def normalize_extensions()

in lemur/plugins/lemur_cryptography/plugin.py [0:0]

• 32 lines of code
• 12 McCabe index (conditional complexity)

def normalize_extensions(csr):
    try:
        san_extension = csr.extensions.get_extension_for_oid(
            x509.oid.ExtensionOID.SUBJECT_ALTERNATIVE_NAME
        )
        san_dnsnames = san_extension.value.get_values_for_type(x509.DNSName)
    except x509.extensions.ExtensionNotFound:
        san_dnsnames = []
        san_extension = x509.Extension(
            x509.oid.ExtensionOID.SUBJECT_ALTERNATIVE_NAME,
            True,
            x509.SubjectAlternativeName(san_dnsnames),
        )

    common_name = csr.subject.get_attributes_for_oid(x509.oid.NameOID.COMMON_NAME)
    common_name = common_name[0].value

    if common_name not in san_dnsnames and " " not in common_name:
        # CommonName isn't in SAN and CommonName has no spaces that will cause idna errors
        # Create new list of GeneralNames for including in the SAN extension
        general_names = []
        try:
            # Try adding Subject CN as first SAN general_name
            general_names.append(x509.DNSName(common_name))
        except TypeError:
            # CommonName probably not a valid string for DNSName
            pass

        # Add all submitted SAN names to general_names
        for san in san_extension.value:
            general_names.append(san)

        san_extension = x509.Extension(
            x509.oid.ExtensionOID.SUBJECT_ALTERNATIVE_NAME,
            True,
            x509.SubjectAlternativeName(general_names),
        )

    # Remove original san extension from CSR and add new SAN extension
    extensions = list(filter(filter_san_extensions, csr.extensions._extensions))
    if san_extension is not None and len(san_extension.value._general_names) > 0:
        extensions.append(san_extension)

    return extensions