|
32 | 32 | from click_option_group import RequiredMutuallyExclusiveOptionGroup, optgroup
|
33 | 33 | from cryptography import x509
|
34 | 34 | from cryptography.hazmat.primitives.asymmetric import ec
|
| 35 | +from cryptography.x509.oid import NameOID |
35 | 36 |
|
36 | 37 | # Supported log levels, mapping string values required for argument
|
37 | 38 | # parsing into logging constants
|
@@ -64,6 +65,32 @@ def extract_single_integer_attribute(subject, oid):
|
64 | 65 | return None
|
65 | 66 |
|
66 | 67 |
|
| 68 | +def extract_fallback_tag_from_common_name(cn, marker): |
| 69 | + val_len = 4 |
| 70 | + start_idx = cn.find(marker) |
| 71 | + |
| 72 | + if start_idx != -1: |
| 73 | + val_start_idx = start_idx + len(marker) |
| 74 | + val = cn[val_start_idx:val_start_idx + val_len] |
| 75 | + return int(val, 16) if len(val) == 4 else None |
| 76 | + |
| 77 | + return None |
| 78 | + |
| 79 | + |
| 80 | +def parse_vid_pid_from_distinguished_name(distinguished_name): |
| 81 | + # VID/PID encoded using Matter specific RDNs |
| 82 | + vid = extract_single_integer_attribute(distinguished_name, OID_VENDOR_ID) |
| 83 | + pid = extract_single_integer_attribute(distinguished_name, OID_PRODUCT_ID) |
| 84 | + |
| 85 | + # Fallback method to get the VID/PID, encoded in CN as "Mvid:FFFF Mpid:1234" |
| 86 | + if vid is None and pid is None: |
| 87 | + cn = distinguished_name.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value |
| 88 | + vid = extract_fallback_tag_from_common_name(cn, 'Mvid:') |
| 89 | + pid = extract_fallback_tag_from_common_name(cn, 'Mpid:') |
| 90 | + |
| 91 | + return vid, pid |
| 92 | + |
| 93 | + |
67 | 94 | class DCLDClient:
|
68 | 95 | '''
|
69 | 96 | A client for interacting with DCLD using either the REST API or command line interface (CLI).
|
@@ -248,14 +275,11 @@ def main(use_main_net_dcld: str, use_test_net_dcld: str, use_main_net_http: bool
|
248 | 275 | is_paa = revocation_point["isPAA"]
|
249 | 276 |
|
250 | 277 | # 3. && 4. Validate VID/PID
|
251 |
| - # TODO: Need to support alternate representation of VID/PID (see spec "6.2.2.2. Encoding of Vendor ID and Product ID in subject and issuer fields") |
252 |
| - crl_vid = extract_single_integer_attribute(crl_signer_certificate.subject, OID_VENDOR_ID) |
253 |
| - crl_pid = extract_single_integer_attribute(crl_signer_certificate.subject, OID_PRODUCT_ID) |
| 278 | + crl_vid, crl_pid = parse_vid_pid_from_distinguished_name(crl_signer_certificate.subject) |
254 | 279 |
|
255 | 280 | if is_paa:
|
256 | 281 | if crl_vid is not None:
|
257 | 282 | if vid != crl_vid:
|
258 |
| - # TODO: Need to log all situations where a continue is called |
259 | 283 | logging.warning("VID is not CRL VID, continue...")
|
260 | 284 | continue
|
261 | 285 | else:
|
|
0 commit comments