italia · SeemoneB · Oct 12, 2022
diff --git a/bin/spid-compliant-certificates b/bin/spid-compliant-certificates
@@ -98,7 +98,7 @@ if __name__ == '__main__':
     parser_g.add_argument(
         '--sector',
         action='store',
-        choices=['private', 'public'],
+        choices=['private', 'public', 'public-test'],
         default='public',
         help='select the specifications to be followed'
     )
@@ -196,7 +196,7 @@ if __name__ == '__main__':
     parser_v.add_argument(
         '--sector',
         action='store',
-        choices=['private', 'public'],
+        choices=['private', 'public', 'public-test'],
         default='public',
         help='select the specifications to be followed'
     )

diff --git a/spid_compliant_certificates/generator/generate.py b/spid_compliant_certificates/generator/generate.py
@@ -49,62 +49,63 @@ def _validate_private_arguments(cert_opts: Dict) -> None:
         raise ValueError(emsg)
 
 
-def _validate_public_arguments(cert_opts: Dict) -> None:
+def _validate_public_arguments(cert_opts: Dict, is_test=False) -> None:
     # validate organizationIdentifier
     pattern = r'^PA:IT-\S{1,11}$'
     org_id = cert_opts['org_id']
     if not re.match(pattern, org_id):
         emsg = (f'Invalid value for organization identifier ({org_id})')
         raise ValueError(emsg)
-
-    # check if the ipa code is valid
-    ipa_code = org_id[6:]
-
-    search_api = 'https://indicepa.gov.it/PortaleServices/api/ente/ricerca'
-    query = json.dumps({
-        'area': None,
-        'codEnte': ipa_code,
-        'codiceCategoria': None,
-        'codiceFiscaleRicerca': None,
-        'denominazione': None,
-        'idTipoServizioDigitale': None,
-        'lingueMinoritarie': None,
-        'paginazione': {
-            'campoOrdinamento': 'idEnte',
-            'numTotalePagine': None,
-            'numeroRigheTotali': None,
-            'paginaCorrente': None,
-            'paginaRichiesta': 1,
-            'righePerPagina': None,
-            'tipoOrdinamento': 'asc',
+
+    if not is_test:
+        # check if the ipa code is valid
+        ipa_code = org_id[6:]
+
+        search_api = 'https://indicepa.gov.it/PortaleServices/api/ente/ricerca'
+        query = json.dumps({
+            'area': None,
+            'codEnte': ipa_code,
+            'codiceCategoria': None,
+            'codiceFiscaleRicerca': None,
+            'denominazione': None,
+            'idTipoServizioDigitale': None,
+            'lingueMinoritarie': None,
+            'paginazione': {
+                'campoOrdinamento': 'idEnte',
+                'numTotalePagine': None,
+                'numeroRigheTotali': None,
+                'paginaCorrente': None,
+                'paginaRichiesta': 1,
+                'righePerPagina': None,
+                'tipoOrdinamento': 'asc',
+            }
+        }, separators=(',', ':'))
+        headers = {
+            'content-type': 'application/json',
         }
-    }, separators=(',', ':'))
-    headers = {
-        'content-type': 'application/json',
-    }
-
-    r = requests.post(search_api, headers=headers, data=query)
-    res = json.loads(r.text)
-
-    if not res['risposta']['listaResponse']:
-        emsg = [
-            f'The IPA code ({ipa_code}) refers to something that does not exist.',  # noqa
-            'Check it by yourself at https://indicepa.gov.it/ipa-portale/consultazione/indirizzo-sede/ricerca-ente'  # noqa
-        ]
-        raise ValueError(' '.join(emsg))
-
-    ipa_code_is_valid = False
-    for e in res['risposta']['listaResponse']:
-        if e['codEnte'] == ipa_code:
-            ipa_code_is_valid = True
-            break
-
-    if not ipa_code_is_valid:
-        emsg = [
-            f'The IPA code ({ipa_code}) refers to something that does not exist.',  # noqa
-            'Check it by yourself at https://indicepa.gov.it/ipa-portale/consultazione/indirizzo-sede/ricerca-ente'  # noqa
-        ]
-        raise ValueError(' '.join(emsg))
+
+        r = requests.post(search_api, headers=headers, data=query)
+        res = json.loads(r.text)
+
+        if not res['risposta']['listaResponse']:
+            emsg = [
+                f'The IPA code ({ipa_code}) refers to something that does not exist.',  # noqa
+                'Check it by yourself at https://indicepa.gov.it/ipa-portale/consultazione/indirizzo-sede/ricerca-ente'  # noqa
+            ]
+            raise ValueError(' '.join(emsg))
+
+        ipa_code_is_valid = False
+        for e in res['risposta']['listaResponse']:
+            if e['codEnte'] == ipa_code:
+                ipa_code_is_valid = True
+                break
+
+        if not ipa_code_is_valid:
+            emsg = [
+                f'The IPA code ({ipa_code}) refers to something that does not exist.',  # noqa
+                'Check it by yourself at https://indicepa.gov.it/ipa-portale/consultazione/indirizzo-sede/ricerca-ente'  # noqa
+            ]
+            raise ValueError(' '.join(emsg))
 
 
 def validate_arguments(cert_opts: Dict) -> None:
@@ -113,6 +114,8 @@ def validate_arguments(cert_opts: Dict) -> None:
         _validate_private_arguments(cert_opts)
     elif sector == 'public':
         _validate_public_arguments(cert_opts)
+    elif sector == 'public-test':
+        _validate_public_arguments(cert_opts, True)
     else:
         emsg = f'Invalid value for sector ({sector})'
         raise Exception(emsg)
@@ -192,6 +195,14 @@ def _extensions(key: rsa.RSAPrivateKey, cert_opts: Dict) -> List[Tuple[bool, x50
                 ]
             )
         )
+    elif sector == 'public-test':
+        policies.append(
+            x509.PolicyInformation(
+                x509.ObjectIdentifier('1.3.76.16.4.2.1'), [
+                    x509.UserNotice(None, 'cert_SP_Pub')
+                ]
+            )
+        )
     else:
         emsg = f'Invalid value for sector ({sector})'
         raise Exception(emsg)

diff --git a/spid_compliant_certificates/validator/checks/subject_dn.py b/spid_compliant_certificates/validator/checks/subject_dn.py
@@ -87,6 +87,8 @@ def subject_dn(subj: x509.Name, sector: str) -> List[Tuple[bool, str, Any]]:
                 pattern = PUB_SECTOR_PATTERN
             elif sector.lower() == 'private':
                 pattern = PRI_SECTOR_PATTERN
+            elif sector.lower() == 'public-test':
+                pattern = PUB_SECTOR_PATTERN
             else:
                 msg = f'Invalid sector ({sector})'
                 res = FAILURE