def _hostname_to_x509(hostname):
# Because we are a DWIM library for lazy slackers, we cheerfully pervert
# the cryptography library's carefully type-safe API, and silently DTRT
# for any of the following hostname types:
#
# - "example.org"
# - "example.org"
# - "éxamplë.org"
# - "xn--xampl-9rat.org"
# - "xn--xampl-9rat.org"
# - "127.0.0.1"
# - "::1"
# - "10.0.0.0/8"
# - "2001::/16"
#
# and wildcard variants of the hostnames.
if not isinstance(hostname, unicode):
raise TypeError("hostnames must be text (unicode on py2, str on py3)")
# Have to try ip_address first, because ip_network("127.0.0.1") is
# interpreted as being the network 127.0.0.1/32. Which I guess would be
# fine, actually, but why risk it.
for ip_converter in [ipaddress.ip_address, ipaddress.ip_network]:
try:
ip_hostname = ip_converter(hostname)
except ValueError:
continue
else:
return x509.IPAddress(ip_hostname)
# Encode to an A-label, like cryptography wants
if hostname.startswith("*."):
alabel_bytes = b"*." + idna.encode(hostname[2:], uts46=True)
else:
alabel_bytes = idna.encode(hostname, uts46=True)
# Then back to text, which is mandatory on cryptography 2.0 and earlier,
# and may or may not be deprecated in cryptography 2.1.
alabel = alabel_bytes.decode("ascii")
return x509.DNSName(alabel)
评论列表
文章目录
