diff --git a/pkilint/etsi/__init__.py b/pkilint/etsi/__init__.py index 5fb67f0..06a0d04 100644 --- a/pkilint/etsi/__init__.py +++ b/pkilint/etsi/__init__.py @@ -364,11 +364,18 @@ def create_validators( ) ) elif certificate_type in etsi_constants.NATURAL_PERSON_CERTIFICATE_TYPES: - extension_validators.append( - en_319_412_2.NaturalPersonKeyUsageValidator( - is_content_commitment_type=None + if certificate_type in etsi_constants.QCP_N_CERTIFICATE_TYPES: + extension_validators.append( + en_319_412_2.NaturalPersonKeyUsageValidator( + is_content_commitment_type=True + ) + ) + else: + extension_validators.append( + en_319_412_2.NaturalPersonKeyUsageValidator( + is_content_commitment_type=None + ) ) - ) if certificate_type in etsi_constants.QEVCP_W_PSD2_EIDAS_CERTIFICATE_TYPES: qc_statement_validators.append(ts_119_495.PresenceofQCEUPDSStatementValidator()) diff --git a/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/invalid_keyusage.crttest b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/invalid_keyusage.crttest new file mode 100644 index 0000000..5e34e59 --- /dev/null +++ b/tests/integration_certificate/etsi/qcp_n_qscd_final_certificate/invalid_keyusage.crttest @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIEqzCCA5OgAwIBAgINAOLwigtcLS7v6mSEHDANBgkqhkiG9w0BAQsFADB2MTEw +LwYDVQQDDChDbGV2ZXJiYXNlIElEIFBLSW92ZXJoZWlkIEJ1cmdlciBDQSAtIEc0 +MRswGQYDVQQKDBJDbGV2ZXJiYXNlIElEIEIuVi4xCzAJBgNVBAYTAk5MMRcwFQYD +VQRhDA5OVFJOTC02NzQxOTkyNTAeFw0yNDExMDExNTIyNDNaFw0yODAxMzAxNTIy +NDNaMGMxJDAiBgNVBAMMG1dpbGxla2UgTGlzZWxvdHRlIERlIEJydWlqbjELMAkG +A1UEBhMCTkwxEjAQBgNVBAQMCURlIEJydWlqbjEaMBgGA1UEKgwRV2lsbGVrZSBM +aXNlbG90dGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvlajTVGIE +IDZIl5zdZ88l0kNjvMsobfXWrKpw8fuoSRBn4OftLvF/j2iVbUpaG13xzkfxXLsA +L9pEol94LsrcGJtNwSHV5E2fF0raxagm06WjiM5SVBrY2JIGFsYVg1BPC7ORJqSh +1amFAUb6RZ/PTUNBvbAApSUQZup5g5kWop1HwBJl4hSlYfwxn9js82ym8fT4hrCI +YgZGuWHDVjqo6nl1VuGob0Spavl9OLsNrqLoSiIH3B9TzZG303BfASLhYcdAjdTb +SUdGCtaAvBlsOhO5VB1KiUZ5sl7xUrps8+t19ZEnmO2BEqnd6B8xL5P9MyC6Oi1b +D/3taTBtuv4vAgMBAAGjggFJMIIBRTBeBggrBgEFBQcBAwRSMFAwCAYGBACORgEE +MAgGBgQAjkYBATATBgYEAI5GAQYwCQYHBACORgEGATAlBgYEAI5GAQUwGzAZFhNo +dHRwczovL3Bkc0xvY2F0aW9uEwJlbjAUBgNVHSAEDTALMAkGBwQAi+xAAQIwHQYD +VR0OBBYEFP1E/i6iGt2+38jm/8IfLt2MKwWPMB8GA1UdIwQYMBaAFOsBmoWJ2k6q +FmCuI6L29qY6KGI4MA4GA1UdDwEB/wQEAwIHgDBFBggrBgEFBQcBAQQ5MDcwNQYI +KwYBBQUHMAKGKWh0dHBzOi8vY2xldmVyYmFzZS5jb20vbG9jYXRpb24ub2YuY2Eu +Y2VyMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jbGV2ZXJiYXNlLmNvbS9sb2Nh +dGlvbi5vZi5jcmwwDQYJKoZIhvcNAQELBQADggEBALV4uuIEMD/tRZVWSQFuiH11 +JFLfgpbjpzLyhsm4+RoOB/EnAdNwSbgIz3s/mthO58QwkVB073GihM2R67EOMB9g +xIz5TdSWKrDb/bD+YA3RpZCy/HgQ9qKN1fRyPTMYNw7mSYfvsyOz70AGVCOzHgqt +OoBI7oExBRyMAsfXbKhZmZPu4mhhhIND9Lqke58jECN56cZHpaPR+JdvjN+CC9C2 +G6YzYQfr44HARAg3wI0nNfuGeTfLhek2Pg2fl3nHUyeAEPCDl1DJftGvwUxH4JNy +FJENtzfO8TjYbj5jAl2HdsFMsaR5/24k97RwbUi7r6cx2Gs24nXB30qszuV5JCU= +-----END CERTIFICATE----- + +node_path,validator,severity,code,message +certificate.tbsCertificate.extensions.2.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified, +certificate.tbsCertificate.extensions.4.extnValue.keyUsage,NaturalPersonKeyUsageValidator,ERROR,etsi.en_319_412_2.nat-4.3.2-1.invalid_content_commitment_setting,