diff options
18 files changed, 1001 insertions, 75 deletions
@@ -1,2 +1,3 @@ *.beam +rel test/test.mk diff --git a/src/x509.erl b/src/x509.erl index eae1468..1b0db5e 100644 --- a/src/x509.erl +++ b/src/x509.erl @@ -127,37 +127,55 @@ encoded_tbs_cert(DerCert) -> PKIXCert, EncodedTBSCert. --spec extract_verify_data(#'Certificate'{}, binary()) -> {ok, tuple()} | error. -%% @doc Return DER encoded TBScertificate, digest type and signature. -%% Code from pubkey_cert:extract_verify_data/2. -extract_verify_data(Cert, DerCert) -> - PlainText = encoded_tbs_cert(DerCert), - {_, Sig} = Cert#'Certificate'.signature, - SigAlgRecord = Cert#'Certificate'.signatureAlgorithm, - SigAlg = SigAlgRecord#'AlgorithmIdentifier'.algorithm, - try - {DigestType, _} = public_key:pkix_sign_types(SigAlg), - {ok, {PlainText, DigestType, Sig}} - catch - error:function_clause -> - lager:debug("signature algorithm not supported: ~p", [SigAlg]), +-spec decode_cert(binary()) -> #'Certificate'{} | error. +decode_cert(Der) -> + case (catch public_key:pkix_decode_cert(Der, plain)) of + #'Certificate'{} = Cert -> + Cert; + {'EXIT', Reason} -> + lager:info("invalid certificate: ~p: ~p", [cert_string(Der), Reason]), + dump_unparsable_cert(Der), + error; + Unknown -> + lager:info("unknown error decoding cert: ~p: ~p", + [cert_string(Der), Unknown]), error end. -%% @doc Verify that Cert/DerCert is signed by Issuer. --spec verify_sig(#'Certificate'{}, binary(), #'Certificate'{}) -> boolean(). -verify_sig(Cert, DerCert, % Certificate to verify. - #'Certificate'{ % Issuer. - tbsCertificate = #'TBSCertificate'{ - subjectPublicKeyInfo = IssuerSPKI}}) -> - %% Dig out digest, digest type and signature from Cert/DerCert. - case extract_verify_data(Cert, DerCert) of - error -> false; - {ok, Tuple} -> verify_sig2(IssuerSPKI, Tuple) +parsable_cert_p(Der) -> + case decode_cert(Der) of + error -> + false; + _ -> + true end. -verify_sig2(IssuerSPKI, {DigestOrPlainText, DigestType, Signature}) -> - %% Dig out issuer key from issuer cert. +%% @doc Is Cert signed by Issuer? Only verify that the signature +%% matches and don't check things like Cert.issuer == Issuer.subject. +-spec signed_by_p(binary(), binary()) -> boolean(). +signed_by_p(SubjectDer, IssuerDer) -> + SubjectCert = decode_cert(SubjectDer), + IssuerCert = decode_cert(IssuerDer), + + case {SubjectCert, IssuerCert} of + {#'Certificate'{}, + #'Certificate'{tbsCertificate = + #'TBSCertificate'{subjectPublicKeyInfo = + IssuerSPKI}}} -> + %% Dig out digest, digest type and signature from subject cert and + %% verify signature. + case extract_verify_data(decode_cert(SubjectDer), SubjectDer) of + error -> + false; + {ok, SubjectData} -> + verify_sig(IssuerSPKI, SubjectData) + end; + _ -> + false + end. + +verify_sig(IssuerSPKI, {DigestOrPlainText, DigestType, Signature}) -> + %% Dig out alg, params and key from issuer. #'SubjectPublicKeyInfo'{ algorithm = #'AlgorithmIdentifier'{algorithm = Alg, parameters = Params}, subjectPublicKey = {0, Key0}} = IssuerSPKI, @@ -170,33 +188,29 @@ verify_sig2(IssuerSPKI, {DigestOrPlainText, DigestType, Signature}) -> Point = #'ECPoint'{point = Key0}, ECParams = public_key:der_decode('EcpkParameters', Params), {Point, ECParams}; - _ -> % FIXME: 'DSAPublicKey' + _ -> % FIXME: 'DSAPublicKey' lager:error("NIY: Issuer key type ~p", [KeyType]), false end, %% Verify the signature. public_key:verify(DigestOrPlainText, DigestType, Signature, IssuerKey). -%% @doc Is Cert signed by Issuer? Only verify that the signature -%% matches and don't check things like Cert.issuer == Issuer.subject. --spec signed_by_p(binary(), binary()) -> boolean(). -signed_by_p(DerCert, IssuerDerCert) when is_binary(DerCert), - is_binary(IssuerDerCert) -> - verify_sig(public_key:pkix_decode_cert(DerCert, plain), - DerCert, - public_key:pkix_decode_cert(IssuerDerCert, plain)). - -parsable_cert_p(Der) -> - case (catch public_key:pkix_decode_cert(Der, plain)) of - #'Certificate'{} -> - true; - {'EXIT', Reason} -> - lager:info("invalid certificate: ~p: ~p", [cert_string(Der), Reason]), - false; - Unknown -> - lager:info("unknown error decoding cert: ~p: ~p", - [cert_string(Der), Unknown]), - false +-spec extract_verify_data(#'Certificate'{}, binary()) -> {ok, tuple()} | error. +%% @doc Return DER encoded TBScertificate, digest type and signature. +%% Code from pubkey_cert:extract_verify_data/2. +extract_verify_data(Cert, DerCert) -> + PlainText = encoded_tbs_cert(DerCert), + {_, Sig} = Cert#'Certificate'.signature, + SigAlgRecord = Cert#'Certificate'.signatureAlgorithm, + SigAlg = SigAlgRecord#'AlgorithmIdentifier'.algorithm, + try + {DigestType, _} = public_key:pkix_sign_types(SigAlg), + {ok, {PlainText, DigestType, Sig}} + catch + error:function_clause -> + lager:debug("~p: signature algorithm not supported: ~p", + [cert_string(DerCert), SigAlg]), + error end. %% Precerts according to RFC6962. @@ -367,18 +381,18 @@ pems_from_file(Filename) -> Pems. -spec dump_unparsable_cert(binary()) -> ok | {error, atom()} | not_logged. -dump_unparsable_cert(CertDer) -> +dump_unparsable_cert(Der) -> case application:get_env(catlfish, rejected_certs_path) of {ok, Directory} -> {NowMegaSec, NowSec, NowMicroSec} = now(), Filename = filename:join(Directory, io_lib:format("~p:~p.~p", - [cert_string(CertDer), + [cert_string(Der), NowMegaSec * 1000 * 1000 + NowSec, NowMicroSec])), - lager:debug("dumping cert to ~p~n", [Filename]), - file:write_file(Filename, CertDer); + lager:info("dumping cert to ~p~n", [Filename]), + file:write_file(Filename, Der); _ -> not_logged end. @@ -400,36 +414,64 @@ valid_cert_test_() -> fun({KnownRoots, Chains}) -> [ %% Self-signed but verified against itself so pass. - %% Not a valid OTPCertificate: - %% {error,{asn1,{invalid_choice_tag,{22,<<"US">>}}}} - %% 'OTP-PUB-KEY':Func('OTP-X520countryname', Value0) - %% FIXME: This error doesn't make much sense -- is my - %% environment borked? - ?_assertMatch({true, _}, normalise_chain(lists:nth(1, Chains), - lists:nth(1, Chains), 10)), + %% Note that this certificate is rejected by the + %% stricter OTP-PKIX.asn1 specification generating + %% #'OTPCertificate'{}. The error is + %% {invalid_choice_tag,{22,<<"US">>}}}} in + %% 'OTP-PUB-KEY':Func('OTP-X520countryname', Value0). + ?_assertMatch({true, _}, normalise_chain(nth(1, Chains), + nth(1, Chains), 10)), %% Self-signed so fail. ?_assertMatch({false, root_unknown}, normalise_chain(KnownRoots, - lists:nth(2, Chains), 10)), + nth(2, Chains), 10)), %% Leaf signed by known CA, pass. ?_assertMatch({true, _}, normalise_chain(KnownRoots, - lists:nth(3, Chains), 10)), + nth(3, Chains), 10)), %% Proper 3-depth chain with root in KnownRoots, pass. %% Bug CATLFISH-19 --> [info] rejecting "3ee62cb678014c14d22ebf96f44cc899adea72f1": chain_broken %% leaf sha1: 3ee62cb678014c14d22ebf96f44cc899adea72f1 %% leaf Subject: C=KR, O=Government of Korea, OU=Group of Server, OU=\xEA\xB5\x90\xEC\x9C\xA1\xEA\xB3\xBC\xED\x95\x99\xEA\xB8\xB0\xEC\x88\xA0\xEB\xB6\x80, CN=www.berea.ac.kr, CN=haksa.bits.ac.kr ?_assertMatch({true, _}, normalise_chain(KnownRoots, - lists:nth(4, Chains), 3)), + nth(4, Chains), 3)), %% Verify against self, pass. %% Bug CATLFISH-??, can't handle issuer keytype ECPoint. %% Issuer sha1: 6969562e4080f424a1e7199f14baf3ee58ab6abb - ?_assertMatch(true, signed_by_p(hd(lists:nth(5, Chains)), - hd(lists:nth(5, Chains)))), + ?_assertMatch(true, signed_by_p(hd(nth(5, Chains)), + hd(nth(5, Chains)))), %% Unsupported signature algorithm MD2-RSA, fail. %% Signature Algorithm: md2WithRSAEncryption %% CA cert with sha1 96974cd6b663a7184526b1d648ad815cf51e801a - ?_assertMatch(false, signed_by_p(hd(lists:nth(6, Chains)), - hd(lists:nth(6, Chains)))) + ?_assertMatch(false, signed_by_p(hd(nth(6, Chains)), + hd(nth(6, Chains)))), + + %% Supposedly problematic chains from Google Aviator, fatal. + %% 00459972: asn1: syntax error: sequence truncated + ?_assertMatch({true, _}, normalise_chain(nth(7, Chains), + nth(7, Chains), 10)), + %% 1402673: x509: RSA modulus is not a positive number + ?_assertMatch({true, _}, normalise_chain(nth(8, Chains), + nth(8, Chains), 10)), + %% 1345105: asn1: syntax error: IA5String contains invalid character + ?_assertMatch({true, _}, normalise_chain(nth(9, Chains), + nth(9, Chains), 10)), + %% 1557693: asn1: structure error: integer too large + ?_assertMatch({true, _}, normalise_chain(nth(10, Chains), + nth(10, Chains), 10)), + + %% Supposedly problematic chains from Google Aviator, non-fatal. + %% 16800: x509: negative serial number + %% a.pem + ?_assertMatch({true, _}, normalise_chain(nth(11, Chains), + nth(11, Chains), 10)), + %% 22487: x509: unhandled critical extension ([2 5 29 32]) + %% b.pem + ?_assertMatch({true, _}, normalise_chain(nth(12, Chains), + nth(12, Chains), 10)), + %% 5198: x509: certificate contained IP address of length 8 + %% c.pem + ?_assertMatch({true, _}, normalise_chain(nth(13, Chains), + nth(13, Chains), 10)) ] end}. chain_test_() -> diff --git a/test/testdata/chains/001.9ed5072acb40d74aa5034b4525e4db56e2733ed0.pem b/test/testdata/chains/001.9ed5072acb40d74aa5034b4525e4db56e2733ed0.pem new file mode 100644 index 0000000..0c8847b --- /dev/null +++ b/test/testdata/chains/001.9ed5072acb40d74aa5034b4525e4db56e2733ed0.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1167666620 (0x45992dbc) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=California, L=Sunnyvale, O=HTTPS Management Certificate for SonicWALL (self-signed), OU=HTTPS Management Certificate for SonicWALL (self-signed), CN=192.168.168.168 + Validity + Not Before: Jan 1 00:00:01 1970 GMT + Not After : Jan 19 03:14:07 2038 GMT + Subject: C=US, ST=California, L=Sunnyvale, O=HTTPS Management Certificate for SonicWALL (self-signed), OU=HTTPS Management Certificate for SonicWALL (self-signed), CN=192.168.168.168 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:d0:e3:96:0a:8c:4c:c6:86:72:99:f6:c4:3d:d9: + 87:56:12:65:1b:5b:ab:a7:fc:23:0f:d7:d3:66:a8: + eb:ff:04:6b:53:6a:e3:75:5e:c4:bd:f7:41:10:2c: + 4e:47:f6:ab:4a:99:79:f0:30:8a:9d:71:a2:5f:a5: + 11:79:5e:c9:85:28:1e:dd:17:c6:41:e9:94:60:ac: + 2f:cd:1b:7f:10:60:0c:9c:4a:be:11:00:10:83:70: + 44:df:b6:b3:81:ff:64:26:83:63:b1:30:7e:60:9f: + 15:26:41:f6:7b:23:aa:0a:54:4f:ad:9c:6f:25:d6: + 3a:e3:f1:7d:3f:28:22:c5:d9 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + cd:2a:0b:e6:e9:f6:cb:cd:5f:8c:cd:7d:21:25:21:69:33:dd: + a3:a2:e9:25:4b:c4:56:51:c9:00:26:57:53:42:f2:27:50:d0: + 71:61:a8:c1:56:40:1e:5a:65:b1:79:35:b0:44:50:57:5f:87: + e9:c4:14:8d:5e:8f:3e:b9:11:9b:4f:91:99:06:82:68:17:53: + 5e:88:3c:4c:e7:2e:46:80:88:fc:6c:a9:b2:23:65:71:d0:f7: + df:22:53:0e:0c:4b:90:d2:ee:49:b8:c8:c3:e9:66:5d:72:a5: + 91:21:f0:c1:9d:b9:2f:38:14:da:d5:15:0f:fc:f4:0b:64:29: + b1:6f +-----BEGIN CERTIFICATE----- +MIIDJTCCAo6gAwIBAgIERZktvDANBgkqhkiG9w0BAQQFADCB1jELMAkGA1UEBhYC +VVMxEzARBgNVBAgWCkNhbGlmb3JuaWExEjAQBgNVBAcWCVN1bm55dmFsZTFBMD8G +A1UEChY4SFRUUFMgTWFuYWdlbWVudCBDZXJ0aWZpY2F0ZSBmb3IgU29uaWNXQUxM +IChzZWxmLXNpZ25lZCkxQTA/BgNVBAsWOEhUVFBTIE1hbmFnZW1lbnQgQ2VydGlm +aWNhdGUgZm9yIFNvbmljV0FMTCAoc2VsZi1zaWduZWQpMRgwFgYDVQQDFg8xOTIu +MTY4LjE2OC4xNjgwHhcNNzAwMTAxMDAwMDAxWhcNMzgwMTE5MDMxNDA3WjCB1jEL +MAkGA1UEBhYCVVMxEzARBgNVBAgWCkNhbGlmb3JuaWExEjAQBgNVBAcWCVN1bm55 +dmFsZTFBMD8GA1UEChY4SFRUUFMgTWFuYWdlbWVudCBDZXJ0aWZpY2F0ZSBmb3Ig +U29uaWNXQUxMIChzZWxmLXNpZ25lZCkxQTA/BgNVBAsWOEhUVFBTIE1hbmFnZW1l +bnQgQ2VydGlmaWNhdGUgZm9yIFNvbmljV0FMTCAoc2VsZi1zaWduZWQpMRgwFgYD +VQQDFg8xOTIuMTY4LjE2OC4xNjgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ANDjlgqMTMaGcpn2xD3Zh1YSZRtbq6f8Iw/X02ao6/8Ea1Nq43VexL33QRAsTkf2 +q0qZefAwip1xol+lEXleyYUoHt0XxkHplGCsL80bfxBgDJxKvhEAEINwRN+2s4H/ +ZCaDY7EwfmCfFSZB9nsjqgpUT62cbyXWOuPxfT8oIsXZAgMBAAEwDQYJKoZIhvcN +AQEEBQADgYEAzSoL5un2y81fjM19ISUhaTPdo6LpJUvEVlHJACZXU0LyJ1DQcWGo +wVZAHlplsXk1sERQV1+H6cQUjV6PPrkRm0+RmQaCaBdTXog8TOcuRoCI/GypsiNl +cdD33yJTDgxLkNLuSbjIw+lmXXKlkSHwwZ25LzgU2tUVD/z0C2QpsW8= +-----END CERTIFICATE----- diff --git a/test/testdata/chains/002.8094ee90e2725c8ebde18bb83dd3cabe246ecb2b.pem b/test/testdata/chains/002.8094ee90e2725c8ebde18bb83dd3cabe246ecb2b.pem new file mode 100644 index 0000000..36ea7fd --- /dev/null +++ b/test/testdata/chains/002.8094ee90e2725c8ebde18bb83dd3cabe246ecb2b.pem @@ -0,0 +1,62 @@ +% Self-signed. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=flimsytest + Validity + Not Before: May 4 10:17:19 2014 GMT + Not After : May 4 10:17:19 2015 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=flimsytest + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:c5:1e:c3:c1:9a:26:e8:64:7f:dd:1c:05:5a:e0: + 9a:87:cc:d1:d4:f5:30:95:62:73:79:56:a8:8e:8e: + eb:12:7b:cb:8d:5e:5f:eb:3b:12:c9:c4:7d:fe:ad: + 85:c5:89:81:63:2f:3c:dc:a1:b6:ee:7c:7b:42:9d: + 6d:69:81:a4:c7:34:0e:85:f0:f3:ee:5f:34:92:a1: + 01:bb:f6:f6:c1:6a:e8:c6:cf:7f:44:8d:b7:9d:62: + d5:9a:7a:22:bc:f2:d4:e3:fa:03:e9:b1:ca:01:f0: + db:84:33:9f:64:60:f3:f8:7a:5b:f0:e3:9d:4e:b2: + 21:a1:49:a8:d9:e5:e8:7f:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 7C:05:0C:BA:09:58:C2:DE:46:7F:ED:39:5B:87:B2:28:8B:99:D7:28 + X509v3 Authority Key Identifier: + keyid:7C:05:0C:BA:09:58:C2:DE:46:7F:ED:39:5B:87:B2:28:8B:99:D7:28 + + Signature Algorithm: sha256WithRSAEncryption + 59:47:3b:91:85:21:40:31:af:82:bf:57:21:c3:46:07:eb:14: + bf:be:ec:f8:98:d1:0e:51:0b:eb:2c:44:8a:95:d0:e9:43:04: + 56:43:c5:10:41:76:2e:6c:f3:0a:9b:e4:5f:15:f5:2e:38:17: + dd:f6:f7:9e:5f:ed:f7:b2:76:b2:c2:55:da:48:73:e4:54:dc: + 3b:7e:b8:88:33:27:83:67:34:c8:a4:e7:b2:c7:20:51:0e:9f: + f6:b8:f3:a5:73:e2:b2:fc:5e:cf:82:43:6b:0e:73:fa:ef:ce: + 5d:46:f8:de:54:6c:b1:96:17:be:1c:f9:c4:49:cb:8d:ee:0a: + da:32 +-----BEGIN CERTIFICATE----- +MIICpTCCAg6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRMwEQYDVQQDDApmbGltc3l0ZXN0MB4XDTE0MDUwNDEwMTcxOVoXDTE1 +MDUwNDEwMTcxOVowWjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKZmxp +bXN5dGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxR7DwZom6GR/3RwF +WuCah8zR1PUwlWJzeVaojo7rEnvLjV5f6zsSycR9/q2FxYmBYy883KG27nx7Qp1t +aYGkxzQOhfDz7l80kqEBu/b2wWroxs9/RI23nWLVmnoivPLU4/oD6bHKAfDbhDOf +ZGDz+Hpb8OOdTrIhoUmo2eXof/UCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB +hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE +FHwFDLoJWMLeRn/tOVuHsiiLmdcoMB8GA1UdIwQYMBaAFHwFDLoJWMLeRn/tOVuH +siiLmdcoMA0GCSqGSIb3DQEBCwUAA4GBAFlHO5GFIUAxr4K/VyHDRgfrFL++7PiY +0Q5RC+ssRIqV0OlDBFZDxRBBdi5s8wqb5F8V9S44F932955f7feydrLCVdpIc+RU +3Dt+uIgzJ4NnNMik57LHIFEOn/a486Vz4rL8Xs+CQ2sOc/rvzl1G+N5UbLGWF74c ++cRJy43uCtoy +-----END CERTIFICATE----- diff --git a/test/testdata/chains/003.842456568ed7904347aa89ab777da4943ba1a7d5.pem b/test/testdata/chains/003.842456568ed7904347aa89ab777da4943ba1a7d5.pem new file mode 100644 index 0000000..7d86862 --- /dev/null +++ b/test/testdata/chains/003.842456568ed7904347aa89ab777da4943ba1a7d5.pem @@ -0,0 +1,213 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 09:48:b1:a9:3b:25:1d:0d:b1:05:10:59:e2:c2:68:0a + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA + Validity + Not Before: Oct 22 12:00:01 2013 GMT + Not After : May 3 12:00:00 2016 GMT + Subject: C=US, ST=Massachusetts, L=Walpole, O=The Tor Project, Inc., CN=*.torproject.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b7:23:39:ed:c8:68:85:27:e5:81:0e:9c:00:0c: + fa:e2:25:2a:6d:07:c8:75:1a:47:aa:f0:53:49:b9: + 62:17:52:57:c0:d1:19:40:7c:d1:0e:bb:ce:42:1b: + ba:d4:cc:6c:49:5a:f0:aa:4f:4a:ab:0a:fc:54:a1: + 49:78:4b:58:1e:87:bf:95:15:da:34:7a:fc:fc:f1: + 8b:c4:1a:2c:c3:00:b8:b4:f9:a0:70:a4:47:a2:67: + 2c:56:6b:52:d3:ea:e7:44:66:85:87:e0:d7:99:30: + a2:c9:84:cc:fa:8b:6b:73:43:70:ae:6d:a5:35:f9: + 17:8f:03:bc:14:fe:d1:a0:99:40:b9:dd:28:6c:d5: + 86:22:48:a4:42:5d:7d:37:3a:f5:bd:62:e3:11:b2: + 87:3a:78:0a:15:05:0e:d9:8a:f4:c4:59:15:1b:c3: + 16:5e:19:69:50:5e:da:16:b0:ff:ed:64:7a:61:b0: + 87:95:2e:68:3f:8f:0e:a4:c9:97:ec:70:41:d5:02: + ac:a5:81:83:09:ce:54:b2:4a:aa:ba:76:fd:87:34: + 9a:49:13:15:7a:9d:50:3d:41:4b:ec:20:bc:20:e2: + eb:87:fb:9d:dc:b2:4d:08:1b:f0:85:a8:58:47:85: + e8:a1:db:88:56:4b:55:1f:e9:b8:7e:b8:71:bc:91: + 17:c7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:51:68:FF:90:AF:02:07:75:3C:CC:D9:65:64:62:A2:12:B8:59:72:3B + + X509v3 Subject Key Identifier: + 82:26:08:F1:13:29:55:34:14:B4:8F:80:1D:71:B8:60:DA:4B:41:CC + X509v3 Subject Alternative Name: + DNS:*.torproject.org, DNS:torproject.org + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl3.digicert.com/sha2-ha-server-g1.crl + + Full Name: + URI:http://crl4.digicert.com/sha2-ha-server-g1.crl + + X509v3 Certificate Policies: + Policy: 2.16.840.1.114412.1.1 + CPS: https://www.digicert.com/CPS + + Authority Information Access: + OCSP - URI:http://ocsp.digicert.com + CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt + + X509v3 Basic Constraints: critical + CA:FALSE + Signature Algorithm: sha256WithRSAEncryption + 6f:70:71:7e:80:11:d0:aa:60:09:61:3a:e9:a9:4b:42:34:8f: + ab:74:63:d0:d6:8b:58:83:1e:04:d7:aa:99:85:df:64:52:0c: + 2e:83:d7:3e:ca:0a:3d:2e:c4:6a:6a:9f:5a:04:c4:8e:29:82: + 9c:e4:c6:c7:5f:56:bd:aa:41:18:14:ec:25:0c:dd:b8:23:20: + a5:01:5f:8c:3e:40:95:50:ab:cd:95:9f:59:23:40:b4:6f:5b: + db:b2:5e:8b:e8:cb:5b:d0:60:35:e5:e8:c5:e7:f0:53:e9:0d: + fc:b0:df:38:3e:67:96:a7:99:db:60:9d:19:00:ab:2b:93:2f: + dc:4c:e4:bf:5f:12:b7:13:b1:66:1e:ca:fa:8b:f3:87:88:68: + 4a:d5:e5:9b:1c:a3:c0:77:aa:53:83:b4:d3:dd:50:e5:ab:2b: + 2c:f0:4f:ad:ed:d7:24:b8:0a:c4:7a:45:63:9b:2f:28:a7:2e: + f9:37:8c:64:cc:48:6e:44:c7:4f:ab:bd:b6:b8:e9:c7:b1:8c: + 57:bc:f3:80:f7:a4:4a:b9:f4:e4:17:02:63:7b:fc:55:9b:f8: + 3b:be:53:76:dc:81:01:78:a9:bb:50:ea:7a:92:c2:11:19:3a: + 3a:6f:ec:98:af:67:f3:54:e5:71:a5:79:cc:36:46:c9:ed:63: + 52:fd:9b:52 +-----BEGIN CERTIFICATE----- +MIIFXTCCBEWgAwIBAgIQCUixqTslHQ2xBRBZ4sJoCjANBgkqhkiG9w0BAQsFADBw +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz +dXJhbmNlIFNlcnZlciBDQTAeFw0xMzEwMjIxMjAwMDFaFw0xNjA1MDMxMjAwMDBa +MHIxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMRAwDgYDVQQH +EwdXYWxwb2xlMR4wHAYDVQQKExVUaGUgVG9yIFByb2plY3QsIEluYy4xGTAXBgNV +BAMMECoudG9ycHJvamVjdC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC3IzntyGiFJ+WBDpwADPriJSptB8h1Gkeq8FNJuWIXUlfA0RlAfNEOu85C +G7rUzGxJWvCqT0qrCvxUoUl4S1geh7+VFdo0evz88YvEGizDALi0+aBwpEeiZyxW +a1LT6udEZoWH4NeZMKLJhMz6i2tzQ3CubaU1+RePA7wU/tGgmUC53Shs1YYiSKRC +XX03OvW9YuMRsoc6eAoVBQ7ZivTEWRUbwxZeGWlQXtoWsP/tZHphsIeVLmg/jw6k +yZfscEHVAqylgYMJzlSySqq6dv2HNJpJExV6nVA9QUvsILwg4uuH+53csk0IG/CF +qFhHheih24hWS1Uf6bh+uHG8kRfHAgMBAAGjggHvMIIB6zAfBgNVHSMEGDAWgBRR +aP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQUgiYI8RMpVTQUtI+AHXG4YNpL +QcwwKwYDVR0RBCQwIoIQKi50b3Jwcm9qZWN0Lm9yZ4IOdG9ycHJvamVjdC5vcmcw +DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1 +BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1o +YS1zZXJ2ZXItZzEuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20v +c2hhMi1oYS1zZXJ2ZXItZzEuY3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb9bAEBMCow +KAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsG +AQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t +ME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl +cnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMA0G +CSqGSIb3DQEBCwUAA4IBAQBvcHF+gBHQqmAJYTrpqUtCNI+rdGPQ1otYgx4E16qZ +hd9kUgwug9c+ygo9LsRqap9aBMSOKYKc5MbHX1a9qkEYFOwlDN24IyClAV+MPkCV +UKvNlZ9ZI0C0b1vbsl6L6Mtb0GA15ejF5/BT6Q38sN84PmeWp5nbYJ0ZAKsrky/c +TOS/XxK3E7FmHsr6i/OHiGhK1eWbHKPAd6pTg7TT3VDlqyss8E+t7dckuArEekVj +my8opy75N4xkzEhuRMdPq722uOnHsYxXvPOA96RKufTkFwJje/xVm/g7vlN23IEB +eKm7UOp6ksIRGTo6b+yYr2fzVOVxpXnMNkbJ7WNS/ZtS +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 04:e1:e7:a4:dc:5c:f2:f3:6d:c0:2b:42:b8:5d:15:9f + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA + Validity + Not Before: Oct 22 12:00:00 2013 GMT + Not After : Oct 22 12:00:00 2028 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b6:e0:2f:c2:24:06:c8:6d:04:5f:d7:ef:0a:64: + 06:b2:7d:22:26:65:16:ae:42:40:9b:ce:dc:9f:9f: + 76:07:3e:c3:30:55:87:19:b9:4f:94:0e:5a:94:1f: + 55:56:b4:c2:02:2a:af:d0:98:ee:0b:40:d7:c4:d0: + 3b:72:c8:14:9e:ef:90:b1:11:a9:ae:d2:c8:b8:43: + 3a:d9:0b:0b:d5:d5:95:f5:40:af:c8:1d:ed:4d:9c: + 5f:57:b7:86:50:68:99:f5:8a:da:d2:c7:05:1f:a8: + 97:c9:dc:a4:b1:82:84:2d:c6:ad:a5:9c:c7:19:82: + a6:85:0f:5e:44:58:2a:37:8f:fd:35:f1:0b:08:27: + 32:5a:f5:bb:8b:9e:a4:bd:51:d0:27:e2:dd:3b:42: + 33:a3:05:28:c4:bb:28:cc:9a:ac:2b:23:0d:78:c6: + 7b:e6:5e:71:b7:4a:3e:08:fb:81:b7:16:16:a1:9d: + 23:12:4d:e5:d7:92:08:ac:75:a4:9c:ba:cd:17:b2: + 1e:44:35:65:7f:53:25:39:d1:1c:0a:9a:63:1b:19: + 92:74:68:0a:37:c2:c2:52:48:cb:39:5a:a2:b6:e1: + 5d:c1:dd:a0:20:b8:21:a2:93:26:6f:14:4a:21:41: + c7:ed:6d:9b:f2:48:2f:f3:03:f5:a2:68:92:53:2f: + 5e:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Authority Information Access: + OCSP - URI:http://ocsp.digicert.com + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl + + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: https://www.digicert.com/CPS + + X509v3 Subject Key Identifier: + 51:68:FF:90:AF:02:07:75:3C:CC:D9:65:64:62:A2:12:B8:59:72:3B + X509v3 Authority Key Identifier: + keyid:B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3 + + Signature Algorithm: sha256WithRSAEncryption + 18:8a:95:89:03:e6:6d:df:5c:fc:1d:68:ea:4a:8f:83:d6:51: + 2f:8d:6b:44:16:9e:ac:63:f5:d2:6e:6c:84:99:8b:aa:81:71: + 84:5b:ed:34:4e:b0:b7:79:92:29:cc:2d:80:6a:f0:8e:20:e1: + 79:a4:fe:03:47:13:ea:f5:86:ca:59:71:7d:f4:04:96:6b:d3: + 59:58:3d:fe:d3:31:25:5c:18:38:84:a3:e6:9f:82:fd:8c:5b: + 98:31:4e:cd:78:9e:1a:fd:85:cb:49:aa:f2:27:8b:99:72:fc: + 3e:aa:d5:41:0b:da:d5:36:a1:bf:1c:6e:47:49:7f:5e:d9:48: + 7c:03:d9:fd:8b:49:a0:98:26:42:40:eb:d6:92:11:a4:64:0a: + 57:54:c4:f5:1d:d6:02:5e:6b:ac:ee:c4:80:9a:12:72:fa:56: + 93:d7:ff:bf:30:85:06:30:bf:0b:7f:4e:ff:57:05:9d:24:ed: + 85:c3:2b:fb:a6:75:a8:ac:2d:16:ef:7d:79:27:b2:eb:c2:9d: + 0b:07:ea:aa:85:d3:01:a3:20:28:41:59:43:28:d2:81:e3:aa: + f6:ec:7b:3b:77:b6:40:62:80:05:41:45:01:ef:17:06:3e:de: + c0:33:9b:67:d3:61:2e:72:87:e4:69:fc:12:00:57:40:1e:70: + f5:1e:c9:b4 +-----BEGIN CERTIFICATE----- +MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy +YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2 +4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC +Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1 +itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn +4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X +sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft +bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA +MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy +dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t +L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG +BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ +UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D +aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd +aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH +E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly +/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu +xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF +0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae +cPUeybQ= +-----END CERTIFICATE----- diff --git a/test/testdata/chains/004.3ee62cb678014c14d22ebf96f44cc899adea72f1.pem b/test/testdata/chains/004.3ee62cb678014c14d22ebf96f44cc899adea72f1.pem new file mode 100644 index 0000000..2affd7a --- /dev/null +++ b/test/testdata/chains/004.3ee62cb678014c14d22ebf96f44cc899adea72f1.pem @@ -0,0 +1,50 @@ +SHA1 Fingerprint=3E:E6:2C:B6:78:01:4C:14:D2:2E:BF:96:F4:4C:C8:99:AD:EA:72:F1 +Timestamp: 1364288520513 +Leafhash: F1BB1CD704EDFE2A37AB1FFD4EFB9E523F9F7227E945B06C18F52BF270729314 +-----BEGIN CERTIFICATE----- +MIIE0jCCA7qgAwIBAgIEAP3y5DANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJLUjEcMBoGA1UE +CgwTR292ZXJubWVudCBvZiBLb3JlYTENMAsGA1UECwwER1BLSTEUMBIGA1UEAwwLQ0ExMzQwNDAw +MDEwHhcNMTExMTAxMDQ1ODAwWhcNMTQwMjAxMDQ1NzU5WjCBmjELMAkGA1UEBhMCS1IxHDAaBgNV +BAoME0dvdmVybm1lbnQgb2YgS29yZWExGDAWBgNVBAsMD0dyb3VwIG9mIFNlcnZlcjEeMBwGA1UE +CwwV6rWQ7Jyh6rO87ZWZ6riw7Iig67aAMRgwFgYDVQQDDA93d3cuYmVyZWEuYWMua3IxGTAXBgNV +BAMMEGhha3NhLmJpdHMuYWMua3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALLf+nRKv05O +fUAfobmxtuMuh+ZLXZeBM141nN0K8H3KN3BiqYqOONe7bbAreiz0p42Ul4rhL1FOwwNcvVf4nXBo +wfu+Hiwp3WrD8ef8CJc3LywzJyq5fQ4MT0xYQYu1J4icv1SXacvXbSPwHK3Brt2JHxOpfzeVnh4T +TAYRV3ZfAgMBAAGjggHrMIIB5zBnBggrBgEFBQcBAQRbMFkwVwYIKwYBBQUHMAKGS2xkYXA6Ly9s +ZGFwLmVwa2kuZ28ua3I6Mzg5L2NuPUdQS0lSb290Q0Esb3U9R1BLSSxvPUdvdmVybm1lbnQgb2Yg +S29yZWEsYz1LUjCBhgYDVR0jBH8wfYAU+nIEA5n96tt8UN2+5XKk0nclFcihU6RRME8xCzAJBgNV +BAYTAktSMRwwGgYDVQQKDBNHb3Zlcm5tZW50IG9mIEtvcmVhMQ0wCwYDVQQLDARHUEtJMRMwEQYD +VQQDDApHUEtJUm9vdENBghBH/vYAAgeG2AGSNf+eSiACMB0GA1UdDgQWBBSM7j+3kdc2M6QCR5H+ +xdNdfh2cEzALBgNVHQ8EBAMCBaAwDAYDVR0TBAUwAwEB/zAoBgNVHSUEITAfBggrBgEFBQcDAQYI +KwYBBQUHAwIGCWCGSAGG+EIEATB8BgNVHR8EdTBzMHGgb6BthmtsZGFwOi8vbGRhcC5lcGtpLmdv +LmtyOjM4OS9vdT1kcDFwMjA1NTYsb3U9Q1JMLG91PUdQS0ksbz1Hb3Zlcm5tZW50IG9mIEtvcmVh +LGM9a3I/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDARBglghkgBhvhCAQEEBAMCBsAwDQYJKoZI +hvcNAQEFBQADggEBAC14Ht+BTjUGTgeG0Q5C5Bdj2RqewI4asd8UPTkXf0N+Tg7VhR3f1bfyHnsX +Zx8Dbdzij0dMD7NlMur5I1LKYTKMYruAxEPULLMhp9qsQX2i91t8s+uRYxcPWqK96DoRoeLJCpmQ +D338GwoUsy+vy43K4urJnCLnEe/ZtWFD+XMIux89T7DglieBA4+PkUhsD3QA0Pd+l15Kx2RFh4os +fX3IfKundxzJ0jQ4OzyeV/2NjyRb2GZQlJUuA9On+8EobU4nwDKJCv3MmsjlFFUa3TQk/n3JusRl +Iwu3vNPWc3mqoWbF61oF/0aNPmsf17vLRCDOfDsEcufz1ZPQa02dpDY= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIEXjCCA0agAwIBAgIQR/72AAIHhtgBkjX/nkogAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQG +EwJLUjEcMBoGA1UECgwTR292ZXJubWVudCBvZiBLb3JlYTENMAsGA1UECwwER1BLSTETMBEGA1UE +AwwKR1BLSVJvb3RDQTAeFw0wODA2MDkxNDA5MjFaFw0xODA2MDkxNDA5MjFaMFAxCzAJBgNVBAYT +AktSMRwwGgYDVQQKDBNHb3Zlcm5tZW50IG9mIEtvcmVhMQ0wCwYDVQQLDARHUEtJMRQwEgYDVQQD +DAtDQTEzNDA0MDAwMTCCASEwDQYJKoZIhvcNAQEBBQADggEOADCCAQkCggEAZvDlMT1PwNhEkeB5 +WvvyCrQXf10ah2jWNDq3A86IEHOVRB3sNoABgkCHue70jIa/EI9PRpdoouPYdR+DJPkFS9QLizlg +krPCNQhJqr7vuXQd/JV2OFhKhsrlIrKZaB1FU0ndJmzezZUZZxBfsBz6LAjRZn4EVPPqQY+DR7fS +rgh8h6yGPMhMtV8aADTpMkLmnfSjYJKsY4NTYheBsXQ7kr2d3CK5a7Sn3Nze4TvC05DyctpTWPJN +yFOx8Ahyi0dVg77mNNx4uPXQhlip4n4pV4ibLlVw+O9E9/7lUDG31yH/wgSl4ukwcQjHHXI2dadv +P2M63tjdHXfZVHBHY3IgKwIDAQABo4IBNDCCATAwHwYDVR0jBBgwFoAUFmcy9GheaDFH2+3szmEu +miRGxH0wHQYDVR0OBBYEFPpyBAOZ/erbfFDdvuVypNJ3JRXIMA4GA1UdDwEB/wQEAwIBBjBPBgNV +HSAESDBGMAwGCiqDGoaNIQUDAQMwDAYKKoMaho0hBQMBATAMBgoqgxqGjSEFAwEHMAwGCiqDGoaN +IQUDAQkwDAYKKoMaho0hBQMBBTASBgNVHRMBAf8ECDAGAQH/AgEAMHkGA1UdHwRyMHAwbqBsoGqG +aGxkYXA6Ly9jZW4uZGlyLmdvLmtyOjM4OS9jbj1HUEtJUm9vdENBLG91PUdQS0ksbz1Hb3Zlcm5t +ZW50IG9mIEtvcmVhLGM9S1I/YXV0aG9yaXR5UmV2b2NhdGlvbmxpc3Q7YmluYXJ5MA0GCSqGSIb3 +DQEBBQUAA4IBAQAhagazxtMY+p+i1F/OyJJ0kwZU8PrKISJUZMpBxMaZpfCzUWSnaO9Ha6SPnqm8 +gE71ZJV+KUj6ll6YL3VExaGU2YPpNUzbo4mFuTP5QBo+d18sEZAIsKPAG2ZXw1wUBx51jduMBWGY +o43JFS+XPlrxrYULPobprudrqTt+EffG++hey18VBk/mPubyovFlMZ74esV96IenJvGxMNhsS+U+ +RIE1QoLDscJrlenmjctbowNZ8pq91MJw6V8OG0w9ELVQMt98uidzU2fzF4W0XxHiIlZBtp6imOZx +Q+xtCiJd0/S/jpEoHBU9ZEJrBRolRMdvf5Oh2qTLeowZU17RtC8T +-----END CERTIFICATE----- diff --git a/test/testdata/chains/005.6969562e4080f424a1e7199f14baf3ee58ab6abb.pem b/test/testdata/chains/005.6969562e4080f424a1e7199f14baf3ee58ab6abb.pem new file mode 100644 index 0000000..e9d0c33 --- /dev/null +++ b/test/testdata/chains/005.6969562e4080f424a1e7199f14baf3ee58ab6abb.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ +FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F +uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX +kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs +ewv4n4Q= +-----END CERTIFICATE----- diff --git a/test/testdata/chains/5.96974cd6b663a7184526b1d648ad815cf51e801a.pem b/test/testdata/chains/006.96974cd6b663a7184526b1d648ad815cf51e801a.pem index 4b0bcf5..4b0bcf5 100644 --- a/test/testdata/chains/5.96974cd6b663a7184526b1d648ad815cf51e801a.pem +++ b/test/testdata/chains/006.96974cd6b663a7184526b1d648ad815cf51e801a.pem diff --git a/test/testdata/chains/007.cb0d9182ec62dfef2f233441335f32667a5ce85b.pem b/test/testdata/chains/007.cb0d9182ec62dfef2f233441335f32667a5ce85b.pem new file mode 100644 index 0000000..2fca29e --- /dev/null +++ b/test/testdata/chains/007.cb0d9182ec62dfef2f233441335f32667a5ce85b.pem @@ -0,0 +1,89 @@ +-----BEGIN CERTIFICATE----- +MIIFXjCCBEagAwIBAgICBx0wDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCREUxDzANBgNVBAoM +BkdBRCBFRzERMA8GA1UECwwIVlIgSURFTlQxHTAbBgNVBAMMFFZSIElERU5UIFNTTCBDQSAyMDA5 +MB4XDTEzMDQwNDA4NDcxNFoXDTE0MDUwNDIxNTk1OVowgZUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI +DAZCQVlFUk4xETAPBgNVBAcMCE1VRU5DSEVOMSwwKgYDVQQKDCNERVVUU0NIRVIgR0VOT1NTRU5T +Q0hBRlRTLVZFUkxBRyBFRzEYMBYGA1UECwwPRElBTE9HTUFSS0VUSU5HMRowGAYDVQQDDBFXV1cu +R0VOTy1MT0dJTi5ERTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbXt0nKG39wuCkg +XkxtxNnvsAFxlLjJdbp9JpXJOtPSGqTK2c8x5jGCgsD4krDAcbBzVSWTMCkpwyL4Wq+pwhgTcZX2 +Ozuipsj5vGNNtSWgx46y8qOKaaQZAaJhXkuIH3uSXOqYz7iUymDyXUrw08itQJLCvMkY0Sici5sZ +XNX7tZS91ltLjq/oOFE945Do6DmDrMqIkqf1aQJ+Z2eXoEvoeoZf6dEFxWK39M0fmLhEsyf1K7Nu +6f4Eea/UUDdnNOV7Szs1O8zPzpb53rXvbyfWLWZ1sOsZkUo6tItGuQFWqj8x2Z+m8GjVpgh/hHsd +HY0wGUXzjpChLcV2S/84Kz0CAwEAAaOCAfowggH2MGYGCCsGAQUFBwEBBFowWDBWBggrBgEFBQcw +AYZKaHR0cDovL29jc3AudnItaWRlbnQuZGUvZ3Rub2NzcC9PQ1NQUmVzcG9uZGVyL1ZSJTIwSWRl +bnQlMjBTU0wlMjBDQSUyMDIwMDkwgZIGA1UdIwSBijCBh4AiUFJPRC5HVE4uRVhTU0xDQS5TSUdH +RU5SUy4wMDAwMTYwMKFepFwwWjELMAkGA1UEBhMCREUxDzANBgNVBAoTBkdBRCBlRzERMA8GA1UE +CxMIVlIgSURFTlQxJzAlBgNVBAMTHlZSIElERU5UIEVYVEVSTkFMIFJPT1QgQ0EgMjAwOYIBAjCB +sgYDVR0fBIGqMIGnME2gS6BJhkdodHRwOi8vd3d3LnZyLWlkZW50LmRlL2d0bmNybC9DUkxSZXNw +b25kZXIvVlIlMjBJZGVudCUyMFNTTCUyMENBJTIwMjAwOTBWolSkUjBQMQswCQYDVQQGEwJERTEP +MA0GA1UECgwGR0FEIEVHMREwDwYDVQQLDAhWUiBJREVOVDEdMBsGA1UEAwwUVlIgSURFTlQgU1NM +IENBIDIwMDkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBQygVXLjfIZAVbUPQH/WYD7yYA+0TAT +BgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEAJdYUSflPqF47cCpCb3E7TKhQ +YAouGo3/0nEecjgaCBkV3Z5O0KkNqKctpxH+1JO6rrT8O8+qZph+MCxYl3YVXDyrqXVdq2bMbN/h +rUx2WCJYyz0g71rSJyBFALwSDSTh6fLEBQmuG45MOcvCe/rwwM8qI/C/PAmSzuxwCQ53mdpmiNP5 +5IJzhHjzGTB0hLM1VCGhDWhz4gCcR0gOok3dT1S4wxln5TUTSC2r97oe6olmLWtwG5g+svKtov/b +7YDRSY4bwuIpY95GHMArmsIc3ceNQe5QKsBsEYgZPAh6yti2mcPIoVQltKJrQk4YcXAhOI+eeX5e +e6zSirwDBbDMsQ== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIEZzCCA1GgAwIBAgIBAjALBgkqhkiG9w0BAQUwWjELMAkGA1UEBhMCREUxDzANBgNVBAoTBkdB +RCBlRzERMA8GA1UECxMIVlIgSURFTlQxJzAlBgNVBAMTHlZSIElERU5UIEVYVEVSTkFMIFJPT1Qg +Q0EgMjAwOTAeFw0wOTA5MDExMzQzNThaFw0xNjA4MDUxNzMwNDNaMFAxCzAJBgNVBAYTAkRFMQ8w +DQYDVQQKDAZHQUQgRUcxETAPBgNVBAsMCFZSIElERU5UMR0wGwYDVQQDDBRWUiBJREVOVCBTU0wg +Q0EgMjAwOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkkUOLwvOHMwNf7OCp9V688 +5K+YHKD74mswf3p0y8QcmA5g/6jbExXbfLH8X2iuKDbFJGJ6lEoFnyK+ZEE4aHIIlsZXjBWVqSuT +mA2QXTMCX4lQB0uTEMbkp8l9VJZOcwnp56/422+B+V/PQE4IWTbbIa46MVpiS0LpYU5dyzdlwScF +yV8uH1IRhJkC05/7o4MrsqxsN9ZU9KI2ezo6oyJwEEfpbsqsGm50f8wwHtIzuNMnOkg6ZLIp1+bw +ezclGnpwaYAcAUUbJLjD1BjXDlopVR7trlgrrCH/ZJ5/x1z/Dxq4wXXeY6SY7MAAECg6o4fmSeK+ +hE2pdY7qNzDJWJMCAwEAAaOCAUQwggFAMGYGCCsGAQUFBwEBBFowWDBWBggrBgEFBQcwAYZKaHR0 +cDovL29jc3AudnItaWRlbnQuZGUvZ3Rub2NzcC9PQ1NQUmVzcG9uZGVyL1ZSJTIwSWRlbnQlMjBT +U0wlMjBDQSUyMDIwMDkwLgYDVR0jBCcwJYAjUFJPRC5HVE4uRVhST09UQ0EuU0lHR0VOUlMuMDAw +MDE2MDAwDwYDVR0TAQH/BAUwAwEB/zBYBgNVHR8EUTBPME2gS6BJhkdodHRwOi8vd3d3LnZyLWlk +ZW50LmRlL2d0bmNybC9DUkxSZXNwb25kZXIvVlIlMjBJZGVudCUyMFNTTCUyMENBJTIwMjAwOTAO +BgNVHQ8BAf8EBAMCAYYwKwYDVR0OBCQEIlBST0QuR1ROLkVYU1NMQ0EuU0lHR0VOUlMuMDAwMDE2 +MDAwCwYJKoZIhvcNAQEFA4IBAQARXS47O/pO2QPLWV5bBey+x8Qc6EnkdzNyZRbniAa4ZRwoNFWH +ZUuBO9BpyJ5Ej2MLpERrVdD62N8r1HCBWDI53dotZz2CrfLTxHWhpXE11G/f48aTi57pIS/Wi1iX +IJNF67jf5q6WJrIcDkFJaOP/Sv4k3AGNdYBGtVHqOQf/zm/VEmCOsSLxndd8ql+1WDL0eNXXbQRM +l7HgOy7UH9xU/uzd2cg2peTKs6IhUy/Xmt3+ogJm8dxP8r4Cr7EqQGvMV7qclkrLqaVa1LOPBa3j +XWO4s7U1YXmdUIGAW/BAf6PRh/mjX9AEX5RpvrIJ8rjqzTgn1tQl+tyW6g8wrHlE +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIETDCCA7WgAwIBAgIEBydInjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJVUzEYMBYGA1UE +ChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIElu +Yy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEdsb2JhbCBSb290MB4XDTA5MDgwNTE3MzEzMVoX +DTE2MDgwNTE3MzA0M1owWjELMAkGA1UEBhMCREUxDzANBgNVBAoTBkdBRCBlRzERMA8GA1UECxMI +VlIgSURFTlQxJzAlBgNVBAMTHlZSIElERU5UIEVYVEVSTkFMIFJPT1QgQ0EgMjAwOTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKeQvkjveaO0Rz7TBwrFMa/4zNg8spAAZA1dJy9vjbee +BK1jB8+wUD7/N2MMGmTM4wsot9962nyYsoss3OcJAHjpU2gfgtYydz+qEheA4P1SxUuyY9l2AT/S +HKkLOB7uKrR9nMWYau9e8Z/rbniwDuN0RO3qwThS1xy5glViyWZZH7N8kMuqsWrlesq6Gg5q06yt +3xFzt0+zFyAKjcbBnHxMZ97Ll56lhsZ1e4frbuT5uH/AsB8zq6moqXGgfrKOGgrX40xwDSBP6pDM +EEQhMFBpuvsn8zqaGzy4zDyq2sODe88f0UF97Svt8SE6lS2TmbrJzILGgYt88QCEQZNh70UCAwEA +AaOCAX4wggF6MBIGA1UdEwEB/wQIMAYBAf8CAQEwUwYDVR0gBEwwSjBIBgkrBgEEAbE+AQAwOzA5 +BggrBgEFBQcCARYtaHR0cDovL2N5YmVydHJ1c3Qub21uaXJvb3QuY29tL3JlcG9zaXRvcnkuY2Zt +MA4GA1UdDwEB/wQEAwIBhjCBiQYDVR0jBIGBMH+heaR3MHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQK +Ew9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5j +LjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJvb3SCAgGlMEUGA1UdHwQ+MDwwOqA4 +oDaGNGh0dHA6Ly93d3cucHVibGljLXRydXN0LmNvbS9jZ2ktYmluL0NSTC8yMDE4L2NkcC5jcmww +LAYDVR0OBCUEI1BST0QuR1ROLkVYUk9PVENBLlNJR0dFTlJTLjAwMDAxNjAwMA0GCSqGSIb3DQEB +BQUAA4GBAIBqVFa9Y7EtnJTRyiLS5ShQM+3BBSJIOz+mxxv3ir7/AAK66yop5aKcUVlvx9kJQ+O5 +nbqhSQlyqsYCJLyH1Ay2LOV/Jjc1vHDbpGEhsup+24tPM9+kubQazh+8xgHgZN2JxCFHpqYurwPI +JTJ0IpQNX3EiqFgfd4IuiY4u+Y3j +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9HVEUg +Q29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5jLjEjMCEG +A1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJvb3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEz +MjM1OTAwWjB1MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQL +Ex5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0 +IEdsb2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrHiM3dFw4u +sJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTSr41tiGeA5u2ylc9yMcql +HHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X404Wqk2kmhXBIgD8SFcd5tB8FLztimQID +AQABMA0GCSqGSIb3DQEBBAUAA4GBAG3rGwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMW +M4ETCJ57NE7fQMh017l93PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OF +NMQkpw0PlZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/ +-----END CERTIFICATE----- + + diff --git a/test/testdata/chains/008.97eea3ff4bc293adb9de14a8fcf915804b4f026a.pem b/test/testdata/chains/008.97eea3ff4bc293adb9de14a8fcf915804b4f026a.pem new file mode 100644 index 0000000..6b88b0c --- /dev/null +++ b/test/testdata/chains/008.97eea3ff4bc293adb9de14a8fcf915804b4f026a.pem @@ -0,0 +1,87 @@ +-----BEGIN CERTIFICATE----- +MIIGxTCCBa2gAwIBAgIQCxFta0HqQmeJFiuJSXo7gDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUw +IwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTEzMDkxMzAwMDAwMFoXDTE0 +MDkxODEyMDAwMFowgYExCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xDzANBgNVBAcT +BlJhY2luZTEgMB4GA1UEChMXVHdpbiBEaXNjLCBJbmNvcnBvcmF0ZWQxEjAQBgNVBAsTCUNvcnBv +cmF0ZTEXMBUGA1UEAwwOKi50d2luZGlzYy5jb20wggEhMA0GCSqGSIb3DQEBAQUAA4IBDgAwggEJ +AoIBALVeexMOuUpRrjhs9hfQm7zHVr30YUPmm1aa/LWjC795NwdTdhUYQzEqBjUagD5WaqBcrJET +1oZ3ygeTVuxj3CYbsDd1ysgtR0Dku0FCKbpQylZQY/6Ez3VH/0cSMb0kr53sY9ftd+n+h3e8lEvR +KDUEYKfALY8rmCdqTSNIIXSJpWHjfL9IHsCvzrOjwHukPnpKmVMXfCAqptiHBUzdihddnM0LhnLb +vQott6KqcLXm84TxoC0ORdbulfpKAMwG1xNUD6DBONEVS7KjIGxJrNqHFongvSCSDsYQU271scen +eVoESGxMFDzJr2QYe0CCq6COF/Q4hRwHZPpxiNBQv/cCAwEAAaOCA1IwggNOMB8GA1UdIwQYMBaA +FFDqc4nbKfsQj57lASDU3nmZSIP3MB0GA1UdDgQWBBT8YtDCALtftoQt43QQ7Qoj2fMPRjAnBgNV +HREEIDAegg4qLnR3aW5kaXNjLmNvbYIMdHdpbmRpc2MuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNV +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0fBFowWDAqoCigJoYkaHR0cDovL2NybDMu +ZGlnaWNlcnQuY29tL2NhMy1nMjQuY3JsMCqgKKAmhiRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20v +Y2EzLWcyNC5jcmwwggHEBgNVHSAEggG7MIIBtzCCAbMGCWCGSAGG/WwBATCCAaQwOgYIKwYBBQUH +AgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggr +BgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABp +AGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMA +ZQAgAG8AZgAgAHQAaABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAg +AHQAaABlACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAA +dwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEAcgBl +ACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUA +cgBlAG4AYwBlAC4wewYIKwYBBQUHAQEEbzBtMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp +Y2VydC5jb20wRQYIKwYBBQUHMAKGOWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2Vy +dEhpZ2hBc3N1cmFuY2VDQS0zLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQA1 +qAE+6nL92rvilZrGKwgPPl8AHzxAg8Ghlex5FTIUfqj+1GvCHpK3g1RhgNiZ8PTqKDeQlt8D9smr +HXhq9Tzc4KbWuXhPojsEZuWc0mX2zhRJEB8MpJq0cmgtoeq/oPIhICY+5DcyUhVzUSusd24068Ps +QUbBTeBq5taXRKKoI2M6fPONWLJaLwapConAzx5VSr8avcoWF35H0Xt+9LuZIioktmlqD+0cd0np +JBacoVkM6MSyLHxXGZymF9BbQkWlrnD/mGBufUZuP5XHynSG2iRA9EGS2X/5i+3/4qOE9S8vmoA6 +DEXE2FCEteD9gJRi5BBFCmEIUSzFTl1Efhk5 +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIGWDCCBUCgAwIBAgIQCl8RTQNbF5EX0u/UA4w/OzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw +KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA4MDQwMjEyMDAw +MFoXDTIyMDQwMzAwMDAwMFowZjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ +MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTElMCMGA1UEAxMcRGlnaUNlcnQgSGlnaCBBc3N1cmFu +Y2UgQ0EtMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9hCikQH17+NDdRCPge+yLt +Yb4LDXBMUGMmdRW5QYiXtvCgFbsIYOBC6AUpEIc2iihlqO8xB3RtNpcvKEZmBMcqeSZ6mdWOw21P +oF6tvD2Rwll7XjZswFPPAAgyPhBkWBATaccM7pxCUQD5BUTuJM56H+2MEb0SqPMV9Bx6MWkBG6fm +XcCabH4JnudSREoQOiPkm7YDr6ictFuf1EutkozOtREqqjcYjbTCuNhcBoz4/yO9NV7UfD5+gw6R +lgWYw7If48hl66l7XaAszPw82W3tzPpLQ4zJ1LilYRyyQLYoEt+5+F/+07LJ7z20Hkt8HEyZNp49 +6+ynaF4d32duXvsCAwEAAaOCAvowggL2MA4GA1UdDwEB/wQEAwIBhjCCAcYGA1UdIASCAb0wggG5 +MIIBtQYLYIZIAYb9bAEDAAIwggGkMDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3LmRpZ2ljZXJ0LmNv +bS9zc2wtY3BzLXJlcG9zaXRvcnkuaHRtMIIBZAYIKwYBBQUHAgIwggFWHoIBUgBBAG4AeQAgAHUA +cwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAGMAbwBuAHMAdABp +AHQAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkA +QwBlAHIAdAAgAEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQ +AGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwA +aQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBk +ACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMBIGA1UdEwEB/wQIMAYB +Af8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j +b20wgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0 +SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t +L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDAfBgNVHSMEGDAWgBSxPsNpA/i/RwHU +mCYaCALvY2QrwzAdBgNVHQ4EFgQUUOpzidsp+xCPnuUBINTeeZlIg/cwDQYJKoZIhvcNAQEFBQAD +ggEBAB7ipUiebNtTOA/vphoqrOIDQ+2avD6OdRvw/S4iWawTwGHi5/rpmc2HCXVUKL9GYNy+USyS +8xuRfDEIcOI3ucFbqL2jCwD7GhX9A61YasXHJJlIR0YxHpLvtF9ONMeQvzHB+LGEhtCcAarfilYG +zjrpDq6XdF3XcZpCdF/ejUN83ulV7WkAywXgemFhM9EZTfkI7qA5xSU1tyvED7Ld8aW3DiTEJiiN +eXf1L/BXunwH1OH8zVowV36GEEfdMR/X/KLCvzB8XSSq6PmuX2p0ws5rs0bYIb4p1I5eFdZCSucy +b6Sxa1GDWL4/bcf72gMhy2oWGU4K8K2Eyl2Us1p292E= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw +KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw +MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ +MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu +Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t +Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS +OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3 +MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ +NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe +h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY +JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ +V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp +myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK +mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K +-----END CERTIFICATE----- + + diff --git a/test/testdata/chains/009.29dcb4c215b563e71d615cae5f5a57dbfc2c2871.pem b/test/testdata/chains/009.29dcb4c215b563e71d615cae5f5a57dbfc2c2871.pem new file mode 100644 index 0000000..5da5ef8 --- /dev/null +++ b/test/testdata/chains/009.29dcb4c215b563e71d615cae5f5a57dbfc2c2871.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIDBTCCAm6gAwIBAgIDCIjoMA0GCSqGSIb3DQEBBAUAMIHEMQswCQYDVQQGEwJaQTEVMBMGA1UE +CBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25z +dWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYD +VQQDExBUaGF3dGUgU2VydmVyIENBMSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3Rl +LmNvbTAeFw0wMjAxMjUxMzQ2MjFaFw0wMzAxMjUxMzQ2MjFaMIGiMQswCQYDVQQGEwJERTEMMAoG +A1UECBMDTlJXMQ8wDQYDVQQHEwZBYWNoZW4xRzBFBgNVBAoWPnRlYW0gaW4gbWVkaWFzIGdlc2Vs +bHNjaGFmdCBm/HIgbXVsdGltZWRpYWxlIGtvbW11bmlrYXRpb24gbWJIMQ8wDQYDVQQLEwZBYWNo +ZW4xGjAYBgNVBAMTEWltYWlsLmlubWVkaWFzLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQC73OnDMoVrurUCrgOmbBnGZKoNLRV++LPbSlxH1joI0WlheRr/bkxf3oyfgJWWFSiltkAaj5M2 +ODWQbZ9sJSUW/54A3r90oHVuu4RxjMU66GwuiZXr8zNMzkpBhSAtrCJPCHJ0tYh7PLvjHSAugvu2 +9DDLrjXoHtu33EATi1ny9wIDAQABoyUwIzATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E +AjAAMA0GCSqGSIb3DQEBBAUAA4GBAJcYvfKP2JNdn3m4wRg+uWxGgXc1vgcDNNtRLlFTo7zvXMTa +FZQ3Wx6KPRkdZFCWIm29mVlUJ7r9EaaPlEuJAh0FLmWGlTsxYB0jtOKBC3WwEOa5ZAwrz965rAxD +P98UK9+WZ/jqynERXcQvJcxn0lcMFr1d9fnQTXLNtQueM6BJ +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT +DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3Vs +dGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UE +AxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5j +b20wHhcNOTYwODAxMDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNV +BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29u +c3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcG +A1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0 +ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl +/Kj0R1HahbUgdJSGHg91yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg7 +1CcEJRCXL+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGjEzAR +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG7oWDTSEwjsrZqG9J +GubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6eQNuozDJ0uW8NxuOzRAvZim+aKZuZ +GCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZqdq5snUb9kLy78fyGPmJvKP/iiMucEc= +-----END CERTIFICATE----- + + diff --git a/test/testdata/chains/010.2cf11ca183130b3ea882cbe2b620cc83bc8e4a6a.pem b/test/testdata/chains/010.2cf11ca183130b3ea882cbe2b620cc83bc8e4a6a.pem new file mode 100644 index 0000000..4200803 --- /dev/null +++ b/test/testdata/chains/010.2cf11ca183130b3ea882cbe2b620cc83bc8e4a6a.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAuqgAwIBAgIQIsWFzBD0GDkG+p8oIxaD6DANBgkqhkiG9w0BAQUFADCBzjELMAkGA1UE +BhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQK +ExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBE +aXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkB +FhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29tMB4XDTA5MDgwNjAwMDAwMFoXDTEyMDgyMzIzNTk1 +OVowgYQxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhLZW50dWNreTETMBEGA1UEBxMKTG91aXN2aWxs +ZTEWMBQGA1UEChMNSEVQQXJ0cywgSW5jLjEbMBkGA1UECxMSV2ViIEFkbWluaXN0cmF0aW9uMRgw +FgYDVQQDEw93d3cuSEVQQXJ0cy5jb20wgaAwDQYJKoZIhvcNAQEBBQADgY4AMIGKAoGAVk8R3cq8 +FFr39vPzHBRM7vffaz/XHSZu9prSRkzw8u99qsby9gDPVWougR6a0osPf4t9HwNVPirJohX2IXz/ +Tka8I4Ba7fcWWOImQQXvMF756Qsg0iDkFdPo7jgWYFrcxtHMzgRAQSUKE6gZRNx6xJ4W/B1djQS7 +JT3VVtTpvmUCBQCkj/mHo4GmMIGjMAwGA1UdEwEB/wQCMAAwQAYDVR0fBDkwNzA1oDOgMYYvaHR0 +cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVNlcnZlclByZW1pdW1DQS5jcmwwHQYDVR0lBBYwFAYI +KwYBBQUHAwEGCCsGAQUFBwMCMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29j +c3AudGhhd3RlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQDMJdmHnzSMrQ/zDpgwelwk4E1vwieSxGJW +3ELtaA5uU15CaVNKvu9Zk0aPXVD+JEWNjXO2ZXs0xLBgKyeMMUZUL4CCASCQsaAKyvsi0wMi2l2K +5v6VzfOnwKLevRDlLV7t++r0QWutXtbU85/Hq5ba2orUYiNauv5v9CK6s4IaAg== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkExFTATBgNVBAgT +DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3Vs +dGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UE +AxMYVGhhd3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZl +ckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYT +AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU +VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2 +aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3DQEJARYZ +cHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2 +aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIh +Udib0GfQug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMRuHM/ +qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAm +SCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUIhfzJATj/Tb7yFkJD57taRvvBxhEf +8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JMpAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7t +UCemDaYj+bvLpgcUQg== +-----END CERTIFICATE----- + + diff --git a/test/testdata/chains/011.7c2d41564b256f4115e646f71387aa9e1aaa0f56.pem b/test/testdata/chains/011.7c2d41564b256f4115e646f71387aa9e1aaa0f56.pem new file mode 100644 index 0000000..9bc2446 --- /dev/null +++ b/test/testdata/chains/011.7c2d41564b256f4115e646f71387aa9e1aaa0f56.pem @@ -0,0 +1,80 @@ +-----BEGIN CERTIFICATE----- +MIIFpjCCBI6gAwIBAgIIjK0t3AAANcYwDQYJKoZIhvcNAQEFBQAwXjELMAkGA1UEBhMCS1IxEjAQ +BgNVBAoMCUNyb3NzQ2VydDEVMBMGA1UECwwMQWNjcmVkaXRlZENBMSQwIgYDVQQDDBtDcm9zc0Nl +cnQgQ2xhc3MgMSBTZXJ2ZXIgQ0EwHhcNMTIxMTA5MDc0NjAwWhcNMTMxMTExMTQ1OTU5WjBwMQsw +CQYDVQQGEwJLUjESMBAGA1UECgwJQ3Jvc3NDZXJ0MRUwEwYDVQQLDAxBY2NyZWRpdGVkQ0ExDDAK +BgNVBAsMA1NTTDEMMAoGA1UECwwDMDAxMRowGAYDVQQDDBF3d3cuZ2V0ZmlsZS5jby5rcjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ6VG9Dvx5t1iL1rjyfX36/yqj2+xfpxtDaXueoD +qRoMSJBmVZiio2VX/mfcbSTUJH3XoEjBkPzjKDMouvCBF8AhGPUX6HnaeTRtxejTdoqYP4SaxT7Q +2CUJFtqQ4PI+QOyA4DMTUNMNFv3ZRemrJKk0YluL+sNcy12su58QNmAmsVjjTVmQtPs+mE28E2vP +yJ2Ze472wYnJOs2giWo16ewahd0swoeowcVRFOnRMXCXIsgiMn0Bv97As7eS4xv1dFmKfEmNCQPm ++X4qmLZFlIw9SGO1TPS/wDblXvsqb6VH2JnL7qv+j2cn3frv/T57UFnSLTXGIKrb13Lo6nmjah0C +AwEAAaOCAlQwggJQMIGPBgNVHSMEgYcwgYSAFG24/5Jcsb/pSXgxfIB1wGIQS704oWikZjBkMQsw +CQYDVQQGEwJLUjENMAsGA1UECgwES0lTQTEuMCwGA1UECwwlS29yZWEgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkgQ2VudHJhbDEWMBQGA1UEAwwNS0lTQSBSb290Q0EgMYICJ4cwHQYDVR0OBBYEFLCn +RDny9eLbgtg6lumkKmesw5TzMA4GA1UdDwEB/wQEAwIFoDB7BgNVHSAEdDByMHAGCSqDGoyaRAUE +BjBjMC0GCCsGAQUFBwIBFiFodHRwOi8vZ2NhLmNyb3NzY2VydC5jb20vY3BzLmh0bWwwMgYIKwYB +BQUHAgIwJh4kx3QAIMd4yZ3BHLKUACDG+cEcvIQAIMd4yZ3BHMeFssiy5AAuMH8GA1UdHwR4MHYw +dKByoHCGbmxkYXA6Ly9zc2xkaXIuY3Jvc3NjZXJ0LmNvbTozODkvY249czFkcDZwMSxvdT1jcmxk +cCxvdT1BY2NyZWRpdGVkQ0Esbz1Dcm9zc0NlcnQsYz1LUj9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M +aXN0MIGOBggrBgEFBQcBAQSBgTB/MH0GCCsGAQUFBzAChnFsZGFwOi8vc3NsLmNyb3NzY2VydC5j +b206Mzg5L2NuPUNyb3NzQ2VydCBDbGFzcyAxIFNlcnZlciBDQSxvdT1BY2NyZWRpdGVkQ0Esbz1D +cm9zc0NlcnQsYz1LUj9jQUNlcnRpZmljYXRlO2JpbmFyeTANBgkqhkiG9w0BAQUFAAOCAQEA1t7F +EWpwXWm4TULUIHbV1HhDLXqjav1ybE7KzTye3/bTGpvzzy7DdMs0ppgLSXOT2ADhE4bWabh1VVAE +eqniqsg0iui5IpFquA6lKHOmqyh+IoCOza83ovx7f+Ku8M6enYcDgaWindw88eWl0dYsukp5p2F9 +GSFnk+b3SAdAZ5gDvp0BFZ0dBEV0Bn8rQFFiju740WEaEobGFBTfhXDE+Znk2x5UErwyxqEO2R3i +I7Og79SXTy9Pygmin+A5KD+2yiJqxhDKuck2nmLmNSja81tO3CyLagfiNewCefg05dUExXTwFncY +eiRkIBn8s1lL9zhzY55XoduTw40BR7rn4w== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIGHjCCBQagAwIBAgICJ4cwDQYJKoZIhvcNAQEFBQAwZDELMAkGA1UEBhMCS1IxDTALBgNVBAoM +BEtJU0ExLjAsBgNVBAsMJUtvcmVhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IENlbnRyYWwxFjAU +BgNVBAMMDUtJU0EgUm9vdENBIDEwHhcNMTAwNzMwMDcxMTM0WhcNMjAwNzMwMDcxMTM0WjBeMQsw +CQYDVQQGEwJLUjESMBAGA1UECgwJQ3Jvc3NDZXJ0MRUwEwYDVQQLDAxBY2NyZWRpdGVkQ0ExJDAi +BgNVBAMMG0Nyb3NzQ2VydCBDbGFzcyAxIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAODF0o/q0AUTtbuc2AL8q4SZ2PP0MPfYGs8sWCnIOnQGdY4BOfK85CKgZGaiE14W +E/AZvxYuSSIkuy4lH4k6+MPbiKTk1UGLLdM5Xi0NYLR9/zs2OrfwFKEpjH0mSBXjoZk8ioqDRED6 +kkkzt9WOHIRqz7RqmJP9typp7NQVRKwQWP77Ny2yJlevlz0l2rhdd+4F2HNgDNjXxuda2Ivis1Ws +O6LlrS/KFbz9o9QJ0yy7k7nCVISwPABPWZTz/Zzxd2fNGhPQF4dV9uOnIfi1sKbvWabTPJctPB54 +3mtH3tpEnlpOsaGxegEGsUqYBFHx6IvvfDDbE4pm+pg4AeZ6nRMCAwEAAaOCAt4wggLaMIGOBgNV +HSMEgYYwgYOAFL+2J9gDWnZlTGEBQVYx5Yt7OtnMoWikZjBkMQswCQYDVQQGEwJLUjENMAsGA1UE +CgwES0lTQTEuMCwGA1UECwwlS29yZWEgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgQ2VudHJhbDEW +MBQGA1UEAwwNS0lTQSBSb290Q0EgMYIBBDAdBgNVHQ4EFgQUbbj/klyxv+lJeDF8gHXAYhBLvTgw +DgYDVR0PAQH/BAQDAgEGMIIBLgYDVR0gBIIBJTCCASEwggEdBgRVHSAAMIIBEzAwBggrBgEFBQcC +ARYkaHR0cDovL3d3dy5yb290Y2Eub3Iua3IvcmNhL2Nwcy5odG1sMIHeBggrBgEFBQcCAjCB0R6B +zsd0ACDHeMmdwRyylAAgrPXHeMd4yZ3BHMeFssiy5AAoAFQAaABpAHMAIABjAGUAcgB0AGkAZgBp +AGMAYQB0AGUAIABpAHMAIABhAGMAYwByAGUAZABpAHQAZQBkACAAdQBuAGQAZQByACAARQBsAGUA +YwB0AHIAbwBuAGkAYwAgAFMAaQBnAG4AYQB0AHUAcgBlACAAQQBjAHQAIABvAGYAIAB0AGgAZQAg +AFIAZQBwAHUAYgBsAGkAYwAgAG8AZgAgAEsAbwByAGUAYQApMDMGA1UdEQQsMCqgKAYJKoMajJpE +CgEBoBswGQwX7ZWc6rWt7KCE7J6Q7J247KadKOyjvCkwEgYDVR0TAQH/BAgwBgEB/wIBADAMBgNV +HSQEBTADgAEAMIGOBgNVHR8EgYYwgYMwgYCgfqB8hnpsZGFwOi8vZGlyLmNyb3NzY2VydC5jb206 +Mzg5L0NOPUtJU0EtUm9vdENBLTEsT1U9S29yZWEtQ2VydGlmaWNhdGlvbi1BdXRob3JpdHktQ2Vu +dHJhbCxPPUtJU0EsQz1LUj9hdXRob3JpdHlSZXZvY2F0aW9uTGlzdDANBgkqhkiG9w0BAQUFAAOC +AQEAfAovYTiiuBdEs42+wvBYT/+aVm6C2G4/Udk1Uo3JcMbCtpvHH+7cUvRXjNH6nCYXBcjnFCD1 +Zv17WL6hEfVa3WYJhQWSQXyadOp9pmpRFf1APuCtYq/JnV/uevkxoYmYXXzvT8teTK7BacEqg8/w +DzsHkk+xw6eXCgB5ul6fOBRHJEKPmWKHSgp0o5C+3pTi5siicEL+rHPQUzb/cPBBlhfOXrkMc5Vt +14oM8N5xfBZBgxX3fEFrj2vXhR8dYPsrqm7D+87YDUqN4kP637k7wWm74RtXAAcIp/m0iQ00OjDh +cBAEMLT/e9ObEcEK6l5nGfzZK/duSvq3PnAjWFznzw== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgIBBDANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJLUjENMAsGA1UECgwE +S0lTQTEuMCwGA1UECwwlS29yZWEgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgQ2VudHJhbDEWMBQG +A1UEAwwNS0lTQSBSb290Q0EgMTAeFw0wNTA4MjQwODA1NDZaFw0yNTA4MjQwODA1NDZaMGQxCzAJ +BgNVBAYTAktSMQ0wCwYDVQQKDARLSVNBMS4wLAYDVQQLDCVLb3JlYSBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eSBDZW50cmFsMRYwFAYDVQQDDA1LSVNBIFJvb3RDQSAxMIIBIDANBgkqhkiG9w0BAQEF +AAOCAQ0AMIIBCAKCAQEAvATk+hM58DSWIGtsaLv623f/J/es7C/n/fB/bW+MKs0lCVsk9KFo/Cjs +ySXirO3eyDOE9bClCTqnsUdIxcxPjHmc+QZXfd3uOPbPFLKc6tPAXXdi8EcNuRpAU1xkcK8IWsD3 +z3X5bI1kKB4g/rcbGdNaZoNy4rCbvdMlFQ0yb2Q3lIVGyHK+d9VuHygvx2nt54OJM1jT3qC/QOhD +UO7cTWu8peqmyGGO9cNkrwYV3CmLP3WMvHFE2/yttRcdbYmDz8Yzvb9Fov4Kn6MRXw+5H5wawkbM +nChmn3AmPC7fqoD+jMUECSVPzZNHPDfqAmeS/vwiJFys0izgXAEzisEZ2wIBA6MyMDAwHQYDVR0O +BBYEFL+2J9gDWnZlTGEBQVYx5Yt7OtnMMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBABOvUQveimpb5poKyLGQSk6hAp3MiNKrZr097LuxQpVqslxa/6FjZJapaBV/JV6K+KRzwYCK +hQoOUugy50X4TmWAkZl0Q+VFnUkq8JSV3enhMNITbslOsXflBM+tWh6UCVrXPAgcrnrpFDLBRa3S +JkhyrKhB2vAhhzle3/xk/2F0KpzZm4tfwjeT2KM3LzuTa7IbB6d/CVDv0zq+IWuKkDsnSlFOa56c +h534eJAx7REnxqhZvvwYC/uOfi5C4e3nCSG9uRPFVmf0JqZCQ5BEVLRxm3bkGhKsGigA35vB1fjb +XKP4krG9tNT5UNkAAk/bg9ART6RCVmE6fhMy04Qfybo= +-----END CERTIFICATE----- + + diff --git a/test/testdata/chains/012.41b4b3980ab6389afe5647353b5abe882870b032.pem b/test/testdata/chains/012.41b4b3980ab6389afe5647353b5abe882870b032.pem new file mode 100644 index 0000000..c72fd6e --- /dev/null +++ b/test/testdata/chains/012.41b4b3980ab6389afe5647353b5abe882870b032.pem @@ -0,0 +1,73 @@ +-----BEGIN CERTIFICATE----- +MIIFVTCCBD2gAwIBAgIUKt2G2CQP6ZyX6+/O9gHZcFqZRikwDQYJKoZIhvcNAQEFBQAwUDELMAkG +A1UEBhMCS1IxHDAaBgNVBAoME0dvdmVybm1lbnQgb2YgS29yZWExDTALBgNVBAsMBEdQS0kxFDAS +BgNVBAMMC0NBMTM0MTAwMDMxMB4XDTEyMDEzMTAzMDIzOFoXDTE0MDUwMTE0NTk1OVowgYAxCzAJ +BgNVBAYTAktSMRwwGgYDVQQKDBNHb3Zlcm5tZW50IG9mIEtvcmVhMRgwFgYDVQQLDA9Hcm91cCBv +ZiBTZXJ2ZXIxHjAcBgNVBAsMFeq1kOycoeqzvO2Vmeq4sOyIoOu2gDEZMBcGA1UEAwwQYm1yaS5r +b3JlYS5hYy5rcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKuV73B+Gx1+DsUtIF5o +pF0B8vcMD1WibgWMRlgw0GG4zWhKxTIztNQ9pTctUdN4mrKvtf/rDCqDGXT9sagyipJY8OUukykA +hwqFVmfrceLbxZEGnF34HqAZrCOV/rH7S1qD0AZqnzfM7R8unXor43GPzdu5Uhf4NbUwYOpjeYm/ +vm48cx467kUjpLAAPsvg9E4Pgx7dvnwLuuDfnhcCKXTj3I2PrA1MDc32rpi8SNm/bbtO8Ze5Zb6H +o/dAiiLYd3rn/gyvvHKoZfCO/CeKI4u7MONyh8HWMxlpfPG3XOcINo61RMPq6d/hzKnwAh3zRy11 +J+EBJZO/SHhHnmVV3YcCAwEAAaOCAfQwggHwMHkGA1UdIwRyMHCAFI5G+A2eeHaizBrkD1F/UtdN +nFsboVSkUjBQMQswCQYDVQQGEwJLUjEcMBoGA1UECgwTR292ZXJubWVudCBvZiBLb3JlYTENMAsG +A1UECwwER1BLSTEUMBIGA1UEAwwLR1BLSVJvb3RDQTGCAicZMB0GA1UdDgQWBBRavyyJ3U49seIB +OfL702AETmd9ljAOBgNVHQ8BAf8EBAMCBaAwbQYDVR0gAQH/BGMwYTBfBgoqgxqGjSEFAwEJMFEw +KgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuZXBraS5nby5rci9jcHMuaHRtbDAjBggrBgEFBQcCAjAX +GhVFZHVjYXRpb24gQ2VydGlmaWNhdGUwGwYDVR0RBBQwEoIQYm1yaS5rb3JlYS5hYy5rcjAxBgNV +HRIEKjAooCYGCSqDGoyaRAoBAaAZMBcMFeq1kOycoeqzvO2Vmeq4sOyIoOu2gDCBhAYDVR0fBH0w +ezB5oHegdYZzbGRhcDovL2xkYXAuZXBraS5nby5rcjozODkvY249Y3JsMXAxZHAxMSxvdT1DUkws +b3U9R1BLSSxvPUdvdmVybm1lbnQgb2YgS29yZWEsYz1rcj9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M +aXN0O2JpbmFyeTANBgkqhkiG9w0BAQUFAAOCAQEAr5A5ISBwFUftV3M2/0T7FR77+Zli/wMtHjVd +i2KkvDtv3jotmtDLKNqsyhYTVtas7y8HtRdH/GGFNdG2wY+EKGZjI2tsHtMgZ0jb5xCCh8DMONsy +ACSTOlGp3eR1Y/1ER8yolR7jm67nFyNSAp0vjSCprXExQ9Q8UIqrm/6iYG6N08W7Or0l9qAT4Q5N +VNx068Jx+UF6Wj10gYCsbCG7YvEunPTLkldLxL3MeDoyFU3wx23MDnWYEr/EeLPZo7DyrOg++9Oq +ixNY1wuJr+WgfjGQjotiSGB6Bgy8pBZRSihGKGNbi6pp+r4UZWu+W53LL4qXoRbDBqRiXZ44C4Z0 +Ng== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIEvTCCA6WgAwIBAgICJxkwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCS1IxHDAaBgNVBAoM +E0dvdmVybm1lbnQgb2YgS29yZWExDTALBgNVBAsMBEdQS0kxFDASBgNVBAMMC0dQS0lSb290Q0Ex +MB4XDTExMTIxNTA2MDAxM1oXDTIxMTIxNTA2MDAxM1owUDELMAkGA1UEBhMCS1IxHDAaBgNVBAoM +E0dvdmVybm1lbnQgb2YgS29yZWExDTALBgNVBAsMBEdQS0kxFDASBgNVBAMMC0NBMTM0MTAwMDMx +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxGkCUA8iQHQdsTjMpV7zYjb3sBAvF/Q +K7OhhCfMGcUZVfh4z1A7X94Lxfu6CeyFn2KF2wy+AsCUs1xG+AqXB/y/zB9QPp1lZAEJotSyKbhQ +cJUNG+YwsdeEV8PIy2TvKmGjT6J+8G/RtRVA2I/lpOYcuFxS7ipu8kx78FHS9NyXiYGWPKxjemWs +VgYrfwjkcIt1mAt30nZEvcO9LuFSlldtGSEir6lZjLv9Igb/K2ayHmmnSB5i7y2DOzYKF6o1GnNF +c0fdK5VCuoyX4puQeDcSv3rVR6kwIL9c5HuC1czrD86cVY9kqe5qQUPeuvNd0gfG75mDv26yAMbm +Sx+LeQIDAQABo4IBnzCCAZsweAYDVR0jBHEwb4AUeAPrDIym01V1pIe069GaZg9Mc4uhVKRSMFAx +CzAJBgNVBAYTAktSMRwwGgYDVQQKDBNHb3Zlcm5tZW50IG9mIEtvcmVhMQ0wCwYDVQQLDARHUEtJ +MRQwEgYDVQQDDAtHUEtJUm9vdENBMYIBATAdBgNVHQ4EFgQUjkb4DZ54dqLMGuQPUX9S102cWxsw +DgYDVR0PAQH/BAQDAgEGME8GA1UdIARIMEYwDAYKKoMaho0hBQMBAzAMBgoqgxqGjSEFAwEBMAwG +CiqDGoaNIQUDAQcwDAYKKoMaho0hBQMBCTAMBgoqgxqGjSEFAwEFMBIGA1UdEwEB/wQIMAYBAf8C +AQAwDwYDVR0kAQH/BAUwA4ABADB6BgNVHR8EczBxMG+gbaBrhmlsZGFwOi8vY2VuLmRpci5nby5r +cjozODkvY249R1BLSVJvb3RDQTEsb3U9R1BLSSxvPUdvdmVybm1lbnQgb2YgS29yZWEsYz1LUj9h +dXRob3JpdHlSZXZvY2F0aW9ubGlzdDtiaW5hcnkwDQYJKoZIhvcNAQELBQADggEBAH22zMoINn+l +mZeGtxjvbSIzT8xvKH8VNw0KifIjqBbRS48duCctrCS5YGXkksNcDyAofKc1I0YyteeFJQtVGYXB +05NN10i/IwklDdOSCfsWGBprYoFG/dBaEt4cSh/cgTQYxQWYmPhxYPUDF24yIVJSUvt1heZnSBP8 +vHayUa5Cvyyh8NibORHyGRZ0183cJrpqjDgw80Y/YgD7CMxw6P/rRw9vx1c0pbhhp68uc1jrYvKN +xlfJrt/aGCm/sSxAPnbTUOtgBG22ghWnzamTtQingsgJiKF7GCDXeTRkt2GQgkHarm7vbZykMHmq +8w1dYdrwkPFb8E5ejajxn30Uyyo= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDXTCCAkWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJLUjEcMBoGA1UECgwT +R292ZXJubWVudCBvZiBLb3JlYTENMAsGA1UECwwER1BLSTEUMBIGA1UEAwwLR1BLSVJvb3RDQTEw +HhcNMTEwODAzMDY1MjMwWhcNMzEwODAzMDY1MjMwWjBQMQswCQYDVQQGEwJLUjEcMBoGA1UECgwT +R292ZXJubWVudCBvZiBLb3JlYTENMAsGA1UECwwER1BLSTEUMBIGA1UEAwwLR1BLSVJvb3RDQTEw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh/m8EBbDJhGQyN2+g5dTlsgjtaRKqhgj3 +gkYKBgtuXsXkaTVxbf99AvbN3QE8+WCIaPJUd0091UGmLzaBVyW4ct+iUNrX/FXyzjafbNbbl1nf +HhaZhkiOTVQhmY5zuj96evEtJMevnxe6iRADOPWnqp+CxT2IzcSFkQCq7L2qn8hU2/LpXUvnAYgl +JZi8t6Ef+r03P1r8dA5OzZ8yV3qhD1R1wsNQtCzMgwcErFRZhFZYuxpfmS5y0fZW0seeTjcdxHiR +3whYI5U6AI7DjdWIrT9Cd9ByV4aevkBhqkePPIYGmUPXnnqCkdHdnzkMH0WP9TBhD2jTXZKdcFtT +yEJrAgMBAAGjQjBAMB0GA1UdDgQWBBR4A+sMjKbTVXWkh7Tr0ZpmD0xzizAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEARGJWATwo81x7UEQugNbicL8I +WXoV51SZVH3kz49fNUjVoq1n2yzfaMddlblbflDNObp/68DxTlSXCeqFHkgi/WvyVHERRECXnF0W +eeelI+Q8XdF3IJZLT3u5Ss0VAB2loCuC+4hBWSRQu2WZu2Yks9eBN0x6NmtopRmnf2d6VrcFA+WO +gUeTjXiDkG52IaPw0w1uTfmRw5epky5idyY2bfJ1JeVUINMJnOWpgLkOH3xxakoD8F1Fbi6C3t7M +mKupojUq/toUDms6zTk3DIkcwd7PALNWL5U8TxNLoroTHSf/lzaOv3o9KDRa0FQo58bPI7MdbRWE +4F3mS/ZIrnv7jQ== +-----END CERTIFICATE----- + + diff --git a/test/testdata/chains/013.9e862686af81aa013267c2b5fd098720734bc93b.pem b/test/testdata/chains/013.9e862686af81aa013267c2b5fd098720734bc93b.pem new file mode 100644 index 0000000..08b7b4e --- /dev/null +++ b/test/testdata/chains/013.9e862686af81aa013267c2b5fd098720734bc93b.pem @@ -0,0 +1,69 @@ +-----BEGIN CERTIFICATE----- +MIIGFTCCBP2gAwIBAgIDAuH+MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVTMRcwFQYDVQQK +Ew5DeWJlcnRydXN0IEluYzERMA8GA1UECxMIU2VydmljZXMxDDAKBgNVBAsTA1BLSTEnMCUGA1UE +AxMeQ3liZXJ0cnVzdCBQdWJsaWMgSXNzdWluZyBDQSAxMB4XDTEzMDkwMzE3NDkwMloXDTE0MDkw +MzE3NDkwMlowgdMxEzARBgoJkiaJk/IsZAEZFgNnb3YxEjAQBgoJkiaJk/IsZAEZFgJ2YTElMCMG +A1UECAwcV2VzdCBWaXJnaW5pYSxEQ1w9dmEsRENcPWdvdjEXMBUGA1UEBxMORmFsbGluZyBXYXRl +cnMxKjAoBgNVBAoTIVVTIERlcGFydG1lbnQgb2YgVmV0ZXJhbnMgQWZmYWlyczEjMCEGA1UECxMa +Q2FwaXRvbCBSZWdpb24gRGF0YSBDZW50ZXIxFzAVBgNVBAMTDnd3dy5wYXkudmEuZ292MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1g8bd2bmPCPClPcM85qxhvGKKt/k2FxsipOyGec +imRM4V3weC3mKvUBOEJmQuLm2B81NTVJmEFBgxIlho09HGDxpMj8B+JGDe0VHkjvJgf6xod4a5gC +jHaKSkCv/DsIWeyi/9SIJlTUgc8MdAXU5PMCYUvOD8IEq6Q9L6g28g9FDeFGboDKCgtRSsLaEGoX +QV4VqTu6aBT1Ecrhy0IdcvE9O+LRCAvZh/z3+k0tpkA/C6gdH5mBiALjGbpqRbwCmXC04RkJG9r2 +WBA+cMXK1vhM7PrsdcJhqLvDTM3aqGhYxkR/8ixuYsHn7QML/AKXeEXrXD6phi4Foik8gO1Q8QID +AQABo4ICUjCCAk4wEwYDVR0RBAwwCocIAAAAAP///wAwgdMGCCsGAQUFBwEBBIHGMIHDMEAGCCsG +AQUFBzAChjRodHRwOi8vYWlhMS5jb20tc3Ryb25nLWlkLm5ldC9DQS9DVC1QVUJMSUMtSUNBLTEu +cDdjMH8GCCsGAQUFBzAChnNsZGFwOi8vZGlyMS5jb20tc3Ryb25nLWlkLm5ldC9jbj1DeWJlcnRy +dXN0IFB1YmxpYyBJc3N1aW5nIENBIDEsb3U9UEtJLG91PVNlcnZpY2VzLG89Q3liZXJ0cnVzdCwg +Yz1VUz9jQUNlcnRpZmljYXRlMA4GA1UdDwEB/wQEAwIFoDAjBgNVHSUEHDAaBgRVHSUABggrBgEF +BQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUVJyBRgoWyv9g+eqKRQp1XE6y3oowgesGA1UdHwSB +4zCB4DA8oDqgOIY2aHR0cDovL2NkcDEuY29tLXN0cm9uZy1pZC5uZXQvQ0RQL0NULVBVQkxJQy1J +LUNBLTEuY3JsMIGfoIGcoIGZhoGWbGRhcDovL2RpcjEuc3NwLXN0cm9uZy1pZC5uZXQvY24lM2RD +eWJlcnRydXN0JTIwUHVibGljJTIwSXNzdWluZyUyMENBJTIwMSxvdSUzZFBLSSxvdSUzZFNlcnZp +Y2VzLG8lM2RDeWJlcnRydXN0JTIwSW5jLGMlM2RVUz9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0 +MB0GA1UdDgQWBBSgzZLv1sNwrXLn8if9Dk6qpxQUFjANBgkqhkiG9w0BAQUFAAOCAQEAn5xdVJ99 +9WnC+NPfnb7TAobQzKKnsuQu0AfHXFLaLkgVGePG7uBo+W3dtWWLk45YO8ae5hOAcPhhnarYIQir +5TaPYpSoZvzOu/bRw8ZajPQsuGNv0PbGPhqLP8MzGJxlCHeWkG44MPSvRpbuh5IrWsI7eqpInUPq +azJMUyC+D+HhqW9GHyAfWsZyR/NlNFN2R3mx2EbTkflfD1vGWPhyqW7i33nh2MKMiuQMe2rUO5iL +ZsLA/JaIshWp4vjFQLo/a8lrcUNan5gs45sO6ibTK6Vpr03KpVg3GVa4PsfdGiY6PLPtyK0WIF2O +ETUkNcR0xhFmuK850LNDorhyzUdCiw== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIEUzCCA7ygAwIBAgIEBycUnzANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJVUzEYMBYGA1UE +ChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIElu +Yy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEdsb2JhbCBSb290MB4XDTA3MDcxMTE4MTYxMFoX +DTE3MDcxMTE4MTUyMFowcDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkN5YmVydHJ1c3QgSW5jMREw +DwYDVQQLEwhTZXJ2aWNlczEMMAoGA1UECxMDUEtJMScwJQYDVQQDEx5DeWJlcnRydXN0IFB1Ymxp +YyBJc3N1aW5nIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCybxFtLjT4sEpg +TGaXge5SLQp13Uq5uznggVhoT0+deGB550ttPPeGAC4hSEnGjeMhvKszR+r1/biw0NpGCxMR7wAM +nwFW0cBZIgjWNdoHfooFyGweAqB+SQMvJUNibbHKw1RQH2CpQoGwDk8wNfpP04My+xwnYKaqZ3FR +IexAUNzeoCVBzIIDruXgmEmmF2eUtWy9VhWFvNxHLJjVGYDL3Ai9AciKntwV71YwR1XZqga6/Fxq +fdWDzltCANQhBE/yoI+PQTemTJ0bnsHmL0XszBdKE5CFZgVebQu9ssVomVu8SEnnDJFx0fj1EhT8 +9+mDTzae6Zd7Npe1B3BB1XllAgMBAAGjggFvMIIBazASBgNVHRMBAf8ECDAGAQH/AgEAMFMGA1Ud +IARMMEowSAYJKwYBBAGxPgEAMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly9jeWJlcnRydXN0Lm9tbmly +b290LmNvbS9yZXBvc2l0b3J5LmNmbTAOBgNVHQ8BAf8EBAMCAcYwgYkGA1UdIwSBgTB/oXmkdzB1 +MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3li +ZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEdsb2JhbCBS +b290ggIBpTBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vd3d3LnB1YmxpYy10cnVzdC5jb20vY2dp +LWJpbi9DUkwvMjAxOC9jZHAuY3JsMB0GA1UdDgQWBBRUnIFGChbK/2D56opFCnVcTrLeijANBgkq +hkiG9w0BAQUFAAOBgQAPZ5XZrnS2sqq3+uErzpLVkpRbQRWUUdCxMtN7RLL3HKc8xmXRJ3lhMslE +AgDk+xr5QxLOuUa2EqTnMFlwvh9J81O3+uZACBZqWkb1db2ThW49WnlO7Nok78Rmb6ZQvTTNjsCx +GYKcu9v6m4Z6AK2Y6vyc+jTx/WL+jlTJMkOahg== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9HVEUg +Q29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5jLjEjMCEG +A1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJvb3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEz +MjM1OTAwWjB1MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQL +Ex5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0 +IEdsb2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrHiM3dFw4u +sJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTSr41tiGeA5u2ylc9yMcql +HHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X404Wqk2kmhXBIgD8SFcd5tB8FLztimQID +AQABMA0GCSqGSIb3DQEBBAUAA4GBAG3rGwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMW +M4ETCJ57NE7fQMh017l93PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OF +NMQkpw0PlZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/ +-----END CERTIFICATE----- + + diff --git a/tools/certtools.py b/tools/certtools.py index 939d9f1..2c97dfb 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -668,3 +668,13 @@ def verify_inclusion_proof(inclusion_proof, index, treesize, leafhash): assert len(nodes_for_index(index, treesize)) == len(inclusion_proof) (_, hash) = reduce(lambda e1, e2: combine_two_hashes(e1, e2, treesize), chain) return hash + +def extract_original_entry(entry): + leaf_input = base64.decodestring(entry["leaf_input"]) + (leaf_cert, timestamp, issuer_key_hash) = unpack_mtl(leaf_input) + extra_data = base64.decodestring(entry["extra_data"]) + if issuer_key_hash != None: + (precert, extra_data) = extract_precertificate(extra_data) + leaf_cert = precert + certchain = decode_certificate_chain(extra_data) + return ([leaf_cert] + certchain, timestamp, issuer_key_hash) diff --git a/tools/fetchacert.py b/tools/fetchacert.py new file mode 100755 index 0000000..82ea7c1 --- /dev/null +++ b/tools/fetchacert.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import argparse +import base64 +from certtools import * + +parser = argparse.ArgumentParser(description='') +parser.add_argument('baseurl', help="Base URL for CT server") +parser.add_argument('index', type=int, help="Index for entry to fetch") +args = parser.parse_args() + +rawentries = get_entries(args.baseurl, args.index, args.index)["entries"] +entry = extract_original_entry(rawentries[0]) +(chain, _timestamp, _issuer_key_hash) = entry +s = "" +for cert in chain: + s += "-----BEGIN CERTIFICATE-----\n" + s += base64.encodestring(cert).rstrip() + "\n" + s += "-----END CERTIFICATE-----\n" + s += "\n" +print s diff --git a/tools/fetchallcerts.py b/tools/fetchallcerts.py index 398c563..e0ea92f 100755 --- a/tools/fetchallcerts.py +++ b/tools/fetchallcerts.py @@ -24,16 +24,6 @@ parser.add_argument('--store', default=None, metavar="dir", help='Store certific parser.add_argument('--write-sth', action='store_true', help='Write STH') args = parser.parse_args() -def extract_original_entry(entry): - leaf_input = base64.decodestring(entry["leaf_input"]) - (leaf_cert, timestamp, issuer_key_hash) = unpack_mtl(leaf_input) - extra_data = base64.decodestring(entry["extra_data"]) - if issuer_key_hash != None: - (precert, extra_data) = extract_precertificate(extra_data) - leaf_cert = precert - certchain = decode_certificate_chain(extra_data) - return ([leaf_cert] + certchain, timestamp, issuer_key_hash) - def get_entries_wrapper(baseurl, start, end): fetched_entries = 0 while start + fetched_entries < (end + 1): |