From e47fe011ab753d0d2f4b535fcdc274536b3fa708 Mon Sep 17 00:00:00 2001 From: Simone Bufarini Date: Wed, 12 Oct 2022 16:36:29 +0200 Subject: [PATCH] Added the sector named public-test It allows to create a self-signed certificate for "Organizzazione fittizia per il collaudo" with IPA code that does not exist in indicepa.gov.it --- bin/spid-compliant-certificates | 4 +- .../generator/generate.py | 109 ++++++++++-------- .../validator/checks/subject_dn.py | 2 + 3 files changed, 64 insertions(+), 51 deletions(-) diff --git a/bin/spid-compliant-certificates b/bin/spid-compliant-certificates index 000fe95..49b7232 100755 --- a/bin/spid-compliant-certificates +++ b/bin/spid-compliant-certificates @@ -98,7 +98,7 @@ if __name__ == '__main__': parser_g.add_argument( '--sector', action='store', - choices=['private', 'public'], + choices=['private', 'public', 'public-test'], default='public', help='select the specifications to be followed' ) @@ -196,7 +196,7 @@ if __name__ == '__main__': parser_v.add_argument( '--sector', action='store', - choices=['private', 'public'], + choices=['private', 'public', 'public-test'], default='public', help='select the specifications to be followed' ) diff --git a/spid_compliant_certificates/generator/generate.py b/spid_compliant_certificates/generator/generate.py index b8a9a8f..a11aba4 100644 --- a/spid_compliant_certificates/generator/generate.py +++ b/spid_compliant_certificates/generator/generate.py @@ -49,62 +49,63 @@ def _validate_private_arguments(cert_opts: Dict) -> None: raise ValueError(emsg) -def _validate_public_arguments(cert_opts: Dict) -> None: +def _validate_public_arguments(cert_opts: Dict, is_test=False) -> None: # validate organizationIdentifier pattern = r'^PA:IT-\S{1,11}$' org_id = cert_opts['org_id'] if not re.match(pattern, org_id): emsg = (f'Invalid value for organization identifier ({org_id})') raise ValueError(emsg) - - # check if the ipa code is valid - ipa_code = org_id[6:] - - search_api = 'https://indicepa.gov.it/PortaleServices/api/ente/ricerca' - query = json.dumps({ - 'area': None, - 'codEnte': ipa_code, - 'codiceCategoria': None, - 'codiceFiscaleRicerca': None, - 'denominazione': None, - 'idTipoServizioDigitale': None, - 'lingueMinoritarie': None, - 'paginazione': { - 'campoOrdinamento': 'idEnte', - 'numTotalePagine': None, - 'numeroRigheTotali': None, - 'paginaCorrente': None, - 'paginaRichiesta': 1, - 'righePerPagina': None, - 'tipoOrdinamento': 'asc', + + if not is_test: + # check if the ipa code is valid + ipa_code = org_id[6:] + + search_api = 'https://indicepa.gov.it/PortaleServices/api/ente/ricerca' + query = json.dumps({ + 'area': None, + 'codEnte': ipa_code, + 'codiceCategoria': None, + 'codiceFiscaleRicerca': None, + 'denominazione': None, + 'idTipoServizioDigitale': None, + 'lingueMinoritarie': None, + 'paginazione': { + 'campoOrdinamento': 'idEnte', + 'numTotalePagine': None, + 'numeroRigheTotali': None, + 'paginaCorrente': None, + 'paginaRichiesta': 1, + 'righePerPagina': None, + 'tipoOrdinamento': 'asc', + } + }, separators=(',', ':')) + headers = { + 'content-type': 'application/json', } - }, separators=(',', ':')) - headers = { - 'content-type': 'application/json', - } - - r = requests.post(search_api, headers=headers, data=query) - res = json.loads(r.text) - - if not res['risposta']['listaResponse']: - emsg = [ - f'The IPA code ({ipa_code}) refers to something that does not exist.', # noqa - 'Check it by yourself at https://indicepa.gov.it/ipa-portale/consultazione/indirizzo-sede/ricerca-ente' # noqa - ] - raise ValueError(' '.join(emsg)) - - ipa_code_is_valid = False - for e in res['risposta']['listaResponse']: - if e['codEnte'] == ipa_code: - ipa_code_is_valid = True - break - - if not ipa_code_is_valid: - emsg = [ - f'The IPA code ({ipa_code}) refers to something that does not exist.', # noqa - 'Check it by yourself at https://indicepa.gov.it/ipa-portale/consultazione/indirizzo-sede/ricerca-ente' # noqa - ] - raise ValueError(' '.join(emsg)) + + r = requests.post(search_api, headers=headers, data=query) + res = json.loads(r.text) + + if not res['risposta']['listaResponse']: + emsg = [ + f'The IPA code ({ipa_code}) refers to something that does not exist.', # noqa + 'Check it by yourself at https://indicepa.gov.it/ipa-portale/consultazione/indirizzo-sede/ricerca-ente' # noqa + ] + raise ValueError(' '.join(emsg)) + + ipa_code_is_valid = False + for e in res['risposta']['listaResponse']: + if e['codEnte'] == ipa_code: + ipa_code_is_valid = True + break + + if not ipa_code_is_valid: + emsg = [ + f'The IPA code ({ipa_code}) refers to something that does not exist.', # noqa + 'Check it by yourself at https://indicepa.gov.it/ipa-portale/consultazione/indirizzo-sede/ricerca-ente' # noqa + ] + raise ValueError(' '.join(emsg)) def validate_arguments(cert_opts: Dict) -> None: @@ -113,6 +114,8 @@ def validate_arguments(cert_opts: Dict) -> None: _validate_private_arguments(cert_opts) elif sector == 'public': _validate_public_arguments(cert_opts) + elif sector == 'public-test': + _validate_public_arguments(cert_opts, True) else: emsg = f'Invalid value for sector ({sector})' raise Exception(emsg) @@ -192,6 +195,14 @@ def _extensions(key: rsa.RSAPrivateKey, cert_opts: Dict) -> List[Tuple[bool, x50 ] ) ) + elif sector == 'public-test': + policies.append( + x509.PolicyInformation( + x509.ObjectIdentifier('1.3.76.16.4.2.1'), [ + x509.UserNotice(None, 'cert_SP_Pub') + ] + ) + ) else: emsg = f'Invalid value for sector ({sector})' raise Exception(emsg) diff --git a/spid_compliant_certificates/validator/checks/subject_dn.py b/spid_compliant_certificates/validator/checks/subject_dn.py index d8ac9e5..cc2fe0b 100644 --- a/spid_compliant_certificates/validator/checks/subject_dn.py +++ b/spid_compliant_certificates/validator/checks/subject_dn.py @@ -87,6 +87,8 @@ def subject_dn(subj: x509.Name, sector: str) -> List[Tuple[bool, str, Any]]: pattern = PUB_SECTOR_PATTERN elif sector.lower() == 'private': pattern = PRI_SECTOR_PATTERN + elif sector.lower() == 'public-test': + pattern = PUB_SECTOR_PATTERN else: msg = f'Invalid sector ({sector})' res = FAILURE