diff --git a/pkilint/common/__init__.py b/pkilint/common/__init__.py index 83bcd47..6b4d390 100644 --- a/pkilint/common/__init__.py +++ b/pkilint/common/__init__.py @@ -320,6 +320,7 @@ def __init__( attribute_allowances, finding_code_classifier: str, unknown_attribute_allowance: Rfc2119Word, + path: str = "certificate.tbsCertificate.subject.rdnSequence", ): unexpected_attribute_finding = ( None @@ -339,5 +340,5 @@ def __init__( finding_code_classifier + ".{oid}_attribute_present", finding_code_classifier + ".{oid}_attribute_absent", unexpected_attribute_finding, - path="certificate.tbsCertificate.subject.rdnSequence", + path=path, ) diff --git a/pkilint/etsi/__init__.py b/pkilint/etsi/__init__.py index 148b1e2..06a0d04 100644 --- a/pkilint/etsi/__init__.py +++ b/pkilint/etsi/__init__.py @@ -245,6 +245,8 @@ def create_validators( if additional_name_validators: subject_validators.extend(additional_name_validators) + issuer_validators = [] + qc_statement_validators = [ ts_119_495.RolesOfPspValidator(), ts_119_495.NCANameLatinCharactersValidator(), @@ -292,6 +294,9 @@ def create_validators( if additional_top_level_validators: top_level_validators.extend(additional_top_level_validators) + if certificate_type in etsi_constants.EU: + extension_validators.append(en_319_412_5.QcStatementPresenceValidator()) + if ( certificate_type in etsi_constants.LEGAL_PERSON_CERTIFICATE_TYPES and certificate_type not in etsi_constants.CABF_CERTIFICATE_TYPES @@ -312,6 +317,16 @@ def create_validators( en_319_412_2.NaturalPersonSubjectAttributeAllowanceValidator() ) + if certificate_type in etsi_constants.EU: + issuer_validators.extend( + [ + en_319_412_2.LegalPersonIssuerCountryCodeValidator(), + en_319_412_2.LegalPersonIssuerOrganizationAttributesEqualityValidator(), + en_319_412_2.LegalPersonIssuerDuplicateAttributeAllowanceValidator(), + en_319_412_2.LegalPersonIssuerAttributeAllowanceValidator(), + ] + ) + if certificate_type not in etsi_constants.CABF_CERTIFICATE_TYPES: extension_validators.extend( [ @@ -349,11 +364,18 @@ def create_validators( ) ) elif certificate_type in etsi_constants.NATURAL_PERSON_CERTIFICATE_TYPES: - extension_validators.append( - en_319_412_2.NaturalPersonKeyUsageValidator( - is_content_commitment_type=None + if certificate_type in etsi_constants.QCP_N_CERTIFICATE_TYPES: + extension_validators.append( + en_319_412_2.NaturalPersonKeyUsageValidator( + is_content_commitment_type=True + ) + ) + else: + extension_validators.append( + en_319_412_2.NaturalPersonKeyUsageValidator( + is_content_commitment_type=None + ) ) - ) if certificate_type in etsi_constants.QEVCP_W_PSD2_EIDAS_CERTIFICATE_TYPES: qc_statement_validators.append(ts_119_495.PresenceofQCEUPDSStatementValidator()) @@ -407,7 +429,7 @@ def create_validators( ) return [ - certificate.create_issuer_validator_container([]), + certificate.create_issuer_validator_container(issuer_validators), certificate.create_validity_validator_container( additional_validity_validators ), diff --git a/pkilint/etsi/en_319_412_2.py b/pkilint/etsi/en_319_412_2.py index 9e37b29..82ed892 100644 --- a/pkilint/etsi/en_319_412_2.py +++ b/pkilint/etsi/en_319_412_2.py @@ -3,10 +3,10 @@ from pyasn1.type import univ from pyasn1_alt_modules import rfc5280, rfc3739 -import pkilint.etsi.asn1.en_319_411_2 +import pkilint.etsi.en_319_412_3 from pkilint import validation, oid, document, common -from pkilint.etsi import asn1 as etsi_asn1, etsi_shared from pkilint.etsi import etsi_constants +from pkilint.etsi import etsi_shared from pkilint.etsi.asn1 import en_319_411_2 from pkilint.pkix import extension, name, Rfc2119Word from pkilint.pkix.general_name import GeneralNameTypeName @@ -463,6 +463,10 @@ class QualifiedCertificatePoliciesValidator(validation.Validator): etsi_constants.QNCP_W_GEN_NP_EIDAS_CERTIFICATE_TYPES, en_319_411_2.id_qncp_web_gen, ), + ( + etsi_constants.QCP_N_QSCD_CERTIFICATE_TYPES, + en_319_411_2.id_qcp_natural_qscd, + ), ] def __init__(self, certificate_type: etsi_constants.CertificateType): @@ -561,3 +565,62 @@ class ExtensionsPresenceValidator(common.ExtensionsPresenceValidator): def __init__(self): super().__init__(self.VALIDATION_EXTENSIONS_FIELD_ABSENT) + + +_LEGAL_PERSON_REQUIRED_ATTRIBUTES = { + rfc5280.id_at_countryName, + rfc5280.id_at_organizationName, + rfc5280.id_at_commonName, +} + + +class LegalPersonIssuerAttributeAllowanceValidator( + etsi_shared.LegalPersonAttributeAllowanceValidator +): + _CODE_CLASSIFIER = "etsi.en_319_412_2.gen-4.2.3.1-2" + + def __init__(self): + super().__init__( + self._CODE_CLASSIFIER, + _LEGAL_PERSON_REQUIRED_ATTRIBUTES, + "certificate.tbsCertificate.issuer.rdnSequence", + ) + + +class LegalPersonIssuerDuplicateAttributeAllowanceValidator( + etsi_shared.LegalPersonDuplicateAttributeAllowanceValidator +): + VALIDATION_PROHIBITED_DUPLICATE_ATTRIBUTE_PRESENT = validation.ValidationFinding( + validation.ValidationFindingSeverity.ERROR, + "etsi.en_319_412_2.gen-4.2.3.1-5.prohibited_duplicate_attribute_present", + ) + + def __init__(self): + super().__init__( + self.VALIDATION_PROHIBITED_DUPLICATE_ATTRIBUTE_PRESENT, + _LEGAL_PERSON_REQUIRED_ATTRIBUTES, + ) + + +class LegalPersonIssuerOrganizationAttributesEqualityValidator( + etsi_shared.LegalPersonOrganizationAttributesEqualityValidator +): + VALIDATION_ORGID_ORGNAME_ATTRIBUTE_VALUES_EQUAL = validation.ValidationFinding( + validation.ValidationFindingSeverity.ERROR, + "etsi.en_319_412_2.gen-4.2.3.1-3.organization_id_and_organization_name_attribute_values_equal", + ) + + def __init__(self): + super().__init__(self.VALIDATION_ORGID_ORGNAME_ATTRIBUTE_VALUES_EQUAL) + + +class LegalPersonIssuerCountryCodeValidator( + etsi_shared.LegalPersonCountryCodeValidator +): + VALIDATION_UNKNOWN_COUNTRY_CODE = validation.ValidationFinding( + validation.ValidationFindingSeverity.NOTICE, + "etsi.en_319_412_2.gen-4.2.3.1-6.unknown_country_code", + ) + + def __init__(self): + super().__init__(self.VALIDATION_UNKNOWN_COUNTRY_CODE) diff --git a/pkilint/etsi/en_319_412_3.py b/pkilint/etsi/en_319_412_3.py index 4630668..81d677b 100644 --- a/pkilint/etsi/en_319_412_3.py +++ b/pkilint/etsi/en_319_412_3.py @@ -1,13 +1,10 @@ from pyasn1_alt_modules import rfc5280 -from pkilint import common from pkilint import validation -from pkilint.common import organization_id from pkilint.etsi import etsi_shared -from pkilint.itu import x520_name, asn1_util -from pkilint.pkix import Rfc2119Word, name +from pkilint.itu import x520_name -_REQUIRED_ATTRIBUTES = { +_LEGAL_PERSON_REQUIRED_ATTRIBUTES = { rfc5280.id_at_countryName, rfc5280.id_at_organizationName, x520_name.id_at_organizationIdentifier, @@ -16,7 +13,7 @@ class LegalPersonSubjectAttributeAllowanceValidator( - common.AttributeIdentifierAllowanceValidator + etsi_shared.LegalPersonAttributeAllowanceValidator ): """ LEG-4.2.1-2: The subject field shall include at least the following attributes as specified in Recommendation @@ -25,15 +22,17 @@ class LegalPersonSubjectAttributeAllowanceValidator( _CODE_CLASSIFIER = "etsi.en_319_412_3.leg-4.2.1-2" - _ATTRIBUTE_ALLOWANCES = {a: Rfc2119Word.MUST for a in _REQUIRED_ATTRIBUTES} - def __init__(self): super().__init__( - self._ATTRIBUTE_ALLOWANCES, self._CODE_CLASSIFIER, Rfc2119Word.MAY + self._CODE_CLASSIFIER, + _LEGAL_PERSON_REQUIRED_ATTRIBUTES, + "certificate.tbsCertificate.subject.rdnSequence", ) -class LegalPersonDuplicateAttributeAllowanceValidator(validation.Validator): +class LegalPersonDuplicateAttributeAllowanceValidator( + etsi_shared.LegalPersonDuplicateAttributeAllowanceValidator +): """ LEG-4.2.1-3: Only one instance of each of these attributes shall be present. """ @@ -45,22 +44,14 @@ class LegalPersonDuplicateAttributeAllowanceValidator(validation.Validator): def __init__(self): super().__init__( - validations=[self.VALIDATION_PROHIBITED_DUPLICATE_ATTRIBUTE_PRESENT], - pdu_class=rfc5280.Name, + self.VALIDATION_PROHIBITED_DUPLICATE_ATTRIBUTE_PRESENT, + _LEGAL_PERSON_REQUIRED_ATTRIBUTES, ) - def validate(self, node): - attr_counts = name.get_name_attribute_counts(node) - - for a in _REQUIRED_ATTRIBUTES: - if attr_counts[a] > 1: - raise validation.ValidationFindingEncountered( - self.VALIDATION_PROHIBITED_DUPLICATE_ATTRIBUTE_PRESENT, - f"Prohibited duplicate attribute present: {a}", - ) - -class LegalPersonOrganizationAttributesEqualityValidator(validation.Validator): +class LegalPersonOrganizationAttributesEqualityValidator( + etsi_shared.LegalPersonOrganizationAttributesEqualityValidator +): """ LEG-4.2.1-6: The organizationIdentifier attribute shall contain an identification of the subject organization different from the organization name. @@ -72,44 +63,7 @@ class LegalPersonOrganizationAttributesEqualityValidator(validation.Validator): ) def __init__(self): - super().__init__( - validations=[self.VALIDATION_ORGID_ORGNAME_ATTRIBUTE_VALUES_EQUAL], - pdu_class=rfc5280.Name, - ) - - def validate(self, node): - # only get the first instance of the attributes - orgname_attr_and_idx = next( - iter( - name.get_name_attributes_by_type(node, rfc5280.id_at_organizationName) - ), - None, - ) - orgid_attr_and_idx = next( - iter( - name.get_name_attributes_by_type( - node, x520_name.id_at_organizationIdentifier - ) - ), - None, - ) - - if orgname_attr_and_idx and orgid_attr_and_idx: - orgname_attr, _ = orgname_attr_and_idx - orgid_attr, _ = orgid_attr_and_idx - - orgname = asn1_util.get_string_value_from_attribute_node(orgname_attr) - orgid = asn1_util.get_string_value_from_attribute_node(orgid_attr) - - # if any of the attributes were not decoded, then return early - if orgname is None or orgid is None: - return - - if orgname.casefold() == orgid.casefold(): - raise validation.ValidationFindingEncountered( - self.VALIDATION_ORGID_ORGNAME_ATTRIBUTE_VALUES_EQUAL, - f'Organization name and identifier attribute values are equal: "{orgname}"', - ) + super().__init__(self.VALIDATION_ORGID_ORGNAME_ATTRIBUTE_VALUES_EQUAL) class LegalPersonKeyUsageValidator(etsi_shared.KeyUsageValidator): @@ -139,7 +93,7 @@ def __init__(self, is_content_commitment_type): ) -class LegalPersonCountryCodeValidator(validation.Validator): +class LegalPersonCountryCodeValidator(etsi_shared.LegalPersonCountryCodeValidator): """ LEG-4.2.1-4: The countryName attribute shall specify the country in which the subject (legal person) is established. """ @@ -150,16 +104,4 @@ class LegalPersonCountryCodeValidator(validation.Validator): ) def __init__(self): - super().__init__( - validations=[self.VALIDATION_UNKNOWN_COUNTRY_CODE], - pdu_class=rfc5280.X520countryName, - ) - - def validate(self, node): - value_str = str(node.pdu) - - if value_str not in organization_id.ISO3166_1_COUNTRY_CODES: - raise validation.ValidationFindingEncountered( - self.VALIDATION_UNKNOWN_COUNTRY_CODE, - f'Unknown country code: "{value_str}"', - ) + super().__init__(self.VALIDATION_UNKNOWN_COUNTRY_CODE) diff --git a/pkilint/etsi/en_319_412_5.py b/pkilint/etsi/en_319_412_5.py index 8d8c7dc..5bb2e50 100644 --- a/pkilint/etsi/en_319_412_5.py +++ b/pkilint/etsi/en_319_412_5.py @@ -4,7 +4,7 @@ from iso3166 import countries_by_alpha2 from iso4217 import Currency from urllib.parse import urlparse -from pyasn1_alt_modules import rfc3739 +from pyasn1_alt_modules import rfc3739, rfc5280 from pkilint.pkix import extension, Rfc2119Word import iso639 @@ -160,6 +160,8 @@ def __init__(self, certificate_type): if certificate_type in etsi_constants.WEB_AUTHENTICATION_CERTIFICATE_TYPES: self._expected_qc_type = en_319_412_5.id_etsi_qct_web + elif certificate_type in etsi_constants.QCP_N_CERTIFICATE_TYPES: + self._expected_qc_type = en_319_412_5.id_etsi_qct_esign else: self._expected_qc_type = None @@ -307,6 +309,24 @@ def __init__(self): ) +class QcStatementPresenceValidator(extension.ExtensionPresenceValidator): + """ + QCS-5-01: EU qualified certificates shall include QCStatements in accordance with table 2 + """ + + VALIDATION_QC_STATEMENTS_MISSING = validation.ValidationFinding( + validation.ValidationFindingSeverity.ERROR, + "etsi.en_319_412_5.qcs-5.01", + ) + + def __init__(self): + super().__init__( + extension_oid=rfc3739.id_pe_qcStatements, + validation=self.VALIDATION_QC_STATEMENTS_MISSING, + pdu_class=rfc5280.Extensions, + ) + + class QcStatementIdentifierAllowanceValidator( common.ElementIdentifierAllowanceValidator ): @@ -332,17 +352,28 @@ def retrieve_qualified_statement_id(cls, node): def __init__(self, certificate_type: etsi_constants.CertificateType): allowances = {} - if certificate_type in etsi_constants.EU_QWAC_TYPES: + if certificate_type in etsi_constants.EU: + # Table 2: 4.2.1 allowances[en_319_412_5.id_etsi_qcs_QcCompliance] = Rfc2119Word.MUST + # Table 2: 4.2.4 allowances[en_319_412_5.id_etsi_qcs_QcCClegislation] = Rfc2119Word.MUST_NOT - allowances[en_319_412_5.id_etsi_qcs_QcType] = Rfc2119Word.MUST + # Table 2: 4.2.2 + if certificate_type in etsi_constants.EU_SSCD: + allowances[en_319_412_5.id_etsi_qcs_QcSSCD] = Rfc2119Word.MUST + + if (certificate_type in etsi_constants.EU_QWAC_TYPES) or ( + certificate_type in etsi_constants.QCP_N_CERTIFICATE_TYPES + ): + # Table 2: 4.2.3 (QWAC is Annex IV, signatures is Annex I) + allowances[en_319_412_5.id_etsi_qcs_QcType] = Rfc2119Word.MUST + if certificate_type in etsi_constants.EU_QWAC_TYPES: + # PR Question: Table 2, 4.2.2 only defines MUST, is the MUST_NOT also from 412-5 somewhere? + allowances[en_319_412_5.id_etsi_qcs_QcSSCD] = Rfc2119Word.MUST_NOT + elif certificate_type in etsi_constants.NON_EU_QWAC_TYPES: - allowances[en_319_412_5.id_etsi_qcs_QcCompliance] = Rfc2119Word.MUST + # PR Question: Is this from 415_5.qcs-4.2? Needs different classifier? allowances[en_319_412_5.id_etsi_qcs_QcCClegislation] = Rfc2119Word.MUST - if certificate_type in etsi_constants.QWAC_TYPES: - allowances[en_319_412_5.id_etsi_qcs_QcSSCD] = Rfc2119Word.MUST_NOT - super().__init__( "qualified statement", self.retrieve_qualified_statement_id, diff --git a/pkilint/etsi/etsi_constants.py b/pkilint/etsi/etsi_constants.py index e40c684..3ec6947 100644 --- a/pkilint/etsi/etsi_constants.py +++ b/pkilint/etsi/etsi_constants.py @@ -27,6 +27,7 @@ class CertificateType(enum.IntEnum): QNCP_W_GEN_LEGAL_PERSON_NON_EIDAS_PRE_CERTIFICATE = auto() QEVCP_W_PSD2_EIDAS_PRE_CERTIFICATE = auto() QEVCP_W_PSD2_EIDAS_NON_BROWSER_PRE_CERTIFICATE = auto() + QCP_N_QSCD_PRE_CERTIFICATE = auto() # final certificate types NCP_W_NATURAL_PERSON_FINAL_CERTIFICATE = auto() @@ -47,6 +48,7 @@ class CertificateType(enum.IntEnum): QNCP_W_GEN_LEGAL_PERSON_NON_EIDAS_FINAL_CERTIFICATE = auto() QEVCP_W_PSD2_EIDAS_FINAL_CERTIFICATE = auto() QEVCP_W_PSD2_EIDAS_NON_BROWSER_FINAL_CERTIFICATE = auto() + QCP_N_QSCD_FINAL_CERTIFICATE = auto() NCP_NATURAL_PERSON_CERTIFICATE = auto() NCP_LEGAL_PERSON_CERTIFICATE = auto() @@ -129,6 +131,13 @@ def from_option_str(value): CertificateType.QNCP_W_GEN_LEGAL_PERSON_NON_EIDAS_FINAL_CERTIFICATE, } +QCP_N_QSCD_CERTIFICATE_TYPES = { + CertificateType.QCP_N_QSCD_PRE_CERTIFICATE, + CertificateType.QCP_N_QSCD_FINAL_CERTIFICATE, +} + +QCP_N_CERTIFICATE_TYPES = QCP_N_QSCD_CERTIFICATE_TYPES + QNCP_W_GEN_LP_CERTIFICATE_TYPES = ( QNCP_W_GEN_LP_EIDAS_CERTIFICATE_TYPES | QNCP_W_GEN_LP_NON_EIDAS_CERTIFICATE_TYPES ) @@ -211,6 +220,7 @@ def from_option_str(value): CABF_IV_CERTIFICATE_TYPES | QNCP_W_GEN_NP_CERTIFICATE_TYPES | NCP_NP_CERTIFICATE_TYPES + | QCP_N_CERTIFICATE_TYPES ) LEGAL_PERSON_CERTIFICATE_TYPES = ( @@ -256,6 +266,10 @@ def from_option_str(value): NON_EU_QWAC_TYPES = QWAC_TYPES - EU_QWAC_TYPES +EU_SSCD = QCP_N_QSCD_CERTIFICATE_TYPES + +EU = EU_QWAC_TYPES | EU_SSCD + ETSI_TYPE_TO_CABF_SERVERAUTH_TYPE_MAPPINGS = { CertificateType.DVCP_PRE_CERTIFICATE: serverauth_constants.CertificateType.DV_PRE_CERTIFICATE, CertificateType.IVCP_PRE_CERTIFICATE: serverauth_constants.CertificateType.IV_PRE_CERTIFICATE, diff --git a/pkilint/etsi/etsi_shared.py b/pkilint/etsi/etsi_shared.py index 0a038cb..54f497b 100644 --- a/pkilint/etsi/etsi_shared.py +++ b/pkilint/etsi/etsi_shared.py @@ -3,8 +3,10 @@ from pyasn1_alt_modules import rfc5280 -from pkilint import validation, document -from pkilint.itu import bitstring +from pkilint import validation, document, common +from pkilint.common import organization_id +from pkilint.itu import bitstring, x520_name, asn1_util +from pkilint.pkix import Rfc2119Word, name from pkilint.pkix.certificate.certificate_extension import KeyUsageBitName @@ -147,3 +149,111 @@ def validate(self, node): VALIDATION_INTERNAL_IP_ADDRESS = validation.ValidationFinding( validation.ValidationFindingSeverity.ERROR, "etsi.internal_ip_address" ) + + +class LegalPersonAttributeAllowanceValidator( + common.AttributeIdentifierAllowanceValidator +): + + def __init__(self, code_classifier, required_attributes, path_to_rdnSequence): + _ATTRIBUTE_ALLOWANCES = {a: Rfc2119Word.MUST for a in required_attributes} + super().__init__( + _ATTRIBUTE_ALLOWANCES, + code_classifier, + Rfc2119Word.MAY, + path=path_to_rdnSequence, + ) + + +class LegalPersonDuplicateAttributeAllowanceValidator(validation.Validator): + """ + 412-3 LEG-4.2.1-3 and 412-2 GEN-4.2.3.1-5: Only one instance of each of these attributes shall be present. + """ + + def __init__(self, finding, required_attributes): + self._finding = finding + self._required_attributes = required_attributes + super().__init__( + validations=[finding], + pdu_class=rfc5280.Name, + ) + + def validate(self, node): + attr_counts = name.get_name_attribute_counts(node) + + for a in self._required_attributes: + if attr_counts[a] > 1: + raise validation.ValidationFindingEncountered( + self._finding, + f"Prohibited duplicate attribute present: {a}", + ) + + +class LegalPersonOrganizationAttributesEqualityValidator(validation.Validator): + """ + 412-3 LEG-4.2.1-6 and 412-2 GEN-4.2.3.1-8: The organizationIdentifier attribute shall contain an identification of the subject organization + different from the organization name. + """ + + def __init__(self, finding): + self._finding = finding + super().__init__( + validations=[finding], + pdu_class=rfc5280.Name, + ) + + def validate(self, node): + # only get the first instance of the attributes + orgname_attr_and_idx = next( + iter( + name.get_name_attributes_by_type(node, rfc5280.id_at_organizationName) + ), + None, + ) + orgid_attr_and_idx = next( + iter( + name.get_name_attributes_by_type( + node, x520_name.id_at_organizationIdentifier + ) + ), + None, + ) + + if orgname_attr_and_idx and orgid_attr_and_idx: + orgname_attr, _ = orgname_attr_and_idx + orgid_attr, _ = orgid_attr_and_idx + + orgname = asn1_util.get_string_value_from_attribute_node(orgname_attr) + orgid = asn1_util.get_string_value_from_attribute_node(orgid_attr) + + # if any of the attributes were not decoded, then return early + if orgname is None or orgid is None: + return + + if orgname.casefold() == orgid.casefold(): + raise validation.ValidationFindingEncountered( + self._finding, + f'Organization name and identifier attribute values are equal: "{orgname}"', + ) + + +class LegalPersonCountryCodeValidator(validation.Validator): + """ + 412-3 LEG-4.2.1-4 and 412-2 GEN-4.2.3.1-6: The countryName attribute shall specify the country in which the subject (legal person) is established. + """ + + def __init__(self, finding): + self._finding = finding + super().__init__( + validations=[finding], + pdu_class=rfc5280.X520countryName, + ) + + def validate(self, node): + value_str = str(node.pdu) + + if value_str not in organization_id.ISO3166_1_COUNTRY_CODES: + raise validation.ValidationFindingEncountered( + self._finding, + f'Unknown country code: "{value_str}"', + ) diff --git a/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/empty_qc_statements.crttest b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/empty_qc_statements.crttest new file mode 100644 index 0000000..7cce6fe --- /dev/null +++ b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/empty_qc_statements.crttest @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIEWDCCA0CgAwIBAgIMNFUhLrwL2eQJS19ZMA0GCSqGSIb3DQEBCwUAMHYxMTAv +BgNVBAMMKENsZXZlcmJhc2UgSUQgUEtJb3ZlcmhlaWQgQnVyZ2VyIENBIC0gRzQx +GzAZBgNVBAoMEkNsZXZlcmJhc2UgSUQgQi5WLjELMAkGA1UEBhMCTkwxFzAVBgNV +BGEMDk5UUk5MLTY3NDE5OTI1MB4XDTI0MTEwMTE1MTEzNFoXDTI4MDEzMDE1MTEz +NFowYzEkMCIGA1UEAwwbV2lsbGVrZSBMaXNlbG90dGUgRGUgQnJ1aWpuMQswCQYD +VQQGEwJOTDESMBAGA1UEBAwJRGUgQnJ1aWpuMRowGAYDVQQqDBFXaWxsZWtlIExp +c2Vsb3R0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJyKjJ/39FBT +pYokpj3tolfyJJxcAFWJ41adhRXj/YqZTGgBTSPHObsofpdrDc4BP4qmf7/jsWwh +f2g3HKAz2rScpqbusyk3t/mU1ugsqUbESofYS+LdhTZMp6lQNvluIPoosOCVsKmH +osaIUTZDAUOu2bKgzZwbp6uLMPYwEbxibPKHnuZY5tyh+N5Nj/Fp2FYIIYlXSUuI +0563D2p8V7cOFgu6Ig38TAwwRn9w59jsHp8i/Ak9xsKpWT6MjR7jdBzShK3KkSYM +W85w7xf19ejaD0VuXtgoTdgPiF9oqQNtiCALf9YFM0UU6RCdNYcmRHXbYBSOWFv7 +HcRPT0NadGUCAwEAAaOB+DCB9TAOBggrBgEFBQcBAwQCMAAwFAYDVR0gBA0wCzAJ +BgcEAIvsQAECMB0GA1UdDgQWBBS6aoRx8ypycfYf190V5V+AHCfArzAfBgNVHSME +GDAWgBR3uq30fLfjZEEoo7yITVEgnXzqxDAOBgNVHQ8BAf8EBAMCBkAwRQYIKwYB +BQUHAQEEOTA3MDUGCCsGAQUFBzAChilodHRwczovL2NsZXZlcmJhc2UuY29tL2xv +Y2F0aW9uLm9mLmNhLmNlcjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY2xldmVy +YmFzZS5jb20vbG9jYXRpb24ub2YuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAmeHxu +GrtMv3ZA3q8jW0Dun63IJjDO5TW1tft1xIlHCw+XOQ9PyMzNzHhDhPgKK4vht4Jd +jBIdFzlw/HPvMP+gmejhS7L2y5Xycy4IQiGB8bkMkSbN/Rcyyjw9IJtt9Z2CW4Ly +nYcaJnGYqk7z7pz3UjFluO5gQvNw6yjZVqFnDBw15sPvVZKhHMx7aL3WqGq2Odl3 +wMCE3/39iIU9TavrBSgZXCJ559eML6CJWq22gbJMBxE+UQBVCaUmKx+mDtSQANV7 +fbaE2pwn3uXNZJDj7gWkOW4X5TVMVJAxdy6oXcSxwsa2702tR7DSWMwG8LcHN/tX +Y/S0DLZWrXdeyz8X +-----END CERTIFICATE----- + +node_path,validator,severity,code,message +certificate.tbsCertificate.extensions.0.extnValue.qCStatements,QcStatementIdentifierAllowanceValidator,ERROR,etsi.en_319_412_5.qcs-5.01.qc_compliance_qualified_statement_absent, +certificate.tbsCertificate.extensions.0.extnValue.qCStatements,QcStatementIdentifierAllowanceValidator,ERROR,etsi.en_319_412_5.qcs-5.01.qc_sscd_qualified_statement_absent, +certificate.tbsCertificate.extensions.0.extnValue.qCStatements,QcStatementIdentifierAllowanceValidator,ERROR,etsi.en_319_412_5.qcs-5.01.qc_type_qualified_statement_absent, +certificate.tbsCertificate.extensions.2.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified, diff --git a/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/invalid_issuer.crttest b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/invalid_issuer.crttest new file mode 100644 index 0000000..18ead16 --- /dev/null +++ b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/invalid_issuer.crttest @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIENTCCAx2gAwIBAgINAJb1qLw47ak/twTIOTANBgkqhkiG9w0BAQsFADAAMB4X +DTI0MTEwMTE1MTkzOFoXDTI4MDEzMDE1MTkzOFowYzEkMCIGA1UEAwwbV2lsbGVr +ZSBMaXNlbG90dGUgRGUgQnJ1aWpuMQswCQYDVQQGEwJOTDESMBAGA1UEBAwJRGUg +QnJ1aWpuMRowGAYDVQQqDBFXaWxsZWtlIExpc2Vsb3R0ZTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAOQyaJm9XlK+Xa1Hb/ng5Raq3uGTdkoovowgeQKM +RzvarZG04iM1A/iWJEIvNXiXwMSCbUFDvQ1W2tVNNR3bZhFyuQz9v7E39qCPQ2Zp +gYApcRKwhvHJdcYKRvZGCbdoMIL3LrE1TaSQLS5jpTrse4chykJai4WAVj/Q992E +K+MnfbHB7oekmpD+0LNfGuByAFqTAt7w1XpeizIvlgwxce9ViSYowobQTr7LuDso +K2+zpnfwPuYsH7DmR6qKNKEmd2wOP4zT+9pJ5avbhNY4IP0G+QntXYwqjBJmTwOU +UVFv4nvdmKscnANUQT8ROA9VsVuETFFok7LypBnIjkn6+GECAwEAAaOCAUkwggFF +MF4GCCsGAQUFBwEDBFIwUDAIBgYEAI5GAQQwCAYGBACORgEBMBMGBgQAjkYBBjAJ +BgcEAI5GAQYBMCUGBgQAjkYBBTAbMBkWE2h0dHBzOi8vcGRzTG9jYXRpb24TAmVu +MBQGA1UdIAQNMAswCQYHBACL7EABAjAdBgNVHQ4EFgQU3DSj3dR2nQTIgx0vipZv +RMK2uyIwHwYDVR0jBBgwFoAUSkWvE1mVHX6KtplyyOH3oP0d8wswDgYDVR0PAQH/ +BAQDAgZAMEUGCCsGAQUFBwEBBDkwNzA1BggrBgEFBQcwAoYpaHR0cHM6Ly9jbGV2 +ZXJiYXNlLmNvbS9sb2NhdGlvbi5vZi5jYS5jZXIwNgYDVR0fBC8wLTAroCmgJ4Yl +aHR0cDovL2NsZXZlcmJhc2UuY29tL2xvY2F0aW9uLm9mLmNybDANBgkqhkiG9w0B +AQsFAAOCAQEAFHy5I8Bd4qC67P771Ur8Q2U7KWRF+GxERvR68ZxuzbBPhmx8k6jQ +yfnLcPxx9HCsnOvgbkkRp/J5vhj/ybavd0vFIqg0eVXRHuzx3RfT1/7SN2GzDteF +F9j0UMciEKdKTahMSd8/VjAEsGek9+DcYjFxbU0c9RUHVIMYX9Q/HeuPfZ16fKSz +GIODsVzu40OYLU4/guVzdcSJwDai2qmCE+RApqkJxGAQTadGoPzVYWlSbVGKl57e +eRbZSSKjbhny0gL/Xnr9mrgEuQsAWaoczS0M6QrP5D6YBPxAbAtJmL3jnPYU27QI +IzUUkjYJ/GlRXUCHCDjht8SlGvk3r3QnlA== +-----END CERTIFICATE----- + +node_path,validator,severity,code,message +certificate.tbsCertificate.issuer.rdnSequence,EmptyNameValidator,ERROR,pkix.name_empty, +certificate.tbsCertificate.issuer.rdnSequence,LegalPersonIssuerAttributeAllowanceValidator,ERROR,etsi.en_319_412_2.gen-4.2.3.1-2.country_attribute_absent, +certificate.tbsCertificate.issuer.rdnSequence,LegalPersonIssuerAttributeAllowanceValidator,ERROR,etsi.en_319_412_2.gen-4.2.3.1-2.common_name_attribute_absent, +certificate.tbsCertificate.issuer.rdnSequence,LegalPersonIssuerAttributeAllowanceValidator,ERROR,etsi.en_319_412_2.gen-4.2.3.1-2.organization_name_attribute_absent, +certificate.tbsCertificate.extensions.2.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified, \ No newline at end of file diff --git a/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/invalid_keyusage.crttest b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/invalid_keyusage.crttest new file mode 100644 index 0000000..5e34e59 --- /dev/null +++ b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/invalid_keyusage.crttest @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIEqzCCA5OgAwIBAgINAOLwigtcLS7v6mSEHDANBgkqhkiG9w0BAQsFADB2MTEw +LwYDVQQDDChDbGV2ZXJiYXNlIElEIFBLSW92ZXJoZWlkIEJ1cmdlciBDQSAtIEc0 +MRswGQYDVQQKDBJDbGV2ZXJiYXNlIElEIEIuVi4xCzAJBgNVBAYTAk5MMRcwFQYD +VQRhDA5OVFJOTC02NzQxOTkyNTAeFw0yNDExMDExNTIyNDNaFw0yODAxMzAxNTIy +NDNaMGMxJDAiBgNVBAMMG1dpbGxla2UgTGlzZWxvdHRlIERlIEJydWlqbjELMAkG +A1UEBhMCTkwxEjAQBgNVBAQMCURlIEJydWlqbjEaMBgGA1UEKgwRV2lsbGVrZSBM +aXNlbG90dGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvlajTVGIE +IDZIl5zdZ88l0kNjvMsobfXWrKpw8fuoSRBn4OftLvF/j2iVbUpaG13xzkfxXLsA +L9pEol94LsrcGJtNwSHV5E2fF0raxagm06WjiM5SVBrY2JIGFsYVg1BPC7ORJqSh +1amFAUb6RZ/PTUNBvbAApSUQZup5g5kWop1HwBJl4hSlYfwxn9js82ym8fT4hrCI +YgZGuWHDVjqo6nl1VuGob0Spavl9OLsNrqLoSiIH3B9TzZG303BfASLhYcdAjdTb +SUdGCtaAvBlsOhO5VB1KiUZ5sl7xUrps8+t19ZEnmO2BEqnd6B8xL5P9MyC6Oi1b +D/3taTBtuv4vAgMBAAGjggFJMIIBRTBeBggrBgEFBQcBAwRSMFAwCAYGBACORgEE +MAgGBgQAjkYBATATBgYEAI5GAQYwCQYHBACORgEGATAlBgYEAI5GAQUwGzAZFhNo +dHRwczovL3Bkc0xvY2F0aW9uEwJlbjAUBgNVHSAEDTALMAkGBwQAi+xAAQIwHQYD +VR0OBBYEFP1E/i6iGt2+38jm/8IfLt2MKwWPMB8GA1UdIwQYMBaAFOsBmoWJ2k6q +FmCuI6L29qY6KGI4MA4GA1UdDwEB/wQEAwIHgDBFBggrBgEFBQcBAQQ5MDcwNQYI +KwYBBQUHMAKGKWh0dHBzOi8vY2xldmVyYmFzZS5jb20vbG9jYXRpb24ub2YuY2Eu +Y2VyMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jbGV2ZXJiYXNlLmNvbS9sb2Nh +dGlvbi5vZi5jcmwwDQYJKoZIhvcNAQELBQADggEBALV4uuIEMD/tRZVWSQFuiH11 +JFLfgpbjpzLyhsm4+RoOB/EnAdNwSbgIz3s/mthO58QwkVB073GihM2R67EOMB9g +xIz5TdSWKrDb/bD+YA3RpZCy/HgQ9qKN1fRyPTMYNw7mSYfvsyOz70AGVCOzHgqt +OoBI7oExBRyMAsfXbKhZmZPu4mhhhIND9Lqke58jECN56cZHpaPR+JdvjN+CC9C2 +G6YzYQfr44HARAg3wI0nNfuGeTfLhek2Pg2fl3nHUyeAEPCDl1DJftGvwUxH4JNy +FJENtzfO8TjYbj5jAl2HdsFMsaR5/24k97RwbUi7r6cx2Gs24nXB30qszuV5JCU= +-----END CERTIFICATE----- + +node_path,validator,severity,code,message +certificate.tbsCertificate.extensions.2.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified, +certificate.tbsCertificate.extensions.4.extnValue.keyUsage,NaturalPersonKeyUsageValidator,ERROR,etsi.en_319_412_2.nat-4.3.2-1.invalid_content_commitment_setting, diff --git a/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/invalid_qc_type.crttest b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/invalid_qc_type.crttest new file mode 100644 index 0000000..8ea74df --- /dev/null +++ b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/invalid_qc_type.crttest @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIEqzCCA5OgAwIBAgINAL9Y/ZDSvCQj99p22TANBgkqhkiG9w0BAQsFADB2MTEw +LwYDVQQDDChDbGV2ZXJiYXNlIElEIFBLSW92ZXJoZWlkIEJ1cmdlciBDQSAtIEc0 +MRswGQYDVQQKDBJDbGV2ZXJiYXNlIElEIEIuVi4xCzAJBgNVBAYTAk5MMRcwFQYD +VQRhDA5OVFJOTC02NzQxOTkyNTAeFw0yNDExMDExNTEyNTRaFw0yODAxMzAxNTEy +NTRaMGMxJDAiBgNVBAMMG1dpbGxla2UgTGlzZWxvdHRlIERlIEJydWlqbjELMAkG +A1UEBhMCTkwxEjAQBgNVBAQMCURlIEJydWlqbjEaMBgGA1UEKgwRV2lsbGVrZSBM +aXNlbG90dGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2VQ8WmmbK +NxWALpe3hbIkJjfvoNvLZ1WvKey6XCeu4SrgMmt7ujDPnGccnUFC77DiGdNuhqk+ +OZdpnFBxBW/3M1nh91SoNLWsgNBsqyR9jOR/lq4uIqtUXXkN1DBTugPS4nPEMjt+ +VVv7V8en2quZsaV8tt4XrAD89szxp+K/bylo+1VqUOFm5j7y57I2N5YODSGjCkca +tU2C+yj+ggSQlhGiQy7WsFJdVvBgFuMTw+YLtDhlw3E9TrFQCTRo6rE/BGOdfNv0 +kIjOVo8OarQgKAwlC1HofmQnjj2Fi7wAgSk0mXat1lMmymC1PquMoqeqIHHubex6 +wGw2ZxQNk1Z3AgMBAAGjggFJMIIBRTBeBggrBgEFBQcBAwRSMFAwCAYGBACORgEE +MAgGBgQAjkYBATATBgYEAI5GAQYwCQYHBACORgEGAjAlBgYEAI5GAQUwGzAZFhNo +dHRwczovL3Bkc0xvY2F0aW9uEwJlbjAUBgNVHSAEDTALMAkGBwQAi+xAAQIwHQYD +VR0OBBYEFM6ClVAsA8ECh/j0wgrojMi9616aMB8GA1UdIwQYMBaAFMSlrZWparUA +Mm+VE4yUAUFczOeAMA4GA1UdDwEB/wQEAwIGQDBFBggrBgEFBQcBAQQ5MDcwNQYI +KwYBBQUHMAKGKWh0dHBzOi8vY2xldmVyYmFzZS5jb20vbG9jYXRpb24ub2YuY2Eu +Y2VyMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jbGV2ZXJiYXNlLmNvbS9sb2Nh +dGlvbi5vZi5jcmwwDQYJKoZIhvcNAQELBQADggEBAK5ndDzH1nrF7uNyx65CeaBd +dnHGPJypVx4/S0bks/ZIGoHbIFra7NqQL+yAI0ST3FuitD13OiOScnROEdILnEF8 +hjDJqvthXOj/XCqZ0p7IVy+NjyNIbCfZTRATaJjXbDT1coBkjLpWqeViKy7NhZBo +RNC/piC8K192gpH4L2xDlKotl5Rey1VdXROQni7CHhV5Mh8YSEoJIR/jW/vz5YyR +2yr4Fs29Zb5shOdAOzANlqTxhCLv8xVhKpe5kj5QSBXlMgsUakVkOCdOUiLtYKP6 +DdNOVaGs+AoirZoY+kP2K8sKvZkvi3QKtzEJ/sa9SaveMA5TtSud9/pctGz3w0s= +-----END CERTIFICATE----- + +node_path,validator,severity,code,message +certificate.tbsCertificate.extensions.0.extnValue.qCStatements.2.statementInfo.qcType,QcTypeValidator,ERROR,etsi.en_319_412_5.gen-4.2.3.qc_type_mismatch,"Certificate type is ""QCP-N-QSCD-FINAL-CERTIFICATE"" but QcType qualified statement contains ""0.4.0.1862.1.6.2""" +certificate.tbsCertificate.extensions.2.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified, \ No newline at end of file diff --git a/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/missing_qc_statements.crttest b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/missing_qc_statements.crttest new file mode 100644 index 0000000..d854f6d --- /dev/null +++ b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/missing_qc_statements.crttest @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIESDCCAzCgAwIBAgIMPbwWWv8HeHM6/5GOMA0GCSqGSIb3DQEBCwUAMHYxMTAv +BgNVBAMMKENsZXZlcmJhc2UgSUQgUEtJb3ZlcmhlaWQgQnVyZ2VyIENBIC0gRzQx +GzAZBgNVBAoMEkNsZXZlcmJhc2UgSUQgQi5WLjELMAkGA1UEBhMCTkwxFzAVBgNV +BGEMDk5UUk5MLTY3NDE5OTI1MB4XDTI0MTEwMTE1MDgxMloXDTI4MDEzMDE1MDgx +MlowYzEkMCIGA1UEAwwbV2lsbGVrZSBMaXNlbG90dGUgRGUgQnJ1aWpuMQswCQYD +VQQGEwJOTDESMBAGA1UEBAwJRGUgQnJ1aWpuMRowGAYDVQQqDBFXaWxsZWtlIExp +c2Vsb3R0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKywuiGGkLT0 +42B/SwZIAQSgZq9MDpHD6jJk6QgCRmdwXOf0Dzr2SCCJ+qs6ls2aDYwh0VMCHm+T +FJEsQP2Pu7f6U0tY2BFqpGDogIuvlbESaHD6cTO5eeYu6l0dTdMALOBEhyG3WoMD +cR73D9p8m2RRRoQ7jgFA/zwjh1DWoTWJkql7bkY+M5uZOqteV6sK9G1r+6eyQuOZ +skT+ZpJhlHuXMLUYgfR0Id7qiDz4N/LriZpvfMRV+1pNjPSRbae1bftXlRnQJap6 +h29TZQDVw0nsU34W2/HhZBjbrI+o7eCkjsWbqYAUlMw2Im9YUkus5XREnk4ceGnp +wGNhmowWzFMCAwEAAaOB6DCB5TAUBgNVHSAEDTALMAkGBwQAi+xAAQIwHQYDVR0O +BBYEFAvgDyi6Q4mU6YFvDsbTCd+x5+c6MB8GA1UdIwQYMBaAFDNq07+99e8NDi8a +h+S/VMEAyXucMA4GA1UdDwEB/wQEAwIGQDBFBggrBgEFBQcBAQQ5MDcwNQYIKwYB +BQUHMAKGKWh0dHBzOi8vY2xldmVyYmFzZS5jb20vbG9jYXRpb24ub2YuY2EuY2Vy +MDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jbGV2ZXJiYXNlLmNvbS9sb2NhdGlv +bi5vZi5jcmwwDQYJKoZIhvcNAQELBQADggEBAGauGeaV72GXUzgoYEfElNsvSn0M +4ITvDFSz/Hfy6U45e0NGQcm9BWqKSxs2ryr3ecBmFDq0HzHn4onP6JD6rAPzhU6j ++ecvO8ZlUK50ep8oPYFulkrCg3ub2qZAcq0GpttowOoCO5BieCxCDSbZC70wtXmY +Ji43XX5KoW+uRQC/CF9ujM8AOuzRHYwrmSmJmqEj3y2yboOcTo5AJXFrYH+1bgmx +V20uCUwn/Z1RL4eCBSB0JDpJiOMDqLgIgnGrP3hWu3G7UTAlOZtyEZMx63mjUwKH +FP1uHAm3LiCIkHaxzkmOOtFpdbHBCwQIwFwwh22GF4F7FQ/hZODQPMhzcDY= +-----END CERTIFICATE----- + +node_path,validator,severity,code,message +certificate.tbsCertificate.extensions,QcStatementPresenceValidator,ERROR,etsi.en_319_412_5.qcs-5.01, +certificate.tbsCertificate.extensions.1.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified, \ No newline at end of file diff --git a/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/wrong_qualified_policy.crttest b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/wrong_qualified_policy.crttest new file mode 100644 index 0000000..fdc658c --- /dev/null +++ b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/wrong_qualified_policy.crttest @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIEqzCCA5OgAwIBAgINAMDM646G1w2MTWubjTANBgkqhkiG9w0BAQsFADB2MTEw +LwYDVQQDDChDbGV2ZXJiYXNlIElEIFBLSW92ZXJoZWlkIEJ1cmdlciBDQSAtIEc0 +MRswGQYDVQQKDBJDbGV2ZXJiYXNlIElEIEIuVi4xCzAJBgNVBAYTAk5MMRcwFQYD +VQRhDA5OVFJOTC02NzQxOTkyNTAeFw0yNDExMDExNTE4MDVaFw0yODAxMzAxNTE4 +MDVaMGMxJDAiBgNVBAMMG1dpbGxla2UgTGlzZWxvdHRlIERlIEJydWlqbjELMAkG +A1UEBhMCTkwxEjAQBgNVBAQMCURlIEJydWlqbjEaMBgGA1UEKgwRV2lsbGVrZSBM +aXNlbG90dGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiZNTk90gR +AZF4pTwVTwxfagWTRptu6GGy36IgnV3aUpnAX11RxXqCohMa1szA/2GRXniWjxTM +DArEt3DmxG3X+WU+8GeuM8Pjlfc0uC9Zb4F/oj3GhcAMxlD5lq0BgJeicLtNkAqa +cRoDqQBxi32uKEliHboAlmQKzUfkOEAU1mdu155SN6gwqADdlJj7HcR43p4WvvBt +QkJepVX2E02jO1BPFRsk1qyCCciUB87giipWDmSmDDQZrwVkOzunVnYPlBHBZCkq +KIPpCDKO9SXzosV7TAMuDlZyEZCb2FEL20mnq6fv+WB5yMKdQpllNdA+v0csOGEd +RZ2WeFISNWHJAgMBAAGjggFJMIIBRTBeBggrBgEFBQcBAwRSMFAwCAYGBACORgEE +MAgGBgQAjkYBATATBgYEAI5GAQYwCQYHBACORgEGATAlBgYEAI5GAQUwGzAZFhNo +dHRwczovL3Bkc0xvY2F0aW9uEwJlbjAUBgNVHSAEDTALMAkGBwQAi+xAAQkwHQYD +VR0OBBYEFHwK86FfJPhgxNr1hM+RilSVEFqoMB8GA1UdIwQYMBaAFOFHrteH1fJ9 +GY3gg3SSmcQLDD3JMA4GA1UdDwEB/wQEAwIGQDBFBggrBgEFBQcBAQQ5MDcwNQYI +KwYBBQUHMAKGKWh0dHBzOi8vY2xldmVyYmFzZS5jb20vbG9jYXRpb24ub2YuY2Eu +Y2VyMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jbGV2ZXJiYXNlLmNvbS9sb2Nh +dGlvbi5vZi5jcmwwDQYJKoZIhvcNAQELBQADggEBANfmMZjGknF3T/elhopNSkx6 +UdGyQp0iOGMAmlsonfKD4Kqca5oQuUl47Sum3p5KoBRCy+06OSXgamXWUQDeaJ1Q +TVoNyfuTUxjY2tcgpbQqe6sE2ubH9qx65AIbrV1Q/ag3/cvBJbXGpb4o0hhK3Bp8 +PzUm0LU2gPPToIIyFJZwFM5JX7e1nkq99s8dWzpSPfFJh1bywG6VmbDyhrSQt0Zx +8RqhpHbutsOyLtG8ace7W3K8KVoq+JemdVMPR1URvac9EMEqfpyXqQupfzn4+gcB +lbTLxC4GxDyL6hQeSFiu4f48fZF0KsUpJiqaEsC4xbAxKkKySIWccgfZT6c3hQ4= +-----END CERTIFICATE----- + +node_path,validator,severity,code,message +certificate.tbsCertificate.extensions.1.extnValue.certificatePolicies,QualifiedCertificatePoliciesValidator,WARNING,etsi.en_319_412_2.qcs-5.2-1.recommended_certificate_type_policy_identifier_missing,"Missing recommended certificate type policy identifier ""0.4.0.194112.1.2""" +certificate.tbsCertificate.extensions.2.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified, diff --git a/tests/integration_certificate/etsi/qncp_w_gen_legal_person_eidas_final_certificate/rsapss_bad_salt_length.crttest b/tests/integration_certificate/etsi/qncp_w_gen_legal_person_eidas_final_certificate/rsapss_bad_salt_length.crttest index 7758b09..d88a107 100644 --- a/tests/integration_certificate/etsi/qncp_w_gen_legal_person_eidas_final_certificate/rsapss_bad_salt_length.crttest +++ b/tests/integration_certificate/etsi/qncp_w_gen_legal_person_eidas_final_certificate/rsapss_bad_salt_length.crttest @@ -35,3 +35,4 @@ certificate.tbsCertificate.extensions.4.extnValue.subjectKeyIdentifier,SubjectKe certificate.tbsCertificate.extensions,NaturalPersonExtensionIdentifierAllowanceValidator,ERROR,etsi.en_319_412_2.qc_statements_extension_absent, certificate.tbsCertificate.extensions,NcpWSubjectAltNamePresenceValidator,ERROR,etsi.en_319_412_4.web-4.1.3-4.san_missing, certificate.tbsCertificate.subject.rdnSequence.3.0.value.x520CommonName,NcpWCommonNameValidator,ERROR,etsi.en_319_412_4.web-4.1.3-4.common_name_unknown_source,"Unknown source for value of common name: ""sct""" +certificate.tbsCertificate.extensions,QcStatementPresenceValidator,ERROR,etsi.en_319_412_5.qcs-5.01, diff --git a/tests/integration_certificate/etsi/qncp_w_gen_legal_person_eidas_final_certificate/rsapss_sig_alg.crttest b/tests/integration_certificate/etsi/qncp_w_gen_legal_person_eidas_final_certificate/rsapss_sig_alg.crttest index 4b7f07f..a2a2a69 100644 --- a/tests/integration_certificate/etsi/qncp_w_gen_legal_person_eidas_final_certificate/rsapss_sig_alg.crttest +++ b/tests/integration_certificate/etsi/qncp_w_gen_legal_person_eidas_final_certificate/rsapss_sig_alg.crttest @@ -34,3 +34,4 @@ certificate.tbsCertificate.extensions.4.extnValue.subjectKeyIdentifier,SubjectKe certificate.tbsCertificate.extensions,NaturalPersonExtensionIdentifierAllowanceValidator,ERROR,etsi.en_319_412_2.qc_statements_extension_absent, certificate.tbsCertificate.subject.rdnSequence.3.0.value.x520CommonName,NcpWCommonNameValidator,ERROR,etsi.en_319_412_4.web-4.1.3-4.common_name_unknown_source,"Unknown source for value of common name: ""sct""" certificate.tbsCertificate.extensions,NcpWSubjectAltNamePresenceValidator,ERROR,etsi.en_319_412_4.web-4.1.3-4.san_missing, +certificate.tbsCertificate.extensions,QcStatementPresenceValidator,ERROR,etsi.en_319_412_5.qcs-5.01,