From 3e44cbed78eb528daa38f9837d67aa0471ee7bd2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Oct 2015 15:32:15 -0400 Subject: Fix cert validation bugs found by x509test. Add test suite with certs from x509test --- .../data/x509test/InvalidExtendedKeyUsage.pem | 39 +++++++ src/tests/data/x509test/InvalidIntCAFlag.pem | 97 +++++++++++++++++ src/tests/data/x509test/InvalidIntCAKeyUsage.pem | 97 +++++++++++++++++ src/tests/data/x509test/InvalidIntCALen.pem | 97 +++++++++++++++++ src/tests/data/x509test/InvalidIntCALoop.pem | 79 ++++++++++++++ src/tests/data/x509test/InvalidIntCASelfSign.pem | 79 ++++++++++++++ src/tests/data/x509test/InvalidIntCAVersionOne.pem | 97 +++++++++++++++++ src/tests/data/x509test/InvalidIntCAVersionTwo.pem | 97 +++++++++++++++++ src/tests/data/x509test/InvalidKeyUsage.pem | 38 +++++++ src/tests/data/x509test/InvalidName.pem | 38 +++++++ src/tests/data/x509test/InvalidNameAltName.pem | 39 +++++++ .../data/x509test/InvalidNameAltNameWithSubj.pem | 38 +++++++ .../data/x509test/InvalidNameConstraintExclude.pem | 99 +++++++++++++++++ .../data/x509test/InvalidNameConstraintPermit.pem | 99 +++++++++++++++++ .../x509test/InvalidNameConstraintPermitRight.pem | 99 +++++++++++++++++ .../InvalidNameConstraintPermitThenExclude.pem | 100 +++++++++++++++++ src/tests/data/x509test/InvalidNotAfter.pem | 37 +++++++ src/tests/data/x509test/InvalidNotAfterChained.pem | 97 +++++++++++++++++ src/tests/data/x509test/InvalidNotBefore.pem | 37 +++++++ .../data/x509test/InvalidNotBeforeChained.pem | 97 +++++++++++++++++ src/tests/data/x509test/InvalidSelfSign.pem | 18 ++++ src/tests/data/x509test/InvalidWildcardAll.pem | 37 +++++++ .../data/x509test/InvalidWildcardAllAltName.pem | 38 +++++++ src/tests/data/x509test/InvalidWildcardLeft.pem | 37 +++++++ .../data/x509test/InvalidWildcardLeftAltName.pem | 38 +++++++ src/tests/data/x509test/InvalidWildcardMid.pem | 37 +++++++ .../data/x509test/InvalidWildcardMidAltName.pem | 38 +++++++ .../data/x509test/InvalidWildcardMidMixed.pem | 37 +++++++ .../x509test/InvalidWildcardMidMixedAltName.pem | 38 +++++++ src/tests/data/x509test/InvalidWildcardSingle.pem | 37 +++++++ .../data/x509test/InvalidWildcardSingleAltName.pem | 38 +++++++ .../MissingIntCABasicConstraintWithCertSign.pem | 97 +++++++++++++++++ src/tests/data/x509test/MissingIntCAExtensions.pem | 97 +++++++++++++++++ src/tests/data/x509test/ValidAltName.pem | 38 +++++++ src/tests/data/x509test/ValidCert.pem | 37 +++++++ src/tests/data/x509test/ValidChained.pem | 97 +++++++++++++++++ src/tests/data/x509test/ValidIntCALen.pem | 97 +++++++++++++++++ src/tests/data/x509test/ValidNameConstraint.pem | 100 +++++++++++++++++ src/tests/data/x509test/ValidWildcard.pem | 37 +++++++ src/tests/data/x509test/expected.txt | 41 +++++++ src/tests/data/x509test/root.pem | 19 ++++ src/tests/nist_x509.cpp | 118 ++++++++++++++++++--- src/tests/tests.cpp | 5 +- src/tests/tests.h | 1 + 44 files changed, 2662 insertions(+), 15 deletions(-) create mode 100644 src/tests/data/x509test/InvalidExtendedKeyUsage.pem create mode 100644 src/tests/data/x509test/InvalidIntCAFlag.pem create mode 100644 src/tests/data/x509test/InvalidIntCAKeyUsage.pem create mode 100644 src/tests/data/x509test/InvalidIntCALen.pem create mode 100644 src/tests/data/x509test/InvalidIntCALoop.pem create mode 100644 src/tests/data/x509test/InvalidIntCASelfSign.pem create mode 100644 src/tests/data/x509test/InvalidIntCAVersionOne.pem create mode 100644 src/tests/data/x509test/InvalidIntCAVersionTwo.pem create mode 100644 src/tests/data/x509test/InvalidKeyUsage.pem create mode 100644 src/tests/data/x509test/InvalidName.pem create mode 100644 src/tests/data/x509test/InvalidNameAltName.pem create mode 100644 src/tests/data/x509test/InvalidNameAltNameWithSubj.pem create mode 100644 src/tests/data/x509test/InvalidNameConstraintExclude.pem create mode 100644 src/tests/data/x509test/InvalidNameConstraintPermit.pem create mode 100644 src/tests/data/x509test/InvalidNameConstraintPermitRight.pem create mode 100644 src/tests/data/x509test/InvalidNameConstraintPermitThenExclude.pem create mode 100644 src/tests/data/x509test/InvalidNotAfter.pem create mode 100644 src/tests/data/x509test/InvalidNotAfterChained.pem create mode 100644 src/tests/data/x509test/InvalidNotBefore.pem create mode 100644 src/tests/data/x509test/InvalidNotBeforeChained.pem create mode 100644 src/tests/data/x509test/InvalidSelfSign.pem create mode 100644 src/tests/data/x509test/InvalidWildcardAll.pem create mode 100644 src/tests/data/x509test/InvalidWildcardAllAltName.pem create mode 100644 src/tests/data/x509test/InvalidWildcardLeft.pem create mode 100644 src/tests/data/x509test/InvalidWildcardLeftAltName.pem create mode 100644 src/tests/data/x509test/InvalidWildcardMid.pem create mode 100644 src/tests/data/x509test/InvalidWildcardMidAltName.pem create mode 100644 src/tests/data/x509test/InvalidWildcardMidMixed.pem create mode 100644 src/tests/data/x509test/InvalidWildcardMidMixedAltName.pem create mode 100644 src/tests/data/x509test/InvalidWildcardSingle.pem create mode 100644 src/tests/data/x509test/InvalidWildcardSingleAltName.pem create mode 100644 src/tests/data/x509test/MissingIntCABasicConstraintWithCertSign.pem create mode 100644 src/tests/data/x509test/MissingIntCAExtensions.pem create mode 100644 src/tests/data/x509test/ValidAltName.pem create mode 100644 src/tests/data/x509test/ValidCert.pem create mode 100644 src/tests/data/x509test/ValidChained.pem create mode 100644 src/tests/data/x509test/ValidIntCALen.pem create mode 100644 src/tests/data/x509test/ValidNameConstraint.pem create mode 100644 src/tests/data/x509test/ValidWildcard.pem create mode 100644 src/tests/data/x509test/expected.txt create mode 100644 src/tests/data/x509test/root.pem (limited to 'src/tests') diff --git a/src/tests/data/x509test/InvalidExtendedKeyUsage.pem b/src/tests/data/x509test/InvalidExtendedKeyUsage.pem new file mode 100644 index 000000000..1077d478f --- /dev/null +++ b/src/tests/data/x509test/InvalidExtendedKeyUsage.pem @@ -0,0 +1,39 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAp6gAwIBAgICBTYwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyNVoXDTE2MTAyMTE2MjAyNVowgcAxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRUwEwYDVQQDDAx3d3cudGxzLnRlc3QxHzAdBgkq +hkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBAOVehzMzeL21cKiXqT7azmOk3yTNoRT4ZZIVcPiaSTKX7m+1e26KvDi+ +0bMOAa61edho6OlJ5p0CFOz2A2ebU4QLSl3N4c/jXs60BBx413Vz2Vj0PV93mYQ4 +lUOPZFKoELXGrkllDykq9DPvXVGrl86610YHB85jtzKDnjbR0aDfAgMBAAGjODA2 +MDQGA1UdJQEB/wQqMCgGCCsGAQUFBwMIBggrBgEFBQcDBAYIKwYBBQUHAwIGCCsG +AQUFBwMDMA0GCSqGSIb3DQEBBQUAA4GBAGIOqLpfp3UtxxXF9tEEycMZnNze+NKb +ZyheuTnYgfOPvoKgTSQZy8MQfj+KtUFPYkgyHfKfDKcCx6CgTTDQXDCDxILehIzX +3+ap5mBURcwlo+kyIkRHxtqjSMnW/n/1XYvByFq7PfB03IPBopUcZccL0cfUTqEJ +bK9QDOU+O6hQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidIntCAFlag.pem b/src/tests/data/x509test/InvalidIntCAFlag.pem new file mode 100644 index 000000000..bf8eadbb4 --- /dev/null +++ b/src/tests/data/x509test/InvalidIntCAFlag.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBVMwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA1OL+Ud1tnY7uAY1FHW5aj+I9WSeeaZdgdnofZC8lKGq6HbbD +vC1BQZyqwQBTOdInwHeMtrn8OZiGjsDEi9VCSZsRWILxdM78kZ/+dE79icFns4is +Wnl7qjqybI8WTpRZRgYl3sCgwm0Ewn8mcfDSjQ0P1VhtEjI2Qc62LCaHA0ECAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQCdidZbDaHGn6nXkExvUNA6tJUj6yw+irx/S2Z3 +Gm6cnXA0xUI7lNTXrYKJeOE14ldhNEsTwvPNtQTI/2k1XsXPK5lqSvv70x11Afo0 +GD3Y9VeuUBJf/oLw9R8ztG5MEEfdnlfoGk+2ixG/kyURVAApNTGx7rIUijzkNrvh +QAkUqA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBVIwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAqZXlFKG9wD3BRNkpS1Xcg8ox3HJT+/xbIwnL +V6MQW/5IX8TY2DhskLwP/fZjAzxkA4Or6/iYGaz6wiYXiprlR8Lp3NvC4abNEC41 +AZA+n4CeC9lYLs1utp9frawY4X5HOG/ucUuR87yp0HKpRHWxHZsju/QNRLf/gxzQ +SaxmmgMCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAJ6dd7TMmcuXJTcnU41EpPhfSqzatpl7jfEHpS0qK ++uObFtHQJYxfYenBePD1yzT/chOGrOgSnSZLLRtW/BCx2vfO39q5ZYJpVOQsP1qk +10oa5gSm1oJGGVtuzjp+LtEH/XXuVGYOFie5aIewxGDCKRy0KGe66XkiMX6929Iw +6+U= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBVEwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAzZCH1Og5mpBoBQZh4GFooIi1iSt266u41CTP +Z6U7OBE68qz4/5cwp4cLYn52bq1f+2ZDFm7RNUNDlPuLO9ErxormeP6gTXSg7pul +6Gsx9k6xTADg5GC/ohp6SBTJIghpYcVrhUh11jK4qsgVTDUr+0w/h4ZAMnQ14Cn4 +FP6CcdUCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAe6/pn+C5xgCGLhg06afuNpiwJzxszgV9mEfewBHF +FShXmCcAo7+S9WSQbX+4P7v/e2OH5QTH0eZn9BD7d5NgMrGNzp7UK9yHvTMxSmlg +u19Rda32QhT/N1yI7fpuBIXOWVKcor51JGgsZflFc4M5VWSWdqKk+OsmcpcJbVbu +UDE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFjCCAn+gAwIBAgICBVAwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyN1oXDTE2MTAyMTE2MjAyN1owgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAKIZPXpqy0ciWiUU1eWWdUDIjJVzM+LgCFEPoKT5W13M +aK2zmNTI4V4euf7CRNtFKgVbWZHuDjCLo/R1Qk0L+LFGBz7j/hQYF8uBsHhXcbkM +KSjbZijDJEB7Od/bVrCa05ZLBvf11j8NvHqI+Nbj8krgcCwCMoACpz4vRYnkRBYh +AgMBAAGjEDAOMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEANsC9YG6c +qt2NBA3ZIrNXJq3cVEq5UZS2ysIEoioCByQN9G/gypLn4TYuTwhVrrjTRH+T840J +uhS6lXxjcmYckHKmN068kbscNoYFyx7r1p4EGp7ufqJ7Y0MDiu9pz/1uiowyD6EC +wxYVVC/30+KI7YU9kqdOhCWObFVqv5fuWrQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidIntCAKeyUsage.pem b/src/tests/data/x509test/InvalidIntCAKeyUsage.pem new file mode 100644 index 000000000..46ea7094f --- /dev/null +++ b/src/tests/data/x509test/InvalidIntCAKeyUsage.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBWswDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAs080jMr1dYNkhWW2r1ZDa+ZE6+W+CXF0mY4sIlRFShSLrcvL +JBcPQ4j1rDDJ8Ubh5B+kX/C3SoTci4TkFjVzDv/VHV+/LsvNUTQgwnKH0SGkQ3tM +wGPA92YTVQ8ivG+dl1fptY/WqJ0XWZgAqDzViSCODwZBNfDKRWIB2xIBnecCAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQAC6m+nyqIJCOOO01wAWcow7w3lOLMH8t4uyBFS +Xm6v8owIFAYZtYD9/zq2neRH1g5ZeXbbJTeI7pqeLpO95kZTdFcWc5mdLDt6OaTE +SRo1dlyyLpmU0+rh+rnQMeStR6xI5ATBGsqhPd+GSiFT0Y1vQLhFjJVVL7d9YVhQ +xdPfCA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBWowDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAvE1H7UcgRvB+y9fQU1A0kTR4ejPyNsHfKqfb +D7d2/Q62fnYZTC3wqSAVCqOJ5GpPjtLYXe0rJ31jC1Ck2Yhtvk1cB1mOr4KPzuVx +mbtbkc7SfXohshaoQDERcXzDqILEh0GSv5Nn/NLUiKrD/ND7hp+xkCnpnilUvbVG +MupyCjkCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAWM/xRM22jbcK0Hyd5WwvRnzgNYNUP7tfsH0Kvmv8 +2xOCblejAaEb02BjLaLBibGDv5rDl9a1wtE5JWI+6VuniPov3NMdHtxdJLkb10kd +Aoy16jGFh9gAwDqjUi/gJNRy3PQE5yZlgfQCdc0b0eFxehFdBPXLd+aOd3LjF1Tj +4S4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBWkwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA0EtiWsU5Tu9NOGVdC+Os0gTnhyu1B617QIbv +FR9VMMih79+6eXnb1RDCZX6A75tXm5P4dUXkD5/b8IGSPy2IU5EdMv5EdTTBRccy +AaOPcNOaGT+TL9fZPeACE6G3RWJiK7fxp2gyZexMGtQVzkrFtw6AgS3uKS1t1y2A +GW/hmsMCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEARoBDHytQRiZ3i7ou2K55mXnlYA5JS5ndhcDjawlc +FDtxanT6KndHQNXpMyz36UdjA+870ZBxSC2pp+RsqpObwk/UW8Ez145Ozd1xQzya +dGqR9jvznK6KQVTY+0QUHzLRTtVMZZgUtmzYCPFqjxVGzSNIUfdxBsaJwDuGQI9R +2Qg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDKTCCApKgAwIBAgICBWgwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyN1oXDTE2MTAyMTE2MjAyN1owgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAN2oe7dx8qpMmFRz8H9+mWoWf8Af6mDvkbMIJlvcwjp1 +gHv3gw5pnXSg1X1tbaAn5ZYkVQV5B+kMvKxIUSobw2fxed1/mrMKJGPwLXBkjr46 +fc/Sg2OymroOE9syEhw1jo2PlOkaJXD04H9ajNizGh2rXuWU+h+mcmd6qyPyb3Dr +AgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGiMA0GCSqG +SIb3DQEBBQUAA4GBAAEhJezQ5KRFKzZYYkBaEvVixk/x4xwkFeLvfgzeIePdNq0t +DxkJ2o/84T7mx4FG0uZ41Oab/50j9+wYbuOOkL5zJgSECoatW5dPIwUVC6Vw84aW +AV/MEEpM2PSYc5D/8uE6ElORbjjcsgzL7+s3U76gZzaaBemFT+MT5dhiULju +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidIntCALen.pem b/src/tests/data/x509test/InvalidIntCALen.pem new file mode 100644 index 000000000..66b70d725 --- /dev/null +++ b/src/tests/data/x509test/InvalidIntCALen.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBWMwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAwhW8qYanEvDgb9ZTsgnBpLN2lb79VTAOEuvV7g1mMi2FtH7C +pCxL6V0Qo/tIEszrG5MSFqpY6lTD7d2oZwCwnt5rg11GTF0v5Pr8tBZQ9XvfZFH2 +hEBp8cwuO3AR3ej+43lWRMAVnZ98HjUqsAq9YpBlt0ah9oUyH/IGdMG1lBECAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQB3/xEObIIQlzFkmSWCHKMtL0fRxs0EbFVJbejY +q4wch1p2fgJJYjS+a6CEfVGxq9+ock9QPNLyZl289NpnSSszXVFya4s119n2uISH +0kKF+9+v9QzxYgt80BeKK80LFNl7iExsx+FQqb2lfbWxY6JmmylpDFbpTUq/t0eN +Ru3NMg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBWIwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA4J95YklZ4IoZiobKO6B9wpdQYdjKpDAH6qlJ +dlD1M5Sm5Jr9VCxqeBzTMuzxtJpi0nqJSep3DIFRGvUkFcahYbRpPVMsfnsXJviK +TNBFqrH0Gs1RYOzGZS41iFdQxeul1eorjPrNfkEDxLSQt4nnqxe0e0+8ok9ztEc3 +YZRiyAUCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAloxrmzdw+QC2UOfovVgAyHAgaVfQzoEdVN/O/4Fx +WOWTZ7rnpyp++ToB42zEixiYgDv0Z039NdiXRHemzXQpntYnBOE3ro0lX4kso0sr +95Iwo9/2Whm2y66LmxDR0z+EIpH3ticnU1idmpd6uYDDIGYoJ8doDcq5bZBGa7QB +MiU= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDMTCCApqgAwIBAgICBWEwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAuIQ770rmUh+jbjSOyktIVHJO+az/nVsFUSbp +LHSvQAprzyqZ/UG2g23He+1JW4WPF0AEuRJnCWbLu1p+VrOmtBkbO1DgX0ksv4V/ +MH4L3Un7nPNfyK3wdl1hZ9rEzhSVG+M74p193EQL4FmiIJlljelChqF3CF45urjt +UYg1LuECAwEAAaMmMCQwEgYDVR0TAQH/BAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQEFBQADgYEAt+La7O+rtTCpIk30d+I/uqxeAnXrW60bRciG +KXWKdVizrXMo6SGOkKGafT4kQ7LF+cdcTexuXFS9iR3pcJfCb+b5B9Sp1K7EMA+1 +s1aEHHe4V/+NgGSTXvT+lvZtzeBXdPCmOPXW0YuTyaVjt1C/MMZdpcMMDq82S5Rk +mLlDpjg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLDCCApWgAwIBAgICBWAwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyN1oXDTE2MTAyMTE2MjAyN1owgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAM2H6tTUFiHB6OEkUybL/NfDItiXuCq6pj7f9DH82QXm +C57NAbuEdU0lo1nGfkbR7HHeMjWOV+02Zn/tHqjtiGIJD9bnYF7z5vjp9l1a2W6m +C+XIgU4Lc2RRkhJTSwlimPqTy4T8zf+S3DFOeofFUjVjbsNtvHzciniG4PESjN5n +AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMA0G +CSqGSIb3DQEBBQUAA4GBAEY5Lt3JY054K/Ntb30/83vKvHE0KiWI4wnhS2p86W3w +vrPbs2KD5+NMT/XrQ0JJuY+YlhYLLJsjd2sDoxz763q4zXYU190fapA7ADfwwcBo +/HIVuVn0FSrlZjksukh5Kh1uEu79lw1htXSPX/yrkFpgUb4lSVxQD9D6BCLIxWZw +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidIntCALoop.pem b/src/tests/data/x509test/InvalidIntCALoop.pem new file mode 100644 index 000000000..bdc130f46 --- /dev/null +++ b/src/tests/data/x509test/InvalidIntCALoop.pem @@ -0,0 +1,79 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBXswDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAnmXnZivUgr/iHm0VdnME2ZjQFYmQCSxrBbCQpIF6dJTrLSuI +DbqwZTor5oZZUKDYUwJK66DR+YvmAEpbdEtqDW7KE9i7pCFn/RAjVRMIoVPDelYO +hCrX1SjH0IhKmSrzyYRJqFR4Da3IaXWCxUW+Vd7j+nnKB6qByaVh0G3IYdECAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQBjtqcclNio3aqM4jk6ZSim1cd1CP4FrmoguwQa +YGcSeTafl9iUCLjdgn5dcuTptg1t1IZwk181N5U6z8muiG5LJBqjw7laoQV7+fR5 +J4BC2GbDTXCObnM0zJCD+KOYfQROkQrvepX9NSiHAdajoXN5NFj79wSG87Jj+eEw +nqbvhg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBXowDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA5iteXsj5C5OqcDqs9SCqtbTem22GYpaacDEW +5jPoHLH/7iqIf3uezQ1rZlMSS5rT+iYH4Yv7xEFcDGQKL25rjkV0zmfTRGCh78JN +GW1YG2yb0hR9P7w9BIUl2LJMhBeEFjEIXCzGNdfzqD8dm+g1uSm7sLMGtPR/rucU +l77a2FUCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEALrfXMs6XfoYB9Aj57YAXunFTfdQaBaLrsquZiEk4 +aAjt3+tRBV6BRZBRqW+8q2iDfJqIa8ti+bonDpGc0J309C1UmIsO0ASxZkeBX14S +23Mp/eD5LAKeMoUUiLSlWN+FlyWfY2axA0UDvb5s2q3NvSyx0qY8FBWNeHdwvX9I +Mn8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBXkwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAqsPZjU3HvuNLa4iBQ6X1HuIHTpXxZ3/QxaaY +AWelfG65MtlBFPHrSBEpWcmntUTA75gPXYOP/yu1sAgHzXlAEA4IwRQd4oHr3s+1 +1iZOr2oIEaez72ifgTerQlfBDnxSDqiM91VNuRqkaGXx+qYO7Oyf/VCCVg6QdSDy +dbghbykCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAcJTkIw9pDpmnOW+TBxJ6ygLSkbFwkZR89LTD2hEU +1bTQfqlVAaSYWzkErtc2NfUhn9ukseBw6l2QX1NxBSD/uo0Le2cszvkcE+yNiQZa +KZ2AtHPOFqpQ/P/wNX/qup7HvGdBvosKXn7z8RegVM/Bswspv8Gbv+GRsLhaz3m9 +XY0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBXgwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYxLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAzkSy3H+LjALk3Sg3mM6DzB8KzGph1hPUofX4 +9v5yIxToLHykHWAGneGKQY+6bjv5dlkJh5YdI4VDUglDSN+7DV/en+X8ipUliRkK +4Ic2xl7FeVfKi4ZdA6pK/EvHSkSzzq9bCjZvGQr2QjUX3A7AslCGfhQxbdBUm82M +UtTpEL0CAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEADnUvQyw1XzfNt4ZHwj8SAP0X6iBGbEWpDf1IbZcU +pNcsE2lAo0zIWV9ShhuVBGNOWVxiCWyPeQGPUm/oQX4rDu3hhKK0ff5DHrIkeQOd +R3vSw2U9ftWGC7ah/mImTIlZGVfas+SKAZMv91YnandHHlIzEtv8Yqn1nLMezjU9 +FSI= +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidIntCASelfSign.pem b/src/tests/data/x509test/InvalidIntCASelfSign.pem new file mode 100644 index 000000000..212cad56f --- /dev/null +++ b/src/tests/data/x509test/InvalidIntCASelfSign.pem @@ -0,0 +1,79 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBV8wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAsom1fnARuMevEExpCF56bBFF6U0bVkBX2UcuXRIU8l2Gu4nl +Mn/qTPzOK+TTCdI6sxv4NlnYwrkuipGZgoCL7IArSOJfpTrHWPszK7X7eo2ZpTF6 +2+qeUGf0r+geX/STSbEcABnjCYgCdLhZfjmCrLNRZQaf0P91XFC1C/MgweMCAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQAETF0DSF1rPOwqGX2xQXq7pbruHnNKq09GiObp +tCJ0Jc2QZAvkrqKI5b52xyaP3ZxFFky+2dV49y/nrIHtJuw/3Sxch4kHyFA6Kjma +P7AG6w9neLOFGfF8jVJScZOtHVrNFao2VGBco0NraKW1C3exJlscBJoPddy2Cld/ +GpCFsw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBV4wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAnxjsz3c15kCCvXdynh4AhQ8f1a0Qj5yk2LOj +XT8Oe3XVErMWVHJkAbmwAh0ir4HtI7gqZTdUZe2DQ/Syx/dn1zcXUr3VLerk+fkM +ilejsR7pRWfr5pIA8L5YupZxG5feH8AWMAyCOcbL3iogrv7rGo2Uv9b5xpiDlPpp +H8t3+1sCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEApaIfSqUQbr0bUCocdSvaYUTRVnnZTYhpj2ktvMhO +BFB5iQgOl3k9Bxm0RxHqK50ix50f0sSFdP7Z/IpLzdkDODOKQIkKKfSiLQs3E0Pg +omHUaTY6udk17mlLkp4kNhonzcqPCx5fFD2btVSvsYbaM4Q+WX7AmYlEXu3cRxIA +RoQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBV0wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAvuDuMaBRVeccDQMHApE8OldJRDpf1pLjODvx +0/j/QkdRUJTiL3orG1XvT9RuRidRa6iqaKp0Cs4pE7QLv7Vo2Qpq3xgwDf42X9pS +pesx+bzJePTgb/X+rpAx7WNkdkTOoKBUgbbwLjsti/Es4whPXezaZXr6fJd+iuwd +xk+WYXUCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAhMMK1V6OwGRPnBbNddykOBVW546m0F/in8H9cZH/ +jSKMhDxifPV8q0GLF6u+JSQTH6x3llvumXcnwb65gkwmLgVV/TmF4BuiyF59f9Bt +aeU9tBKb6Ef6Hv8hNhVGE11wuIjUERiyPgJ1PAWBKnIHGXEhqg9adpHL3NlFCD7r +sCY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBVwwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYxLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAzPLH+D/L14UV4upNVj8GUzVK0hPqnN3x6Lzy +u/1rXne9nhP+HB/toJUe/VeRw+xs3aVpPE1z9Fx/+h5hmzxM8CmxifdBkhI61AwH +/X/8z+wKfmo5mKTYbP13wHg6aZjlDnKWnabvUYv2VUqfffa9mz+lY8wVm4OTtRXS +v2hI+sUCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAXW153EIEyP0VOyYWIqLMz77XShXmckYKbBKS/kWH +7iYaZhy6Jw1MXluiQ2kYzgxbjBXvFlGo0IOKTnU05NmCOGU3bgBIiZ/oTiQcSges +Omqg7oK85c/kFEQ3QrboJZ+w5HgDtp3Bi6U1qESfnvsjwWhqnXmmtd77z/w0vFYp +t5M= +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidIntCAVersionOne.pem b/src/tests/data/x509test/InvalidIntCAVersionOne.pem new file mode 100644 index 000000000..135b25929 --- /dev/null +++ b/src/tests/data/x509test/InvalidIntCAVersionOne.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBXMwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAoTaHrOkrTBz4bUkJL0WPdClVfptiHd6cKfLIK81Vt88NCHDW ++APuxXvGQ6WqDuOKZdjlbmzvUEN9+JDxZQ3tbg1oOITchMeHXeskuQhBaTiyDqyj +afwRBeFB8kj4fhR7TBIiQ6CmWZg/xn1UR4j19gBggK1gmvZsE+D6GJsmsUMCAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQArbFpH3hYIOGCIaR+TkNbaTzqEo4tite//XxnL +VX2Ky+vdZVrjtFbgCkk0SrCIHUJLBA7twxpYvHzVrqr5nKBQd0RRgyK5dukunlDq +4aGduZV0Attlb8TifEvURbNZJpSWy4X3CEm+ksn77lnfB3wdCdD/PEAUNJsuxjC8 +kSc4Gw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBXIwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAs6XFhRh2cg8Bdv3FGVPcpT3f2nFbSWh2pkJ0 +SaTByNgVLHSug+Ucz5ZwYOWUrTg73qobjid7IzrPEooUxaKm7Kjxu5QBEr2t9RkZ +YI6LT0QISvjMpG/JTTEBX9lZHkkfAgdre+0hXhdi5TA+0+mrmYk3FGHkJ+62WRht +tGga9EMCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAe6FozKwO6hDkrO6SR88z2iZWG/lJ4g+CJeXnsubK +2r7ewmsq8LchFaoCi8/w2gJgc/wGUCbIWjZ8T4e10qK7MBAzn07lK2uShbdJg/a5 +5telqfgRlngor9W7PmZdvv2NbGkLCv/mvlYdUDWLNUE0G80hwxe1j4kofAxhycbI +sO0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBXEwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAvkZQsSfaEYwugamnfXUxQufz/cvE0oDdL8U6 +X/9BGGXggsCEksl3O0oQHOArKkf1lq7b0KIeeUlv98E99HXOcnlDXvzukxfgFTNJ +/4K1ZiwvxDEZ8I/ZvIOEu6VFkzGWSlanegisM9LBXWhaZqX6uEC9Fmobs6cIcKY2 +IesFQ9MCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEARqyWAHKlbjy2tbh4KMLBkuzkORhOvzGQ3fzWTvnr +nZQSqB/4ytBfPiEx7fYa9zhwDbCP/6cLIAx8t+Bb8uZzfH7BimoRjk1Gp1fbKsqc +aSAg3+a/IqjF1ApEpyk3YKbUf2sGVz/nW+KSrILzsGIoXA3OKVhEeuadbbWiPx3P +OWw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC/zCCAmgCAgVwMA0GCSqGSIb3DQEBBQUAMIHEMQswCQYDVQQGEwJVUzELMAkG +A1UECAwCQ0ExGDAWBgNVBAcMD1NhbiBMdWlzIE9iaXNwbzEuMCwGA1UECgwlQ2Vy +dGlmaWNhdGUgVmFsaWRhdGlvbiBhbmQgQ29tcGxpYW5jZTEiMCAGA1UECwwZWDUw +OSBWZXJpZmljYXRpb24gQ2hlY2tlcjEZMBcGA1UEAwwQdmVyaWZ5Lng1MDkudGVz +dDEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTAeFw0xNTEwMjAxNjIw +MjdaFw0xNjEwMjExNjIwMjdaMIHJMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0Ex +GDAWBgNVBAcMD1NhbiBMdWlzIE9iaXNwbzEuMCwGA1UECgwlQ2VydGlmaWNhdGUg +VmFsaWRhdGlvbiBhbmQgQ29tcGxpYW5jZTEiMCAGA1UECwwZWDUwOSBWZXJpZmlj +YXRpb24gQ2hlY2tlcjEeMBwGA1UEAwwVaW50LmxldjEuY2EuYXV0aG9yaXR5MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDN97AmDaTx876SjtpHnrtzpTEWCm7mdEY6JkaxwTKLiPwcjWr0 +E+TZeq4YDyJJD+EPZlAje+NOpTuaWYkQcb0HHvh3mPmvwJhkjv94lw8TZlDjgQ6d +DjGiX7Ie1KTt5KerIg4upK+qn39ByZow30X/SQVgtFxpG7AiLB3WRzNivQIDAQAB +MA0GCSqGSIb3DQEBBQUAA4GBADME04IYoOqkgxlSa8XYB7FqMF7+8GbEJ5jS5FMY +3hRSmFvwcurB7QbcKZUQDontXpmvwi6h8LqHTRlm/BJSCkknlLcQHARTOxhVYL3P +fej0AiIn4flYB8azuLpTNzPSayNGT1/3n+tBlinD25kcVd5WxRmrdl/mHU+LDVaz +RoqP +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidIntCAVersionTwo.pem b/src/tests/data/x509test/InvalidIntCAVersionTwo.pem new file mode 100644 index 000000000..09e51407d --- /dev/null +++ b/src/tests/data/x509test/InvalidIntCAVersionTwo.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBXcwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAxFCLLNsJzBo7D7ORMhtuSVDjU+GpAiLYREeDtFnazGUgwlUr +vdUoVdVgmuvxJQ0DtaWnv3zELb4cT1TYGiNMWXepd13T4yIOv0mKMUzFQdrBXCRw +oPLJbSPLNJipe96BLdLfhDwbaAYEgfA6QAb/Hrnk+utmY4KXLhN7DmxgXbcCAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQCoZLe6DNhGFkO2sCW8LfwsR6YuGVXXOyAJtjsR +U1s8Y4zp6hFhwFmNr94dQQswNv8oxY3CUw+1aLTFHetj668A+lxDOadlM3RFpYng +uQOwFAi/Dq4IFx6AJWCm4/0fhBSXRKQe/EVe4A9sYZV49/7E85nLrGvI9GNovm0U +FNc2xA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBXYwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA9K+FayI6+UT3+xAMI68BgDhrz9vQRe6iZ3gh +X0hDIYFuANWqomodzD93ADsFB1/qJyP5E28pOSbATkXyC4UfrUZW2ZUgk0/4PcF9 +BUGz3PyIDKrjiJoJAXNKLdf81spi6gQAphui01zp9fforzTUPP4NkUpGPWXI4QEH ++Q4pDPcCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAbdK3s1eLW+7NAsBAPFR96QBBVYo95EzIQ4wHiFa7 +pvvrYSIr8GyzmCrAjnTcFFc7GV2bHHgmi2QnC92ZxiIJ7sIlgkzRxlELeoLiKuyJ +PquhYUhTDby2lM0lBwpXwZJCdIsH7JElU3iUfffiZoKLkRl/YKKtdPahoNzn+5OX +ONk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBXUwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEApLkcf+JB6O2mJ9CY3w7nRlrjOnp7jAhkHMCG +fDR8tFdRETBon6NzD6sHYMbmwkbFrTq/2XNW0IOjFWeWjrr37VJ3jhYMBLGJzDVG +xdG1sjB1dsrv23JluHaYdipotbBDj/03TewfFsOSFYOdSoLOSLaSvSaA+cThFelh +RHv3yn0CAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEA1XOlYsC/HWs6XRdHnEoajPO1TwzHWoBP9ditpdcx +If0TtHCEVi/KYR1RNo7WGXsYkOXpSAdt+QLXClBdy5E2LozLO24pCcI6TnimQTW0 +Dq7S+6Pr/79SS3AepA74+y9qQhFXAR4+bQiFApaUX8/voap3LBNLJzGX/8DlFscW +1hY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDBDCCAm2gAwIBAQICBXQwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyOFoXDTE2MTAyMTE2MjAyOFowgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBANW2KEP1QNNBo0O3Z5R+qFq9AWGxGunlBXKRJ8DdpmXU +zmirBjdNL1aDVNeNXsTK/dKLSy/Yul4IosYd69G0q2PrwaXUzew6LlBX9c4QbbBf +L3x3pBKmuJ29vX9IKxggpL5yH1ENZEHCqJ0FCxB0SfrjoTVtGPMzNada9HWqmtCv +AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAMqt9r+fd2yb4Dm4xI8oZcy7HPLJ3C/Ht +Q6beOjUTzMqw2Od127enkpAxREfJSR7QpmwLyEj1niH7cymtPA5ojERGZjlIkmSx +Y0tBC2+RYu1iW2rW9jz9wnLFLqG4WAsXzUXW+xizehuDqVpBGAPbQ7mtIRUaXrAC +3m623OT7aS0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidKeyUsage.pem b/src/tests/data/x509test/InvalidKeyUsage.pem new file mode 100644 index 000000000..dfaf41b5c --- /dev/null +++ b/src/tests/data/x509test/InvalidKeyUsage.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDDzCCAnigAwIBAgICBRcwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyNVoXDTE2MTAyMTE2MjAyNVowgcAxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRUwEwYDVQQDDAx3d3cudGxzLnRlc3QxHzAdBgkq +hkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBAJ9OccDbTmiIksv7f7ciHz9hs/FtN3NsN/1OrGvSoax0ltDfo/G9A8wC +O/Yzf1Uy4YPicQmroVVRtR9OQaf0LCRe3L1fkfWKD2K/3mRjH1CHGwjo5BuyeKfO +Z+x8dBnSUSPyz1FPgHeTUY2DHlHd/6PSYR6e3kIDkyk4vaEGQ1irAgMBAAGjEjAQ +MA4GA1UdDwEB/wQEAwIBAjANBgkqhkiG9w0BAQUFAAOBgQCTm86qq55do9W/CzCx +Db4MtuLRvxHjlSDr/gbBhcEMsxftibeNUXyfGaGROXoefdLW/kzmMPFDzr8kdxY1 ++so0TlCYbe/YMrvMVpSC2EblhHM6B3rzHVfADH90S3M5iqA+1JDQKXr9EEKQSK/e +t/HCRAqms3qq8clkOyiTh5wn+w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidName.pem b/src/tests/data/x509test/InvalidName.pem new file mode 100644 index 000000000..1d911713d --- /dev/null +++ b/src/tests/data/x509test/InvalidName.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDCDCCAnGgAwIBAgICBS0wDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAxNloXDTE2MTAyMTE2MjAxNlowgc0xCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMSIwIAYDVQQDDBl3d3cudGxzLnRlc3QuaW52YWxp +ZC50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQDpwcnxAdRIPpgJVdkAUHUkRFmtBhaUT7RUKSp2 +l1dH1pc3cJerHiBI+ocTu7jrFTUa4fFFUs/8kgpGMWct7KQx0GHR1fYnUBQFLpXF +7q0Jz4iI6No2osXur+UNq1rObMxcDua4QvdCiGg/Dr5LyNrBumVlzmoaROR501WM +VRE6lwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAHyWRPotkRuVkU7+Qws5ZLugJATt +zXGN5M28hQODXfhk/R0U79/Zt2aGWTNeTrPkZbCGbvV06rKAGzWX83iSK2HiaZU0 +v0gM0nMo99lX8dyWmyEojyIGBzg8FCV7VlYbMvSdmWhjCha+ilxDVBkNSKR/wUv+ +i6d4uJpNCqa9INag +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidNameAltName.pem b/src/tests/data/x509test/InvalidNameAltName.pem new file mode 100644 index 000000000..432c5f7b4 --- /dev/null +++ b/src/tests/data/x509test/InvalidNameAltName.pem @@ -0,0 +1,39 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAp6gAwIBAgICBSUwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyMloXDTE2MTAyMTE2MjAyMlowgc0xCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMSIwIAYDVQQDDBl3d3cudGxzLnRlc3QuaW52YWxp +ZC50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQCwjxxDC308U7KsLzaApJrUDI8sMKP4bUFHqXz8 +IMMb9qPHtADyvQcFoFtG3Tar6wpa3K9Mrx4ex67fN4CCWxZA15En4sSiczUoLgra +h0Gh+52GkWk/0YQ6wPmQUMuNooVmuFUMA88w0SCN0yaHPWP+cNJaFF6+wwE0mAhf +UClNQQIDAQABoyswKTAnBgNVHREBAf8EHTAbghl3d3cudGxzLnRlc3QuaW52YWxp +ZC50ZXN0MA0GCSqGSIb3DQEBBQUAA4GBABVIzzLgsqfDqy7frGI+dQ2LMOA59pJU +2C8+2QFtoDcDZLRoWyU20NVFaydkRQl0XDw0jwMvmG1bBKr0P8s+8eVilFRkiU7r +7f9+Zzuuz3mOvUx9V/uGnVyyHDOAv7WPrEacZmMgWJgriK8iE6yFLGyhGq25vTH/ +XgRWAik4E1kN +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidNameAltNameWithSubj.pem b/src/tests/data/x509test/InvalidNameAltNameWithSubj.pem new file mode 100644 index 000000000..906df5abf --- /dev/null +++ b/src/tests/data/x509test/InvalidNameAltNameWithSubj.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDKDCCApGgAwIBAgICBX0wDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAzNFoXDTE2MTAyMTE2MjAzNFowgcAxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRUwEwYDVQQDDAx3d3cudGxzLnRlc3QxHzAdBgkq +hkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBALHJIrXXxvMe9C8uDdBq1yv331JYWcIsW4txS4k5CPqEKfc/Txs/KO66 +pXYH3bGg+Wcy2WCnw0GITIK9br+cBs+929C8AXdSsrenYzZMLLHCiiuZ3jvY0oKk +4xJ5Uo3FDRVyMNOM9z8VSnKyHwokiNwatNn1CTW+gDvuduXc3j6VAgMBAAGjKzAp +MCcGA1UdEQEB/wQdMBuCGXd3dy50bHMudGVzdC5pbnZhbGlkLnRlc3QwDQYJKoZI +hvcNAQEFBQADgYEAxntcJCBk5QT1LbuzgHrqUP/ehz0trIleep+8P4OiPYOEzJNB +IQtgNgYoxZ5gf3DojYU7+5Zr2L/hic64Em2jwyD+uE0MzUF+D7ZC5IvOLNQcjsMr +BmYAM7w2t80IY9zvoYJgqtEOUMMX0ZnmZ8e5qT4MMo3vTZY/3BjzupEBwUg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidNameConstraintExclude.pem b/src/tests/data/x509test/InvalidNameConstraintExclude.pem new file mode 100644 index 000000000..9cc79586d --- /dev/null +++ b/src/tests/data/x509test/InvalidNameConstraintExclude.pem @@ -0,0 +1,99 @@ +-----BEGIN CERTIFICATE----- +MIIDHTCCAoagAwIBAgICBZ0wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDM1WhcNMTYxMDIxMTYyMDM1WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAqlu9+3LUJw49TD7NNtZwzrfalSD3BCXGqaXmCRulYHNRD0Dh +Pds/uJlUgIFkf2orncbNjMuNlUzrV4P8L7KX+RF4uIxiW01kpg3rl4INsqn8NWLI +FLbfBEkgebc46bEeq967UX8KEitbrRgq+1FeLlYFbMdBZvbYXhf5Le7KxBECAwEA +AaMbMBkwFwYDVR0RBBAwDoIMd3d3LnRscy50ZXN0MA0GCSqGSIb3DQEBBQUAA4GB +ABZNX4ryTfWDtl2+FvBw3XhEObVyQ05xvZoO8SdLqI5XWxGYHKMEVjKwBX5Jp+fx +JhnyJdBpcRrCNsZqIMX8IPraRcoFBeaEaXCOQXxFmXpUcKbvJspYV06KYLoHiys+ +UsQv3BE5hzAx3xBhvPxGWRNX8eILNu2g/CTQ+XN8SG4a +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUDCCArmgAwIBAgICBZwwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDM1WhcNMTYxMDIxMTYyMDM1WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA579YJqJyfSBD/xEyHXjZ5bu5YwCRWgk6/KjQ +pSSBwl7Ik1G/JUhFP8S85hU03XJ9ENW12YkbiZmwl7TIng8sdLXGZqZTSHMyZlCk ++Rg1Iv2ZuUozDLbwyfk7RuBE+mrLKzr/IrM0UAL58K2n63m6rUBxDaxE7lCZlJZb +YSRS4PcCAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +IAYDVR0RBBkwF4IVaW50LmxldjMuY2EuYXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUA +A4GBAER2ODEeD35c57omwLqA5HDSy2urJIxx3IqzeXAvzZ27W5CWoDeLkX6So8Pj +PLYcLTW+whf8LAzbFRzpQt49P2MPudtGoTBF1yfTwRdoPqxwsZ5fJJwuEfs0Vy28 +3bpFT3POHjSdtnn+zYdu3do5FJ2XISmCkwLyxcMscn7+gmbC +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUDCCArmgAwIBAgICBZswDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDM1WhcNMTYxMDIxMTYyMDM1WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAnMA5zohoyoq3U6ziijLTMiCYASAwYvSq5KnN +ZUYtb2Q6570id89nfBRSqH5gepvU3FyOCwMENtPVDCIJDaJKNeNPzbe0C1aDTiJZ +tDx0vt37yRIxbVr3Py+rW8xywVsVQfxUrVB4n6eA/6Gqu7+JFbcfMnX/wFU4Ialu +nVkcSTcCAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +IAYDVR0RBBkwF4IVaW50LmxldjIuY2EuYXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUA +A4GBABuBh/2ZOrd/VyGTSwlD9FiautDnqtuuetsjiOGTEWWSHdx1Fr0Z0KAybfTX +Zbl1uhZNrr63+Lmv4Ds85RyZA0VFHz0rrw1665fXYec4XcXHdySJEnY0gQWHHG73 +7+TalgUhyp/V627E6sntLUqMuWNpiVJTCXcCPtntWOLS3WLt +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAuCgAwIBAgICBZowDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAzNVoXDTE2MTAyMTE2MjAzNVowgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAKmvPjnuWdpUGTOyt2uobCWuE8i9/IyFvmnvdm7QeHST +Yvb+3wPXxUgIhh7FwUL5Cg/xtEQu5aWrlbCS/8qM2oSxKJ64mZC9jlwO+sFkExSo +5/vskozM1LCjpodRbH7rqmcplJbcJ/5FBttELVAUSXCqx4QFRLWrgWVUYtwYPisX +AgMBAAGjcTBvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMCAGA1Ud +EQQZMBeCFWludC5sZXYxLmNhLmF1dGhvcml0eTAqBgNVHR4BAf8EIDAeoBEwD4IN +LmNhLmF1dGhvcml0eaEJMAeCBS50ZXN0MA0GCSqGSIb3DQEBBQUAA4GBADjNUz+b +BKZQPJTRSDR2BmcOOPrJLKY5OoWz9OFne+DXtBY4iWw7n6bwJeDl8CO1rclu04XL +zI/jzsdToQuq9QCTLqudQhZJqcbK8Vl+1XsfBhW+ynkU2Dm4am0lRSNwXrfoA1OW +45ys8ockOR/7MxYelf06Z/9dsdJaFNJE6ANX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidNameConstraintPermit.pem b/src/tests/data/x509test/InvalidNameConstraintPermit.pem new file mode 100644 index 000000000..3aece322f --- /dev/null +++ b/src/tests/data/x509test/InvalidNameConstraintPermit.pem @@ -0,0 +1,99 @@ +-----BEGIN CERTIFICATE----- +MIIDHTCCAoagAwIBAgICBaEwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDM1WhcNMTYxMDIxMTYyMDM1WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAquH5DGj3UqA7pyN3Id+yKxEAYcCl98L8hCtxdGNMbQXWRK7D +QCGzh9G+Bl3gYH9992AdXEsm0++TXfYlQheHRkLfpXVLXbRfG20ozjYysA8v6/bd +yBAFXkBSnkWLDjwTh2A/oGOlpLpF6VQs2lbXshFamV4kYTEHITTlFcpolGcCAwEA +AaMbMBkwFwYDVR0RBBAwDoIMd3d3LnRscy50ZXN0MA0GCSqGSIb3DQEBBQUAA4GB +AGDWwGwd7XFWl5PuRRaD6Il0fvwmZMCwF7/ZaT8z41M6B1lcMtFpyZnKVnNlBiVq +xohS7FWGOtNlumAyJlPBOamlP/YEwNIF9ViczVP2gUgAGt/ORHDjAfMpFvvWuuWn +ZN3sUxByKZ4dsabGqZjKFRn1sjioN27d1zKaQUAAk5a+ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUDCCArmgAwIBAgICBaAwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDM1WhcNMTYxMDIxMTYyMDM1WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAzeyQKMhnPliae0StIhU7iOLM5mNAZ1QaCmHg +ERKKH0uSWYyAe6PVfv19INdeDWNMJD6STv48XnfgEjmN6WMjfMvsgDt14VhZ1psp +BCpm6haqO25B0G15QtW+jPZzxYhWugqBeGbUZKmn3S1XCI1lwK3Pot3bZCWGFvd4 +nDIr0V8CAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +IAYDVR0RBBkwF4IVaW50LmxldjMuY2EuYXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUA +A4GBAD0zwk8VDRgVV4si+F9UusIi6Wn52p6R5koG9y3VPffD311PJsADaHkUmuZD +AXoZpJnPhjCvGZr3a4+uBu/u0DJ/bQmWzF71ZV7B1jMNU7mY2he0m9BUV51Fuzmo +iwJlqG79kCNkOorM5GZGvGIhTGBpfiRgfuM8tqsR14o+CURd +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUDCCArmgAwIBAgICBZ8wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDM1WhcNMTYxMDIxMTYyMDM1WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAxf/HgvShafzkOloC3RxJSnJKO5euYPGgmbdT +6RiveMznQ6d30X2jEpT5F3HhhUDNGhaW2JO5OqBXfXiiB6zpxEXbTCW+RcHevKkT +iIOCgqK2hFUiVJGtPntQn4IQGWV2HZB0jstC6F34nSafw9sAVkkioMdvMuXH0tbt +1Lx+NSUCAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +IAYDVR0RBBkwF4IVaW50LmxldjIuY2EuYXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUA +A4GBAFUJltAwOJ9kYlcec2YSr4Ly2ze3sKPJxJuXKEp51h9os5lz2XolYHcpjEni +p5ZesxiLdtFbXXAy7OH+5QimAN9BvWXG2AuW83oPT65mlBSZIhpcIAPPZx6egSSQ +Z/pT+fCKRnGu0zltdoO2SNSb+i+nNXjByVPQt024VdnufaJ/ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdjCCAt+gAwIBAgICBZ4wDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAzNVoXDTE2MTAyMTE2MjAzNVowgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAMt3pACHEotGkwBgzZ3Mg91P08RFDoIf9Cb0UHxEcVFL +FaVneTUKmD9LxdtDU5OJCPTgYW8nJiJTUEGbc3TfzrCa5zrq4lpKYfDH0LBVZco0 +AkTzz9/NCbkltlLivjblGeURSbNtZRkBjJ83fHEYFHJtzeziCgxN5JsZ4mY+/r5P +AgMBAAGjcDBuMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMCAGA1Ud +EQQZMBeCFWludC5sZXYxLmNhLmF1dGhvcml0eTApBgNVHR4BAf8EHzAdoBswD4IN +LmNhLmF1dGhvcml0eTAIggYudGVzdHgwDQYJKoZIhvcNAQEFBQADgYEAmzKbZleA +w9P0nVJvr1etPe7hFVyqVB57LqmBnh9dx2kHPzzErLAfJHISHVlf2XJBBgE4e/sd +0rEy4f9qtFfep1W9fFfIK2FD5ltGdseKFeTpLtCio2EJmhX8VDBe3ryEGgnL6Rvb +6zL7bjG67htCIDFGeADhcdo4dHZ1zsbIBAA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidNameConstraintPermitRight.pem b/src/tests/data/x509test/InvalidNameConstraintPermitRight.pem new file mode 100644 index 000000000..00da5076a --- /dev/null +++ b/src/tests/data/x509test/InvalidNameConstraintPermitRight.pem @@ -0,0 +1,99 @@ +-----BEGIN CERTIFICATE----- +MIIDHTCCAoagAwIBAgICBaUwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDM1WhcNMTYxMDIxMTYyMDM1WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA46JkF8OGNUalSaSDTlr3fnNMySgww5I4B4Stx+oXuCSSDv5+ +7ZfbVGWJO2DNen0mbaiGSIx2+vNilJ+MZPH8b57gRFDw0B671cQiXoy5Uk1ewjuL +qFbMGYLLBdhdiaq5rt1J/5ui625+qvN0eroE8xvos44JgrHfe+d1Q3g3vSECAwEA +AaMbMBkwFwYDVR0RBBAwDoIMd3d3LnRscy50ZXN0MA0GCSqGSIb3DQEBBQUAA4GB +AKUo1PZnjkiyQ0MNqTU3gqJpzZPvh8fL1kDB46dTc3oEfuLXHFQ/Px8fpqpWh2y7 +tZ4bbHIzsel0w36R+VxZlzEa9OGi8h2cuUI6Td57ghD7K9542NKUkviHCW7numZm +iHJ0WxpEhMlqc8AuV4MF217mVDb904gzBSHbNh1k/7hP +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUDCCArmgAwIBAgICBaQwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDM1WhcNMTYxMDIxMTYyMDM1WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA1zCgafoq+uf6A4/QrlroqLywNj09nZXmXK9F +HqgOxCatL8eVvv5I3Gug27Dut4cYmxUPhLM1YUm99eK9w8fjRn/RZ9LgKcpwCMZl +jUt30uFOInqC7X3JDiJDONgDrv6hPbNpDHJHOpP+zIozZYRJ6b8Ny8GUw4egbBPa +FBgsV40CAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +IAYDVR0RBBkwF4IVaW50LmxldjMuY2EuYXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUA +A4GBADnnZd4jyd0LBVc4DgMy1K/sWa1Y+YxLapzI5C+3gyEo0AjcYzvizCGoH0Fh +KWlvknAip6QyFdFEQLAeTYGiNYnBU+hhNrd8HejaFe5AZK+WLSOoEqIewwYDxGH9 +jWSeOPIMA8WdDFTao1Fe1B8C3iJdA4ya08Bf6N9fQK8CTkG8 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUDCCArmgAwIBAgICBaMwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDM1WhcNMTYxMDIxMTYyMDM1WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA1a6Iet+pElb/Wpgj8zIYU1KtjgGqKH9PdYX3 +TzcpVImis8bBBVQ2S6d+RjJ8L9UduEgUPCcaenXCOLS9W0Nna7HPk4Bi/kbx2CwS +xAo6JJFaWYvcrX+RwdIf+2QAxA26DZfBdKFXMx3rjEv6KEiW/n7tf8MQ1gESv0FV +dBuAolMCAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +IAYDVR0RBBkwF4IVaW50LmxldjIuY2EuYXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUA +A4GBAE5OCrt7E9FHPC2U1fbm1Pw98ADu/+5qeGV0H+yHCwwSITj8RCt4iqyf9cOY +TQkApYxxb9qtfgrhpUCXshc+RMZ+GBIMaF6KPvA8Q4mR+ygdjouOkizfrjjVkDVz +IBo2rWieSVv2E0hOvuj5Il8kSwtufpI+jd5KdSBlwk+81dcA +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdDCCAt2gAwIBAgICBaIwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAzNVoXDTE2MTAyMTE2MjAzNVowgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAKi9QUr+ALhErVJHA+VsEkh05o525a8ttlRXi0Gz3Uk5 +Q/3m1RZYdIzTP030DG5zl9UXCwzjH340qJH+EdtTUd3ObLkmwUQu+ZjR5Al3QBfT +p0zdED4mXwP83aM1mZKzKug4lOyBIgJS8cGkQ6HXSw4pDibDqT2FcdTL9vvqinn5 +AgMBAAGjbjBsMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMCAGA1Ud +EQQZMBeCFWludC5sZXYxLmNhLmF1dGhvcml0eTAnBgNVHR4BAf8EHTAboBkwD4IN +LmNhLmF1dGhvcml0eTAGggQudGxzMA0GCSqGSIb3DQEBBQUAA4GBAB4XPEcOd6C4 +cf3tDRlRhBoOgXhHBYgOWig8PJfrHxld7oN5wB4gNDPHJ+iDmurchnYw/+eUnvtc +yvrwNITZPCiezotwzahJth+YHtdW01s91hY6nRw0ymYz6eBzM9fWnR0ponsfK0wx +dBOEcZTRvIDFUHSUCQC0FM+IZcdilbY9 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidNameConstraintPermitThenExclude.pem b/src/tests/data/x509test/InvalidNameConstraintPermitThenExclude.pem new file mode 100644 index 000000000..fedfe2893 --- /dev/null +++ b/src/tests/data/x509test/InvalidNameConstraintPermitThenExclude.pem @@ -0,0 +1,100 @@ +-----BEGIN CERTIFICATE----- +MIIDHTCCAoagAwIBAgICBakwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDM1WhcNMTYxMDIxMTYyMDM1WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA4Z/pPfSMPZgg/bImH0j8j8+4qDDsZWCRa7Ra7KSkD/PoxBcl +qA/KBo0h0uhRo3CiHfefM43UrkLQxVtEZGZYyw2OMP872mdvLt1AF/9ZKItjrRYI +WxuXzhgu0QzgokUlYzCyFpl7gtTrWk+SJyJbwuVx4udt3I+x60M2I+wHTlMCAwEA +AaMbMBkwFwYDVR0RBBAwDoIMd3d3LnRscy50ZXN0MA0GCSqGSIb3DQEBBQUAA4GB +AB9QtP9p/q9pk+EXTZ8SyTfEnit8i8f2u4aaecQteKTkI6uSrBPxfc2+ICtS7K5z +OGLo9zd06utdUFqNALahTZB1eTXFYwqq5sUvrsaJrDcXFQh/zaRf0jHINbmKJOLM +3I6Y5ZgY7L1tRUjjVC4/259vO1Wsij8+R4uHvYa/OQC0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUDCCArmgAwIBAgICBagwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDM1WhcNMTYxMDIxMTYyMDM1WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA3thjDA2sxHu53nc6HTKksipHDMu0/yCPd10N +l9GfqhK3F5T17R1Rbw7uJV03m6wPY4oxUBlYA8ah3M7pXAUMSbhNV3XmRwOaMDKg +ATeabnvp8cAqvkht6EgjV8z9/lEhnOFj6c0uXfixrsDP0Vh/fcdGEv0J15OqFZFb +VwBq48cCAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +IAYDVR0RBBkwF4IVaW50LmxldjMuY2EuYXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUA +A4GBADMERR6zxo4VqaeTp9ZoTyzQnMjxC7hSlk0rh4nCigKbjvacUlzHZ8Y3IkrE +BGPsxPqOhwUTQKocIKWRpa4k+gkTWK/F5Bc+rGOECWNGOcx6nXodj2r/YeIcV7Zs +PMR0Jm4e0UlYQXehsdLqAQkXj0dtGq1P9RcDvBgQ7FuMZdZ/ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDaTCCAtKgAwIBAgICBacwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDM1WhcNMTYxMDIxMTYyMDM1WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAy1HYncuyzWVT9aOjiXiR2mIROZpsmsmOWRaD +tnJq2e9IS1biUte2dStyenB6GVSEIdz+W160CqDzxljbNQ/6bRsFgXkaJCp76Eo+ +0ho6J99Z6AupchweIisGRlTKVy0QMs1jduQHnA18dfyhPRec2qzf4Z+5GuvQ7bCL +UQQUVa8CAwEAAaNeMFwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +IAYDVR0RBBkwF4IVaW50LmxldjIuY2EuYXV0aG9yaXR5MBcGA1UdHgEB/wQNMAuh +CTAHggUudGVzdDANBgkqhkiG9w0BAQUFAAOBgQAbmBRP1wD8DrpZqKiPBUVvIjPP +jUhAzxnjJIp8LANZE1Q2S64tsapW7hqRDEwqihfFXZ0R8U6Mq10prv1ZR2qmwZVW ++wcdlzFOT3+/v2PmuLu/C6xgXRnHLMdTXZuaWKMG61H2rrjUWz5MdfJu/EIwHHJS +QZXoeQfSkJnZz+g17g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdTCCAt6gAwIBAgICBaYwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAzNVoXDTE2MTAyMTE2MjAzNVowgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAL6W2iiMkMtBSzeGiBREFbHWxaZCT+AyFeAG5MKszv24 +L8LMyFlq8a3o1Mve3q5LaiFtqMAIcgTNwkrLZfGpQwn6UinpTHMpDYCwBjvVmoJA +HymK623+2GpiQ6INGL4dNsQCniDEBgvHGaGBIov/T4sFZZMUCh9AD/2XNYcWJVdn +AgMBAAGjbzBtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMCAGA1Ud +EQQZMBeCFWludC5sZXYxLmNhLmF1dGhvcml0eTAoBgNVHR4BAf8EHjAcoBowD4IN +LmNhLmF1dGhvcml0eTAHggUudGVzdDANBgkqhkiG9w0BAQUFAAOBgQBxuFm4+Qlt +wy2CUH5Fwu4q3UKYI0nqGVFWw4sRXAhE8ekh8A1wOCsFbV9SRPl2ZFEIpSmUihjb +IeRA1erlO/2xx8TY734wzHbp+U6qjWoWWbC4v9kMoW8EQVSwWVZ82+Y8LPIVB0bP +kEl+OP3ah0WaqXVuQzAQlXGYqxZFWUA7Wg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidNotAfter.pem b/src/tests/data/x509test/InvalidNotAfter.pem new file mode 100644 index 000000000..710607051 --- /dev/null +++ b/src/tests/data/x509test/InvalidNotAfter.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIC+zCCAmSgAwIBAgICBSIwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAxNloXDTE1MTAyMDE2MjAxNlowgcAxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRUwEwYDVQQDDAx3d3cudGxzLnRlc3QxHzAdBgkq +hkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBALnLv3AyB82npd10twi+JMFEC4PCM9h+P4YjTdMi2tu3sDZKeJ2r2SXH +4Lu5TPNWcB7x8TQqIYO9LTBV2q9afq5ghT6DyTnAIjMK6u4kKOqU8Bw2mfiK7HDa +3Jt5C53qzctFCcJMSGTU3Wa5jQtrax5w8GyIu4dYS6BtAW9cwko7AgMBAAEwDQYJ +KoZIhvcNAQEFBQADgYEAHvDGEqV4hIrP8niDoTkfDEizGv0ZvoW280wbuWlprNbu +RNwGJeIS7SQWJ8KazZM4ug2A2/CpFaAOCZMnP/DOpEYOqU6BaDWLNug6FqNvI+zD +W6BJ6WvBfVv2Da9iOMe6L8JyanjXAGQlY7hgZh6VmUUGb7cbV+8TOog9iMdyWQg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidNotAfterChained.pem b/src/tests/data/x509test/InvalidNotAfterChained.pem new file mode 100644 index 000000000..25ae1c861 --- /dev/null +++ b/src/tests/data/x509test/InvalidNotAfterChained.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBTAwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDIyWhcNMTYxMDIxMTYyMDIyWjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAsbQhSON6xrzAMoVeGM36YP69fH5qX2arKKwaVvCTgfbj3y5/ +jPCwgCmFkG+ZVEUS6crc6/1Rf1jfva4eYsp09KamdJZXoPtNqWPVZXAJ3JOb3zYx +QIWwb3SJOhXGvm+Di7oH5qbaPHrNFnHW7ERgvEfcckYCqFe+PSBgMG8XIxkCAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQATTavXzwODs3/8Extn3yYClK3djy+ZoEwsqYy3 +dTeqysXjQ1pkVjqYlvAGtX4P4Rz48z4slW3GdhgqCH3T+fuGFpUpVH4rMVa5ZfGj +i8XV0NE9ZbZ5arw05eE5u6MCENcVvK7SvzRRL5M8J1e/Phf2G8mxixmtCzC7LN7n +J7W0gQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBS8wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDIyWhcNMTYxMDIxMTYyMDIyWjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAn5YPsT1SO1RWYNqIpfVNNjaHBvfIznu45nlB +xj7v+P524kPz7CO4RvDvQjL9kf6+pyjyMC7Q52FfvVMm6IzJIlx1EwMRxb/l9ved +y4EMsL+BSkkmRAz/dwZWVe3OmDj3goQ3dQtcC1tdXUsC7o1o4u2i5qJsj4nLu0Cq +HX2syp0CAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEABrRNnhboO/3EV+Lv4svTXtbGG4sBzets3Tc/aHIV +t1smo3Q+wVAnN8qLPcWSBJxC1WtVvS9UOfY9tpbU+5YRbMbwLQRas2Rz1iCgHVuv ++T4Qwwul5Auz/INbOLbYBl1w1hbcmoxH621+8gmUJtrTIIQyQsb7HyuYy5nLqyWr +i1s= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBS4wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDIyWhcNMTYxMDIxMTYyMDIyWjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAzYW1/olecip0CmSEgjshaDvRWVRbvnjSzCAk +We4h+CC3P/OrCOigj6UJJ0dKoZ/ANoxJAr3ve6iOXPxCIm9pHMFntUFHYTeVODYS +kSvxajE7m+5JqIXgMtk2i5yUMK+eeNOddwBdghWt1gAqf36fdiDw+n948mPCrRqr ++StY8ZkCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEALnjy5NAAhGpwD20HSEl/cx64qYn2LGSV1QezaKMx +8GXiFpt9r9wHE/CkuMJpGXkiQjw2rYjUwFDQZkXobi3azMzVyZ48BkA6//WLQ4wC +m/uJ0Y3+ONIF3NVebLbftgKpPhPvz+lbn5jd36minKiGC0zdiXX6zYYIA4A5xmpA +kG4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDKTCCApKgAwIBAgICBSgwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyMloXDTE1MTAyMDE2MjAyMlowgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBANQlSEGZ+JsH4feAXMn842mpEGMEUIt70Po2IJZq2WVO +pLNmACrrYXu0zx5H0KLuL/Hgndc9VbYf07iKIK5Ds30glpMJZ/TfS4O/qNAnRY7X +LA1vNFYK2TANC1hRMfaz1KrbuJb4JHkueVCqYjqMfVSwJQE3GXZUa0fQ8e/qEYwd +AgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG +SIb3DQEBBQUAA4GBAKHEF9BD2UMwOdm5OajvkunuLruEeaT7+MwZnGG07d/pEvfz +urUi61RjbNkCE4676SLd7EDbBxrbFQH5NcFVj9VlZvUC2mX8vuu9zhRXTOoUsJFF +brSAYdARmQge/tOrT34I/BWR2Fi5wWbs+bRo1SvN1a9l3J7BUzmqsgYPnlXb +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidNotBefore.pem b/src/tests/data/x509test/InvalidNotBefore.pem new file mode 100644 index 000000000..4e18b4bdf --- /dev/null +++ b/src/tests/data/x509test/InvalidNotBefore.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIC+zCCAmSgAwIBAgICBTEwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +NDE2MjAxNloXDTE2MTAyMTE2MjAxNlowgcAxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRUwEwYDVQQDDAx3d3cudGxzLnRlc3QxHzAdBgkq +hkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBAPLeZoJev7YWp1dROtVhH/brTvxADbB5Zc7d4AJuCY6+tIDxIi438IZx +Xjr1Mb3ptD/gLnvekc/BjAiuMssu4Q7NZbanwDOElMIXKmdhpwRWYKZfDEyJz5t1 +2tyZpJBWUrL26b2+GttLg7lfeT3qg7srnFvqEB3kGN6L+rFajobrAgMBAAEwDQYJ +KoZIhvcNAQEFBQADgYEAj6/9hGBdOnz2tree0Lk5Nt7wWhKboYXMnBh8rqugCgAm +2a+PGiZMMWMSHBGD2ArEMmTqCqJElMx8gLuPHESNWTCAxu+kBQKTQ2ZfftAcoi4z +2Bk81ofO2SZMpOCZ8N25Imd7EG59FE9ovYM0CQkVNho2nDdnkiv51U1Q47m52aI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidNotBeforeChained.pem b/src/tests/data/x509test/InvalidNotBeforeChained.pem new file mode 100644 index 000000000..412eb578c --- /dev/null +++ b/src/tests/data/x509test/InvalidNotBeforeChained.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBU8wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI0WhcNMTYxMDIxMTYyMDI0WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAwvYZAtfuvra0iFtp2F+zznHtGNMQDH0wpAuQLpLf2kp/vEXV +eBYwq5m9s16trYLC+y9vaC1pgQQfixuQA9xY3DswQyPIztcIPz8r9LQL5YQ8EDzo +mm64G+WZ7kn5xX4zCRmX3mS09tQOhe00Thqg+JIkcmoG7hGbcEEZ7iZrRocCAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQAeJrnaVGhxc0Oi8a29sTHaTQB9COvE0Th3ZqZ5 +sZ0fKadhmR52C+acUv45rNPwwb8omiw84PZdh+bBYTs75eAEDNb3YlFMb7IQbhlV +mebUO1g0WQ5S7Yd1NPpP4BAfGHkEhXJTWY8dzlpFtubRjlcVtJlWdRi4yoPTfsM8 +HxuJlA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBU4wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI0WhcNMTYxMDIxMTYyMDI0WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAp1rCp+dbNbi3SpGNr4fgJDXWUKa5ydd74ryZ +1TyMVHOaJZvAupi4hFrleQcVpTmdtlNq5BRvyJW1sq6H7d2b3TSXfIi/LdvE9wSe +Wt/llQbp64px6iB1bpHNdLiIr8BcOciqupSNyiMIfPXQ3tRXWjCd0fZcIuStQEFn +bxkWdbMCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAvYoLXJHeWQkFv1315AOAQGpsdsN8NFnONtvWlczN +PiWAI48ZzzxA1ZKS38eELVtKyl2EmltonB2WA3aW3OAPET4ID/995e6c0m01hQ68 +Fxca7n0SKq88AQpUm6a8T/RgduCu77Jjv8wKj0AUH1qCX8GogpdFQTUAwhdvfGnu +pX8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBU0wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI0WhcNMTYxMDIxMTYyMDI0WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAz6xQVmb+uXY+VNnWYkBuOvMODOzh/v4vMkp1 +n9JNvqmrb6A6UUtD2/2/uuGEbYbvLKmjijSC2b/no79L1fd8sNbAEi5rUPPlTTwN +7j1C9bduyyAoua0/mvkxW0jgqHC2Bbw8J44kZM2D+gfTxFe5Iqow6Z56XLiGoAYW +C5BFtWcCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAchcIZ6Z4LiGsR7UWNd02AJaihwZD2HqHSlY1753K +e9gztxydjMyyHXgVoWc/ZBM9NBuchJwwTb8oEHEfKahIRmZmj5pcvj2KCHz8XQjo +TiA4QrX3PB2b7ZR178NsnUEUuX9NRKLwnTMIYM7IsDpDBC0YLA7VZGnzemlvsgwl +Wbs= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDKTCCApKgAwIBAgICBUcwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +NDE2MjAyNFoXDTE2MTAyMTE2MjAyNFowgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAL7MqH32J1i03pXI2CNPR1rc135VJoJIR/u8B1cc5rd/ +rBkunOXV4Ouk0GpTjnk8z9QjJQHFMHpR08AhF6/ILoBDnLGqox1WpS1b1tjw97d0 +uD0mlXRhv/amaBjhK/To1PeuQcdzWrwfUzeanQIc6eJQ2Mg6RxLLnV8DXfjUZ7tZ +AgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG +SIb3DQEBBQUAA4GBACyvNhQw3lDTtoTPKfGIEYWsdxXkPrLCUM0V4lNGAdFk7iDb +642lISrtLNks3TfyeuW2R2lwedOExsJpa2HJdvApo9a//a9UULcjiSvzlc5ScjS2 +WL5zhFUpuY/g/JNBW1EM/B7l5W/6S50Q2tjr2AcOkoKDmKegbwjXwLuD3FCu +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidSelfSign.pem b/src/tests/data/x509test/InvalidSelfSign.pem new file mode 100644 index 000000000..e86d22825 --- /dev/null +++ b/src/tests/data/x509test/InvalidSelfSign.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9zCCAmCgAwIBAgICBRYwDQYJKoZIhvcNAQEFBQAwgcAxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRUwEwYDVQQDDAx3d3cudGxzLnRl +c3QxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcNMTUxMDIwMTYy +MDEzWhcNMTYxMDIxMTYyMDEzWjCBwDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNB +MRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNlcnRpZmljYXRl +IFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1MDkgVmVyaWZp +Y2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEfMB0GCSqGSIb3 +DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAqv3vC7ay9UTYAZxJoovYraYkjs8is7YpfsHJXaqvHtPj2xutetMCYcIwVexG +amD9z5pl14ZGtWUO/K7Yha5Fqhrk49bH/M52dcV/2LnXXeqti+HDVfzsxdc2z311 +RYYc7xQxwo+ubnR69qkGG3KwbdouGTpc47NdI7A0gUkavcMCAwEAATANBgkqhkiG +9w0BAQUFAAOBgQBmFIcuPVsCwFh9rbOkJfm8rE28xX6ZsY8qXOnZry8J1LBU9EaM +UNnsRG9VB5XWtdK4eoBJyTixVDz57rRUVO8ElrfYAIfGe95oZlJc00xT3P7UXRMa +AQia66AIfDbvQG/MWZL4mgCm/DJZLPbUf/3k/ayJmw4O3SPyKJ2/D8KrIw== +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidWildcardAll.pem b/src/tests/data/x509test/InvalidWildcardAll.pem new file mode 100644 index 000000000..d5eaf6b12 --- /dev/null +++ b/src/tests/data/x509test/InvalidWildcardAll.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIC9DCCAl2gAwIBAgICBYQwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyOFoXDTE2MTAyMTE2MjAyOFowgbkxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMQ4wDAYDVQQDDAUqLiouKjEfMB0GCSqGSIb3DQEJ +ARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +sQKpi0Vjn+H8G+GcTxrp6w39KXYKuyUfILXe+vuo2Au1jomz3E6t7aiiul+EuRaf +uA/CMIdT8yl4+KP8VICqSbOAuknRlSeOMs/6Xjg38TcP0f7aaLBt5f/qt19wF9+6 +AdYUT7baeZ/QwAWNIHaW/z6DiXwD/BV53vzH6D7IcEUCAwEAATANBgkqhkiG9w0B +AQUFAAOBgQCruQezcbBRplYmC3rQwZwoXbe6/QOKp6jYRhmC3iWPQMO+udgeAI9W +g2w2wuayZhLYttmlhEPrR+qKII6CZ0wxOtUyuXP3fT5eNJEs07pvGTaFhPmlYprt +iYbtbAxSq65PYl9lvUBdqvmff5bu8Qaxo96uDMHtxlVRtai9WTAbvw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidWildcardAllAltName.pem b/src/tests/data/x509test/InvalidWildcardAllAltName.pem new file mode 100644 index 000000000..b1bd6c1af --- /dev/null +++ b/src/tests/data/x509test/InvalidWildcardAllAltName.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDITCCAoqgAwIBAgICBYcwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyOFoXDTE2MTAyMTE2MjAyOFowgc0xCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMSIwIAYDVQQDDBl3d3cudGxzLnRlc3QuaW52YWxp +ZC50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQDIX+1/MXEwTPXFImigK+Dx5xCBHljUJ56zvvfv +W2Gurq7/R6YjVyY9c/G328TbUssFHxi6YdSwN3XhuM0CVxCmkKo45Duy8IAUtKM2 ++yAbC+W4fMaRvLN9Ff/Q0t9CCGs/5wFh6EEFP/FWH81P5yquNrkSBof+vvc63fAW +5GVwjQIDAQABoxcwFTATBgNVHREBAf8ECTAHggUqLiouKjANBgkqhkiG9w0BAQUF +AAOBgQA7TNSyxf/cXaLBRny3SW4BhgsOW4CP3K2/ANvSHbBnNvy9UnAGZXTbTrSW +hmCQqIsJ2qotJsWnytCBLf07jhO6uYohFwKWuDSGBdBoOnrs1fuQnlRBWHgOd16q +SAc+snIsoLoQNWyLm2ghCHFTWU+z7OodCggCHwmedpLErBa1og== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidWildcardLeft.pem b/src/tests/data/x509test/InvalidWildcardLeft.pem new file mode 100644 index 000000000..e7e0fe605 --- /dev/null +++ b/src/tests/data/x509test/InvalidWildcardLeft.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIC9TCCAl6gAwIBAgICBYAwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyOFoXDTE2MTAyMTE2MjAyOFowgboxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMQ8wDQYDVQQDDAYqLnRlc3QxHzAdBgkqhkiG9w0B +CQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AMzZREK0of+aoPJkedjQ7JoGU14YetcwhGupU3zoXAvQJkTgax8LNzqQ+2JSeKfg +Pt6+K0S2uXIRneHYAlSWUSvHoSxplsCqBZER7oVLx6dbLNxSNu8ZlwuH0py2DpvB +cvLcLgx6NaXat4oA4lBjPC/a8rcfNfxyX8TNy2X2sBLzAgMBAAEwDQYJKoZIhvcN +AQEFBQADgYEAgVTj5F3n+HwNz7QG24FF36T2NfQ2OdLo0XmkS27dhd5gX/X9aFlK +4SnfKy0HX+l0Y2b9QCfmxjBB7n12/5msrOHQbKvuYTeeZ+e5Dz0NGU4hXZH/qTPg +EQTQr96LcSh+RQMSmi1VhgeqZZZ3yWPJNLtFWCt4aBGBBMnT0h5Ksxg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidWildcardLeftAltName.pem b/src/tests/data/x509test/InvalidWildcardLeftAltName.pem new file mode 100644 index 000000000..f91e83b32 --- /dev/null +++ b/src/tests/data/x509test/InvalidWildcardLeftAltName.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDIjCCAougAwIBAgICBYMwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyOFoXDTE2MTAyMTE2MjAyOFowgc0xCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMSIwIAYDVQQDDBl3d3cudGxzLnRlc3QuaW52YWxp +ZC50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQDZ+EVqAyuE6lRwlLSh/oJusIiZc6WKasK6jGpf +WgOU+f/rPDR3SqysRIicKxVEu4bpK9d+QGWwUIwI9bGtVlOSKeRMgFPPYOcndLW2 +tKvRQ5L/f7py/fk+n58JsHvXVFTG9CB2+qgzrsct+sRt5AUDyl0tJkiVkhDHPYhQ +W+N0/wIDAQABoxgwFjAUBgNVHREBAf8ECjAIggYqLnRlc3QwDQYJKoZIhvcNAQEF +BQADgYEARfFHSnKF+AtJ5G5mNPQYOylDYpDu3Vypcv7uSpYkpguGaMsjAda3/TI0 +S4HlFBBE/TAx9v+HF0jfXq/rVlgzhwlA/WWru/ByCJOQLZYwQKvia0lUI/g3N5DF +/Xfw484O1oqhObq1vFcH1Nf9xCxAi/Nt8rooc14lxG7RyLGdLlM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidWildcardMid.pem b/src/tests/data/x509test/InvalidWildcardMid.pem new file mode 100644 index 000000000..11a9547d1 --- /dev/null +++ b/src/tests/data/x509test/InvalidWildcardMid.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIC+TCCAmKgAwIBAgICBYkwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyOFoXDTE2MTAyMTE2MjAyOFowgb4xCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRMwEQYDVQQDDAp3d3cuKi50ZXN0MR8wHQYJKoZI +hvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDLn7fPepflQP2HYMoNIzWj3nCkYsjY2PLee4hNKwjAtaN5d7VB+KSwTExT +sIR879bhnhrsAarBCgdsfC4X1kgFVy+TPQBjWVbUCyUnxX8+1iDLODSUkusxiDXj +a3WSxb/Y0WLfC5NMFhp8DwrDhDba3pyY0gQ64rkTL0RlMW5AswIDAQABMA0GCSqG +SIb3DQEBBQUAA4GBAK8kfCilBCqNP5WICILa8r6UPfeJRlOXf/tt+AUbfdYo1w4/ +iyszJwc6ris8aIbEpdeCjo7iDDloRT/D3vCfBGcy6l0IKPziZOpKN4ytyHYjelRv +QVNPfBFZ/Zy+jDAYAx+50ntkcB9NyOPOYNZXLaG3GAY++lMQJrH0bSwQFFtw +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidWildcardMidAltName.pem b/src/tests/data/x509test/InvalidWildcardMidAltName.pem new file mode 100644 index 000000000..d4a7e0b03 --- /dev/null +++ b/src/tests/data/x509test/InvalidWildcardMidAltName.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDJjCCAo+gAwIBAgICBYwwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyOFoXDTE2MTAyMTE2MjAyOFowgc0xCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMSIwIAYDVQQDDBl3d3cudGxzLnRlc3QuaW52YWxp +ZC50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQCpu+Fwy+cvq04SskVQAQL9ID9QLmipmH/y27Kk +LKbB7gXUedxMEbJLE5vvaWvVtYO3taAVsuQh6aNt7b8cXSjzXzN9GIE7rVxOSr5b +3Lc9cqq2B7Jhp9HF/viAMAVvjDWR/MPOkQV0A9tlY640B1yXhwQCCSqI+bvZNgof +No+z3QIDAQABoxwwGjAYBgNVHREBAf8EDjAMggp3d3cuKi50ZXN0MA0GCSqGSIb3 +DQEBBQUAA4GBAEKuXokalBre/8OU43XtOoKpFGY6AG80tgNW1+Uf2Yoi7b/uxmCQ +E6TyWpWwcEM6BiZskbiZE/cUKcbZcDrhvgLngj3oLrAIQRuAK1wsJngJaNjsT2vt +KBznbSr7QYiO5tjrmVhuMZN5Yie9LaZ1fUmqPf7jYH1KeVs4uHPWmOzD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidWildcardMidMixed.pem b/src/tests/data/x509test/InvalidWildcardMidMixed.pem new file mode 100644 index 000000000..82c554554 --- /dev/null +++ b/src/tests/data/x509test/InvalidWildcardMidMixed.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIC+jCCAmOgAwIBAgICBY0wDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyOFoXDTE2MTAyMTE2MjAyOFowgb8xCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRQwEgYDVQQDDAt3d3cuKnMudGVzdDEfMB0GCSqG +SIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEA12d3pW20ggJr+ql15wOx4qrbMXx4Y5ajC39DSOs7ZHpSUadvzuO/84nc +TDCBgDk1YcVkmMezp2lBd+VIgppQ6I841XXKWEpqIg/AOMmBgt8BfWtHJ6TtXgU3 +tbAncg5bVCHFV5c5m5el1Ovg8dseqP4HK3AQxDZDfFgZ5vUDobsCAwEAATANBgkq +hkiG9w0BAQUFAAOBgQCMxsaEoGm9uPf1hOmgLErI9+nwxUsGJoRr1fRlO0uGF+nu +Ek8bT3rPlb+Kzr0x+qqOQqczs2+DTGuayiTdeJHWTrJInByJREdHJ4nEDDuW6WqX +TlQ/EK1QIyytuvPPGD2m+YQiADL8UI7SwlYAm7R/dKZFdww19fESVklOi9NEDQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidWildcardMidMixedAltName.pem b/src/tests/data/x509test/InvalidWildcardMidMixedAltName.pem new file mode 100644 index 000000000..3e3c4fdd8 --- /dev/null +++ b/src/tests/data/x509test/InvalidWildcardMidMixedAltName.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDJzCCApCgAwIBAgICBZAwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyOFoXDTE2MTAyMTE2MjAyOFowgc0xCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMSIwIAYDVQQDDBl3d3cudGxzLnRlc3QuaW52YWxp +ZC50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQDAqz51KTTwasFgU6IkK589/dM/hSiuxApyRkcv +LwFI8XFoF8Kqu7Mi/O+cWfzD5eVJHPN3H6xASSBsVYc3uOgY9pbM80KMUSMovAcI +YBJ9aTv/uvrKesXhX/BiURbnWj9jkHaWWlnnXSNnw3y6UovI6K//hU/+u8QP7pKY +DKNS8QIDAQABox0wGzAZBgNVHREBAf8EDzANggt3d3cuKnMudGVzdDANBgkqhkiG +9w0BAQUFAAOBgQAgMKayhXb38Gbl7q9p+LI5yyV+gPsYQYIsZ1JlAvcrIBrlal/6 ++5yGM3ggqmzz86umeQX+pD/Dj5eS0J6NNzAuyuK0Mvq9CI3sXlA5FpptIFumA+NM +t+nOrqv2uKHeL5+9QLHVpS03b1ecyE6BM54YWwk/8UquuNE2/QEq4/Jq5w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidWildcardSingle.pem b/src/tests/data/x509test/InvalidWildcardSingle.pem new file mode 100644 index 000000000..ef6992c09 --- /dev/null +++ b/src/tests/data/x509test/InvalidWildcardSingle.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIC8DCCAlmgAwIBAgICBXwwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyOFoXDTE2MTAyMTE2MjAyOFowgbUxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMQowCAYDVQQDDAEqMR8wHQYJKoZIhvcNAQkBFhBz +b21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmwWc4 +AgjQxiczSc8sbiZMUpm/NvZ7ncASTpl3H00d7GVF4wBLC25ZKke7cABz4l0SjDx5 +7szbDVAFkkoGcYN0uU1H5KYrvn6T/KZBGDNxTINBSLigzx98fP6KjunVvsKXo0zt +6ILxJ93GGCvr19aYPfekr3rzqbHSzCjGYMOATQIDAQABMA0GCSqGSIb3DQEBBQUA +A4GBAGg1BmBeCbAoHM4MqhX4STpUl+fQ+r8Ge+5HpmiCDE+Y14C+MRTVo+HI3/tW +sY2C0uM565/I/Gt3PdaC+XMvQ3f/h95nyxEgJIF2Hb2UexfY7rhUSyIvSN6QfFE3 +RhUIjIz3ycG5l29nUxefVXDsBm7DJxD6cAl6GAiTt24UPsqs +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/InvalidWildcardSingleAltName.pem b/src/tests/data/x509test/InvalidWildcardSingleAltName.pem new file mode 100644 index 000000000..2c4157cc5 --- /dev/null +++ b/src/tests/data/x509test/InvalidWildcardSingleAltName.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDHTCCAoagAwIBAgICBX8wDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyOFoXDTE2MTAyMTE2MjAyOFowgc0xCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMSIwIAYDVQQDDBl3d3cudGxzLnRlc3QuaW52YWxp +ZC50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQDb1MaXH6cTSHnJ6JiXn15cgl1/Y+v3RPpnNwYH +2kGJYRSxLP0CjZWJxfK5fGngREshLnEFj7Y9oIQnUAuQ11dvKxzQAIGSBTV26uLy +hWRM6NHlOY/PwjaHqrT5mFcH+UMp5j6tfRbJr56ZXA4lwYAO2wCRsMxg/1g3cbmz +hNfzwQIDAQABoxMwETAPBgNVHREBAf8EBTADggEqMA0GCSqGSIb3DQEBBQUAA4GB +ADwFt57Ai8yIE4RXJAixmJOY0uZEwzNsaW193Rvcglr6Pa4MIVaROb5V7srrBmqA +IroeFaOI+OYsKw4PqPE6py2bpQWBjia16aBAJdCO8tpZi4tOfk8kJAYgeWaH/nXS +VMnQC8MuVH+FQpJTC/Nx/G0p9YFjHMi8IG1BBQxwmw8a +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/MissingIntCABasicConstraintWithCertSign.pem b/src/tests/data/x509test/MissingIntCABasicConstraintWithCertSign.pem new file mode 100644 index 000000000..7ed001ef8 --- /dev/null +++ b/src/tests/data/x509test/MissingIntCABasicConstraintWithCertSign.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBW8wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA34jzzg8Xh2qmEg91TRs8g/BZ6JevyLY6Sw8j0fDA60GIdrXo +kB5RA9Y4yrvxq4QwkDOP7ytx8TFBUKLxpThyiNNH1vcCNwsHhZe7ocvcMvNDZfPf +cfcKHrGtQ27LWpE0swfE6eeRvZi9rvREUnmCq6lSfNQv+SokgA82Ofpe3PMCAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQB97v2tb0rxPu7GshfSG77t0wub+/3eCWGsW2tp +3aVL04S6DZinZh3AHuzQ1oFBVLwVfD1QAsy1+mY21Xsvy7YMKfaHXnjik9vKRjLs +hPuXjM0mMguSGYw6dL+X2K9Z5nqU0oppzlhcKY1BCx/mNAdPGzPrU70gSymCxBfM +aBCuTg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBW4wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAk7UWIs2Bjbt0W5AmVRuVOh7SaU749Ss8uLms +3ktkDHdG+G5rBaeqbFmIFxuO7asU6SoioEqDQSNJbZl6awnvdI/3ZmdyqGocWrfm +6HHH+AmvYbQBlOh3eybIwJiywSC6GdjDJH+I6gxzLQPItOarjHc8C74AqWLeq730 +MAe7glkCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAc4B5EUesuaruiUuRyzUh4GoYbEP+t1lga+SYtq4l +sxcO+9YZSlle9zb7jU5Ykv5BEOtnyL0961zLEv/sLgtOjFwr5inJi2a3a/P3bsV7 +TNQAH3KNI29q/Qm/+A6XaMk/q2aXmQPraIA3s8NsQFOGeIQ4nz9zTyiOKjPQgwHT +b3A= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBW0wDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAw3sX/u/yrRj1IiYRe3q8cid1nocGUlgtpTj4 +II/YlaJ84coohPwDKQ/+Q4ZOHfevU9xabeP94vm+UiOoIyFPJfJI/3muapxsWmQi +F5Ia1kZSLci6x8eE4LPUgB16aCqCH1XgeXPTFmkAKYjGXxpc5SeqTrF4MOLwrUkk +mwZSapkCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAE18x27W7wxwLtR32oBtaPCsR53EW5/cVQzcalZvX +yGPgyv20TPbgE1lqW1PiXJG875uPqWU+97UyV97VTKBqdHsIHV7HCXSoFZnlnd1z +mBkZcl3n1/ba2y2imtHMDlQXCf7GLkzRmj6aVjN2Q0aPeC9t+y0kXtAJajaWKFbk +hZw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDGDCCAoGgAwIBAgICBWwwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyN1oXDTE2MTAyMTE2MjAyN1owgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAL01za7b2MBCkDvSwc2SF6opdd80MnZ7dZWqQzRboXVz +NLdxh833kQ3Mml8Kkc2s7YJ5qstqHQ5M9Suo/s0QYOSU5wbb1ssWo/mLeAuS5Dr1 +/tfsgvBM1lDvjXITVxKkb0DF8iTsgDsj/PnSvMK84nVOGEIOYoP/imG3x6GRc/EB +AgMBAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQCJ/MJn +xUsQhyGZxbWRdY2VnLOn90Aky3oTdHYVEkhFDUjS1ZmyOduAypHa9+QKTO16eDP6 +MhrVh/hU8W/4/QThYa4z5lLw47UUSgQcXr8C0311TAEPSTnV+ZpOu0fFjfMv73c/ +qXVFe68hM3ndXiJOJ16L93v5T9UiOYKK7M8wMw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/MissingIntCAExtensions.pem b/src/tests/data/x509test/MissingIntCAExtensions.pem new file mode 100644 index 000000000..ce5d7ca25 --- /dev/null +++ b/src/tests/data/x509test/MissingIntCAExtensions.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBWcwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA11PHrH3zRiw4nwdy3CV8KR0vmJwxLa3k35YuzN49LMyQyeKa +sYfAX3IQky92z8htlWEyejznIJ60sBPJjfPP6vErjPxvJ9vMtHyj8rSzJMe6E2RU +Hpo3UXYdYCLm5xUKx6BhUJU2/u7v6gIddXNx7zZa8YibCdOz2gt9t1qnVmkCAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQBbZA9K2xUGOU9ng1QyCdYFN6hvQeaDmt1hMS57 +SLn0vUlJeq6RN9uT94tbNozYE04/aLsRQkXA2f4i2nyYubl7vNPW56TgvjJmXDbd +tNlGm91gLYvPQ87/S6BOlqNeNGzv7fky3LIeoQAXKT8+HkwQOODujrR93hdT7S90 +jjuHHQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBWYwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAxQo/lGJZhEiNiBpflFrzdQJQwM/qGLNwyYtZ +/JXrzGssz1IJNwCkJcZM+Ub5MJEK120LD+jMFzQ5nEOxDRbGJl1aI0GvCXtSQiH2 ++nT+Ld4jNxEQKgpcnJ2bGRyUpmIQPnrlz/6l0u7uC06C8eEHP6ruIHMaOyw0A0+l +eUmDiXsCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAhvk31fgBPTTwnz4opQFEqkP3yw9/3dG6a7J6e8F+ +x0tulAr3IMyIQbNwlaey+OOqdayTWmT2wK/k1JYa7SNVWtWw+kqAjh8KcXEmmwOc +Ygr2RmPIBJD6awEQ+vq8HdgusHtT3qjs0DoNV7P9nx9U5512WXi9qy1CnDh9D+ZE +mWc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBWUwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI3WhcNMTYxMDIxMTYyMDI3WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAulbTAYuMCmjCPJLCKT0If1fDL8e+t6YQrWmm +fLrW1qx8M2jUCSoiyxKieWStxc6IDrP2sRHDtEPN0tqFO7msQpF/3ldCJxh9Kyfg +uafSpr3aItwqa1oxhmR2+vbLkvjWUAw1BIVuyhpNRBDjvJ263t+75PfwqeKUahIt +h8bIcDMCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAWkhX69giEWoSz7/jaGYoFPMYHRIW0udxRhohjtno +2ToCrbDO+sJQXxymc4Tl4tqXFiaQzD/+wH+WrRp78VRawFVnTUtFPVlCNXgGYVBS +rrYzr9iuveC/YISowDwYf0GmZvhVxa6/62U+g7LwNb6MQum9WbYj8K0zeW/0KWYV +fak= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDBDCCAm2gAwIBAgICBWQwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyN1oXDTE2MTAyMTE2MjAyN1owgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAKqNdXfgN8FRHOohmOpzAgqv3Pb+rp0J4uTRCEzHoq1e +WPE1jYFGwjOJ9IRExWJfsgHMpapchWypkMUTK5XLZn14EvY7+9M3zH3MN5sxTvES +TQBYstlzV7LtfFXebzZCx4A490e4Q7G1OGGu3KqTzF/TdkNPpUQBymFpL3nE/anL +AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAVoILkySxthWJZ7jz2tviJeSQdKhS/fvU +iOPcxKPAFbzvSID2xzTgC/9ZiDVEOZd6/4ohZpS1Ow1PaCuheC6WZBCNCdeY311h +BbfnQ0Wf9VbFs/UJjalOo8ygwAkV1Vg/DfTjpk0FuCTb1u77uuGZXJCo8ThO7b/y +pv+LN+S9LFc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/ValidAltName.pem b/src/tests/data/x509test/ValidAltName.pem new file mode 100644 index 000000000..5ac372128 --- /dev/null +++ b/src/tests/data/x509test/ValidAltName.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDKDCCApGgAwIBAgICBX4wDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAxMFoXDTE2MTAyMTE2MjAxMFowgc0xCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMSIwIAYDVQQDDBl3d3cudGxzLnRlc3QuaW52YWxp +ZC50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQC1DBM8CLNnuNfYnRvo1cU7mEAvazteLQ+RfSGI +hNEQGMYokUG/1bPs6E730KJnrvqjz/ZN48UPglqa8r5ybTmDEDpR5tR8dcNnWFCp +fJCx2ewfZujqLFWLlsS3lSEA/NDbe6IOvyo2dauX/VAmKeFnHWJm/H0KPJ50KHR8 +rG+IoQIDAQABox4wHDAaBgNVHREBAf8EEDAOggx3d3cudGxzLnRlc3QwDQYJKoZI +hvcNAQEFBQADgYEAWjU68nLPJChlJhaRSnAdzz4XB5VmK8vSkw54WwK8HnjmK0jO +0Novc3HH98Fh06VCFdW/NdbegI/P2xldqJlKP6AVB9Cdr+vecTNZ8P6WrRwBBuJ+ +NrwSm6RiiXxkZn/IcfUqRB1M15igpQvAxxHmjeaLHbX8tUtS6ZnvZGcVtuo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/ValidCert.pem b/src/tests/data/x509test/ValidCert.pem new file mode 100644 index 000000000..204789966 --- /dev/null +++ b/src/tests/data/x509test/ValidCert.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIC+zCCAmSgAwIBAgICBRUwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAxMFoXDTE2MTAyMTE2MjAxMFowgcAxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRUwEwYDVQQDDAx3d3cudGxzLnRlc3QxHzAdBgkq +hkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBAN6X3nIL0PLqwnjANgHFOCxezp1eg/sfyofyei1Tp3hafq9ZWQn62pyg +2Aqt0z7SRq4fLKGwyuh1sEhazf5xPgy8L8RGUU+ZRyJAHwQXs15W+sbfphs1liDk +BLuFgcUCEEZ5HfH8kmH1lYOfgisxgVhALQseUCBUNfGXbkX/xIrHAgMBAAEwDQYJ +KoZIhvcNAQEFBQADgYEAVpHtniZAAgBrjbV0Kk0IgYyJYY1zCwZ4oiYpl+WeJpE5 +ygClBCwluCfDbFZMBtpV48mYR4f0KfISFy2W5rdOSi2fdo3NlBUUASUuZCBmPS9t +jy6d1QsK3SCMJa9PV6KR7o6ETbRGoji2HvzlpzGxmh7iN88kFBCjZrYEcuQ+RW0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/ValidChained.pem b/src/tests/data/x509test/ValidChained.pem new file mode 100644 index 000000000..a7248de4c --- /dev/null +++ b/src/tests/data/x509test/ValidChained.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBXcwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDEwWhcNMTYxMDIxMTYyMDEwWjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAwCwNoOZ+rgu7MQ9INb8eGNjlTemzlcR4vKXytUDyX06qG2Qm +0wt+egqkuVIdfEt6yzhZGVysuqZTbwRu8/YVy7P+m4m2SkXa7qwymS/f3JtBLPtG +iUBN9DKFXufyn3SOspu/NZ4bpqJEJ9w0LUGf1LTGvdPoNYQnT+XAUfVAkNcCAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQBw6Mirr+EWa2IMUf17Ae2a/KLdcY9rfltjktyJ +ZAPZSMHE390Vd4NzC+IwUAAwUMjVyhE/JVzf3fN1xV957ojDbFhRgJbRKDkuYp4D +D2C761Fh2vMNTnvy3CShzF17ZeauE3xt5EuZaBYhuLqXTmZPzZ8vRZyWPx0g+wlY +BfC6uQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBXYwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDEwWhcNMTYxMDIxMTYyMDEwWjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA3gWLf6PchbaPfsouVbXoPCvt/X5yp5x0Bsfk +Xvsb+fo1ZHJJkOOWFMx2h6+G4bJSXCE2rvyAlL7gB2Z9zG97I6NlLsPtOCdYyg63 +iuOxbBgzkbqzXYCWJdoYm+WbZfKEBkAYh5Qdh6CnCv8MNbdlAqh15M6whqVmVcbH ++qk9CGsCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAj+dfoCHzPGAuPjm0qXy4gF72wg7sK3VibXD7un7A +5mLgHVaNpOPNBFdXGIfX/ThLzzrMGtDHnnWuK4l76Pawd0e/FEfAaV0eiatGzwZ0 +FCA6Ol4B6fTMXBCKJ6XDvg0ONEBzfkJ3JX+6mHIPA18re0kDOPZBCIFNb3lCf1TD +464= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBXUwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDEwWhcNMTYxMDIxMTYyMDEwWjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAtnqePBelZGBjlAsrTnGAOcFdXaS6WdgFp1Ct +SnhmpKvFlsoSDaKBT/dBp5aghAoaj/cECi1cE+ngrOjM+PQgrJpFD2WLFwsRzm7P +TQPIBbtWjI8oCZnkwfvlAl13wyWeRnm2lrSwgmvmqg4aldsTbR032VCRKtmepyB9 +nh45g/8CAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAPnEL+w27sXOAKIHemIWed7MSZq0YMrgGGYifoiDR +0PoGbaG7pvgoFpjHe2B6mfoDwD17rsjjKox2x+vkrsDeBoPa4DiclqUAPuqW4qmg +OnS4o698ccLkm4arfCuk1y4al86j3h3ZXlvGm2RJZyb1UDXXjRgRCrs5L3cFqHog +Z0c= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDKTCCApKgAwIBAgICBXQwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAxMFoXDTE2MTAyMTE2MjAxMFowgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBANfFYKEzGMbuSThFeCcE3bCK1DABcu/kxLiJK4/dK2Nt +tfel+Pklt1JAk0vt5o4AtmIH68kSc/IbzYhK/Z9GNcHd5H+T/5jkGKBTDYiwql8v +Mg1qgJN7jHgxvBMTN2GJRY/QATq9U2LPc1gg8K9xJBwkv2b4OCc3kl6jsxL8h3NB +AgMBAAGjIzAhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG +SIb3DQEBBQUAA4GBAMBUe+6du56LFJs4kiD9pNCk6WrhseAsebpuT4HuqmmRcz10 +KhsWmEfXOO8qV9KPktHeb7N9IBEJqWVcBhhNFMjgrLWPwVmc+aKK+IPvFTO/Kckr +j+l+VCVZHrpuJO6ePXMbcZGZIhhmav8kWBEd9eyEm7h9SNazsT2vR30Is9r7 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/ValidIntCALen.pem b/src/tests/data/x509test/ValidIntCALen.pem new file mode 100644 index 000000000..68e6cf91c --- /dev/null +++ b/src/tests/data/x509test/ValidIntCALen.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAmmgAwIBAgICBVcwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA0P2TWIzoFt6EHNAUW4BKtlwWpn/NMaeQqJHTjewzAvQJ5qul +ZdgaguVAibak5DtnM1XrvJTYDGxdhyQtkFWwgGZS/9VYP6YfX0JspnCPu2jdv1Mv +Ziii2F3fSkvHGIMMs2dXqWheV4jOpqtztr9blhN2Ed935QoX70I/gjCNFJECAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQANla2/x6sDwGwtedPSTvUCx+tp5uQoX6AqlpAY +bv9YWNW97yMV4ZTyfSyppjNf59TFnXcfEDDU3xsoK0thRL8fv+PNmL0lWsL9q7Jj +XHo8w8sE9d5mOvWqjYcwlBOMksI42Rj2nTwEVbH5GC/w2A9y1eJqqbvEn5xjZFsb +1HUnPA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDMTCCApqgAwIBAgICBVYwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAxLsGmdJe0lSVprI7J4xOu+D7iimUDcsM5Mab +tYkT+IIUep5okqyCyEVhY1pzLQK3pABg2kaBkD5D59wGnavxObry0At1b76dAZ03 +avqUs/y2tLjJfp1TC1m7Jvp1m2ehD+KAo1rItgwyNOqRXPkVJL7nWSHNvDWkvtYF +10s8cT0CAwEAAaMmMCQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQEFBQADgYEAgmz8CDyA1w10yxjIfFAL1dv4imvQncu4CJTy +iv+jbqoJzYQ24nR85hkVZMCkoTxfp9QQjFoCMGVQO+UwjOOpjcm2B6sEX44nqjTr +UwBjUbdFnoXu2L3U98IHttE9Rx2969DMTXy7zsDUDSFWnuU9BI4i2wtAnQPDtruj +jLFeHRs= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLjCCApegAwIBAgICBVUwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDI4WhcNMTYxMDIxMTYyMDI4WjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA3/Bn96S7g+EduHhDqO1xeHx9KIP7FA2UnLxc +PeblmR3J5gTk4Twzwus0R4+b6qFJp3WN7CvnuaXsNea6bAG7y09ceNKHqDSByzch +ZYKGpZcQ7WDn/4rfWKceIV/qhvQ4zdu5sEVBjdkZVhqbyPTu814zPEOLzQMmm2zh +FhWHEssCAwEAAaMjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADgYEAIY5V0/fZq/7iTtq6hKnC+Aa3nGWr5cQC95dzZ+PT +5XfCgIMr3VSZi0tfmBBVTMBkOUzXBmqK6iOORAPb6Gb+tpEGWM8jgLgTx2835MHW +ffaByIL0enuAjhPl3Xhuq8VPUzLNQgprml4XaYPYrQidBcMFkqS4Oz44PtxNQ7BM +B8o= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLDCCApWgAwIBAgICBVQwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAyOFoXDTE2MTAyMTE2MjAyOFowgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBALz4tk1wnzfDW39Lu8fcN4gCoU47RgTiXV/duqvJ36kY +qyJ7WwlgJGOHOhmLJjpt7WwjDWNRRVS8kPPVfhcZDtMX3IgiaRAEWjij3fpUd6Ai +tiJrnaLdyXlCS5Wt3sEF2/qazv44x4SEaeHtO69kZC565g6bOyaPIyKVwnMmMKVp +AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQUwDgYDVR0PAQH/BAQDAgEGMA0G +CSqGSIb3DQEBBQUAA4GBAMaNLpFGlwisXxlMQxRja4FHvdFW2A6jwVH4wJqhSSBQ +wetgAMaSN28uR+HUC0OWss0L6763fa3hzVVMKEhk1nljGoLyn/Vr1SK1P8KNTyc8 +eGNJwKtAjlooMxD4dJvN/kqN7kkmLRGfPK13mnSlP4X3PBa9fXTzxZi4N3QBb2ph +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/ValidNameConstraint.pem b/src/tests/data/x509test/ValidNameConstraint.pem new file mode 100644 index 000000000..3085e0cb3 --- /dev/null +++ b/src/tests/data/x509test/ValidNameConstraint.pem @@ -0,0 +1,100 @@ +-----BEGIN CERTIFICATE----- +MIIDHTCCAoagAwIBAgICBZkwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2My5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDEwWhcNMTYxMDIxMTYyMDEwWjCBwDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxFTATBgNVBAMMDHd3dy50bHMudGVzdDEf +MB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA1YOhYZy3JK18g0L2gYiDNqgFAmEa9BkNCZmnGmhceJDxHWs6 +eAaLAkWLf8OiedGOnVMgZ93e98k1OsjI+Naml//ekxEDaxSdz+QrFwk7naZcgoI+ +SrlhdDgNhUC0X1DE8I2IrIQUmxCiEjnPtVwImswL4OlMzxPSM4p698cbdH0CAwEA +AaMbMBkwFwYDVR0RBBAwDoIMd3d3LnRscy50ZXN0MA0GCSqGSIb3DQEBBQUAA4GB +AAvL8Gjr/lX6pkBDj+fTJFuhDq27vRQkBc3KtCWPRYO47sbAn7PSj1xjy2qVpf0y +2+5q8DbopxXNYG52PZw9pxotvLf7h0u8q84ruQosmaUbURhkTJoqY4TYz0hVVhJf +VkFk0hnh287gMy7501H5HZi4G3B0/Cb965V4zrqaPLYO +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUDCCArmgAwIBAgICBZgwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2Mi5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDEwWhcNMTYxMDIxMTYyMDEwWjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYzLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA1+JYv4lqbDzFlNIt9Mc3jI0fDxzAHg4Efdn4 +vuBozAiYAnuXdpDf+CgRP/ioIhfgzgmztzmSAchF5VPRG+xc5hSBCwWrp1OPFyj6 +5nX6RxsuU8wlyzNfZOJ4CpwNrFhWvHRGKvDVNaTYOASGRjz8V3uQ56f/7HmdmBoV +WYz+XiECAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +IAYDVR0RBBkwF4IVaW50LmxldjMuY2EuYXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUA +A4GBAHrocfhfL6JI0SH0aDhvRTyW1gmD9BTSQvDLiW7VF7fCCh0SEKS8rif75ITR +s/JCnAaSsDickAOCwfOzNxPwwTQupuuwNSZVis0tTy+A3tYrENdLnYjvNfs+qGh2 +OJDbt/vN7V/VXSWwSzDHJSPuU35dygkZwFoCe6CSmxhELZK6 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfTCCAuagAwIBAgICBZcwDQYJKoZIhvcNAQEFBQAwgckxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5j +YS5hdXRob3JpdHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wHhcN +MTUxMDIwMTYyMDEwWhcNMTYxMDIxMTYyMDEwWjCByTELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgMAkNBMRgwFgYDVQQHDA9TYW4gTHVpcyBPYmlzcG8xLjAsBgNVBAoMJUNl +cnRpZmljYXRlIFZhbGlkYXRpb24gYW5kIENvbXBsaWFuY2UxIjAgBgNVBAsMGVg1 +MDkgVmVyaWZpY2F0aW9uIENoZWNrZXIxHjAcBgNVBAMMFWludC5sZXYyLmNhLmF1 +dGhvcml0eTEfMB0GCSqGSIb3DQEJARYQc29tZW9uZUBtYWlsLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAvBAI1Vb+DE+Ls0fMCWeLJK5ih73IjV9GXBp9 +lLPa8U/pFuov0U5XyeMvv6OsGp27z788VApHhxNP98xMBA86oAo7C5YpXLD7c7ez +nadlmKq3v3z6c1vDbs9UNViZhT8hSBeFhBvHMY2ZJjimR6UMseygppAlB3CxnlvD +U1ceLXkCAwEAAaNyMHAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +IAYDVR0RBBkwF4IVaW50LmxldjIuY2EuYXV0aG9yaXR5MCsGA1UdHgEB/wQhMB+h +HTAbghl3d3cudGxzLnRlc3QuaW52YWxpZC50ZXN0MA0GCSqGSIb3DQEBBQUAA4GB +ABAHb6ut1XijezhmC+ieQpSeqKcQI9+YacUssH3vyDfgVD5vjDx5jbmr99J5OMGu +IXJr2NPjsYfe+Jl28XibvSVSF4KE1WUCaD5LmXl7KBkbO+DBbnjZqVK7dO84yQn2 +B7YO4QaXeInTyFkyMyZZItsgpheKfngozrJouQ/Fd4SN +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdTCCAt6gAwIBAgICBZYwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAxMFoXDTE2MTAyMTE2MjAxMFowgckxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMR4wHAYDVQQDDBVpbnQubGV2MS5jYS5hdXRob3Jp +dHkxHzAdBgkqhkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAMQCtMsmfgeXju0UpAgnKddgp7Ytaeh9Fe45+nsWUxKt +UXUumhLqNVYvB3/N91a/Zbye9Vzx25WrBVaxUve23R2u/OtO6/N9shmxMDw93bMA +P9XJTxzksQ2LbpDx0Evo70DFm6uVqADO1ecqSQ9iv0kOTIVsGmIIxs8O9leJOeJ1 +AgMBAAGjbzBtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMCAGA1Ud +EQQZMBeCFWludC5sZXYxLmNhLmF1dGhvcml0eTAoBgNVHR4BAf8EHjAcoBowD4IN +LmNhLmF1dGhvcml0eTAHggUudGVzdDANBgkqhkiG9w0BAQUFAAOBgQCW+xgaaODO +NXKsIV+CUbMUmlRVsLWwsi32FLuqbjAyb61G7TPQWQulG2ixpauKlf1NjrBQPDKA +5T9hUjAHRN2qZZBDqZ2AOr3srRngoLiV9/u4LavKt+vYKvyL5mD4266y7DuoQ0kB +r6IgVc+mL8seW6f/WPInKQkQnE06bYBO7g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/ValidWildcard.pem b/src/tests/data/x509test/ValidWildcard.pem new file mode 100644 index 000000000..80e38c6f4 --- /dev/null +++ b/src/tests/data/x509test/ValidWildcard.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIC+TCCAmKgAwIBAgICBZEwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAxMFoXDTE2MTAyMTE2MjAxMFowgb4xCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRMwEQYDVQQDDAoqLnRscy50ZXN0MR8wHQYJKoZI +hvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDht+9MZmL+5loPrHQ0SElrwe1KWiBJ+e7dkoA4ZkP+hsZNr9ls+TSCBelB +qzJf3v3gIxpG0UJ6/uUZcmz+p/GoQW7CieIueJJ37Y0R9ghaclFHw33tUWsxgKrT +mzcYS0eOfEEnfMH/XsGPjg5wVROS8nl9XoSXzUiatecMpnwNGwIDAQABMA0GCSqG +SIb3DQEBBQUAA4GBAER+QBx0LmdzEuGsryG3Id66iA4Q77NF9J2oNsg8BLypGqP4 +qImscj4zPWdryxgfAeneCSy+A0v+tuTeT0yqUq5aWlsiT9nJ3QXOM7dQdk3SWSEg +/OPU5EcJ9g1BOdET8kYLrnzEoqjf7s+Hb0IkyNN0xDO5Tdbkjjt1sfHsSzYb +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/data/x509test/expected.txt b/src/tests/data/x509test/expected.txt new file mode 100644 index 000000000..573df4fe7 --- /dev/null +++ b/src/tests/data/x509test/expected.txt @@ -0,0 +1,41 @@ +InvalidExtendedKeyUsage.pem:Invalid usage +InvalidIntCAFlag.pem:CA certificate not allowed to issue certs +InvalidIntCAKeyUsage.pem:CA certificate not allowed to issue certs +InvalidIntCALen.pem:Certificate chain too long +InvalidIntCALoop.pem:Loop in certificate chain +InvalidIntCASelfSign.pem:Cannot establish trust +InvalidIntCAVersionOne.pem:CA certificate not allowed to issue certs +InvalidIntCAVersionTwo.pem:CA certificate not allowed to issue certs +InvalidKeyUsage.pem:Invalid usage +InvalidName.pem:Certificate does not match provided name +InvalidNameAltName.pem:Certificate does not match provided name +InvalidNameAltNameWithSubj.pem:Certificate does not match provided name +InvalidNotAfter.pem:Certificate has expired +InvalidNotAfterChained.pem:Certificate has expired +InvalidNotBefore.pem:Certificate is not yet valid +InvalidNotBeforeChained.pem:Certificate is not yet valid +InvalidSelfSign.pem:Cannot establish trust +InvalidWildcardAll.pem:Certificate does not match provided name +InvalidWildcardAllAltName.pem:Certificate does not match provided name +InvalidWildcardLeft.pem:Certificate does not match provided name +InvalidWildcardLeftAltName.pem:Certificate does not match provided name +InvalidWildcardMid.pem:Certificate does not match provided name +InvalidWildcardMidAltName.pem:Certificate does not match provided name +InvalidWildcardMidMixed.pem:Certificate does not match provided name +InvalidWildcardMidMixedAltName.pem:Certificate does not match provided name +InvalidWildcardSingle.pem:Certificate does not match provided name +InvalidWildcardSingleAltName.pem:Certificate does not match provided name +MissingIntCABasicConstraintWithCertSign.pem:CA certificate not allowed to issue certs +MissingIntCAExtensions.pem:CA certificate not allowed to issue certs +ValidAltName.pem:Verified +ValidCert.pem:Verified +ValidChained.pem:Verified +ValidIntCALen.pem:Verified +ValidWildcard.pem:Verified + +# Missing name constraints +InvalidNameConstraintExclude.pem:Certificate issuer not found +InvalidNameConstraintPermit.pem:Certificate issuer not found +InvalidNameConstraintPermitRight.pem:Certificate issuer not found +InvalidNameConstraintPermitThenExclude.pem:Certificate issuer not found +ValidNameConstraint.pem:Certificate issuer not found diff --git a/src/tests/data/x509test/root.pem b/src/tests/data/x509test/root.pem new file mode 100644 index 000000000..b6b894a04 --- /dev/null +++ b/src/tests/data/x509test/root.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/nist_x509.cpp b/src/tests/nist_x509.cpp index 04b569d32..0ce74334f 100644 --- a/src/tests/nist_x509.cpp +++ b/src/tests/nist_x509.cpp @@ -1,16 +1,7 @@ /* -* (C) 2006,2011,2012,2014 Jack Lloyd +* (C) 2006,2011,2012,2014,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) -* -* Code to run the X.509v3 processing tests described in "Conformance -* Testing of Relying Party Client Certificate Path Proccessing Logic", -* which is available on NIST's web site. -* -* Known Failures/Problems: -* - Policy extensions are not implemented, so we skip tests #34-#53. -* - Tests #75 and #76 are skipped as they make use of relatively -* obscure CRL extensions which are not supported. */ #include "tests.h" @@ -22,6 +13,7 @@ #include #include +#include #include #include #include @@ -32,11 +24,110 @@ using namespace Botan; std::map get_expected(); +namespace { + +std::vector load_cert_file(const std::string& filename) + { + DataSource_Stream in(filename); + + std::vector certs; + while(!in.end_of_data()) + { + try { + certs.emplace_back(in); + } + catch(Decoding_Error) {} + } + + return certs; + } + +std::map read_results(const std::string& results_file) + { + std::ifstream in(results_file); + if(!in.good()) + throw std::runtime_error("Failed reading " + results_file); + + std::map m; + std::string line; + while(in.good()) + { + std::getline(in, line); + if(line == "") + continue; + if(line[0] == '#') + continue; + + std::vector parts = split_on(line, ':'); + + if(parts.size() != 2) + throw std::runtime_error("Invalid line " + line); + + m[parts[0]] = parts[1]; + } + + return m; + } + +} + +size_t test_x509_x509test() + { + // Test certs generated by https://github.com/yymax/x509test + const std::string test_dir = "src/tests/data/x509test"; + + std::map results = read_results(test_dir + "/expected.txt"); + + const Path_Validation_Restrictions default_restrictions; + + size_t fail = 0; + + X509_Certificate root(test_dir + "/root.pem"); + Certificate_Store_In_Memory trusted; + trusted.add_certificate(root); + + for(auto i = results.begin(); i != results.end(); ++i) + { + const std::string fsname = i->first; + const std::string expected = i->second; + + std::vector certs = load_cert_file(test_dir + "/" + fsname); + + if(certs.empty()) + throw std::runtime_error("Failed to read certs from " + fsname); + + Path_Validation_Result result = x509_path_validate(certs, default_restrictions, trusted, + "www.tls.test", Usage_Type::TLS_SERVER_AUTH); + + if(result.successful_validation() && result.trust_root() != root) + result = Path_Validation_Result(Certificate_Status_Code::CANNOT_ESTABLISH_TRUST); + + if(result.result_string() != expected) + { + std::cout << "FAIL " << fsname << " expected '" << expected << "' got '" << result.result_string() << "'\n"; + ++fail; + } + } + + test_report("X.509 (x509test)", results.size(), fail); + + return fail; + } + size_t test_nist_x509() { + /** + * Code to run the X.509v3 processing tests described in "Conformance + * Testing of Relying Party Client Certificate Path Proccessing Logic", + * which is available on NIST's web site. + * + * Known Failures/Problems: + * - Policy extensions are not implemented, so we skip tests #34-#53. + * - Tests #75 and #76 are skipped as they make use of relatively + * obscure CRL extensions which are not supported. + */ const std::string root_test_dir = "src/tests/data/nist_x509/"; const size_t total_tests = 76; - try { // Do nothing, just test filesystem access @@ -61,8 +152,8 @@ size_t test_nist_x509() for(size_t test_no = 1; test_no <= total_tests; ++test_no) { const std::string test_dir = root_test_dir + "/test" + (test_no <= 9 ? "0" : "") + std::to_string(test_no); - - const std::vector all_files = get_files_recursive(test_dir); + + const std::vector all_files = get_files_recursive(test_dir); if (all_files.empty()) std::cout << "Warning: No test files found in '" << test_dir << "'" << std::endl; @@ -83,6 +174,7 @@ size_t test_nist_x509() if(expected_results.find(test_no) == expected_results.end()) { + //printf("Skipping %d\n", test_no); skipped++; continue; } diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp index d213b6a3a..61378b1a2 100644 --- a/src/tests/tests.cpp +++ b/src/tests/tests.cpp @@ -38,10 +38,10 @@ size_t run_tests_in_dir(const std::string& dir, std::function Date: Sun, 25 Oct 2015 22:25:40 -0400 Subject: TLS improvements Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks. --- doc/manual/tls.rst | 6 +- doc/news.rst | 2 + src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp | 3 +- src/lib/rng/rng.h | 8 + src/lib/tls/msg_client_hello.cpp | 6 +- src/lib/tls/tls_channel.cpp | 38 +-- src/lib/tls/tls_channel.h | 17 +- src/lib/tls/tls_client.cpp | 53 +++- src/lib/tls/tls_client.h | 15 +- src/lib/tls/tls_handshake_io.cpp | 97 +++--- src/lib/tls/tls_handshake_io.h | 16 +- src/lib/tls/tls_handshake_msg.h | 2 + src/lib/tls/tls_handshake_state.cpp | 110 ++++++- src/lib/tls/tls_handshake_state.h | 6 +- src/lib/tls/tls_magic.h | 2 + src/lib/tls/tls_policy.cpp | 13 +- src/lib/tls/tls_policy.h | 15 + src/lib/tls/tls_record.cpp | 85 +++--- src/lib/tls/tls_server.cpp | 58 ++-- src/lib/tls/tls_server.h | 14 +- src/lib/utils/ct_utils.h | 36 +++ src/tests/unit_tls.cpp | 551 ++++++++++++++++++++++++++-------- 22 files changed, 861 insertions(+), 292 deletions(-) (limited to 'src/tests') diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index 554846c25..331bb56bb 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -517,7 +517,9 @@ policy settings from a file. authentication, sending data in cleartext) are also not supported by the implementation and cannot be negotiated. - Default value: "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM", + Values without an explicit mode use old-style CBC with HMAC encryption. + + Default value: "AES-256/GCM", "AES-128/GCM", "ChaCha20Poly1305", "AES-256/CCM", "AES-128/CCM", "AES-256/CCM-8", "AES-128/CCM-8", "AES-256", "AES-128" @@ -570,7 +572,7 @@ policy settings from a file. Default: "ECDSA", "RSA", "DSA" - Also allowed: "" (meaning anonymous) + Also allowed (disabled by default): "" (meaning anonymous) .. cpp:function:: std::vector allowed_ecc_curves() const diff --git a/doc/news.rst b/doc/news.rst index 72ab4ad9f..61df06d83 100644 --- a/doc/news.rst +++ b/doc/news.rst @@ -35,6 +35,8 @@ Version 1.11.22, Not Yet Released deriving the next value by squaring the previous ones. The reinitializion interval can be controlled by the build.h parameter BOTAN_BLINDING_REINIT_INTERVAL. +* A bug decoding DTLS client hellos prevented session resumption for suceeding. + * DL_Group now prohibits creating a group smaller than 1024 bits. * Add System_RNG type. Previously the global system RNG was only accessible via diff --git a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp index 6b3bce0aa..5ff288db2 100644 --- a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp +++ b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp @@ -28,8 +28,7 @@ secure_vector EME_PKCS1v15::pad(const byte in[], size_t inlen, out[0] = 0x02; for(size_t j = 1; j != olen - inlen - 1; ++j) - while(out[j] == 0) - out[j] = rng.next_byte(); + out[j] = rng.next_nonzero_byte(); buffer_insert(out, olen - inlen, in, inlen); return out; diff --git a/src/lib/rng/rng.h b/src/lib/rng/rng.h index 6ee67f66f..261880d5d 100644 --- a/src/lib/rng/rng.h +++ b/src/lib/rng/rng.h @@ -75,6 +75,14 @@ class BOTAN_DLL RandomNumberGenerator */ byte next_byte() { return get_random(); } + byte next_nonzero_byte() + { + byte b = next_byte(); + while(b == 0) + b = next_byte(); + return b; + } + /** * Check whether this RNG is seeded. * @return true if this RNG was already seeded, false otherwise. diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index 82ba6f4f6..77bdc5cf5 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -1,6 +1,6 @@ /* * TLS Hello Request and Client Hello Messages -* (C) 2004-2011 Jack Lloyd +* (C) 2004-2011,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -210,11 +210,11 @@ Client_Hello::Client_Hello(const std::vector& buf) m_random = reader.get_fixed(32); + m_session_id = reader.get_range(1, 0, 32); + if(m_version.is_datagram_protocol()) m_hello_cookie = reader.get_range(1, 0, 255); - m_session_id = reader.get_range(1, 0, 32); - m_suites = reader.get_range_vector(2, 1, 32767); m_comp_methods = reader.get_range_vector(1, 1, 255); diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index e2b1aad9d..5dfcec34e 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -23,17 +23,21 @@ Channel::Channel(output_fn output_fn, data_cb data_cb, alert_cb alert_cb, handshake_cb handshake_cb, + handshake_msg_cb handshake_msg_cb, Session_Manager& session_manager, RandomNumberGenerator& rng, + const Policy& policy, bool is_datagram, size_t reserved_io_buffer_size) : m_is_datagram(is_datagram), - m_handshake_cb(handshake_cb), m_data_cb(data_cb), m_alert_cb(alert_cb), m_output_fn(output_fn), - m_rng(rng), - m_session_manager(session_manager) + m_handshake_cb(handshake_cb), + m_handshake_msg_cb(handshake_msg_cb), + m_session_manager(session_manager), + m_policy(policy), + m_rng(rng) { /* epoch 0 is plaintext, thus null cipher state */ m_write_cipher_states[0] = nullptr; @@ -66,20 +70,16 @@ Connection_Sequence_Numbers& Channel::sequence_numbers() const std::shared_ptr Channel::read_cipher_state_epoch(u16bit epoch) const { auto i = m_read_cipher_states.find(epoch); - - BOTAN_ASSERT(i != m_read_cipher_states.end(), - "Have a cipher state for the specified epoch"); - + if(i == m_read_cipher_states.end()) + throw Internal_Error("TLS::Channel No read cipherstate for epoch " + std::to_string(epoch)); return i->second; } std::shared_ptr Channel::write_cipher_state_epoch(u16bit epoch) const { auto i = m_write_cipher_states.find(epoch); - - BOTAN_ASSERT(i != m_write_cipher_states.end(), - "Have a cipher state for the specified epoch"); - + if(i == m_write_cipher_states.end()) + throw Internal_Error("TLS::Channel No write cipherstate for epoch " + std::to_string(epoch)); return i->second; } @@ -120,17 +120,17 @@ Handshake_State& Channel::create_handshake_state(Protocol_Version version) std::unique_ptr io; if(version.is_datagram_protocol()) { - // default MTU is IPv6 min MTU minus UDP/IP headers (TODO: make configurable) - const u16bit mtu = 1280 - 40 - 8; - io.reset(new Datagram_Handshake_IO( std::bind(&Channel::send_record_under_epoch, this, _1, _2, _3), sequence_numbers(), - mtu)); + m_policy.dtls_default_mtu(), + m_policy.dtls_initial_timeout(), + m_policy.dtls_maximum_timeout())); } else - io.reset(new Stream_Handshake_IO( - std::bind(&Channel::send_record, this, _1, _2))); + { + io.reset(new Stream_Handshake_IO(std::bind(&Channel::send_record, this, _1, _2))); + } m_pending_state.reset(new_handshake_state(io.release())); @@ -333,12 +333,13 @@ size_t Channel::received_data(const byte input[], size_t input_size) if(record.size() > max_fragment_size) throw TLS_Exception(Alert::RECORD_OVERFLOW, - "Plaintext record is too large"); + "TLS input record is larger than allowed maximum"); if(record_type == HANDSHAKE || record_type == CHANGE_CIPHER_SPEC) { if(!m_pending_state) { + // No pending handshake, possibly new: if(record_version.is_datagram_protocol()) { if(m_sequence_numbers) @@ -374,6 +375,7 @@ size_t Channel::received_data(const byte input[], size_t input_size) } } + // May have been created in above conditional if(m_pending_state) { m_pending_state->handshake_io().add_record(unlock(record), diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h index 4e6874a16..9ef2d17c4 100644 --- a/src/lib/tls/tls_channel.h +++ b/src/lib/tls/tls_channel.h @@ -24,6 +24,7 @@ namespace TLS { class Connection_Cipher_State; class Connection_Sequence_Numbers; class Handshake_State; +class Handshake_Message; /** * Generic interface for TLS endpoint @@ -35,15 +36,18 @@ class BOTAN_DLL Channel typedef std::function data_cb; typedef std::function alert_cb; typedef std::function handshake_cb; + typedef std::function handshake_msg_cb; Channel(output_fn out, data_cb app_data_cb, alert_cb alert_cb, handshake_cb hs_cb, + handshake_msg_cb hs_msg_cb, Session_Manager& session_manager, RandomNumberGenerator& rng, + const Policy& policy, bool is_datagram, - size_t reserved_io_buffer_size); + size_t io_buf_sz = 16*1024); Channel(const Channel&) = delete; @@ -196,6 +200,8 @@ class BOTAN_DLL Channel Handshake_State& create_handshake_state(Protocol_Version version); + void inspect_handshake_message(const Handshake_Message& msg); + void activate_session(); void change_cipher_spec_reader(Connection_Side side); @@ -214,8 +220,11 @@ class BOTAN_DLL Channel Session_Manager& session_manager() { return m_session_manager; } + const Policy& policy() const { return m_policy; } + bool save_session(const Session& session) const { return m_handshake_cb(session); } + handshake_msg_cb get_handshake_msg_cb() const { return m_handshake_msg_cb; } private: size_t maximum_fragment_size() const; @@ -245,14 +254,16 @@ class BOTAN_DLL Channel bool m_is_datagram; /* callbacks */ - handshake_cb m_handshake_cb; data_cb m_data_cb; alert_cb m_alert_cb; output_fn m_output_fn; + handshake_cb m_handshake_cb; + handshake_msg_cb m_handshake_msg_cb; /* external state */ - RandomNumberGenerator& m_rng; Session_Manager& m_session_manager; + const Policy& m_policy; + RandomNumberGenerator& m_rng; /* sequence number state */ std::unique_ptr m_sequence_numbers; diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 9306092ce..82630b7fa 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -1,6 +1,6 @@ /* * TLS Client -* (C) 2004-2011,2012 Jack Lloyd +* (C) 2004-2011,2012,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -23,8 +23,7 @@ class Client_Handshake_State : public Handshake_State public: // using Handshake_State::Handshake_State; - Client_Handshake_State(Handshake_IO* io, hs_msg_cb cb = hs_msg_cb()) : - Handshake_State(io, cb) {} + Client_Handshake_State(Handshake_IO* io, handshake_msg_cb cb) : Handshake_State(io, cb) {} const Public_Key& get_server_public_Key() const { @@ -55,9 +54,31 @@ Client::Client(output_fn output_fn, const Protocol_Version offer_version, const std::vector& next_protos, size_t io_buf_sz) : - Channel(output_fn, proc_cb, alert_cb, handshake_cb, session_manager, rng, - offer_version.is_datagram_protocol(), io_buf_sz), - m_policy(policy), + Channel(output_fn, proc_cb, alert_cb, handshake_cb, Channel::handshake_msg_cb(), + session_manager, rng, policy, offer_version.is_datagram_protocol(), io_buf_sz), + m_creds(creds), + m_info(info) + { + const std::string srp_identifier = m_creds.srp_identifier("tls-client", m_info.hostname()); + + Handshake_State& state = create_handshake_state(offer_version); + send_client_hello(state, false, offer_version, srp_identifier, next_protos); + } + +Client::Client(output_fn output_fn, + data_cb proc_cb, + alert_cb alert_cb, + handshake_cb handshake_cb, + handshake_msg_cb hs_msg_cb, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + const Server_Information& info, + const Protocol_Version offer_version, + const std::vector& next_protos) : + Channel(output_fn, proc_cb, alert_cb, handshake_cb, hs_msg_cb, + session_manager, rng, policy, offer_version.is_datagram_protocol()), m_creds(creds), m_info(info) { @@ -69,7 +90,7 @@ Client::Client(output_fn output_fn, Handshake_State* Client::new_handshake_state(Handshake_IO* io) { - return new Client_Handshake_State(io); // , m_hs_msg_cb); + return new Client_Handshake_State(io, get_handshake_msg_cb()); } std::vector @@ -111,7 +132,7 @@ void Client::send_client_hello(Handshake_State& state_base, state.client_hello(new Client_Hello( state.handshake_io(), state.hash(), - m_policy, + policy(), rng(), secure_renegotiation_data_for_client_hello(), session_info, @@ -128,7 +149,7 @@ void Client::send_client_hello(Handshake_State& state_base, state.handshake_io(), state.hash(), version, - m_policy, + policy(), rng(), secure_renegotiation_data_for_client_hello(), next_protocols, @@ -157,9 +178,9 @@ void Client::process_handshake_msg(const Handshake_State* active_state, if(state.client_hello()) return; - if(m_policy.allow_server_initiated_renegotiation()) + if(policy().allow_server_initiated_renegotiation()) { - if(!secure_renegotiation_supported() && m_policy.allow_insecure_renegotiation() == false) + if(!secure_renegotiation_supported() && policy().allow_insecure_renegotiation() == false) send_warning_alert(Alert::NO_RENEGOTIATION); else this->initiate_handshake(state, false); @@ -263,7 +284,9 @@ void Client::process_handshake_msg(const Handshake_State* active_state, if(state.server_hello()->supports_session_ticket()) state.set_expected_next(NEW_SESSION_TICKET); else + { state.set_expected_next(HANDSHAKE_CCS); + } } else { @@ -282,7 +305,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, "Server replied with later version than in hello"); } - if(!m_policy.acceptable_protocol_version(state.version())) + if(!policy().acceptable_protocol_version(state.version())) { throw TLS_Exception(Alert::PROTOCOL_VERSION, "Server version " + state.version().to_string() + @@ -406,7 +429,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, state.client_kex( new Client_Key_Exchange(state.handshake_io(), state, - m_policy, + policy(), m_creds, state.server_public_key.get(), m_info.hostname(), @@ -426,7 +449,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, state.client_verify( new Certificate_Verify(state.handshake_io(), state, - m_policy, + policy(), rng(), private_key) ); @@ -477,7 +500,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, const std::vector& session_ticket = state.session_ticket(); if(session_id.empty() && !session_ticket.empty()) - session_id = make_hello_random(rng(), m_policy); + session_id = make_hello_random(rng(), policy()); Session session_info( session_id, diff --git a/src/lib/tls/tls_client.h b/src/lib/tls/tls_client.h index e4e0dc363..b835c013e 100644 --- a/src/lib/tls/tls_client.h +++ b/src/lib/tls/tls_client.h @@ -67,6 +67,20 @@ class BOTAN_DLL Client : public Channel size_t reserved_io_buffer_size = 16*1024 ); + Client(output_fn out, + data_cb app_data_cb, + alert_cb alert_cb, + handshake_cb hs_cb, + handshake_msg_cb hs_msg_cb, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + const Server_Information& server_info = Server_Information(), + const Protocol_Version offer_version = Protocol_Version::latest_tls_version(), + const std::vector& next_protocols = {} + ); + const std::string& application_protocol() const { return m_application_protocol; } private: std::vector @@ -88,7 +102,6 @@ class BOTAN_DLL Client : public Channel Handshake_State* new_handshake_state(Handshake_IO* io) override; - const Policy& m_policy; Credentials_Manager& m_creds; const Server_Information m_info; std::string m_application_protocol; diff --git a/src/lib/tls/tls_handshake_io.cpp b/src/lib/tls/tls_handshake_io.cpp index 6286eab08..f39c9f84e 100644 --- a/src/lib/tls/tls_handshake_io.cpp +++ b/src/lib/tls/tls_handshake_io.cpp @@ -1,6 +1,6 @@ /* * TLS Handshake IO -* (C) 2012,2014 Jack Lloyd +* (C) 2012,2014,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -33,6 +33,24 @@ void store_be24(byte out[3], size_t val) out[2] = get_byte(3, val); } +u64bit steady_clock_ms() + { + return std::chrono::duration_cast( + std::chrono::steady_clock::now().time_since_epoch()).count(); + } + +size_t split_for_mtu(size_t mtu, size_t msg_size) + { + const size_t DTLS_HEADERS_SIZE = 25; // DTLS record+handshake headers + + const size_t parts = (msg_size + mtu) / mtu; + + if(parts + DTLS_HEADERS_SIZE > mtu) + return parts + 1; + + return parts; + } + } Protocol_Version Stream_Handshake_IO::initial_record_version() const @@ -123,41 +141,15 @@ Protocol_Version Datagram_Handshake_IO::initial_record_version() const return Protocol_Version::DTLS_V10; } -namespace { - -// 1 second initial timeout, 60 second max - see RFC 6347 sec 4.2.4.1 -const u64bit INITIAL_TIMEOUT = 1*1000; -const u64bit MAXIMUM_TIMEOUT = 60*1000; - -u64bit steady_clock_ms() +void Datagram_Handshake_IO::retransmit_last_flight() { - return std::chrono::duration_cast( - std::chrono::steady_clock::now().time_since_epoch()).count(); + const size_t flight_idx = (m_flights.size() == 1) ? 0 : (m_flights.size() - 2); + retransmit_flight(flight_idx); } -} - -bool Datagram_Handshake_IO::timeout_check() +void Datagram_Handshake_IO::retransmit_flight(size_t flight_idx) { - if(m_last_write == 0 || (m_flights.size() > 1 && !m_flights.rbegin()->empty())) - { - /* - If we haven't written anything yet obviously no timeout. - Also no timeout possible if we are mid-flight, - */ - return false; - } - - const u64bit ms_since_write = steady_clock_ms() - m_last_write; - - if(ms_since_write < m_next_timeout) - return false; - - std::vector flight; - if(m_flights.size() == 1) - flight = m_flights.at(0); // lost initial client hello - else - flight = m_flights.at(m_flights.size() - 2); + const std::vector& flight = m_flights.at(flight_idx); BOTAN_ASSERT(flight.size() > 0, "Nonempty flight to retransmit"); @@ -177,8 +169,27 @@ bool Datagram_Handshake_IO::timeout_check() send_message(msg_seq, msg.epoch, msg.msg_type, msg.msg_bits); epoch = msg.epoch; } + } + +bool Datagram_Handshake_IO::timeout_check() + { + if(m_last_write == 0 || (m_flights.size() > 1 && !m_flights.rbegin()->empty())) + { + /* + If we haven't written anything yet obviously no timeout. + Also no timeout possible if we are mid-flight, + */ + return false; + } + + const u64bit ms_since_write = steady_clock_ms() - m_last_write; + + if(ms_since_write < m_next_timeout) + return false; - m_next_timeout = std::min(2 * m_next_timeout, MAXIMUM_TIMEOUT); + retransmit_last_flight(); + + m_next_timeout = std::min(2 * m_next_timeout, m_max_timeout); return true; } @@ -251,7 +262,6 @@ Datagram_Handshake_IO::get_next_record(bool expecting_ccs) if(m_ccs_epochs.count(current_epoch)) return std::make_pair(HANDSHAKE_CCS, std::vector()); } - return std::make_pair(HANDSHAKE_NONE, std::vector()); } @@ -376,21 +386,6 @@ Datagram_Handshake_IO::format(const std::vector& msg, return format_w_seq(msg, type, m_in_message_seq - 1); } -namespace { - -size_t split_for_mtu(size_t mtu, size_t msg_size) - { - const size_t DTLS_HEADERS_SIZE = 25; // DTLS record+handshake headers - - const size_t parts = (msg_size + mtu) / mtu; - - if(parts + DTLS_HEADERS_SIZE > mtu) - return parts + 1; - - return parts; - } - -} std::vector Datagram_Handshake_IO::send(const Handshake_Message& msg) @@ -411,7 +406,7 @@ Datagram_Handshake_IO::send(const Handshake_Message& msg) m_out_message_seq += 1; m_last_write = steady_clock_ms(); - m_next_timeout = INITIAL_TIMEOUT; + m_next_timeout = m_initial_timeout; return send_message(m_out_message_seq - 1, epoch, msg_type, msg_bits); } @@ -425,7 +420,9 @@ std::vector Datagram_Handshake_IO::send_message(u16bit msg_seq, format_w_seq(msg_bits, msg_type, msg_seq); if(no_fragment.size() + DTLS_HEADER_SIZE <= m_mtu) + { m_send_hs(epoch, HANDSHAKE, no_fragment); + } else { const size_t parts = split_for_mtu(m_mtu, msg_bits.size()); diff --git a/src/lib/tls/tls_handshake_io.h b/src/lib/tls/tls_handshake_io.h index 00074a744..a1c1c5ce3 100644 --- a/src/lib/tls/tls_handshake_io.h +++ b/src/lib/tls/tls_handshake_io.h @@ -100,8 +100,14 @@ class Datagram_Handshake_IO : public Handshake_IO Datagram_Handshake_IO(writer_fn writer, class Connection_Sequence_Numbers& seq, - u16bit mtu) : - m_seqs(seq), m_flights(1), m_send_hs(writer), m_mtu(mtu) {} + u16bit mtu, u64bit initial_timeout_ms, u64bit max_timeout_ms) : + m_seqs(seq), + m_flights(1), + m_initial_timeout(initial_timeout_ms), + m_max_timeout(max_timeout_ms), + m_send_hs(writer), + m_mtu(mtu) + {} Protocol_Version initial_record_version() const override; @@ -120,6 +126,9 @@ class Datagram_Handshake_IO : public Handshake_IO std::pair> get_next_record(bool expecting_ccs) override; private: + void retransmit_flight(size_t flight); + void retransmit_last_flight(); + std::vector format_fragment( const byte fragment[], size_t fragment_len, @@ -183,6 +192,9 @@ class Datagram_Handshake_IO : public Handshake_IO std::vector> m_flights; std::map m_flight_data; + u64bit m_initial_timeout = 0; + u64bit m_max_timeout = 0; + u64bit m_last_write = 0; u64bit m_next_timeout = 0; diff --git a/src/lib/tls/tls_handshake_msg.h b/src/lib/tls/tls_handshake_msg.h index 6937d4f2c..7e527abf4 100644 --- a/src/lib/tls/tls_handshake_msg.h +++ b/src/lib/tls/tls_handshake_msg.h @@ -22,6 +22,8 @@ namespace TLS { class BOTAN_DLL Handshake_Message { public: + std::string type_string() const; + virtual Handshake_Type type() const = 0; virtual std::vector serialize() const = 0; diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index cbbca3a0d..f885d3b08 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -1,6 +1,6 @@ /* * TLS Handshaking -* (C) 2004-2006,2011,2012 Jack Lloyd +* (C) 2004-2006,2011,2012,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -13,6 +13,67 @@ namespace Botan { namespace TLS { +std::string Handshake_Message::type_string() const + { + return handshake_type_to_string(type()); + } + +const char* handshake_type_to_string(Handshake_Type type) + { + switch(type) + { + case HELLO_VERIFY_REQUEST: + return "hello_verify_request"; + + case HELLO_REQUEST: + return "hello_request"; + + case CLIENT_HELLO: + return "client_hello"; + + case SERVER_HELLO: + return "server_hello"; + + case CERTIFICATE: + return "certificate"; + + case CERTIFICATE_URL: + return "certificate_url"; + + case CERTIFICATE_STATUS: + return "certificate_status"; + + case SERVER_KEX: + return "server_key_exchange"; + + case CERTIFICATE_REQUEST: + return "certificate_request"; + + case SERVER_HELLO_DONE: + return "server_hello_done"; + + case CERTIFICATE_VERIFY: + return "certificate_verify"; + + case CLIENT_KEX: + return "client_key_exchange"; + + case NEW_SESSION_TICKET: + return "new_session_ticket"; + + case HANDSHAKE_CCS: + return "change_cipher_spec"; + + case FINISHED: + return "finished"; + + case HANDSHAKE_NONE: + return "invalid"; + } + + throw Internal_Error("Unknown TLS handshake message type " + std::to_string(type)); + } + namespace { u32bit bitmask_for_handshake_type(Handshake_Type type) @@ -25,9 +86,6 @@ u32bit bitmask_for_handshake_type(Handshake_Type type) case HELLO_REQUEST: return (1 << 1); - /* - * Same code point for both client hello styles - */ case CLIENT_HELLO: return (1 << 2); @@ -75,12 +133,48 @@ u32bit bitmask_for_handshake_type(Handshake_Type type) throw Internal_Error("Unknown handshake type " + std::to_string(type)); } +std::string handshake_mask_to_string(u32bit mask) + { + const Handshake_Type types[] = { + HELLO_VERIFY_REQUEST, + HELLO_REQUEST, + CLIENT_HELLO, + CERTIFICATE, + CERTIFICATE_URL, + CERTIFICATE_STATUS, + SERVER_KEX, + CERTIFICATE_REQUEST, + SERVER_HELLO_DONE, + CERTIFICATE_VERIFY, + CLIENT_KEX, + NEW_SESSION_TICKET, + HANDSHAKE_CCS, + FINISHED + }; + + std::ostringstream o; + bool empty = true; + + for(auto&& t : types) + { + if(mask & bitmask_for_handshake_type(t)) + { + if(!empty) + o << ","; + o << handshake_type_to_string(t); + empty = false; + } + } + + return o.str(); + } + } /* * Initialize the SSL/TLS Handshake State */ -Handshake_State::Handshake_State(Handshake_IO* io, hs_msg_cb cb) : +Handshake_State::Handshake_State(Handshake_IO* io, handshake_msg_cb cb) : m_msg_callback(cb), m_handshake_io(io), m_version(m_handshake_io->initial_record_version()) @@ -196,10 +290,10 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) const bool ok = (m_hand_expecting_mask & mask); // overlap? if(!ok) - throw Unexpected_Message("Unexpected state transition in handshake, got " + + throw Unexpected_Message("Unexpected state transition in handshake, got type " + std::to_string(handshake_msg) + - " expected " + std::to_string(m_hand_expecting_mask) + - " received " + std::to_string(m_hand_received_mask)); + " expected " + handshake_mask_to_string(m_hand_expecting_mask) + + " received " + handshake_mask_to_string(m_hand_received_mask)); /* We don't know what to expect next, so force a call to set_expected_next; if it doesn't happen, the next transition diff --git a/src/lib/tls/tls_handshake_state.h b/src/lib/tls/tls_handshake_state.h index 3b60178b4..6260b090f 100644 --- a/src/lib/tls/tls_handshake_state.h +++ b/src/lib/tls/tls_handshake_state.h @@ -45,9 +45,9 @@ class Finished; class Handshake_State { public: - typedef std::function hs_msg_cb; + typedef std::function handshake_msg_cb; - Handshake_State(Handshake_IO* io, hs_msg_cb cb); + Handshake_State(Handshake_IO* io, handshake_msg_cb cb); virtual ~Handshake_State(); @@ -170,7 +170,7 @@ class Handshake_State private: - hs_msg_cb m_msg_callback; + handshake_msg_cb m_msg_callback; std::unique_ptr m_handshake_io; diff --git a/src/lib/tls/tls_magic.h b/src/lib/tls/tls_magic.h index 882e59158..6db908b08 100644 --- a/src/lib/tls/tls_magic.h +++ b/src/lib/tls/tls_magic.h @@ -57,6 +57,8 @@ enum Handshake_Type { HANDSHAKE_NONE = 255 // Null value }; +const char* handshake_type_to_string(Handshake_Type t); + enum Compression_Method { NO_COMPRESSION = 0x00, DEFLATE_COMPRESSION = 0x01 diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index f50cf1f3e..d8dd2c828 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -20,9 +20,9 @@ std::vector Policy::allowed_ciphers() const return { //"AES-256/OCB(12)", //"AES-128/OCB(12)", - "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM", + "ChaCha20Poly1305", "AES-256/CCM", "AES-128/CCM", "AES-256/CCM(8)", @@ -35,7 +35,6 @@ std::vector Policy::allowed_ciphers() const //"Camellia-128", //"SEED" //"3DES", - //"RC4", }; } @@ -175,6 +174,16 @@ bool Policy::include_time_in_hello_random() const { return true; } bool Policy::hide_unknown_users() const { return false; } bool Policy::server_uses_own_ciphersuite_preferences() const { return true; } +// 1 second initial timeout, 60 second max - see RFC 6347 sec 4.2.4.1 +size_t Policy::dtls_initial_timeout() const { return 1*1000; } +size_t Policy::dtls_maximum_timeout() const { return 60*1000; } + +size_t Policy::dtls_default_mtu() const + { + // default MTU is IPv6 min MTU minus UDP/IP headers + return 1280 - 40 - 8; + } + std::vector Policy::srtp_profiles() const { return std::vector(); diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 581d04bcd..c3f8f1ee2 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -13,6 +13,7 @@ #include #include #include +#include namespace Botan { @@ -173,6 +174,12 @@ class BOTAN_DLL Policy virtual std::vector ciphersuite_list(Protocol_Version version, bool have_srp) const; + virtual size_t dtls_default_mtu() const; + + virtual size_t dtls_initial_timeout() const; + + virtual size_t dtls_maximum_timeout() const; + virtual void print(std::ostream& o) const; virtual ~Policy() {} @@ -299,6 +306,14 @@ class BOTAN_DLL Text_Policy : public Policy return r; } + void set(const std::string& k, const std::string& v) { m_kv[k] = v; } + + Text_Policy(const std::string& s) + { + std::istringstream iss(s); + m_kv = read_cfg(iss); + } + Text_Policy(std::istream& in) { m_kv = read_cfg(in); diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 71542de16..e38b26547 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -12,6 +12,7 @@ #include #include #include +#include #include namespace Botan { @@ -284,31 +285,26 @@ size_t fill_buffer_to(secure_vector& readbuf, * * Returning 0 in the error case should ensure the MAC check will fail. * This approach is suggested in section 6.2.3.2 of RFC 5246. -* -* Also returns 0 if block_size == 0, so can be safely called with a -* stream cipher in use. -* -* @fixme This should run in constant time */ -size_t tls_padding_check(const byte record[], size_t record_len) +u16bit tls_padding_check(const byte record[], size_t record_len) { - const size_t padding_length = record[(record_len-1)]; - - if(padding_length >= record_len) - return 0; - /* * TLS v1.0 and up require all the padding bytes be the same value * and allows up to 255 bytes. */ - const size_t pad_start = record_len - padding_length - 1; - volatile size_t cmp = 0; + const byte pad_byte = record[(record_len-1)]; - for(size_t i = 0; i != padding_length; ++i) - cmp += record[pad_start + i] ^ padding_length; + byte pad_invalid = 0; + for(size_t i = 0; i != record_len; ++i) + { + const size_t left = record_len - i - 2; + const byte delim_mask = CT::is_less(left, pad_byte) & 0xFF; + pad_invalid |= (delim_mask & (record[i] ^ pad_byte)); + } - return cmp ? 0 : padding_length + 1; + u16bit pad_invalid_mask = CT::expand_mask(pad_invalid); + return CT::select(pad_invalid_mask, 0, pad_byte + 1); } void cbc_decrypt_record(byte record_contents[], size_t record_len, @@ -375,38 +371,39 @@ void decrypt_record(secure_vector& output, else { // GenericBlockCipher case + BlockCipher* bc = cs.block_cipher(); + BOTAN_ASSERT(bc != nullptr, "No cipher state set but needed to decrypt"); - volatile bool padding_bad = false; - size_t pad_size = 0; + const size_t mac_size = cs.mac_size(); + const size_t iv_size = cs.iv_size(); - if(BlockCipher* bc = cs.block_cipher()) - { - cbc_decrypt_record(record_contents, record_len, cs, *bc); + // This early exit does not leak info because all the values are public + if((record_len < mac_size + iv_size) || (record_len % cs.block_size() != 0)) + throw Decoding_Error("Record sent with invalid length"); - pad_size = tls_padding_check(record_contents, record_len); + CT::poison(record_contents, record_len); - padding_bad = (pad_size == 0); - } - else - { - throw Internal_Error("No cipher state set but needed to decrypt"); - } + cbc_decrypt_record(record_contents, record_len, cs, *bc); - const size_t mac_size = cs.mac_size(); - const size_t iv_size = cs.iv_size(); + // 0 if padding was invalid, otherwise 1 + padding_bytes + u16bit pad_size = tls_padding_check(record_contents, record_len); - const size_t mac_pad_iv_size = mac_size + pad_size + iv_size; + // This mask is zero if there is not enough room in the packet + const u16bit size_ok_mask = CT::is_less(mac_size + pad_size + iv_size, record_len); + pad_size &= size_ok_mask; - if(record_len < mac_pad_iv_size) - throw Decoding_Error("Record sent with invalid length"); + CT::unpoison(record_contents, record_len); - const byte* plaintext_block = &record_contents[iv_size]; - const u16bit plaintext_length = record_len - mac_pad_iv_size; + /* + This is unpoisoned sooner than it should. The pad_size leaks to plaintext_length and + then to the timing channel in the MAC computation described in the Lucky 13 paper. + */ + CT::unpoison(pad_size); - cs.mac()->update( - cs.format_ad(record_sequence, record_type, record_version, plaintext_length) - ); + const byte* plaintext_block = &record_contents[iv_size]; + const u16bit plaintext_length = record_len - mac_size - iv_size - pad_size; + cs.mac()->update(cs.format_ad(record_sequence, record_type, record_version, plaintext_length)); cs.mac()->update(plaintext_block, plaintext_length); std::vector mac_buf(mac_size); @@ -414,12 +411,16 @@ void decrypt_record(secure_vector& output, const size_t mac_offset = record_len - (mac_size + pad_size); - const bool mac_bad = !same_mem(&record_contents[mac_offset], mac_buf.data(), mac_size); + const bool mac_ok = same_mem(&record_contents[mac_offset], mac_buf.data(), mac_size); - if(mac_bad || padding_bad) - throw TLS_Exception(Alert::BAD_RECORD_MAC, "Message authentication failure"); + const u16bit ok_mask = size_ok_mask & CT::expand_mask(mac_ok) & CT::expand_mask(pad_size); - output.assign(plaintext_block, plaintext_block + plaintext_length); + CT::unpoison(ok_mask); + + if(ok_mask) + output.assign(plaintext_block, plaintext_block + plaintext_length); + else + throw TLS_Exception(Alert::BAD_RECORD_MAC, "Message authentication failure"); } } diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 330135e63..774827346 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -21,8 +21,7 @@ class Server_Handshake_State : public Handshake_State public: // using Handshake_State::Handshake_State; - Server_Handshake_State(Handshake_IO* io, hs_msg_cb cb = hs_msg_cb()) : - Handshake_State(io, cb) {} + Server_Handshake_State(Handshake_IO* io, handshake_msg_cb cb) : Handshake_State(io, cb) {} // Used by the server only, in case of RSA key exchange. Not owned Private_Key* server_rsa_kex_key = nullptr; @@ -215,9 +214,26 @@ Server::Server(output_fn output, next_protocol_fn next_proto, bool is_datagram, size_t io_buf_sz) : - Channel(output, data_cb, alert_cb, handshake_cb, - session_manager, rng, is_datagram, io_buf_sz), - m_policy(policy), + Channel(output, data_cb, alert_cb, handshake_cb, Channel::handshake_msg_cb(), + session_manager, rng, policy, is_datagram, io_buf_sz), + m_creds(creds), + m_choose_next_protocol(next_proto) + { + } + +Server::Server(output_fn output, + data_cb data_cb, + alert_cb alert_cb, + handshake_cb handshake_cb, + handshake_msg_cb hs_msg_cb, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + next_protocol_fn next_proto, + bool is_datagram) : + Channel(output, data_cb, alert_cb, handshake_cb, hs_msg_cb, + session_manager, rng, policy, is_datagram), m_creds(creds), m_choose_next_protocol(next_proto) { @@ -225,7 +241,9 @@ Server::Server(output_fn output, Handshake_State* Server::new_handshake_state(Handshake_IO* io) { - std::unique_ptr state(new Server_Handshake_State(io)); + std::unique_ptr state( + new Server_Handshake_State(io, get_handshake_msg_cb())); + state->set_expected_next(CLIENT_HELLO); return state.release(); } @@ -278,7 +296,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, { const bool initial_handshake = !active_state; - if(!m_policy.allow_insecure_renegotiation() && + if(!policy().allow_insecure_renegotiation() && !(initial_handshake || secure_renegotiation_supported())) { send_warning_alert(Alert::NO_RENEGOTIATION); @@ -292,7 +310,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, Protocol_Version negotiated_version; const Protocol_Version latest_supported = - m_policy.latest_supported_version(client_version.is_datagram_protocol()); + policy().latest_supported_version(client_version.is_datagram_protocol()); if((initial_handshake && client_version.known_version()) || (!initial_handshake && client_version == active_state->version())) @@ -334,7 +352,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, negotiated_version = latest_supported; } - if(!m_policy.acceptable_protocol_version(negotiated_version)) + if(!policy().acceptable_protocol_version(negotiated_version)) { throw TLS_Exception(Alert::PROTOCOL_VERSION, "Client version " + negotiated_version.to_string() + @@ -359,7 +377,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, session_manager(), m_creds, state.client_hello(), - std::chrono::seconds(m_policy.session_ticket_lifetime())); + std::chrono::seconds(policy().session_ticket_lifetime())); bool have_session_ticket_key = false; @@ -387,7 +405,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, state.server_hello(new Server_Hello( state.handshake_io(), state.hash(), - m_policy, + policy(), rng(), secure_renegotiation_data_for_server_hello(), *state.client_hello(), @@ -423,7 +441,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, new New_Session_Ticket(state.handshake_io(), state.hash(), session_info.encrypt(ticket_key, rng()), - m_policy.session_ticket_lifetime()) + policy().session_ticket_lifetime()) ); } catch(...) {} @@ -469,14 +487,14 @@ void Server::process_handshake_msg(const Handshake_State* active_state, state.server_hello(new Server_Hello( state.handshake_io(), state.hash(), - m_policy, + policy(), rng(), secure_renegotiation_data_for_server_hello(), *state.client_hello(), - make_hello_random(rng(), m_policy), // new session ID + make_hello_random(rng(), policy()), // new session ID state.version(), - choose_ciphersuite(m_policy, state.version(), m_creds, cert_chains, state.client_hello()), - choose_compression(m_policy, state.client_hello()->compression_methods()), + choose_ciphersuite(policy(), state.version(), m_creds, cert_chains, state.client_hello()), + choose_compression(policy(), state.client_hello()->compression_methods()), have_session_ticket_key, m_next_protocol) ); @@ -516,7 +534,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, else { state.server_kex(new Server_Key_Exchange(state.handshake_io(), - state, m_policy, + state, policy(), m_creds, rng(), private_key)); } @@ -534,7 +552,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, { state.cert_req( new Certificate_Req(state.handshake_io(), state.hash(), - m_policy, client_auth_CAs, state.version())); + policy(), client_auth_CAs, state.version())); state.set_expected_next(CERTIFICATE); } @@ -565,7 +583,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, state.client_kex( new Client_Key_Exchange(contents, state, state.server_rsa_kex_key, - m_creds, m_policy, rng()) + m_creds, policy(), rng()) ); state.compute_session_keys(); @@ -649,7 +667,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, new New_Session_Ticket(state.handshake_io(), state.hash(), session_info.encrypt(ticket_key, rng()), - m_policy.session_ticket_lifetime()) + policy().session_ticket_lifetime()) ); } catch(...) {} diff --git a/src/lib/tls/tls_server.h b/src/lib/tls/tls_server.h index 4f2a11ba4..ffe1111bc 100644 --- a/src/lib/tls/tls_server.h +++ b/src/lib/tls/tls_server.h @@ -40,6 +40,19 @@ class BOTAN_DLL Server : public Channel size_t reserved_io_buffer_size = 16*1024 ); + Server(output_fn output, + data_cb data_cb, + alert_cb alert_cb, + handshake_cb handshake_cb, + handshake_msg_cb hs_msg_cb, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + next_protocol_fn next_proto = next_protocol_fn(), + bool is_datagram = false + ); + /** * Return the protocol notification set by the client (using the * NPN extension) for this connection, if any. This value is not @@ -62,7 +75,6 @@ class BOTAN_DLL Server : public Channel Handshake_State* new_handshake_state(Handshake_IO* io) override; - const Policy& m_policy; Credentials_Manager& m_creds; next_protocol_fn m_choose_next_protocol; diff --git a/src/lib/utils/ct_utils.h b/src/lib/utils/ct_utils.h index 52a3bc388..2ea07b382 100644 --- a/src/lib/utils/ct_utils.h +++ b/src/lib/utils/ct_utils.h @@ -51,6 +51,12 @@ inline void unpoison(T* p, size_t n) #endif } +template +inline void unpoison(T& p) + { + unpoison(&p, 1); + } + /* * T should be an unsigned machine integer type * Expand to a mask used for other operations @@ -89,6 +95,16 @@ inline T is_equal(T x, T y) return is_zero(x ^ y); } +template +inline T is_less(T x, T y) + { + /* + This expands to a constant time sequence with GCC 5.2.0 on x86-64 + but something more complicated may be needed for portable const time. + */ + return expand_mask(x < y); + } + template inline void conditional_copy_mem(T value, T* to, @@ -102,6 +118,26 @@ inline void conditional_copy_mem(T value, to[i] = CT::select(mask, from0[i], from1[i]); } +template +inline T expand_top_bit(T a) + { + return expand_mask(a >> (sizeof(T)*8-1)); + } + +template +inline T max(T a, T b) + { + const T a_larger = b - a; // negative if a is larger + return select(expand_top_bit(a), a, b); + } + +template +inline T min(T a, T b) + { + const T a_larger = b - a; // negative if a is larger + return select(expand_top_bit(b), b, a); + } + } } diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 116eb2cdf..d4abef119 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -11,6 +11,7 @@ #include #include +#include #include #include #include @@ -21,6 +22,7 @@ #include #include #include +#include using namespace Botan; @@ -155,158 +157,441 @@ Credentials_Manager* create_creds() return new Credentials_Manager_Test(server_cert, ca_cert, server_key); } -size_t basic_test_handshake(RandomNumberGenerator& rng, - TLS::Protocol_Version offer_version, - Credentials_Manager& creds, - TLS::Policy& policy) +std::function queue_inserter(std::vector& q) { - TLS::Session_Manager_In_Memory server_sessions(rng); - TLS::Session_Manager_In_Memory client_sessions(rng); - - std::vector c2s_q, s2c_q, c2s_data, s2c_data; + return [&](const byte buf[], size_t sz) { q.insert(q.end(), buf, buf + sz); }; + } - auto handshake_complete = [&](const TLS::Session& session) -> bool +void print_alert(TLS::Alert alert, const byte[], size_t) { - if(session.version() != offer_version) - std::cout << "Offered " << offer_version.to_string() - << " got " << session.version().to_string() << std::endl; - return true; + //std::cout << "Alert " << alert.type_string() << std::endl; }; - auto print_alert = [&](TLS::Alert alert, const byte[], size_t) +void mutate(std::vector& v, RandomNumberGenerator& rng) { - if(alert.is_valid()) - std::cout << "Server recvd alert " << alert.type_string() << std::endl; - }; + if(v.empty()) + return; - auto save_server_data = [&](const byte buf[], size_t sz) - { - c2s_data.insert(c2s_data.end(), buf, buf+sz); - }; + size_t voff = rng.get_random() % v.size(); + v[voff] ^= rng.next_nonzero_byte(); + } - auto save_client_data = [&](const byte buf[], size_t sz) +size_t test_tls_handshake(RandomNumberGenerator& rng, + TLS::Protocol_Version offer_version, + Credentials_Manager& creds, + TLS::Policy& policy) { - s2c_data.insert(s2c_data.end(), buf, buf+sz); - }; + TLS::Session_Manager_In_Memory server_sessions(rng); + TLS::Session_Manager_In_Memory client_sessions(rng); - auto next_protocol_chooser = [&](std::vector protos) { - if(protos.size() != 2) - std::cout << "Bad protocol size" << std::endl; - if(protos[0] != "test/1" || protos[1] != "test/2") - std::cout << "Bad protocol values" << std::endl; - return "test/3"; - }; - const std::vector protocols_offered = { "test/1", "test/2" }; - - TLS::Server server([&](const byte buf[], size_t sz) - { s2c_q.insert(s2c_q.end(), buf, buf+sz); }, - save_server_data, - print_alert, - handshake_complete, - server_sessions, - creds, - policy, - rng, - next_protocol_chooser, - offer_version.is_datagram_protocol()); - - TLS::Client client([&](const byte buf[], size_t sz) - { c2s_q.insert(c2s_q.end(), buf, buf+sz); }, - save_client_data, - print_alert, - handshake_complete, - client_sessions, - creds, - policy, - rng, - TLS::Server_Information("server.example.com"), - offer_version, - protocols_offered); - - while(true) + for(size_t r = 1; r <= 4; ++r) { - if(client.is_closed() && server.is_closed()) - break; + //std::cout << offer_version.to_string() << " r " << r << "\n"; - if(client.is_active()) - client.send("1"); - if(server.is_active()) - { - if(server.next_protocol() != "test/3") - std::cout << "Wrong protocol " << server.next_protocol() << std::endl; - server.send("2"); - } + bool handshake_done = false; - /* - * Use this as a temp value to hold the queues as otherwise they - * might end up appending more in response to messages during the - * handshake. - */ - std::vector input; - std::swap(c2s_q, input); + auto handshake_complete = [&](const TLS::Session& session) -> bool { + handshake_done = true; - try - { - server.received_data(input.data(), input.size()); - } - catch(std::exception& e) - { - std::cout << "Server error - " << e.what() << std::endl; - return 1; - } + /* + std::cout << "Session established " << session.version().to_string() << " " + << session.ciphersuite().to_string() << " " << hex_encode(session.session_id()) << "\n"; + */ + + if(session.version() != offer_version) + std::cout << "Offered " << offer_version.to_string() + << " got " << session.version().to_string() << std::endl; + return true; + }; - input.clear(); - std::swap(s2c_q, input); + auto next_protocol_chooser = [&](std::vector protos) { + if(protos.size() != 2) + std::cout << "Bad protocol size" << std::endl; + if(protos[0] != "test/1" || protos[1] != "test/2") + std::cout << "Bad protocol values" << std::endl; + return "test/3"; + }; + + const std::vector protocols_offered = { "test/1", "test/2" }; try { - client.received_data(input.data(), input.size()); + std::vector c2s_traffic, s2c_traffic, client_recv, server_recv, client_sent, server_sent; + + TLS::Server server(queue_inserter(s2c_traffic), + queue_inserter(server_recv), + print_alert, + handshake_complete, + server_sessions, + creds, + policy, + rng, + next_protocol_chooser, + false); + + TLS::Client client(queue_inserter(c2s_traffic), + queue_inserter(client_recv), + print_alert, + handshake_complete, + client_sessions, + creds, + policy, + rng, + TLS::Server_Information("server.example.com"), + offer_version, + protocols_offered); + + size_t rounds = 0; + + while(true) + { + ++rounds; + + if(rounds > 25) + { + std::cout << "Still here, something went wrong\n"; + return 1; + } + + if(handshake_done && (client.is_closed() || server.is_closed())) + break; + + if(client.is_active() && client_sent.empty()) + { + // Choose a len between 1 and 511 + const size_t c_len = 1 + rng.next_byte() + rng.next_byte(); + client_sent = unlock(rng.random_vec(c_len)); + + // TODO send in several records + client.send(client_sent); + } + + if(server.is_active() && server_sent.empty()) + { + if(server.next_protocol() != "test/3") + std::cout << "Wrong protocol " << server.next_protocol() << std::endl; + + const size_t s_len = 1 + rng.next_byte() + rng.next_byte(); + server_sent = unlock(rng.random_vec(s_len)); + server.send(server_sent); + } + + const bool corrupt_client_data = (r == 3 && c2s_traffic.size() && rng.next_byte() % 3 == 0 && rounds > 1); + const bool corrupt_server_data = (r == 4 && s2c_traffic.size() && rng.next_byte() % 3 == 0 && rounds > 1); + + try + { + /* + * Use this as a temp value to hold the queues as otherwise they + * might end up appending more in response to messages during the + * handshake. + */ + //std::cout << "server recv " << c2s_traffic.size() << " bytes\n"; + std::vector input; + std::swap(c2s_traffic, input); + + if(corrupt_server_data) + { + //std::cout << "Corrupting server data\n"; + mutate(input, rng); + } + server.received_data(input.data(), input.size()); + } + catch(std::exception& e) + { + std::cout << "Server error - " << e.what() << std::endl; + continue; + } + + try + { + //std::cout << "client recv " << s2c_traffic.size() << " bytes\n"; + std::vector input; + std::swap(s2c_traffic, input); + if(corrupt_client_data) + { + //std::cout << "Corrupting client data\n"; + mutate(input, rng); + } + + client.received_data(input.data(), input.size()); + } + catch(std::exception& e) + { + std::cout << "Client error - " << e.what() << std::endl; + continue; + } + + if(client_recv.size()) + { + if(client_recv != server_sent) + { + std::cout << "Error in client recv" << std::endl; + return 1; + } + } + + if(server_recv.size()) + { + if(server_recv != client_sent) + { + std::cout << "Error in server recv" << std::endl; + return 1; + } + } + + if(client.is_closed() && server.is_closed()) + break; + + if(server_recv.size() && client_recv.size()) + { + SymmetricKey client_key = client.key_material_export("label", "context", 32); + SymmetricKey server_key = server.key_material_export("label", "context", 32); + + if(client_key != server_key) + { + std::cout << "TLS key material export mismatch: " + << client_key.as_string() << " != " + << server_key.as_string() << "\n"; + return 1; + } + + if(r % 2 == 0) + client.close(); + else + server.close(); + } + } } catch(std::exception& e) { - std::cout << "Client error - " << e.what() << std::endl; + std::cout << e.what() << "\n"; return 1; } + } - if(c2s_data.size()) - { - if(c2s_data[0] != '1') - { - std::cout << "Error" << std::endl; - return 1; - } - } + return 0; + } + +size_t test_dtls_handshake(RandomNumberGenerator& rng, + TLS::Protocol_Version offer_version, + Credentials_Manager& creds, + TLS::Policy& policy) + { + BOTAN_ASSERT(offer_version.is_datagram_protocol(), "Test is for datagram version"); + + TLS::Session_Manager_In_Memory server_sessions(rng); + TLS::Session_Manager_In_Memory client_sessions(rng); + + for(size_t r = 1; r <= 2; ++r) + { + //std::cout << offer_version.to_string() << " round " << r << "\n"; + + bool handshake_done = false; + + auto handshake_complete = [&](const TLS::Session& session) -> bool { + handshake_done = true; - if(s2c_data.size()) + /* + std::cout << "Session established " << session.version().to_string() << " " + << session.ciphersuite().to_string() << " " << hex_encode(session.session_id()) << "\n"; + */ + + if(session.version() != offer_version) + std::cout << "Offered " << offer_version.to_string() + << " got " << session.version().to_string() << std::endl; + return true; + }; + + auto next_protocol_chooser = [&](std::vector protos) { + if(protos.size() != 2) + std::cout << "Bad protocol size" << std::endl; + if(protos[0] != "test/1" || protos[1] != "test/2") + std::cout << "Bad protocol values" << std::endl; + return "test/3"; + }; + + const std::vector protocols_offered = { "test/1", "test/2" }; + + try { - if(s2c_data[0] != '2') + std::vector c2s_traffic, s2c_traffic, client_recv, server_recv, client_sent, server_sent; + + TLS::Server server(queue_inserter(s2c_traffic), + queue_inserter(server_recv), + print_alert, + handshake_complete, + server_sessions, + creds, + policy, + rng, + next_protocol_chooser, + true); + + TLS::Client client(queue_inserter(c2s_traffic), + queue_inserter(client_recv), + print_alert, + handshake_complete, + client_sessions, + creds, + policy, + rng, + TLS::Server_Information("server.example.com"), + offer_version, + protocols_offered); + + size_t rounds = 0; + + while(true) { - std::cout << "Error" << std::endl; - return 1; - } - } + // TODO: client and server should be in different threads + std::this_thread::sleep_for(std::chrono::milliseconds(rng.next_byte() % 2)); + ++rounds; - if(s2c_data.size() && c2s_data.size()) - { - SymmetricKey client_key = client.key_material_export("label", "context", 32); - SymmetricKey server_key = server.key_material_export("label", "context", 32); + if(rounds > 100) + { + std::cout << "Still here, something went wrong\n"; + return 1; + } + + if(handshake_done && (client.is_closed() || server.is_closed())) + break; + + if(client.is_active() && client_sent.empty()) + { + // Choose a len between 1 and 511 and send random chunks: + const size_t c_len = 1 + rng.next_byte() + rng.next_byte(); + client_sent = unlock(rng.random_vec(c_len)); + + // TODO send multiple parts + //std::cout << "Sending " << client_sent.size() << " bytes to server\n"; + client.send(client_sent); + } - if(client_key != server_key) - return 1; + if(server.is_active() && server_sent.empty()) + { + if(server.next_protocol() != "test/3") + std::cout << "Wrong protocol " << server.next_protocol() << std::endl; + + const size_t s_len = 1 + rng.next_byte() + rng.next_byte(); + server_sent = unlock(rng.random_vec(s_len)); + //std::cout << "Sending " << server_sent.size() << " bytes to client\n"; + server.send(server_sent); + } + + const bool corrupt_client_data = (r == 3 && c2s_traffic.size() && rng.next_byte() % 3 == 0 && rounds < 10); + const bool corrupt_server_data = (r == 4 && s2c_traffic.size() && rng.next_byte() % 3 == 0 && rounds < 10); + + try + { + /* + * Use this as a temp value to hold the queues as otherwise they + * might end up appending more in response to messages during the + * handshake. + */ + //std::cout << "server got " << c2s_traffic.size() << " bytes\n"; + std::vector input; + std::swap(c2s_traffic, input); + + if(corrupt_client_data) + { + //std::cout << "Corrupting client data\n"; + mutate(input, rng); + } + + server.received_data(input.data(), input.size()); + } + catch(std::exception& e) + { + std::cout << "Server error - " << e.what() << std::endl; + continue; + } + + try + { + //std::cout << "client got " << s2c_traffic.size() << " bytes\n"; + std::vector input; + std::swap(s2c_traffic, input); + + if(corrupt_server_data) + { + //std::cout << "Corrupting server data\n"; + mutate(input, rng); + } + client.received_data(input.data(), input.size()); + } + catch(std::exception& e) + { + std::cout << "Client error - " << e.what() << std::endl; + continue; + } - server.close(); - client.close(); + // If we corrupted a DTLS application message, resend it: + if(client.is_active() && corrupt_client_data && server_recv.empty()) + client.send(client_sent); + if(server.is_active() && corrupt_server_data && client_recv.empty()) + server.send(server_sent); + + if(client_recv.size()) + { + if(client_recv != server_sent) + { + std::cout << "Error in client recv" << std::endl; + return 1; + } + } + + if(server_recv.size()) + { + if(server_recv != client_sent) + { + std::cout << "Error in server recv" << std::endl; + return 1; + } + } + + if(client.is_closed() && server.is_closed()) + break; + + if(server_recv.size() && client_recv.size()) + { + SymmetricKey client_key = client.key_material_export("label", "context", 32); + SymmetricKey server_key = server.key_material_export("label", "context", 32); + + if(client_key != server_key) + { + std::cout << "TLS key material export mismatch: " + << client_key.as_string() << " != " + << server_key.as_string() << "\n"; + return 1; + } + + if(r % 2 == 0) + client.close(); + else + server.close(); + } + } + } + catch(std::exception& e) + { + std::cout << e.what() << "\n"; + return 1; } } return 0; } -class Test_Policy : public TLS::Policy +class Test_Policy : public TLS::Text_Policy { public: + Test_Policy() : Text_Policy("") {} bool acceptable_protocol_version(TLS::Protocol_Version) const override { return true; } bool send_fallback_scsv(TLS::Protocol_Version) const override { return false; } + + size_t dtls_initial_timeout() const override { return 1; } + size_t dtls_maximum_timeout() const override { return 8; } }; } @@ -315,17 +600,43 @@ size_t test_tls() { size_t errors = 0; - Test_Policy default_policy; auto& rng = test_rng(); std::unique_ptr basic_creds(create_creds()); - errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V10, *basic_creds, default_policy); - errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V11, *basic_creds, default_policy); - errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V12, *basic_creds, default_policy); - errors += basic_test_handshake(rng, TLS::Protocol_Version::DTLS_V10, *basic_creds, default_policy); - errors += basic_test_handshake(rng, TLS::Protocol_Version::DTLS_V12, *basic_creds, default_policy); - - test_report("TLS", 5, errors); + Test_Policy policy; + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V10, *basic_creds, policy); + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V11, *basic_creds, policy); + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V12, *basic_creds, policy); + errors += test_dtls_handshake(rng, TLS::Protocol_Version::DTLS_V10, *basic_creds, policy); + errors += test_dtls_handshake(rng, TLS::Protocol_Version::DTLS_V12, *basic_creds, policy); + + policy.set("key_exchange_methods", "RSA"); + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V10, *basic_creds, policy); + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V11, *basic_creds, policy); + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V12, *basic_creds, policy); + errors += test_dtls_handshake(rng, TLS::Protocol_Version::DTLS_V10, *basic_creds, policy); + errors += test_dtls_handshake(rng, TLS::Protocol_Version::DTLS_V12, *basic_creds, policy); + + policy.set("key_exchange_methods", "DH"); + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V10, *basic_creds, policy); + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V11, *basic_creds, policy); + policy.set("key_exchange_methods", "ECDH"); + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V12, *basic_creds, policy); + errors += test_dtls_handshake(rng, TLS::Protocol_Version::DTLS_V10, *basic_creds, policy); + errors += test_dtls_handshake(rng, TLS::Protocol_Version::DTLS_V12, *basic_creds, policy); + + policy.set("ciphers", "AES-128"); + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V10, *basic_creds, policy); + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V11, *basic_creds, policy); + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V12, *basic_creds, policy); + errors += test_dtls_handshake(rng, TLS::Protocol_Version::DTLS_V10, *basic_creds, policy); + errors += test_dtls_handshake(rng, TLS::Protocol_Version::DTLS_V12, *basic_creds, policy); + + policy.set("ciphers", "ChaCha20Poly1305"); + errors += test_tls_handshake(rng, TLS::Protocol_Version::TLS_V12, *basic_creds, policy); + errors += test_dtls_handshake(rng, TLS::Protocol_Version::DTLS_V12, *basic_creds, policy); + + test_report("TLS", 22, errors); return errors; } -- cgit v1.2.3 From f0967b61945326de6244801f5b1276ac36d7a30e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 26 Oct 2015 08:55:34 -0400 Subject: Disable two tests from x509test which no longer have correct dates. These will need to be regen'ed with corrected values. Fix for minimized builds. --- src/tests/data/x509test/expected.txt | 6 ++++-- src/tests/nist_x509.cpp | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'src/tests') diff --git a/src/tests/data/x509test/expected.txt b/src/tests/data/x509test/expected.txt index 573df4fe7..67e2937eb 100644 --- a/src/tests/data/x509test/expected.txt +++ b/src/tests/data/x509test/expected.txt @@ -12,8 +12,6 @@ InvalidNameAltName.pem:Certificate does not match provided name InvalidNameAltNameWithSubj.pem:Certificate does not match provided name InvalidNotAfter.pem:Certificate has expired InvalidNotAfterChained.pem:Certificate has expired -InvalidNotBefore.pem:Certificate is not yet valid -InvalidNotBeforeChained.pem:Certificate is not yet valid InvalidSelfSign.pem:Cannot establish trust InvalidWildcardAll.pem:Certificate does not match provided name InvalidWildcardAllAltName.pem:Certificate does not match provided name @@ -33,6 +31,10 @@ ValidChained.pem:Verified ValidIntCALen.pem:Verified ValidWildcard.pem:Verified +# Need to fix date settings in x509test and regen +#InvalidNotBefore.pem:Certificate is not yet valid +#InvalidNotBeforeChained.pem:Certificate is not yet valid + # Missing name constraints InvalidNameConstraintExclude.pem:Certificate issuer not found InvalidNameConstraintPermit.pem:Certificate issuer not found diff --git a/src/tests/nist_x509.cpp b/src/tests/nist_x509.cpp index 0ce74334f..65e154293 100644 --- a/src/tests/nist_x509.cpp +++ b/src/tests/nist_x509.cpp @@ -376,6 +376,7 @@ std::map get_expected() #else +size_t test_x509_x509test() { return 0; } size_t test_nist_x509() { return 0; } #endif -- cgit v1.2.3