Skip to content

Commit

Permalink
Disallow Registration References in GOV and INT orgIDs (#12)
Browse files Browse the repository at this point in the history
  • Loading branch information
CBonnell authored Jun 8, 2023
1 parent 34fed91 commit 4c23773
Show file tree
Hide file tree
Showing 16 changed files with 402 additions and 269 deletions.
2 changes: 1 addition & 1 deletion VERSION.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.8.4
0.8.5
7 changes: 4 additions & 3 deletions pkilint/cabf/cabf_constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,11 @@ class RegistrationSchemeCountryIdentifierType(enum.IntEnum):
class RegistrationSchemeNamingConvention(typing.NamedTuple):
country_identifier_type: RegistrationSchemeCountryIdentifierType
allow_state_province: bool
require_registration_reference: bool


REGISTRATION_SCHEMES = {
'NTR': RegistrationSchemeNamingConvention(RegistrationSchemeCountryIdentifierType.ISO3166, True),
'VAT': RegistrationSchemeNamingConvention(RegistrationSchemeCountryIdentifierType.ISO3166, False),
'PSD': RegistrationSchemeNamingConvention(RegistrationSchemeCountryIdentifierType.ISO3166, False),
'NTR': RegistrationSchemeNamingConvention(RegistrationSchemeCountryIdentifierType.ISO3166, True, True),
'VAT': RegistrationSchemeNamingConvention(RegistrationSchemeCountryIdentifierType.ISO3166, False, True),
'PSD': RegistrationSchemeNamingConvention(RegistrationSchemeCountryIdentifierType.ISO3166, False, True),
}
21 changes: 16 additions & 5 deletions pkilint/cabf/cabf_name.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ def __init__(self):

_ORG_ID_REGEX = re.compile(
r'^(?P<scheme>[A-Z]{3})(?P<country>[a-zA-Z]{2})?(\+(?P<sp>[a-zA-Z0-9]{1,3}))?'
r'-(?P<reference>.+)$'
r'(-(?P<reference>.+))?$'
)


Expand Down Expand Up @@ -85,7 +85,7 @@ class OrganizationIdentifierAttributeValidator(validation.TypeMatchingValidator)
)

def __init__(self, additional_schemes: typing.Optional[
typing.Mapping[str, cabf_constants.RegistrationSchemeNamingConvention]]=None):
typing.Mapping[str, cabf_constants.RegistrationSchemeNamingConvention]] = None):
super().__init__(type_oid=x520_name.id_at_organizationIdentifier,
type_path='type', value_path='value.x520OrganizationIdentifier',
pdu_class=rfc5280.AttributeTypeAndValue,
Expand Down Expand Up @@ -128,6 +128,17 @@ def validate_with_value(self, node, choice_node):
f'Invalid registration scheme: {m["scheme"]}'
)

if scheme_info.require_registration_reference and m['reference'] is None:
raise validation.ValidationFindingEncountered(
self.VALIDATION_ORGANIZATION_ID_INVALID_FORMAT,
f'Missing Registration Reference: {value_node.pdu}'
)
elif not scheme_info.require_registration_reference and m['reference']:
raise validation.ValidationFindingEncountered(
self.VALIDATION_ORGANIZATION_ID_INVALID_FORMAT,
f'Prohibited Registration Reference is present: {value_node.pdu}'
)

country_code = '' if m['country'] is None else m['country'].upper()

if scheme_info.country_identifier_type == cabf_constants.RegistrationSchemeCountryIdentifierType.NONE:
Expand Down Expand Up @@ -202,11 +213,11 @@ def validate(self, node):

return self.validate_with_value(node, domain_name)


class GeneralNameDnsNameInternalDomainNameValidator(InternalDomainNameValidator):
def __init__(self):
super().__init__(predicate=general_name.create_generalname_type_predicate('dNSName'))

def validate_with_value(self, node, value):
if len(value) == 0 and general_name.is_nameconstraints_child_node(node):
return
Expand Down Expand Up @@ -234,7 +245,7 @@ def extract_domain_name(self, node):

def validate_with_value(self, node, value):
if len(value) == 0 and general_name.is_nameconstraints_child_node(node):
return
return
else:
return super().validate_with_value(node, value)

Expand Down
2 changes: 1 addition & 1 deletion pkilint/cabf/servercert/servercert_name.py
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ def validate(self, node):
if m['reference'] != ext_reg_ref:
findings.append(validation.ValidationFindingDescription(
self.VALIDATION_CABF_ORG_ID_MISMATCHED_REFERENCE,
f'Mismatched registration reference: subject: {m["reference"]}'
f'Mismatched Registration Reference: subject: {m["reference"]}'
f', extension: {ext_reg_ref}'
))

Expand Down
6 changes: 3 additions & 3 deletions pkilint/cabf/smime/smime_name.py
Original file line number Diff line number Diff line change
Expand Up @@ -216,15 +216,15 @@ def create_subscriber_certificate_subject_validator_container(
OrganizationIdentifierAttributeValidator({
'LEI': cabf_constants.RegistrationSchemeNamingConvention(
cabf_constants.RegistrationSchemeCountryIdentifierType.XG,
False
False, True
),
'GOV': cabf_constants.RegistrationSchemeNamingConvention(
cabf_constants.RegistrationSchemeCountryIdentifierType.ISO3166,
True
True, False
),
'INT': cabf_constants.RegistrationSchemeNamingConvention(
cabf_constants.RegistrationSchemeCountryIdentifierType.XG,
False
False, False
)
}),
OrganizationIdentifierLeiValidator(),
Expand Down
Original file line number Diff line number Diff line change
@@ -1,38 +1,38 @@
-----BEGIN CERTIFICATE-----
MIIGSTCCBDGgAwIBAgIUT0nGRo909AMp7EmYVoILmgwKMsQwDQYJKoZIhvcNAQEL
MIIGRTCCBC2gAwIBAgIUT0nGRo909AMp7EmYVoILmgwKMsQwDQYJKoZIhvcNAQEL
BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0
ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MjgwMDAwMDBaFw0y
MzA3MjcyMzU5NTlaMF4xEjAQBgNVBGETCUdPVlhHLTEyMzEeMBwGA1UEChMVQWNt
ZSBJbmR1c3RyaWVzLCBMdGQuMSgwJgYJKoZIhvcNAQkBFhloYW5ha28ueWFtYWRh
QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPno
GUOnrpiSqt4XynxA+HRP7S+BSObI6qJ7fQAVSPtRkqsotWxQYLEYzNEx5ZSHTGyp
ibVsJylvCfuToDTfMul8b/CZjP2Ob0LdpYrNH6l5hvFE89FU1nZQF15oVLOpUgA7
wGiHuEVawrGfey92UE68mOyUVXGweJIVDdxqdMoPvNNUl86BU02vlBiESxOuox+d
WmuVV7vfYZ79Toh/LUK43YvJh+rhv4nKuF7iHjVjBd9sB6iDjj70HFldzOQ9r8SR
I+9NirupPTkF5AKNe6kUhKJ1luB7S27ZkvB3tSTT3P593VVJvnzOjaA1z6Cz+4+e
RvcysqhrRgFlwI9TEwIDAQABo4ICEzCCAg8wDAYDVR0TAQH/BAIwADAOBgNVHQ8B
Af8EBAMCB4AwHwYDVR0jBBgwFoAU1kQAMnyoDf+sT2tm7rWumyzFOFQwHQYDVR0O
BBYEFIkZWV4O8Wn1y71H4TT84pjMaTCRMBQGA1UdIAQNMAswCQYHZ4EMAQUCAjA9
BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3JsLmNhLmV4YW1wbGUuY29tL2lzc3Vp
bmdfY2FfY3JsLmNybDBLBggrBgEFBQcBAQQ/MD0wOwYIKwYBBQUHMAKGL2h0dHA6
Ly9yZXBvc2l0b3J5LmNhLmV4YW1wbGUuY29tL2lzc3VpbmdfY2EuZGVyMB0GA1Ud
JQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjCByAYDVR0RBIHAMIG9gRloYW5ha28u
eWFtYWRhQGV4YW1wbGUuY29toCkGCisGAQQBgjcUAgOgGwwZaGFuYWtvLnlhbWFk
YUBleGFtcGxlLmNvbaAmBggrBgEFBQcICaAaDBjlsbHnlLDoirHlrZBAZXhhbXBs
ZS5jb22kTTBLMSMwIQYDVQRhExpMRUlYRy1BRVlFMDBFS1hFU1ZaVVVFQlA2NzEk
MCIGA1UECgwb44Ki44Kv44Of5bel5qWt5qCq5byP5Lya56S+MCMGCSsGAQQBg5gq
AQQWExRBRVlFMDBFS1hFU1ZaVVVFQlA2NzANBgkqhkiG9w0BAQsFAAOCAgEAALJ+
FR219frGJUfrL8xWFfRuFCnLdyzM78Ey0qJqZES199XlYozXhMzCUKYN/zbmery9
0uWNyuJtYGJYl0lhfzBxMmMHk88gCDkLyj8h4a+r2NiQsiN2bXXp1t5CStQeoalj
ZL9r2IIERGB+MigR1Rz7g1ECvVo7+llr3/EwqV9aa88OtnmQoroSlk86hTGjdEUu
ixhR2T+/VMEpdlxmimg88E8afa05yc+GBGnxhyk2zk+nbusC1TrEnMsF2zIaMGlH
jMP/v3Gsl1VucFutU06xhItWmWYcHeVr0wLO/gMDdSbIUgsxobvWynh52D4D1gJs
Hpnelc5EyGCxhLp7X9tjIy7pSXQAA9fy63cdSk6xbpYtlCU/S0PGm+gMMKAydAun
L2WgqEwpFB0TwuE+obw3jJI2eO15YFJU5qEt5eNM2H7KzO0R5lZE0wnbmhgggYGr
c6SFsVzgCocwHOtG9hETci6imtbQ8XoiY86KLUaxYcR4ilXoFj3yhKy8qP7LHdg+
sI3/2sIVkoohmnIEidKmO4lhGqavh8bSVLy00PiebItEVoD4hgMtrcl3c8yM7C/c
pXtmlRvk49RnJJiSPnSS+34I2DKmhS7ZCqHRPyUdE6ebULW+ZCNc3vG4yleapzJQ
iFdUbWgLm8XfBNHSAWs3NvdzV/MqQUERWI3VEdQ=
MzA3MjcyMzU5NTlaMFoxDjAMBgNVBGETBUdPVlhHMR4wHAYDVQQKExVBY21lIElu
ZHVzdHJpZXMsIEx0ZC4xKDAmBgkqhkiG9w0BCQEWGWhhbmFrby55YW1hZGFAZXhh
bXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+egZQ6eu
mJKq3hfKfED4dE/tL4FI5sjqont9ABVI+1GSqyi1bFBgsRjM0THllIdMbKmJtWwn
KW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0fqXmG8UTz0VTWdlAXXmhUs6lSADvAaIe4
RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0yg+801SXzoFTTa+UGIRLE66jH51aa5VX
u99hnv1OiH8tQrjdi8mH6uG/icq4XuIeNWMF32wHqIOOPvQcWV3M5D2vxJEj702K
u6k9OQXkAo17qRSEonWW4HtLbtmS8He1JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKy
qGtGAWXAj1MTAgMBAAGjggITMIICDzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
AwIHgDAfBgNVHSMEGDAWgBTWRAAyfKgN/6xPa2buta6bLMU4VDAdBgNVHQ4EFgQU
iRlZXg7xafXLvUfhNPzimMxpMJEwFAYDVR0gBA0wCzAJBgdngQwBBQICMD0GA1Ud
HwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuY2EuZXhhbXBsZS5jb20vaXNzdWluZ19j
YV9jcmwuY3JsMEsGCCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAoYvaHR0cDovL3Jl
cG9zaXRvcnkuY2EuZXhhbXBsZS5jb20vaXNzdWluZ19jYS5kZXIwHQYDVR0lBBYw
FAYIKwYBBQUHAwQGCCsGAQUFBwMCMIHIBgNVHREEgcAwgb2BGWhhbmFrby55YW1h
ZGFAZXhhbXBsZS5jb22gKQYKKwYBBAGCNxQCA6AbDBloYW5ha28ueWFtYWRhQGV4
YW1wbGUuY29toCYGCCsGAQUFBwgJoBoMGOWxseeUsOiKseWtkEBleGFtcGxlLmNv
baRNMEsxIzAhBgNVBGETGkxFSVhHLUFFWUUwMEVLWEVTVlpVVUVCUDY3MSQwIgYD
VQQKDBvjgqLjgq/jg5/lt6Xmpa3moKrlvI/kvJrnpL4wIwYJKwYBBAGDmCoBBBYT
FEFFWUUwMEVLWEVTVlpVVUVCUDY3MA0GCSqGSIb3DQEBCwUAA4ICAQAAsn4VHbX1
+sYlR+svzFYV9G4UKct3LMzvwTLSompkRLX31eVijNeEzMJQpg3/NuZ6vL3S5Y3K
4m1gYliXSWF/MHEyYweTzyAIOQvKPyHhr6vY2JCyI3ZtdenW3kJK1B6hqWNkv2vY
ggREYH4yKBHVHPuDUQK9Wjv6WWvf8TCpX1przw62eZCiuhKWTzqFMaN0RS6LGFHZ
P79UwSl2XGaKaDzwTxp9rTnJz4YEafGHKTbOT6du6wLVOsScywXbMhowaUeMw/+/
cayXVW5wW61TTrGEi1aZZhwd5WvTAs7+AwN1JshSCzGhu9bKeHnYPgPWAmwemd6V
zkTIYLGEuntf22MjLulJdAAD1/Lrdx1KTrFuli2UJT9LQ8ab6AwwoDJ0C6cvZaCo
TCkUHRPC4T6hvDeMkjZ47XlgUlTmoS3l40zYfsrM7RHmVkTTCduaGCCBgatzpIWx
XOAKhzAc60b2ERNyLqKa1tDxeiJjzootRrFhxHiKVegWPfKErLyo/ssd2D6wjf/a
whWSiiGacgSJ0qY7iWEapq+HxtJUvLTQ+J5si0RWgPiGAy2tyXdzzIzsL9yle2aV
G+Tj1GckmJI+dJL7fgjYMqaFLtkKodE/JR0Tp5tQtb5kI1ze8bjKV5qnMlCIV1Rt
aAubxd8E0dIBazc293NX8ypBQRFYjdUR1A==
-----END CERTIFICATE-----
node_path,validator,severity,code,message
certificate.tbsCertificate.subject.rdnSequence.0.0,OrganizationIdentifierAttributeValidator,ERROR,cabf.invalid_subject_organization_identifier_country,"Invalid country code for scheme ""GOV"": XG"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,38 +1,38 @@
-----BEGIN CERTIFICATE-----
MIIGRzCCBC+gAwIBAgIUT0nGRo909AMp7EmYVoILmgwKMsQwDQYJKoZIhvcNAQEL
MIIGQzCCBCugAwIBAgIUT0nGRo909AMp7EmYVoILmgwKMsQwDQYJKoZIhvcNAQEL
BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0
ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MjgwMDAwMDBaFw0y
MzA3MjcyMzU5NTlaMFwxEDAOBgNVBGETB0dPVi0xMjMxHjAcBgNVBAoTFUFjbWUg
SW5kdXN0cmllcywgTHRkLjEoMCYGCSqGSIb3DQEJARYZaGFuYWtvLnlhbWFkYUBl
eGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALD56BlD
p66YkqreF8p8QPh0T+0vgUjmyOqie30AFUj7UZKrKLVsUGCxGMzRMeWUh0xsqYm1
bCcpbwn7k6A03zLpfG/wmYz9jm9C3aWKzR+peYbxRPPRVNZ2UBdeaFSzqVIAO8Bo
h7hFWsKxn3svdlBOvJjslFVxsHiSFQ3canTKD7zTVJfOgVNNr5QYhEsTrqMfnVpr
lVe732Ge/U6Ify1CuN2LyYfq4b+Jyrhe4h41YwXfbAeog44+9BxZXczkPa/EkSPv
TYq7qT05BeQCjXupFISidZbge0tu2ZLwd7Uk09z+fd1VSb58zo2gNc+gs/uPnkb3
MrKoa0YBZcCPUxMCAwEAAaOCAhMwggIPMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/
BAQDAgeAMB8GA1UdIwQYMBaAFNZEADJ8qA3/rE9rZu61rpssxThUMB0GA1UdDgQW
BBSJGVleDvFp9cu9R+E0/OKYzGkwkTAUBgNVHSAEDTALMAkGB2eBDAEFAgIwPQYD
VR0fBDYwNDAyoDCgLoYsaHR0cDovL2NybC5jYS5leGFtcGxlLmNvbS9pc3N1aW5n
X2NhX2NybC5jcmwwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8v
cmVwb3NpdG9yeS5jYS5leGFtcGxlLmNvbS9pc3N1aW5nX2NhLmRlcjAdBgNVHSUE
FjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwgcgGA1UdEQSBwDCBvYEZaGFuYWtvLnlh
bWFkYUBleGFtcGxlLmNvbaApBgorBgEEAYI3FAIDoBsMGWhhbmFrby55YW1hZGFA
ZXhhbXBsZS5jb22gJgYIKwYBBQUHCAmgGgwY5bGx55Sw6Iqx5a2QQGV4YW1wbGUu
Y29tpE0wSzEjMCEGA1UEYRMaTEVJWEctQUVZRTAwRUtYRVNWWlVVRUJQNjcxJDAi
BgNVBAoMG+OCouOCr+ODn+W3pealreagquW8j+S8muekvjAjBgkrBgEEAYOYKgEE
FhMUQUVZRTAwRUtYRVNWWlVVRUJQNjcwDQYJKoZIhvcNAQELBQADggIBAACyfhUd
tfX6xiVH6y/MVhX0bhQpy3cszO/BMtKiamREtffV5WKM14TMwlCmDf825nq8vdLl
jcribWBiWJdJYX8wcTJjB5PPIAg5C8o/IeGvq9jYkLIjdm116dbeQkrUHqGpY2S/
a9iCBERgfjIoEdUc+4NRAr1aO/pZa9/xMKlfWmvPDrZ5kKK6EpZPOoUxo3RFLosY
Udk/v1TBKXZcZopoPPBPGn2tOcnPhgRp8YcpNs5Pp27rAtU6xJzLBdsyGjBpR4zD
/79xrJdVbnBbrVNOsYSLVplmHB3la9MCzv4DA3UmyFILMaG71sp4edg+A9YCbB6Z
3pXORMhgsYS6e1/bYyMu6Ul0AAPX8ut3HUpOsW6WLZQlP0tDxpvoDDCgMnQLpy9l
oKhMKRQdE8LhPqG8N4ySNnjteWBSVOahLeXjTNh+ysztEeZWRNMJ25oYIIGBq3Ok
hbFc4AqHMBzrRvYRE3IuoprW0PF6ImPOii1GsWHEeIpV6BY98oSsvKj+yx3YPrCN
/9rCFZKKIZpyBInSpjuJYRqmr4fG0lS8tND4nmyLRFaA+IYDLa3Jd3PMjOwv3KV7
ZpUb5OPUZySYkj50kvt+CNgypoUu2Qqh0T8lHROnm1C1vmQjXN7xuMpXmqcyUIhX
VG1oC5vF3wTR0gFrNzb3c1fzKkFBEViN1RHU
MzA3MjcyMzU5NTlaMFgxDDAKBgNVBGETA0dPVjEeMBwGA1UEChMVQWNtZSBJbmR1
c3RyaWVzLCBMdGQuMSgwJgYJKoZIhvcNAQkBFhloYW5ha28ueWFtYWRhQGV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPnoGUOnrpiS
qt4XynxA+HRP7S+BSObI6qJ7fQAVSPtRkqsotWxQYLEYzNEx5ZSHTGypibVsJylv
CfuToDTfMul8b/CZjP2Ob0LdpYrNH6l5hvFE89FU1nZQF15oVLOpUgA7wGiHuEVa
wrGfey92UE68mOyUVXGweJIVDdxqdMoPvNNUl86BU02vlBiESxOuox+dWmuVV7vf
YZ79Toh/LUK43YvJh+rhv4nKuF7iHjVjBd9sB6iDjj70HFldzOQ9r8SRI+9Nirup
PTkF5AKNe6kUhKJ1luB7S27ZkvB3tSTT3P593VVJvnzOjaA1z6Cz+4+eRvcysqhr
RgFlwI9TEwIDAQABo4ICEzCCAg8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMC
B4AwHwYDVR0jBBgwFoAU1kQAMnyoDf+sT2tm7rWumyzFOFQwHQYDVR0OBBYEFIkZ
WV4O8Wn1y71H4TT84pjMaTCRMBQGA1UdIAQNMAswCQYHZ4EMAQUCAjA9BgNVHR8E
NjA0MDKgMKAuhixodHRwOi8vY3JsLmNhLmV4YW1wbGUuY29tL2lzc3VpbmdfY2Ff
Y3JsLmNybDBLBggrBgEFBQcBAQQ/MD0wOwYIKwYBBQUHMAKGL2h0dHA6Ly9yZXBv
c2l0b3J5LmNhLmV4YW1wbGUuY29tL2lzc3VpbmdfY2EuZGVyMB0GA1UdJQQWMBQG
CCsGAQUFBwMEBggrBgEFBQcDAjCByAYDVR0RBIHAMIG9gRloYW5ha28ueWFtYWRh
QGV4YW1wbGUuY29toCkGCisGAQQBgjcUAgOgGwwZaGFuYWtvLnlhbWFkYUBleGFt
cGxlLmNvbaAmBggrBgEFBQcICaAaDBjlsbHnlLDoirHlrZBAZXhhbXBsZS5jb22k
TTBLMSMwIQYDVQRhExpMRUlYRy1BRVlFMDBFS1hFU1ZaVVVFQlA2NzEkMCIGA1UE
Cgwb44Ki44Kv44Of5bel5qWt5qCq5byP5Lya56S+MCMGCSsGAQQBg5gqAQQWExRB
RVlFMDBFS1hFU1ZaVVVFQlA2NzANBgkqhkiG9w0BAQsFAAOCAgEAALJ+FR219frG
JUfrL8xWFfRuFCnLdyzM78Ey0qJqZES199XlYozXhMzCUKYN/zbmery90uWNyuJt
YGJYl0lhfzBxMmMHk88gCDkLyj8h4a+r2NiQsiN2bXXp1t5CStQeoaljZL9r2IIE
RGB+MigR1Rz7g1ECvVo7+llr3/EwqV9aa88OtnmQoroSlk86hTGjdEUuixhR2T+/
VMEpdlxmimg88E8afa05yc+GBGnxhyk2zk+nbusC1TrEnMsF2zIaMGlHjMP/v3Gs
l1VucFutU06xhItWmWYcHeVr0wLO/gMDdSbIUgsxobvWynh52D4D1gJsHpnelc5E
yGCxhLp7X9tjIy7pSXQAA9fy63cdSk6xbpYtlCU/S0PGm+gMMKAydAunL2WgqEwp
FB0TwuE+obw3jJI2eO15YFJU5qEt5eNM2H7KzO0R5lZE0wnbmhgggYGrc6SFsVzg
CocwHOtG9hETci6imtbQ8XoiY86KLUaxYcR4ilXoFj3yhKy8qP7LHdg+sI3/2sIV
koohmnIEidKmO4lhGqavh8bSVLy00PiebItEVoD4hgMtrcl3c8yM7C/cpXtmlRvk
49RnJJiSPnSS+34I2DKmhS7ZCqHRPyUdE6ebULW+ZCNc3vG4yleapzJQiFdUbWgL
m8XfBNHSAWs3NvdzV/MqQUERWI3VEdQ=
-----END CERTIFICATE-----
node_path,validator,severity,code,message
certificate.tbsCertificate.subject.rdnSequence.0.0,OrganizationIdentifierAttributeValidator,ERROR,cabf.invalid_subject_organization_identifier_country,"Invalid country code for scheme ""GOV"": "
Expand Down
Original file line number Diff line number Diff line change
@@ -1,38 +1,38 @@
-----BEGIN CERTIFICATE-----
MIIGTDCCBDSgAwIBAgIUT0nGRo909AMp7EmYVoILmgwKMsQwDQYJKoZIhvcNAQEL
MIIGSDCCBDCgAwIBAgIUT0nGRo909AMp7EmYVoILmgwKMsQwDQYJKoZIhvcNAQEL
BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0
ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MjgwMDAwMDBaFw0y
MzA3MjcyMzU5NTlaMGExFTATBgNVBGETDEdPVlVTK1BBLTEyMzEeMBwGA1UEChMV
QWNtZSBJbmR1c3RyaWVzLCBMdGQuMSgwJgYJKoZIhvcNAQkBFhloYW5ha28ueWFt
YWRhQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
sPnoGUOnrpiSqt4XynxA+HRP7S+BSObI6qJ7fQAVSPtRkqsotWxQYLEYzNEx5ZSH
TGypibVsJylvCfuToDTfMul8b/CZjP2Ob0LdpYrNH6l5hvFE89FU1nZQF15oVLOp
UgA7wGiHuEVawrGfey92UE68mOyUVXGweJIVDdxqdMoPvNNUl86BU02vlBiESxOu
ox+dWmuVV7vfYZ79Toh/LUK43YvJh+rhv4nKuF7iHjVjBd9sB6iDjj70HFldzOQ9
r8SRI+9NirupPTkF5AKNe6kUhKJ1luB7S27ZkvB3tSTT3P593VVJvnzOjaA1z6Cz
+4+eRvcysqhrRgFlwI9TEwIDAQABo4ICEzCCAg8wDAYDVR0TAQH/BAIwADAOBgNV
HQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU1kQAMnyoDf+sT2tm7rWumyzFOFQwHQYD
VR0OBBYEFIkZWV4O8Wn1y71H4TT84pjMaTCRMBQGA1UdIAQNMAswCQYHZ4EMAQUC
AjA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3JsLmNhLmV4YW1wbGUuY29tL2lz
c3VpbmdfY2FfY3JsLmNybDBLBggrBgEFBQcBAQQ/MD0wOwYIKwYBBQUHMAKGL2h0
dHA6Ly9yZXBvc2l0b3J5LmNhLmV4YW1wbGUuY29tL2lzc3VpbmdfY2EuZGVyMB0G
A1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjCByAYDVR0RBIHAMIG9gRloYW5h
a28ueWFtYWRhQGV4YW1wbGUuY29toCkGCisGAQQBgjcUAgOgGwwZaGFuYWtvLnlh
bWFkYUBleGFtcGxlLmNvbaAmBggrBgEFBQcICaAaDBjlsbHnlLDoirHlrZBAZXhh
bXBsZS5jb22kTTBLMSMwIQYDVQRhExpMRUlYRy1BRVlFMDBFS1hFU1ZaVVVFQlA2
NzEkMCIGA1UECgwb44Ki44Kv44Of5bel5qWt5qCq5byP5Lya56S+MCMGCSsGAQQB
g5gqAQQWExRBRVlFMDBFS1hFU1ZaVVVFQlA2NzANBgkqhkiG9w0BAQsFAAOCAgEA
ALJ+FR219frGJUfrL8xWFfRuFCnLdyzM78Ey0qJqZES199XlYozXhMzCUKYN/zbm
ery90uWNyuJtYGJYl0lhfzBxMmMHk88gCDkLyj8h4a+r2NiQsiN2bXXp1t5CStQe
oaljZL9r2IIERGB+MigR1Rz7g1ECvVo7+llr3/EwqV9aa88OtnmQoroSlk86hTGj
dEUuixhR2T+/VMEpdlxmimg88E8afa05yc+GBGnxhyk2zk+nbusC1TrEnMsF2zIa
MGlHjMP/v3Gsl1VucFutU06xhItWmWYcHeVr0wLO/gMDdSbIUgsxobvWynh52D4D
1gJsHpnelc5EyGCxhLp7X9tjIy7pSXQAA9fy63cdSk6xbpYtlCU/S0PGm+gMMKAy
dAunL2WgqEwpFB0TwuE+obw3jJI2eO15YFJU5qEt5eNM2H7KzO0R5lZE0wnbmhgg
gYGrc6SFsVzgCocwHOtG9hETci6imtbQ8XoiY86KLUaxYcR4ilXoFj3yhKy8qP7L
Hdg+sI3/2sIVkoohmnIEidKmO4lhGqavh8bSVLy00PiebItEVoD4hgMtrcl3c8yM
7C/cpXtmlRvk49RnJJiSPnSS+34I2DKmhS7ZCqHRPyUdE6ebULW+ZCNc3vG4ylea
pzJQiFdUbWgLm8XfBNHSAWs3NvdzV/MqQUERWI3VEdQ=
MzA3MjcyMzU5NTlaMF0xETAPBgNVBGETCEdPVlVTK1BBMR4wHAYDVQQKExVBY21l
IEluZHVzdHJpZXMsIEx0ZC4xKDAmBgkqhkiG9w0BCQEWGWhhbmFrby55YW1hZGFA
ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+egZ
Q6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI+1GSqyi1bFBgsRjM0THllIdMbKmJ
tWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0fqXmG8UTz0VTWdlAXXmhUs6lSADvA
aIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0yg+801SXzoFTTa+UGIRLE66jH51a
a5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIeNWMF32wHqIOOPvQcWV3M5D2vxJEj
702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1JNPc/n3dVUm+fM6NoDXPoLP7j55G
9zKyqGtGAWXAj1MTAgMBAAGjggITMIICDzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
/wQEAwIHgDAfBgNVHSMEGDAWgBTWRAAyfKgN/6xPa2buta6bLMU4VDAdBgNVHQ4E
FgQUiRlZXg7xafXLvUfhNPzimMxpMJEwFAYDVR0gBA0wCzAJBgdngQwBBQICMD0G
A1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuY2EuZXhhbXBsZS5jb20vaXNzdWlu
Z19jYV9jcmwuY3JsMEsGCCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAoYvaHR0cDov
L3JlcG9zaXRvcnkuY2EuZXhhbXBsZS5jb20vaXNzdWluZ19jYS5kZXIwHQYDVR0l
BBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMIHIBgNVHREEgcAwgb2BGWhhbmFrby55
YW1hZGFAZXhhbXBsZS5jb22gKQYKKwYBBAGCNxQCA6AbDBloYW5ha28ueWFtYWRh
QGV4YW1wbGUuY29toCYGCCsGAQUFBwgJoBoMGOWxseeUsOiKseWtkEBleGFtcGxl
LmNvbaRNMEsxIzAhBgNVBGETGkxFSVhHLUFFWUUwMEVLWEVTVlpVVUVCUDY3MSQw
IgYDVQQKDBvjgqLjgq/jg5/lt6Xmpa3moKrlvI/kvJrnpL4wIwYJKwYBBAGDmCoB
BBYTFEFFWUUwMEVLWEVTVlpVVUVCUDY3MA0GCSqGSIb3DQEBCwUAA4ICAQAAsn4V
HbX1+sYlR+svzFYV9G4UKct3LMzvwTLSompkRLX31eVijNeEzMJQpg3/NuZ6vL3S
5Y3K4m1gYliXSWF/MHEyYweTzyAIOQvKPyHhr6vY2JCyI3ZtdenW3kJK1B6hqWNk
v2vYggREYH4yKBHVHPuDUQK9Wjv6WWvf8TCpX1przw62eZCiuhKWTzqFMaN0RS6L
GFHZP79UwSl2XGaKaDzwTxp9rTnJz4YEafGHKTbOT6du6wLVOsScywXbMhowaUeM
w/+/cayXVW5wW61TTrGEi1aZZhwd5WvTAs7+AwN1JshSCzGhu9bKeHnYPgPWAmwe
md6VzkTIYLGEuntf22MjLulJdAAD1/Lrdx1KTrFuli2UJT9LQ8ab6AwwoDJ0C6cv
ZaCoTCkUHRPC4T6hvDeMkjZ47XlgUlTmoS3l40zYfsrM7RHmVkTTCduaGCCBgatz
pIWxXOAKhzAc60b2ERNyLqKa1tDxeiJjzootRrFhxHiKVegWPfKErLyo/ssd2D6w
jf/awhWSiiGacgSJ0qY7iWEapq+HxtJUvLTQ+J5si0RWgPiGAy2tyXdzzIzsL9yl
e2aVG+Tj1GckmJI+dJL7fgjYMqaFLtkKodE/JR0Tp5tQtb5kI1ze8bjKV5qnMlCI
V1RtaAubxd8E0dIBazc293NX8ypBQRFYjdUR1A==
-----END CERTIFICATE-----
node_path,validator,severity,code,message
certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
Expand Down
Loading

0 comments on commit 4c23773

Please sign in to comment.