Improve certificate name normalization: remove Unicode characters, etc. (#906)

* Accented characters are replaced with non-accented version (ä -> a) * Spaces are replaced with '-' (previously they were removed) * Multiple non-alphanumeric characters are collapsed into one '-'
2017-09-08 20:52:22 +03:00
parent e72efce071
commit dafed86179
4 changed files with 40 additions and 13 deletions
--- a/lemur/common/defaults.py
+++ b/lemur/common/defaults.py
@ -1,8 +1,25 @@
+import re
+import unicodedata
+
 from cryptography import x509
 from flask import current_app
 from lemur.constants import SAN_NAMING_TEMPLATE, DEFAULT_NAMING_TEMPLATE


+def text_to_slug(value):
+    """Normalize a string to a "slug" value, stripping character accents and removing non-alphanum characters."""
+
+    # Strip all character accents (ä => a): decompose Unicode characters and then drop combining chars.
+    value = ''.join(c for c in unicodedata.normalize('NFKD', value) if not unicodedata.combining(c))
+
+    # Replace all remaining non-alphanumeric characters with '-'. Multiple characters get collapsed into a single dash.
+    # Except, keep 'xn--' used in IDNA domain names as is.
+    value = re.sub(r'[^A-Za-z0-9.]+(?<!xn--)', '-', value)
+
+    # '-' in the beginning or end of string looks ugly.
+    return value.strip('-')
+
+
 def certificate_name(common_name, issuer, not_before, not_after, san):
    """
    Create a name for our certificate. A naming standard
@ -25,21 +42,13 @@ def certificate_name(common_name, issuer, not_before, not_after, san):

    temp = t.format(
        subject=common_name,
-        issuer=issuer,
+        issuer=issuer.replace(' ', ''),
        not_before=not_before.strftime('%Y%m%d'),
        not_after=not_after.strftime('%Y%m%d')
    )

-    disallowed_chars = ''.join(c for c in map(chr, range(256)) if not c.isalnum())
-    disallowed_chars = disallowed_chars.replace("-", "")
-    disallowed_chars = disallowed_chars.replace(".", "")
    temp = temp.replace('*', "WILDCARD")
-
-    for c in disallowed_chars:
-        temp = temp.replace(c, "")
-
-    # white space is silly too
-    return temp.replace(" ", "-")
+    return text_to_slug(temp)


 def signing_algorithm(cert):