Fix issue extracting email addresses from otherName SAN values. (#52)

digicert · Nov 3, 2023 · f3094fb · f3094fb
1 parent 92b7cb9
commit f3094fb
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 18 deletions.
diff --git a/pkilint/cabf/smime/smime_name.py b/pkilint/cabf/smime/smime_name.py
@@ -456,6 +456,6 @@ def get_email_addresses_from_san(cert_document):
         if name == 'rfc822Name':
             email_addresses.append(value.pdu)
         elif name == 'otherName' and value.navigate('type-id').pdu == rfc8398.id_on_SmtpUTF8Mailbox:
-            email_addresses.append(value.navigate('value').pdu)
+            email_addresses.append(value.navigate('value').child[1].pdu)
 
     return email_addresses
diff --git a/tests/integration_certificate/smime_br/individual/multipurpose/common_name_only.crttest b/tests/integration_certificate/smime_br/individual/multipurpose/common_name_only.crttest
@@ -1,5 +1,5 @@
 -----BEGIN CERTIFICATE-----
-MIIF1DCCA7ygAwIBAgIUeWoVg5UeWvEOdZS+4GFIK+uCmEgwDQYJKoZIhvcNAQEL
+MIIF+zCCA+OgAwIBAgIUeWoVg5UeWvEOdZS+4GFIK+uCmEgwDQYJKoZIhvcNAQEL
 BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0
 ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MjgwMDAwMDBaFw0y
 MzA3MjcyMzU5NTlaMEIxFjAUBgNVBAMMDVlBTUFEQSBIYW5ha28xKDAmBgkqhkiG
@@ -9,33 +9,33 @@ AQUAA4IBDwAwggEKAoIBAQCw+egZQ6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI
 qXmG8UTz0VTWdlAXXmhUs6lSADvAaIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0
 yg+801SXzoFTTa+UGIRLE66jH51aa5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIe
 NWMF32wHqIOOPvQcWV3M5D2vxJEj702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1
-JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKyqGtGAWXAj1MTAgMBAAGjggG6MIIBtjAM
+JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKyqGtGAWXAj1MTAgMBAAGjggHhMIIB3TAM
 BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBTWRAAyfKgN
 /6xPa2buta6bLMU4VDAdBgNVHQ4EFgQUiRlZXg7xafXLvUfhNPzimMxpMJEwFAYD
 VR0gBA0wCzAJBgdngQwBBQQCMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwu
 Y2EuZXhhbXBsZS5jb20vaXNzdWluZ19jYV9jcmwuY3JsMEsGCCsGAQUFBwEBBD8w
 PTA7BggrBgEFBQcwAoYvaHR0cDovL3JlcG9zaXRvcnkuY2EuZXhhbXBsZS5jb20v
-aXNzdWluZ19jYS5kZXIwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMIGU
-BgNVHREEgYwwgYmBGWhhbmFrby55YW1hZGFAZXhhbXBsZS5jb22gKQYKKwYBBAGC
+aXNzdWluZ19jYS5kZXIwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMIG7
+BgNVHREEgbMwgbCBGWhhbmFrby55YW1hZGFAZXhhbXBsZS5jb22gKQYKKwYBBAGC
 NxQCA6AbDBloYW5ha28ueWFtYWRhQGV4YW1wbGUuY29toCYGCCsGAQUFBwgJoBoM
 GOWxseeUsOiKseWtkEBleGFtcGxlLmNvbaQZMBcxFTATBgNVBAMMDOWxseeUsOiK
-seWtkDANBgkqhkiG9w0BAQsFAAOCAgEAhYvgYxtfQpV5Casm9zxWHQ0CFlftr6lb
-nub59zfAQO2zoTUuk43H//r19N13KjqN1APRoihTNzQ9dPB5h1vwkK5nP+j57p3s
-a9vJn7Po9mI1+mrCHQuulP/pqVNOnDcdzLyi4gCHhVx8ospV6B0BNeh8jF4a14pY
-45FMMQTwZxUwq/npg0eseV8HkwYtLLn+17ZdiwpravE6jUwbcFkiBTZUcHUrerc7
-aJt+LptzCHyyUowkMsVC3xvK3XCP4TmtI41ThB6ytDY59BfjIuMxfvRgEs0e8/e/
-NWtzJZUty9BogK/cRXIJy6PeESbgELedzYAKiPTrgfPhl3ymZbeB6ruNKwjwty2D
-jf7wfDa45Z0+0WPAcxiEyk0vhPMUVHCPhv/dlnYF+Jz+tBSdtUaKTBOXiOjgOg5Q
-gtjdxZBH8R5hby+8WRdK3vFsadGTvMWjQnp3i2PRusIEQXTIBw75YV5ZUN0gKpTq
-HvDwVmkYjtLrKgcFr/GDJtH15Omk6uCTML4OS5qhxFW9QMhbTto8KsW0EmSzdiLS
-uVdYeBP6DkA/5CawYv+L0Kw4Sl73sr/hKETTOk952b6Fdl6YeLg9N+wMO0yHZ9TG
-JCZ059L00/6Tp8Ybca7VYd/QLXPQv6F2/szWociXle5xk4BSVy0L6sRGtzOXCI8z
-qGwncex6yVM=
+seWtkKQlMCMxITAfBgNVBAMMGOWxseeUsOiKseWtkEBleGFtcGxlLmNvbTANBgkq
+hkiG9w0BAQsFAAOCAgEAhYvgYxtfQpV5Casm9zxWHQ0CFlftr6lbnub59zfAQO2z
+oTUuk43H//r19N13KjqN1APRoihTNzQ9dPB5h1vwkK5nP+j57p3sa9vJn7Po9mI1
++mrCHQuulP/pqVNOnDcdzLyi4gCHhVx8ospV6B0BNeh8jF4a14pY45FMMQTwZxUw
+q/npg0eseV8HkwYtLLn+17ZdiwpravE6jUwbcFkiBTZUcHUrerc7aJt+LptzCHyy
+UowkMsVC3xvK3XCP4TmtI41ThB6ytDY59BfjIuMxfvRgEs0e8/e/NWtzJZUty9Bo
+gK/cRXIJy6PeESbgELedzYAKiPTrgfPhl3ymZbeB6ruNKwjwty2Djf7wfDa45Z0+
+0WPAcxiEyk0vhPMUVHCPhv/dlnYF+Jz+tBSdtUaKTBOXiOjgOg5QgtjdxZBH8R5h
+by+8WRdK3vFsadGTvMWjQnp3i2PRusIEQXTIBw75YV5ZUN0gKpTqHvDwVmkYjtLr
+KgcFr/GDJtH15Omk6uCTML4OS5qhxFW9QMhbTto8KsW0EmSzdiLSuVdYeBP6DkA/
+5CawYv+L0Kw4Sl73sr/hKETTOk952b6Fdl6YeLg9N+wMO0yHZ9TGJCZ059L00/6T
+p8Ybca7VYd/QLXPQv6F2/szWociXle5xk4BSVy0L6sRGtzOXCI8zqGwncex6yVM=
 -----END CERTIFICATE-----
 node_path,validator,severity,code,message
 certificate.tbsCertificate.subject.rdnSequence,SubscriberSubjectValidator,ERROR,cabf.smime.missing_required_attribute,"Missing one of these required attributes: 2.5.4.4, 2.5.4.42, 2.5.4.65"
 certificate.tbsCertificate.subject.rdnSequence.0.0.value.x520CommonName,CommonNameValidator,ERROR,cabf.smime.common_name_value_unknown_source,"Unknown CN value source: ""YAMADA Hanako"""
 certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
 certificate.tbsCertificate.extensions.8.extnValue.subjectAltName.3.directoryName.rdnSequence,SubscriberSubjectValidator,ERROR,cabf.smime.missing_required_attribute,"Missing one of these required attributes: 2.5.4.4, 2.5.4.42, 2.5.4.65"
 certificate.tbsCertificate.extensions.8.extnValue.subjectAltName.3.directoryName.rdnSequence.0.0.value.x520CommonName,CommonNameValidator,ERROR,cabf.smime.common_name_value_unknown_source,"Unknown CN value source: ""山田花子"""
-
+certificate.tbsCertificate.extensions.8.extnValue.subjectAltName.4.directoryName.rdnSequence,SubscriberSubjectValidator,ERROR,cabf.smime.missing_required_attribute,"Missing one of these required attributes: 2.5.4.4, 2.5.4.42, 2.5.4.65"