4a93231ac5d0d4f (patch)
tree	d8cf6562f6ea0b7ae57211d549e2d31fe692a9d7 /docs
parent	2a654d46dc50c2c6bca9a31719333a8c391e1353 (diff)
download	cryptography-0ac3e5037d36ce9409552d57d4a93231ac5d0d4f.tar.gz