Merge pull request #119 from nunzionapoli/nunzio

- Rimosso check sul testo delle certificate policies
- Rimosso check sulla presenza di email nel subjectDN

spid_compliant_certificates/__init__.py

@@ -28,7 +28,7 @@
 _min = 5
 
 # micro version
-_mic = 1
+_mic = 2
 
 # release level (alpha, beta, rc, final)
 _rel = 'final'

spid_compliant_certificates/validator/checks/certificate_policies.py

@@ -62,53 +62,53 @@ def certificate_policies(extensions: x509.Extensions, sector: str) -> List[Tuple
             res = SUCCESS if is_present else FAILURE
             checks.append((res, msg, is_present))
 
-        # check the content of the policies
-        for p in policies:
-            oid = p.policy_identifier.dotted_string
-            if oid == '1.3.76.16.6':
-                for q in p.policy_qualifiers:
-                    if isinstance(q, x509.extensions.UserNotice):
-                        exp_etext = 'agIDcert'
-                        etext = q.explicit_text
-
-                        msg = f'policy {oid} must have '
-                        msg += f'UserNotice.ExplicitText={exp_etext}'  # noqa
-
-                        res = FAILURE if etext != exp_etext else SUCCESS
-                        checks.append((res, msg, etext))
-
-            if sector == 'public' and oid == '1.3.76.16.4.2.1':
-                for q in p.policy_qualifiers:
-                    if isinstance(q, x509.extensions.UserNotice):
-                        exp_etext = 'cert_SP_Pub'
-                        etext = q.explicit_text
-
-                        msg = f'policy {oid} must have '
-                        msg += f'UserNotice.ExplicitText={exp_etext}'  # noqa
-
-                        res = FAILURE if etext != exp_etext else SUCCESS
-                        checks.append((res, msg, etext))
-            if sector == 'private' and oid == '1.3.76.16.4.3.1':
-                _qualifiers = p.policy_qualifiers or []
-                msg = f'policy {oid} must have '
-                for q in _qualifiers:
-                    if isinstance(q, x509.extensions.UserNotice):
-                        exp_etext = 'cert_SP_Priv'
-                        etext = q.explicit_text
-
-                        msg += f'UserNotice.ExplicitText={exp_etext}'  # noqa
-
-                        res = FAILURE if etext != exp_etext else SUCCESS
-                        checks.append((res, msg, etext))
-
-                if not _qualifiers:
-                    checks.append(
-                        (
-                            FAILURE,
-                            f'policy {oid} must have a valid policy',
-                            ""
-                        )
-                    )
+        # # check the content of the policies
+        # for p in policies:
+        #     oid = p.policy_identifier.dotted_string
+        #     if oid == '1.3.76.16.6':
+        #         for q in p.policy_qualifiers:
+        #             if isinstance(q, x509.extensions.UserNotice):
+        #                 exp_etext = 'agIDcert'
+        #                 etext = q.explicit_text
+
+        #                 msg = f'policy {oid} must have '
+        #                 msg += f'UserNotice.ExplicitText={exp_etext}'  # noqa
+
+        #                 res = FAILURE if etext != exp_etext else SUCCESS
+        #                 checks.append((res, msg, etext))
+
+        #     if sector == 'public' and oid == '1.3.76.16.4.2.1':
+        #         for q in p.policy_qualifiers:
+        #             if isinstance(q, x509.extensions.UserNotice):
+        #                 exp_etext = 'cert_SP_Pub'
+        #                 etext = q.explicit_text
+
+        #                 msg = f'policy {oid} must have '
+        #                 msg += f'UserNotice.ExplicitText={exp_etext}'  # noqa
+
+        #                 res = FAILURE if etext != exp_etext else SUCCESS
+        #                 checks.append((res, msg, etext))
+        #     if sector == 'private' and oid == '1.3.76.16.4.3.1':
+        #         _qualifiers = p.policy_qualifiers or []
+        #         msg = f'policy {oid} must have '
+        #         for q in _qualifiers:
+        #             if isinstance(q, x509.extensions.UserNotice):
+        #                 exp_etext = 'cert_SP_Priv'
+        #                 etext = q.explicit_text
+
+        #                 msg += f'UserNotice.ExplicitText={exp_etext}'  # noqa
+
+        #                 res = FAILURE if etext != exp_etext else SUCCESS
+        #                 checks.append((res, msg, etext))
+
+        #         if not _qualifiers:
+        #             checks.append(
+        #                 (
+        #                     FAILURE,
+        #                     f'policy {oid} must have a valid policy',
+        #                     ""
+        #                 )
+        #             )
 
     except x509.ExtensionNotFound as e:
         msg = f'{ext_name} must be present'

spid_compliant_certificates/validator/checks/subject_dn.py

@@ -46,7 +46,7 @@
 NOT_ALLOWED_ATTRS = [
     OID_INITIALS,
     OID_NAME,
-    x509.OID_EMAIL_ADDRESS,
+#    x509.OID_EMAIL_ADDRESS,  # è ammesso(deve solo essere impersonale)
     x509.OID_GIVEN_NAME,
     x509.OID_PSEUDONYM,
     x509.OID_SURNAME,
@@ -59,7 +59,7 @@ def subject_dn(subj: x509.Name, sector: str) -> List[Tuple[bool, str, Any]]:
 
     # check if not allowed attrs are present
     for attr in NOT_ALLOWED_ATTRS:
-        msg = f'SubjectDN must not contain name attribute [{attr._name}, {attr.dotted_string}]'  # noqa
+        msg = f'SubjectDN must not contain {attr._name}  attribute [{attr.dotted_string}]'  # noqa
         val = attr not in subj_attrs
         res = SUCCESS if val else FAILURE
         checks.append((res, msg, val))