Skip to content

Commit

Permalink
fix: Critical error on missing/invalid extensions
Browse files Browse the repository at this point in the history
  • Loading branch information
@peppelinux
peppelinux committed Nov 12, 2021
1 parent 239f726 commit 27a7c2d
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 16 deletions.
2 changes: 1 addition & 1 deletion spid_compliant_certificates/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
_maj = 0

# minor version
_min = 2
_min = 3

# micro version
_mic = 0
Expand Down
4 changes: 3 additions & 1 deletion spid_compliant_certificates/validator/checks/basic_constraints.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@

def basic_constraints(extensions: x509.Extensions) -> List[Tuple[bool, str, Any]]: # noqa
checks = []

# basicConstraints: CA:FALSE
ext_cls = x509.BasicConstraints
ext_name = ext_cls.oid._name
Expand All @@ -46,5 +45,8 @@ def basic_constraints(extensions: x509.Extensions) -> List[Tuple[bool, str, Any]
except x509.ExtensionNotFound:
msg = f'{ext_name} must be present'
checks.append((FAILURE, msg, None))
except ValueError:
msg = f'{ext_name} must be present'
checks.append((FAILURE, msg, None))

return checks
35 changes: 21 additions & 14 deletions spid_compliant_certificates/validator/validate.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,21 +64,28 @@ def validate(crt_file: str, sector: str) -> Report:
))

# check basicConstraints
rep.add_test(_do_check(
checks.basic_constraints(crt.extensions),
'Checking basicConstraints x509 extension'
))
_ext_msg = 'Checking basicConstraints x509 extension'
try:
rep.add_test(_do_check(
checks.basic_constraints(crt.extensions),
_ext_msg
))

# check keyUsage
rep.add_test(_do_check(
checks.key_usage(crt.extensions),
'Checking keyUsage x509 extension'
))
# check keyUsage
rep.add_test(_do_check(
checks.key_usage(crt.extensions),
'Checking keyUsage x509 extension'
))

# check certificatePolicies
rep.add_test(_do_check(
checks.certificate_policies(crt.extensions, sector),
'Checking certificatePolicies x509 extension'
))
# check certificatePolicies
rep.add_test(_do_check(
checks.certificate_policies(crt.extensions, sector),
'Checking certificatePolicies x509 extension'
))

except ValueError as e:
test = Test(f"Critical Error on parsing extensions: {e}")
test.add_check(Check(f"{_ext_msg} critical error", 'failure', False))
rep.add_test(test)

return rep

0 comments on commit 27a7c2d

Please sign in to comment.