asn1: Add support for PrintableString

src/cryptography/hazmat/asn1/__init__.py

@@ -2,9 +2,15 @@
 # 2.0, and the BSD License. See the LICENSE file in the root of this repository
 # for complete details.
 
-from cryptography.hazmat.asn1.asn1 import decode_der, encode_der, sequence
+from cryptography.hazmat.asn1.asn1 import (
+    PrintableString,
+    decode_der,
+    encode_der,
+    sequence,
+)
 
 __all__ = [
+    "PrintableString",
     "decode_der",
     "encode_der",
     "sequence",

src/cryptography/hazmat/asn1/asn1.py

@@ -115,3 +115,6 @@ def sequence(cls: type[U]) -> type[U]:
         )(cls)
         _register_asn1_sequence(dataclass_cls)
         return dataclass_cls
+
+
+PrintableString = declarative_asn1.PrintableString

src/cryptography/hazmat/bindings/_rust/declarative_asn1.pyi

@@ -34,3 +34,7 @@ class AnnotatedTypeObject:
     def __new__(
         cls, annotated_type: AnnotatedType, value: typing.Any
     ) -> AnnotatedTypeObject: ...
+
+class PrintableString:
+    def __new__(cls, inner: str) -> PrintableString: ...
+    def as_str(self) -> str: ...

src/rust/src/declarative_asn1/decode.rs

@@ -6,7 +6,7 @@ use asn1::Parser;
 use pyo3::types::PyAnyMethods;
 
 use crate::asn1::big_byte_slice_to_py_int;
-use crate::declarative_asn1::types::{AnnotatedType, Type};
+use crate::declarative_asn1::types::{AnnotatedType, PrintableString, Type};
 use crate::error::CryptographyError;
 
 type ParseResult<T> = Result<T, CryptographyError>;
@@ -48,6 +48,15 @@ fn decode_pystr<'a>(
     Ok(pyo3::types::PyString::new(py, value.as_str()))
 }
 
+fn decode_printable_string<'a>(
+    py: pyo3::Python<'a>,
+    parser: &mut Parser<'a>,
+) -> ParseResult<pyo3::Bound<'a, PrintableString>> {
+    let value = parser.read_element::<asn1::PrintableString<'a>>()?.as_str();
+    let inner = pyo3::types::PyString::new(py, value).unbind();
+    Ok(pyo3::Bound::new(py, PrintableString { inner })?)
+}
+
 pub(crate) fn decode_annotated_type<'a>(
     py: pyo3::Python<'a>,
     parser: &mut Parser<'a>,
@@ -78,5 +87,6 @@ pub(crate) fn decode_annotated_type<'a>(
         Type::PyInt() => Ok(decode_pyint(py, parser)?.into_any()),
         Type::PyBytes() => Ok(decode_pybytes(py, parser)?.into_any()),
         Type::PyStr() => Ok(decode_pystr(py, parser)?.into_any()),
+        Type::PrintableString() => Ok(decode_printable_string(py, parser)?.into_any()),
     }
 }

src/rust/src/declarative_asn1/encode.rs

@@ -5,7 +5,7 @@
 use asn1::{SimpleAsn1Writable, Writer};
 use pyo3::types::PyAnyMethods;
 
-use crate::declarative_asn1::types::{AnnotatedType, AnnotatedTypeObject, Type};
+use crate::declarative_asn1::types::{AnnotatedType, AnnotatedTypeObject, PrintableString, Type};
 
 fn write_value<T: SimpleAsn1Writable>(
     writer: &mut Writer<'_>,
@@ -73,6 +73,20 @@ impl asn1::Asn1Writable for AnnotatedTypeObject<'_> {
                 let asn1_string: asn1::Utf8String<'_> = asn1::Utf8String::new(&val);
                 write_value(writer, &asn1_string)
             }
+            Type::PrintableString() => {
+                let val: &pyo3::Bound<'_, PrintableString> = value
+                    .downcast()
+                    .map_err(|_| asn1::WriteError::AllocationError)?;
+                let inner_str: pyo3::pybacked::PyBackedStr = val
+                    .get()
+                    .inner
+                    .extract(py)
+                    .map_err(|_| asn1::WriteError::AllocationError)?;
+                let printable_string: asn1::PrintableString<'_> =
+                    asn1::PrintableString::new(&inner_str)
+                        .ok_or(asn1::WriteError::AllocationError)?;
+                write_value(writer, &printable_string)
+            }
         }
     }
 }

src/rust/src/declarative_asn1/types.rs

@@ -32,6 +32,9 @@ pub enum Type {
     /// `str` -> `UTF8String`
     #[pyo3(constructor = ())]
     PyStr(),
+    /// PrintableString (`str`)
+    #[pyo3(constructor = ())]
+    PrintableString(),
 }
 
 /// A type that we know how to encode/decode, along with any
@@ -70,6 +73,26 @@ impl Annotation {
     }
 }
 
+#[derive(pyo3::FromPyObject)]
+#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.asn1")]
+pub struct PrintableString {
+    pub(crate) inner: pyo3::Py<pyo3::types::PyString>,
+}
+
+#[pyo3::pymethods]
+impl PrintableString {
+    #[new]
+    #[pyo3(signature = (inner,))]
+    fn new(inner: pyo3::Py<pyo3::types::PyString>) -> Self {
+        PrintableString { inner }
+    }
+
+    #[pyo3(signature = ())]
+    pub fn as_str(&self, py: pyo3::Python<'_>) -> pyo3::PyResult<pyo3::Py<pyo3::types::PyString>> {
+        Ok(self.inner.clone_ref(py))
+    }
+}
+
 /// Utility function for converting builtin Python types
 /// to their Rust `Type` equivalent.
 #[pyo3::pyfunction]
@@ -85,6 +108,8 @@ pub fn non_root_python_to_rust<'p>(
         Type::PyStr().into_pyobject(py)
     } else if class.is(pyo3::types::PyBytes::type_object(py)) {
         Type::PyBytes().into_pyobject(py)
+    } else if class.is(PrintableString::type_object(py)) {
+        Type::PrintableString().into_pyobject(py)
     } else {
         Err(pyo3::exceptions::PyTypeError::new_err(format!(
             "cannot handle type: {class:?}"
@@ -131,5 +156,5 @@ pub(crate) fn python_class_to_annotated<'p>(
 #[pyo3::pymodule(gil_used = false)]
 pub(crate) mod types {
     #[pymodule_export]
-    use super::{AnnotatedType, Annotation, Type};
+    use super::{AnnotatedType, Annotation, PrintableString, Type};
 }

src/rust/src/lib.rs

@@ -124,7 +124,7 @@ mod _rust {
 
         #[pymodule_export]
         use crate::declarative_asn1::types::{
-            non_root_python_to_rust, AnnotatedType, Annotation, Type,
+            non_root_python_to_rust, AnnotatedType, Annotation, PrintableString, Type,
         };
     }
 

tests/hazmat/asn1/test_serialization.py

@@ -6,6 +6,8 @@
 import sys
 import typing
 
+import pytest
+
 import cryptography.hazmat.asn1 as asn1
 
 U = typing.TypeVar("U")
@@ -34,16 +36,26 @@ def _comparable_dataclass(cls: typing.Type[U]) -> typing.Type[U]:
         )(cls)
 
 
+# Checks that the encoding-decoding roundtrip results
+# in the expected values and is consistent.
+#
+# The `decoded_eq` argument is the equality function to use
+# for the decoded values. It's useful for types that aren't
+# directly comparable, like `PrintableString`.
 def assert_roundtrips(
-    test_cases: typing.List[typing.Tuple[typing.Any, bytes]],
+    test_cases: typing.List[typing.Tuple[U, bytes]],
+    decoded_eq: typing.Optional[typing.Callable[[U, U], bool]] = None,
 ) -> None:
     for obj, obj_bytes in test_cases:
         encoded = asn1.encode_der(obj)
         assert encoded == obj_bytes
 
         decoded = asn1.decode_der(type(obj), encoded)
         assert isinstance(decoded, type(obj))
-        assert decoded == obj
+        if decoded_eq:
+            assert decoded_eq(decoded, obj)
+        else:
+            assert decoded == obj
 
 
 class TestBool:
@@ -105,6 +117,28 @@ def test_string(self) -> None:
         )
 
 
+class TestPrintableString:
+    def test_ok_printable_string(self) -> None:
+        def decoded_eq(a: asn1.PrintableString, b: asn1.PrintableString):
+            return a.as_str() == b.as_str()
+
+        assert_roundtrips(
+            [
+                (asn1.PrintableString(""), b"\x13\x00"),
+                (asn1.PrintableString("hello"), b"\x13\x05hello"),
+                (asn1.PrintableString("Test User 1"), b"\x13\x0bTest User 1"),
+            ],
+            decoded_eq,
+        )
+
+    def test_invalid_printable_string(self) -> None:
+        with pytest.raises(ValueError, match="allocation error"):
+            asn1.encode_der(asn1.PrintableString("café"))
+
+        with pytest.raises(ValueError, match="error parsing asn1 value"):
+            asn1.decode_der(asn1.PrintableString, b"\x0c\x05caf\xc3\xa9")
+
+
 class TestSequence:
     def test_ok_sequence_single_field(self) -> None:
         @asn1.sequence