search

Ymagis / ClairMeta

Clairmeta is a python package for Digital Cinema Package (DCP) probing and checking.
BSD 3-Clause "New" or "Revised" License
84 stars 22 forks source link

Subject organizationName field encoding should be PrintableString, got UTF8String #141

Open kieranjol opened 4 years ago

kieranjol commented 4 years ago

Hi we got the following error which easydcp player didn't pick up on. I'll email the PKL and CPL to you, but I can't find an encoding issue in the xmls..

I traced the error to here - https://github.com/Ymagis/ClairMeta/blob/7dc86fc76d4c620bec719f59394e3b0a84178bf4/clairmeta/dcp_check_sign.py 

2020-03-26 10:46:29,549 - Clairmeta - INFO - Probing DCP : E:\DCP_sipcreation\to_be_accessioned\oe9924\oe9924\07d01ee8-fa50-4981-b4f2-32e8401686e0\objects\Inside_FTR-2_F-178_20_2K_20171123_SMPTE_OV
2020-03-26 10:47:22,205 - Clairmeta - INFO - Total time : 52.69 seconds
2020-03-26 10:47:26,569 - Clairmeta - INFO - Checking DCP : E:\DCP_sipcreation\to_be_accessioned\oe9924\oe9924\07d01ee8-fa50-4981-b4f2-32e8401686e0\objects\Inside_FTR-2_F-178_20_2K_20171123_SMPTE_OV
2020-03-26 10:57:07,158 - Clairmeta - INFO - DCP : E:\DCP_sipcreation\to_be_accessioned\oe9924\oe9924\07d01ee8-fa50-4981-b4f2-32e8401686e0\objects\Inside_FTR-2_F-178_20_2K_20171123_SMPTE_OV
2020-03-26 10:57:07,158 - Clairmeta - INFO - Size : 38.10 GiB
2020-03-26 10:57:07,158 - Clairmeta - INFO - Error(s) :
        check_certif_fields_encoding - pkl_71ebb76e-b067-47b4-b8a3-ddc48cc378a2.xml (Certificate : 5) : Subject organizationName field encoding should be PrintableString, got UTF8String
        check_certif_fields_encoding - pkl_71ebb76e-b067-47b4-b8a3-ddc48cc378a2.xml (Certificate : 6) : Subject organizationName field encoding should be PrintableString, got UTF8String
        check_certif_fields_encoding - pkl_71ebb76e-b067-47b4-b8a3-ddc48cc378a2.xml (Certificate : 7) : Subject organizationName field encoding should be PrintableString, got UTF8String
        check_certif_fields_encoding - cpl_c683f9f0-4360-4b16-966f-b79726c6c930.xml (Certificate : 5) : Subject organizationName field encoding should be PrintableString, got UTF8String
        check_certif_fields_encoding - cpl_c683f9f0-4360-4b16-966f-b79726c6c930.xml (Certificate : 6) : Subject organizationName field encoding should be PrintableString, got UTF8String
        check_certif_fields_encoding - cpl_c683f9f0-4360-4b16-966f-b79726c6c930.xml (Certificate : 7) : Subject organizationName field encoding should be PrintableString, got UTF8String
2020-03-26 10:57:07,159 - Clairmeta - INFO - Warning(s) :
        check_dcnc_compliance - ContentTitle must have 12 parts, 8 found
ContentTitle Part 20 not matching any naming convention field
ContentTitle Part 2K not matching any naming convention field
ContentTitle Part 20171123 not matching any naming convention field
ContentTitle Part SMPTE not matching any naming convention field
Field Language not found in ContentTitle
2020-03-26 10:57:07,159 - Clairmeta - INFO - Total check : 86
2020-03-26 10:57:07,159 - Clairmeta - INFO - Total time : 580.27 sec
2020-03-26 10:57:07,159 - Clairmeta - INFO - Validation : Fail
remia commented 4 years ago

Hi @kieranjol,

This check is based on SMPTE ST 430-2 2006 (there is now a 2017 version but it didn't seem to change the specification in that regard). Basically the fields inside the X509 certificates (used as part of the XMLs digital signature) have to be encoded in a particular format, here named PrintableString, see extract from the spec below:

Exactly one instance of the OrganizationName attribute is required in the Subject name and the Issuer name. It shall be a PrintableString. It should be a meaningful (to humans) name of the organization that is providing the root of trust for all certificates in this chain.

I remember this was not implemented at first, then a commercial checking tool raised an error on this particular check so we added it in ClairMeta. I'm not sure on which tool it was, but probably either Clipster or EasyDCP (maybe a different version from yours). Could be good to check in Clipster. I'm not sure if this would make any failures in the field though.

My email in the gmail one by the way, not sure if you use the right one because I didn't got any files about the previous issue you raised.

Cheers

remia commented 4 years ago

Can't find from where this check comes from, would be nice if someone had more info on this.

matmat commented 4 years ago

I believe the tests come from the DCI CTP, with the corresponding sections in ST430 which it should be tested against for ASN.1 PrintableString:

DCI CTP: 2.1.11. Public Key Thumbprint ST430-2: 5.3.1 Public Key Thumbprint (DnQualifier)

DCI CTP: 2.1.12. Organization Name Field ST430-2: 5.3.2 Root Name (OrganizationName)

DCI CTP: 2.1.13. OrganizationUnitName Field ST430-2: 5.3.3 Organization Name (OrganizationUnitName)

DCI CTP: 2.1.14. Entity Name and Roles Field ST430-2: 5.3.4 Entity Name and Roles (CommonName)

It is not stated to test for PrintableString explicitly in the CTP, but 430-2 is given as a reference, so I think it coul be interpreted as an intended check.