fix: default pattern if missing/invalid sector identifier

italia · May 31, 2022 · 1e436bd · 1e436bd
1 parent 1a634d7
commit 1e436bd
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/spid_compliant_certificates/__init__.py b/spid_compliant_certificates/__init__.py
@@ -28,7 +28,7 @@
 _min = 5
 
 # micro version
-_mic = 2
+_mic = 3
 
 # release level (alpha, beta, rc, final)
 _rel = 'final'

diff --git a/spid_compliant_certificates/validator/checks/subject_dn.py b/spid_compliant_certificates/validator/checks/subject_dn.py
@@ -52,6 +52,9 @@
     x509.OID_SURNAME,
 ]
 
+PUB_SECTOR_PATTERN = r'^PA:IT-\S{1,11}$'
+PRI_SECTOR_PATTERN = r'^(CF:IT-[a-zA-Z0-9]{16}|VATIT-\d{11})$'
+
 
 def subject_dn(subj: x509.Name, sector: str) -> List[Tuple[bool, str, Any]]:
     checks = []
@@ -78,11 +81,12 @@ def subject_dn(subj: x509.Name, sector: str) -> List[Tuple[bool, str, Any]]:
         res = SUCCESS if value else FAILURE
         checks.append((res, msg, value))
 
+        pattern = f"a valid pattern, {PUB_SECTOR_PATTERN} or {PRI_SECTOR_PATTERN}"
         if attr.oid == OID_ORGANIZATION_IDENTIFIER:
             if sector.lower() == 'public':
-                pattern = r'^PA:IT-\S{1,11}$'
+                pattern = PUB_SECTOR_PATTERN
             elif sector.lower() == 'private':
-                pattern = r'^(CF:IT-[a-zA-Z0-9]{16}|VATIT-\d{11})$'
+                pattern = PRI_SECTOR_PATTERN
             else:
                 msg = f'Invalid sector ({sector})'
                 res = FAILURE