Skip to content

Commit

Permalink
Fix DirString comparison in SMBR CN Validator (#14)
Browse files Browse the repository at this point in the history
  • Loading branch information
CBonnell authored Jun 28, 2023
1 parent 4c23773 commit 338cf9e
Show file tree
Hide file tree
Showing 6 changed files with 161 additions and 5 deletions.
2 changes: 1 addition & 1 deletion VERSION.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.8.5
0.8.6
10 changes: 6 additions & 4 deletions pkilint/cabf/smime/smime_name.py
Original file line number Diff line number Diff line change
Expand Up @@ -337,10 +337,12 @@ def __init__(self, validation_level, generation):
self._generation = generation

@staticmethod
def _is_value_in_atvs(atvs, expected_value_node):
def _is_value_in_dirstring_atvs(atvs, expected_value_node):
for atv in atvs:
try:
_, value = atv.children['value'].child
# get the value contained within the DirectoryString-encoded ATV value
_, atv_dirstring_value_node = atv.children['value'].child
_, value = atv_dirstring_value_node.child
except ValueError:
# skip unparsed field

Expand Down Expand Up @@ -369,7 +371,7 @@ def validate(self, node):
pseudonym_nodes = [t[0] for t in
name.get_name_attributes_by_type(parent_name_node, rfc5280.id_at_pseudonym)]

if CommonNameValidator._is_value_in_atvs(pseudonym_nodes, cn_value_node):
if CommonNameValidator._is_value_in_dirstring_atvs(pseudonym_nodes, cn_value_node):
return

# if there's a GN or SN, assume it's in the CN
Expand All @@ -381,7 +383,7 @@ def validate(self, node):
orgname_nodes = [t[0] for t in
name.get_name_attributes_by_type(parent_name_node, rfc5280.id_at_organizationName)]

if CommonNameValidator._is_value_in_atvs(orgname_nodes, cn_value_node):
if CommonNameValidator._is_value_in_dirstring_atvs(orgname_nodes, cn_value_node):
return

email_addresses = get_email_addresses_from_san(node.document)
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
-----BEGIN CERTIFICATE-----
MIIF2TCCA8GgAwIBAgIUOTexnaThhALqNKiaXDhQLJ/ZBXcwDQYJKoZIhvcNAQEL
BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0
ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MTkwMDAwMDBaFw0y
MzA3MTgyMzU5NTlaMFoxFjAUBgNVBEEMDVlhbWFkYSBIYW5ha28xFjAUBgNVBAMM
DVlBTUFEQSBIYW5ha28xKDAmBgkqhkiG9w0BCQEWGWhhbmFrby55YW1hZGFAZXhh
bXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+egZQ6eu
mJKq3hfKfED4dE/tL4FI5sjqont9ABVI+1GSqyi1bFBgsRjM0THllIdMbKmJtWwn
KW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0fqXmG8UTz0VTWdlAXXmhUs6lSADvAaIe4
RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0yg+801SXzoFTTa+UGIRLE66jH51aa5VX
u99hnv1OiH8tQrjdi8mH6uG/icq4XuIeNWMF32wHqIOOPvQcWV3M5D2vxJEj702K
u6k9OQXkAo17qRSEonWW4HtLbtmS8He1JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKy
qGtGAWXAj1MTAgMBAAGjggGnMIIBozAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
AwIHgDAfBgNVHSMEGDAWgBTWRAAyfKgN/6xPa2buta6bLMU4VDAdBgNVHQ4EFgQU
iRlZXg7xafXLvUfhNPzimMxpMJEwFAYDVR0gBA0wCzAJBgdngQwBBQQDMD0GA1Ud
HwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuY2EuZXhhbXBsZS5jb20vaXNzdWluZ19j
YV9jcmwuY3JsMEsGCCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAoYvaHR0cDovL3Jl
cG9zaXRvcnkuY2EuZXhhbXBsZS5jb20vaXNzdWluZ19jYS5kZXIwEwYDVR0lBAww
CgYIKwYBBQUHAwQwgYsGA1UdEQSBgzCBgIEZaGFuYWtvLnlhbWFkYUBleGFtcGxl
LmNvbaAmBggrBgEFBQcICaAaDBjlsbHnlLDoirHlrZBAZXhhbXBsZS5jb22kOzA5
MQ8wDQYDVQQEDAblsbHnlLAxDzANBgNVBCoMBuiKseWtkDEVMBMGA1UEAwwM5bGx
55Sw6Iqx5a2QMA0GCSqGSIb3DQEBCwUAA4ICAQBs+urC3xpEWW5oXklRx4Lz4tLm
sOvrjghMZ8n7kock2j87kdGM6P6d0CwbIOAvRi4ra9Bw/+vghnmQZ5cWtzVr6yvC
ju5yepf1HMnghBn+rTlbvmwO0t325l5fvfi2UeROWcKX6sGsXSDZCPB7v+sjfnc5
5dsq0b3hoxWvgPvTN0mrjDV/Kazt2j8YW/0nAjv664imqNN/SVi+haqc3BrUGjNR
pfPta+9IqETxDqVDBctBZF1O3kUCKLRG/xt9bt0pKY0nGttEN+wXZpfnrwRpA4Oc
kzHHhH51Zlq5tPtHmJ8k2BBvrAqG77wR6KvbP5jZgUNKz74NT+beQVIPVpM66Uua
DHlrZjIMul0sxTjkRor0q5grSaRRPgi+MknzAR+eMwHwD2miffMN7o/N+nUpW/aN
NedQJzJ/juw8a5VHbVqEYlZHVMSWHJZPEA+mBHJ5aMf5hH9usLFNxqZPpbiXsu2L
LTvQrQyyHK1eiNTc64IUlwCdqZhndFFAosPI9kUoYYn9DVGWz+P05zrYrmPm8k/k
tkOdE5nXFSpcrjae1lBxCfDUdYQMgBKRv+/t6cBj9SMMpj0BwC+zC96HNMDyzN4Z
aCPkjA0J22Xu9BEYszb06NhF/VI2bQOzUhPYq2XIdP0adpJPsnHsZyHYXY/TieRi
aAIe+LpKex9xSCR1NQ==
-----END CERTIFICATE-----

node_path,validator,severity,code,message
certificate.tbsCertificate.subject.rdnSequence.1.0.value.x520CommonName,CommonNameValidator,ERROR,cabf.smime.common_name_value_unknown_source,"Unknown CN value source: ""YAMADA Hanako"""
certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
-----BEGIN CERTIFICATE-----
MIIF2TCCA8GgAwIBAgIUOTexnaThhALqNKiaXDhQLJ/ZBXcwDQYJKoZIhvcNAQEL
BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0
ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MTkwMDAwMDBaFw0y
MzA3MTgyMzU5NTlaMFoxFjAUBgNVBEEMDVlhbWFkYSBIYW5ha28xFjAUBgNVBAMM
DVlhbWFkYSBIYW5ha28xKDAmBgkqhkiG9w0BCQEWGWhhbmFrby55YW1hZGFAZXhh
bXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+egZQ6eu
mJKq3hfKfED4dE/tL4FI5sjqont9ABVI+1GSqyi1bFBgsRjM0THllIdMbKmJtWwn
KW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0fqXmG8UTz0VTWdlAXXmhUs6lSADvAaIe4
RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0yg+801SXzoFTTa+UGIRLE66jH51aa5VX
u99hnv1OiH8tQrjdi8mH6uG/icq4XuIeNWMF32wHqIOOPvQcWV3M5D2vxJEj702K
u6k9OQXkAo17qRSEonWW4HtLbtmS8He1JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKy
qGtGAWXAj1MTAgMBAAGjggGnMIIBozAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
AwIHgDAfBgNVHSMEGDAWgBTWRAAyfKgN/6xPa2buta6bLMU4VDAdBgNVHQ4EFgQU
iRlZXg7xafXLvUfhNPzimMxpMJEwFAYDVR0gBA0wCzAJBgdngQwBBQQDMD0GA1Ud
HwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuY2EuZXhhbXBsZS5jb20vaXNzdWluZ19j
YV9jcmwuY3JsMEsGCCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAoYvaHR0cDovL3Jl
cG9zaXRvcnkuY2EuZXhhbXBsZS5jb20vaXNzdWluZ19jYS5kZXIwEwYDVR0lBAww
CgYIKwYBBQUHAwQwgYsGA1UdEQSBgzCBgIEZaGFuYWtvLnlhbWFkYUBleGFtcGxl
LmNvbaAmBggrBgEFBQcICaAaDBjlsbHnlLDoirHlrZBAZXhhbXBsZS5jb22kOzA5
MQ8wDQYDVQQEDAblsbHnlLAxDzANBgNVBCoMBuiKseWtkDEVMBMGA1UEAwwM5bGx
55Sw6Iqx5a2QMA0GCSqGSIb3DQEBCwUAA4ICAQBs+urC3xpEWW5oXklRx4Lz4tLm
sOvrjghMZ8n7kock2j87kdGM6P6d0CwbIOAvRi4ra9Bw/+vghnmQZ5cWtzVr6yvC
ju5yepf1HMnghBn+rTlbvmwO0t325l5fvfi2UeROWcKX6sGsXSDZCPB7v+sjfnc5
5dsq0b3hoxWvgPvTN0mrjDV/Kazt2j8YW/0nAjv664imqNN/SVi+haqc3BrUGjNR
pfPta+9IqETxDqVDBctBZF1O3kUCKLRG/xt9bt0pKY0nGttEN+wXZpfnrwRpA4Oc
kzHHhH51Zlq5tPtHmJ8k2BBvrAqG77wR6KvbP5jZgUNKz74NT+beQVIPVpM66Uua
DHlrZjIMul0sxTjkRor0q5grSaRRPgi+MknzAR+eMwHwD2miffMN7o/N+nUpW/aN
NedQJzJ/juw8a5VHbVqEYlZHVMSWHJZPEA+mBHJ5aMf5hH9usLFNxqZPpbiXsu2L
LTvQrQyyHK1eiNTc64IUlwCdqZhndFFAosPI9kUoYYn9DVGWz+P05zrYrmPm8k/k
tkOdE5nXFSpcrjae1lBxCfDUdYQMgBKRv+/t6cBj9SMMpj0BwC+zC96HNMDyzN4Z
aCPkjA0J22Xu9BEYszb06NhF/VI2bQOzUhPYq2XIdP0adpJPsnHsZyHYXY/TieRi
aAIe+LpKex9xSCR1NQ==
-----END CERTIFICATE-----

node_path,validator,severity,code,message
certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
-----BEGIN CERTIFICATE-----
MIIGRjCCBC6gAwIBAgIUVVqfvGiErUkRzwZ09xzjZpwLC0QwDQYJKoZIhvcNAQEL
BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0
ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MTkwMDAwMDBaFw0y
MzA3MTgyMzU5NTlaMIGPMSMwIQYDVQRhExpMRUlYRy1BRVlFMDBFS1hFU1ZaVVVF
QlA2NzEeMBwGA1UEChMVQWNtZSBJbmR1c3RyaWVzLCBMdGQuMR4wHAYDVQQDExVB
Q01FIElORFVTVFJJRVMsIExURC4xKDAmBgkqhkiG9w0BCQEWGWhhbmFrby55YW1h
ZGFAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw
+egZQ6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI+1GSqyi1bFBgsRjM0THllIdM
bKmJtWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0fqXmG8UTz0VTWdlAXXmhUs6lS
ADvAaIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0yg+801SXzoFTTa+UGIRLE66j
H51aa5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIeNWMF32wHqIOOPvQcWV3M5D2v
xJEj702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1JNPc/n3dVUm+fM6NoDXPoLP7
j55G9zKyqGtGAWXAj1MTAgMBAAGjggHeMIIB2jAMBgNVHRMBAf8EAjAAMA4GA1Ud
DwEB/wQEAwIHgDAfBgNVHSMEGDAWgBTWRAAyfKgN/6xPa2buta6bLMU4VDAdBgNV
HQ4EFgQUiRlZXg7xafXLvUfhNPzimMxpMJEwFAYDVR0gBA0wCzAJBgdngQwBBQID
MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuY2EuZXhhbXBsZS5jb20vaXNz
dWluZ19jYV9jcmwuY3JsMEsGCCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAoYvaHR0
cDovL3JlcG9zaXRvcnkuY2EuZXhhbXBsZS5jb20vaXNzdWluZ19jYS5kZXIwEwYD
VR0lBAwwCgYIKwYBBQUHAwQwgZ0GA1UdEQSBlTCBkoEZaGFuYWtvLnlhbWFkYUBl
eGFtcGxlLmNvbaAmBggrBgEFBQcICaAaDBjlsbHnlLDoirHlrZBAZXhhbXBsZS5j
b22kTTBLMSMwIQYDVQRhExpMRUlYRy1BRVlFMDBFS1hFU1ZaVVVFQlA2NzEkMCIG
A1UECgwb44Ki44Kv44Of5bel5qWt5qCq5byP5Lya56S+MCMGCSsGAQQBg5gqAQQW
ExRBRVlFMDBFS1hFU1ZaVVVFQlA2NzANBgkqhkiG9w0BAQsFAAOCAgEAVUXkfu8E
GZEmUAh1INwCCFMN898yDR/kP5wWzhJBQnFxL5h48lr7F3f2+lJCS0etGxSOpTSO
vniIVT8CYwzZ35AVS/7V0vlsJNk/ahurYD3ku0IEo9mU0Z/7Bv8PMolKs1rNNbZ0
vUXHoZlfmLF927IjooCEHAYwRmeWtcmWxlqHgGXVFHwriBpsZCFpkGyfD4uvpuWn
/qBOv7b5zdJU7/uP9KHrhALDLmpPoUudgGKIStj8klUnf0RhiVjrQsNDHblRWwZ5
fDpj3pUlLPiBtCpKczg1sX7Tb4rhdPaXar23H1j6WbZTap5bZSAuhOqcNPN5jA7v
0C+ccQbaoOu+FwHn2bIltewBRuXJMJWBrKAnlVLarrc+kE7dheWUFiPAxbIPlH1O
aar0i8NY1BAGjX3AQgoieyaX8rlMqmfQSyV2wzPL3B25sudoiSo+bjv5k4IaWlp0
W2c/Nc5iefZhLhRulwmVaFVzlarZL6iThrKp+PLeBwPeVdiwZdbMk0N6Dlt7j3DW
SoLq9aXVaPhqaAGrRUcD3sHnlbbbFzAOpncVZGqLrT159vKnLwdVmoNfvMJEOs8B
y/qqeLiMxlfbmTjrYqX5LE2fVzWNyirU/PxAezXTvxiZ0RGxpExSWraKQTu05Asv
sAnQYxYalCd3v3uwx02sYnbhJdckhTEJdEE=
-----END CERTIFICATE-----

node_path,validator,severity,code,message
certificate.tbsCertificate.subject.rdnSequence.2.0.value.x520CommonName,CommonNameValidator,ERROR,cabf.smime.common_name_value_unknown_source,"Unknown CN value source: ""ACME INDUSTRIES, LTD."""
certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIGRjCCBC6gAwIBAgIUVVqfvGiErUkRzwZ09xzjZpwLC0QwDQYJKoZIhvcNAQEL
BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0
ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MTkwMDAwMDBaFw0y
MzA3MTgyMzU5NTlaMIGPMSMwIQYDVQRhExpMRUlYRy1BRVlFMDBFS1hFU1ZaVVVF
QlA2NzEeMBwGA1UEChMVQWNtZSBJbmR1c3RyaWVzLCBMdGQuMR4wHAYDVQQDExVB
Y21lIEluZHVzdHJpZXMsIEx0ZC4xKDAmBgkqhkiG9w0BCQEWGWhhbmFrby55YW1h
ZGFAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw
+egZQ6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI+1GSqyi1bFBgsRjM0THllIdM
bKmJtWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0fqXmG8UTz0VTWdlAXXmhUs6lS
ADvAaIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0yg+801SXzoFTTa+UGIRLE66j
H51aa5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIeNWMF32wHqIOOPvQcWV3M5D2v
xJEj702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1JNPc/n3dVUm+fM6NoDXPoLP7
j55G9zKyqGtGAWXAj1MTAgMBAAGjggHeMIIB2jAMBgNVHRMBAf8EAjAAMA4GA1Ud
DwEB/wQEAwIHgDAfBgNVHSMEGDAWgBTWRAAyfKgN/6xPa2buta6bLMU4VDAdBgNV
HQ4EFgQUiRlZXg7xafXLvUfhNPzimMxpMJEwFAYDVR0gBA0wCzAJBgdngQwBBQID
MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuY2EuZXhhbXBsZS5jb20vaXNz
dWluZ19jYV9jcmwuY3JsMEsGCCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAoYvaHR0
cDovL3JlcG9zaXRvcnkuY2EuZXhhbXBsZS5jb20vaXNzdWluZ19jYS5kZXIwEwYD
VR0lBAwwCgYIKwYBBQUHAwQwgZ0GA1UdEQSBlTCBkoEZaGFuYWtvLnlhbWFkYUBl
eGFtcGxlLmNvbaAmBggrBgEFBQcICaAaDBjlsbHnlLDoirHlrZBAZXhhbXBsZS5j
b22kTTBLMSMwIQYDVQRhExpMRUlYRy1BRVlFMDBFS1hFU1ZaVVVFQlA2NzEkMCIG
A1UECgwb44Ki44Kv44Of5bel5qWt5qCq5byP5Lya56S+MCMGCSsGAQQBg5gqAQQW
ExRBRVlFMDBFS1hFU1ZaVVVFQlA2NzANBgkqhkiG9w0BAQsFAAOCAgEAVUXkfu8E
GZEmUAh1INwCCFMN898yDR/kP5wWzhJBQnFxL5h48lr7F3f2+lJCS0etGxSOpTSO
vniIVT8CYwzZ35AVS/7V0vlsJNk/ahurYD3ku0IEo9mU0Z/7Bv8PMolKs1rNNbZ0
vUXHoZlfmLF927IjooCEHAYwRmeWtcmWxlqHgGXVFHwriBpsZCFpkGyfD4uvpuWn
/qBOv7b5zdJU7/uP9KHrhALDLmpPoUudgGKIStj8klUnf0RhiVjrQsNDHblRWwZ5
fDpj3pUlLPiBtCpKczg1sX7Tb4rhdPaXar23H1j6WbZTap5bZSAuhOqcNPN5jA7v
0C+ccQbaoOu+FwHn2bIltewBRuXJMJWBrKAnlVLarrc+kE7dheWUFiPAxbIPlH1O
aar0i8NY1BAGjX3AQgoieyaX8rlMqmfQSyV2wzPL3B25sudoiSo+bjv5k4IaWlp0
W2c/Nc5iefZhLhRulwmVaFVzlarZL6iThrKp+PLeBwPeVdiwZdbMk0N6Dlt7j3DW
SoLq9aXVaPhqaAGrRUcD3sHnlbbbFzAOpncVZGqLrT159vKnLwdVmoNfvMJEOs8B
y/qqeLiMxlfbmTjrYqX5LE2fVzWNyirU/PxAezXTvxiZ0RGxpExSWraKQTu05Asv
sAnQYxYalCd3v3uwx02sYnbhJdckhTEJdEE=
-----END CERTIFICATE-----

node_path,validator,severity,code,message
certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,

0 comments on commit 338cf9e

Please sign in to comment.