@@ -64,6 +64,26 @@ def extract_single_integer_attribute(subject, oid):
6464 return None
6565
6666
67+ def parse_vid_pid_from_distinguished_name (distinguished_name ):
68+ # VID/PID encoded using Matter specific RDNs
69+ vid = extract_single_integer_attribute (distinguished_name , OID_VENDOR_ID )
70+ pid = extract_single_integer_attribute (distinguished_name , OID_PRODUCT_ID )
71+
72+ # Fallback method to get the VID/PID, encoded in CN as "Mvid:FFFF Mpid:1234"
73+ if vid is None and pid is None :
74+ cn = distinguished_name .get_attributes_for_oid (x509 .ObjectIdentifier ("2.5.4.3" ))[0 ].value
75+
76+ vid_start = cn .find ('Mvid:' )
77+ if vid_start != - 1 :
78+ vid = int (cn [vid_start + 5 :vid_start + 9 ], 16 )
79+
80+ pid_start = cn .find ('Mpid:' )
81+ if pid_start != - 1 :
82+ pid = int (cn [pid_start + 5 :pid_start + 9 ], 16 )
83+
84+ return vid , pid
85+
86+
6787class DCLDClient :
6888 '''
6989 A client for interacting with DCLD using either the REST API or command line interface (CLI).
@@ -248,14 +268,11 @@ def main(use_main_net_dcld: str, use_test_net_dcld: str, use_main_net_http: bool
248268 is_paa = revocation_point ["isPAA" ]
249269
250270 # 3. && 4. Validate VID/PID
251- # TODO: Need to support alternate representation of VID/PID (see spec "6.2.2.2. Encoding of Vendor ID and Product ID in subject and issuer fields")
252- crl_vid = extract_single_integer_attribute (crl_signer_certificate .subject , OID_VENDOR_ID )
253- crl_pid = extract_single_integer_attribute (crl_signer_certificate .subject , OID_PRODUCT_ID )
271+ crl_vid , crl_pid = parse_vid_pid_from_distinguished_name (crl_signer_certificate .subject )
254272
255273 if is_paa :
256274 if crl_vid is not None :
257275 if vid != crl_vid :
258- # TODO: Need to log all situations where a continue is called
259276 logging .warning ("VID is not CRL VID, continue..." )
260277 continue
261278 else :
0 commit comments