From 0e97585099ae22122c85ffaf9148a84f91a499df Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Oct 2024 08:55:14 +0000
Subject: [PATCH 1/9] chore: Bump actions/checkout in the
 production-dependencies group

Bumps the production-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 4.1.7 to 4.2.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.7...v4.2.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ci.yaml                | 4 ++--
 .github/workflows/dependency-review.yaml | 2 +-
 .github/workflows/deploy.yaml            | 2 +-
 .github/workflows/release.yaml           | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 7e476a07..b72c97d3 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -34,7 +34,7 @@ jobs:
 
     steps:
       - name: Check Out VCS Repository
-        uses: actions/checkout@v4.1.7
+        uses: actions/checkout@v4.2.0
 
       - name: Set Up Python ${{ matrix.python_version }}
         uses: actions/setup-python@v5.2.0
@@ -75,7 +75,7 @@ jobs:
 
     steps:
       - name: Check Out VCS Repository
-        uses: actions/checkout@v4.1.7
+        uses: actions/checkout@v4.2.0
 
       - name: Set Up Python ${{ matrix.python_version }}
         uses: actions/setup-python@v5.2.0
diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
index 2bff4f41..801cda46 100644
--- a/.github/workflows/dependency-review.yaml
+++ b/.github/workflows/dependency-review.yaml
@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: Check Out VCS Repository
-        uses: actions/checkout@v4.1.7
+        uses: actions/checkout@v4.2.0
 
       - name: Dependency Review
         uses: actions/dependency-review-action@v4.3.4
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index fe1a05af..c96e4ec4 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -38,7 +38,7 @@ jobs:
 
     steps:
       - name: Check Out VCS Repository
-        uses: actions/checkout@v4.1.7
+        uses: actions/checkout@v4.2.0
 
       - name: Set Up Python
         id: set_up_python
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index cb237b21..26fd20bd 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -35,7 +35,7 @@ jobs:
 
     steps:
       - name: Check Out VCS Repository
-        uses: actions/checkout@v4.1.7
+        uses: actions/checkout@v4.2.0
 
       - name: Set Up Python
         id: set_up_python

From bae3f6186f34a2e568629142cc39b49626f0a174 Mon Sep 17 00:00:00 2001
From: Jose Tomas Robles Hahn <jtrobles@cordada.com>
Date: Tue, 1 Oct 2024 17:27:48 -0300
Subject: [PATCH 2/9] chore: Refactor `cryptography.hazmat.*` Python imports

---
 src/cl_sii/libs/crypto_utils.py    | 2 +-
 src/cl_sii/rut/crypto_utils.py     | 6 +++---
 src/tests/test_rut_crypto_utils.py | 8 ++++----
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/cl_sii/libs/crypto_utils.py b/src/cl_sii/libs/crypto_utils.py
index a82d4dd3..776cd8a4 100644
--- a/src/cl_sii/libs/crypto_utils.py
+++ b/src/cl_sii/libs/crypto_utils.py
@@ -46,9 +46,9 @@
 import base64
 from typing import Union
 
+import cryptography.hazmat.backends.openssl.backend as _crypto_x509_backend
 import cryptography.x509
 import signxml.util
-from cryptography.hazmat.backends.openssl import backend as _crypto_x509_backend
 from cryptography.x509 import Certificate as X509Cert
 from OpenSSL.crypto import X509 as _X509CertOpenSsl
 
diff --git a/src/cl_sii/rut/crypto_utils.py b/src/cl_sii/rut/crypto_utils.py
index d8f03c8a..df98a9c7 100644
--- a/src/cl_sii/rut/crypto_utils.py
+++ b/src/cl_sii/rut/crypto_utils.py
@@ -2,9 +2,9 @@
 from typing import Optional
 
 import cryptography
+import cryptography.hazmat.backends.openssl.backend as crypto_x509_backend
+import cryptography.hazmat.primitives.serialization.pkcs12
 import cryptography.x509
-from cryptography.hazmat.backends.openssl import backend as crypto_x509_backend
-from cryptography.hazmat.primitives.serialization import pkcs12
 
 from . import Rut, constants
 
@@ -22,7 +22,7 @@ def get_subject_rut_from_certificate_pfx(pfx_file_bytes: bytes, password: Option
         private_key,
         x509_cert,
         additional_certs,
-    ) = pkcs12.load_key_and_certificates(
+    ) = cryptography.hazmat.primitives.serialization.pkcs12.load_key_and_certificates(
         data=pfx_file_bytes,
         password=password.encode() if password is not None else None,
         backend=crypto_x509_backend,
diff --git a/src/tests/test_rut_crypto_utils.py b/src/tests/test_rut_crypto_utils.py
index 810894cc..c485d53b 100644
--- a/src/tests/test_rut_crypto_utils.py
+++ b/src/tests/test_rut_crypto_utils.py
@@ -1,8 +1,8 @@
 import unittest
 from unittest.mock import Mock, patch
 
+import cryptography.hazmat.primitives.serialization.pkcs12
 import cryptography.x509
-from cryptography.hazmat.primitives.serialization import pkcs12
 
 from cl_sii import rut
 from cl_sii.libs.crypto_utils import load_der_x509_cert
@@ -19,7 +19,7 @@ def test_get_subject_rut_from_certificate_pfx_ok(self) -> None:
         x509_cert = load_der_x509_cert(cert_der_bytes)
 
         with patch.object(
-            pkcs12,
+            cryptography.hazmat.primitives.serialization.pkcs12,
             'load_key_and_certificates',
             Mock(return_value=(None, x509_cert, None)),
         ):
@@ -40,7 +40,7 @@ def test_get_subject_rut_from_certificate_pfx_fails_if_rut_info_is_missing(self)
         x509_cert = load_der_x509_cert(cert_der_bytes)
 
         with patch.object(
-            pkcs12,
+            cryptography.hazmat.primitives.serialization.pkcs12,
             'load_key_and_certificates',
             Mock(return_value=(None, x509_cert, None)),
         ):
@@ -81,7 +81,7 @@ def test_get_subject_rut_from_certificate_pfx_does_not_throw_attribute_error_if_
         )
 
         with patch.object(
-            pkcs12,
+            cryptography.hazmat.primitives.serialization.pkcs12,
             'load_key_and_certificates',
             Mock(return_value=(None, x509_cert, None)),
         ), patch.object(

From 421aca7e5a690bcd3b019409c23cfd2684dcf39c Mon Sep 17 00:00:00 2001
From: svillegas-cdd <svillegas@cordada.com>
Date: Tue, 1 Oct 2024 17:19:46 -0300
Subject: [PATCH 3/9] fix: Update cleaning regex to match RUTs with non-numeric
 digits

- The regular expression in `get_subject_rut_from_certificate_pfx` caused the removal of all letters,
including the letter K, from the RUTs.
- It has been updated to a regex that includes the letter K in certain RUTs.
- Added tests for RUTs that end with a `K`.
- Added a guide named `howto.md`, which explains how to create a valid `.der` certificate.
  Based on the guide in `FD-CL-Data`
  [See](https://github.com/cordada/fd-cl-data/blob/ba85835e81c857acbcc0498751c21335591b17b5/test_data/apps/sii_auth/certificate_pfx/howto.md).

Ref: https://github.com/cordada/lib-cl-sii-python/issues/700
Ref: https://app.shortcut.com/cordada/story/9821
---
 src/cl_sii/rut/crypto_utils.py                |  10 ++-
 .../sii-crypto/TEST-DTE-13185095-K.der        | Bin 0 -> 1092 bytes
 .../sii-crypto/TEST-DTE-13185095-K.pem        |  28 +++++++
 .../TEST-DTE-WITH-ID-BUT-NO-RUT.der           | Bin 0 -> 866 bytes
 .../TEST-DTE-WITH-ID-BUT-NO-RUT.pem           |  28 +++++++
 src/tests/test_data/sii-crypto/howto.md       |  71 ++++++++++++++++++
 src/tests/test_rut_crypto_utils.py            |  40 ++++++++++
 7 files changed, 176 insertions(+), 1 deletion(-)
 create mode 100644 src/tests/test_data/sii-crypto/TEST-DTE-13185095-K.der
 create mode 100644 src/tests/test_data/sii-crypto/TEST-DTE-13185095-K.pem
 create mode 100644 src/tests/test_data/sii-crypto/TEST-DTE-WITH-ID-BUT-NO-RUT.der
 create mode 100644 src/tests/test_data/sii-crypto/TEST-DTE-WITH-ID-BUT-NO-RUT.pem
 create mode 100644 src/tests/test_data/sii-crypto/howto.md

diff --git a/src/cl_sii/rut/crypto_utils.py b/src/cl_sii/rut/crypto_utils.py
index df98a9c7..1f22efcc 100644
--- a/src/cl_sii/rut/crypto_utils.py
+++ b/src/cl_sii/rut/crypto_utils.py
@@ -51,6 +51,14 @@ def get_subject_rut_from_certificate_pfx(pfx_file_bytes: bytes, password: Option
         raise Exception(f'len(results) == {len(results)}')
 
     subject_rut_raw: bytes = results[0]
-    subject_rut = re.sub(r'[^0-9-]', '', subject_rut_raw.decode('utf-8'))
+    subject_rut_str = subject_rut_raw.decode('utf-8')
+
+    # Regex to extract Chilean RUT formatted string
+    rut_match = re.search(r'\b\d{1,8}-[0-9Kk]\b', subject_rut_str)
+
+    if not rut_match:
+        raise Exception('RUT format not found in certificate')
+
+    subject_rut = rut_match.group(0)
 
     return Rut(subject_rut)
diff --git a/src/tests/test_data/sii-crypto/TEST-DTE-13185095-K.der b/src/tests/test_data/sii-crypto/TEST-DTE-13185095-K.der
new file mode 100644
index 0000000000000000000000000000000000000000..b279fc34ae577fafb46e94d2821039974ef760cb
GIT binary patch
literal 1092
zcmXqLVsS8NV%Au|%*4pVBw}$drp;7FncYC}|3L|<sJX(gUuhWdvT<s)d9;1!Wn|=L
zWiV*mYRGNC$;KSY!Y0h*>|-cvAPwSh@Q4JZrf25oDfp(A6y+D>=VX>7<|P^m8t{Xp
z*?BmE6Z1+k6VvkzB@M(uLR>roj>);H3eNdO1^GpZB|yD~Dh5g*DQ+HVu#{^>K~8>g
zW?8C2NNQeQX0d`(Vopvm%uHq;4zK)-JO!8hR6_*=Ik+=98N~#%fD(Es`Kb<xKr8f;
z^K%X4#CeTO3=Iqn4J}R03{0bdTvH_Oko8v+qY`oyF|sl+H!<=v7&I|*F*PwVGMp@J
zZb_>sX-cSUbw7Mo|L3Chc^6b~{uazQJ7>f1yo(oqeVFR8qWbEmQ!*c~{F$<8?m6A-
z9@o!&)cyPB;^e=Yw*<<2&wqFRw=imnlZ(Rk>xVM8PI;^7mEw9chGYAyXIJ+<ZuoP8
zOKZFO>G=g!(R0k2zi@5{6$(1TBcxmsH*aChl9WE~4do$EkJxw^Hr-pf*4DCmk*4IU
zz{zW_o~z>GvH$h?<-WczhpIR)Jk!zOxNq~$FHF|+==)p6#sB7+J&KrUTD|)4zm#v?
z-Ev}I`tv*-;}@6PP7nLjtEqgGrMa-uU!&jZ+W#|qe&6)9*vj1Z!R+~tviofkzjq#)
zVY5s1IlC^?QYL0b2FAs11}+B5z@#NB$RcAPwLpT6Lz|6}h4COG;{qNYE<<BO3sVD2
zQ(bQZS&$+=7BLo){mUY+@67(I_@sK-RN0`ConcITyOBd0m>GZ}&B(y*a%|r(`;8CI
z?6i$=P(AkS%eE^0{D?Jr@*%SXN~442?@P_#I<Znzr<q&t?@3Rtcqh$XvxT!a{fiCe
ze##pdy?E*F)8a2??z7lc`<nHg$Q2uX>qM!!F%sODeI9Q2i`%3n+|n>fCQ^Dw)vv!*
z4{8_Ohz~lS@xJx3<xv>{QTw}p6`YMH>}#p<xO2Jrfp4Sb3dh+qcf34%{{Bbf!*`h%
z9QS?|b1S$_>qg>*yX{liGW^9E|9|A@JQa7flkX4L-+xa&UVqzH9m+EG%aVABXp^~9
zzC7)fFsa|QU3vE`F^yTWAJ6&nU1<J(#;%rgdgt~Xn*M9{vH#lhe!<^dbGDz)Uq9H+
GEDZp~ah!z!

literal 0
HcmV?d00001

diff --git a/src/tests/test_data/sii-crypto/TEST-DTE-13185095-K.pem b/src/tests/test_data/sii-crypto/TEST-DTE-13185095-K.pem
new file mode 100644
index 00000000..cc0ebece
--- /dev/null
+++ b/src/tests/test_data/sii-crypto/TEST-DTE-13185095-K.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJdYOEZnh0gmB5
+hUfDzS/5oq9u0CXZ+xFozZyw+27R0frwlUioe9Xyyhzx1PyUsp3OLddI18zxLf3s
+0ZP9KdoQd43P90P+oVqkQkQgt9fCabWU7SFKZEXZXAi36ubVvuOA/MgKKrcny59w
+elucNoP0CbBVElLMDBIjdF6eoXykZI4LsHdU5cQ8SDGC3qmtPTl7oikZ6lGTrNXO
+egoMP/rz6b6O9MJ6CdDmLCgI3zzuTlYdScXv2nNz/p424liRNXurw/5k9ouLHhb0
+j25IQV+jdz2XVvyNKSPZBINxeU8ojzrW/8y8+9lNOLUDjvA257h234YY+7nEmDy6
+JecHLQKlAgMBAAECggEABne3WTDQ/SySXFRjEW4s9B688xnLnUvqKysutJ/d1u6e
+18pzIrWXEMxcUYc89KknV88w8i27bqLDXC7+SUpmrdCoxNxzWmFjv5JBDavZSWyL
+X9SdFP5TH79MqFrqPkJ6m1GCOpFUf/qRi9LhzgoSAmutNY35CoP4sRqzTvRwQ/bH
+4JR2mO1GD3mDvPwUpsONucujuQCpNhalgLCf2OQIG6nfHU1koJawSps8dHvqjf/g
+K8x37MtE/vF+ubdyFVRkx6wv3YCaieP4lac9sOrPu7X9dtYDli8yCjJ6waILRilI
+4KXL/bu+hNIw3entuB8V5V5uPP4PrQwZ43VwuabrAQKBgQDZ9Buo5B739GpL468O
+ORKrHOPT1j1BOQ2Wz0V3+SbgM1CnRJ19QWIAxqLv8jRWd2o9QWm0UaEr4MpyIo2C
+ZMYsIL0ALz9i39WXumwWziIiCpC5ABYt882YZX4nzhJDgt01MnVvLJzCb8J/oJdO
+/un3/8maq1nVHNtdhsM9BbeNDQKBgQDsoEzgR2xlf2bA0NnAGKSoACi74NS0COAG
+nxF2oq/bhPsQk8UHK5ka6otHsl0lgFRCRG+tNLWnq7jWB+ZhwoVxHeQB5ddGil6V
+atQXNuW7V/Xy+CsZCe5/mekKWNdcacOo76cAqbYtLyPAkVl/381S53jEE47Us+6k
+2eptxC3V+QKBgEJp0eva51zjC2jojjUlSvz9JqcsRyoSuoNT0XVHZIM438C4dczv
+GW/nF0tKYIxgguz7e7xIi3YVX1r8EGbFUmWr7CucOhJk5m7/jWQ9l8ULtyHIVvnV
+qrZfZtu2PXZ47/L/1yzzSSkuaPP++VxG7QB23vXUdOEtk+Kh5+g2T8IZAoGAAPij
+eCQy6LO+KzpwOl6fhmUBxculc9u5d619d9wxFpiUIzxICcB/D2I5EiFESpwdPGxl
+fPODb13AE3jS1EHlJFK4Fd3opUx6GOjoV/QMu1kgFFA6dQ7aYMGz+CvnLmTsvavG
+JrWLnuHbprWyBVlY0WdL0po18t+OMjUGxk6Q1ZkCgYEAznH4XiQo/MHfcSkvUunm
+8Hn5LI+aP+kbIg/NExrOQR3mbQaXhpAJzb4+VRX/l5XNvJ2AHv64lSKTgirvK+p7
+jmB8+pPC3XZ9nyfWYBj4+GMudVytlbDb0Sxrr9AZK3GQaVW26WBffWALAmClWFFm
+bkGfTLjxBHBG6vqhFBGF/Ak=
+-----END PRIVATE KEY-----
diff --git a/src/tests/test_data/sii-crypto/TEST-DTE-WITH-ID-BUT-NO-RUT.der b/src/tests/test_data/sii-crypto/TEST-DTE-WITH-ID-BUT-NO-RUT.der
new file mode 100644
index 0000000000000000000000000000000000000000..608546996327ca82fa6d483ff8e4690f7445bb2c
GIT binary patch
literal 866
zcmXqLVvaLtVscx+%*4pVBw|`IB|$XgKyHKQrJ5;*XYM_kbNsdeFB_*;n@8JsUPeZ4
zRt5uCLv903Hs(+kHen{mP(xt@K@f+7hbuTgH&r*dB(WsbP|-jhB*?`h;h9&GT9lVs
zq7a^$lAc*otPoIAso+zRVjw5ZYh+?*U|?uuU}|Y<8U^H<B5|o@O%tOMvIiJh8JL?G
z`56qF7`d357#SJnZ1}?WXHD?O<m7)-pL{c0Io<ok35z20va_qWrZy&h>*skoRW`^`
z#=3W{@S|6(t?A#biz82DJ=cx9rQMQzp-tOZhv$VA%Z}3h?j9Sg51-dQlqqn-_I96J
z#)XP!o0y7n(^&-DA1_OEUEdjc+wsss?|sWY=V-8QeE9X^>-z;)zB#7kFD<w`QR80E
z?I6Cw(AZ~FOj)8n+}+qz;JPg%G|O3h)3W_8Yqam@%3Sm2yY-Ue{F&OL%x{IIGCf|o
z<!M!ztq9L?usXpOuwUn0K$^Lffcd*E_rJMqm+h{IwfS?bQ#3p`vj31wRi|4}oPKW5
zLylmR%-$_4++Y4~UZ~P-Kfk1viJ6gsaj~0$i-9sQ#$*LqWDKMhNU(8evoW$T9%N)(
zz{A6pm{+M=TvC*omu?^nQpCq1#v(G2o9WrUzC``J2{jjAXiNX=f4N8-Ii!I}1sKwd
z3{j=YRsR=%5S;V+*6!64<~Kc=Jnh-G2El|Qubn3}2<bDw>QG(XJKyHxn$oRpuP)x0
za^=v1%oWV_$1W&u>fCwn;^SRaiybQs9yojUUg+)NyQfm)xOc;r*6QEo@9r;YaF@Gw
z?%IOz(r=oaQjHgW<sY?sI`!D}V}&bHKWdl#QBFVG_E3J`S)aL^%ZxRqM{<4HcbB=m
zE9d!o1z(kyIn}IEyN$%!Z)Wexm>Vmtvw!xFH(%{1sYopPb|ZzokokrBKC{^@Q`0hK
z;+E*$eKuuU1ACr-TvFbuZGX+4b?Tc>Kjj~nxAJhg-<qSrDk=(jR$`B?KKcIt$P_P0
RiB~<w6Pgwseby<+4**}jTE74Q

literal 0
HcmV?d00001

diff --git a/src/tests/test_data/sii-crypto/TEST-DTE-WITH-ID-BUT-NO-RUT.pem b/src/tests/test_data/sii-crypto/TEST-DTE-WITH-ID-BUT-NO-RUT.pem
new file mode 100644
index 00000000..84fec6cc
--- /dev/null
+++ b/src/tests/test_data/sii-crypto/TEST-DTE-WITH-ID-BUT-NO-RUT.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCcsPQO/KxT8WNj
+/pXk9japl0voyDhyN3bNqgqVgWL2jwzllR1SQRw7ja0T4uoFhWf3O3NZyGrnLV7a
+K4Rj0IYrMywM6DoEuHW/R0iwO8PPK8JpENg9245GaNB45rICcm1nBBGH46ZhRa+J
+VdtBwqFLvqbzbCgFseH10evfcNT2QWRvpXDdkSjejNtSDnFVXeaUNQRa8N2xgnBF
+tmhVakMXsqa/RKwr320c1ksO2ukIz8x9xQPtExppSOpGbip4NqhXbEA6yAZQvyzu
+UGY3GhA37rTf9ka3HYt4XTz8xokVV21Zj8IceolGUl4vbVLhCFM0aY20qEfp+4Oh
+JIs/n3SFAgMBAAECggEAAoNvIsdoTz9lv/6fMmlFprJD2DPP/fsIR5PE8DF/YCOa
+yhr6ea2MMaNb5aAD73s8l/Fm8AeAOX2XkinVCZHYeRxsxjc6aQV5dAxFbPhEc5AI
+4g0QXuuk7Fm1kF7o95OU0Cx3SIX9Dv3iazJKnlMsKa4g+PIg8ThxfrMzlKW3cMzE
+zfWdgGe65I0cOS8kLi7C+nd23y2EMn/Zfq55pguSYq0E49A+J30KzRFmZZWiXsfB
+U0Q1mOHEl4Lbl0WLeJnjp+adDTgRwUMoAsuQ87SGr+8BRwZCJX2wLmdBS4NKvZFH
+Xsxu4OQxxx8SySxeGKqmyE4cUAL2iCy18vS1wL/5OQKBgQDGjpoe9aU8eEt0vDbe
+/SyJITMchnqOUNGEBAyRmPqViGolHd+htnrj3hJ1O44vTjUTxj3NWxon2pFYMrtj
+LHBN9CBzt3/1KMjUQmQL1BmIMRlvXS8HsRQl4Nt9lP4GqtX0tbi64JydCENiavL9
+zVE0mCV4HzNSqSiTfqEVBZ/NvQKBgQDKBbalPtzQQ+sgvslMQPNpNFCpow4Nn6Eo
+CHGQ9nZFFyEpdMxcpqhYwgiy8eosBXTEhbhQyYcbxB77EDH1WLcho1ZII8rX6LrM
+153B/8XuIdEkJDkcYhEGmM0CAO+X8Nztkksk3T3jpG8TFdZBlk2giegBV4ko2Ina
+HdkRqah6aQKBgEM6mXiOF+qHmJTn/XQ3KNMtiI7KAckaGDao4FCUCZSD4dy7ZrLs
+hGOPF5TWG2htBI+zec2EYTDJUpkYZFZJ/6SFWk+T/CFYM9eauyE+KX7xkPkiBgCG
+tpm0rtywi+paAaOfu/Kahqys1ZQHPkstL6etNFKdzdTZLcHzCDuD8f3JAoGATDaj
+lOuGOjulNJFFN7M5IPNPiu+smY8jKQsmbN3N+HqlVBJwFnP5BqMMzRVeloTobEtW
+IYQlqF/woB6X+kshq1sHbeey2ok+D5E4PrvTW+b+E3hm40JL0gVLMfpQaS3A6w9J
+sfqVIpAiJz0Ru2SMnIfqMrdnUzV9q/+eqH8sxCECgYBxIN/8r/H1lmJBa8vaAO5P
+Nb6j6yRgWkIIS8lN9uGjs5O3qfT0MDvkiyp6vDetHelKF+ayJ+SeNpuj978g2lhy
+KgUtUYeo1qXLHHpEpmf/Dc597v+v8aI9uUD3RFdOtR2yup3JUlDVJFf/VtF27a5X
+aC5sPUAoOReOMN6lLnxKrg==
+-----END PRIVATE KEY-----
diff --git a/src/tests/test_data/sii-crypto/howto.md b/src/tests/test_data/sii-crypto/howto.md
new file mode 100644
index 00000000..219ffd63
--- /dev/null
+++ b/src/tests/test_data/sii-crypto/howto.md
@@ -0,0 +1,71 @@
+# Generating a self-signed certificate in DER format using OpenSSL
+
+## Documentation
+
+- <https://www.openssl.org/docs/manmaster/man1/req.html>
+
+## Parameters
+
+- File to send the key to (`key_file_name`)
+- Output file (`certificate_file_name`)
+- Number of days cert is valid for (`number_of_days`)
+
+```sh
+key_file_name='key.pem'
+certificate_file_name='certificate.der'
+number_of_days=365
+subject_rut_oid='1.3.6.1.4.1.8321.1'
+subject_rut='13185095-K'
+```
+
+## Steps
+
+### Generate the private key and public certificate
+
+```sh
+openssl req \
+    -newkey rsa:2048 \
+    -nodes \
+    -keyout "$key_file_name" \
+    -x509 \
+    -days "$number_of_days" \
+    -outform DER \
+    -out "$certificate_file_name" \
+    -extensions san -config <(cat /etc/ssl/openssl.cnf \
+        <(printf "\n[san]\nsubjectAltName=otherName:$subject_rut_oid;UTF8:$subject_rut"))
+```
+
+```text
+Generating a RSA private key
+....................................................................................+++++
+....................................................+++++
+writing new private key to 'key.pem'
+-----
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:CL
+State or Province Name (full name) [Some-State]:Region Metropolitana
+Locality Name (eg, city) []:Santiago
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Acme Corporation
+Organizational Unit Name (eg, section) []:Acme Explosive Tennis Balls
+Common Name (e.g. server FQDN or YOUR name) []:John Doe
+Email Address []:john.doe@acme.com
+```
+
+### Output
+
+#### Review the created certificate
+
+```sh
+openssl x509 \
+    -inform DER \
+    -in "$certificate_file_name" \
+    -text -noout
+```
+
+This will generate a self-signed certificate in DER format and allow you to review its contents
diff --git a/src/tests/test_rut_crypto_utils.py b/src/tests/test_rut_crypto_utils.py
index c485d53b..e97287dd 100644
--- a/src/tests/test_rut_crypto_utils.py
+++ b/src/tests/test_rut_crypto_utils.py
@@ -32,6 +32,46 @@ def test_get_subject_rut_from_certificate_pfx_ok(self) -> None:
             self.assertIsInstance(subject_rut, rut.Rut)
             self.assertEqual(subject_rut, rut.Rut('13185095-6'))
 
+    def test_get_subject_rut_from_certificate_pfx_ok_with_rut_that_ends_with_K(self) -> None:
+        cert_der_bytes = utils.read_test_file_bytes('test_data/sii-crypto/TEST-DTE-13185095-K.der')
+
+        x509_cert = load_der_x509_cert(cert_der_bytes)
+
+        with patch.object(
+            cryptography.hazmat.primitives.serialization.pkcs12,
+            'load_key_and_certificates',
+            Mock(return_value=(None, x509_cert, None)),
+        ):
+            pfx_file_bytes = b'hello'
+            password = 'fake_password'
+            subject_rut = get_subject_rut_from_certificate_pfx(
+                pfx_file_bytes=pfx_file_bytes,
+                password=password,
+            )
+            self.assertIsInstance(subject_rut, rut.Rut)
+            self.assertEqual(subject_rut, rut.Rut('13185095-K'))
+
+    def test_get_subject_rut_from_certificate_pfx_not_matching_rut_format(self) -> None:
+        cert_der_bytes = utils.read_test_file_bytes(
+            'test_data/sii-crypto/TEST-DTE-WITH-ID-BUT-NO-RUT.der',
+        )
+
+        x509_cert = load_der_x509_cert(cert_der_bytes)
+
+        with patch.object(
+            cryptography.hazmat.primitives.serialization.pkcs12,
+            'load_key_and_certificates',
+            Mock(return_value=(None, x509_cert, None)),
+        ):
+            pfx_file_bytes = b'hello'
+            password = 'fake_password'
+            with self.assertRaises(Exception) as cm:
+                get_subject_rut_from_certificate_pfx(
+                    pfx_file_bytes=pfx_file_bytes,
+                    password=password,
+                )
+            self.assertEqual(cm.exception.args, ('RUT format not found in certificate',))
+
     def test_get_subject_rut_from_certificate_pfx_fails_if_rut_info_is_missing(self) -> None:
         cert_der_bytes = utils.read_test_file_bytes(
             'test_data/crypto/wildcard-google-com-cert.der',

From 07d8731091a8eab1f98a478ef266d6a78de7b7e5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Oct 2024 08:46:19 +0000
Subject: [PATCH 4/9] chore(deps): Bump tox in the development-dependencies
 group

Bumps the development-dependencies group with 1 update:
[tox](https://github.com/tox-dev/tox).

Updates `tox` from 4.20.0 to 4.21.0
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](https://github.com/tox-dev/tox/compare/4.20.0...4.21.0)

---
updated-dependencies:
- dependency-name: tox
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements-dev.in  |  2 +-
 requirements-dev.txt | 11 ++++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/requirements-dev.in b/requirements-dev.in
index 9b49d678..88e92206 100644
--- a/requirements-dev.in
+++ b/requirements-dev.in
@@ -12,7 +12,7 @@ flake8==7.1.1
 isort==5.13.2
 mypy==1.11.2
 pip-tools==7.4.1
-tox==4.20.0
+tox==4.21.0
 twine==5.1.1
 types-jsonschema==4.23.0.20240813
 types-lxml==2024.9.16
diff --git a/requirements-dev.txt b/requirements-dev.txt
index 61de4934..8b7ed718 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -51,7 +51,7 @@ distlib==0.3.7
     # via virtualenv
 docutils==0.19
     # via readme-renderer
-filelock==3.15.4
+filelock==3.16.1
     # via
     #   tox
     #   virtualenv
@@ -97,7 +97,7 @@ pip-tools==7.4.1
     # via -r requirements-dev.in
 pkginfo==1.8.3
     # via twine
-platformdirs==4.2.2
+platformdirs==4.3.6
     # via
     #   black
     #   tox
@@ -116,7 +116,7 @@ pygments==2.15.0
     # via
     #   readme-renderer
     #   rich
-pyproject-api==1.7.1
+pyproject-api==1.8.0
     # via tox
 pyproject-hooks==1.0.0
     # via
@@ -155,7 +155,7 @@ tomli==2.0.1
     #   pyproject-api
     #   pyproject-hooks
     #   tox
-tox==4.20.0
+tox==4.21.0
     # via -r requirements-dev.in
 twine==5.1.1
     # via -r requirements-dev.in
@@ -181,12 +181,13 @@ typing-extensions==4.12.2
     #   black
     #   mypy
     #   rich
+    #   tox
     #   types-lxml
 urllib3==1.26.19
     # via
     #   requests
     #   twine
-virtualenv==20.26.3
+virtualenv==20.26.6
     # via tox
 webencodings==0.5.1
     # via bleach

From 34e0971d17f521b853a2bbd08be52564f3a42438 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Oct 2024 12:50:30 +0000
Subject: [PATCH 5/9] chore(deps): Bump django-filter from 24.2 to 24.3

Bumps [django-filter](https://github.com/carltongibson/django-filter) from 24.2 to 24.3.
- [Release notes](https://github.com/carltongibson/django-filter/releases)
- [Changelog](https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst)
- [Commits](https://github.com/carltongibson/django-filter/compare/24.2...24.3)

---
updated-dependencies:
- dependency-name: django-filter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index b32d9694..288f0b32 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -33,7 +33,7 @@ django==4.2.15
     #   -r requirements.in
     #   django-filter
     #   djangorestframework
-django-filter==24.2
+django-filter==24.3
     # via -r requirements.in
 djangorestframework==3.15.2
     # via -r requirements.in

From 529c52ffebf06173bf3f10ee701d45a286070c89 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Oct 2024 13:36:18 +0000
Subject: [PATCH 6/9] chore(deps): Bump pytz from 2024.1 to 2024.2

Bumps [pytz](https://github.com/stub42/pytz) from 2024.1 to 2024.2.
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](https://github.com/stub42/pytz/compare/release_2024.1...release_2024.2)

---
updated-dependencies:
- dependency-name: pytz
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.in  | 2 +-
 requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.in b/requirements.in
index 85236d9d..e35750d7 100644
--- a/requirements.in
+++ b/requirements.in
@@ -17,5 +17,5 @@ lxml==5.3.0
 marshmallow==3.22.0
 pydantic==2.9.2
 pyOpenSSL==24.2.1
-pytz==2024.1
+pytz==2024.2
 signxml==3.2.2
diff --git a/requirements.txt b/requirements.txt
index 288f0b32..bb794513 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -67,7 +67,7 @@ pyopenssl==24.2.1
     # via
     #   -r requirements.in
     #   signxml
-pytz==2024.1
+pytz==2024.2
     # via -r requirements.in
 referencing==0.35.1
     # via

From d2d10592c3e6a10aebab85c225e3e615f63bab76 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Oct 2024 12:51:18 +0000
Subject: [PATCH 7/9] chore(deps): Bump importlib-metadata from 8.4.0 to 8.5.0

Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 8.4.0 to 8.5.0.
- [Release notes](https://github.com/python/importlib_metadata/releases)
- [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst)
- [Commits](https://github.com/python/importlib_metadata/compare/v8.4.0...v8.5.0)

---
updated-dependencies:
- dependency-name: importlib-metadata
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements-dev.txt | 4 ++--
 requirements.in      | 2 +-
 requirements.txt     | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/requirements-dev.txt b/requirements-dev.txt
index 8b7ed718..ebfed6f7 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -59,7 +59,7 @@ flake8==7.1.1
     # via -r requirements-dev.in
 idna==3.7
     # via requests
-importlib-metadata==8.4.0
+importlib-metadata==8.5.0
     # via
     #   -c requirements.txt
     #   build
@@ -195,7 +195,7 @@ wheel==0.44.0
     # via
     #   -r requirements-dev.in
     #   pip-tools
-zipp==3.19.2
+zipp==3.20.2
     # via
     #   -c requirements.txt
     #   importlib-metadata
diff --git a/requirements.in b/requirements.in
index e35750d7..7518f49a 100644
--- a/requirements.in
+++ b/requirements.in
@@ -11,7 +11,7 @@ defusedxml==0.7.1
 django-filter>=24.2
 Django>=2.2.24
 djangorestframework>=3.10.3,<3.16
-importlib-metadata==8.4.0
+importlib-metadata==8.5.0
 jsonschema==4.23.0
 lxml==5.3.0
 marshmallow==3.22.0
diff --git a/requirements.txt b/requirements.txt
index bb794513..138d8f33 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -37,7 +37,7 @@ django-filter==24.3
     # via -r requirements.in
 djangorestframework==3.15.2
     # via -r requirements.in
-importlib-metadata==8.4.0
+importlib-metadata==8.5.0
     # via -r requirements.in
 importlib-resources==6.4.0
     # via
@@ -87,7 +87,7 @@ typing-extensions==4.12.2
     #   asgiref
     #   pydantic
     #   pydantic-core
-zipp==3.19.2
+zipp==3.20.2
     # via
     #   importlib-metadata
     #   importlib-resources

From 5d6e32f688ab317260c08e5b466c967c3185c0ff Mon Sep 17 00:00:00 2001
From: svillegas-cdd <svillegas@cordada.com>
Date: Thu, 3 Oct 2024 11:18:24 -0300
Subject: [PATCH 8/9] chore: Update history for new version

---
 HISTORY.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/HISTORY.md b/HISTORY.md
index a59aa594..fd49e5b8 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -1,5 +1,15 @@
 # History
 
+## 0.36.0 (2024-10-03)
+
+- (PR #715, 2024-10-01) chore: Bump actions/checkout from 4.1.7 to 4.2.0 in production-deps group
+- (PR #717, 2024-10-01) Refactor `cryptography.hazmat.*` Python imports
+- (PR #716, 2024-10-02) Update cleaning regex to match RUTs with non-numeric digits
+- (PR #710, 2024-10-03) chore: Bump tox from 4.20.0 to 4.21.0 in the development-dependencies group
+- (PR #711, 2024-10-03) chore(deps): Bump django-filter from 24.2 to 24.3
+- (PR #714, 2024-10-03) chore(deps): Bump pytz from 2024.1 to 2024.2
+- (PR #712, 2024-10-03) chore(deps): Bump importlib-metadata from 8.4.0 to 8.5.0
+
 ## 0.35.0 (2024-09-26)
 
 - (PR #706, 2024-09-26) Improvements and fixes related to validation of trusted inputs

From 6f85510ed21e00161169bfefc6252d51b4dd15cd Mon Sep 17 00:00:00 2001
From: svillegas-cdd <svillegas@cordada.com>
Date: Thu, 3 Oct 2024 11:18:29 -0300
Subject: [PATCH 9/9] chore: Bump version from 0.35.0 to 0.36.0

---
 .bumpversion.cfg       | 2 +-
 src/cl_sii/__init__.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.bumpversion.cfg b/.bumpversion.cfg
index a9c8428f..52fd7b4f 100644
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.35.0
+current_version = 0.36.0
 commit = True
 tag = False
 message = chore: Bump version from {current_version} to {new_version}
diff --git a/src/cl_sii/__init__.py b/src/cl_sii/__init__.py
index ee2f739d..d3e74ea3 100644
--- a/src/cl_sii/__init__.py
+++ b/src/cl_sii/__init__.py
@@ -4,4 +4,4 @@
 
 """
 
-__version__ = '0.35.0'
+__version__ = '0.36.0'