qcp-n-qscd: 411-1 policy presence validator

digicert · Oct 29, 2024 · e06fa2d · e06fa2d
1 parent 175a369
commit e06fa2d
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/pkilint/etsi/__init__.py b/pkilint/etsi/__init__.py
@@ -372,6 +372,7 @@ def create_validators(
         certificate_type in etsi_constants.QCP_N_CERTIFICATE_TYPES
         or certificate_type in etsi_constants.CABF_CERTIFICATE_TYPES
     ):
+        extension_validators.append(en_319_411_1.CertificatePoliciesPresenceValidator())
         extension_validators.append(
             en_319_411_1.CertificatePoliciesValidator(certificate_type)
         )

diff --git a/pkilint/etsi/en_319_411_1.py b/pkilint/etsi/en_319_411_1.py
@@ -3,6 +3,21 @@
 from pkilint import validation, oid
 from pkilint.etsi import etsi_constants
 from pkilint.etsi.asn1 import en_319_411_1
+from pkilint.pkix import extension
+
+
+class CertificatePoliciesPresenceValidator(extension.ExtensionPresenceValidator):
+    VALIDATION_CERTIFICATE_POLICIES_EXTENSION_ABSENT = validation.ValidationFinding(
+        validation.ValidationFindingSeverity.ERROR,
+        "etsi.en_319_411_1.OVR-5.3.01.certificate_policies_extension_missing",
+    )
+
+    def __init__(self):
+        super().__init__(
+            extension_oid=rfc5280.id_ce_certificatePolicies,
+            validation=self.VALIDATION_CERTIFICATE_POLICIES_EXTENSION_ABSENT,
+            pdu_class=rfc5280.Extensions,
+        )
 
 
 class CertificatePoliciesValidator(validation.Validator):