-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
STNDS-494: Add TS 119 312 public key validators (#39)
* STNDS-494: Add TS 119 312 validators * Fix RSA exponent upper bound check * Fix RSA exponent lower bound check * Clean up exponent check
- Loading branch information
Showing
6 changed files
with
270 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
from typing import Optional | ||
|
||
from pyasn1.codec.der.encoder import encode | ||
from pyasn1.type import univ, base | ||
from pyasn1_alt_modules import rfc3279, rfc5280, rfc5480, rfc5639 | ||
|
||
from pkilint import validation | ||
from pkilint.pkix.certificate import certificate_key | ||
|
||
|
||
class RsaKeyValidator(validation.Validator): | ||
""" | ||
TS 119 312, clause 6.2.2.1: | ||
The public exponent e shall be an odd positive integer such that 2^16 < e < 2^256. | ||
""" | ||
VALIDATION_RSA_EXPONENT_OUT_OF_RANGE = validation.ValidationFinding( | ||
validation.ValidationFindingSeverity.NOTICE, | ||
'ts_119_312.6.2.2.1.rsa_exponent_of_range' | ||
) | ||
|
||
VALIDATION_RSA_SMALL_MODULUS = validation.ValidationFinding( | ||
validation.ValidationFindingSeverity.NOTICE, | ||
'ts_119_312.8.4.rsa_small_modulus' | ||
) | ||
|
||
_MIN_MODULUS_LENGTH = 1900 | ||
_MIN_EXPONENT_EXCLUSIVE = 1 << 16 | ||
_MAX_EXPONENT_EXCLUSIVE = 1 << 256 | ||
|
||
def __init__(self): | ||
super().__init__( | ||
validations=[self.VALIDATION_RSA_EXPONENT_OUT_OF_RANGE, self.VALIDATION_RSA_SMALL_MODULUS], | ||
pdu_class=rfc3279.RSAPublicKey | ||
) | ||
|
||
def validate(self, node): | ||
modulus_len = int(node.children['modulus'].pdu).bit_length() | ||
exponent_int = int(node.children['publicExponent'].pdu) | ||
|
||
findings = [] | ||
|
||
if modulus_len < 1900: | ||
findings.append(validation.ValidationFindingDescription( | ||
self.VALIDATION_RSA_SMALL_MODULUS, | ||
f'RSA public key has a modulus length of {modulus_len} bits' | ||
)) | ||
|
||
if not self._MIN_EXPONENT_EXCLUSIVE < exponent_int < self._MAX_EXPONENT_EXCLUSIVE: | ||
findings.append(validation.ValidationFindingDescription( | ||
self.VALIDATION_RSA_EXPONENT_OUT_OF_RANGE, | ||
f'RSA public key has an exponent of {exponent_int}' | ||
)) | ||
|
||
return validation.ValidationResult(self, node, findings) | ||
|
||
|
||
def _create_alg_id_der(o: univ.ObjectIdentifier, params: Optional[base.Asn1Type]) -> bytes: | ||
alg_id = rfc5280.AlgorithmIdentifier() | ||
alg_id['algorithm'] = o | ||
|
||
if params is not None: | ||
alg_id['parameters'] = encode(params) | ||
|
||
return encode(alg_id) | ||
|
||
|
||
_RSA_SPKI_ALG_ID_ENCODINGS = [ | ||
_create_alg_id_der(rfc5480.rsaEncryption, univ.Null('')) | ||
] | ||
|
||
|
||
# TODO: add DSA | ||
|
||
|
||
_ECDSA_SPKI_ALG_ID_ENCODINGS = [ | ||
_create_alg_id_der(rfc5480.id_ecPublicKey, c) for c in ( | ||
univ.ObjectIdentifier('1.2.250.1.223.101.256.1'), # FRP256v1 | ||
rfc5639.brainpoolP256r1, | ||
rfc5639.brainpoolP384r1, | ||
rfc5639.brainpoolP512r1, | ||
rfc5480.secp256r1, | ||
rfc5480.secp384r1, | ||
rfc5480.secp521r1, | ||
) | ||
] | ||
|
||
|
||
_SPKI_ALG_ID_ENCODINGS = _RSA_SPKI_ALG_ID_ENCODINGS + _ECDSA_SPKI_ALG_ID_ENCODINGS | ||
|
||
|
||
class AllowedPublicKeyTypeValidator(certificate_key.AllowedPublicKeyAlgorithmEncodingValidator): | ||
""" | ||
GEN-4.2.5-1 | ||
The subject public key should be selected according to ETSI TS 119 312 [i.7]. | ||
NOTE: Cryptographic suites recommendations defined in ETSI TS 119 312 [i.7] can be superseded by national | ||
recommendations. | ||
""" | ||
VALIDATION_DISCOURAGED_PUBLIC_KEY_TYPE = validation.ValidationFinding( | ||
validation.ValidationFindingSeverity.NOTICE, | ||
'etsi.en_319_412_2.gen-4.2.5-1.discouraged_public_key_type' | ||
) | ||
|
||
def __init__(self): | ||
super().__init__( | ||
validation=self.VALIDATION_DISCOURAGED_PUBLIC_KEY_TYPE, | ||
allowed_encodings=_SPKI_ALG_ID_ENCODINGS, | ||
pdu_class=rfc5280.AlgorithmIdentifier | ||
) |
48 changes: 48 additions & 0 deletions
48
tests/integration_certificate/etsi/qevcp_w_eidas_pre_certificate/bad_ecdsa_curve.crttest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIF8DCCBZWgAwIBAgIOAn2jtGjQ0XIDSuG2eQowCgYIKoZIzj0EAwIwejELMAkG | ||
A1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRYwFAYDVQQKDA1NaWNyb3NlYyBM | ||
dGQuMRcwFQYDVQRhDA5WQVRIVS0yMzU4NDQ5NzEnMCUGA1UEAwweZS1Temlnbm8g | ||
UXVhbGlmaWVkIFRMUyBDQSAyMDE4MB4XDTI0MDQzMDE0MDAxMloXDTI0MDUxMDE0 | ||
MDAxMVowgasxEzARBgsrBgEEAYI3PAIBAxMCSFUxHTAbBgNVBA8MFFByaXZhdGUg | ||
T3JnYW5pemF0aW9uMRUwEwYDVQQFEwwwMS0xMC0wNDcyMTgxCzAJBgNVBAYTAkhV | ||
MREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRkLjEmMCQG | ||
A1UEAwwdZXF0bHNjYTIwMTgtdmFsaWQuZS1zemlnbm8uaHUwWTATBgcqhkjOPQIB | ||
BggqhkjOPQMBDANCAAT6WJ1pvxSfy8QSn2Soe3G8fB7If5XmEZyk6XxwVU2nMYTc | ||
M8WHDNROTX19TCt0BtcAAUJ/krcWdx/GUKSdwnUGo4IDyzCCA8cwDgYDVR0PAQH/ | ||
BAQDAgOIMBMGCisGAQQB1nkCBAMBAf8EAgUAMB0GA1UdJQQWMBQGCCsGAQUFBwMC | ||
BggrBgEFBQcDATBYBgNVHSAEUTBPMAcGBWeBDAEBMAkGBwQAi+xAAQQwOQYNKwYB | ||
BAGBqBgCAQGBKjAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3AuZS1zemlnbm8uaHUv | ||
cWNwczAdBgNVHQ4EFgQUbBS7vo72MFT0KTXHGiyafMbtdeswHwYDVR0jBBgwFoAU | ||
2Y0YuKwjtjuMF8nrbrkXAGkNoIwwKAYDVR0RBCEwH4IdZXF0bHNjYTIwMTgtdmFs | ||
aWQuZS1zemlnbm8uaHUwgbwGA1UdHwSBtDCBsTA5oDegNYYzaHR0cDovL2VxdGxz | ||
Y2EyMDE4LWNybDEuZS1zemlnbm8uaHUvZXF0bHNjYTIwMTguY3JsMDmgN6A1hjNo | ||
dHRwOi8vZXF0bHNjYTIwMTgtY3JsMi5lLXN6aWduby5odS9lcXRsc2NhMjAxOC5j | ||
cmwwOaA3oDWGM2h0dHA6Ly9lcXRsc2NhMjAxOC1jcmwzLmUtc3ppZ25vLmh1L2Vx | ||
dGxzY2EyMDE4LmNybDCCAWgGCCsGAQUFBwEBBIIBWjCCAVYwMAYIKwYBBQUHMAGG | ||
JGh0dHA6Ly9lcXRsc2NhMjAxOC1vY3NwMS5lLXN6aWduby5odTAwBggrBgEFBQcw | ||
AYYkaHR0cDovL2VxdGxzY2EyMDE4LW9jc3AyLmUtc3ppZ25vLmh1MDAGCCsGAQUF | ||
BzABhiRodHRwOi8vZXF0bHNjYTIwMTgtb2NzcDMuZS1zemlnbm8uaHUwPgYIKwYB | ||
BQUHMAKGMmh0dHA6Ly9lcXRsc2NhMjAxOC1jYTEuZS1zemlnbm8uaHUvZXF0bHNj | ||
YTIwMTguY3J0MD4GCCsGAQUFBzAChjJodHRwOi8vZXF0bHNjYTIwMTgtY2EyLmUt | ||
c3ppZ25vLmh1L2VxdGxzY2EyMDE4LmNydDA+BggrBgEFBQcwAoYyaHR0cDovL2Vx | ||
dGxzY2EyMDE4LWNhMy5lLXN6aWduby5odS9lcXRsc2NhMjAxOC5jcnQwgZEGCCsG | ||
AQUFBwEDBIGEMIGBMAgGBgQAjkYBATALBgYEAI5GAQMCAQowUwYGBACORgEFMEkw | ||
JBYeaHR0cHM6Ly9jcC5lLXN6aWduby5odS9xY3BzX2VuEwJlbjAhFhtodHRwczov | ||
L2NwLmUtc3ppZ25vLmh1L3FjcHMTAmh1MBMGBgQAjkYBBjAJBgcEAI5GAQYDMAoG | ||
CCqGSM49BAMCA0kAMEYCIQDEeYuKo1y3nwSPY23+vVI/1uxCspzoZTgYuEoD2Fa1 | ||
DQIhAOdyCCGlfNPUNS7q+8JpiFFIPB1DEXUmydXmXBYshBHm | ||
-----END CERTIFICATE----- | ||
|
||
node_path,validator,severity,code,message | ||
certificate.tbsCertificate.subject.rdnSequence,EvSubscriberAttributeAllowanceValidator,WARNING,cabf.ev_guidelines.common_name_attribute_present, | ||
certificate.tbsCertificate.subject.rdnSequence,LegalPersonSubjectAttributeAllowanceValidator,ERROR,etsi.en_319_412_3.leg-4.2.1-2.organization_identifier_attribute_absent, | ||
certificate.tbsCertificate.subjectPublicKeyInfo,EcdsaKeyValidator,WARNING,cabf.ecdsa_key_validation_failed,Unsupported key type | ||
certificate.tbsCertificate.subjectPublicKeyInfo.algorithm,ServerauthAllowedPublicKeyAlgorithmEncodingValidator,ERROR,cabf.serverauth.prohibited_subject_public_key_algorithm_encoding,Prohibited encoding: 301306072a8648ce3d020106082a8648ce3d03010c | ||
certificate.tbsCertificate.subjectPublicKeyInfo.algorithm,AllowedPublicKeyTypeValidator,NOTICE,etsi.en_319_412_2.gen-4.2.5-1.discouraged_public_key_type,Prohibited encoding: 301306072a8648ce3d020106082a8648ce3d03010c | ||
certificate.tbsCertificate.extensions.0.extnValue.keyUsage,SubscriberKeyUsageValidator,WARNING,cabf.serverauth.subscriber_discouraged_ku_present,Discouraged KU present: keyAgreement | ||
certificate.tbsCertificate.extensions.0.extnValue.keyUsage,LegalPersonKeyUsageValidator,WARNING,etsi.en_319_412_2.nat-4.3.2-1.mixed_key_usage_setting, | ||
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.2.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present, | ||
certificate.tbsCertificate.extensions.4.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified, | ||
certificate.tbsCertificate.extensions.7.extnValue.cRLDistributionPoints,CrlDpDistributionPointCountValidator,WARNING,cabf.serverauth.crldp_multiple_distributionpoints_present, | ||
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.subject_key_identifier_extension_present, | ||
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 1.3.6.1.5.5.7.1.3 |
42 changes: 42 additions & 0 deletions
42
..._certificate/etsi/qncp_w_gen_legal_person_eidas_final_certificate/bad_ecdsa_curve.crttest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIF8DCCBZWgAwIBAgIOAn2jtGjQ0XIDSuG2eQowCgYIKoZIzj0EAwIwejELMAkG | ||
A1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRYwFAYDVQQKDA1NaWNyb3NlYyBM | ||
dGQuMRcwFQYDVQRhDA5WQVRIVS0yMzU4NDQ5NzEnMCUGA1UEAwweZS1Temlnbm8g | ||
UXVhbGlmaWVkIFRMUyBDQSAyMDE4MB4XDTI0MDQzMDE0MDAxMloXDTI0MDUxMDE0 | ||
MDAxMVowgasxEzARBgsrBgEEAYI3PAIBAxMCSFUxHTAbBgNVBA8MFFByaXZhdGUg | ||
T3JnYW5pemF0aW9uMRUwEwYDVQQFEwwwMS0xMC0wNDcyMTgxCzAJBgNVBAYTAkhV | ||
MREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRkLjEmMCQG | ||
A1UEAwwdZXF0bHNjYTIwMTgtdmFsaWQuZS1zemlnbm8uaHUwWTATBgcqhkjOPQIB | ||
BggqhkjOPQMBDANCAAT6WJ1pvxSfy8QSn2Soe3G8fB7If5XmEZyk6XxwVU2nMYTc | ||
M8WHDNROTX19TCt0BtcAAUJ/krcWdx/GUKSdwnUGo4IDyzCCA8cwDgYDVR0PAQH/ | ||
BAQDAgOIMBMGCisGAQQB1nkCBAMBAf8EAgUAMB0GA1UdJQQWMBQGCCsGAQUFBwMC | ||
BggrBgEFBQcDATBYBgNVHSAEUTBPMAcGBWeBDAEBMAkGBwQAi+xAAQQwOQYNKwYB | ||
BAGBqBgCAQGBKjAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3AuZS1zemlnbm8uaHUv | ||
cWNwczAdBgNVHQ4EFgQUbBS7vo72MFT0KTXHGiyafMbtdeswHwYDVR0jBBgwFoAU | ||
2Y0YuKwjtjuMF8nrbrkXAGkNoIwwKAYDVR0RBCEwH4IdZXF0bHNjYTIwMTgtdmFs | ||
aWQuZS1zemlnbm8uaHUwgbwGA1UdHwSBtDCBsTA5oDegNYYzaHR0cDovL2VxdGxz | ||
Y2EyMDE4LWNybDEuZS1zemlnbm8uaHUvZXF0bHNjYTIwMTguY3JsMDmgN6A1hjNo | ||
dHRwOi8vZXF0bHNjYTIwMTgtY3JsMi5lLXN6aWduby5odS9lcXRsc2NhMjAxOC5j | ||
cmwwOaA3oDWGM2h0dHA6Ly9lcXRsc2NhMjAxOC1jcmwzLmUtc3ppZ25vLmh1L2Vx | ||
dGxzY2EyMDE4LmNybDCCAWgGCCsGAQUFBwEBBIIBWjCCAVYwMAYIKwYBBQUHMAGG | ||
JGh0dHA6Ly9lcXRsc2NhMjAxOC1vY3NwMS5lLXN6aWduby5odTAwBggrBgEFBQcw | ||
AYYkaHR0cDovL2VxdGxzY2EyMDE4LW9jc3AyLmUtc3ppZ25vLmh1MDAGCCsGAQUF | ||
BzABhiRodHRwOi8vZXF0bHNjYTIwMTgtb2NzcDMuZS1zemlnbm8uaHUwPgYIKwYB | ||
BQUHMAKGMmh0dHA6Ly9lcXRsc2NhMjAxOC1jYTEuZS1zemlnbm8uaHUvZXF0bHNj | ||
YTIwMTguY3J0MD4GCCsGAQUFBzAChjJodHRwOi8vZXF0bHNjYTIwMTgtY2EyLmUt | ||
c3ppZ25vLmh1L2VxdGxzY2EyMDE4LmNydDA+BggrBgEFBQcwAoYyaHR0cDovL2Vx | ||
dGxzY2EyMDE4LWNhMy5lLXN6aWduby5odS9lcXRsc2NhMjAxOC5jcnQwgZEGCCsG | ||
AQUFBwEDBIGEMIGBMAgGBgQAjkYBATALBgYEAI5GAQMCAQowUwYGBACORgEFMEkw | ||
JBYeaHR0cHM6Ly9jcC5lLXN6aWduby5odS9xY3BzX2VuEwJlbjAhFhtodHRwczov | ||
L2NwLmUtc3ppZ25vLmh1L3FjcHMTAmh1MBMGBgQAjkYBBjAJBgcEAI5GAQYDMAoG | ||
CCqGSM49BAMCA0kAMEYCIQDEeYuKo1y3nwSPY23+vVI/1uxCspzoZTgYuEoD2Fa1 | ||
DQIhAOdyCCGlfNPUNS7q+8JpiFFIPB1DEXUmydXmXBYshBHm | ||
-----END CERTIFICATE----- | ||
|
||
node_path,validator,severity,code,message | ||
certificate.tbsCertificate.extensions.0.extnValue.keyUsage,LegalPersonKeyUsageValidator,WARNING,etsi.en_319_412_2.nat-4.3.2-1.mixed_key_usage_setting, | ||
certificate.tbsCertificate.subject.rdnSequence,LegalPersonSubjectAttributeAllowanceValidator,ERROR,etsi.en_319_412_3.leg-4.2.1-2.organization_identifier_attribute_absent, | ||
certificate.tbsCertificate.subjectPublicKeyInfo.algorithm,AllowedPublicKeyTypeValidator,NOTICE,etsi.en_319_412_2.gen-4.2.5-1.discouraged_public_key_type,Prohibited encoding: 301306072a8648ce3d020106082a8648ce3d03010c | ||
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.2,CertificatePolicyQualifierValidator,NOTICE,pkix.certificate_policies_policy_has_qualifier, | ||
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies,CertificatePoliciesValidator,ERROR,etsi.en_319_412_2.qcs-5.2-2.mismatched_policy_identifier_for_certificate_type,"Certificate type is QNCP_W_GEN_LEGAL_PERSON_EIDAS_FINAL_CERTIFICATE (0.4.0.194112.1.6) but certificate contains certificate type policy identifier ""0.4.0.194112.1.4""" | ||
certificate.tbsCertificate.extensions.4.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified, |
45 changes: 45 additions & 0 deletions
45
...on_certificate/etsi/qncp_w_gen_legal_person_eidas_final_certificate/small_rsa_key.crttest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIG7jCCBNagAwIBAgIQVZHNRxiZp9LoR1nlajD1DDANBgkqhkiG9w0BAQsFADCB | ||
oTELMAkGA1UEBhMCR1IxNjA0BgNVBAoTLUhFTExFTklDIEVYQ0hBTkdFUyAtIEFU | ||
SEVOUyBTVE9DSyBFWENIQU5HRSBTQTEvMC0GA1UEAxMmQVRIRVggUXVhbGlmaWVk | ||
IFdFQiBDZXJ0aWZpY2F0ZXMgQ0EtRzMxDzANBgNVBAcTBkF0aGVuczEYMBYGA1UE | ||
YRMPVkFURUwtMDk5NzU1MTA4MB4XDTI0MDQxMTE0MTY1NVoXDTI1MDQxMTE0MTY1 | ||
NVowgcMxCzAJBgNVBAYTAkdSMTYwNAYDVQQKEy1IRUxMRU5JQyBFWENIQU5HRVMg | ||
LSBBVEhFTlMgU1RPQ0sgRVhDSEFOR0UgU0ExGDAWBgNVBGETD1ZBVEVMLTA5OTc1 | ||
NTEwODEdMBsGA1UEAxMUd2ViZHNzLmF0aGV4Z3JvdXAuZ3IxDzANBgNVBAcTBkF0 | ||
aGVuczETMBEGCysGAQQBgjc8AgEDEwJHUjEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdh | ||
bml6YXRpb24wgeAwDQYJKoZIhvcNAQEBBQADgc4AMIHKAoHEALghERHf5FJ0yQHz | ||
iG1aHOatwVOonjvIm1kCC8PHDRpZhZW3JbZIy3KBVRlJ+nl7AT/vd344oIt7wbH+ | ||
ZxngUawkwWLPCCqqAgvmdllm8EQgenLfjg7Kmy8EcU+eFmPYk2gjXP+9a1JbyKN5 | ||
5Hfx9ezApKAXb+BHNzRtSaNfBZ5AE8jNdl84Xrflr78dMo3sEaxcWpP8BmeBhl9Q | ||
88uMB37HHkIwLYmZNqFnJ9/5pOqFQNMpxdmv+Apk9TmYlhjk6jZ8UwIBA6OCAj8w | ||
ggI7MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBQi | ||
mSRXBmxWdY7b6315ZZxTNanRkTAtBggrBgEFBQcBAwQhMB8wCAYGBACORgEBMBMG | ||
BgQAjkYBBjAJBgcEAI5GAQYDMIGXBggrBgEFBQcBAQSBijCBhzA4BggrBgEFBQcw | ||
AYYsaHR0cDovL29jc3AuYXRoZXhncm91cC5nci9BdGhleFF1YWxpZmllZENBRzMw | ||
SwYIKwYBBQUHMAKGP2h0dHA6Ly9yZXBvLmF0aGV4Z3JvdXAuZ3IvQVRIRVhRdWFs | ||
aWZpZWRXRUJDZXJ0aWZpY2F0ZXNDQUczLmNydDAlBgNVHSAEHjAcMA8GDSsGAQQB | ||
geVaAQNkAQQwCQYHBACL7EABBjBPBgNVHR8ESDBGMESgQqBAhj5odHRwOi8vY3Js | ||
LmF0aGV4Z3JvdXAuZ3IvQVRIRVhRdWFsaWZpZWRXRUJDZXJ0aWZpY2F0ZXNDQUcz | ||
LmNybDAdBgNVHQ4EFgQU07VGL6HuADDUGfAmLWYcVX4vqG0wDgYDVR0PAQH/BAQD | ||
AgeAMHsGA1UdEQR0MHKCFHdlYmRzcy5hdGhleGdyb3VwLmdyghh3ZWJkc3Ntb2Nr | ||
LmF0aGV4Z3JvdXAuZ3KCGndlYmRzcy1ycHhyMS5pbmV0LmhlbGV4Lmdygg9kc3Mu | ||
YXRoZXhuZXQuZ3KCE2Rzc21vY2suYXRoZXhuZXQuZ3IwDAYDVR0TAQH/BAIwADAN | ||
BgkqhkiG9w0BAQsFAAOCAgEAmXiG4SmvTWDGoaEXOQJuFlhbjwG/7MZCh18GeEhI | ||
fkOP0ClvalQImI8gbLo1DecfKDLLXLZpb7UTGtnpkKa2bDb+KyTyr3Aprg9L+KnX | ||
4jM6KfrteZgDP63TcxGXnr3C3Mf5Y8vaFvlmazACRM/r830mnUj1yvK8c7ZkIRhm | ||
t5a2C8lBoMFD+q15QqdU0vK4mV72EBi+xYRuAg7GVZoPM+dZhiNm5dvKjAiaaOG5 | ||
8XKsnaeDDCDDWwjRJ7m8Y5ZaP6L8oGotvCmnXUjJcAmSE1MlXEjkHsGkCqgwY6Wp | ||
/jDh4KpT8dQov1kg4dIKU9PNpdLjmmk/Jv7PMsG7i+3Q8lMCHfCe6NxFnc3GZ62x | ||
6Gq6dKnIqDQzMvYUOnEPfVcfOaWmrmFAaBfVAXfRaXcgAPDknNPgCkdbi5ywuvbY | ||
ckFOcVpv+1u+KqDYdxUMCSxSpls+o0J6c38FbcmuFfB7BYB8cTgucNAGUBur3ku6 | ||
KO8fHcxpO3zLvA9I6LNhOmvLX24dPRprFd8uK+FiciNxbA3CjDGNUtJUErRMG8RR | ||
UXYPAM0tF9fZpKm3SurevG01yO8m/AcmsMuKjzJ9LIle7ioZtDc7C64ldoQ+IEA1 | ||
QRyRo8qDml25rgvC3vTyQ4bngTunPPfEsSO04NT71G7va3DyV/VGVbCnlkj7sIHI | ||
PRY= | ||
-----END CERTIFICATE----- | ||
|
||
node_path,validator,severity,code,message | ||
certificate.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.rSAPublicKey,RsaKeyValidator,NOTICE,ts_119_312.8.4.rsa_small_modulus,RSA public key has a modulus length of 1560 bits | ||
certificate.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.rSAPublicKey,RsaKeyValidator,NOTICE,ts_119_312.6.2.2.1.rsa_exponent_of_range,RSA public key has an exponent of 3 | ||
certificate.tbsCertificate.extensions.6.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,NOTICE,pkix.unknown_subject_key_identifier_calculation_method, |