From 9ea66d6cc169a19763d5706e636814730463e4df Mon Sep 17 00:00:00 2001
From: nunzionapoli <napoli430@gmail>
Date: Tue, 31 May 2022 12:08:40 +0200
Subject: [PATCH 1/2] Rimosso check sui valori delle Certificate policy

---
 .../validator/checks/certificate_policies.py  | 94 +++++++++----------
 1 file changed, 47 insertions(+), 47 deletions(-)

diff --git a/spid_compliant_certificates/validator/checks/certificate_policies.py b/spid_compliant_certificates/validator/checks/certificate_policies.py
index ed8f371..a2d7dec 100644
--- a/spid_compliant_certificates/validator/checks/certificate_policies.py
+++ b/spid_compliant_certificates/validator/checks/certificate_policies.py
@@ -62,53 +62,53 @@ def certificate_policies(extensions: x509.Extensions, sector: str) -> List[Tuple
             res = SUCCESS if is_present else FAILURE
             checks.append((res, msg, is_present))
 
-        # check the content of the policies
-        for p in policies:
-            oid = p.policy_identifier.dotted_string
-            if oid == '1.3.76.16.6':
-                for q in p.policy_qualifiers:
-                    if isinstance(q, x509.extensions.UserNotice):
-                        exp_etext = 'agIDcert'
-                        etext = q.explicit_text
-
-                        msg = f'policy {oid} must have '
-                        msg += f'UserNotice.ExplicitText={exp_etext}'  # noqa
-
-                        res = FAILURE if etext != exp_etext else SUCCESS
-                        checks.append((res, msg, etext))
-
-            if sector == 'public' and oid == '1.3.76.16.4.2.1':
-                for q in p.policy_qualifiers:
-                    if isinstance(q, x509.extensions.UserNotice):
-                        exp_etext = 'cert_SP_Pub'
-                        etext = q.explicit_text
-
-                        msg = f'policy {oid} must have '
-                        msg += f'UserNotice.ExplicitText={exp_etext}'  # noqa
-
-                        res = FAILURE if etext != exp_etext else SUCCESS
-                        checks.append((res, msg, etext))
-            if sector == 'private' and oid == '1.3.76.16.4.3.1':
-                _qualifiers = p.policy_qualifiers or []
-                msg = f'policy {oid} must have '
-                for q in _qualifiers:
-                    if isinstance(q, x509.extensions.UserNotice):
-                        exp_etext = 'cert_SP_Priv'
-                        etext = q.explicit_text
-
-                        msg += f'UserNotice.ExplicitText={exp_etext}'  # noqa
-
-                        res = FAILURE if etext != exp_etext else SUCCESS
-                        checks.append((res, msg, etext))
-
-                if not _qualifiers:
-                    checks.append(
-                        (
-                            FAILURE,
-                            f'policy {oid} must have a valid policy',
-                            ""
-                        )
-                    )
+        # # check the content of the policies
+        # for p in policies:
+        #     oid = p.policy_identifier.dotted_string
+        #     if oid == '1.3.76.16.6':
+        #         for q in p.policy_qualifiers:
+        #             if isinstance(q, x509.extensions.UserNotice):
+        #                 exp_etext = 'agIDcert'
+        #                 etext = q.explicit_text
+
+        #                 msg = f'policy {oid} must have '
+        #                 msg += f'UserNotice.ExplicitText={exp_etext}'  # noqa
+
+        #                 res = FAILURE if etext != exp_etext else SUCCESS
+        #                 checks.append((res, msg, etext))
+
+        #     if sector == 'public' and oid == '1.3.76.16.4.2.1':
+        #         for q in p.policy_qualifiers:
+        #             if isinstance(q, x509.extensions.UserNotice):
+        #                 exp_etext = 'cert_SP_Pub'
+        #                 etext = q.explicit_text
+
+        #                 msg = f'policy {oid} must have '
+        #                 msg += f'UserNotice.ExplicitText={exp_etext}'  # noqa
+
+        #                 res = FAILURE if etext != exp_etext else SUCCESS
+        #                 checks.append((res, msg, etext))
+        #     if sector == 'private' and oid == '1.3.76.16.4.3.1':
+        #         _qualifiers = p.policy_qualifiers or []
+        #         msg = f'policy {oid} must have '
+        #         for q in _qualifiers:
+        #             if isinstance(q, x509.extensions.UserNotice):
+        #                 exp_etext = 'cert_SP_Priv'
+        #                 etext = q.explicit_text
+
+        #                 msg += f'UserNotice.ExplicitText={exp_etext}'  # noqa
+
+        #                 res = FAILURE if etext != exp_etext else SUCCESS
+        #                 checks.append((res, msg, etext))
+
+        #         if not _qualifiers:
+        #             checks.append(
+        #                 (
+        #                     FAILURE,
+        #                     f'policy {oid} must have a valid policy',
+        #                     ""
+        #                 )
+        #             )
 
     except x509.ExtensionNotFound as e:
         msg = f'{ext_name} must be present'

From 816f0f726c1f2f021d98fee063227fddfb797e7f Mon Sep 17 00:00:00 2001
From: nunzionapoli <napoli430@gmail>
Date: Tue, 31 May 2022 12:13:48 +0200
Subject: [PATCH 2/2] =?UTF-8?q?Rimosso=20check=20not=20allowed=20=20per=20?=
 =?UTF-8?q?email=5Faddress=20,=20migliorata=20leggibilit=C3=A0=20output=20?=
 =?UTF-8?q?in=20caso=20di=20errore=20del=20check?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 spid_compliant_certificates/__init__.py                    | 2 +-
 spid_compliant_certificates/validator/checks/subject_dn.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/spid_compliant_certificates/__init__.py b/spid_compliant_certificates/__init__.py
index 8fd744a..2c5aec5 100644
--- a/spid_compliant_certificates/__init__.py
+++ b/spid_compliant_certificates/__init__.py
@@ -28,7 +28,7 @@
 _min = 5
 
 # micro version
-_mic = 1
+_mic = 2
 
 # release level (alpha, beta, rc, final)
 _rel = 'final'
diff --git a/spid_compliant_certificates/validator/checks/subject_dn.py b/spid_compliant_certificates/validator/checks/subject_dn.py
index b1f4c58..c570261 100644
--- a/spid_compliant_certificates/validator/checks/subject_dn.py
+++ b/spid_compliant_certificates/validator/checks/subject_dn.py
@@ -46,7 +46,7 @@
 NOT_ALLOWED_ATTRS = [
     OID_INITIALS,
     OID_NAME,
-    x509.OID_EMAIL_ADDRESS,
+#    x509.OID_EMAIL_ADDRESS,  # è ammesso(deve solo essere impersonale)
     x509.OID_GIVEN_NAME,
     x509.OID_PSEUDONYM,
     x509.OID_SURNAME,
@@ -59,7 +59,7 @@ def subject_dn(subj: x509.Name, sector: str) -> List[Tuple[bool, str, Any]]:
 
     # check if not allowed attrs are present
     for attr in NOT_ALLOWED_ATTRS:
-        msg = f'SubjectDN must not contain name attribute [{attr._name}, {attr.dotted_string}]'  # noqa
+        msg = f'SubjectDN must not contain {attr._name}  attribute [{attr.dotted_string}]'  # noqa
         val = attr not in subj_attrs
         res = SUCCESS if val else FAILURE
         checks.append((res, msg, val))