From 8523152e2c47c83321a145b1e777a9996bd714dd Mon Sep 17 00:00:00 2001 From: Rob Stradling Date: Fri, 24 May 2024 22:58:46 +0100 Subject: [PATCH] Fix handling of Subject:commonName not present in lint for BR 7.1.4.2.2a mailbox-validated (#845) * Fix handling of Subject:commonName not present in lint for BR 7.1.4.2.2a mailbox-validated * Add test case for no commonName attribute present --- .../lint_commonname_mailbox_validated.go | 5 +++- .../lint_commonname_mailbox_validated_test.go | 5 ++++ .../mailbox_validated_common_name_absent.pem | 30 +++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 v3/testdata/smime/mailbox_validated_common_name_absent.pem diff --git a/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go b/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go index 06df676fd..d622f7466 100644 --- a/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go +++ b/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go @@ -44,7 +44,10 @@ func (l *commonNameMailboxValidated) CheckApplies(c *x509.Certificate) bool { } func (l *commonNameMailboxValidated) Execute(c *x509.Certificate) *lint.LintResult { - commonNames := []string{c.Subject.CommonName} + var commonNames []string + if c.Subject.CommonName != "" { + commonNames = append(commonNames, c.Subject.CommonName) + } commonNames = append(commonNames, c.Subject.CommonNames...) for _, cn := range commonNames { if !util.IsMailboxAddress(cn) { diff --git a/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated_test.go b/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated_test.go index 77fa56221..727d9774b 100644 --- a/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated_test.go +++ b/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated_test.go @@ -27,6 +27,11 @@ func TestCommonNameMailboxValidated(t *testing.T) { InputFilename string ExpectedResult lint.LintStatus }{ + { + Name: "pass - no commonName attribute present", + InputFilename: "smime/mailbox_validated_common_name_absent.pem", + ExpectedResult: lint.Pass, + }, { Name: "pass - valid email in commonName", InputFilename: "smime/mailbox_validated_common_name_good_email.pem", diff --git a/v3/testdata/smime/mailbox_validated_common_name_absent.pem b/v3/testdata/smime/mailbox_validated_common_name_absent.pem new file mode 100644 index 000000000..de5970a6d --- /dev/null +++ b/v3/testdata/smime/mailbox_validated_common_name_absent.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFODCCBCCgAwIBAgIRAIe9uh1DAJY6+ckykEvuYmAwDQYJKoZIhvcNAQELBQAw +gZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO +BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE+MDwGA1UE +AxM1U2VjdGlnbyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUg +RW1haWwgQ0EwHhcNMjQwMTAyMDAwMDAwWhcNMjUxMjIyMjM1OTU5WjAuMSwwKgYJ +KoZIhvcNAQkBFh1tYXJ0aWpuLmthdGVyYmFyZ0BzZWN0aWdvLmNvbTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALQMuh2c7ECmRnd1XLJShvJEZnoR3MyI +e8RJ+Or/QfjTEAF4XYWnS+d4wO9L0Se5pCsdo/WysGjRsQGBvyaiQiSf3XLjCGyF +9R9STrSFomKSkev1fHdoOzQI0PsnjbNmyiBhJJdqFluzr2y6jQxn81WjVaGylMEn +SHF3rLtLgsOMJA2T233mkKtnlitBNA1Hf83QEdSfnilgr0z7WBp+4EiZVIJycjF8 +pNTzOSgPPSMFZe8O6HAjAwRwi4e0s/EmL9AI0fwqaKBaI0OTSt1SyforbZHvMwPZ +I041fF3qa6htrLSjzMitoyaV2A6xXV2dFhGz+2I0bAWCPX2tEv17UUsCAwEAAaOC +AeYwggHiMB8GA1UdIwQYMBaAFAnA8vwL2pTbX/4r36iZQs/J4K0AMB0GA1UdDgQW +BBR9V1qzZfoGq21Yj/3IPgibG+PQozAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/ +BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwUAYDVR0gBEkwRzA6 +BgwrBgEEAbIxAQIBCgEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9zZWN0aWdvLmNv +bS9TTUlNRUNQUzAJBgdngQwBBQECMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9j +cmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5k +U2VjdXJlRW1haWxDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJ +aHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBQ2xpZW50QXV0aGVudGlj +YXRpb25hbmRTZWN1cmVFbWFpbENBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29j +c3Auc2VjdGlnby5jb20wKAYDVR0RBCEwH4EdbWFydGlqbi5rYXRlcmJhcmdAc2Vj +dGlnby5jb20wDQYJKoZIhvcNAQELBQADggEBAKnvAa8vJTFT05bt8qVa+KaLiXPa +qmbfMvtXDU0OyZD5tJxp5kxpaT7IP4n5cOchFbNqI9rNyny3XNHBTd5eKtPoUein +ynP7tgJfrzG7YRzPfz/tOC2Y2VAhSAuaQ8bAmvNUq8xU3rgWyKtDTYBMraWFSIaK +g+VwORwFn2cv0FqOhDa0vlheSBFleuyxuEiFi40pnA5fvCFNUQes5SVorBSSydiM +hjyu0EoeVlvUiScP96PIeZL04HfBzA4KtAFAGwhA18GrtO4aWux2DNXYPs+saiNq +V3bMmP5h8JfwRoGKiLm7b37wfKlSkRlIrDY6WpBTOdidGc6gEuSOugJ0X3g= +-----END CERTIFICATE-----