Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Subject organizationName field encoding should be PrintableString, got UTF8String #141

Open
kieranjol opened this issue Mar 26, 2020 · 3 comments
Open

Subject organizationName field encoding should be PrintableString, got UTF8String #141

kieranjol opened this issue Mar 26, 2020 · 3 comments
Labels
question

Comments

@kieranjol
Copy link
Contributor

Hi we got the following error which easydcp player didn't pick up on. I'll email the PKL and CPL to you, but I can't find an encoding issue in the xmls..

I traced the error to here - https://github.com/Ymagis/ClairMeta/blob/7dc86fc76d4c620bec719f59394e3b0a84178bf4/clairmeta/dcp_check_sign.py

2020-03-26 10:46:29,549 - Clairmeta - INFO - Probing DCP : E:\DCP_sipcreation\to_be_accessioned\oe9924\oe9924\07d01ee8-fa50-4981-b4f2-32e8401686e0\objects\Inside_FTR-2_F-178_20_2K_20171123_SMPTE_OV
2020-03-26 10:47:22,205 - Clairmeta - INFO - Total time : 52.69 seconds
2020-03-26 10:47:26,569 - Clairmeta - INFO - Checking DCP : E:\DCP_sipcreation\to_be_accessioned\oe9924\oe9924\07d01ee8-fa50-4981-b4f2-32e8401686e0\objects\Inside_FTR-2_F-178_20_2K_20171123_SMPTE_OV
2020-03-26 10:57:07,158 - Clairmeta - INFO - DCP : E:\DCP_sipcreation\to_be_accessioned\oe9924\oe9924\07d01ee8-fa50-4981-b4f2-32e8401686e0\objects\Inside_FTR-2_F-178_20_2K_20171123_SMPTE_OV
2020-03-26 10:57:07,158 - Clairmeta - INFO - Size : 38.10 GiB
2020-03-26 10:57:07,158 - Clairmeta - INFO - Error(s) :
        check_certif_fields_encoding - pkl_71ebb76e-b067-47b4-b8a3-ddc48cc378a2.xml (Certificate : 5) : Subject organizationName field encoding should be PrintableString, got UTF8String
        check_certif_fields_encoding - pkl_71ebb76e-b067-47b4-b8a3-ddc48cc378a2.xml (Certificate : 6) : Subject organizationName field encoding should be PrintableString, got UTF8String
        check_certif_fields_encoding - pkl_71ebb76e-b067-47b4-b8a3-ddc48cc378a2.xml (Certificate : 7) : Subject organizationName field encoding should be PrintableString, got UTF8String
        check_certif_fields_encoding - cpl_c683f9f0-4360-4b16-966f-b79726c6c930.xml (Certificate : 5) : Subject organizationName field encoding should be PrintableString, got UTF8String
        check_certif_fields_encoding - cpl_c683f9f0-4360-4b16-966f-b79726c6c930.xml (Certificate : 6) : Subject organizationName field encoding should be PrintableString, got UTF8String
        check_certif_fields_encoding - cpl_c683f9f0-4360-4b16-966f-b79726c6c930.xml (Certificate : 7) : Subject organizationName field encoding should be PrintableString, got UTF8String
2020-03-26 10:57:07,159 - Clairmeta - INFO - Warning(s) :
        check_dcnc_compliance - ContentTitle must have 12 parts, 8 found
ContentTitle Part 20 not matching any naming convention field
ContentTitle Part 2K not matching any naming convention field
ContentTitle Part 20171123 not matching any naming convention field
ContentTitle Part SMPTE not matching any naming convention field
Field Language not found in ContentTitle
2020-03-26 10:57:07,159 - Clairmeta - INFO - Total check : 86
2020-03-26 10:57:07,159 - Clairmeta - INFO - Total time : 580.27 sec
2020-03-26 10:57:07,159 - Clairmeta - INFO - Validation : Fail
@remia
Copy link
Collaborator

remia commented Mar 26, 2020

Hi @kieranjol,

This check is based on SMPTE ST 430-2 2006 (there is now a 2017 version but it didn't seem to change the specification in that regard). Basically the fields inside the X509 certificates (used as part of the XMLs digital signature) have to be encoded in a particular format, here named PrintableString, see extract from the spec below:

Exactly one instance of the OrganizationName attribute is required in the Subject name and the Issuer name. It shall be a PrintableString. It should be a meaningful (to humans) name of the organization that is providing the root of trust for all certificates in this chain.

I remember this was not implemented at first, then a commercial checking tool raised an error on this particular check so we added it in ClairMeta. I'm not sure on which tool it was, but probably either Clipster or EasyDCP (maybe a different version from yours). Could be good to check in Clipster. I'm not sure if this would make any failures in the field though.

My email in the gmail one by the way, not sure if you use the right one because I didn't got any files about the previous issue you raised.

Cheers

@remia remia added the question label Mar 26, 2020
@remia
Copy link
Collaborator

remia commented Jun 3, 2020

Can't find from where this check comes from, would be nice if someone had more info on this.

@matmat
Copy link
Contributor

matmat commented Jul 31, 2020

I believe the tests come from the DCI CTP, with the corresponding sections in ST430 which it should be tested against for ASN.1 PrintableString:

DCI CTP: 2.1.11. Public Key Thumbprint
ST430-2: 5.3.1 Public Key Thumbprint (DnQualifier)

DCI CTP: 2.1.12. Organization Name Field
ST430-2: 5.3.2 Root Name (OrganizationName)

DCI CTP: 2.1.13. OrganizationUnitName Field
ST430-2: 5.3.3 Organization Name (OrganizationUnitName)

DCI CTP: 2.1.14. Entity Name and Roles Field
ST430-2: 5.3.4 Entity Name and Roles (CommonName)

It is not stated to test for PrintableString explicitly in the CTP, but 430-2 is given as a reference, so I think it coul be interpreted as an intended check.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@matmat @kieranjol @remia