diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ea91c1..613bfec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project from version 0.9.3 onwards are documented in this file. +## 0.9.7 - 2023-11-03 + +### Fixes + +- cabf.smime.common_name_value_unknown_source finding is incorrectly reported when SmtpUtf8Mailbox SAN values appear in the subject CN (#52 - reported and fixed by @hablutzel1) + ## 0.9.6 - 2023-10-25 ### Fixes diff --git a/VERSION.txt b/VERSION.txt index 9cf0386..bae256f 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -0.9.6 \ No newline at end of file +0.9.7 \ No newline at end of file diff --git a/pkilint/cabf/smime/smime_name.py b/pkilint/cabf/smime/smime_name.py index bbdf28a..5ad30a0 100644 --- a/pkilint/cabf/smime/smime_name.py +++ b/pkilint/cabf/smime/smime_name.py @@ -456,6 +456,6 @@ def get_email_addresses_from_san(cert_document): if name == 'rfc822Name': email_addresses.append(value.pdu) elif name == 'otherName' and value.navigate('type-id').pdu == rfc8398.id_on_SmtpUTF8Mailbox: - email_addresses.append(value.navigate('value').pdu) + email_addresses.append(value.navigate('value').child[1].pdu) return email_addresses diff --git a/tests/integration_certificate/smime_br/individual/multipurpose/common_name_only.crttest b/tests/integration_certificate/smime_br/individual/multipurpose/common_name_only.crttest index 100c573..32728b5 100644 --- a/tests/integration_certificate/smime_br/individual/multipurpose/common_name_only.crttest +++ b/tests/integration_certificate/smime_br/individual/multipurpose/common_name_only.crttest @@ -1,5 +1,5 @@ -----BEGIN CERTIFICATE----- -MIIF1DCCA7ygAwIBAgIUeWoVg5UeWvEOdZS+4GFIK+uCmEgwDQYJKoZIhvcNAQEL +MIIF+zCCA+OgAwIBAgIUeWoVg5UeWvEOdZS+4GFIK+uCmEgwDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0 ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MjgwMDAwMDBaFw0y MzA3MjcyMzU5NTlaMEIxFjAUBgNVBAMMDVlBTUFEQSBIYW5ha28xKDAmBgkqhkiG @@ -9,28 +9,28 @@ AQUAA4IBDwAwggEKAoIBAQCw+egZQ6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI qXmG8UTz0VTWdlAXXmhUs6lSADvAaIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0 yg+801SXzoFTTa+UGIRLE66jH51aa5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIe NWMF32wHqIOOPvQcWV3M5D2vxJEj702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1 -JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKyqGtGAWXAj1MTAgMBAAGjggG6MIIBtjAM +JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKyqGtGAWXAj1MTAgMBAAGjggHhMIIB3TAM BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBTWRAAyfKgN /6xPa2buta6bLMU4VDAdBgNVHQ4EFgQUiRlZXg7xafXLvUfhNPzimMxpMJEwFAYD VR0gBA0wCzAJBgdngQwBBQQCMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwu Y2EuZXhhbXBsZS5jb20vaXNzdWluZ19jYV9jcmwuY3JsMEsGCCsGAQUFBwEBBD8w PTA7BggrBgEFBQcwAoYvaHR0cDovL3JlcG9zaXRvcnkuY2EuZXhhbXBsZS5jb20v -aXNzdWluZ19jYS5kZXIwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMIGU -BgNVHREEgYwwgYmBGWhhbmFrby55YW1hZGFAZXhhbXBsZS5jb22gKQYKKwYBBAGC +aXNzdWluZ19jYS5kZXIwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMIG7 +BgNVHREEgbMwgbCBGWhhbmFrby55YW1hZGFAZXhhbXBsZS5jb22gKQYKKwYBBAGC NxQCA6AbDBloYW5ha28ueWFtYWRhQGV4YW1wbGUuY29toCYGCCsGAQUFBwgJoBoM GOWxseeUsOiKseWtkEBleGFtcGxlLmNvbaQZMBcxFTATBgNVBAMMDOWxseeUsOiK -seWtkDANBgkqhkiG9w0BAQsFAAOCAgEAhYvgYxtfQpV5Casm9zxWHQ0CFlftr6lb -nub59zfAQO2zoTUuk43H//r19N13KjqN1APRoihTNzQ9dPB5h1vwkK5nP+j57p3s -a9vJn7Po9mI1+mrCHQuulP/pqVNOnDcdzLyi4gCHhVx8ospV6B0BNeh8jF4a14pY -45FMMQTwZxUwq/npg0eseV8HkwYtLLn+17ZdiwpravE6jUwbcFkiBTZUcHUrerc7 -aJt+LptzCHyyUowkMsVC3xvK3XCP4TmtI41ThB6ytDY59BfjIuMxfvRgEs0e8/e/ -NWtzJZUty9BogK/cRXIJy6PeESbgELedzYAKiPTrgfPhl3ymZbeB6ruNKwjwty2D -jf7wfDa45Z0+0WPAcxiEyk0vhPMUVHCPhv/dlnYF+Jz+tBSdtUaKTBOXiOjgOg5Q -gtjdxZBH8R5hby+8WRdK3vFsadGTvMWjQnp3i2PRusIEQXTIBw75YV5ZUN0gKpTq -HvDwVmkYjtLrKgcFr/GDJtH15Omk6uCTML4OS5qhxFW9QMhbTto8KsW0EmSzdiLS -uVdYeBP6DkA/5CawYv+L0Kw4Sl73sr/hKETTOk952b6Fdl6YeLg9N+wMO0yHZ9TG -JCZ059L00/6Tp8Ybca7VYd/QLXPQv6F2/szWociXle5xk4BSVy0L6sRGtzOXCI8z -qGwncex6yVM= +seWtkKQlMCMxITAfBgNVBAMMGOWxseeUsOiKseWtkEBleGFtcGxlLmNvbTANBgkq +hkiG9w0BAQsFAAOCAgEAhYvgYxtfQpV5Casm9zxWHQ0CFlftr6lbnub59zfAQO2z +oTUuk43H//r19N13KjqN1APRoihTNzQ9dPB5h1vwkK5nP+j57p3sa9vJn7Po9mI1 ++mrCHQuulP/pqVNOnDcdzLyi4gCHhVx8ospV6B0BNeh8jF4a14pY45FMMQTwZxUw +q/npg0eseV8HkwYtLLn+17ZdiwpravE6jUwbcFkiBTZUcHUrerc7aJt+LptzCHyy +UowkMsVC3xvK3XCP4TmtI41ThB6ytDY59BfjIuMxfvRgEs0e8/e/NWtzJZUty9Bo +gK/cRXIJy6PeESbgELedzYAKiPTrgfPhl3ymZbeB6ruNKwjwty2Djf7wfDa45Z0+ +0WPAcxiEyk0vhPMUVHCPhv/dlnYF+Jz+tBSdtUaKTBOXiOjgOg5QgtjdxZBH8R5h +by+8WRdK3vFsadGTvMWjQnp3i2PRusIEQXTIBw75YV5ZUN0gKpTqHvDwVmkYjtLr +KgcFr/GDJtH15Omk6uCTML4OS5qhxFW9QMhbTto8KsW0EmSzdiLSuVdYeBP6DkA/ +5CawYv+L0Kw4Sl73sr/hKETTOk952b6Fdl6YeLg9N+wMO0yHZ9TGJCZ059L00/6T +p8Ybca7VYd/QLXPQv6F2/szWociXle5xk4BSVy0L6sRGtzOXCI8zqGwncex6yVM= -----END CERTIFICATE----- node_path,validator,severity,code,message certificate.tbsCertificate.subject.rdnSequence,SubscriberSubjectValidator,ERROR,cabf.smime.missing_required_attribute,"Missing one of these required attributes: 2.5.4.4, 2.5.4.42, 2.5.4.65" @@ -38,4 +38,4 @@ certificate.tbsCertificate.subject.rdnSequence.0.0.value.x520CommonName,CommonNa certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified, certificate.tbsCertificate.extensions.8.extnValue.subjectAltName.3.directoryName.rdnSequence,SubscriberSubjectValidator,ERROR,cabf.smime.missing_required_attribute,"Missing one of these required attributes: 2.5.4.4, 2.5.4.42, 2.5.4.65" certificate.tbsCertificate.extensions.8.extnValue.subjectAltName.3.directoryName.rdnSequence.0.0.value.x520CommonName,CommonNameValidator,ERROR,cabf.smime.common_name_value_unknown_source,"Unknown CN value source: ""山田花子""" - +certificate.tbsCertificate.extensions.8.extnValue.subjectAltName.4.directoryName.rdnSequence,SubscriberSubjectValidator,ERROR,cabf.smime.missing_required_attribute,"Missing one of these required attributes: 2.5.4.4, 2.5.4.42, 2.5.4.65" diff --git a/tests/integration_certificate/smime_br/mailbox/multipurpose/smtputf8mailbox_only.crttest b/tests/integration_certificate/smime_br/mailbox/multipurpose/smtputf8mailbox_only.crttest new file mode 100644 index 0000000..1a25eb4 --- /dev/null +++ b/tests/integration_certificate/smime_br/mailbox/multipurpose/smtputf8mailbox_only.crttest @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIFUTCCAzmgAwIBAgIUH/nOhctN2lspZ2LasyeIMEixJzEwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0 +ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MTkwMDAwMDBaFw0y +MzA3MTgyMzU5NTlaMCMxITAfBgNVBAMMGOWxseeUsOiKseWtkEBleGFtcGxlLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALD56BlDp66YkqreF8p8 +QPh0T+0vgUjmyOqie30AFUj7UZKrKLVsUGCxGMzRMeWUh0xsqYm1bCcpbwn7k6A0 +3zLpfG/wmYz9jm9C3aWKzR+peYbxRPPRVNZ2UBdeaFSzqVIAO8Boh7hFWsKxn3sv +dlBOvJjslFVxsHiSFQ3canTKD7zTVJfOgVNNr5QYhEsTrqMfnVprlVe732Ge/U6I +fy1CuN2LyYfq4b+Jyrhe4h41YwXfbAeog44+9BxZXczkPa/EkSPvTYq7qT05BeQC +jXupFISidZbge0tu2ZLwd7Uk09z+fd1VSb58zo2gNc+gs/uPnkb3MrKoa0YBZcCP +UxMCAwEAAaOCAVYwggFSMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB8G +A1UdIwQYMBaAFNZEADJ8qA3/rE9rZu61rpssxThUMB0GA1UdDgQWBBSJGVleDvFp +9cu9R+E0/OKYzGkwkTAUBgNVHSAEDTALMAkGB2eBDAEFAQIwPQYDVR0fBDYwNDAy +oDCgLoYsaHR0cDovL2NybC5jYS5leGFtcGxlLmNvbS9pc3N1aW5nX2NhX2NybC5j +cmwwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vcmVwb3NpdG9y +eS5jYS5leGFtcGxlLmNvbS9pc3N1aW5nX2NhLmRlcjAdBgNVHSUEFjAUBggrBgEF +BQcDBAYIKwYBBQUHAwIwMQYDVR0RBCowKKAmBggrBgEFBQcICaAaDBjlsbHnlLDo +irHlrZBAZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggIBAIOKyHChjHy4d+Ox +V/2Ndpce2/f4la47F+5bJYoq6SE7j5nwpYu+iVaztBasqX3Xdj+GVbx/Vk6UFIUQ +b9OpMB5CUZIKajTztFjqTVZ7CvL3D9f0cpQ4iRq8s7ugMzkg6rMaJhQ+oZu9V0WH +LIAV1zT1M0hoW6lHrgbmcGXtVpj/8rrzaYITL5VhXIwB5LQvRbjaR4UP982dtBlH +OgEMMLZ/K74hUsEIoVSQyZBohmiVHO5VVaLMMfO20qBqVZbhCGP0Sth7F1NJJnpO +Kqtrfb9ToES/fGalIDktuqKDl8ap0d0DMdUuSki8vfoSustoD4coh6Gj1U5OLOeB +LP2A7Wws+6YsssqdwxCM5oK8Af5htiGzr+nU/GWuQUewPoIAe7sKN82MSndkhSA5 +l2/p/TC/7Ov92nsiiZrOBZkavn1/InG/pb1XizIZQkXuTBS9rZG+9gRZLtHnlHXu +IlJ8Pd38xuvlpfFTws2DsFdI/lE4ssoHF2hGVvk6UxJsmP30P+0wmxqfvFK96y5W +OTpLeU/NzJmXTBSBy0MWmVF5E9nQWkp4d1XzShYtGq3vcXYgUGRpDJL1oik461Ds +C10jQZz+k1zvc5+dbUyuCj2Z0Lzb1C7Z+B+89xYX1pInv4zzWJBbzMzmmsMDwIRv +UehtmQe3EzrhtFLvOtx5IeV19qAK +-----END CERTIFICATE----- + +node_path,validator,severity,code,message +certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified, diff --git a/tests/integration_certificate/smime_br/mailbox/multipurpose/smtputf8mailbox_only_cn_mismatch.crttest b/tests/integration_certificate/smime_br/mailbox/multipurpose/smtputf8mailbox_only_cn_mismatch.crttest new file mode 100644 index 0000000..8303081 --- /dev/null +++ b/tests/integration_certificate/smime_br/mailbox/multipurpose/smtputf8mailbox_only_cn_mismatch.crttest @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIFeDCCA2CgAwIBAgIUH/nOhctN2lspZ2LasyeIMEixJzEwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0 +ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MTkwMDAwMDBaFw0y +MzA3MTgyMzU5NTlaMCMxITAfBgNVBAMMGOWxseeUsOiKseWtkEBleGFtcGxlLm5l +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALD56BlDp66YkqreF8p8 +QPh0T+0vgUjmyOqie30AFUj7UZKrKLVsUGCxGMzRMeWUh0xsqYm1bCcpbwn7k6A0 +3zLpfG/wmYz9jm9C3aWKzR+peYbxRPPRVNZ2UBdeaFSzqVIAO8Boh7hFWsKxn3sv +dlBOvJjslFVxsHiSFQ3canTKD7zTVJfOgVNNr5QYhEsTrqMfnVprlVe732Ge/U6I +fy1CuN2LyYfq4b+Jyrhe4h41YwXfbAeog44+9BxZXczkPa/EkSPvTYq7qT05BeQC +jXupFISidZbge0tu2ZLwd7Uk09z+fd1VSb58zo2gNc+gs/uPnkb3MrKoa0YBZcCP +UxMCAwEAAaOCAX0wggF5MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB8G +A1UdIwQYMBaAFNZEADJ8qA3/rE9rZu61rpssxThUMB0GA1UdDgQWBBSJGVleDvFp +9cu9R+E0/OKYzGkwkTAUBgNVHSAEDTALMAkGB2eBDAEFAQIwPQYDVR0fBDYwNDAy +oDCgLoYsaHR0cDovL2NybC5jYS5leGFtcGxlLmNvbS9pc3N1aW5nX2NhX2NybC5j +cmwwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vcmVwb3NpdG9y +eS5jYS5leGFtcGxlLmNvbS9pc3N1aW5nX2NhLmRlcjAdBgNVHSUEFjAUBggrBgEF +BQcDBAYIKwYBBQUHAwIwWAYDVR0RBFEwT6AmBggrBgEFBQcICaAaDBjlsbHnlLDo +irHlrZBAZXhhbXBsZS5jb22kJTAjMSEwHwYDVQQDDBjlsbHnlLDoirHlrZBAZXhh +bXBsZS5uZXQwDQYJKoZIhvcNAQELBQADggIBAIOKyHChjHy4d+OxV/2Ndpce2/f4 +la47F+5bJYoq6SE7j5nwpYu+iVaztBasqX3Xdj+GVbx/Vk6UFIUQb9OpMB5CUZIK +ajTztFjqTVZ7CvL3D9f0cpQ4iRq8s7ugMzkg6rMaJhQ+oZu9V0WHLIAV1zT1M0ho +W6lHrgbmcGXtVpj/8rrzaYITL5VhXIwB5LQvRbjaR4UP982dtBlHOgEMMLZ/K74h +UsEIoVSQyZBohmiVHO5VVaLMMfO20qBqVZbhCGP0Sth7F1NJJnpOKqtrfb9ToES/ +fGalIDktuqKDl8ap0d0DMdUuSki8vfoSustoD4coh6Gj1U5OLOeBLP2A7Wws+6Ys +ssqdwxCM5oK8Af5htiGzr+nU/GWuQUewPoIAe7sKN82MSndkhSA5l2/p/TC/7Ov9 +2nsiiZrOBZkavn1/InG/pb1XizIZQkXuTBS9rZG+9gRZLtHnlHXuIlJ8Pd38xuvl +pfFTws2DsFdI/lE4ssoHF2hGVvk6UxJsmP30P+0wmxqfvFK96y5WOTpLeU/NzJmX +TBSBy0MWmVF5E9nQWkp4d1XzShYtGq3vcXYgUGRpDJL1oik461DsC10jQZz+k1zv +c5+dbUyuCj2Z0Lzb1C7Z+B+89xYX1pInv4zzWJBbzMzmmsMDwIRvUehtmQe3Ezrh +tFLvOtx5IeV19qAK +-----END CERTIFICATE----- + +node_path,validator,severity,code,message +certificate.tbsCertificate.subject.rdnSequence.0.0.value.x520CommonName,CommonNameValidator,ERROR,cabf.smime.common_name_value_unknown_source,"Unknown CN value source: ""山田花子@example.net""" +certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified, +certificate.tbsCertificate.extensions.8.extnValue.subjectAltName.1.directoryName.rdnSequence.0.0.value.x520CommonName,CommonNameValidator,ERROR,cabf.smime.common_name_value_unknown_source,"Unknown CN value source: ""山田花子@example.net"""