Skip to content

Commit

Permalink
STNDS-445: Add allowance checking for QCStatements (#52)
Browse files Browse the repository at this point in the history
  • Loading branch information
CBonnell authored May 14, 2024
1 parent a38890e commit 258936c
Show file tree
Hide file tree
Showing 14 changed files with 280 additions and 10 deletions.
13 changes: 8 additions & 5 deletions pkilint/common/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,15 @@


class ElementIdentifierAllowanceValidator(validation.Validator):
@staticmethod
def _create_finding(fmt: str, rfc2119word: pkix.Rfc2119Word, o: univ.ObjectIdentifier):
# use global mappings by default
_OID_TO_CODE_NAME = OID_TO_CODE_NAME

@classmethod
def _create_finding(cls, fmt: str, rfc2119word: pkix.Rfc2119Word, o: univ.ObjectIdentifier):
if rfc2119word == pkix.Rfc2119Word.MAY:
return None
else:
return validation.ValidationFinding(rfc2119word.to_severity, fmt.format(oid=OID_TO_CODE_NAME[o]))
return validation.ValidationFinding(rfc2119word.to_severity, fmt.format(oid=cls._OID_TO_CODE_NAME[o]))

def __init__(self, element_name: str, element_oid_retriever: Callable[[document.PDUNode], document.PDUNode],
known_element_allowances: Mapping[univ.ObjectIdentifier, pkix.Rfc2119Word],
Expand All @@ -82,12 +85,12 @@ def __init__(self, element_name: str, element_oid_retriever: Callable[[document.
self._element_oid_retriever = element_oid_retriever

self._expected_element_presences = {
o: ElementIdentifierAllowanceValidator._create_finding(unexpected_absence_code_format, w, o)
o: self._create_finding(unexpected_absence_code_format, w, o)
for o, w in known_element_allowances.items()
if w in {Rfc2119Word.MAY, Rfc2119Word.SHOULD, Rfc2119Word.MUST}
}
self._expected_element_absences = {
o: ElementIdentifierAllowanceValidator._create_finding(unexpected_presence_code_format, w, o)
o: self._create_finding(unexpected_presence_code_format, w, o)
for o, w in known_element_allowances.items()
if w in {Rfc2119Word.MAY, Rfc2119Word.SHOULD_NOT, Rfc2119Word.MUST_NOT}
}
Expand Down
1 change: 1 addition & 0 deletions pkilint/etsi/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,7 @@ def create_validators(certificate_type: CertificateType) -> List[validation.Vali
en_319_412_5.QcEuPDSLanguageValidator(),
en_319_412_1.LegalPersonIdentifierNameRegistrationAuthoritiesValidator(),
en_319_412_1.NaturalPersonIdentifierNameRegistrationAuthoritiesValidator(),
en_319_412_5.QcStatementIdentifierAllowanceValidator(certificate_type),
]

qc_statements_validator_container = validation.ValidatorContainer(
Expand Down
49 changes: 47 additions & 2 deletions pkilint/etsi/en_319_412_5.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
from pkilint import validation
from pkilint import validation, common
from pkilint.etsi import etsi_constants
from pkilint.etsi.asn1 import en_319_412_5
from iso3166 import countries_by_alpha2
from iso4217 import Currency
from urllib.parse import urlparse
from pyasn1_alt_modules import rfc3739
from pkilint.pkix import extension
from pkilint.pkix import extension, Rfc2119Word
import iso639


Expand Down Expand Up @@ -244,3 +245,47 @@ class QcStatementsExtensionCriticalityValidator(extension.ExtensionCriticalityVa
def __init__(self):
super().__init__(type_oid=rfc3739.id_pe_qcStatements, is_critical=False,
validation=self.VALIDATION_QCSTATEMENTS_EXTENSION_CRITICAL)


class QcStatementIdentifierAllowanceValidator(common.ElementIdentifierAllowanceValidator):
"""
EN 319 412-5:
QCS-5-01: EU qualified certificates shall include QCStatements in accordance with table 2
"""
_CODE_CLASSIFIER = 'etsi.en_319_412_5.qcs-5.01'

# qualified statements
_OID_TO_CODE_NAME = {
en_319_412_5.id_etsi_qcs_QcCompliance: 'qc_compliance',
en_319_412_5.id_etsi_qcs_QcType: 'qc_type',
en_319_412_5.id_etsi_qcs_QcCClegislation: 'qc_cc_legislation',
en_319_412_5.id_etsi_qcs_QcSSCD: 'qc_sscd',
}

@classmethod
def retrieve_qualified_statement_id(cls, node):
return node.children['statementId']

def __init__(self, certificate_type: etsi_constants.CertificateType):
allowances = {}

if certificate_type in etsi_constants.EU_QWAC_TYPES:
allowances[en_319_412_5.id_etsi_qcs_QcCompliance] = Rfc2119Word.MUST
allowances[en_319_412_5.id_etsi_qcs_QcCClegislation] = Rfc2119Word.MUST_NOT
allowances[en_319_412_5.id_etsi_qcs_QcType] = Rfc2119Word.MUST
elif certificate_type in etsi_constants.NON_EU_QWAC_TYPES:
allowances[en_319_412_5.id_etsi_qcs_QcCompliance] = Rfc2119Word.MUST_NOT
allowances[en_319_412_5.id_etsi_qcs_QcCClegislation] = Rfc2119Word.MUST

if certificate_type in etsi_constants.QWAC_TYPES:
allowances[en_319_412_5.id_etsi_qcs_QcSSCD] = Rfc2119Word.MUST_NOT

super().__init__(
'qualified statement',
self.retrieve_qualified_statement_id,
allowances,
f'{self._CODE_CLASSIFIER}.{{oid}}_qualified_statement_present',
f'{self._CODE_CLASSIFIER}.{{oid}}_qualified_statement_absent',
None,
pdu_class=rfc3739.QCStatements
)
4 changes: 2 additions & 2 deletions pkilint/etsi/etsi_constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -166,12 +166,12 @@ def from_option_str(value):
CertificateType.QNCP_W_GEN_NATURAL_PERSON_EIDAS_FINAL_CERTIFICATE,
CertificateType.QNCP_W_GEN_LEGAL_PERSON_EIDAS_PRE_CERTIFICATE,
CertificateType.QNCP_W_GEN_LEGAL_PERSON_EIDAS_FINAL_CERTIFICATE,
CertificateType.QNCP_W_GEN_LEGAL_PERSON_EIDAS_PRE_CERTIFICATE,
CertificateType.QNCP_W_GEN_LEGAL_PERSON_NON_EIDAS_FINAL_CERTIFICATE,
CertificateType.QEVCP_W_PSD2_EIDAS_PRE_CERTIFICATE,
CertificateType.QEVCP_W_PSD2_EIDAS_FINAL_CERTIFICATE
}

NON_EU_QWAC_TYPES = QWAC_TYPES - EU_QWAC_TYPES

ETSI_TYPE_TO_CABF_SERVERAUTH_TYPE_MAPPINGS = {
CertificateType.DVCP_PRE_CERTIFICATE: serverauth_constants.CertificateType.DV_PRE_CERTIFICATE,
CertificateType.IVCP_PRE_CERTIFICATE: serverauth_constants.CertificateType.IV_PRE_CERTIFICATE,
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
-----BEGIN CERTIFICATE-----
MIIHdzCCBV+gAwIBAgIMFzle8tVI5MLthWVyMA0GCSqGSIb3DQEBCwUAMFkxCzAJ
BgNVBAYTAkdCMRswGQYDVQQKExJHTU8gR2xvYmFsU2lnbiBMdGQxLTArBgNVBAMT
JEdsb2JhbFNpZ24gR0NDIFIzIFVLIEVWIFFXQUMgQ0EgMjAyMDAeFw0yMzA2MTYw
ODMzMzRaFw0yNDA2MTUwODMzMzNaMIHyMR0wGwYDVQQPDBRQcml2YXRlIE9yZ2Fu
aXphdGlvbjEVMBMGA1UEBRMMMDQ1OS4xMzQuMjU2MRMwEQYLKwYBBAGCNzwCAQMT
AkJFMQswCQYDVQQGEwJCRTEXMBUGA1UECAwOVmxhYW1zLUJyYWJhbnQxDzANBgNV
BAcMBkxldXZlbjEXMBUGA1UECQwORGllc3RzZXZlc3QgMTQxFjAUBgNVBAoMDUds
b2JhbFNpZ24gTlYxIDAeBgNVBAMMF3d3dy5nbG9iYWxzaWduLWRlbW8uY29tMRsw
GQYDVQRhDBJOVFJCRS0wNDU5LjEzNC4yNTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpn0FCPXqC0Lx5clF4Qq4ez3CW3iLRJegKqMaD84PN504skXsY
bDhLz+naT3naIqsYJUV9A+b01BRVgMR4vZpZ27EY28tRwRf9s7eImzO5QXFPoG+i
2ztRC7rE4Q33HO5SRKp3ZEV9Es8fW3/mJxGrLFJuS7c6sX0bU/dBdISw1j0pM/8+
oXN0Kiy/vcMULkP/eL6nmj45jklIFoRxb0AZzemQijj+t8fz8bLWZISLBzvqmL0Y
hjpCkLnyjgVM5xtElSPf7/a7J7jnaleZ3gJhxYF+FndyHooaBAHxFA32BmSgV3PD
Rgq3eLMUGrngSlGNXbTWMxnUTh93lrqiturXAgMBAAGjggKjMIICnzBEBgNVHR8E
PTA7MDmgN6A1hjNodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjN1a2V2
cXdhY2NhMjAyMC5jcmwwNwYIKwYBBQUHAQMEKzApMAgGBgQAjkYBATATBgYEAI5G
AQYwCQYHBACORgEGAzAIBgYEAI5GAQQwgZkGCCsGAQUFBwEBBIGMMIGJMEkGCCsG
AQUFBzAChj1odHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2dj
Y3IzdWtldnF3YWNjYTIwMjAuY3J0MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5n
bG9iYWxzaWduLmNvbS9nc2djY3IzdWtldnF3YWNjYTIwMjAwgacGA1UdIASBnzCB
nDBBBgkrBgEEAaAyAQEwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFs
c2lnbi5jb20vcmVwb3NpdG9yeS8wBwYFZ4EMAQEwCQYHBACL7EABBDBDBgsrBgEE
AaAyASwoATA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv
bS9yZXBvc2l0b3J5LzAiBgNVHREEGzAZghd3d3cuZ2xvYmFsc2lnbi1kZW1vLmNv
bTAiBgVngQwDAQQZMBcTA05UUhMCQkUMDDA0NTkuMTM0LjI1NjAMBgNVHRMBAf8E
AjAAMB8GA1UdIwQYMBaAFAeUNkpRlUn97ioGeTZ/wjc7Ttu/MB0GA1UdJQQWMBQG
CCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUzAkXOmPl1fx/NWnnM2kcUxBA
Z5QwDgYDVR0PAQH/BAQDAgeAMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3
DQEBCwUAA4ICAQCaXlFvQuIgDR/2ARtUwmknMv2K0hARJ8jIXp+uiOoyEejR2HZe
tKOKKXdLZVeFHAV1gujMujStu7zu/weqnoACLLPyZfizxT1CpImPOorvYDzKWOJW
z22Dwg7uxk5HuFmxVla2mru12bdQho0JDmsldMJlc7Mq3S7Q88AOUkmiroaSEsQ+
joZ4NILZtcl2rkD2U/aTOBkUh80CJpyZP8QHD16ztD9sWmBtRtHRnCAdxbZAkKAq
3VQ/qCYT7OkTcui2xh327ZPwmNJiYILJ5vRIheiZIuj31x3FkmXus/f8nTX/p1Mm
Dn1sx2vpuyQ5vGyX8knXyfwqe1NiNKq0QT+1bqLggT2Li21S9XavwFclx6IuRDlB
FWMgJTGPgn2ZIpzmsfOxeCvQAKJWVdvGgDItRPSGnAs3WHeSmQPobW8Qm/LareZc
oDwUBT70C6EMm6cc9C2XVDHPs5wW9eIWL8IF1Jd03tXIIDIfuIHnFX3o/UCkHCCN
4nQSIp57CI8Z5mDbpj3G0jEAnJyYGTPXR6MugsSuY8tTYIyN2y0qXzYxw8PRAMBK
q4f+ZYAHj/I54QT/Rvj2Wyhna9QNBvjWgImHPEDrIZ4MGlTeJuL7WjsQhfQZjQ3a
w24SEg51Sf1UTQ80xAZJoK8Q3kTzymzUZgqeutUtYrTgXjzd4Mv+52YQoQ==
-----END CERTIFICATE-----

node_path,validator,severity,code,message
certificate.tbsCertificate.subject.rdnSequence,EvSubscriberAttributeAllowanceValidator,WARNING,cabf.ev_guidelines.common_name_attribute_present,
certificate.tbsCertificate.extensions.1.extnValue.qCStatements,QcStatementIdentifierAllowanceValidator,ERROR,etsi.en_319_412_5.qcs-5.01.qc_sscd_qualified_statement_present,
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies,SubscriberPoliciesValidator,WARNING,cabf.serverauth.subscriber_first_policy_oid_not_reserved,
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.0.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present,
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.3.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present,
certificate.tbsCertificate.extensions.9.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.subject_key_identifier_extension_present,
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 1.3.6.1.5.5.7.1.3
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 2.23.140.3.1
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
-----BEGIN CERTIFICATE-----
MIIHWDCCBUCgAwIBAgIMFzle8tVI5MLthWVyMA0GCSqGSIb3DQEBCwUAMFkxCzAJ
BgNVBAYTAkdCMRswGQYDVQQKExJHTU8gR2xvYmFsU2lnbiBMdGQxLTArBgNVBAMT
JEdsb2JhbFNpZ24gR0NDIFIzIFVLIEVWIFFXQUMgQ0EgMjAyMDAeFw0yMzA2MTYw
ODMzMzRaFw0yNDA2MTUwODMzMzNaMIHyMR0wGwYDVQQPDBRQcml2YXRlIE9yZ2Fu
aXphdGlvbjEVMBMGA1UEBRMMMDQ1OS4xMzQuMjU2MRMwEQYLKwYBBAGCNzwCAQMT
AkJFMQswCQYDVQQGEwJCRTEXMBUGA1UECAwOVmxhYW1zLUJyYWJhbnQxDzANBgNV
BAcMBkxldXZlbjEXMBUGA1UECQwORGllc3RzZXZlc3QgMTQxFjAUBgNVBAoMDUds
b2JhbFNpZ24gTlYxIDAeBgNVBAMMF3d3dy5nbG9iYWxzaWduLWRlbW8uY29tMRsw
GQYDVQRhDBJOVFJCRS0wNDU5LjEzNC4yNTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpn0FCPXqC0Lx5clF4Qq4ez3CW3iLRJegKqMaD84PN504skXsY
bDhLz+naT3naIqsYJUV9A+b01BRVgMR4vZpZ27EY28tRwRf9s7eImzO5QXFPoG+i
2ztRC7rE4Q33HO5SRKp3ZEV9Es8fW3/mJxGrLFJuS7c6sX0bU/dBdISw1j0pM/8+
oXN0Kiy/vcMULkP/eL6nmj45jklIFoRxb0AZzemQijj+t8fz8bLWZISLBzvqmL0Y
hjpCkLnyjgVM5xtElSPf7/a7J7jnaleZ3gJhxYF+FndyHooaBAHxFA32BmSgV3PD
Rgq3eLMUGrngSlGNXbTWMxnUTh93lrqiturXAgMBAAGjggKEMIICgDBEBgNVHR8E
PTA7MDmgN6A1hjNodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjN1a2V2
cXdhY2NhMjAyMC5jcmwwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATCBmQYIKwYB
BQUHAQEEgYwwgYkwSQYIKwYBBQUHMAKGPWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2ln
bi5jb20vY2FjZXJ0L2dzZ2NjcjN1a2V2cXdhY2NhMjAyMC5jcnQwPAYIKwYBBQUH
MAGGMGh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjN1a2V2cXdhY2Nh
MjAyMDCBpwYDVR0gBIGfMIGcMEEGCSsGAQQBoDIBATA0MDIGCCsGAQUFBwIBFiZo
dHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAHBgVngQwBATAJ
BgcEAIvsQAEEMEMGCysGAQQBoDIBLCgBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8v
d3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMCIGA1UdEQQbMBmCF3d3dy5n
bG9iYWxzaWduLWRlbW8uY29tMCIGBWeBDAMBBBkwFxMDTlRSEwJCRQwMMDQ1OS4x
MzQuMjU2MAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUB5Q2SlGVSf3uKgZ5Nn/C
NztO278wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBTM
CRc6Y+XV/H81aeczaRxTEEBnlDAOBgNVHQ8BAf8EBAMCB4AwEwYKKwYBBAHWeQIE
AwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggIBAJpeUW9C4iANH/YBG1TCaScy/YrS
EBEnyMhen66I6jIR6NHYdl60o4opd0tlV4UcBXWC6My6NK27vO7/B6qegAIss/Jl
+LPFPUKkiY86iu9gPMpY4lbPbYPCDu7GTke4WbFWVraau7XZt1CGjQkOayV0wmVz
syrdLtDzwA5SSaKuhpISxD6Ohng0gtm1yXauQPZT9pM4GRSHzQImnJk/xAcPXrO0
P2xaYG1G0dGcIB3FtkCQoCrdVD+oJhPs6RNy6LbGHfbtk/CY0mJggsnm9EiF6Jki
6PfXHcWSZe6z9/ydNf+nUyYOfWzHa+m7JDm8bJfySdfJ/Cp7U2I0qrRBP7VuouCB
PYuLbVL1dq/AVyXHoi5EOUEVYyAlMY+CfZkinOax87F4K9AAolZV28aAMi1E9Iac
CzdYd5KZA+htbxCb8tqt5lygPBQFPvQLoQybpxz0LZdUMc+znBb14hYvwgXUl3Te
1cggMh+4gecVfej9QKQcII3idBIinnsIjxnmYNumPcbSMQCcnJgZM9dHoy6CxK5j
y1NgjI3bLSpfNjHDw9EAwEqrh/5lgAeP8jnhBP9G+PZbKGdr1A0G+NaAiYc8QOsh
ngwaVN4m4vtaOxCF9BmNDdrDbhISDnVJ/VRNDzTEBkmgrxDeRPPKbNRmCp661S1i
tOBePN3gy/7nZhCh
-----END CERTIFICATE-----

node_path,validator,severity,code,message
certificate.tbsCertificate.subject.rdnSequence,EvSubscriberAttributeAllowanceValidator,WARNING,cabf.ev_guidelines.common_name_attribute_present,
certificate.tbsCertificate.extensions.1.extnValue.qCStatements,QcStatementIdentifierAllowanceValidator,ERROR,etsi.en_319_412_5.qcs-5.01.qc_type_qualified_statement_absent,
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies,SubscriberPoliciesValidator,WARNING,cabf.serverauth.subscriber_first_policy_oid_not_reserved,
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.0.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present,
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.3.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present,
certificate.tbsCertificate.extensions.9.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.subject_key_identifier_extension_present,
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 1.3.6.1.5.5.7.1.3
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 2.23.140.3.1
Original file line number Diff line number Diff line change
Expand Up @@ -51,4 +51,5 @@ certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.3.policyQu
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.0.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present,
certificate.tbsCertificate.subject.rdnSequence,EvSubscriberAttributeAllowanceValidator,WARNING,cabf.ev_guidelines.common_name_attribute_present,
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 1.3.6.1.5.5.7.1.3
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 2.23.140.3.1
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 2.23.140.3.1
certificate.tbsCertificate.extensions.1.extnValue.qCStatements,QcStatementIdentifierAllowanceValidator,ERROR,etsi.en_319_412_5.qcs-5.01.qc_compliance_qualified_statement_present,
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,4 @@ certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.0.policyQu
certificate.tbsCertificate.subject.rdnSequence,EvSubscriberAttributeAllowanceValidator,WARNING,cabf.ev_guidelines.common_name_attribute_present,
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 1.3.6.1.5.5.7.1.3
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 2.23.140.3.1
certificate.tbsCertificate.extensions.1.extnValue.qCStatements,QcStatementIdentifierAllowanceValidator,ERROR,etsi.en_319_412_5.qcs-5.01.qc_compliance_qualified_statement_present,
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,4 @@ certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARN
certificate.tbsCertificate.subject.rdnSequence,EvSubscriberAttributeAllowanceValidator,WARNING,cabf.ev_guidelines.common_name_attribute_present,
certificate.tbsCertificate.extensions.9.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.3.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present,
certificate.tbsCertificate.extensions.1.extnValue.qCStatements,QcStatementIdentifierAllowanceValidator,ERROR,etsi.en_319_412_5.qcs-5.01.qc_compliance_qualified_statement_present,
Original file line number Diff line number Diff line change
Expand Up @@ -52,3 +52,4 @@ certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARN
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.3.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present,
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.0.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present,
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 2.23.140.3.1
certificate.tbsCertificate.extensions.1.extnValue.qCStatements,QcStatementIdentifierAllowanceValidator,ERROR,etsi.en_319_412_5.qcs-5.01.qc_compliance_qualified_statement_present,
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,4 @@ certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARN
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.3.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present,
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.0.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present,
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 2.23.140.3.1
certificate.tbsCertificate.extensions.1.extnValue.qCStatements,QcStatementIdentifierAllowanceValidator,ERROR,etsi.en_319_412_5.qcs-5.01.qc_compliance_qualified_statement_present,
Loading

0 comments on commit 258936c

Please sign in to comment.