Skip to content

Commit e7e3316

Browse files
authored
dac revocation: Fallback method to parse VID/PID from crl signer (#33605)
* dac revocation: Fallback method to parse VID/PID from crl signer * extract the redundant code into method * address review comments * fix the usage of common name oid * fix the lint error
1 parent d071ad0 commit e7e3316

File tree

1 file changed

+28
-4
lines changed

1 file changed

+28
-4
lines changed

credentials/generate-revocation-set.py

+28-4
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
from click_option_group import RequiredMutuallyExclusiveOptionGroup, optgroup
3333
from cryptography import x509
3434
from cryptography.hazmat.primitives.asymmetric import ec
35+
from cryptography.x509.oid import NameOID
3536

3637
# Supported log levels, mapping string values required for argument
3738
# parsing into logging constants
@@ -64,6 +65,32 @@ def extract_single_integer_attribute(subject, oid):
6465
return None
6566

6667

68+
def extract_fallback_tag_from_common_name(cn, marker):
69+
val_len = 4
70+
start_idx = cn.find(marker)
71+
72+
if start_idx != -1:
73+
val_start_idx = start_idx + len(marker)
74+
val = cn[val_start_idx:val_start_idx + val_len]
75+
return int(val, 16) if len(val) == 4 else None
76+
77+
return None
78+
79+
80+
def parse_vid_pid_from_distinguished_name(distinguished_name):
81+
# VID/PID encoded using Matter specific RDNs
82+
vid = extract_single_integer_attribute(distinguished_name, OID_VENDOR_ID)
83+
pid = extract_single_integer_attribute(distinguished_name, OID_PRODUCT_ID)
84+
85+
# Fallback method to get the VID/PID, encoded in CN as "Mvid:FFFF Mpid:1234"
86+
if vid is None and pid is None:
87+
cn = distinguished_name.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
88+
vid = extract_fallback_tag_from_common_name(cn, 'Mvid:')
89+
pid = extract_fallback_tag_from_common_name(cn, 'Mpid:')
90+
91+
return vid, pid
92+
93+
6794
class DCLDClient:
6895
'''
6996
A client for interacting with DCLD using either the REST API or command line interface (CLI).
@@ -248,14 +275,11 @@ def main(use_main_net_dcld: str, use_test_net_dcld: str, use_main_net_http: bool
248275
is_paa = revocation_point["isPAA"]
249276

250277
# 3. && 4. Validate VID/PID
251-
# TODO: Need to support alternate representation of VID/PID (see spec "6.2.2.2. Encoding of Vendor ID and Product ID in subject and issuer fields")
252-
crl_vid = extract_single_integer_attribute(crl_signer_certificate.subject, OID_VENDOR_ID)
253-
crl_pid = extract_single_integer_attribute(crl_signer_certificate.subject, OID_PRODUCT_ID)
278+
crl_vid, crl_pid = parse_vid_pid_from_distinguished_name(crl_signer_certificate.subject)
254279

255280
if is_paa:
256281
if crl_vid is not None:
257282
if vid != crl_vid:
258-
# TODO: Need to log all situations where a continue is called
259283
logging.warning("VID is not CRL VID, continue...")
260284
continue
261285
else:

0 commit comments

Comments
 (0)