diff options
author | btolsch <btolsch@chromium.org> | 2019-08-05 14:05:39 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-08-05 21:13:19 +0000 |
commit | aaad6a5a809d7978bdbab44d7e9b6a5309abd008 (patch) | |
tree | b0a0bf99add045b7a8194a6c13f6de42ff3472dc /test | |
parent | ae3631bd047dbe5c4afde1f8363822bbd397130d (diff) | |
download | openscreen-aaad6a5a809d7978bdbab44d7e9b6a5309abd008.tar.gz |
Add cast device certificate verification
This change migrates some of Chromium's //components/cast_certificate
code. Specifically, this change starts the migration by doing basic
certificate chain validation checks. It does not include the revocation
list, as well as a few other final steps for complete verification
support according to RFC 5280.
Change-Id: I3853d4ce831a77a4b71b4f63974d1a156948152f
Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/1721328
Commit-Queue: Brandon Tolsch <btolsch@chromium.org>
Reviewed-by: Peter Thatcher <pthatcher@google.com>
Reviewed-by: Max Yakimakha <yakimakha@chromium.org>
Diffstat (limited to 'test')
29 files changed, 6377 insertions, 0 deletions
diff --git a/test/data/cast/common/certificate/certificates/audio_ref_dev_test_chain_3.pem b/test/data/cast/common/certificate/certificates/audio_ref_dev_test_chain_3.pem new file mode 100644 index 00000000..b2f3550a --- /dev/null +++ b/test/data/cast/common/certificate/certificates/audio_ref_dev_test_chain_3.pem @@ -0,0 +1,264 @@ +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 109 (0x6d) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Audio Reference Dev Model + Validity + Not Before: Jan 22 06:12:57 2016 GMT + Not After : May 1 06:12:57 2016 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Audio Reference Dev Test + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a5:24:b3:ec:b7:71:b4:f7:33:1b:98:ac:3d:74: + a4:47:c6:1d:52:9f:79:64:58:d5:ad:84:7f:a5:f2: + bd:24:43:df:c7:11:ae:c0:cb:cd:6f:48:11:da:5b: + d9:43:ac:bf:2b:ac:27:81:e9:a9:d4:04:b3:ac:5b: + 97:6c:2e:c2:ca:98:eb:78:14:a1:67:63:91:d5:a8: + 29:1a:33:e7:fb:ec:d1:27:e3:c1:e7:cd:ff:cc:2e: + c6:cf:f0:ad:5f:d4:57:27:0d:a1:8b:ef:60:2c:1d: + 11:11:bb:4c:7a:c5:18:1f:20:20:db:ec:83:88:2f: + 87:69:4b:0c:7d:73:26:4f:46:63:24:de:20:05:83: + a5:5d:3c:5a:8b:4d:28:de:57:53:18:a0:c8:54:4f: + a7:29:b1:2d:5d:cf:5b:da:94:88:c2:27:91:74:23: + 24:01:2d:75:51:44:e6:a4:6a:02:21:a6:ee:fc:45: + ef:6f:f4:53:2c:18:ce:8b:6b:06:46:b8:54:de:cc: + 52:c3:86:ce:53:7a:90:01:5d:14:c8:e8:af:ec:cd: + 9e:0b:1a:ee:96:e5:2b:fd:04:c3:8b:b2:e4:f8:73: + 18:64:0c:84:35:3b:d6:46:d3:f2:72:55:06:fc:32: + 99:df:14:c9:1a:40:45:ee:61:8c:82:ab:62:6b:7e: + 55:35 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 71:19:3F:70:2E:3C:35:18:E1:95:2A:6C:C4:EC:DF:41:99:E1:E4:FF + X509v3 Authority Key Identifier: + keyid:60:2A:2F:AD:48:80:2C:77:FC:A7:44:15:7D:5B:E7:9B:63:AA:11:FE + + X509v3 Key Usage: + Digital Signature + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + 4e:c8:d5:bd:d1:68:a6:db:41:d7:2e:2f:3b:05:64:de:21:21: + 04:68:69:56:2f:da:6d:50:f9:3b:39:a1:34:e1:e4:65:2c:96: + 14:7d:68:4d:31:86:5d:26:6f:20:72:4e:f3:96:b3:3f:96:f0: + e3:6b:f3:fe:18:3f:58:c7:2a:17:55:03:af:44:90:7d:59:34: + 51:4c:63:dc:78:b5:c0:a8:0c:3e:02:9e:f0:f2:17:60:c3:a6: + c3:96:c5:04:8a:c0:40:81:7e:91:0a:8d:03:af:9e:f0:59:df: + 6a:bb:cd:e7:50:24:0a:f0:c6:20:8d:5e:91:8c:75:91:de:b7: + 3d:62:33:9d:96:1f:0a:21:be:a4:19:24:dc:81:b3:02:e5:6a: + 5b:2d:52:d8:c4:e0:b2:50:74:a9:37:53:3f:7d:25:f1:19:81: + a0:40:9c:7f:6d:91:45:d0:b6:50:12:7f:bd:95:4d:70:00:cc: + d8:c1:be:a4:8e:54:73:a8:44:50:0d:e6:f0:ee:49:cf:92:19: + 43:2f:d0:87:60:d1:dd:10:49:18:a1:03:aa:0f:40:c6:6b:14: + 79:bd:aa:81:d9:06:09:88:de:41:fe:54:3c:4e:a9:af:4a:be: + a9:b2:c1:da:92:73:e1:fa:3b:e8:86:1b:55:31:e7:9e:f7:85: + 46:96:ad:80 +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIBbTANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzAR +BgNVBAoMCkdvb2dsZSBJbmMxDTALBgNVBAsMBENhc3QxIjAgBgNVBAMMGUF1ZGlv +IFJlZmVyZW5jZSBEZXYgTW9kZWwwHhcNMTYwMTIyMDYxMjU3WhcNMTYwNTAxMDYx +MjU3WjCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxDTALBgNVBAsM +BENhc3QxITAfBgNVBAMMGEF1ZGlvIFJlZmVyZW5jZSBEZXYgVGVzdDCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKUks+y3cbT3MxuYrD10pEfGHVKfeWRY +1a2Ef6XyvSRD38cRrsDLzW9IEdpb2UOsvyusJ4HpqdQEs6xbl2wuwsqY63gUoWdj +kdWoKRoz5/vs0SfjwefN/8wuxs/wrV/UVycNoYvvYCwdERG7THrFGB8gINvsg4gv +h2lLDH1zJk9GYyTeIAWDpV08WotNKN5XUxigyFRPpymxLV3PW9qUiMInkXQjJAEt +dVFE5qRqAiGm7vxF72/0UywYzotrBka4VN7MUsOGzlN6kAFdFMjor+zNngsa7pbl +K/0Ew4uy5PhzGGQMhDU71kbT8nJVBvwymd8UyRpARe5hjIKrYmt+VTUCAwEAAaOB +iTCBhjAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxGT9wLjw1GOGVKmzE7N9BmeHk/zAf +BgNVHSMEGDAWgBRgKi+tSIAsd/ynRBV9W+ebY6oR/jALBgNVHQ8EBAMCB4AwEwYD +VR0lBAwwCgYIKwYBBQUHAwIwFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUCMA0GCSqG +SIb3DQEBCwUAA4IBAQBOyNW90Wim20HXLi87BWTeISEEaGlWL9ptUPk7OaE04eRl +LJYUfWhNMYZdJm8gck7zlrM/lvDja/P+GD9YxyoXVQOvRJB9WTRRTGPceLXAqAw+ +Ap7w8hdgw6bDlsUEisBAgX6RCo0Dr57wWd9qu83nUCQK8MYgjV6RjHWR3rc9YjOd +lh8KIb6kGSTcgbMC5WpbLVLYxOCyUHSpN1M/fSXxGYGgQJx/bZFF0LZQEn+9lU1w +AMzYwb6kjlRzqERQDebw7knPkhlDL9CHYNHdEEkYoQOqD0DGaxR5vaqB2QYJiN5B +/lQ8TqmvSr6pssHaknPh+jvohhtVMeee94VGlq2A +-----END CERTIFICATE----- + +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 108 (0x6c) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Audio Dev Root CA + Validity + Not Before: Jan 22 06:12:45 2016 GMT + Not After : May 1 06:12:45 2016 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Audio Reference Dev Model + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e6:94:18:c6:48:31:b5:a9:a9:b7:28:b7:17:32: + 04:e5:0c:83:26:73:bc:97:f8:e8:e1:7c:2e:e4:23: + 57:e6:42:0f:0b:af:2f:96:b0:d9:a5:4b:db:89:59: + 94:9a:52:e3:10:b5:e9:4b:38:be:79:0a:4a:ec:4f: + 90:bd:eb:3b:af:e0:83:f7:98:37:1b:57:e0:91:72: + 9b:d8:da:82:09:3a:9c:f0:0a:c6:ef:fd:92:a3:b3: + e4:92:2a:68:23:37:8a:d5:a6:9b:db:9a:bd:68:ce: + 2a:1e:83:0e:8d:4b:b0:52:f0:3c:1f:7e:dd:94:87: + 06:45:5b:bb:0c:52:50:ed:d3:71:9b:28:51:a7:ed: + 09:fc:2c:52:79:bb:98:a5:7e:17:48:c1:f2:33:90: + 4b:03:1b:28:17:11:40:e1:c4:93:3f:85:51:f1:c9: + a1:e7:23:13:6d:81:a7:86:b9:c4:60:00:ad:51:2e: + 96:b3:41:ac:a9:1e:9b:93:18:11:f3:6b:e8:3a:ba: + d3:c9:f9:7e:02:eb:c6:bf:95:dc:b6:24:fb:d7:5c: + 8f:16:5b:14:3d:9a:31:0f:0b:a4:3e:ec:99:3f:4d: + bc:e4:7f:1f:66:d6:91:d7:5e:15:c9:60:b1:65:64: + 5c:ab:a1:09:32:3f:67:9a:76:e6:fa:aa:07:05:3a: + 0c:95 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 60:2A:2F:AD:48:80:2C:77:FC:A7:44:15:7D:5B:E7:9B:63:AA:11:FE + X509v3 Authority Key Identifier: + keyid:4F:93:EA:B8:A6:60:AF:AB:A8:B3:5E:B7:A6:37:7E:66:BD:43:BC:06 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + 26:69:33:c7:82:4d:fe:0e:a7:f5:5b:69:a6:1c:eb:2c:6a:48: + 2b:db:e1:ae:40:bf:fb:c4:9d:53:71:2d:e6:74:40:7c:f6:f1: + c0:16:98:70:e2:15:94:38:66:9e:31:54:d7:99:33:e0:ca:66: + c5:1c:dd:2d:d2:ff:9e:76:c1:7f:69:ac:b0:89:f7:45:70:ff: + 27:5f:fe:ec:10:a5:33:61:30:fc:1d:0d:4a:d2:74:69:15:7c: + 80:df:ad:ea:19:0e:99:9c:fa:22:48:e7:75:86:9e:01:4b:d2: + d6:30:82:b2:44:82:10:4d:61:c1:01:37:68:9f:1d:01:d7:67: + 83:85:7e:6d:98:88:3b:bd:8b:08:75:0c:6f:e0:72:c1:62:33: + 12:a9:4b:79:39:d8:4e:1f:f6:db:8d:19:75:32:33:c1:8a:4b: + 0f:e0:3a:f9:fb:7a:b8:91:49:4e:db:f5:13:4b:53:dc:42:79: + 90:3c:eb:91:9a:10:4f:02:5b:59:1e:d8:80:ae:94:8d:a7:c7: + ff:d5:a6:86:1c:a6:3a:c9:95:9f:0e:37:c4:9d:1c:13:05:a8: + 9e:2b:57:f3:1a:ba:c2:fd:d5:58:9b:e5:62:62:7a:8b:43:0c: + c2:4b:4d:4f:35:5e:75:a1:da:f6:73:7f:ce:07:c1:61:ed:26: + 3f:3c:04:bd +-----BEGIN CERTIFICATE----- +MIID9jCCAt6gAwIBAgIBbDANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEG +A1UECgwKR29vZ2xlIEluYzENMAsGA1UECwwEQ2FzdDEfMB0GA1UEAwwWQ2FzdCBB +dWRpbyBEZXYgUm9vdCBDQTAeFw0xNjAxMjIwNjEyNDVaFw0xNjA1MDEwNjEyNDVa +MIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN +TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzENMAsGA1UECwwEQ2Fz +dDEiMCAGA1UEAwwZQXVkaW8gUmVmZXJlbmNlIERldiBNb2RlbDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAOaUGMZIMbWpqbcotxcyBOUMgyZzvJf46OF8 +LuQjV+ZCDwuvL5aw2aVL24lZlJpS4xC16Us4vnkKSuxPkL3rO6/gg/eYNxtX4JFy +m9jaggk6nPAKxu/9kqOz5JIqaCM3itWmm9uavWjOKh6DDo1LsFLwPB9+3ZSHBkVb +uwxSUO3TcZsoUaftCfwsUnm7mKV+F0jB8jOQSwMbKBcRQOHEkz+FUfHJoecjE22B +p4a5xGAArVEulrNBrKkem5MYEfNr6Dq608n5fgLrxr+V3LYk+9dcjxZbFD2aMQ8L +pD7smT9NvOR/H2bWkddeFclgsWVkXKuhCTI/Z5p25vqqBwU6DJUCAwEAAaN5MHcw +DwYDVR0TBAgwBgEB/wIBADAdBgNVHQ4EFgQUYCovrUiALHf8p0QVfVvnm2OqEf4w +HwYDVR0jBBgwFoAUT5PquKZgr6uos163pjd+Zr1DvAYwCwYDVR0PBAQDAgEGMBcG +A1UdIAQQMA4wDAYKKwYBBAHWeQIFAjANBgkqhkiG9w0BAQsFAAOCAQEAJmkzx4JN +/g6n9VtpphzrLGpIK9vhrkC/+8SdU3Et5nRAfPbxwBaYcOIVlDhmnjFU15kz4Mpm +xRzdLdL/nnbBf2mssIn3RXD/J1/+7BClM2Ew/B0NStJ0aRV8gN+t6hkOmZz6Ikjn +dYaeAUvS1jCCskSCEE1hwQE3aJ8dAddng4V+bZiIO72LCHUMb+BywWIzEqlLeTnY +Th/2240ZdTIzwYpLD+A6+ft6uJFJTtv1E0tT3EJ5kDzrkZoQTwJbWR7YgK6UjafH +/9WmhhymOsmVnw43xJ0cEwWonitX8xq6wv3VWJvlYmJ6i0MMwktNTzVedaHa9nN/ +zgfBYe0mPzwEvQ== +-----END CERTIFICATE----- + +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 100 (0x64) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Root CA + Validity + Not Before: Jan 22 06:10:27 2016 GMT + Not After : May 1 06:10:27 2016 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Audio Dev Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b9:86:ee:81:9b:07:f1:c6:15:6a:30:1e:41:bd: + 3b:70:f4:96:88:7d:f7:d3:29:63:3d:b8:ca:a1:ec: + 3d:81:43:08:85:2b:30:5f:4b:6b:54:19:a9:92:46: + 98:9a:2e:2a:ff:9d:f3:48:b2:5d:d6:0a:9c:49:81: + 6a:63:1a:12:e7:8e:3c:39:74:67:67:c7:d5:d4:f3: + 7c:45:65:07:84:15:b1:df:0b:16:0d:21:de:71:24: + b0:88:00:8a:69:cf:ae:70:24:82:64:60:48:c8:5a: + 52:86:50:73:36:e0:24:53:5c:e8:58:13:7a:29:b8: + 8a:a8:39:68:98:12:bf:9f:37:df:60:67:e0:3f:1f: + fa:de:b7:d1:a4:17:c3:c2:c5:b5:be:d7:98:e1:3d: + 0d:59:66:e5:07:49:9a:bb:9e:4f:f3:37:38:37:df: + 0c:19:8b:cd:fd:2c:fc:f5:a9:09:6b:4a:d3:13:22: + 8f:fd:f9:64:e5:2c:5f:be:5a:a5:84:32:9c:e5:2a: + 73:f5:dc:aa:57:c2:7f:3e:d6:7c:9f:55:f0:28:9c: + 21:ba:e6:99:61:fc:39:0d:31:ac:14:9d:c1:97:b5: + e8:ce:97:1b:19:b8:c0:ae:52:1a:2a:46:7a:2c:f8: + c4:18:7d:6a:73:12:20:ec:39:47:e0:de:e3:d5:8d: + 82:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:1 + X509v3 Subject Key Identifier: + 4F:93:EA:B8:A6:60:AF:AB:A8:B3:5E:B7:A6:37:7E:66:BD:43:BC:06 + X509v3 Authority Key Identifier: + keyid:7C:9A:1E:7D:DF:79:54:BC:D7:CC:5E:CA:99:86:45:79:65:74:28:19 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + b8:4e:e3:75:e3:9a:5a:9c:65:d3:5a:de:c3:12:1c:bc:5b:97: + 58:a9:c1:17:53:71:1c:da:47:b4:44:51:59:eb:d3:97:56:b9: + b6:4d:cb:ba:b7:87:b8:de:18:33:f4:78:c2:f9:7b:25:0b:cb: + 6e:6a:6c:df:a0:e0:88:4f:08:25:ec:b1:f5:5f:24:d4:47:c6: + ca:4f:c7:86:b8:84:ea:e9:d3:f5:b2:6d:fa:b6:1e:a2:fe:af: + ac:61:91:f0:7b:1a:9a:52:c5:8a:d6:b9:9f:1b:4c:0a:e5:0c: + 45:b9:db:d1:97:99:6f:cc:ee:a6:d6:41:ce:d4:cf:63:88:e4: + 01:ee:05:a7:61:6c:e8:41:bd:29:59:54:ab:b4:94:f7:1c:30: + c2:ea:8b:98:9e:e7:ce:6a:02:28:a6:d6:61:e9:e9:58:23:2a: + d5:21:2c:01:62:f8:11:dd:6e:8e:2d:c5:c6:ae:fa:89:c6:fd: + d9:e0:62:be:f4:ff:7e:58:15:ca:db:d3:cb:da:92:45:69:d4: + 46:c6:48:ba:96:a7:ef:be:9e:27:08:75:92:94:85:c8:8e:44: + 4e:71:75:a1:e3:f6:5e:25:59:80:5d:9e:0f:01:7e:6d:41:72: + 2d:ae:2d:56:b1:6d:d6:b2:93:fc:6c:05:22:df:28:0f:09:62: + 61:65:46:2d +-----BEGIN CERTIFICATE----- +MIID6DCCAtCgAwIBAgIBZDANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEG +A1UECgwKR29vZ2xlIEluYzENMAsGA1UECwwEQ2FzdDEVMBMGA1UEAwwMQ2FzdCBS +b290IENBMB4XDTE2MDEyMjA2MTAyN1oXDTE2MDUwMTA2MTAyN1owfzELMAkGA1UE +BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZp +ZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxDTALBgNVBAsMBENhc3QxHzAdBgNVBAMM +FkNhc3QgQXVkaW8gRGV2IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC5hu6BmwfxxhVqMB5BvTtw9JaIfffTKWM9uMqh7D2BQwiFKzBfS2tU +GamSRpiaLir/nfNIsl3WCpxJgWpjGhLnjjw5dGdnx9XU83xFZQeEFbHfCxYNId5x +JLCIAIppz65wJIJkYEjIWlKGUHM24CRTXOhYE3opuIqoOWiYEr+fN99gZ+A/H/re +t9GkF8PCxbW+15jhPQ1ZZuUHSZq7nk/zNzg33wwZi839LPz1qQlrStMTIo/9+WTl +LF++WqWEMpzlKnP13KpXwn8+1nyfVfAonCG65plh/DkNMawUncGXtejOlxsZuMCu +UhoqRnos+MQYfWpzEiDsOUfg3uPVjYIPAgMBAAGjeTB3MA8GA1UdEwQIMAYBAf8C +AQEwHQYDVR0OBBYEFE+T6rimYK+rqLNet6Y3fma9Q7wGMB8GA1UdIwQYMBaAFHya +Hn3feVS818xeypmGRXlldCgZMAsGA1UdDwQEAwIBBjAXBgNVHSAEEDAOMAwGCisG +AQQB1nkCBQIwDQYJKoZIhvcNAQELBQADggEBALhO43XjmlqcZdNa3sMSHLxbl1ip +wRdTcRzaR7REUVnr05dWubZNy7q3h7jeGDP0eML5eyULy25qbN+g4IhPCCXssfVf +JNRHxspPx4a4hOrp0/Wybfq2HqL+r6xhkfB7GppSxYrWuZ8bTArlDEW529GXmW/M +7qbWQc7Uz2OI5AHuBadhbOhBvSlZVKu0lPccMMLqi5ie585qAiim1mHp6VgjKtUh +LAFi+BHdbo4txcau+onG/dngYr70/35YFcrb08vakkVp1EbGSLqWp+++nicIdZKU +hciORE5xdaHj9l4lWYBdng8Bfm1Bci2uLVaxbdayk/xsBSLfKA8JYmFlRi0= +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/cast_root_ca.pem b/test/data/cast/common/certificate/certificates/cast_root_ca.pem new file mode 100644 index 00000000..25af1388 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/cast_root_ca.pem @@ -0,0 +1,80 @@ +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Root CA + Validity + Not Before: Apr 2 17:34:26 2014 GMT + Not After : Mar 28 17:34:26 2034 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ba:d9:65:9d:da:39:d3:c1:77:f6:d4:d0:ae:8f: + 58:08:68:39:4a:95:ed:70:cf:fd:79:08:a9:aa:e5: + e9:b8:a7:2d:a0:67:47:8a:9e:c9:cf:70:b3:05:87: + 69:11:ec:70:98:97:c3:e6:c3:c3:eb:bd:c6:b0:3d: + fc:4f:c1:5e:38:9f:da:cf:73:30:06:5b:79:37:c1: + 5e:8c:87:47:94:9a:41:92:2a:d6:95:c4:71:5c:27: + 5d:08:b1:80:c6:92:bd:1b:e3:41:97:a1:ec:75:9f: + 55:9e:3e:9f:8f:1c:c7:65:64:07:d3:b3:96:a1:04: + 9f:91:c4:de:0a:7b:6c:d9:c8:c0:78:31:a0:19:42: + a9:e8:83:e3:ce:fc:f1:ce:c2:2e:24:46:95:09:19: + ca:c0:46:b2:e5:01:ba:d7:4f:f3:bf:f6:69:ad:99: + 04:fa:a0:07:39:0e:e6:df:51:47:07:c0:e4:a9:5c: + 4b:94:c5:2f:b3:a0:30:7f:e7:95:6b:b2:af:32:0d: + f1:8c:d5:6d:cb:7b:47:a7:08:ab:cb:27:a3:4d:cf: + 4a:5a:f1:05:d1:f8:62:c5:10:2a:74:69:aa:e6:4b: + 96:fb:9b:d8:63:e4:58:66:d3:ad:8a:6e:ff:7b:5e: + f9:a5:56:1e:2d:82:31:5b:f0:e2:24:e6:41:4a:1f: + ae:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:2 + X509v3 Subject Key Identifier: + 7C:9A:1E:7D:DF:79:54:BC:D7:CC:5E:CA:99:86:45:79:65:74:28:19 + X509v3 Authority Key Identifier: + keyid:7C:9A:1E:7D:DF:79:54:BC:D7:CC:5E:CA:99:86:45:79:65:74:28:19 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Signature Algorithm: sha1WithRSAEncryption + 80:f4:5a:fb:3d:28:19:51:20:d7:d4:fb:12:97:4a:65:f2:58: + 35:92:77:30:6a:f1:d7:b6:51:1a:7f:9a:cd:c7:7b:03:42:ad: + 55:6a:00:af:f0:e1:06:c2:bd:6b:78:75:db:fe:41:11:53:4a: + 39:bb:9a:3a:c6:59:34:2f:2c:33:e3:b2:d6:5c:7f:dd:78:eb: + 71:5b:39:da:83:90:c5:31:e2:3f:23:ef:da:eb:2b:2d:77:5e: + de:c3:43:d2:c9:6b:59:82:ca:d5:ed:fa:a1:64:5b:cb:f1:0d: + 1a:62:e1:9c:e8:a7:18:70:f0:5f:17:96:f8:ed:86:db:ae:1d: + e0:cf:3e:5d:2e:ee:16:6d:95:2b:3c:fd:97:f3:05:5a:24:68: + 4d:39:b6:f8:e4:58:ba:f5:e0:26:78:51:c5:5b:5d:4e:09:e5: + 6c:47:8b:7a:5a:2e:89:53:e6:cc:36:5b:26:3c:f8:72:43:02: + 82:d2:2b:cd:f0:d3:a3:ec:13:3e:52:d5:83:3d:07:dc:1d:43: + 65:7a:33:02:01:a3:ce:b7:d6:60:51:3b:09:c2:23:8a:32:fe: + 98:19:60:62:93:85:cd:34:46:db:d5:23:0f:79:da:77:00:2a: + 02:6d:83:58:ce:03:77:35:e1:a3:20:93:c2:4a:a2:a4:46:1c: + 75:2c:1f:4d +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJVUzETMBEGA1UECAw +KQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYz +ENMAsGA1UECwwEQ2FzdDEVMBMGA1UEAwwMQ2FzdCBSb290IENBMB4XDTE0MDQwMjE3MzQyNloXD +TM0MDMyODE3MzQyNlowdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxDTALBgNVBAsMBENhc3QxFTA +TBgNVBAMMDENhc3QgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrZZZ +3aOdPBd/bU0K6PWAhoOUqV7XDP/XkIqarl6binLaBnR4qeyc9wswWHaRHscJiXw+bDw+u9xrA9/ +E/BXjif2s9zMAZbeTfBXoyHR5SaQZIq1pXEcVwnXQixgMaSvRvjQZeh7HWfVZ4+n48cx2VkB9Oz +lqEEn5HE3gp7bNnIwHgxoBlCqeiD48788c7CLiRGlQkZysBGsuUButdP87/2aa2ZBPqgBzkO5t9 +RRwfA5KlcS5TFL7OgMH/nlWuyrzIN8YzVbct7R6cIq8sno03PSlrxBdH4YsUQKnRpquZLlvub2G +PkWGbTrYpu/3te+aVWHi2CMVvw4iTmQUofrhMCAwEAAaNgMF4wDwYDVR0TBAgwBgEB/wIBAjAdB +gNVHQ4EFgQUfJoefd95VLzXzF7KmYZFeWV0KBkwHwYDVR0jBBgwFoAUfJoefd95VLzXzF7KmYZF +eWV0KBkwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCA9Fr7PSgZUSDX1PsSl0pl8lg +1kncwavHXtlEaf5rNx3sDQq1VagCv8OEGwr1reHXb/kERU0o5u5o6xlk0Lywz47LWXH/deOtxWz +nag5DFMeI/I+/a6ystd17ew0PSyWtZgsrV7fqhZFvL8Q0aYuGc6KcYcPBfF5b47Ybbrh3gzz5dL +u4WbZUrPP2X8wVaJGhNObb45Fi69eAmeFHFW11OCeVsR4t6Wi6JU+bMNlsmPPhyQwKC0ivN8NOj +7BM+UtWDPQfcHUNlejMCAaPOt9ZgUTsJwiOKMv6YGWBik4XNNEbb1SMPedp3ACoCbYNYzgN3NeG +jIJPCSqKkRhx1LB9N +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/chromecast_audio.pem b/test/data/cast/common/certificate/certificates/chromecast_audio.pem new file mode 100644 index 00000000..cf40fb81 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/chromecast_audio.pem @@ -0,0 +1,164 @@ +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1433968342 (0x55789ed6) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Chromecast ICA 4 (Audio) + Validity + Not Before: Jun 10 20:32:22 2015 GMT + Not After : Jun 5 20:32:22 2035 GMT + Subject: C=US, OU=Cast, O=Google Inc, ST=California, L=Mountain View, CN=4ZZDZJ FA8FCA7EFE3C + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c4:3e:ea:f8:56:0d:71:58:f2:c0:4e:06:59:dd: + 67:3a:14:2a:ac:f9:e9:30:5d:be:f7:e3:e0:55:c6: + fb:d4:25:9e:9c:5d:d0:95:7d:cd:32:54:bf:df:e9: + 0c:f0:81:0e:bb:94:28:9d:4d:97:f7:2b:3c:2b:96: + a6:fe:fc:22:f4:43:4a:c3:11:0e:91:6d:3a:7a:00: + 9c:c3:00:05:a7:05:04:7e:14:85:79:21:ef:32:e1: + d1:d0:98:1e:92:32:73:1a:3c:77:a3:06:14:0a:44: + 3f:ac:f4:36:51:07:49:f4:e3:a4:5c:10:03:01:08: + 0b:b4:4a:1b:6e:bc:ef:2a:e1:44:73:d5:84:d7:8e: + 72:9c:e8:6a:fb:63:ee:53:fa:88:16:31:77:f9:55: + 1a:37:31:89:15:15:66:47:74:8a:ba:0c:a6:38:cd: + 74:00:88:fe:d5:08:f0:03:a6:e4:7a:17:4b:22:8e: + e9:6c:78:2c:4c:1f:f8:11:c6:aa:24:b2:68:c3:ed: + 86:c8:bc:54:cd:cf:68:ed:48:f8:d3:64:c6:c2:4b: + df:eb:70:dd:97:10:9f:cf:a6:cb:bd:70:9b:44:65: + 4f:b0:b3:78:cc:96:ac:6a:c9:f0:17:fe:d3:a5:90: + fc:78:7f:1e:50:0f:ce:ac:1b:05:70:dc:e5:67:30: + c3:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha1WithRSAEncryption + 7b:f4:9a:9a:5f:22:0b:6b:44:14:d1:a4:11:35:53:77:25:da: + f5:f3:bb:b8:b3:37:39:a4:30:56:ab:dc:2c:7c:ae:44:36:59: + 37:86:cb:23:01:bb:d9:60:6d:9c:e2:f5:d2:ac:b6:f3:5a:93: + c5:3c:b1:8d:23:a9:7b:44:0d:e6:5f:cc:7b:37:29:86:20:c0: + f9:f4:55:3d:d4:51:4d:a1:79:9b:c5:94:3b:41:3d:7f:fa:5d: + 15:8e:34:99:b4:4a:42:a1:64:7b:89:6c:f7:20:e8:af:0d:56: + 15:86:87:b2:5a:c8:22:ca:03:39:1f:6e:57:ec:bf:ad:1c:9c: + 53:24:5f:04:88:42:2e:6e:22:27:76:e8:21:b6:68:f2:ed:55: + e2:09:8b:d9:25:53:df:46:e4:f6:5d:44:e1:d2:80:2d:25:d1: + fd:28:0a:b4:ee:f7:af:cd:38:44:d1:d6:f4:1c:52:6c:3d:30: + ae:54:63:72:e3:d1:2a:41:c1:ab:a8:41:f7:bc:53:63:d0:07: + 72:12:f1:5b:df:bf:7c:51:8f:d8:de:9c:bc:c5:3e:e4:31:a4: + 8f:80:42:ec:55:32:55:aa:ab:e3:60:4e:41:35:af:fd:69:bf: + a4:f9:e4:b9:de:2a:16:bd:20:ca:84:89:26:d6:70:02:60:39: + 39:11:3e:ae +-----BEGIN CERTIFICATE----- +MIIDxDCCAqygAwIBAgIEVXie1jANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMCVVMxEzARBgN +VBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZS +BJbmMxDTALBgNVBAsMBENhc3QxITAfBgNVBAMMGENocm9tZWNhc3QgSUNBIDQgKEF1ZGlvKTAeF +w0xNTA2MTAyMDMyMjJaFw0zNTA2MDUyMDMyMjJaMHwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQLDARD +YXN0MRMwEQYDVQQKDApHb29nbGUgSW5jMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1 +Nb3VudGFpbiBWaWV3MRwwGgYDVQQDDBM0WlpEWkogRkE4RkNBN0VGRTNDMIIBIjANBgkqhkiG9w +0BAQEFAAOCAQ8AMIIBCgKCAQEAxD7q+FYNcVjywE4GWd1nOhQqrPnpMF2+9+PgVcb71CWenF3Ql +X3NMlS/3+kM8IEOu5QonU2X9ys8K5am/vwi9ENKwxEOkW06egCcwwAFpwUEfhSFeSHvMuHR0Jge +kjJzGjx3owYUCkQ/rPQ2UQdJ9OOkXBADAQgLtEobbrzvKuFEc9WE145ynOhq+2PuU/qIFjF3+VU +aNzGJFRVmR3SKugymOM10AIj+1QjwA6bkehdLIo7pbHgsTB/4EcaqJLJow+2GyLxUzc9o7Uj402 +TGwkvf63DdlxCfz6bLvXCbRGVPsLN4zJasasnwF/7TpZD8eH8eUA/OrBsFcNzlZzDDvQIDAQABo +0gwRjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAXBgNVHSAE +EDAOMAwGCisGAQQB1nkCBQIwDQYJKoZIhvcNAQEFBQADggEBAHv0mppfIgtrRBTRpBE1U3cl2vX +zu7izNzmkMFar3Cx8rkQ2WTeGyyMBu9lgbZzi9dKstvNak8U8sY0jqXtEDeZfzHs3KYYgwPn0VT +3UUU2heZvFlDtBPX/6XRWONJm0SkKhZHuJbPcg6K8NVhWGh7JayCLKAzkfblfsv60cnFMkXwSIQ +i5uIid26CG2aPLtVeIJi9klU99G5PZdROHSgC0l0f0oCrTu96/NOETR1vQcUmw9MK5UY3Lj0SpB +wauoQfe8U2PQB3IS8Vvfv3xRj9jenLzFPuQxpI+AQuxVMlWqq+NgTkE1r/1pv6T55LneKha9IMq +EiSbWcAJgOTkRPq4= +-----END CERTIFICATE----- + +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 37 (0x25) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Root CA + Validity + Not Before: Mar 12 16:44:57 2015 GMT + Not After : Mar 9 16:44:57 2025 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Chromecast ICA 4 (Audio) + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ac:a9:bd:6d:00:4e:29:19:6a:c9:ae:3a:b4:14: + 89:4b:e2:49:4d:33:90:2c:fb:b7:2c:0c:89:c3:a0: + c9:5b:40:63:e3:d1:b7:83:f9:24:dc:39:c4:6c:c4: + a0:9f:37:b5:1c:8e:cd:c4:c9:bb:32:cd:b5:6b:28: + b7:f2:18:d9:4c:b8:23:cc:a3:4d:4d:49:d6:f8:6d: + fe:7d:a9:ea:91:9f:d9:ae:7b:8c:7d:6a:16:56:3b: + ee:56:cc:0c:dd:d5:6e:42:d8:31:6d:a6:3f:99:a6: + 40:de:01:a1:63:56:58:3d:b7:3f:39:c4:58:87:7a: + 15:5f:2d:6d:2f:9e:e8:6a:e3:a2:7a:1b:07:f0:ab: + 29:d0:54:7d:ed:97:8c:75:33:22:99:b7:dd:63:3b: + 1f:d7:3e:d9:00:4a:f4:b2:03:f9:30:f4:cd:82:0b: + 00:97:33:6b:e7:9c:04:93:39:7e:76:15:f5:3d:6c: + b9:81:75:b1:e6:c6:ae:80:ba:4e:dd:48:77:df:47: + 12:99:01:ed:fc:d7:c9:8b:cb:61:f8:90:07:7b:93: + 89:57:36:8f:bb:68:4a:1d:d7:d5:49:d6:e0:4d:c6: + 02:7a:ee:5c:0a:2c:8c:b7:6d:13:00:cb:7f:4a:3e: + 7c:26:1d:71:00:f5:27:a5:5b:c8:28:eb:27:51:0c: + 15:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 13:E1:5D:44:05:FF:C8:1F:B1:53:30:2D:55:B0:85:FE:8B:2D:0D:9C + X509v3 Authority Key Identifier: + keyid:7C:9A:1E:7D:DF:79:54:BC:D7:CC:5E:CA:99:86:45:79:65:74:28:19 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + 97:d5:df:b8:d0:47:fd:50:48:26:8b:7d:a5:16:72:d0:90:75: + 6e:8c:67:a4:8b:6f:50:7e:1c:b7:21:3c:16:40:b5:4e:74:d9: + 44:98:5c:5a:0b:ed:07:2e:f2:eb:32:05:6e:75:7f:bb:18:92: + 58:38:ae:20:71:ad:9a:50:3a:df:ec:b5:8d:11:fb:62:b7:96: + 6f:e0:32:b7:4b:66:8c:e2:ab:8c:48:d3:93:4a:be:81:4b:25: + 4e:82:54:b1:a4:3c:54:9b:16:44:14:3e:5e:bc:0f:ff:1e:12: + 2e:0c:ad:5f:40:6e:f1:92:69:57:48:00:e2:4a:23:8a:8c:06: + bc:6e:f0:c9:90:62:48:de:a9:43:2e:cf:5f:41:24:17:d9:1d: + 4c:01:ff:42:4b:c4:a0:04:21:46:4b:c9:58:2c:03:53:69:34: + a5:07:78:46:d7:87:32:4c:18:96:d0:8c:80:90:0a:55:ec:db: + a5:7a:bd:88:2b:b4:2f:ce:53:a4:5f:8b:8d:b3:fb:30:0b:2d: + 40:d0:76:4e:50:b0:3a:3f:b2:d6:fa:f1:d6:42:f0:b1:0d:a3: + db:a4:ce:4d:2a:04:24:c9:6e:f8:3a:9d:ed:f0:6a:6e:4d:de: + 50:af:56:eb:a6:ea:2b:7f:74:87:9f:85:14:c7:a9:c0:dd:c1: + f3:25:b5:b3 +-----BEGIN CERTIFICATE----- +MIID6zCCAtOgAwIBAgIBJTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzETMBEGA1UECAw +KQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYz +ENMAsGA1UECwwEQ2FzdDEVMBMGA1UEAwwMQ2FzdCBSb290IENBMB4XDTE1MDMxMjE2NDQ1N1oXD +TI1MDMwOTE2NDQ1N1owgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYD +VQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgSW5jMQ0wCwYDVQQLDARDYXN0MSE +wHwYDVQQDDBhDaHJvbWVjYXN0IElDQSA0IChBdWRpbykwggEiMA0GCSqGSIb3DQEBAQUAA4IBDw +AwggEKAoIBAQCsqb1tAE4pGWrJrjq0FIlL4klNM5As+7csDInDoMlbQGPj0beD+STcOcRsxKCfN +7Ucjs3EybsyzbVrKLfyGNlMuCPMo01NSdb4bf59qeqRn9mue4x9ahZWO+5WzAzd1W5C2DFtpj+Z +pkDeAaFjVlg9tz85xFiHehVfLW0vnuhq46J6GwfwqynQVH3tl4x1MyKZt91jOx/XPtkASvSyA/k +w9M2CCwCXM2vnnASTOX52FfU9bLmBdbHmxq6Auk7dSHffRxKZAe3818mLy2H4kAd7k4lXNo+7aE +od19VJ1uBNxgJ67lwKLIy3bRMAy39KPnwmHXEA9SelW8go6ydRDBW9AgMBAAGjeTB3MA8GA1UdE +wQIMAYBAf8CAQAwHQYDVR0OBBYEFBPhXUQF/8gfsVMwLVWwhf6LLQ2cMB8GA1UdIwQYMBaAFHya +Hn3feVS818xeypmGRXlldCgZMAsGA1UdDwQEAwIBBjAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQI +wDQYJKoZIhvcNAQELBQADggEBAJfV37jQR/1QSCaLfaUWctCQdW6MZ6SLb1B+HLchPBZAtU502U +SYXFoL7Qcu8usyBW51f7sYklg4riBxrZpQOt/stY0R+2K3lm/gMrdLZoziq4xI05NKvoFLJU6CV +LGkPFSbFkQUPl68D/8eEi4MrV9AbvGSaVdIAOJKI4qMBrxu8MmQYkjeqUMuz19BJBfZHUwB/0JL +xKAEIUZLyVgsA1NpNKUHeEbXhzJMGJbQjICQClXs26V6vYgrtC/OU6Rfi42z+zALLUDQdk5QsDo +/stb68dZC8LENo9ukzk0qBCTJbvg6ne3wam5N3lCvVuum6it/dIefhRTHqcDdwfMltbM= +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/chromecast_gen1.pem b/test/data/cast/common/certificate/certificates/chromecast_gen1.pem new file mode 100644 index 00000000..cc850316 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/chromecast_gen1.pem @@ -0,0 +1,149 @@ +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1405898540 (0x53cc4f2c) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Google TV, CN=Eureka Gen1 ICA + Validity + Not Before: Jul 20 23:22:20 2014 GMT + Not After : Jul 15 23:22:20 2034 GMT + Subject: C=US, ST=California, O=Google Inc, L=Mountain View, OU=Google TV, CN=2ZZBG9 FA8FCA3EF91A + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a5:79:e9:2a:de:73:67:8f:96:a0:cf:e9:ca:85: + 3e:ec:14:e0:c3:ac:ec:c3:9c:18:3a:ef:75:ae:aa: + cb:ab:56:0b:b0:66:b2:a8:a9:30:0f:e1:9f:be:e2: + 52:20:59:b3:0d:d3:6d:44:27:55:f9:8c:e1:94:36: + 44:43:73:72:b0:09:eb:c7:26:73:e9:4f:c6:64:6b: + f3:1d:57:bb:91:73:67:e9:1c:c9:4f:20:94:b2:ea: + 76:25:d8:10:a4:5b:a0:58:42:ec:13:34:e4:ed:57: + 38:bb:f3:0a:5b:38:ce:e6:6e:32:b1:8d:14:15:be: + 62:80:66:16:25:c5:61:60:61:6a:96:42:dd:18:61: + 95:21:19:16:e4:16:6d:bf:cc:51:20:f3:c2:bf:c2: + 45:b9:f8:b4:a1:cc:bf:81:64:c3:91:c0:9e:12:da: + fb:25:df:80:21:b0:a8:e7:7d:19:e8:ea:50:ab:0e: + fd:a6:a3:00:79:0c:ee:52:07:9a:f9:2d:84:8e:0c: + 56:4d:0a:a1:cf:88:87:8f:3b:a6:0b:0e:b7:5f:0b: + aa:e6:d9:54:49:1b:8c:2a:a9:46:9c:75:08:66:c4: + ad:69:f0:da:9b:4f:bc:c0:84:0b:a7:bb:9a:b6:07: + 71:88:26:bb:34:3b:9b:e7:94:96:1b:61:11:48:93: + 60:2d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha1WithRSAEncryption + 6b:8a:80:65:c7:25:74:35:33:b3:f8:b9:70:7c:c0:f3:ee:4f: + 68:7a:83:6f:58:27:ad:ab:52:f6:7b:06:b9:56:4e:49:c9:4f: + 43:b0:6b:0e:bc:cd:ea:4b:84:54:38:c9:d2:33:6d:55:77:84: + 0d:88:9c:29:8f:dd:4d:b8:64:cc:4c:25:c0:3f:f6:a3:4f:02: + a3:eb:b4:4d:59:21:03:48:42:1e:ac:94:07:59:6b:4a:8c:e9: + 4b:37:d3:fe:5f:a5:42:fa:96:00:1f:0f:54:48:27:10:38:45: + 66:19:28:fe:fc:4a:32:73:d4:bc:9b:c7:76:5b:b7:42:62:b2: + df:46:b6:f6:89:19:98:d9:ad:d3:e7:72:72:4a:6b:21:9a:22: + 59:fc:83:31:dd:e8:c5:44:19:9a:7b:68:84:19:da:1e:0d:0e: + 59:eb:c3:28:4c:15:38:e0:d5:6b:e7:99:02:7a:dd:b1:2f:8d: + 2c:a3:30:68:58:d0:93:94:68:3a:7f:50:cc:67:13:19:fe:d7: + e7:18:01:6f:4b:ae:8b:19:5e:d4:43:34:94:e5:d7:35:f8:6a: + e0:27:34:c1:e4:b7:cb:82:17:c2:61:cb:cd:17:db:05:34:7e: + 3f:39:a1:86:d1:b2:6f:a3:04:cb:51:6b:2c:e7:63:54:d1:d1: + 6a:0f:04:0a +-----BEGIN CERTIFICATE----- +MIIDrDCCApSgAwIBAgIEU8xPLDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJVUzETMBEGA1U +ECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIE +luYzESMBAGA1UECwwJR29vZ2xlIFRWMRgwFgYDVQQDDA9FdXJla2EgR2VuMSBJQ0EwHhcNMTQwN +zIwMjMyMjIwWhcNMzQwNzE1MjMyMjIwWjCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm +b3JuaWExEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEjAQBgN +VBAsTCUdvb2dsZSBUVjEcMBoGA1UEAxMTMlpaQkc5IEZBOEZDQTNFRjkxQTCCASIwDQYJKoZIhv +cNAQEBBQADggEPADCCAQoCggEBAKV56Srec2ePlqDP6cqFPuwU4MOs7MOcGDrvda6qy6tWC7Bms +qipMA/hn77iUiBZsw3TbUQnVfmM4ZQ2RENzcrAJ68cmc+lPxmRr8x1Xu5FzZ+kcyU8glLLqdiXY +EKRboFhC7BM05O1XOLvzCls4zuZuMrGNFBW+YoBmFiXFYWBhapZC3RhhlSEZFuQWbb/MUSDzwr/ +CRbn4tKHMv4Fkw5HAnhLa+yXfgCGwqOd9GejqUKsO/aajAHkM7lIHmvkthI4MVk0Koc+Ih487pg +sOt18LqubZVEkbjCqpRpx1CGbErWnw2ptPvMCEC6e7mrYHcYgmuzQ7m+eUlhthEUiTYC0CAwEAA +aMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZI +hvcNAQEFBQADggEBAGuKgGXHJXQ1M7P4uXB8wPPuT2h6g29YJ62rUvZ7BrlWTknJT0Owaw68zep +LhFQ4ydIzbVV3hA2InCmP3U24ZMxMJcA/9qNPAqPrtE1ZIQNIQh6slAdZa0qM6Us30/5fpUL6lg +AfD1RIJxA4RWYZKP78SjJz1Lybx3Zbt0Jist9GtvaJGZjZrdPncnJKayGaIln8gzHd6MVEGZp7a +IQZ2h4NDlnrwyhMFTjg1WvnmQJ63bEvjSyjMGhY0JOUaDp/UMxnExn+1+cYAW9LrosZXtRDNJTl +1zX4auAnNMHkt8uCF8Jhy80X2wU0fj85oYbRsm+jBMtRayznY1TR0WoPBAo= +-----END CERTIFICATE----- + +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Google TV, CN=Eureka Root CA + Validity + Not Before: Dec 19 00:47:12 2012 GMT + Not After : Dec 14 00:47:12 2032 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Google TV, CN=Eureka Gen1 ICA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bc:22:80:bd:80:f6:3a:21:00:3b:ae:76:5e:35: + 7f:3d:c3:64:5c:55:94:86:34:2f:05:87:28:cd:f7: + 69:8c:17:b3:50:a7:b8:82:fa:df:c7:43:2d:d6:7e: + ab:a0:6f:b7:13:72:80:a4:47:15:c1:20:99:50:cd: + ec:14:62:09:5b:a4:98:cd:d2:41:b6:36:4e:ff:e8: + 2e:32:30:4a:81:a8:42:a3:6c:9b:33:6e:ca:b2:f5: + 53:66:e0:27:53:86:1a:85:1e:a7:39:3f:4a:77:8e: + fb:54:66:66:fb:58:54:c0:5e:39:c7:f5:50:06:0b: + e0:8a:d4:ce:e1:6a:55:1f:8b:17:00:e6:69:a3:27: + e6:08:25:69:3c:12:9d:8d:05:2c:d6:2e:a2:31:de: + b4:52:50:d6:20:49:de:71:a0:f9:ad:20:40:12:f1: + dd:25:eb:d5:e6:b8:36:f4:d6:8f:7f:ca:43:dc:d7: + 10:5b:e6:3f:51:8a:85:b3:f3:ff:f6:03:2d:cb:23: + 4f:9c:ad:18:e7:93:05:8c:ac:52:9a:f7:4c:e9:99: + 7a:be:6e:7e:4d:0a:e3:c6:1c:a9:93:fa:3a:a5:91: + 5d:1c:bd:66:eb:cc:60:dc:86:74:ca:cf:f8:92:1c: + 98:7d:57:fa:61:47:9e:ab:80:b7:e4:48:80:2a:92: + c5:1b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:1 + Signature Algorithm: sha1WithRSAEncryption + 8b:d4:a1:b1:cf:5d:cd:7b:6c:48:4a:41:1f:53:2f:18:2d:32: + 45:ff:9e:ab:d3:73:3e:1f:22:d7:ea:fa:01:e6:73:03:0f:2b: + c6:25:bb:a5:ee:c5:f5:45:cb:24:12:2a:ad:c2:5d:05:f4:7a: + f5:c2:9b:10:16:5a:d1:0a:73:c5:16:39:a0:10:ca:d1:68:85: + 9e:fb:9e:26:83:8e:58:f3:77:a0:4e:e5:db:97:be:2d:00:5f: + f5:94:db:b1:9d:65:6b:fd:f0:d1:04:51:df:cc:92:a6:99:2d: + 71:f5:4d:d5:23:fe:33:1c:a9:b4:ab:c5:bf:1a:b8:d1:80:ef: + 89:c9:e2:1f:9c:4c:48:3b:a2:fa:02:0a:dc:84:01:8a:87:02: + fb:59:ee:a7:4c:04:7d:74:99:87:6a:25:44:ad:16:aa:ec:4e: + 35:1b:7c:7b:84:c9:b1:3f:e1:82:70:e5:0d:e7:d9:6d:fa:95: + b6:c5:e4:1e:e8:11:9b:d8:b2:f3:a4:fd:13:f3:83:4f:f7:07: + 14:20:bb:22:a5:a6:8f:d6:b5:db:a9:74:78:e2:93:0d:e5:23: + 2f:05:17:e0:b2:97:67:34:4d:0f:9c:76:43:7b:a6:21:4a:56: + 05:f6:2a:7c:f2:7f:12:94:82:26:29:07:f0:0b:6c:6c:79:14: + b0:74:d5:6c +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBATANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECAw +KQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYz +ESMBAGA1UECwwJR29vZ2xlIFRWMRcwFQYDVQQDDA5FdXJla2EgUm9vdCBDQTAeFw0xMjEyMTkwM +DQ3MTJaFw0zMjEyMTQwMDQ3MTJaMH0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh +MRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgSW5jMRIwEAYDVQQLDAl +Hb29nbGUgVFYxGDAWBgNVBAMMD0V1cmVrYSBHZW4xIElDQTCCASIwDQYJKoZIhvcNAQEBBQADgg +EPADCCAQoCggEBALwigL2A9johADuudl41fz3DZFxVlIY0LwWHKM33aYwXs1CnuIL638dDLdZ+q +6BvtxNygKRHFcEgmVDN7BRiCVukmM3SQbY2Tv/oLjIwSoGoQqNsmzNuyrL1U2bgJ1OGGoUepzk/ +SneO+1RmZvtYVMBeOcf1UAYL4IrUzuFqVR+LFwDmaaMn5gglaTwSnY0FLNYuojHetFJQ1iBJ3nG +g+a0gQBLx3SXr1ea4NvTWj3/KQ9zXEFvmP1GKhbPz//YDLcsjT5ytGOeTBYysUpr3TOmZer5ufk +0K48YcqZP6OqWRXRy9ZuvMYNyGdMrP+JIcmH1X+mFHnquAt+RIgCqSxRsCAwEAAaMTMBEwDwYDV +R0TBAgwBgEB/wIBATANBgkqhkiG9w0BAQUFAAOCAQEAi9Shsc9dzXtsSEpBH1MvGC0yRf+eq9Nz +Ph8i1+r6AeZzAw8rxiW7pe7F9UXLJBIqrcJdBfR69cKbEBZa0QpzxRY5oBDK0WiFnvueJoOOWPN +3oE7l25e+LQBf9ZTbsZ1la/3w0QRR38ySppktcfVN1SP+MxyptKvFvxq40YDvicniH5xMSDui+g +IK3IQBiocC+1nup0wEfXSZh2olRK0WquxONRt8e4TJsT/hgnDlDefZbfqVtsXkHugRm9iy86T9E +/ODT/cHFCC7IqWmj9a126l0eOKTDeUjLwUX4LKXZzRND5x2Q3umIUpWBfYqfPJ/EpSCJikH8Ats +bHkUsHTVbA== +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/chromecast_gen1_reissue.pem b/test/data/cast/common/certificate/certificates/chromecast_gen1_reissue.pem new file mode 100644 index 00000000..4f9b6238 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/chromecast_gen1_reissue.pem @@ -0,0 +1,157 @@ +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1405898540 (0x53cc4f2c) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Google TV, CN=Eureka Gen1 ICA + Validity + Not Before: Jul 20 23:22:20 2014 GMT + Not After : Jul 15 23:22:20 2034 GMT + Subject: C=US, ST=California, O=Google Inc, L=Mountain View, OU=Google TV, CN=2ZZBG9 FA8FCA3EF91A + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a5:79:e9:2a:de:73:67:8f:96:a0:cf:e9:ca:85: + 3e:ec:14:e0:c3:ac:ec:c3:9c:18:3a:ef:75:ae:aa: + cb:ab:56:0b:b0:66:b2:a8:a9:30:0f:e1:9f:be:e2: + 52:20:59:b3:0d:d3:6d:44:27:55:f9:8c:e1:94:36: + 44:43:73:72:b0:09:eb:c7:26:73:e9:4f:c6:64:6b: + f3:1d:57:bb:91:73:67:e9:1c:c9:4f:20:94:b2:ea: + 76:25:d8:10:a4:5b:a0:58:42:ec:13:34:e4:ed:57: + 38:bb:f3:0a:5b:38:ce:e6:6e:32:b1:8d:14:15:be: + 62:80:66:16:25:c5:61:60:61:6a:96:42:dd:18:61: + 95:21:19:16:e4:16:6d:bf:cc:51:20:f3:c2:bf:c2: + 45:b9:f8:b4:a1:cc:bf:81:64:c3:91:c0:9e:12:da: + fb:25:df:80:21:b0:a8:e7:7d:19:e8:ea:50:ab:0e: + fd:a6:a3:00:79:0c:ee:52:07:9a:f9:2d:84:8e:0c: + 56:4d:0a:a1:cf:88:87:8f:3b:a6:0b:0e:b7:5f:0b: + aa:e6:d9:54:49:1b:8c:2a:a9:46:9c:75:08:66:c4: + ad:69:f0:da:9b:4f:bc:c0:84:0b:a7:bb:9a:b6:07: + 71:88:26:bb:34:3b:9b:e7:94:96:1b:61:11:48:93: + 60:2d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha1WithRSAEncryption + 6b:8a:80:65:c7:25:74:35:33:b3:f8:b9:70:7c:c0:f3:ee:4f: + 68:7a:83:6f:58:27:ad:ab:52:f6:7b:06:b9:56:4e:49:c9:4f: + 43:b0:6b:0e:bc:cd:ea:4b:84:54:38:c9:d2:33:6d:55:77:84: + 0d:88:9c:29:8f:dd:4d:b8:64:cc:4c:25:c0:3f:f6:a3:4f:02: + a3:eb:b4:4d:59:21:03:48:42:1e:ac:94:07:59:6b:4a:8c:e9: + 4b:37:d3:fe:5f:a5:42:fa:96:00:1f:0f:54:48:27:10:38:45: + 66:19:28:fe:fc:4a:32:73:d4:bc:9b:c7:76:5b:b7:42:62:b2: + df:46:b6:f6:89:19:98:d9:ad:d3:e7:72:72:4a:6b:21:9a:22: + 59:fc:83:31:dd:e8:c5:44:19:9a:7b:68:84:19:da:1e:0d:0e: + 59:eb:c3:28:4c:15:38:e0:d5:6b:e7:99:02:7a:dd:b1:2f:8d: + 2c:a3:30:68:58:d0:93:94:68:3a:7f:50:cc:67:13:19:fe:d7: + e7:18:01:6f:4b:ae:8b:19:5e:d4:43:34:94:e5:d7:35:f8:6a: + e0:27:34:c1:e4:b7:cb:82:17:c2:61:cb:cd:17:db:05:34:7e: + 3f:39:a1:86:d1:b2:6f:a3:04:cb:51:6b:2c:e7:63:54:d1:d1: + 6a:0f:04:0a +-----BEGIN CERTIFICATE----- +MIIDrDCCApSgAwIBAgIEU8xPLDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJVUzETMBEGA1U +ECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIE +luYzESMBAGA1UECwwJR29vZ2xlIFRWMRgwFgYDVQQDDA9FdXJla2EgR2VuMSBJQ0EwHhcNMTQwN +zIwMjMyMjIwWhcNMzQwNzE1MjMyMjIwWjCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm +b3JuaWExEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEjAQBgN +VBAsTCUdvb2dsZSBUVjEcMBoGA1UEAxMTMlpaQkc5IEZBOEZDQTNFRjkxQTCCASIwDQYJKoZIhv +cNAQEBBQADggEPADCCAQoCggEBAKV56Srec2ePlqDP6cqFPuwU4MOs7MOcGDrvda6qy6tWC7Bms +qipMA/hn77iUiBZsw3TbUQnVfmM4ZQ2RENzcrAJ68cmc+lPxmRr8x1Xu5FzZ+kcyU8glLLqdiXY +EKRboFhC7BM05O1XOLvzCls4zuZuMrGNFBW+YoBmFiXFYWBhapZC3RhhlSEZFuQWbb/MUSDzwr/ +CRbn4tKHMv4Fkw5HAnhLa+yXfgCGwqOd9GejqUKsO/aajAHkM7lIHmvkthI4MVk0Koc+Ih487pg +sOt18LqubZVEkbjCqpRpx1CGbErWnw2ptPvMCEC6e7mrYHcYgmuzQ7m+eUlhthEUiTYC0CAwEAA +aMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZI +hvcNAQEFBQADggEBAGuKgGXHJXQ1M7P4uXB8wPPuT2h6g29YJ62rUvZ7BrlWTknJT0Owaw68zep +LhFQ4ydIzbVV3hA2InCmP3U24ZMxMJcA/9qNPAqPrtE1ZIQNIQh6slAdZa0qM6Us30/5fpUL6lg +AfD1RIJxA4RWYZKP78SjJz1Lybx3Zbt0Jist9GtvaJGZjZrdPncnJKayGaIln8gzHd6MVEGZp7a +IQZ2h4NDlnrwyhMFTjg1WvnmQJ63bEvjSyjMGhY0JOUaDp/UMxnExn+1+cYAW9LrosZXtRDNJTl +1zX4auAnNMHkt8uCF8Jhy80X2wU0fj85oYbRsm+jBMtRayznY1TR0WoPBAo= +-----END CERTIFICATE----- + +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Root CA + Validity + Not Before: Apr 2 20:58:54 2014 GMT + Not After : Apr 2 20:58:54 2019 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Google TV, CN=Eureka Gen1 ICA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bc:22:80:bd:80:f6:3a:21:00:3b:ae:76:5e:35: + 7f:3d:c3:64:5c:55:94:86:34:2f:05:87:28:cd:f7: + 69:8c:17:b3:50:a7:b8:82:fa:df:c7:43:2d:d6:7e: + ab:a0:6f:b7:13:72:80:a4:47:15:c1:20:99:50:cd: + ec:14:62:09:5b:a4:98:cd:d2:41:b6:36:4e:ff:e8: + 2e:32:30:4a:81:a8:42:a3:6c:9b:33:6e:ca:b2:f5: + 53:66:e0:27:53:86:1a:85:1e:a7:39:3f:4a:77:8e: + fb:54:66:66:fb:58:54:c0:5e:39:c7:f5:50:06:0b: + e0:8a:d4:ce:e1:6a:55:1f:8b:17:00:e6:69:a3:27: + e6:08:25:69:3c:12:9d:8d:05:2c:d6:2e:a2:31:de: + b4:52:50:d6:20:49:de:71:a0:f9:ad:20:40:12:f1: + dd:25:eb:d5:e6:b8:36:f4:d6:8f:7f:ca:43:dc:d7: + 10:5b:e6:3f:51:8a:85:b3:f3:ff:f6:03:2d:cb:23: + 4f:9c:ad:18:e7:93:05:8c:ac:52:9a:f7:4c:e9:99: + 7a:be:6e:7e:4d:0a:e3:c6:1c:a9:93:fa:3a:a5:91: + 5d:1c:bd:66:eb:cc:60:dc:86:74:ca:cf:f8:92:1c: + 98:7d:57:fa:61:47:9e:ab:80:b7:e4:48:80:2a:92: + c5:1b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 32:AF:7E:6C:A1:DD:28:42:E5:B3:E1:59:A7:5A:39:C9:FF:8A:62:9F + X509v3 Authority Key Identifier: + keyid:7C:9A:1E:7D:DF:79:54:BC:D7:CC:5E:CA:99:86:45:79:65:74:28:19 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Signature Algorithm: sha1WithRSAEncryption + 13:c4:35:8f:62:1a:de:aa:b1:ce:72:ab:82:4e:3b:a1:04:a9: + 86:ca:56:d9:12:7f:50:2a:5b:6c:89:73:83:38:11:9e:b9:78: + 0e:9b:a6:3f:44:54:82:af:0f:16:2a:34:8e:ea:e3:47:fb:8c: + 25:e2:4b:e6:3b:dc:e5:c5:68:2d:d7:b9:ef:3e:0d:5e:d6:56: + 30:2f:7f:d4:18:cb:bf:68:86:76:ea:69:d0:38:53:f4:9b:ee: + fc:38:03:3c:13:28:23:25:1f:67:d4:27:93:c2:34:57:d3:8f: + a9:40:91:e6:4e:87:1b:5e:82:71:0c:4c:80:7c:ce:f5:c4:6f: + 8d:87:d2:13:78:53:14:51:84:27:8a:4b:db:48:94:09:88:42: + 5d:62:6f:48:d3:0c:33:7a:22:04:18:b2:5a:f1:d1:dc:99:cc: + 10:2c:46:87:2a:fd:dd:f2:71:75:fb:d6:23:32:92:82:07:67: + ba:cd:27:66:c3:31:d7:51:74:59:36:0f:42:e3:8f:87:d9:8e: + b4:0d:c8:3e:26:a2:df:fd:9a:a4:ab:17:54:36:fc:07:56:40: + ed:e9:24:e3:5c:5d:15:91:ca:72:78:21:a9:f7:b1:67:6a:d8: + 1e:43:ab:c2:33:92:aa:e3:33:b9:4e:ab:d6:04:43:e8:4c:45: + d9:8e:1c:fe +-----BEGIN CERTIFICATE----- +MIIDzTCCArWgAwIBAgIBAzANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJVUzETMBEGA1UECAw +KQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYz +ENMAsGA1UECwwEQ2FzdDEVMBMGA1UEAwwMQ2FzdCBSb290IENBMB4XDTE0MDQwMjIwNTg1NFoXD +TE5MDQwMjIwNTg1NFowfTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxEjAQBgNVBAsMCUdvb2dsZSB +UVjEYMBYGA1UEAwwPRXVyZWthIEdlbjEgSUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg +KCAQEAvCKAvYD2OiEAO652XjV/PcNkXFWUhjQvBYcozfdpjBezUKe4gvrfx0Mt1n6roG+3E3KAp +EcVwSCZUM3sFGIJW6SYzdJBtjZO/+guMjBKgahCo2ybM27KsvVTZuAnU4YahR6nOT9Kd477VGZm ++1hUwF45x/VQBgvgitTO4WpVH4sXAOZpoyfmCCVpPBKdjQUs1i6iMd60UlDWIEnecaD5rSBAEvH +dJevV5rg29NaPf8pD3NcQW+Y/UYqFs/P/9gMtyyNPnK0Y55MFjKxSmvdM6Zl6vm5+TQrjxhypk/ +o6pZFdHL1m68xg3IZ0ys/4khyYfVf6YUeeq4C35EiAKpLFGwIDAQABo2AwXjAPBgNVHRMECDAGA +QH/AgEAMB0GA1UdDgQWBBQyr35sod0oQuWz4VmnWjnJ/4pinzAfBgNVHSMEGDAWgBR8mh5933lU +vNfMXsqZhkV5ZXQoGTALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBABPENY9iGt6qsc5 +yq4JOO6EEqYbKVtkSf1AqW2yJc4M4EZ65eA6bpj9EVIKvDxYqNI7q40f7jCXiS+Y73OXFaC3Xue +8+DV7WVjAvf9QYy79ohnbqadA4U/Sb7vw4AzwTKCMlH2fUJ5PCNFfTj6lAkeZOhxtegnEMTIB8z +vXEb42H0hN4UxRRhCeKS9tIlAmIQl1ib0jTDDN6IgQYslrx0dyZzBAsRocq/d3ycXX71iMykoIH +Z7rNJ2bDMddRdFk2D0Ljj4fZjrQNyD4mot/9mqSrF1Q2/AdWQO3pJONcXRWRynJ4Ian3sWdq2B5 +Dq8IzkqrjM7lOq9YEQ+hMRdmOHP4= +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/chromecast_gen2.pem b/test/data/cast/common/certificate/certificates/chromecast_gen2.pem new file mode 100644 index 00000000..8b46b4dd --- /dev/null +++ b/test/data/cast/common/certificate/certificates/chromecast_gen2.pem @@ -0,0 +1,157 @@ +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1426540495 (0x550747cf) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Chromecast ICA 3 + Validity + Not Before: Mar 16 21:14:55 2015 GMT + Not After : Mar 11 21:14:55 2035 GMT + Subject: C=US, OU=Cast, O=Google Inc, ST=California, L=Mountain View, CN=3ZZAK6 FA8FCA3F0D35 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e1:46:5f:71:bd:c6:2d:e4:02:a6:0d:21:cf:33: + a0:e8:ea:fb:88:54:a1:b4:83:49:9e:9e:10:c4:dd: + c3:5a:fe:9b:89:29:1c:ce:bc:3b:d2:67:0e:85:e1: + c3:8a:1e:4b:fd:9b:ba:97:94:38:43:74:5b:0d:17: + c7:bf:c0:9c:d9:01:11:f1:d5:cb:94:41:ac:81:0a: + fb:78:39:ef:c3:48:e6:b5:97:be:8a:a1:56:f4:9f: + d4:fb:21:b3:a7:a0:7f:30:83:1e:27:1a:4d:18:aa: + 2d:f1:45:03:32:aa:0c:36:84:0e:b7:1f:69:b4:ed: + 75:f4:d1:a1:97:70:2b:90:de:f9:b2:b3:0b:a3:b2: + 18:b6:35:f5:bb:04:4c:ee:84:52:58:6b:ca:96:0b: + ba:cc:3e:31:5d:85:67:79:2e:05:05:ca:30:fa:2a: + 6a:23:02:02:d7:d9:41:ab:af:c5:d0:bb:a7:64:d7: + 04:dd:c8:0b:47:68:7e:12:81:a6:2f:5c:37:35:24: + 7a:7f:53:c4:45:1d:fa:09:a9:57:18:90:3e:1a:26: + 81:3c:9e:e8:08:a6:55:8c:de:1c:c2:b1:9b:24:6c: + 50:48:ef:b9:b9:9a:c8:4d:3b:b3:55:90:1c:13:3f: + 8d:19:26:5a:b7:d6:1f:30:8b:c5:ac:6b:a1:08:4a: + ca:59 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha1WithRSAEncryption + 63:5e:22:cf:b0:8f:88:b4:64:a2:77:85:29:52:86:13:e1:88: + ea:74:06:51:fe:21:45:3d:62:dd:7c:09:c9:c0:64:95:99:6d: + 55:99:ea:34:23:d8:1f:aa:d9:bd:b6:91:19:7a:2d:0e:5c:ff: + 63:d1:ff:a2:b9:f4:bd:b3:a6:34:83:79:c8:02:f3:67:22:ca: + a9:aa:aa:f5:ef:7b:ee:7d:0b:ef:f2:f7:e6:e9:ca:ec:c5:cd: + bc:18:ff:0c:44:ee:6e:e6:09:44:39:fa:6f:19:b0:be:5f:4b: + ae:68:37:83:02:b2:af:fe:6b:05:68:97:65:2e:79:15:cb:91: + 81:58:b7:f6:4e:f2:ef:e1:b6:93:8b:a0:a2:9d:8d:e9:05:db: + dc:78:09:cb:05:b0:72:b3:50:d9:0d:ac:c2:11:94:7b:9a:16: + dc:41:34:4a:ae:b4:fa:fd:10:5f:4f:c8:46:33:79:33:6e:a8: + 95:d6:92:7d:bb:04:6d:01:99:60:7b:b1:d9:14:bb:7e:8a:2f: + 51:e4:59:02:3a:52:d4:d2:d2:93:d3:f3:3b:ae:1a:6c:50:9f: + 99:50:28:a2:2e:e1:e1:60:17:1c:31:17:3f:bb:75:a7:bc:d6: + 9d:0c:58:a9:fe:69:14:b9:4e:ea:d4:26:f2:5a:ae:26:ba:ff: + ef:43:ee:03 +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIEVQdHzzANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJVUzETMBEGA1U +ECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIE +luYzENMAsGA1UECwwEQ2FzdDEZMBcGA1UEAwwQQ2hyb21lY2FzdCBJQ0EgMzAeFw0xNTAzMTYyM +TE0NTVaFw0zNTAzMTEyMTE0NTVaMHwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQLDARDYXN0MRMwEQYD +VQQKDApHb29nbGUgSW5jMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiB +WaWV3MRwwGgYDVQQDDBMzWlpBSzYgRkE4RkNBM0YwRDM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ +8AMIIBCgKCAQEA4UZfcb3GLeQCpg0hzzOg6Or7iFShtINJnp4QxN3DWv6biSkczrw70mcOheHDi +h5L/Zu6l5Q4Q3RbDRfHv8Cc2QER8dXLlEGsgQr7eDnvw0jmtZe+iqFW9J/U+yGzp6B/MIMeJxpN +GKot8UUDMqoMNoQOtx9ptO119NGhl3ArkN75srMLo7IYtjX1uwRM7oRSWGvKlgu6zD4xXYVneS4 +FBcow+ipqIwIC19lBq6/F0LunZNcE3cgLR2h+EoGmL1w3NSR6f1PERR36CalXGJA+GiaBPJ7oCK +ZVjN4cwrGbJGxQSO+5uZrITTuzVZAcEz+NGSZat9YfMIvFrGuhCErKWQIDAQABoy8wLTAJBgNVH +RMEAjAAMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOC +AQEAY14iz7CPiLRkoneFKVKGE+GI6nQGUf4hRT1i3XwJycBklZltVZnqNCPYH6rZvbaRGXotDlz +/Y9H/orn0vbOmNIN5yALzZyLKqaqq9e977n0L7/L35unK7MXNvBj/DETubuYJRDn6bxmwvl9Lrm +g3gwKyr/5rBWiXZS55FcuRgVi39k7y7+G2k4ugop2N6QXb3HgJywWwcrNQ2Q2swhGUe5oW3EE0S +q60+v0QX0/IRjN5M26oldaSfbsEbQGZYHux2RS7foovUeRZAjpS1NLSk9PzO64abFCfmVAooi7h +4WAXHDEXP7t1p7zWnQxYqf5pFLlO6tQm8lquJrr/70PuAw== +-----END CERTIFICATE----- + +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 36 (0x24) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Root CA + Validity + Not Before: Mar 12 16:44:39 2015 GMT + Not After : Mar 9 16:44:39 2025 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Chromecast ICA 3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d1:de:fb:ad:8b:43:07:28:ae:56:2d:f2:73:2a: + 1f:63:43:76:6d:8d:b8:d1:d4:90:29:1b:91:68:4a: + 55:41:a0:d5:61:b4:ec:dd:ae:e1:fa:a7:b6:38:c4: + de:19:e1:33:4d:9a:29:f1:48:e2:6b:a7:2c:21:14: + 22:3f:87:81:f3:71:2c:e6:43:1c:b8:d4:ec:cf:67: + 2f:b2:a2:75:8b:10:bd:f9:e7:c9:5c:de:05:a9:b4: + 86:b7:68:7d:a7:76:85:e2:65:b8:76:51:4f:b9:60: + 5d:7e:2b:64:48:12:66:d9:a7:bb:7c:d7:48:88:8a: + 89:f9:18:14:8a:15:32:6a:1b:3f:40:64:3c:80:d3: + e5:72:ee:3b:6f:88:bb:93:1a:17:3c:35:cb:d4:5b: + d8:f4:50:06:08:88:0a:e5:c2:3c:b5:8d:9b:99:82: + 26:a3:9b:b9:e5:01:90:b7:c9:dd:ff:0f:f6:cf:b4: + 9b:f8:4a:70:40:03:ed:aa:38:35:92:49:4a:5a:20: + 67:92:5e:25:a8:6b:6c:49:28:45:41:b3:95:1d:a1: + ad:ef:c3:5a:12:35:a6:2f:44:f4:fb:36:cc:f9:ff: + d4:6c:a8:60:e6:09:17:a6:a0:13:23:09:96:6f:dd: + 3e:fd:fa:5a:e7:9a:06:13:e5:07:0e:7d:5c:0f:d1: + 46:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 42:D6:3C:83:4E:4E:83:36:F4:2D:80:12:18:B0:FA:64:ED:CB:91:DD + X509v3 Authority Key Identifier: + keyid:7C:9A:1E:7D:DF:79:54:BC:D7:CC:5E:CA:99:86:45:79:65:74:28:19 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 4c:c7:77:4b:09:75:84:ab:84:0c:93:1a:a3:1f:0a:02:b2:28: + 00:f3:eb:c1:e9:52:0c:7b:38:7b:02:d4:32:31:21:d1:85:b0: + 23:42:e0:26:05:e0:11:21:fc:b4:b3:7e:3d:aa:4a:54:a9:08: + e6:79:27:fc:bd:fd:31:d8:d2:c2:de:96:0e:36:f9:f8:67:ca: + f3:59:7a:a8:ef:a2:bd:a6:73:ea:e8:ab:5d:25:05:9d:72:2d: + ff:0a:2c:7f:af:97:c6:c3:bf:b5:76:05:a0:00:11:1b:83:99: + 4c:8b:c8:b8:4b:76:79:03:56:cb:ea:cc:f2:02:bc:23:8b:1a: + a6:7f:7f:4b:9d:7d:6a:69:cd:e3:50:78:b9:5c:ad:59:3e:dd: + d3:8c:2f:0a:fb:dd:03:c0:77:84:e6:a9:26:17:14:24:a2:7b: + 3d:3c:b7:3c:d8:08:31:a4:4b:68:8b:0c:83:25:69:eb:68:42: + a2:87:a0:a1:dd:5a:1a:4a:1c:ed:28:01:3d:ad:51:d6:5c:ef: + 4b:80:d2:7e:23:fc:bd:1a:02:30:d0:46:b8:b1:ab:0f:c7:28: + ee:da:ba:e7:d6:3e:a4:a9:26:ec:d4:73:41:c5:9b:68:8a:a8: + c6:15:39:33:4d:48:7e:6a:2f:4b:1c:6d:af:23:02:6d:e8:2f: + ce:16:b8:4b +-----BEGIN CERTIFICATE----- +MIIDyTCCArGgAwIBAgIBJDANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzETMBEGA1UECAw +KQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYz +ENMAsGA1UECwwEQ2FzdDEVMBMGA1UEAwwMQ2FzdCBSb290IENBMB4XDTE1MDMxMjE2NDQzOVoXD +TI1MDMwOTE2NDQzOVoweTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxDTALBgNVBAsMBENhc3QxGTA +XBgNVBAMMEENocm9tZWNhc3QgSUNBIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQ +DR3vuti0MHKK5WLfJzKh9jQ3ZtjbjR1JApG5FoSlVBoNVhtOzdruH6p7Y4xN4Z4TNNminxSOJrp +ywhFCI/h4HzcSzmQxy41OzPZy+yonWLEL3558lc3gWptIa3aH2ndoXiZbh2UU+5YF1+K2RIEmbZ +p7t810iIion5GBSKFTJqGz9AZDyA0+Vy7jtviLuTGhc8NcvUW9j0UAYIiArlwjy1jZuZgiajm7n +lAZC3yd3/D/bPtJv4SnBAA+2qODWSSUpaIGeSXiWoa2xJKEVBs5Udoa3vw1oSNaYvRPT7Nsz5/9 +RsqGDmCRemoBMjCZZv3T79+lrnmgYT5QcOfVwP0UaFAgMBAAGjYDBeMA8GA1UdEwQIMAYBAf8CA +QAwHQYDVR0OBBYEFELWPINOToM29C2AEhiw+mTty5HdMB8GA1UdIwQYMBaAFHyaHn3feVS818xe +ypmGRXlldCgZMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEATMd3Swl1hKuEDJMaox8 +KArIoAPPrwelSDHs4ewLUMjEh0YWwI0LgJgXgESH8tLN+PapKVKkI5nkn/L39MdjSwt6WDjb5+G +fK81l6qO+ivaZz6uirXSUFnXIt/wosf6+XxsO/tXYFoAARG4OZTIvIuEt2eQNWy+rM8gK8I4sap +n9/S519amnN41B4uVytWT7d04wvCvvdA8B3hOapJhcUJKJ7PTy3PNgIMaRLaIsMgyVp62hCooeg +od1aGkoc7SgBPa1R1lzvS4DSfiP8vRoCMNBGuLGrD8co7tq659Y+pKkm7NRzQcWbaIqoxhU5M01 +IfmovSxxtryMCbegvzha4Sw== +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/expired_root.pem b/test/data/cast/common/certificate/certificates/expired_root.pem new file mode 100644 index 00000000..7854bdce --- /dev/null +++ b/test/data/cast/common/certificate/certificates/expired_root.pem @@ -0,0 +1,310 @@ +Certificate chain: + +CastDevice -> CastIntermediate -> Expired CastRoot + +The chain is valid, however, the root has a much shorter validity range than +the other certificates: + + * Root is valid only from January 2015 - March 2015 + * The other two certificates are valid from January 2015 - January 2017 + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=CastIntermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2017 GMT + Subject: CN=CastDevice + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:f4:fe:d8:79:1a:e2:fc:d0:05:a8:8a:bf:c6:c7: + ba:2a:44:21:93:08:f4:39:af:73:0a:1b:e7:48:9c: + 43:e3:13:b3:c4:53:51:04:c6:29:57:24:f5:77:4d: + 53:c8:d1:b8:d1:4f:06:55:00:ed:70:2c:2e:80:09: + 29:23:bb:f4:cc:30:d9:55:ee:54:ce:96:b0:c0:25: + e1:fd:12:26:f4:85:a1:56:f9:e8:58:78:3e:76:9a: + b5:3c:7a:00:67:b2:fb:0c:74:62:92:33:29:3b:8e: + c1:87:45:83:32:1f:75:a4:f4:28:7f:f0:75:85:1c: + 5e:18:47:d7:94:24:bb:77:0a:2a:1d:26:4a:ff:7a: + 54:31:0e:4f:57:d3:8e:01:61:57:75:f7:70:77:b5: + 76:76:47:ab:04:6b:1d:ed:03:ee:4d:d0:d6:38:f4: + fa:9d:40:f2:44:2c:41:06:e0:6d:f3:94:bf:a2:5f: + 37:ef:20:54:a6:37:fc:3c:90:f6:c9:01:20:b0:03: + af:f1:73:de:f0:d4:e4:32:f5:e1:a5:7e:39:22:4c: + 53:e8:3a:5b:fc:eb:12:34:14:01:b5:03:a0:ca:71: + 7e:89:8e:cb:79:56:f2:52:f9:8a:53:1b:35:96:99: + d5:e5:ce:52:e3:1c:dc:68:bb:d0:43:66:fc:d3:22: + 78:fb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + E6:2E:B8:E3:AD:13:64:56:BA:BF:1B:0D:61:14:8D:3C:B1:C2:53:11 + X509v3 Authority Key Identifier: + keyid:FC:08:B8:7D:0B:4B:71:EC:93:02:51:CB:13:83:BD:6B:77:37:97:AF + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/CastIntermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/CastIntermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 3b:87:2b:8d:b6:f1:30:81:46:52:b8:6f:07:4c:45:0b:44:59: + 67:02:f6:16:64:96:86:f1:7b:06:13:06:3d:1b:9c:bf:67:ad: + 6e:6c:29:7a:68:62:96:1a:02:42:04:e5:74:fb:dd:4c:de:44: + 0f:72:11:ec:17:27:b2:da:c5:ee:16:5d:de:9d:70:5b:70:2a: + 3f:76:62:54:8b:ee:3c:76:06:6d:34:b1:8a:d1:ec:d4:24:38: + 4a:0c:d1:e8:34:16:79:e4:42:e5:26:4c:b8:e7:b5:0c:1d:74: + 1f:7c:13:f4:3b:73:14:c8:0c:1f:60:a4:0e:4c:7d:b7:5e:84: + b2:d2:13:23:0b:59:e3:d7:d1:2a:47:cd:1d:ef:eb:44:47:da: + 56:c2:75:83:11:78:d4:1a:2f:39:15:6c:13:fa:61:a7:10:5e: + d7:5d:a1:2d:51:2c:f8:cc:d2:b9:ec:82:5c:14:d0:78:8d:ff: + 9a:83:75:54:d0:af:1a:3f:ae:fd:92:e1:e1:88:fc:e9:57:d1: + 37:35:b0:cc:77:ca:1f:a0:64:f1:2b:fe:ff:21:cd:17:9a:19: + ad:7e:92:67:6b:b6:f5:8f:2d:42:83:1b:ac:78:23:07:64:3d: + 17:ac:06:0d:38:86:64:82:dd:ad:c1:2c:c8:63:06:fb:43:25: + aa:df:44:b6 +-----BEGIN CERTIFICATE----- +MIIDnTCCAoWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBDYXN0 +SW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE3MDEwMTEyMDAwMFowFTET +MBEGA1UEAwwKQ2FzdERldmljZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAPT+2Hka4vzQBaiKv8bHuipEIZMI9Dmvcwob50icQ+MTs8RTUQTGKVck9XdN +U8jRuNFPBlUA7XAsLoAJKSO79Mww2VXuVM6WsMAl4f0SJvSFoVb56Fh4PnaatTx6 +AGey+wx0YpIzKTuOwYdFgzIfdaT0KH/wdYUcXhhH15Qku3cKKh0mSv96VDEOT1fT +jgFhV3X3cHe1dnZHqwRrHe0D7k3Q1jj0+p1A8kQsQQbgbfOUv6JfN+8gVKY3/DyQ +9skBILADr/Fz3vDU5DL14aV+OSJMU+g6W/zrEjQUAbUDoMpxfomOy3lW8lL5ilMb +NZaZ1eXOUuMc3Gi70ENm/NMiePsCAwEAAaOB8TCB7jAdBgNVHQ4EFgQU5i64460T +ZFa6vxsNYRSNPLHCUxEwHwYDVR0jBBgwFoAU/Ai4fQtLceyTAlHLE4O9a3c3l68w +QwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzAChidodHRwOi8vdXJsLWZvci1haWEv +Q2FzdEludGVybWVkaWF0ZS5jZXIwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL3Vy +bC1mb3ItY3JsL0Nhc3RJbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDAd +BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB +ADuHK4228TCBRlK4bwdMRQtEWWcC9hZklobxewYTBj0bnL9nrW5sKXpoYpYaAkIE +5XT73UzeRA9yEewXJ7Laxe4WXd6dcFtwKj92YlSL7jx2Bm00sYrR7NQkOEoM0eg0 +FnnkQuUmTLjntQwddB98E/Q7cxTIDB9gpA5MfbdehLLSEyMLWePX0SpHzR3v60RH +2lbCdYMReNQaLzkVbBP6YacQXtddoS1RLPjM0rnsglwU0HiN/5qDdVTQrxo/rv2S +4eGI/OlX0Tc1sMx3yh+gZPEr/v8hzReaGa1+kmdrtvWPLUKDG6x4IwdkPResBg04 +hmSC3a3BLMhjBvtDJarfRLY= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Expired CastRoot + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2017 GMT + Subject: CN=CastIntermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d0:e9:fc:cf:53:f5:92:54:18:6f:76:0f:f7:a7: + 1a:ed:8e:43:e9:f2:7d:06:ff:37:02:9a:70:8b:6b: + 80:86:0f:63:1c:8b:71:75:bf:13:a0:d0:84:f0:b1: + 31:af:99:bf:44:8f:09:8c:ab:be:08:ef:bf:53:07: + d8:82:89:b1:9e:24:84:87:1f:ab:40:da:78:19:71: + 6b:3f:93:9a:63:73:a2:47:2d:f2:54:3d:a7:a1:1c: + 1e:f7:09:4c:3f:82:65:fd:a2:b6:d2:24:3d:99:8e: + 87:9b:72:11:ae:65:f7:9e:0c:e3:14:dd:d6:01:b0: + b3:44:14:a2:1f:98:ec:72:86:4d:fe:3d:79:2b:82: + 1a:8b:da:76:a0:3d:08:70:a5:fe:5a:50:20:c7:80: + 2a:01:45:99:d8:a2:b1:36:88:83:dd:18:d5:38:e9: + b0:fc:6a:2d:c8:01:3b:a2:2d:44:3d:fb:c3:1e:74: + 11:28:65:05:38:5d:07:c9:4a:ea:a3:de:5c:04:48: + 67:2f:21:42:31:89:f1:89:e9:9d:34:c6:e9:c3:54: + c8:f9:e1:93:e4:88:7c:13:3f:99:ea:c2:ed:56:1e: + 88:76:78:6a:ba:07:3c:7f:fb:97:5d:e3:15:8a:aa: + 18:ba:d6:b0:9f:7c:f4:1a:65:25:15:6d:68:91:3d: + 7a:59 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FC:08:B8:7D:0B:4B:71:EC:93:02:51:CB:13:83:BD:6B:77:37:97:AF + X509v3 Authority Key Identifier: + keyid:5A:3F:8C:DB:8F:DC:98:CF:44:05:0C:CA:B6:69:E7:7A:96:F3:F9:43 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Expired CastRoot.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Expired CastRoot.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 32:01:f4:33:b2:54:b9:07:d3:00:6a:84:21:43:f7:d6:99:1b: + a2:52:1e:af:4e:89:09:e5:56:de:ae:4a:7e:8d:38:63:e6:48: + f7:39:4a:6b:15:09:d6:a7:b2:dc:23:0e:83:c6:dc:13:9b:e7: + f8:09:79:01:54:f0:90:b9:1c:22:22:9c:be:bd:b4:99:28:e3: + 6d:a0:d2:25:4c:f0:db:7e:d7:c6:92:d3:80:7e:1d:15:8a:ee: + ba:26:c8:66:b2:85:d2:ae:88:b2:62:55:9b:79:e7:78:6f:c5: + 4c:60:a8:23:ab:f4:73:ac:17:e9:89:d8:a2:c6:b2:75:e3:c0: + 57:e6:a5:84:d4:20:14:2e:f1:c6:50:04:a4:6d:4b:2f:a9:39: + ff:3d:4a:0e:57:b6:4f:f9:72:d0:82:f7:2a:10:18:a9:9f:da: + 19:eb:93:de:15:97:56:c9:0f:66:23:72:52:09:7a:e8:e9:dd: + 6f:4a:54:2d:5d:62:89:57:1d:42:99:e9:c4:3c:c8:c5:22:17: + 33:b0:7f:7d:36:f4:cf:5c:b6:08:af:42:ad:79:00:a4:e3:f3: + 57:ec:ee:d1:81:10:93:9e:7f:5e:e9:bf:11:b0:7d:8c:ec:3e: + dc:9d:57:0c:79:55:99:65:27:62:55:5a:2d:fb:89:b5:03:83: + b9:37:e5:17 +-----BEGIN CERTIFICATE----- +MIIDlTCCAn2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBFeHBp +cmVkIENhc3RSb290MB4XDTE1MDEwMTEyMDAwMFoXDTE3MDEwMTEyMDAwMFowGzEZ +MBcGA1UEAwwQQ2FzdEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBANDp/M9T9ZJUGG92D/enGu2OQ+nyfQb/NwKacItrgIYPYxyLcXW/ +E6DQhPCxMa+Zv0SPCYyrvgjvv1MH2IKJsZ4khIcfq0DaeBlxaz+TmmNzokct8lQ9 +p6EcHvcJTD+CZf2ittIkPZmOh5tyEa5l954M4xTd1gGws0QUoh+Y7HKGTf49eSuC +GovadqA9CHCl/lpQIMeAKgFFmdiisTaIg90Y1TjpsPxqLcgBO6ItRD37wx50EShl +BThdB8lK6qPeXARIZy8hQjGJ8YnpnTTG6cNUyPnhk+SIfBM/merC7VYeiHZ4aroH +PH/7l13jFYqqGLrWsJ989BplJRVtaJE9elkCAwEAAaOB4zCB4DAdBgNVHQ4EFgQU +/Ai4fQtLceyTAlHLE4O9a3c3l68wHwYDVR0jBBgwFoAUWj+M24/cmM9EBQzKtmnn +epbz+UMwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzAChidodHRwOi8vdXJsLWZv +ci1haWEvRXhwaXJlZCBDYXN0Um9vdC5jZXIwOAYDVR0fBDEwLzAtoCugKYYnaHR0 +cDovL3VybC1mb3ItY3JsL0V4cGlyZWQgQ2FzdFJvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAyAfQzslS5 +B9MAaoQhQ/fWmRuiUh6vTokJ5Vberkp+jThj5kj3OUprFQnWp7LcIw6DxtwTm+f4 +CXkBVPCQuRwiIpy+vbSZKONtoNIlTPDbftfGktOAfh0Viu66JshmsoXSroiyYlWb +eed4b8VMYKgjq/RzrBfpidiixrJ148BX5qWE1CAULvHGUASkbUsvqTn/PUoOV7ZP ++XLQgvcqEBipn9oZ65PeFZdWyQ9mI3JSCXro6d1vSlQtXWKJVx1CmenEPMjFIhcz +sH99NvTPXLYIr0KteQCk4/NX7O7RgRCTnn9e6b8RsH2M7D7cnVcMeVWZZSdiVVot ++4m1A4O5N+UX +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Expired CastRoot + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Mar 1 12:00:00 2015 GMT + Subject: CN=Expired CastRoot + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c1:83:38:d1:94:d2:9e:ee:62:5d:dd:d8:fd:d0: + a9:de:7b:1c:5f:77:3a:73:09:11:45:c5:f7:83:58: + d8:ae:a0:97:dd:7f:f7:d0:6b:4a:5a:36:e2:cd:9e: + d3:df:97:7c:2f:92:4b:94:ff:1e:ae:af:17:47:ec: + 3b:1b:a1:25:61:73:fa:18:e6:5c:11:bd:b1:71:fa: + 89:a7:f5:4b:1c:de:d0:9a:5b:9b:d4:a0:a4:24:dd: + 71:e9:21:dc:74:b2:de:00:5b:c5:9f:32:a1:56:83: + 64:c9:a2:58:14:2d:48:f2:9d:ef:42:90:fc:18:f4: + 33:4d:d5:62:ba:47:87:3a:52:7e:52:54:07:52:e8: + e3:90:24:ff:8c:66:3f:ed:16:a5:f2:a8:6b:bb:57: + 21:07:a2:c0:c6:f6:4e:ee:94:81:a4:09:07:21:f8: + b0:ea:80:90:e2:64:f5:75:fd:a9:ad:65:b0:ef:1e: + 18:3b:b8:75:8d:de:3f:c0:30:4b:ad:96:0c:aa:d6: + 31:7d:22:c7:78:7c:e0:c5:85:6e:62:59:ef:e4:e0: + 5c:db:d8:0b:ff:6d:47:dd:32:75:cd:21:a7:98:7b: + 69:04:cb:57:44:71:9f:92:77:c9:e9:2d:21:92:6b: + 7d:cf:94:50:a8:bf:ea:d1:49:43:a1:5e:09:50:e2: + d1:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5A:3F:8C:DB:8F:DC:98:CF:44:05:0C:CA:B6:69:E7:7A:96:F3:F9:43 + X509v3 Authority Key Identifier: + keyid:5A:3F:8C:DB:8F:DC:98:CF:44:05:0C:CA:B6:69:E7:7A:96:F3:F9:43 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Expired CastRoot.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Expired CastRoot.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6a:58:e9:0d:23:6a:02:00:2e:ed:f8:cb:a9:d8:83:1a:7f:f4: + 63:b5:e8:28:7c:a4:33:c7:10:f3:2d:c1:c5:d9:49:c7:36:91: + 99:ec:40:ce:53:46:12:82:4c:b3:36:27:57:56:01:d7:ae:40: + e6:0f:10:32:05:b3:92:56:75:0c:13:4d:63:49:04:64:98:c0: + 27:e6:14:98:45:fd:b4:e4:3e:e7:73:52:84:c4:90:0c:4e:ed: + 8d:3c:43:af:c6:f1:2f:77:9c:30:7b:8b:ed:3e:72:d1:33:b2: + 1b:93:82:0b:98:93:62:5f:b3:c4:6a:d0:4c:85:04:fa:35:1d: + 0b:c2:50:27:9a:42:a9:cc:4a:3d:88:36:51:69:45:bb:e4:9f: + 63:1a:28:f8:fe:6f:46:fe:b0:04:b2:2a:74:cf:02:f6:24:0b: + 2e:c5:81:06:a4:ad:b0:88:b3:94:cd:2c:c0:e2:7b:9f:ca:fb: + d0:ae:e6:42:bf:d9:54:3a:9f:6a:59:a4:18:43:76:cc:7b:d7: + 6a:2c:8d:d0:7d:21:51:2e:2d:b3:4f:15:f7:39:7e:d7:2c:8e: + 92:60:99:13:1b:74:bb:b2:11:cf:69:1b:98:7f:16:da:17:a9: + 73:7a:72:c4:64:e5:51:3c:2b:fa:a9:b3:62:fc:f9:a8:4d:d8: + b6:01:c8:7a +-----BEGIN CERTIFICATE----- +MIIDlTCCAn2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBFeHBp +cmVkIENhc3RSb290MB4XDTE1MDEwMTEyMDAwMFoXDTE1MDMwMTEyMDAwMFowGzEZ +MBcGA1UEAwwQRXhwaXJlZCBDYXN0Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMGDONGU0p7uYl3d2P3Qqd57HF93OnMJEUXF94NY2K6gl91/99Br +Slo24s2e09+XfC+SS5T/Hq6vF0fsOxuhJWFz+hjmXBG9sXH6iaf1Sxze0Jpbm9Sg +pCTdcekh3HSy3gBbxZ8yoVaDZMmiWBQtSPKd70KQ/Bj0M03VYrpHhzpSflJUB1Lo +45Ak/4xmP+0WpfKoa7tXIQeiwMb2Tu6UgaQJByH4sOqAkOJk9XX9qa1lsO8eGDu4 +dY3eP8AwS62WDKrWMX0ix3h84MWFbmJZ7+TgXNvYC/9tR90ydc0hp5h7aQTLV0Rx +n5J3yektIZJrfc+UUKi/6tFJQ6FeCVDi0XkCAwEAAaOB4zCB4DAdBgNVHQ4EFgQU +Wj+M24/cmM9EBQzKtmnnepbz+UMwHwYDVR0jBBgwFoAUWj+M24/cmM9EBQzKtmnn +epbz+UMwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzAChidodHRwOi8vdXJsLWZv +ci1haWEvRXhwaXJlZCBDYXN0Um9vdC5jZXIwOAYDVR0fBDEwLzAtoCugKYYnaHR0 +cDovL3VybC1mb3ItY3JsL0V4cGlyZWQgQ2FzdFJvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBqWOkNI2oC +AC7t+Mup2IMaf/RjtegofKQzxxDzLcHF2UnHNpGZ7EDOU0YSgkyzNidXVgHXrkDm +DxAyBbOSVnUME01jSQRkmMAn5hSYRf205D7nc1KExJAMTu2NPEOvxvEvd5wwe4vt +PnLRM7Ibk4ILmJNiX7PEatBMhQT6NR0LwlAnmkKpzEo9iDZRaUW75J9jGij4/m9G +/rAEsip0zwL2JAsuxYEGpK2wiLOUzSzA4nufyvvQruZCv9lUOp9qWaQYQ3bMe9dq +LI3QfSFRLi2zTxX3OX7XLI6SYJkTG3S7shHPaRuYfxbaF6lzenLEZOVRPCv6qbNi +/PmoTdi2Ach6 +-----END CERTIFICATE----- + +CastDevice's private key. + +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA9P7YeRri/NAFqIq/xse6KkQhkwj0Oa9zChvnSJxD4xOzxFNR +BMYpVyT1d01TyNG40U8GVQDtcCwugAkpI7v0zDDZVe5UzpawwCXh/RIm9IWhVvno +WHg+dpq1PHoAZ7L7DHRikjMpO47Bh0WDMh91pPQof/B1hRxeGEfXlCS7dwoqHSZK +/3pUMQ5PV9OOAWFXdfdwd7V2dkerBGsd7QPuTdDWOPT6nUDyRCxBBuBt85S/ol83 +7yBUpjf8PJD2yQEgsAOv8XPe8NTkMvXhpX45IkxT6Dpb/OsSNBQBtQOgynF+iY7L +eVbyUvmKUxs1lpnV5c5S4xzcaLvQQ2b80yJ4+wIDAQABAoIBACdl0BPxke0L2s0W +uu5RcguX9zo452VbZImMoS3ZC0W6Bl+c8lttLnq4E81CnyWdLDZkmeUTiBtQz42B +a582e5BWjqy17edm7jeIIAZdY+xQjPh6qbWIaKsUB+8Yw3Xpn1uKX8uY9JmCRHbn +Y8isrHOBW/3vAkcMn8kRzIYjPg5PQJfGhECCbA+LHASJxOdD3raNOdwK0+wcRYUI +MlIgy4D0/D3oVmPAtCKj76QsxStp+XWpWfHKcuXNqYPJG4FceXgb1aaWFDXjdzi3 +J8Nb3OumU8/4iCzyzPzdTgVSy/9XlndOPMnkK+usoiUfTJLYSfQ2KP1ttPqjenlq +1tQr4oECgYEA/ItvM/BUj/2Eh43UhAcNjjmLxj2FVrIxpI5R2hNY1NmAynRun7fp +eNQdXvU5ZjxG8VyIeutkWV8pyqUkrgWWr9gAmOGdGh5ttqSRfsmdSgSi9HfAQQ2N +kz29ggiWnVOiNkGuIf/wwiPBVAROJbDuKe6mxQIj3o3Gli322fZIBsECgYEA+Fj4 +Kg3Lj6MTvPbE7MFYxCYlvwm2FpwfgfKxVzn0OTVW17DiQ5MXTQzaYkwJkbtCg32Q +/CSKoV8W9HcTsFoXd8CjEx3WQ3+zcrtYWcL9XygTiU8wuChBMuROm2X2fcO5ZqvK +5S192hoSvGYJVbSIpj62VInTKTrrYutC/37CCrsCgYEA8QLgjWC+UuxOnk7skVNp +zGF+0yHDLonAdpqb4tKz4+3uy0dyi1qopXdI0GaW8Mp1qcH1PdmHWwNGju4roygS +Np6dc0lc9KA1dCh58dXXFdx253ehMnQMuIgjYwVvN5WpKL5lwGzRB3W3+sZhDfdc +Uwg+f6UbNjl3W7th6YDwHAECgYEAzWEWagDalUDx89XH6VvEQwKhOKmZUn1ueRLx +ogcld6Iq3VlE5UlhfbDhcWUcjM5mJUPUgRDfLLDs1OMc/zyiJ8DBm++S4GNdTcat +PB5LV0RXU7iPu9xefu3cLBtYi40vaD8uHfVPHO1vDSr9EUmpsIIwWx1X6cL2IuoY +kB6N7j0CgYEAgYL8rt7RUwKYrI6l1ZyTTLo8MQjxz6oBxRdcIyDtbBCwyGChThi/ ++ZHpZMHmcBlV7akMwp6wGC3Qch3hE/vJTAJ3C7qXB82seM97YQ/GWvDHIuz4LGK9 +XMUle6C9NAtxQ2YUbqB5zfMxEG3k2SbSefXh18Q65gGyPra7ZTfoAFI= +-----END RSA PRIVATE KEY----- diff --git a/test/data/cast/common/certificate/certificates/fugu.pem b/test/data/cast/common/certificate/certificates/fugu.pem new file mode 100644 index 00000000..3f58367b --- /dev/null +++ b/test/data/cast/common/certificate/certificates/fugu.pem @@ -0,0 +1,242 @@ +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 185805725 (0xb132b9d) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Washington, L=Kirkland, O=Google Inc, OU=Widevine, CN=Asus fugu Cast ICA + Validity + Not Before: Mar 18 21:43:31 2016 GMT + Not After : Mar 18 21:43:31 2017 GMT + Subject: C=US, ST=Washington, L=Kirkland, O=Google Inc, OU=Widevine, CN=-6394818897508095075 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:dc:01:42:4d:40:19:cc:11:36:76:2f:d4:a3:bd: + 27:dd:54:23:05:b6:63:9c:ff:08:68:ad:32:2a:05: + 1c:df:0b:8b:2a:c5:c3:5f:2b:91:30:df:e1:cd:ce: + 76:1d:84:f6:3c:77:48:73:c6:f4:c4:f3:f8:e3:75: + 96:ab:6a:9d:a2:84:57:3f:a9:9d:60:02:e5:e5:df: + 78:ac:bb:79:1a:36:e9:5d:62:db:2b:85:ff:06:87: + 5b:b8:0f:4d:17:15:5d:0c:fc:10:75:b1:a0:5e:08: + df:01:7d:01:5f:7a:1c:62:36:e0:49:31:8d:e9:e8: + 00:a1:0a:57:1d:d8:cd:e3:4a:aa:bb:0f:1d:e7:35: + 76:9f:2f:13:00:2b:be:df:2a:83:d5:39:7c:7c:3c: + bc:8e:0b:0a:0a:09:f9:78:81:1d:c7:15:a2:ed:b8: + 67:d6:76:a0:00:b4:49:93:02:ec:8e:77:fa:de:ba: + 9a:74:43:97:4a:12:37:45:3c:db:81:87:62:22:8f: + 2a:ee:17:a3:ff:0a:c3:3e:2b:44:79:b0:b9:be:12: + a3:86:1e:60:be:76:79:34:c2:12:55:89:51:b0:e7: + b1:68:2a:a1:e7:ac:f6:88:2b:60:92:e1:02:b0:68: + 49:ba:cd:bb:97:23:f3:46:ee:ac:20:92:4c:fc:70: + 9c:c7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Key Usage: + Digital Signature + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Subject Key Identifier: + 66:BD:7F:37:0A:9E:61:62:4F:B1:CC:04:18:97:E1:53:0A:B3:AF:94 + X509v3 Authority Key Identifier: + keyid:DD:CD:5D:84:BB:B5:3E:91:F6:1C:2D:D0:7B:40:2B:DB:B6:DC:9D:1F + + Signature Algorithm: sha1WithRSAEncryption + 9c:f2:99:d0:1b:11:2e:d8:71:08:8f:96:49:7f:3c:e1:fe:85: + be:3e:72:6d:54:f3:68:a0:8a:da:3e:3c:c4:f7:7d:fe:a0:9f: + 53:70:81:a7:aa:98:62:1a:cc:c3:9d:a7:ef:a9:8f:e6:93:78: + db:f8:33:cd:c0:c1:d8:67:e6:a1:12:93:a8:34:95:3d:0f:39: + ef:50:0b:a4:2a:74:4e:00:6c:7d:52:f5:5e:5d:38:9c:5d:b1: + 29:6e:e6:8a:21:c1:89:cb:ca:8d:32:35:5a:f2:0b:92:1f:6c: + 09:98:45:6c:22:c8:5b:b6:53:2a:43:95:29:0d:88:a6:12:34: + ed:e2:b1:2a:81:71:e5:ca:8d:69:65:39:5e:9d:36:50:68:ef: + 1d:b8:e4:39:5e:64:57:20:9b:d5:b6:45:ea:69:4d:5f:52:e9: + fd:ae:af:2b:1c:8e:b5:a9:47:61:4c:46:7c:33:14:15:6a:0c: + fd:b5:d0:f8:be:0e:d8:30:73:ef:3b:a5:54:85:35:c7:f2:12: + e3:27:8f:d1:e0:3a:1d:c7:53:75:ed:5c:f0:eb:02:25:01:07: + cb:81:4c:68:7b:5f:a4:b5:b2:58:48:4c:9e:47:22:10:b7:01: + 78:7d:a4:6e:af:86:10:dc:21:eb:ee:47:c1:97:11:81:80:b1: + 9d:66:42:42 +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIECxMrnTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJVUzETMBEGA1U +ECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxEzARBgNVBAoMCkdvb2dsZSBJbmMxET +APBgNVBAsMCFdpZGV2aW5lMRswGQYDVQQDDBJBc3VzIGZ1Z3UgQ2FzdCBJQ0EwHhcNMTYwMzE4M +jE0MzMxWhcNMTcwMzE4MjE0MzMxWjB8MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv +bjERMA8GA1UEBwwIS2lya2xhbmQxEzARBgNVBAoMCkdvb2dsZSBJbmMxETAPBgNVBAsMCFdpZGV +2aW5lMR0wGwYDVQQDDBQtNjM5NDgxODg5NzUwODA5NTA3NTCCASIwDQYJKoZIhvcNAQEBBQADgg +EPADCCAQoCggEBANwBQk1AGcwRNnYv1KO9J91UIwW2Y5z/CGitMioFHN8LiyrFw18rkTDf4c3Od +h2E9jx3SHPG9MTz+ON1lqtqnaKEVz+pnWAC5eXfeKy7eRo26V1i2yuF/waHW7gPTRcVXQz8EHWx +oF4I3wF9AV96HGI24EkxjenoAKEKVx3YzeNKqrsPHec1dp8vEwArvt8qg9U5fHw8vI4LCgoJ+Xi +BHccVou24Z9Z2oAC0SZMC7I53+t66mnRDl0oSN0U824GHYiKPKu4Xo/8Kwz4rRHmwub4So4YeYL +52eTTCElWJUbDnsWgqoees9ogrYJLhArBoSbrNu5cj80burCCSTPxwnMcCAwEAAaNyMHAwDAYDV +R0TAQH/BAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFGa9 +fzcKnmFiT7HMBBiX4VMKs6+UMB8GA1UdIwQYMBaAFN3NXYS7tT6R9hwt0HtAK9u23J0fMA0GCSq +GSIb3DQEBBQUAA4IBAQCc8pnQGxEu2HEIj5ZJfzzh/oW+PnJtVPNooIraPjzE933+oJ9TcIGnqp +hiGszDnafvqY/mk3jb+DPNwMHYZ+ahEpOoNJU9DznvUAukKnROAGx9UvVeXTicXbEpbuaKIcGJy +8qNMjVa8guSH2wJmEVsIshbtlMqQ5UpDYimEjTt4rEqgXHlyo1pZTlenTZQaO8duOQ5XmRXIJvV +tkXqaU1fUun9rq8rHI61qUdhTEZ8MxQVagz9tdD4vg7YMHPvO6VUhTXH8hLjJ4/R4Dodx1N17Vz +w6wIlAQfLgUxoe1+ktbJYSEyeRyIQtwF4faRur4YQ3CHr7kfBlxGBgLGdZkJC +-----END CERTIFICATE----- + +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Washington, L=Kirkland, O=Google Inc, OU=Widevine, CN=Widevine Cast Subroot + Validity + Not Before: Aug 20 19:14:44 2014 GMT + Not After : Aug 19 19:14:44 2019 GMT + Subject: C=US, ST=Washington, L=Kirkland, O=Google Inc, OU=Widevine, CN=Asus fugu Cast ICA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c2:f6:d5:91:dc:37:b4:9a:73:4a:e7:74:6d:03: + ae:27:24:41:99:96:1b:05:0e:c7:cf:09:cd:65:56: + 02:fc:98:59:b4:bb:95:71:d7:88:66:c8:08:cb:bf: + 5b:85:65:7e:de:c4:b5:e3:71:24:a2:fd:92:2c:77: + c5:08:e0:f0:b1:8a:8a:54:ca:a6:af:87:b8:cb:7d: + 83:28:59:9c:01:f5:7b:10:d0:f3:52:09:3f:f5:7d: + da:21:63:8f:ac:8b:60:67:22:ef:6b:66:91:fc:97: + 30:8d:cc:fe:de:5c:f9:19:bb:1c:25:29:2c:99:48: + 41:c2:fc:5b:66:d6:79:84:16:8d:0d:4f:75:01:40: + c5:50:69:fa:a4:88:f1:d2:3b:d1:23:df:c5:ba:e3: + e8:ba:cc:1e:93:17:f7:97:e2:71:42:75:5b:99:55: + 98:22:23:98:dc:10:89:f4:e8:26:bb:98:66:fd:bb: + 9a:21:62:a2:df:90:db:48:6f:db:2a:ef:de:53:59: + 31:5d:38:cd:80:a8:0c:6e:4e:37:65:eb:36:1c:13: + ba:53:d3:8f:cc:43:86:02:70:d2:91:f6:96:25:6c: + a4:e8:1f:d8:b3:74:20:eb:60:9d:3d:d3:3d:2e:36: + 0f:f1:94:10:f9:7a:03:52:7e:a4:ef:e3:40:9e:74: + 0e:df + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + DD:CD:5D:84:BB:B5:3E:91:F6:1C:2D:D0:7B:40:2B:DB:B6:DC:9D:1F + X509v3 Authority Key Identifier: + keyid:E6:57:D0:5A:CC:E5:B7:8D:83:01:A1:58:D8:45:76:CD:8D:D8:34:C2 + + Signature Algorithm: sha1WithRSAEncryption + 4c:01:30:88:f2:f6:b0:5f:0a:7d:cb:8f:7a:53:58:88:a6:2f: + 1c:e7:ae:d7:60:73:d8:d4:23:ac:17:31:6d:60:ac:b7:65:da: + 25:de:d9:d4:ce:81:2d:2b:5a:be:44:17:a1:ef:71:fa:5e:69: + e2:e3:d8:a3:a0:69:2b:b4:7c:d9:91:c6:13:bb:87:2c:60:07: + a7:6d:66:c4:19:61:09:e2:42:c9:e5:e2:ce:fd:72:31:bf:e6: + 79:75:d4:7f:e2:16:51:9a:2a:ce:d4:e8:b0:34:4c:2a:6e:b3: + ef:bb:61:03:1e:86:73:40:cd:4f:e4:05:45:94:7a:fd:a9:3a: + 30:53:cc:a7:61:dc:e1:0a:b2:9d:13:51:08:b6:7d:f9:2a:09: + 1e:9e:1d:7c:ca:0b:f3:ef:47:13:75:a3:95:e4:a9:f7:fa:fd: + 91:c1:a7:40:a3:c8:32:07:f2:51:20:db:06:87:b3:30:88:eb: + c1:d1:8d:c9:25:90:ea:e8:76:01:98:cd:6a:0e:0d:f8:5c:56: + d5:84:5c:3e:94:0b:ff:b1:29:ee:7b:58:12:78:81:2d:98:26: + ef:9a:2f:61:23:57:fd:a4:f5:81:e4:a7:32:96:29:03:21:7c: + 3e:2e:09:1b:5c:7f:07:d9:ca:db:89:df:64:aa:c6:bd:ff:ec: + 8d:00:5d:8f +-----BEGIN CERTIFICATE----- +MIIDyDCCArCgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJVUzETMBEGA1UECAw +KV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxEzARBgNVBAoMCkdvb2dsZSBJbmMxETAPBg +NVBAsMCFdpZGV2aW5lMR4wHAYDVQQDDBVXaWRldmluZSBDYXN0IFN1YnJvb3QwHhcNMTQwODIwM +TkxNDQ0WhcNMTkwODE5MTkxNDQ0WjB6MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv +bjERMA8GA1UEBwwIS2lya2xhbmQxEzARBgNVBAoMCkdvb2dsZSBJbmMxETAPBgNVBAsMCFdpZGV +2aW5lMRswGQYDVQQDDBJBc3VzIGZ1Z3UgQ2FzdCBJQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDw +AwggEKAoIBAQDC9tWR3De0mnNK53RtA64nJEGZlhsFDsfPCc1lVgL8mFm0u5Vx14hmyAjLv1uFZ +X7exLXjcSSi/ZIsd8UI4PCxiopUyqavh7jLfYMoWZwB9XsQ0PNSCT/1fdohY4+si2BnIu9rZpH8 +lzCNzP7eXPkZuxwlKSyZSEHC/Ftm1nmEFo0NT3UBQMVQafqkiPHSO9Ej38W64+i6zB6TF/eX4nF +CdVuZVZgiI5jcEIn06Ca7mGb9u5ohYqLfkNtIb9sq795TWTFdOM2AqAxuTjdl6zYcE7pT04/MQ4 +YCcNKR9pYlbKToH9izdCDrYJ090z0uNg/xlBD5egNSfqTv40CedA7fAgMBAAGjVjBUMBIGA1UdE +wEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFN3NXYS7tT6R9hwt0HtAK9u23J0fMB8GA1UdIwQYMBaA +FOZX0FrM5beNgwGhWNhFds2N2DTCMA0GCSqGSIb3DQEBBQUAA4IBAQBMATCI8vawXwp9y496U1i +Ipi8c567XYHPY1COsFzFtYKy3Zdol3tnUzoEtK1q+RBeh73H6Xmni49ijoGkrtHzZkcYTu4csYA +enbWbEGWEJ4kLJ5eLO/XIxv+Z5ddR/4hZRmirO1OiwNEwqbrPvu2EDHoZzQM1P5AVFlHr9qTowU +8ynYdzhCrKdE1EItn35Kgkenh18ygvz70cTdaOV5Kn3+v2RwadAo8gyB/JRINsGh7MwiOvB0Y3J +JZDq6HYBmM1qDg34XFbVhFw+lAv/sSnue1gSeIEtmCbvmi9hI1f9pPWB5KcylikDIXw+LgkbXH8 +H2crbid9kqsa9/+yNAF2P +-----END CERTIFICATE----- + +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Root CA + Validity + Not Before: Apr 9 05:12:21 2014 GMT + Not After : Apr 9 05:12:21 2019 GMT + Subject: C=US, ST=Washington, L=Kirkland, O=Google Inc, OU=Widevine, CN=Widevine Cast Subroot + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a7:8b:47:0f:b1:92:ad:50:cd:4d:c5:ad:0f:86: + 8f:37:7b:36:28:15:5b:09:03:81:04:df:14:22:4d: + 1f:13:56:4b:1c:33:82:36:17:8b:4e:49:1d:ff:ef: + 18:2d:b7:54:eb:3a:fb:dd:16:7a:4c:3c:e8:1b:94: + 08:f7:c0:d7:fd:2d:dc:39:58:bb:4a:7a:61:70:bd: + e9:6d:9b:07:38:8f:0f:74:45:36:b4:17:8c:19:51: + 2f:ff:3a:09:05:b5:88:36:11:f6:c5:ec:8f:0f:1d: + b3:5a:42:b0:8f:2c:b2:9e:ed:ba:71:9a:81:68:d9: + 14:8d:cb:ec:03:c9:12:a1:c1:4c:03:17:62:5f:e7: + 7b:4d:ff:2e:45:2a:99:de:87:96:de:bc:71:da:e3: + e5:56:5e:d5:24:59:de:51:45:44:41:34:df:7b:6f: + 38:9a:03:72:c8:7e:e7:94:12:bd:9a:c0:37:38:85: + 38:93:3f:22:8c:53:43:84:3c:38:d3:b5:0a:f7:47: + 03:51:d2:89:4b:6d:7f:b2:47:08:5d:96:38:df:d0: + 87:d3:33:2a:53:52:c9:9b:99:d0:83:77:fe:0d:bd: + 9e:62:a3:21:9c:cb:ba:b5:f6:5c:fe:fc:52:f1:ff: + f6:31:15:c8:ca:4e:ac:dc:8b:3e:84:01:cc:1e:f9: + e3:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:1 + X509v3 Subject Key Identifier: + E6:57:D0:5A:CC:E5:B7:8D:83:01:A1:58:D8:45:76:CD:8D:D8:34:C2 + X509v3 Authority Key Identifier: + keyid:7C:9A:1E:7D:DF:79:54:BC:D7:CC:5E:CA:99:86:45:79:65:74:28:19 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Signature Algorithm: sha1WithRSAEncryption + 9c:bd:b9:62:6c:20:04:45:8a:22:da:a5:a4:8c:78:37:70:92: + 9f:93:a8:34:0b:6a:b1:bf:cd:46:05:e9:52:e9:df:3c:f0:b5: + 84:aa:ab:72:3d:80:4d:c3:8a:62:6d:26:5b:c6:19:af:06:79: + 5b:5b:a8:da:06:0d:a1:80:bd:58:7b:83:80:a6:0a:6e:22:85: + 85:3f:ca:6b:d2:f5:26:fc:5b:e3:67:ae:5c:16:0b:26:bf:b2: + c6:86:69:03:92:81:96:6d:22:b2:32:4a:e3:f7:ff:7e:ce:bf: + 66:68:d7:fe:51:51:17:da:f9:8f:a7:dd:82:52:e7:ff:fc:96: + 79:58:14:74:3a:af:08:40:73:a4:f1:a9:af:b8:e7:ee:55:c5: + 2b:f2:2b:3d:9d:ef:b2:22:65:3c:b7:dc:84:7c:6f:2b:96:21: + d9:c8:4c:f4:72:d4:71:72:62:1f:4c:64:d8:08:e7:46:dc:1b: + a1:1a:e2:99:f0:13:03:eb:43:9b:80:c7:4b:11:d6:c2:21:19: + 7d:b5:8c:dc:5f:be:48:93:e7:d0:6a:2b:d0:84:21:fb:02:e7: + 03:92:72:1d:bb:aa:0a:d4:24:ad:ad:08:f0:14:6a:12:33:ca: + ed:30:7f:9d:11:50:aa:ed:72:32:12:1a:5b:cb:83:81:dd:d1: + ab:f3:94:61 +-----BEGIN CERTIFICATE----- +MIIDzTCCArWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJVUzETMBEGA1UECAw +KQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYz +ENMAsGA1UECwwEQ2FzdDEVMBMGA1UEAwwMQ2FzdCBSb290IENBMB4XDTE0MDQwOTA1MTIyMVoXD +TE5MDQwOTA1MTIyMVowfTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAPBgNV +BAcMCEtpcmtsYW5kMRMwEQYDVQQKDApHb29nbGUgSW5jMREwDwYDVQQLDAhXaWRldmluZTEeMBw +GA1UEAwwVV2lkZXZpbmUgQ2FzdCBTdWJyb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg +KCAQEAp4tHD7GSrVDNTcWtD4aPN3s2KBVbCQOBBN8UIk0fE1ZLHDOCNheLTkkd/+8YLbdU6zr73 +RZ6TDzoG5QI98DX/S3cOVi7SnphcL3pbZsHOI8PdEU2tBeMGVEv/zoJBbWINhH2xeyPDx2zWkKw +jyyynu26cZqBaNkUjcvsA8kSocFMAxdiX+d7Tf8uRSqZ3oeW3rxx2uPlVl7VJFneUUVEQTTfe28 +4mgNyyH7nlBK9msA3OIU4kz8ijFNDhDw407UK90cDUdKJS21/skcIXZY439CH0zMqU1LJm5nQg3 +f+Db2eYqMhnMu6tfZc/vxS8f/2MRXIyk6s3Is+hAHMHvnjTwIDAQABo2AwXjAPBgNVHRMECDAGA +QH/AgEBMB0GA1UdDgQWBBTmV9BazOW3jYMBoVjYRXbNjdg0wjAfBgNVHSMEGDAWgBR8mh5933lU +vNfMXsqZhkV5ZXQoGTALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAJy9uWJsIARFiiL +apaSMeDdwkp+TqDQLarG/zUYF6VLp3zzwtYSqq3I9gE3DimJtJlvGGa8GeVtbqNoGDaGAvVh7g4 +CmCm4ihYU/ymvS9Sb8W+NnrlwWCya/ssaGaQOSgZZtIrIySuP3/37Ov2Zo1/5RURfa+Y+n3YJS5 +//8lnlYFHQ6rwhAc6Txqa+45+5VxSvyKz2d77IiZTy33IR8byuWIdnITPRy1HFyYh9MZNgI50bc +G6Ea4pnwEwPrQ5uAx0sR1sIhGX21jNxfvkiT59BqK9CEIfsC5wOSch27qgrUJK2tCPAUahIzyu0 +wf50RUKrtcjISGlvLg4Hd0avzlGE= +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/mtk_audio_dev.pem b/test/data/cast/common/certificate/certificates/mtk_audio_dev.pem new file mode 100644 index 00000000..179ec463 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/mtk_audio_dev.pem @@ -0,0 +1,255 @@ +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 20 (0x14) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=MediaTek Audio Dev Model + Validity + Not Before: Nov 17 18:22:26 2014 GMT + Not After : Mar 31 18:22:26 2015 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=MediaTek Audio Dev Test + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ce:84:9f:04:38:5b:e8:93:71:45:04:32:29:80: + f6:64:b4:04:9f:49:5a:c5:5b:31:e3:ca:84:fa:e8: + 14:45:a4:07:e0:c3:fa:ea:52:02:29:78:d7:75:dc: + 3f:dd:97:43:55:97:1f:34:2e:0e:63:8b:95:c5:c0: + ba:ce:55:19:9d:5b:d9:c2:5f:24:49:3e:dc:cd:af: + 3e:77:7e:aa:ad:6a:56:b7:6e:43:1b:c6:32:6a:26: + 82:81:05:41:2e:38:65:b7:6f:22:2d:08:db:58:66: + bd:f5:44:1c:db:7e:be:d2:86:3e:26:1f:9c:3d:62: + 0d:17:6d:ff:26:63:7f:04:69:56:1c:b7:64:d5:83: + eb:db:66:19:e7:d9:96:36:a2:0c:a8:aa:4a:cf:fe: + 1e:3c:93:00:60:ba:0a:3c:71:a2:a8:be:46:6b:19: + 33:ae:09:b6:70:a0:00:f5:4a:61:3c:05:b9:40:80: + aa:09:e9:d2:29:c1:87:69:fd:9e:59:06:70:df:f8: + 87:7a:8e:a2:8b:97:06:fc:41:09:13:db:23:61:00: + aa:1f:85:d6:08:07:a9:e8:21:9c:00:ce:2c:a4:e8: + 23:13:df:7b:63:f3:b8:a3:80:38:97:4a:98:7b:8d: + 28:7b:4b:4b:3b:4d:89:cc:f1:43:c8:ed:73:74:54: + 9e:4d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 75:8D:69:9E:FD:5F:21:11:21:DE:17:99:5C:5C:FD:A3:88:54:07:25 + X509v3 Authority Key Identifier: + keyid:06:45:8E:DD:60:B7:71:EF:DD:4C:71:83:F1:58:C8:3F:85:A5:F7:F5 + + X509v3 Key Usage: + Digital Signature + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + 69:dc:af:48:ce:e5:24:7b:46:a6:ac:08:d4:9e:4b:75:48:74: + d3:c1:22:4c:51:80:8b:68:24:5a:64:12:e4:60:12:88:86:e6: + 36:85:37:9b:a7:c8:9a:92:aa:d4:75:9e:4f:29:16:12:e7:4f: + 9c:2b:65:42:39:17:3b:4b:fe:a2:2b:95:43:0d:8e:5d:10:06: + a7:eb:a9:7b:17:aa:da:f7:12:17:b6:61:4d:03:e1:10:3c:03: + 65:46:f3:c3:b7:0d:0c:9a:a6:c1:95:91:16:f0:8b:ef:2e:84: + 6e:72:7e:32:43:94:9e:59:b6:bb:29:19:a3:14:e5:be:a2:d8: + 2e:45:45:3a:14:0b:e9:c9:af:53:4e:be:34:38:f9:94:7a:a0: + fd:fe:49:66:a2:c3:d4:8d:ad:d4:43:e6:c2:f0:8e:e9:97:4c: + 32:06:18:80:2a:8e:9e:b9:ca:c8:34:c4:f9:f7:b6:ad:4b:8c: + 87:b6:c4:af:10:de:a8:15:64:eb:53:b7:54:88:ad:b1:92:ca: + 43:88:9c:c2:6a:86:96:45:be:fd:de:74:a8:c8:62:c3:65:87: + a2:c2:27:9d:ea:1a:4b:1a:f7:4d:11:9b:1c:4c:d2:b9:88:1c: + 27:28:0a:17:07:8b:77:92:18:32:3c:e1:33:9d:eb:a8:94:f1: + 27:2e:9d:8b +-----BEGIN CERTIFICATE----- +MIIECDCCAvCgAwIBAgIBFDANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAg +MCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbm +MxDTALBgNVBAsMBENhc3QxITAfBgNVBAMMGE1lZGlhVGVrIEF1ZGlvIERldiBNb2RlbDAeFw0xN +DExMTcxODIyMjZaFw0xNTAzMzExODIyMjZaMIGAMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2Fs +aWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzENMAs +GA1UECwwEQ2FzdDEgMB4GA1UEAwwXTWVkaWFUZWsgQXVkaW8gRGV2IFRlc3QwggEiMA0GCSqGSI +b3DQEBAQUAA4IBDwAwggEKAoIBAQDOhJ8EOFvok3FFBDIpgPZktASfSVrFWzHjyoT66BRFpAfgw +/rqUgIpeNd13D/dl0NVlx80Lg5ji5XFwLrOVRmdW9nCXyRJPtzNrz53fqqtala3bkMbxjJqJoKB +BUEuOGW3byItCNtYZr31RBzbfr7Shj4mH5w9Yg0Xbf8mY38EaVYct2TVg+vbZhnn2ZY2ogyoqkr +P/h48kwBgugo8caKovkZrGTOuCbZwoAD1SmE8BblAgKoJ6dIpwYdp/Z5ZBnDf+Id6jqKLlwb8QQ +kT2yNhAKofhdYIB6noIZwAziyk6CMT33tj87ijgDiXSph7jSh7S0s7TYnM8UPI7XN0VJ5NAgMBA +AGjgYkwgYYwCQYDVR0TBAIwADAdBgNVHQ4EFgQUdY1pnv1fIREh3heZXFz9o4hUByUwHwYDVR0j +BBgwFoAUBkWO3WC3ce/dTHGD8VjIP4Wl9/UwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQU +FBwMCMBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFAjANBgkqhkiG9w0BAQsFAAOCAQEAadyvSM7lJH +tGpqwI1J5LdUh008EiTFGAi2gkWmQS5GASiIbmNoU3m6fImpKq1HWeTykWEudPnCtlQjkXO0v+o +iuVQw2OXRAGp+upexeq2vcSF7ZhTQPhEDwDZUbzw7cNDJqmwZWRFvCL7y6EbnJ+MkOUnlm2uykZ +oxTlvqLYLkVFOhQL6cmvU06+NDj5lHqg/f5JZqLD1I2t1EPmwvCO6ZdMMgYYgCqOnrnKyDTE+fe +2rUuMh7bErxDeqBVk61O3VIitsZLKQ4icwmqGlkW+/d50qMhiw2WHosInneoaSxr3TRGbHEzSuY +gcJygKFweLd5IYMjzhM53rqJTxJy6diw== +-----END CERTIFICATE----- + +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 19 (0x13) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Audio Dev Root CA + Validity + Not Before: Nov 17 18:21:14 2014 GMT + Not After : Mar 31 18:21:14 2015 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=MediaTek Audio Dev Model + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a0:0b:b3:e2:3b:5f:40:91:e7:1b:25:2d:2b:28: + 2a:57:6d:ef:cf:42:f8:73:de:38:fb:d3:cf:76:e4: + a3:64:a7:82:3a:ae:9a:2f:7d:6c:d6:46:0b:69:35: + 6b:2c:ad:e0:a1:d9:52:93:83:04:1f:e4:ae:1a:dd: + 9c:77:f3:22:d5:30:d8:9f:f0:8a:a0:87:b1:7f:84: + 57:3b:60:33:8e:75:db:bf:c3:a4:74:f9:2d:df:99: + 6f:85:88:3c:c3:ad:77:53:ef:e2:d5:2f:80:db:20: + 9f:96:ae:5b:d7:7d:45:05:40:26:57:df:d2:3b:34: + c2:cd:ac:0f:5c:be:fe:70:1c:4f:ef:33:03:55:b5: + dc:41:bd:ef:c9:c0:e3:9c:5d:31:d7:25:01:95:d3: + fe:c3:99:e7:af:b3:9d:ad:aa:bc:6d:63:a8:ca:62: + 36:f5:9c:a4:ac:da:a4:16:73:cf:e7:5e:11:27:ea: + 21:43:0d:15:8a:26:f2:ca:63:e0:04:e1:59:f0:34: + 3c:50:99:49:f6:fc:33:2d:ab:d2:a6:61:5d:b5:a6: + e2:40:b9:e8:68:72:9f:69:2c:6b:32:75:d9:40:b3: + 71:d9:65:f9:ba:b7:d8:12:b2:cf:e7:ab:f6:cc:cc: + ed:8a:22:c6:61:cd:7f:9b:83:b2:8c:52:fe:24:bb: + 9e:f7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 06:45:8E:DD:60:B7:71:EF:DD:4C:71:83:F1:58:C8:3F:85:A5:F7:F5 + X509v3 Authority Key Identifier: + keyid:4F:93:EA:B8:A6:60:AF:AB:A8:B3:5E:B7:A6:37:7E:66:BD:43:BC:06 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + 53:07:48:54:47:6b:e8:36:8a:28:65:90:76:53:f1:4f:a7:8c: + c1:64:59:73:5e:74:e7:f8:b6:78:8b:f3:c1:d7:34:86:bb:ab: + 4c:58:df:e8:87:9d:29:b0:0f:5e:bd:b8:a0:7b:fe:14:77:a1: + cc:98:4a:82:36:48:5b:b6:ce:a0:ba:bb:84:b9:f1:2d:cd:ec: + fe:40:59:7c:5f:8e:bb:fa:1a:e2:4b:a7:3d:91:da:25:7b:ca: + 3a:22:f1:7b:32:53:49:63:51:c3:ab:42:11:e7:23:d0:99:98: + 8a:da:cc:9d:f1:1c:a9:06:68:7b:82:76:3e:a6:79:2a:2f:71: + ee:f9:2d:48:55:f3:34:8d:1d:be:78:54:e7:c0:3b:45:3e:59: + 44:3d:b5:ba:6d:3a:14:c1:4d:fb:4f:a5:a9:e9:b0:c3:0c:b0: + 7e:cd:54:f7:df:92:8e:a4:be:e8:33:f0:c7:cf:95:cc:4a:4f: + dd:84:7a:8c:ec:88:e3:4d:01:f6:29:1a:d8:c7:10:a6:60:f7: + 5a:95:1c:80:b5:63:c0:3d:03:5d:fa:0a:c2:53:d3:52:4b:0c: + 06:b6:bc:87:89:67:ee:39:2d:05:58:ad:d9:d5:e7:64:2b:f3: + 3d:0b:73:5f:3c:9b:9b:9f:ff:51:7f:c5:b0:c6:07:42:48:8b: + 67:e4:ac:b8 +-----BEGIN CERTIFICATE----- +MIID9TCCAt2gAwIBAgIBEzANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJVUzETMBEGA1UECAw +KQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYz +ENMAsGA1UECwwEQ2FzdDEfMB0GA1UEAwwWQ2FzdCBBdWRpbyBEZXYgUm9vdCBDQTAeFw0xNDExM +TcxODIxMTRaFw0xNTAzMzExODIxMTRaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZv +cm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzENMAsGA1U +ECwwEQ2FzdDEhMB8GA1UEAwwYTWVkaWFUZWsgQXVkaW8gRGV2IE1vZGVsMIIBIjANBgkqhkiG9w +0BAQEFAAOCAQ8AMIIBCgKCAQEAoAuz4jtfQJHnGyUtKygqV23vz0L4c944+9PPduSjZKeCOq6aL +31s1kYLaTVrLK3godlSk4MEH+SuGt2cd/Mi1TDYn/CKoIexf4RXO2AzjnXbv8OkdPkt35lvhYg8 +w613U+/i1S+A2yCflq5b131FBUAmV9/SOzTCzawPXL7+cBxP7zMDVbXcQb3vycDjnF0x1yUBldP ++w5nnr7Odraq8bWOoymI29ZykrNqkFnPP514RJ+ohQw0ViibyymPgBOFZ8DQ8UJlJ9vwzLavSpm +FdtabiQLnoaHKfaSxrMnXZQLNx2WX5urfYErLP56v2zMztiiLGYc1/m4OyjFL+JLue9wIDAQABo +3kwdzAPBgNVHRMECDAGAQH/AgEAMB0GA1UdDgQWBBQGRY7dYLdx791McYPxWMg/haX39TAfBgNV +HSMEGDAWgBRPk+q4pmCvq6izXremN35mvUO8BjALBgNVHQ8EBAMCAQYwFwYDVR0gBBAwDjAMBgo +rBgEEAdZ5AgUCMA0GCSqGSIb3DQEBCwUAA4IBAQBTB0hUR2voNoooZZB2U/FPp4zBZFlzXnTn+L +Z4i/PB1zSGu6tMWN/oh50psA9evbige/4Ud6HMmEqCNkhbts6guruEufEtzez+QFl8X467+hriS +6c9kdole8o6IvF7MlNJY1HDq0IR5yPQmZiK2syd8RypBmh7gnY+pnkqL3Hu+S1IVfM0jR2+eFTn +wDtFPllEPbW6bToUwU37T6Wp6bDDDLB+zVT335KOpL7oM/DHz5XMSk/dhHqM7IjjTQH2KRrYxxC +mYPdalRyAtWPAPQNd+grCU9NSSwwGtryHiWfuOS0FWK3Z1edkK/M9C3NfPJubn/9Rf8WwxgdCSI +tn5Ky4 +-----END CERTIFICATE----- + +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18 (0x12) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Root CA + Validity + Not Before: Nov 17 18:19:26 2014 GMT + Not After : Mar 31 18:19:26 2015 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Audio Dev Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b9:86:ee:81:9b:07:f1:c6:15:6a:30:1e:41:bd: + 3b:70:f4:96:88:7d:f7:d3:29:63:3d:b8:ca:a1:ec: + 3d:81:43:08:85:2b:30:5f:4b:6b:54:19:a9:92:46: + 98:9a:2e:2a:ff:9d:f3:48:b2:5d:d6:0a:9c:49:81: + 6a:63:1a:12:e7:8e:3c:39:74:67:67:c7:d5:d4:f3: + 7c:45:65:07:84:15:b1:df:0b:16:0d:21:de:71:24: + b0:88:00:8a:69:cf:ae:70:24:82:64:60:48:c8:5a: + 52:86:50:73:36:e0:24:53:5c:e8:58:13:7a:29:b8: + 8a:a8:39:68:98:12:bf:9f:37:df:60:67:e0:3f:1f: + fa:de:b7:d1:a4:17:c3:c2:c5:b5:be:d7:98:e1:3d: + 0d:59:66:e5:07:49:9a:bb:9e:4f:f3:37:38:37:df: + 0c:19:8b:cd:fd:2c:fc:f5:a9:09:6b:4a:d3:13:22: + 8f:fd:f9:64:e5:2c:5f:be:5a:a5:84:32:9c:e5:2a: + 73:f5:dc:aa:57:c2:7f:3e:d6:7c:9f:55:f0:28:9c: + 21:ba:e6:99:61:fc:39:0d:31:ac:14:9d:c1:97:b5: + e8:ce:97:1b:19:b8:c0:ae:52:1a:2a:46:7a:2c:f8: + c4:18:7d:6a:73:12:20:ec:39:47:e0:de:e3:d5:8d: + 82:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:1 + X509v3 Subject Key Identifier: + 4F:93:EA:B8:A6:60:AF:AB:A8:B3:5E:B7:A6:37:7E:66:BD:43:BC:06 + X509v3 Authority Key Identifier: + keyid:7C:9A:1E:7D:DF:79:54:BC:D7:CC:5E:CA:99:86:45:79:65:74:28:19 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + 0d:8f:39:1a:7f:65:63:9a:16:d7:7f:e0:2f:64:79:7d:0e:3f: + cf:3a:85:fe:2b:8b:1e:54:47:c7:fe:ce:ad:ea:51:24:1d:a5: + ea:1e:5f:31:99:c3:3f:87:ac:8e:dc:d7:8c:5e:3d:aa:42:99: + 58:07:bf:7c:87:51:7d:90:2f:e2:4d:14:03:a2:db:b9:92:51: + 3c:34:7d:00:5e:e3:3e:c1:ab:56:a1:f8:5f:59:fb:64:8d:35: + e9:6c:de:27:c0:b4:70:82:7f:6e:20:e7:ed:d3:94:e3:c2:80: + d0:6f:47:fd:b1:64:d0:1e:39:1e:c7:7c:65:c9:51:99:ec:7e: + c2:ba:8a:ef:95:29:44:f1:31:33:05:fa:34:4a:50:3f:bf:69: + 91:0a:8d:98:8d:f3:1e:99:1f:6c:ea:d1:81:ce:b5:52:c0:f6: + c6:5f:32:7c:59:88:dd:3c:45:f2:c8:1b:47:fc:f3:d4:0e:eb: + f5:57:22:91:f7:9f:3b:88:62:c9:7a:d5:cf:1d:98:fc:f2:78: + 5a:8f:fc:e9:4d:7d:a4:9b:5c:94:07:94:8d:91:8b:c8:10:76: + 6c:16:74:90:9c:a8:bf:18:38:9a:00:2d:d0:2d:a4:6b:98:d9: + 9f:3b:68:43:c3:91:bf:93:0d:f1:12:56:9a:d5:e9:69:7b:7e: + e3:75:37:56 +-----BEGIN CERTIFICATE----- +MIID6DCCAtCgAwIBAgIBEjANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzETMBEGA1UECAw +KQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYz +ENMAsGA1UECwwEQ2FzdDEVMBMGA1UEAwwMQ2FzdCBSb290IENBMB4XDTE0MTExNzE4MTkyNloXD +TE1MDMzMTE4MTkyNlowfzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxDTALBgNVBAsMBENhc3QxHzA +dBgNVBAMMFkNhc3QgQXVkaW8gRGV2IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwgg +EKAoIBAQC5hu6BmwfxxhVqMB5BvTtw9JaIfffTKWM9uMqh7D2BQwiFKzBfS2tUGamSRpiaLir/n +fNIsl3WCpxJgWpjGhLnjjw5dGdnx9XU83xFZQeEFbHfCxYNId5xJLCIAIppz65wJIJkYEjIWlKG +UHM24CRTXOhYE3opuIqoOWiYEr+fN99gZ+A/H/ret9GkF8PCxbW+15jhPQ1ZZuUHSZq7nk/zNzg +33wwZi839LPz1qQlrStMTIo/9+WTlLF++WqWEMpzlKnP13KpXwn8+1nyfVfAonCG65plh/DkNMa +wUncGXtejOlxsZuMCuUhoqRnos+MQYfWpzEiDsOUfg3uPVjYIPAgMBAAGjeTB3MA8GA1UdEwQIM +AYBAf8CAQEwHQYDVR0OBBYEFE+T6rimYK+rqLNet6Y3fma9Q7wGMB8GA1UdIwQYMBaAFHyaHn3f +eVS818xeypmGRXlldCgZMAsGA1UdDwQEAwIBBjAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQIwDQY +JKoZIhvcNAQELBQADggEBAA2PORp/ZWOaFtd/4C9keX0OP886hf4rix5UR8f+zq3qUSQdpeoeXz +GZwz+HrI7c14xePapCmVgHv3yHUX2QL+JNFAOi27mSUTw0fQBe4z7Bq1ah+F9Z+2SNNels3ifAt +HCCf24g5+3TlOPCgNBvR/2xZNAeOR7HfGXJUZnsfsK6iu+VKUTxMTMF+jRKUD+/aZEKjZiN8x6Z +H2zq0YHOtVLA9sZfMnxZiN08RfLIG0f889QO6/VXIpH3nzuIYsl61c8dmPzyeFqP/OlNfaSbXJQ +HlI2Ri8gQdmwWdJCcqL8YOJoALdAtpGuY2Z87aEPDkb+TDfESVprV6Wl7fuN1N1Y= +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/policies_ica_anypolicy_leaf_anypolicy.pem b/test/data/cast/common/certificate/certificates/policies_ica_anypolicy_leaf_anypolicy.pem new file mode 100644 index 00000000..7f0628d6 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/policies_ica_anypolicy_leaf_anypolicy.pem @@ -0,0 +1,281 @@ +[Created by: generate_policies_tests.py] + +Cast certificate chain with the following policies: + + Root: policies={} + Intermediate: policies={anyPolicy} + Leaf: policies={anyPolicy} + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11 (0xb) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Leaf + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bc:42:b8:af:d7:ce:53:49:1d:f9:fd:41:b0:ce: + 40:7a:c1:5d:79:db:a8:9d:6b:7b:f9:ef:8d:b8:f4: + 22:e3:80:f9:5c:67:e1:91:a0:66:c2:d7:07:0a:ef: + ed:86:ab:c0:9e:d0:b1:95:cf:83:9b:ce:7b:0c:75: + 05:8c:2f:44:e4:2f:ba:d8:17:04:ec:37:a2:6f:20: + 66:d9:09:a9:20:e2:43:d8:d4:77:26:82:ec:a7:ca: + 48:2b:19:73:73:fd:4b:d4:a6:38:e3:ea:6e:d7:02: + cd:18:e6:bd:c2:c6:9a:bf:ec:1f:ce:b0:e9:03:eb: + 03:65:cd:e2:46:ad:a3:c1:4d:23:b3:d1:b1:52:e2: + 5d:56:dc:bd:21:35:17:4b:65:e9:3b:e8:9a:f5:7b: + 30:74:3f:da:e7:5a:8b:4e:74:53:56:db:f2:15:f6: + 7d:bb:20:f0:fd:e5:bb:8b:a3:7d:10:f3:f2:d1:76: + d6:99:fc:0b:29:cb:bc:ec:dd:ed:85:54:01:a2:07: + 96:ce:7e:24:ee:1b:12:2e:e0:65:8f:3d:de:e2:75: + 64:a1:2f:1c:43:dd:d1:e9:6f:80:58:b0:11:d6:8a: + 76:48:b5:60:38:7e:c0:52:7a:4a:6d:7d:b4:c2:4b: + d8:d2:f8:27:8a:88:54:f2:05:a0:65:12:ff:26:27: + bc:bb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 63:5A:64:7F:7A:5B:13:1C:41:A8:00:23:5D:9E:D5:4E:86:22:FC:56 + X509v3 Authority Key Identifier: + keyid:29:2B:35:96:F9:DF:46:CD:68:36:D9:20:F1:95:F7:40:FB:C6:58:33 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + + Signature Algorithm: sha256WithRSAEncryption + 0c:f9:f7:0f:75:d6:67:f3:5b:a1:3a:3a:20:8b:d3:3a:f6:14: + f8:ac:89:22:2e:36:03:d3:7f:3f:bc:19:9f:2d:b7:c4:c9:99: + 3d:85:10:a7:ca:d6:d5:97:56:8d:56:f1:98:d8:43:29:b2:87: + 3c:6d:6f:52:00:8c:1d:3a:04:2b:f5:7b:75:40:7c:01:79:22: + 00:10:48:a4:27:b6:30:b9:29:2b:14:de:cc:bf:f4:1e:cc:8c: + 7f:6e:97:18:cf:03:f6:5d:ea:d1:47:2c:e8:78:73:31:e8:48: + c8:54:76:f6:b1:5b:a2:70:7e:8f:7f:12:2d:fa:2f:fd:d8:97: + 34:90:fb:d4:2a:d3:3c:65:cc:25:1b:b0:d9:b9:8e:2e:e2:9a: + 31:ce:4e:2f:df:7e:ee:0e:da:a0:3b:cd:12:8a:0d:6b:e0:10: + 81:25:8e:25:25:a0:91:7a:e2:a5:ee:aa:d1:8f:cf:03:ca:d5: + 45:1d:a2:14:67:7d:ac:cb:d9:1d:0a:af:e0:e9:b6:e9:53:27: + b7:63:bf:59:00:fb:8d:bc:17:00:fb:92:74:30:9c:f8:86:bf: + 2f:94:73:32:af:95:a7:12:96:bf:37:6a:d7:9d:87:1e:17:27: + 41:a7:6a:bc:9b:fa:ae:12:b3:ec:96:3c:5e:62:80:4f:3c:e7: + 9f:a4:0a:ed +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIBCzANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD +VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEK4r9fO +U0kd+f1BsM5AesFdeduonWt7+e+NuPQi44D5XGfhkaBmwtcHCu/thqvAntCxlc+D +m857DHUFjC9E5C+62BcE7DeibyBm2QmpIOJD2NR3JoLsp8pIKxlzc/1L1KY44+pu +1wLNGOa9wsaav+wfzrDpA+sDZc3iRq2jwU0js9GxUuJdVty9ITUXS2XpO+ia9Xsw +dD/a51qLTnRTVtvyFfZ9uyDw/eW7i6N9EPPy0XbWmfwLKcu87N3thVQBogeWzn4k +7hsSLuBljz3e4nVkoS8cQ93R6W+AWLAR1op2SLVgOH7AUnpKbX20wkvY0vgniohU +8gWgZRL/Jie8uwIDAQABo4HyMIHvMB0GA1UdDgQWBBRjWmR/elsTHEGoACNdntVO +hiL8VjAfBgNVHSMEGDAWgBQpKzWW+d9GzWg22SDxlfdA+8ZYMzA/BggrBgEFBQcB +AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh +dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl +cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +AjARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAAz59w911mfz +W6E6OiCL0zr2FPisiSIuNgPTfz+8GZ8tt8TJmT2FEKfK1tWXVo1W8ZjYQymyhzxt +b1IAjB06BCv1e3VAfAF5IgAQSKQntjC5KSsU3sy/9B7MjH9ulxjPA/Zd6tFHLOh4 +czHoSMhUdvaxW6Jwfo9/Ei36L/3YlzSQ+9Qq0zxlzCUbsNm5ji7imjHOTi/ffu4O +2qA7zRKKDWvgEIEljiUloJF64qXuqtGPzwPK1UUdohRnfazL2R0Kr+DptulTJ7dj +v1kA+428FwD7knQwnPiGvy+UczKvlacSlr83atedhx4XJ0Gnaryb+q4Ss+yWPF5i +gE8855+kCu0= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 22 (0x16) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:cc:f0:0a:27:5e:f1:ca:c1:d3:fd:33:14:dc:25: + 7a:49:89:89:c5:67:fd:e4:56:aa:2b:1b:40:80:84: + b8:48:7e:ed:66:4c:23:82:99:5b:86:db:fc:82:35: + b3:56:01:bf:01:14:f6:46:5d:c7:96:5d:55:a7:a7: + e7:5c:8d:a7:c9:e9:a2:20:e4:ad:4c:8c:fe:2e:17: + 59:56:8d:ed:7c:97:68:5a:0d:dd:b1:41:b7:24:44: + bc:77:84:f1:af:fe:87:1c:83:c7:10:72:8a:44:62: + 99:a0:5c:78:f0:28:73:bf:2c:de:d1:8e:69:01:b6: + 5a:39:20:2c:d9:fe:11:5f:09:27:5d:ff:2a:98:9a: + a8:6b:6a:e4:40:27:0d:b7:a7:2d:85:fa:7d:7a:08: + d4:bb:9f:ff:27:e8:3a:d4:f5:15:a0:40:4f:c1:11: + 13:26:d7:1b:39:96:12:b7:19:aa:73:5c:4c:f7:ea: + d0:95:4d:14:a4:aa:73:63:58:8f:fe:e0:5a:83:31: + 7f:34:aa:02:e1:d9:6c:ed:84:7b:7f:ec:6b:7e:d9: + 3f:65:98:87:28:18:d5:aa:0f:d5:2f:ec:1a:86:19: + ed:3c:c6:a1:10:4a:fd:ac:60:6a:7a:ff:6a:66:c4: + 99:49:67:7c:3f:37:32:eb:80:48:e5:0b:6a:1d:3d: + 6a:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 29:2B:35:96:F9:DF:46:CD:68:36:D9:20:F1:95:F7:40:FB:C6:58:33 + X509v3 Authority Key Identifier: + keyid:FF:6B:55:E3:48:07:3A:7D:A5:37:EE:4C:93:43:81:21:0E:CD:5F:D0 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + + Signature Algorithm: sha256WithRSAEncryption + 1a:0b:d3:2f:32:36:12:5e:be:00:85:07:03:11:d9:af:0e:54: + fe:c6:02:a0:f3:40:e3:4e:7d:52:b3:8b:24:75:c9:9e:de:0c: + a3:30:6e:8d:1f:e4:ea:cc:97:96:5e:b3:ad:78:34:99:05:d1: + 69:99:09:fd:e3:3a:0c:ab:df:d0:7b:61:9d:af:da:71:96:8d: + 6d:26:da:16:bd:54:f8:e9:12:7e:e6:1b:f6:d2:d3:69:a4:ba: + 1f:4f:5c:8c:66:d7:2f:42:79:51:98:6e:55:4c:da:2a:d2:7d: + 48:22:bc:33:65:d1:87:6b:df:f9:c7:7a:55:db:70:25:4f:14: + ef:15:07:aa:93:41:99:2c:f7:37:8f:e5:0f:73:41:05:18:d5: + f0:8a:e7:3e:4f:89:fa:a5:4d:86:16:12:63:6c:11:95:d0:a6: + 81:d2:63:68:51:0a:ae:8b:2c:17:24:32:3a:44:57:fc:a8:0f: + d3:5f:95:ca:24:6e:ee:03:85:54:95:3d:42:4a:b0:ed:7e:4e: + d5:2c:e7:e0:73:90:72:aa:6b:b6:2a:9a:65:6b:ce:c1:1d:1e: + 46:d0:a9:f5:7a:83:89:41:3c:e4:19:8b:b7:2a:93:23:d7:fb: + c5:a5:3f:4e:8d:7b:ec:d2:4f:b9:a9:4d:2b:f9:b5:7b:bb:a2: + 66:51:a2:56 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIBFjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPAKJ17x +ysHT/TMU3CV6SYmJxWf95FaqKxtAgIS4SH7tZkwjgplbhtv8gjWzVgG/ART2Rl3H +ll1Vp6fnXI2nyemiIOStTIz+LhdZVo3tfJdoWg3dsUG3JES8d4Txr/6HHIPHEHKK +RGKZoFx48Chzvyze0Y5pAbZaOSAs2f4RXwknXf8qmJqoa2rkQCcNt6cthfp9egjU +u5//J+g61PUVoEBPwRETJtcbOZYStxmqc1xM9+rQlU0UpKpzY1iP/uBagzF/NKoC +4dls7YR7f+xrftk/ZZiHKBjVqg/VL+wahhntPMahEEr9rGBqev9qZsSZSWd8Pzcy +64BI5QtqHT1qRwIDAQABo4HeMIHbMB0GA1UdDgQWBBQpKzWW+d9GzWg22SDxlfdA ++8ZYMzAfBgNVHSMEGDAWgBT/a1XjSAc6faU37kyTQ4EhDs1f0DA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAA +MA0GCSqGSIb3DQEBCwUAA4IBAQAaC9MvMjYSXr4AhQcDEdmvDlT+xgKg80DjTn1S +s4skdcme3gyjMG6NH+TqzJeWXrOteDSZBdFpmQn94zoMq9/Qe2Gdr9pxlo1tJtoW +vVT46RJ+5hv20tNppLofT1yMZtcvQnlRmG5VTNoq0n1IIrwzZdGHa9/5x3pV23Al +TxTvFQeqk0GZLPc3j+UPc0EFGNXwiuc+T4n6pU2GFhJjbBGV0KaB0mNoUQquiywX +JDI6RFf8qA/TX5XKJG7uA4VUlT1CSrDtfk7VLOfgc5Byqmu2Kppla87BHR5G0Kn1 +eoOJQTzkGYu3KpMj1/vFpT9OjXvs0k+5qU0r+bV7u6JmUaJW +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 21 (0x15) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:be:a1:75:40:5a:14:73:94:76:9e:7d:38:ff:ed: + a8:db:dc:94:ad:5e:90:c1:fa:4f:c6:8f:5c:0d:17: + fd:08:d4:34:2d:4a:1d:b7:a3:bc:88:ae:f0:fc:7a: + bb:ea:fe:c8:e6:4f:5b:64:bc:0c:f8:64:01:cc:ae: + 82:68:69:d5:b0:fb:a5:31:01:ba:5d:f9:6d:85:c2: + b1:c9:da:1c:84:01:24:dc:bb:de:52:54:f2:a2:a4: + 0e:25:d8:c1:07:7f:e9:80:1a:1f:f8:7e:6b:d0:1f: + c3:6d:1e:69:0e:eb:dc:07:ad:e4:92:d8:34:7d:11: + 19:27:ea:e1:ef:54:92:ae:2d:34:8e:80:06:84:2e: + 3e:b3:63:06:63:c2:db:88:7b:2a:f2:67:63:e3:d3: + 31:cb:4a:05:6f:c3:85:8c:00:4a:c1:1a:0b:cb:c4: + 90:fa:db:1d:97:b2:33:5a:86:b4:81:9b:48:f1:ca: + 59:88:cf:c7:05:fd:18:75:a9:c3:7f:20:7a:aa:25: + ec:a4:db:1f:ea:76:b2:f7:a5:2d:57:90:ab:e7:de: + fe:d1:d7:71:8e:2b:46:64:7c:e3:8c:ab:88:84:7d: + 64:3e:39:0f:8a:ab:99:7d:5a:63:08:1d:28:49:45: + 6e:99:4f:f6:b9:86:bb:d1:46:6c:97:ec:36:29:5a: + bc:15 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FF:6B:55:E3:48:07:3A:7D:A5:37:EE:4C:93:43:81:21:0E:CD:5F:D0 + X509v3 Authority Key Identifier: + keyid:FF:6B:55:E3:48:07:3A:7D:A5:37:EE:4C:93:43:81:21:0E:CD:5F:D0 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 34:45:fc:7c:c8:38:e2:42:87:f6:de:f2:07:ad:9a:94:ce:af: + e7:09:2e:05:68:4f:25:01:1b:ae:0c:c9:55:21:42:55:02:42: + 02:83:af:cf:72:44:96:28:e9:43:e2:bc:53:38:67:f9:20:44: + 13:76:20:23:a5:3d:a1:8a:6d:bc:33:25:26:24:6f:ca:58:c6: + 26:ac:ad:cb:69:79:44:3d:01:fb:2f:6f:23:47:da:89:af:0b: + 22:1e:06:27:ea:08:b5:11:38:59:9d:87:19:b2:51:3c:22:ec: + c2:b1:e3:f4:6c:65:4a:ff:0d:a7:23:40:e7:d8:f3:3b:75:a1: + 36:bb:e0:aa:88:5d:14:cd:a5:6e:47:4b:09:e7:fb:12:d4:4e: + 31:e2:ff:58:ed:bd:06:2e:c2:27:8f:1e:bb:14:24:cf:23:9a: + 63:97:f7:c4:0b:98:98:2c:c4:58:a1:00:d1:32:74:7f:17:4f: + f5:bd:93:c2:4a:db:06:d3:91:16:4a:1b:72:c2:80:3a:e3:8b: + ca:8f:d7:49:1c:7b:76:6d:42:cb:97:af:fa:36:74:b1:5f:0a: + 0a:3a:c5:bd:6d:d7:2c:8a:d1:c8:cf:c2:b1:89:ed:0d:9a:6d: + a1:e8:d1:3b:1c:67:1b:26:10:3f:93:d2:1f:87:a4:69:1f:77: + 40:08:74:eb +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBFTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6hdUBaFHOUdp59OP/t +qNvclK1ekMH6T8aPXA0X/QjUNC1KHbejvIiu8Px6u+r+yOZPW2S8DPhkAcyugmhp +1bD7pTEBul35bYXCscnaHIQBJNy73lJU8qKkDiXYwQd/6YAaH/h+a9Afw20eaQ7r +3Aet5JLYNH0RGSfq4e9Ukq4tNI6ABoQuPrNjBmPC24h7KvJnY+PTMctKBW/DhYwA +SsEaC8vEkPrbHZeyM1qGtIGbSPHKWYjPxwX9GHWpw38geqol7KTbH+p2svelLVeQ +q+fe/tHXcY4rRmR844yriIR9ZD45D4qrmX1aYwgdKElFbplP9rmGu9FGbJfsNila +vBUCAwEAAaOByzCByDAdBgNVHQ4EFgQU/2tV40gHOn2lN+5Mk0OBIQ7NX9AwHwYD +VR0jBBgwFoAU/2tV40gHOn2lN+5Mk0OBIQ7NX9AwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA0Rfx8yDji +Qof23vIHrZqUzq/nCS4FaE8lARuuDMlVIUJVAkICg6/PckSWKOlD4rxTOGf5IEQT +diAjpT2him28MyUmJG/KWMYmrK3LaXlEPQH7L28jR9qJrwsiHgYn6gi1EThZnYcZ +slE8IuzCseP0bGVK/w2nI0Dn2PM7daE2u+CqiF0UzaVuR0sJ5/sS1E4x4v9Y7b0G +LsInjx67FCTPI5pjl/fEC5iYLMRYoQDRMnR/F0/1vZPCStsG05EWShtywoA644vK +j9dJHHt2bULLl6/6NnSxXwoKOsW9bdcsitHIz8Kxie0Nmm2h6NE7HGcbJhA/k9If +h6RpH3dACHTr +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/policies_ica_anypolicy_leaf_audioonly.pem b/test/data/cast/common/certificate/certificates/policies_ica_anypolicy_leaf_audioonly.pem new file mode 100644 index 00000000..6f48ce9f --- /dev/null +++ b/test/data/cast/common/certificate/certificates/policies_ica_anypolicy_leaf_audioonly.pem @@ -0,0 +1,281 @@ +[Created by: generate_policies_tests.py] + +Cast certificate chain with the following policies: + + Root: policies={} + Intermediate: policies={anyPolicy} + Leaf: policies={audioOnly} + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10 (0xa) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Leaf + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:aa:66:11:71:cd:d4:a2:2e:2a:41:e4:75:b8:33: + b5:d8:22:c5:0a:fd:e3:07:8b:fb:2a:41:10:f3:2d: + 50:96:99:8f:ef:b1:f0:44:cc:fb:b2:b8:79:03:7a: + 0e:2e:73:8d:78:19:bc:d1:de:35:0e:02:e9:bb:a3: + a1:5b:77:6c:5c:c3:76:5d:68:f9:16:70:52:8a:e4: + 7c:7d:f0:c8:5b:6d:1b:8e:5d:29:30:47:cd:30:7a: + 3f:4b:e4:95:aa:56:84:d6:25:4e:04:13:b5:6c:97: + 15:73:37:49:44:e6:00:1d:24:e3:b9:92:ba:5e:c5: + 58:83:7d:8b:82:e1:9d:10:45:4b:72:9a:9b:54:0e: + 1a:a5:a1:b5:5d:05:79:27:8d:25:f7:f6:b3:b3:d5: + f6:cc:30:d3:da:64:6a:fd:fd:77:78:8c:ff:90:c8: + 10:40:57:e0:1d:e1:77:2d:f2:74:06:d4:e7:a1:2e: + b2:47:c9:f6:12:78:1b:d0:54:8f:4b:7e:64:80:18: + 33:c3:f5:ab:d1:d6:18:e4:b7:71:35:64:17:91:99: + 42:fb:23:34:57:4f:8b:df:ee:ba:6a:98:5f:3f:d1: + 40:51:f9:54:a1:16:09:35:4a:00:81:80:9c:54:51: + 5e:6b:d5:fb:9f:8b:2f:80:55:d7:21:14:d9:05:f3: + a4:37 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 42:53:CC:AE:2D:B6:E4:12:B4:D0:66:2E:0E:94:4E:0D:85:E1:78:BA + X509v3 Authority Key Identifier: + keyid:0C:C6:27:71:90:39:99:18:30:64:4C:47:3A:12:85:F8:6A:06:DD:51 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + 34:6a:30:41:b6:eb:36:6f:ac:bd:f2:84:ef:da:2c:79:33:e6: + a9:de:a5:78:e7:68:29:cd:52:11:37:fe:87:1a:c6:a3:1a:8f: + 4a:3b:ca:2b:5c:c5:6d:a7:f5:72:41:17:9f:41:a3:3c:fd:5a: + 9c:fe:10:af:93:96:1e:ca:79:b2:97:c3:3f:89:c8:91:96:fe: + 2a:fa:5f:67:bd:56:0f:b6:e2:53:0f:d7:6b:89:16:30:46:59: + 97:b0:b9:f3:09:8f:7d:94:73:70:b4:1c:27:de:72:39:14:bb: + e1:9b:72:07:53:e5:99:0b:df:12:9d:aa:d0:74:03:31:09:4e: + d2:c6:59:c9:29:2a:cd:72:6a:9a:80:ff:15:76:68:ce:37:df: + b5:e8:77:6c:51:1b:77:c3:0a:37:79:a9:ab:12:28:cd:98:01: + b8:bd:23:64:1f:25:e3:52:cf:c4:7b:ce:16:be:11:5e:9c:30: + 81:ec:17:2d:a0:ab:74:a2:ff:a4:06:cf:1d:d9:ab:c0:d5:d9: + eb:6b:a7:01:1e:c6:0b:0d:05:0f:3d:de:b1:06:e5:7f:fc:66: + 17:26:ab:b7:fe:e7:5a:c4:ae:3a:17:09:e7:4d:45:d2:57:2a: + fd:f4:c9:6e:84:5a:d4:b4:df:7f:92:fe:67:76:60:81:96:36: + c8:8a:5a:47 +-----BEGIN CERTIFICATE----- +MIIDmjCCAoKgAwIBAgIBCjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD +VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmYRcc3U +oi4qQeR1uDO12CLFCv3jB4v7KkEQ8y1QlpmP77HwRMz7srh5A3oOLnONeBm80d41 +DgLpu6OhW3dsXMN2XWj5FnBSiuR8ffDIW20bjl0pMEfNMHo/S+SVqlaE1iVOBBO1 +bJcVczdJROYAHSTjuZK6XsVYg32LguGdEEVLcpqbVA4apaG1XQV5J40l9/azs9X2 +zDDT2mRq/f13eIz/kMgQQFfgHeF3LfJ0BtTnoS6yR8n2Engb0FSPS35kgBgzw/Wr +0dYY5LdxNWQXkZlC+yM0V0+L3+66aphfP9FAUflUoRYJNUoAgYCcVFFea9X7n4sv +gFXXIRTZBfOkNwIDAQABo4H4MIH1MB0GA1UdDgQWBBRCU8yuLbbkErTQZi4OlE4N +heF4ujAfBgNVHSMEGDAWgBQMxidxkDmZGDBkTEc6EoX4agbdUTA/BggrBgEFBQcB +AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh +dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl +cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +AjAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQIwDQYJKoZIhvcNAQELBQADggEBADRq +MEG26zZvrL3yhO/aLHkz5qnepXjnaCnNUhE3/ocaxqMaj0o7yitcxW2n9XJBF59B +ozz9Wpz+EK+Tlh7KebKXwz+JyJGW/ir6X2e9Vg+24lMP12uJFjBGWZewufMJj32U +c3C0HCfecjkUu+GbcgdT5ZkL3xKdqtB0AzEJTtLGWckpKs1yapqA/xV2aM4337Xo +d2xRG3fDCjd5qasSKM2YAbi9I2QfJeNSz8R7zha+EV6cMIHsFy2gq3Si/6QGzx3Z +q8DV2etrpwEexgsNBQ893rEG5X/8Zhcmq7f+51rErjoXCedNRdJXKv30yW6EWtS0 +33+S/md2YIGWNsiKWkc= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 20 (0x14) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b3:7f:10:e7:62:fd:d6:aa:1f:7c:3a:51:70:cd: + 3c:9e:99:f9:32:1e:7d:7e:8a:98:86:26:72:15:7a: + cf:28:f2:f6:84:ad:37:51:67:b9:b5:92:f3:5e:2f: + 92:40:a1:3d:8e:08:8a:f7:76:28:17:21:86:4c:14: + 0a:0d:47:98:49:82:e1:e3:2f:53:76:a2:4c:2a:c1: + e8:36:0f:33:26:c6:19:b8:13:9a:a5:3b:d3:4e:91: + b5:15:d3:44:96:36:68:4c:40:6b:7c:ab:c9:e7:9b: + fd:7b:3f:47:18:6e:29:39:4a:2d:ab:e2:9d:68:15: + 0e:3f:a4:09:e4:0a:6f:c0:29:5e:10:71:0f:0f:33: + 46:00:95:ce:69:9b:0c:a2:d6:59:89:9f:ea:e5:99: + 58:23:2c:9a:de:02:75:bc:ea:e6:e1:30:98:19:d8: + e1:96:58:0d:ac:88:09:40:37:0d:e4:0d:47:a0:40: + 69:66:da:26:f6:3c:0a:3a:ff:76:7c:88:27:4f:f3: + 1e:04:ba:5f:dc:08:15:a8:8b:1d:2a:8d:0d:31:be: + 1f:55:19:3e:5e:76:4c:8f:b8:6f:79:7e:6d:c6:da: + 7d:ac:10:b3:e9:d3:40:e1:0d:35:ed:c5:a9:e4:4e: + 41:15:e1:ee:e1:cf:05:f2:64:61:15:d5:ad:1f:14: + 0f:c3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 0C:C6:27:71:90:39:99:18:30:64:4C:47:3A:12:85:F8:6A:06:DD:51 + X509v3 Authority Key Identifier: + keyid:88:AD:0A:25:DB:A4:38:B4:C2:61:7D:D3:DD:5E:ED:57:50:B5:11:1E + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + + Signature Algorithm: sha256WithRSAEncryption + 9f:22:58:d3:d7:92:4a:a6:63:c2:cc:e8:d7:c3:45:d6:3a:10: + a1:50:38:e8:f7:c3:b7:f9:46:95:68:4e:e7:6b:52:24:3f:27: + db:3a:34:a6:10:91:92:86:75:a2:09:16:6e:0f:2f:01:1b:a4: + 01:23:0c:16:35:f2:a5:30:72:af:e3:0e:20:d6:ff:32:76:fc: + 86:d7:08:11:6a:21:77:e3:19:d6:30:d1:f7:70:29:94:09:ca: + a7:ed:ce:b2:7c:0a:d9:43:89:a2:3d:bc:6b:02:35:51:bf:0a: + 1e:7b:8d:8b:82:80:7f:43:70:8b:e3:58:bd:d9:01:6b:0a:12: + ac:a1:cc:92:e7:3b:55:95:dc:03:b2:63:b0:29:a3:86:7d:5f: + db:a5:98:89:c1:59:9a:40:40:bf:79:22:cd:3b:8b:38:a6:98: + 06:1f:1f:66:79:f9:b9:a4:51:bc:48:54:f9:d9:1e:cf:ec:1f: + 30:d9:6c:41:d5:15:fb:07:b4:a3:ca:56:52:dd:ff:75:07:02: + 8c:28:9c:2b:31:2a:04:59:18:1c:7d:2f:98:a0:2d:23:bc:36: + 55:88:00:04:cd:07:01:a8:71:ff:a1:52:ce:f4:25:a0:02:b8: + d6:f5:3a:37:a1:20:24:84:da:f4:94:60:96:ea:75:93:d4:91: + fe:e7:a7:d5 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIBFDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs38Q52L9 +1qoffDpRcM08npn5Mh59foqYhiZyFXrPKPL2hK03UWe5tZLzXi+SQKE9jgiK93Yo +FyGGTBQKDUeYSYLh4y9TdqJMKsHoNg8zJsYZuBOapTvTTpG1FdNEljZoTEBrfKvJ +55v9ez9HGG4pOUotq+KdaBUOP6QJ5ApvwCleEHEPDzNGAJXOaZsMotZZiZ/q5ZlY +Iyya3gJ1vOrm4TCYGdjhllgNrIgJQDcN5A1HoEBpZtom9jwKOv92fIgnT/MeBLpf +3AgVqIsdKo0NMb4fVRk+XnZMj7hveX5txtp9rBCz6dNA4Q017cWp5E5BFeHu4c8F +8mRhFdWtHxQPwwIDAQABo4HeMIHbMB0GA1UdDgQWBBQMxidxkDmZGDBkTEc6EoX4 +agbdUTAfBgNVHSMEGDAWgBSIrQol26Q4tMJhfdPdXu1XULURHjA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAA +MA0GCSqGSIb3DQEBCwUAA4IBAQCfIljT15JKpmPCzOjXw0XWOhChUDjo98O3+UaV +aE7na1IkPyfbOjSmEJGShnWiCRZuDy8BG6QBIwwWNfKlMHKv4w4g1v8ydvyG1wgR +aiF34xnWMNH3cCmUCcqn7c6yfArZQ4miPbxrAjVRvwoee42LgoB/Q3CL41i92QFr +ChKsocyS5ztVldwDsmOwKaOGfV/bpZiJwVmaQEC/eSLNO4s4ppgGHx9mefm5pFG8 +SFT52R7P7B8w2WxB1RX7B7SjylZS3f91BwKMKJwrMSoEWRgcfS+YoC0jvDZViAAE +zQcBqHH/oVLO9CWgArjW9To3oSAkhNr0lGCW6nWT1JH+56fV +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 19 (0x13) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a4:63:1e:fa:9f:47:22:9a:2c:8f:27:ae:15:a2: + 15:21:73:02:44:7f:9b:62:7b:d6:47:1c:21:1c:66: + 01:95:c5:28:6a:b7:bf:3d:3a:03:7e:82:b1:ca:08: + 28:ef:c7:03:e6:2b:37:70:d0:54:11:09:0d:a3:3c: + c5:08:ec:f3:5b:1d:2f:ce:62:6b:17:fb:da:e9:39: + 4a:4b:a8:14:fa:ea:c3:f8:29:e4:35:e8:85:0a:31: + fb:ce:7c:ae:20:37:d2:c2:9e:e8:fa:0f:ad:59:d5: + 0c:f0:7f:f1:9c:56:23:f4:62:0d:54:16:7a:bf:83: + d1:07:c0:60:8e:7c:9a:72:44:75:87:cc:a2:31:bc: + 3e:81:80:e6:ae:8b:ae:2a:c7:d4:31:29:03:d8:71: + 12:f2:3b:cc:62:22:ff:03:42:2a:ca:4a:50:11:9e: + 64:cb:ce:26:87:fc:80:39:5c:53:97:93:c8:e2:9b: + ce:99:e6:c6:db:09:f7:be:84:b3:37:b1:ce:45:89: + 32:1b:5d:b1:70:10:b4:45:73:92:94:3b:46:9e:3f: + ab:80:30:6d:a3:f4:26:9d:be:9c:cd:da:fd:b9:80: + 87:95:97:e7:bd:de:07:2c:2e:6c:c4:c5:3f:0f:b2: + 58:7a:22:cf:72:96:e2:13:95:e9:06:50:b6:be:fa: + c4:e7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 88:AD:0A:25:DB:A4:38:B4:C2:61:7D:D3:DD:5E:ED:57:50:B5:11:1E + X509v3 Authority Key Identifier: + keyid:88:AD:0A:25:DB:A4:38:B4:C2:61:7D:D3:DD:5E:ED:57:50:B5:11:1E + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 34:c3:8e:fb:f4:47:10:2f:d1:74:7f:71:97:24:80:94:aa:27: + a7:e1:be:1b:d3:f9:65:0e:97:49:c8:df:1f:e7:07:3c:56:ad: + 00:2a:52:b0:85:72:f2:9c:3b:3e:39:3d:80:76:b9:8e:44:da: + 66:4d:4a:7a:9d:be:a6:a6:d7:ff:42:f3:66:1b:14:2d:6d:37: + 68:5f:55:3e:85:fe:a6:e6:7f:0d:21:eb:6f:86:49:b8:0e:e2: + 3d:26:7c:39:34:ab:66:db:62:ab:42:55:b8:ba:60:b4:ae:bc: + 05:5b:1a:4f:82:de:ec:ae:a0:ca:1d:01:6e:b5:d5:9e:ef:6a: + 17:0e:d2:c6:50:2e:27:09:6e:c4:cf:45:50:94:92:0a:ea:7b: + d2:1b:db:ab:30:8f:1e:5c:14:8b:1f:f5:90:0f:38:00:82:df: + 28:99:5a:20:86:30:e6:6f:1b:16:92:ec:02:0b:41:be:b4:01: + fe:1c:ee:3a:14:0b:9c:70:33:87:05:e7:61:f2:ff:9b:d5:45: + 8c:9e:04:85:43:a0:8a:42:ae:e4:5d:17:74:bf:9e:02:f3:c4: + fb:48:ae:67:b3:25:5c:38:f7:e8:62:ed:1f:90:4c:ec:c8:9d: + 81:59:9a:50:22:bf:3f:4b:03:27:6d:2b:3c:80:92:fc:a5:7f: + 1a:05:1e:07 +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBEzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKRjHvqfRyKaLI8nrhWi +FSFzAkR/m2J71kccIRxmAZXFKGq3vz06A36CscoIKO/HA+YrN3DQVBEJDaM8xQjs +81sdL85iaxf72uk5SkuoFPrqw/gp5DXohQox+858riA30sKe6PoPrVnVDPB/8ZxW +I/RiDVQWer+D0QfAYI58mnJEdYfMojG8PoGA5q6LrirH1DEpA9hxEvI7zGIi/wNC +KspKUBGeZMvOJof8gDlcU5eTyOKbzpnmxtsJ976EszexzkWJMhtdsXAQtEVzkpQ7 +Rp4/q4AwbaP0Jp2+nM3a/bmAh5WX573eBywubMTFPw+yWHoiz3KW4hOV6QZQtr76 +xOcCAwEAAaOByzCByDAdBgNVHQ4EFgQUiK0KJdukOLTCYX3T3V7tV1C1ER4wHwYD +VR0jBBgwFoAUiK0KJdukOLTCYX3T3V7tV1C1ER4wNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA0w4779EcQ +L9F0f3GXJICUqien4b4b0/llDpdJyN8f5wc8Vq0AKlKwhXLynDs+OT2AdrmORNpm +TUp6nb6mptf/QvNmGxQtbTdoX1U+hf6m5n8NIetvhkm4DuI9Jnw5NKtm22KrQlW4 +umC0rrwFWxpPgt7srqDKHQFutdWe72oXDtLGUC4nCW7Ez0VQlJIK6nvSG9urMI8e +XBSLH/WQDzgAgt8omVoghjDmbxsWkuwCC0G+tAH+HO46FAuccDOHBedh8v+b1UWM +ngSFQ6CKQq7kXRd0v54C88T7SK5nsyVcOPfoYu0fkEzsyJ2BWZpQIr8/SwMnbSs8 +gJL8pX8aBR4H +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/policies_ica_anypolicy_leaf_foo.pem b/test/data/cast/common/certificate/certificates/policies_ica_anypolicy_leaf_foo.pem new file mode 100644 index 00000000..9666ed59 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/policies_ica_anypolicy_leaf_foo.pem @@ -0,0 +1,281 @@ +[Created by: generate_policies_tests.py] + +Cast certificate chain with the following policies: + + Root: policies={} + Intermediate: policies={anyPolicy} + Leaf: policies={foo} + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12 (0xc) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Leaf + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e9:db:75:48:f4:dd:0f:37:9a:8e:72:10:80:aa: + 7c:80:08:d2:ab:a2:1d:28:df:78:9c:52:72:c1:b9: + 7d:e0:03:a5:53:e9:70:96:0a:be:b9:9e:c0:f7:3e: + 23:33:15:42:66:5d:64:13:c0:7a:23:6d:7f:71:13: + c3:bd:da:d1:39:11:38:1e:91:bc:b3:f8:cb:90:9d: + fd:a6:b2:90:cb:fa:1b:70:11:a5:b4:03:25:78:dc: + d2:f6:1e:64:74:9b:2c:f4:3d:13:b2:ef:7e:8f:c4: + ad:98:8b:0b:df:1c:08:f5:34:9f:78:ca:35:52:b5: + 1c:b4:fc:f8:60:d7:ef:b4:74:1c:93:f1:80:87:3a: + 84:ac:43:2e:ce:a2:00:07:83:7e:6d:03:b5:2e:53: + c3:9c:ee:88:12:af:50:5c:42:e3:46:12:f1:20:10: + a3:fc:90:07:d7:29:04:9b:f6:50:9b:ff:3e:27:0b: + 29:e4:e4:d6:f9:00:46:82:c6:2a:63:11:9a:b9:6c: + fd:e1:fc:34:48:60:9b:8d:7e:3a:4c:ce:ee:28:2d: + 25:63:8d:07:43:69:3c:fa:d7:3c:bd:5d:40:b7:d7: + da:f2:74:ef:d3:00:bf:ac:3b:75:a0:0e:ae:52:63: + 3c:45:fa:e2:10:82:2b:c9:0f:02:18:c6:c6:09:02: + e6:f7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 94:8A:74:F5:0F:9F:53:34:47:02:B5:04:8D:45:57:79:9B:98:7B:27 + X509v3 Authority Key Identifier: + keyid:9C:53:7F:7A:7F:4E:F2:C0:A5:1A:96:FB:9E:8D:08:DC:DD:73:92:61 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: 1.2.840.113554.4.1.72585.2 + + Signature Algorithm: sha256WithRSAEncryption + 04:86:bc:a3:cc:94:a3:b5:97:a6:ca:b4:21:d6:f9:37:f7:b1: + ed:d0:4a:43:ff:93:ec:42:62:05:1d:11:df:18:94:c2:fc:63: + ad:0b:db:f4:cc:8a:7c:e9:69:29:b3:df:7c:a5:79:31:01:6a: + fc:18:6f:fd:5b:f9:11:68:53:0b:78:53:1a:08:6f:5a:33:72: + 30:25:76:21:45:fb:a2:79:d5:d9:f7:60:1b:3b:cd:21:3d:66: + 72:73:4a:fa:cd:86:13:54:ca:44:87:97:55:ec:dc:dc:76:24: + 9e:43:17:ad:f9:2c:29:bc:4a:b3:01:95:bb:83:a6:d0:fa:c6: + 7d:d8:1d:7d:66:95:b7:fd:80:60:dd:8d:02:8c:80:cb:57:4f: + c1:7a:8f:2c:34:1e:5c:08:4f:76:a6:42:c2:66:39:24:5b:46: + 12:f0:6e:30:51:be:27:03:be:69:f5:b3:b7:6f:25:7e:0b:c8: + 52:48:90:12:59:54:5a:07:32:2b:3b:a7:13:31:92:5f:c2:5c: + 61:90:d9:70:04:e6:6f:7f:fa:ec:36:a5:6a:38:49:8d:a2:51: + e0:68:b3:c9:f6:c7:3a:99:7f:89:a5:17:d5:1b:fd:39:13:51: + 2d:26:8f:33:a8:61:86:d8:fe:b4:d4:d7:69:26:bb:4c:b1:a8: + cb:4b:a3:6f +-----BEGIN CERTIFICATE----- +MIIDnDCCAoSgAwIBAgIBDDANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD +VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6dt1SPTd +DzeajnIQgKp8gAjSq6IdKN94nFJywbl94AOlU+lwlgq+uZ7A9z4jMxVCZl1kE8B6 +I21/cRPDvdrRORE4HpG8s/jLkJ39prKQy/obcBGltAMleNzS9h5kdJss9D0Tsu9+ +j8StmIsL3xwI9TSfeMo1UrUctPz4YNfvtHQck/GAhzqErEMuzqIAB4N+bQO1LlPD +nO6IEq9QXELjRhLxIBCj/JAH1ykEm/ZQm/8+Jwsp5OTW+QBGgsYqYxGauWz94fw0 +SGCbjX46TM7uKC0lY40HQ2k8+tc8vV1At9fa8nTv0wC/rDt1oA6uUmM8RfriEIIr +yQ8CGMbGCQLm9wIDAQABo4H6MIH3MB0GA1UdDgQWBBSUinT1D59TNEcCtQSNRVd5 +m5h7JzAfBgNVHSMEGDAWgBScU396f07ywKUalvuejQjc3XOSYTA/BggrBgEFBQcB +AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh +dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl +cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +AjAZBgNVHSAEEjAQMA4GDCqGSIb3EgQBhLcJAjANBgkqhkiG9w0BAQsFAAOCAQEA +BIa8o8yUo7WXpsq0Idb5N/ex7dBKQ/+T7EJiBR0R3xiUwvxjrQvb9MyKfOlpKbPf +fKV5MQFq/Bhv/Vv5EWhTC3hTGghvWjNyMCV2IUX7onnV2fdgGzvNIT1mcnNK+s2G +E1TKRIeXVezc3HYknkMXrfksKbxKswGVu4Om0PrGfdgdfWaVt/2AYN2NAoyAy1dP +wXqPLDQeXAhPdqZCwmY5JFtGEvBuMFG+JwO+afWzt28lfgvIUkiQEllUWgcyKzun +EzGSX8JcYZDZcATmb3/67DalajhJjaJR4GizyfbHOpl/iaUX1Rv9ORNRLSaPM6hh +htj+tNTXaSa7TLGoy0ujbw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 24 (0x18) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:06:6e:cf:e3:c9:e6:4a:99:bf:9d:a9:cc:42: + b0:e3:95:f4:5c:16:5d:6c:c3:3b:7b:65:f9:68:27: + 07:75:e9:60:fc:c5:1e:37:71:05:e6:f4:c4:8e:76: + cf:dd:b3:7a:dd:14:d4:4c:96:1a:5f:b4:c5:04:9a: + 32:e6:f7:16:4c:38:4a:99:e5:3a:24:85:c3:06:bc: + c1:9e:4c:ac:6b:14:9d:49:8c:ec:cd:9a:43:60:09: + d8:d0:81:8f:a3:b9:9f:e8:13:fb:69:95:27:7b:fe: + 6a:d8:9e:42:4b:96:47:ee:1c:69:c6:5a:d7:28:a4: + c2:91:46:bf:7a:c6:69:12:96:c8:68:fa:46:cf:fb: + 92:ca:12:a7:7a:58:39:6f:d1:26:07:2a:59:c5:fb: + 86:94:33:45:65:04:55:c4:a5:0c:da:e5:56:30:0d: + 46:32:ce:fe:9b:00:2d:3f:24:64:81:c2:f2:3f:f5: + af:71:1d:0e:69:ae:5e:43:28:e5:98:65:b7:16:ee: + 42:13:26:9d:a5:db:21:aa:85:1b:38:12:eb:f0:0a: + 93:ef:eb:5c:56:0d:cf:4a:13:4b:03:64:03:59:d9: + 59:05:f8:e0:79:49:68:44:98:ad:41:a7:9a:d3:9a: + 0b:74:73:79:b7:84:14:f6:b6:40:0f:68:1e:be:94: + 50:59 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 9C:53:7F:7A:7F:4E:F2:C0:A5:1A:96:FB:9E:8D:08:DC:DD:73:92:61 + X509v3 Authority Key Identifier: + keyid:02:F4:E3:B3:B5:C8:56:E5:72:02:9D:7A:97:A4:73:0A:88:EF:9C:40 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + + Signature Algorithm: sha256WithRSAEncryption + 4f:f7:81:68:2c:99:55:0d:b9:0c:cb:18:bf:cd:c9:a3:1d:05: + 3e:53:e2:87:0e:94:20:6c:c9:77:4e:25:a0:f3:de:a2:52:3c: + 2a:4d:31:dc:d5:fc:19:bf:d9:d8:18:88:bf:9a:ff:9f:71:18: + 25:da:91:49:52:fc:d0:14:e0:97:cc:78:dd:4c:3f:4e:35:c8: + 57:12:40:a0:ac:1f:81:93:50:db:1b:17:be:e8:76:51:e8:e9: + 2d:2b:28:eb:cb:23:a7:58:b0:b4:53:f2:21:ef:6e:5d:a6:d3: + 36:92:da:90:cf:c4:fd:0b:4d:26:88:05:2a:6d:22:48:d2:4e: + 5f:3a:e0:ee:1a:70:a8:ab:58:ec:24:b4:61:84:f9:f0:8d:f4: + 93:38:49:f0:d2:14:ba:7d:ca:9e:04:a4:02:7e:e0:1e:9e:40: + c5:04:4a:69:fc:9e:fd:9b:2c:e1:c5:1f:ad:95:45:92:bd:38: + 74:07:2a:1f:cf:91:b3:f1:5a:88:d1:ca:97:1e:8f:6d:62:86: + b6:71:93:6f:d4:84:5c:fe:bb:56:d1:5c:01:0b:f0:1f:d5:27: + a3:8b:cd:8d:aa:ae:d7:ed:fc:c0:c9:30:89:7a:d2:34:d5:98: + ef:a7:44:4c:f9:8d:bd:6b:6c:6b:7c:a5:36:d0:f6:07:47:9f: + c3:d2:07:f5 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIBGDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAZuz+PJ +5kqZv52pzEKw45X0XBZdbMM7e2X5aCcHdelg/MUeN3EF5vTEjnbP3bN63RTUTJYa +X7TFBJoy5vcWTDhKmeU6JIXDBrzBnkysaxSdSYzszZpDYAnY0IGPo7mf6BP7aZUn +e/5q2J5CS5ZH7hxpxlrXKKTCkUa/esZpEpbIaPpGz/uSyhKnelg5b9EmBypZxfuG +lDNFZQRVxKUM2uVWMA1GMs7+mwAtPyRkgcLyP/WvcR0Oaa5eQyjlmGW3Fu5CEyad +pdshqoUbOBLr8AqT7+tcVg3PShNLA2QDWdlZBfjgeUloRJitQaea05oLdHN5t4QU +9rZAD2gevpRQWQIDAQABo4HeMIHbMB0GA1UdDgQWBBScU396f07ywKUalvuejQjc +3XOSYTAfBgNVHSMEGDAWgBQC9OOztchW5XICnXqXpHMKiO+cQDA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAA +MA0GCSqGSIb3DQEBCwUAA4IBAQBP94FoLJlVDbkMyxi/zcmjHQU+U+KHDpQgbMl3 +TiWg896iUjwqTTHc1fwZv9nYGIi/mv+fcRgl2pFJUvzQFOCXzHjdTD9ONchXEkCg +rB+Bk1DbGxe+6HZR6OktKyjryyOnWLC0U/Ih725dptM2ktqQz8T9C00miAUqbSJI +0k5fOuDuGnCoq1jsJLRhhPnwjfSTOEnw0hS6fcqeBKQCfuAenkDFBEpp/J79myzh +xR+tlUWSvTh0Byofz5Gz8VqI0cqXHo9tYoa2cZNv1IRc/rtW0VwBC/Af1Seji82N +qq7X7fzAyTCJetI01Zjvp0RM+Y29a2xrfKU20PYHR5/D0gf1 +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 23 (0x17) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a5:3e:c8:1f:15:65:7f:e7:ab:7e:07:f3:8e:4d: + 07:09:61:1c:db:01:f6:0c:7b:b2:a9:c5:49:c4:ae: + f6:d9:bc:b5:7d:36:0e:c2:7d:de:38:cd:97:a5:ca: + 9a:9c:c9:e7:21:83:50:0f:89:98:e2:ce:2b:44:48: + ff:3a:05:1d:b2:9e:6a:3e:3b:40:d9:78:bf:97:52: + df:62:5d:59:2d:f0:bd:54:f7:21:fb:21:02:fd:38: + af:d7:2b:42:16:db:d6:a3:58:9c:a6:4f:85:75:58: + 6f:aa:c3:e3:8e:59:eb:c3:49:ba:99:c9:ba:03:74: + ca:e7:26:d8:1d:5c:2a:c1:f7:a8:3c:31:5b:20:b5: + 9e:ec:7d:a8:00:cd:f7:6e:5a:57:42:fd:49:66:39: + bb:55:95:38:64:51:3a:13:59:86:0e:f2:db:49:07: + eb:02:84:00:95:4d:23:b3:72:10:8d:f3:a1:6b:34: + 68:63:97:0f:69:18:80:4f:ae:d4:f4:a1:f3:21:62: + 74:04:7a:07:0b:e3:61:cf:ff:07:75:27:78:0a:4e: + e3:e5:a2:51:9c:2f:d1:04:3c:7a:1c:0e:b3:bb:e7: + db:10:67:c8:c1:af:ce:9a:57:35:77:22:3c:48:fe: + 31:9b:7d:95:5e:e1:3d:32:99:9d:97:85:a4:7b:fd: + 1f:5d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 02:F4:E3:B3:B5:C8:56:E5:72:02:9D:7A:97:A4:73:0A:88:EF:9C:40 + X509v3 Authority Key Identifier: + keyid:02:F4:E3:B3:B5:C8:56:E5:72:02:9D:7A:97:A4:73:0A:88:EF:9C:40 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9a:7a:13:1c:1e:b6:30:f4:70:d0:47:ce:e6:31:fe:63:ae:08: + aa:8e:91:14:1f:1a:08:1b:c3:0e:e5:06:72:cd:28:df:16:73: + 98:9b:25:78:7c:61:05:6c:68:09:7e:33:9c:49:7e:7c:d2:53: + fa:f2:fe:fc:59:8a:2d:04:66:1e:0f:91:98:08:2a:ea:fd:23: + 22:5d:4b:1e:e3:e9:1a:4f:1d:3d:d0:49:13:af:d8:83:4e:8b: + 10:da:1b:b6:82:a3:4f:cb:ff:f4:28:2d:a6:88:63:07:db:72: + 13:fd:e7:c7:e9:77:1d:40:56:39:64:84:24:a8:20:dc:e1:f2: + e3:ad:ef:07:03:66:e8:3b:5d:30:82:ba:50:9c:b0:82:c1:14: + dd:23:9f:ea:56:02:77:63:56:e3:f4:5f:ef:05:cc:5e:cb:8f: + 3e:4d:c2:10:8d:e2:82:2f:52:91:d9:d0:d2:c1:6b:56:d2:f2: + 0c:b8:47:c8:52:69:ba:ce:fa:7d:f7:d5:dd:5d:cc:15:ef:9d: + 73:1b:6e:6d:ab:76:96:8a:06:94:68:6b:ea:36:44:54:66:66: + 05:40:1d:31:05:03:2a:78:10:cf:fa:90:dd:eb:9d:61:b5:3c: + e5:ec:8e:39:6b:1b:c5:1b:0c:cc:6a:3e:86:d8:ea:6e:d9:5a: + d1:8e:ea:a3 +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBFzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKU+yB8VZX/nq34H845N +BwlhHNsB9gx7sqnFScSu9tm8tX02DsJ93jjNl6XKmpzJ5yGDUA+JmOLOK0RI/zoF +HbKeaj47QNl4v5dS32JdWS3wvVT3IfshAv04r9crQhbb1qNYnKZPhXVYb6rD445Z +68NJupnJugN0yucm2B1cKsH3qDwxWyC1nux9qADN925aV0L9SWY5u1WVOGRROhNZ +hg7y20kH6wKEAJVNI7NyEI3zoWs0aGOXD2kYgE+u1PSh8yFidAR6BwvjYc//B3Un +eApO4+WiUZwv0QQ8ehwOs7vn2xBnyMGvzppXNXciPEj+MZt9lV7hPTKZnZeFpHv9 +H10CAwEAAaOByzCByDAdBgNVHQ4EFgQUAvTjs7XIVuVyAp16l6RzCojvnEAwHwYD +VR0jBBgwFoAUAvTjs7XIVuVyAp16l6RzCojvnEAwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCaehMcHrYw +9HDQR87mMf5jrgiqjpEUHxoIG8MO5QZyzSjfFnOYmyV4fGEFbGgJfjOcSX580lP6 +8v78WYotBGYeD5GYCCrq/SMiXUse4+kaTx090EkTr9iDTosQ2hu2gqNPy//0KC2m +iGMH23IT/efH6XcdQFY5ZIQkqCDc4fLjre8HA2boO10wgrpQnLCCwRTdI5/qVgJ3 +Y1bj9F/vBcxey48+TcIQjeKCL1KR2dDSwWtW0vIMuEfIUmm6zvp999XdXcwV751z +G25tq3aWigaUaGvqNkRUZmYFQB0xBQMqeBDP+pDd651htTzl7I45axvFGwzMaj6G +2Opu2VrRjuqj +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/policies_ica_anypolicy_leaf_none.pem b/test/data/cast/common/certificate/certificates/policies_ica_anypolicy_leaf_none.pem new file mode 100644 index 00000000..0b79d970 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/policies_ica_anypolicy_leaf_none.pem @@ -0,0 +1,277 @@ +[Created by: generate_policies_tests.py] + +Cast certificate chain with the following policies: + + Root: policies={} + Intermediate: policies={anyPolicy} + Leaf: policies={} + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9 (0x9) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Leaf + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:92:c3:4f:27:2a:f3:65:b4:aa:df:99:ec:02:e1: + 4e:00:79:b1:96:25:09:94:ac:44:02:4b:99:d5:ed: + 0a:a9:7d:6e:7d:b7:71:b9:cb:c7:0d:54:5c:62:28: + 18:e3:81:27:65:b5:df:6c:1c:4b:ab:5a:e2:e1:0c: + d1:2c:ef:cd:65:d3:74:4c:e0:23:64:94:6c:c1:eb: + c7:5c:91:01:90:c3:0e:c7:da:a7:56:79:0c:1d:f7: + ce:3d:02:fe:62:0c:c8:fd:fc:52:c8:f2:1a:23:54: + a9:71:11:ef:52:4a:ba:89:2e:1c:82:c9:7b:aa:8d: + 07:4a:38:54:23:45:a2:08:4a:98:6f:37:4e:1d:f8: + de:16:2a:88:d6:3a:37:bb:31:b0:6b:18:bd:0d:b5: + 8d:b9:7a:1b:be:2a:ce:95:f7:ff:2f:6d:28:fd:f8: + bc:40:95:d7:c6:5c:0f:da:3e:b1:f2:2c:ad:c1:56: + cd:69:9a:d3:79:d6:9a:46:68:f9:93:2e:e4:6f:87: + a8:2c:91:d9:47:60:42:cd:d6:ab:2f:b1:6a:98:c1: + 2f:2e:14:ff:d5:c4:ec:64:78:fa:09:1d:2e:1e:40: + 8d:64:19:50:ec:f4:7f:bf:50:cb:1b:de:01:9f:8f: + 6f:d3:32:97:84:32:bd:6f:a4:3d:e1:0b:b8:ee:1d: + 3f:8f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 6A:26:EF:38:8A:E3:00:ED:26:C5:C5:6B:3D:FD:98:60:10:2B:89:02 + X509v3 Authority Key Identifier: + keyid:79:CC:A4:3E:7B:31:9A:1B:9A:80:35:C3:8B:2A:C1:5A:8F:0A:BD:29 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 1c:7a:7e:77:39:3c:fc:94:ec:e5:5e:69:5d:70:ef:dc:85:3d: + a3:40:ea:8e:5d:86:c1:62:16:d3:55:03:b8:dd:c7:52:7f:c3: + 43:85:05:4e:3a:4a:49:2a:49:01:35:a3:f2:60:46:d6:70:24: + 37:b8:2b:e8:cf:39:18:a1:1e:cf:64:e1:ff:2b:ae:14:99:e4: + c4:58:e6:d1:fa:d6:fa:1d:b2:69:a0:9a:9f:ce:70:8d:e7:b5: + cb:a0:79:1e:12:33:e3:c5:84:37:80:da:3e:68:58:71:ce:1c: + d4:51:b9:b9:2a:5b:26:36:a7:ed:4d:3c:1b:95:17:5b:47:0b: + 9e:a1:65:70:73:5a:4a:27:45:8f:b1:52:26:d9:74:7e:bd:e6: + 49:a7:d7:d4:c8:03:6f:d3:87:49:5b:06:55:aa:a7:b4:a5:a5: + 4b:6e:1d:00:ae:1a:e6:b5:0b:6d:04:8b:34:1b:a0:4c:fd:e3: + e0:ad:e7:f1:e4:c4:89:ae:22:e0:fd:04:cf:0a:2b:9e:b1:ed: + 68:71:bb:4f:0e:67:55:ff:03:e1:1c:76:7c:c8:12:e1:62:c8: + df:c4:47:b8:2d:71:50:99:01:ca:4a:69:76:eb:2b:77:20:c0: + 83:a9:e9:4c:2c:02:81:92:66:70:28:d5:4a:26:9a:b8:08:b3: + d0:d5:a6:9b +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIBCTANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD +VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksNPJyrz +ZbSq35nsAuFOAHmxliUJlKxEAkuZ1e0KqX1ufbdxucvHDVRcYigY44EnZbXfbBxL +q1ri4QzRLO/NZdN0TOAjZJRswevHXJEBkMMOx9qnVnkMHffOPQL+YgzI/fxSyPIa +I1SpcRHvUkq6iS4cgsl7qo0HSjhUI0WiCEqYbzdOHfjeFiqI1jo3uzGwaxi9DbWN +uXobvirOlff/L20o/fi8QJXXxlwP2j6x8iytwVbNaZrTedaaRmj5ky7kb4eoLJHZ +R2BCzdarL7FqmMEvLhT/1cTsZHj6CR0uHkCNZBlQ7PR/v1DLG94Bn49v0zKXhDK9 +b6Q94Qu47h0/jwIDAQABo4HfMIHcMB0GA1UdDgQWBBRqJu84iuMA7SbFxWs9/Zhg +ECuJAjAfBgNVHSMEGDAWgBR5zKQ+ezGaG5qANcOLKsFajwq9KTA/BggrBgEFBQcB +AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh +dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl +cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAHHp+dzk8/JTs5V5pXXDv3IU9o0Dqjl2GwWIW +01UDuN3HUn/DQ4UFTjpKSSpJATWj8mBG1nAkN7gr6M85GKEez2Th/yuuFJnkxFjm +0frW+h2yaaCan85wjee1y6B5HhIz48WEN4DaPmhYcc4c1FG5uSpbJjan7U08G5UX +W0cLnqFlcHNaSidFj7FSJtl0fr3mSafX1MgDb9OHSVsGVaqntKWlS24dAK4a5rUL +bQSLNBugTP3j4K3n8eTEia4i4P0EzwornrHtaHG7Tw5nVf8D4Rx2fMgS4WLI38RH +uC1xUJkBykppdusrdyDAg6npTCwCgZJmcCjVSiaauAiz0NWmmw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18 (0x12) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:db:cc:7a:15:d2:86:e2:27:87:c8:bb:a5:50:65: + 03:38:43:3a:9d:aa:87:52:86:b5:45:04:1e:9f:81: + 22:f3:4e:62:e6:78:ff:e4:39:8a:3a:4a:55:3e:54: + 90:2a:e1:fe:62:ff:b7:d1:b1:06:37:eb:81:c7:4d: + 18:87:bb:24:6d:6c:26:63:15:7f:a1:d6:ab:3b:77: + 2b:7d:c8:74:9c:54:33:34:cd:cf:f6:7e:6d:1f:05: + ea:ba:bf:ae:5e:ca:f5:a9:47:3b:27:61:24:3c:ba: + 74:58:70:27:68:b6:0b:fd:30:c6:f4:b6:56:4b:78: + 9e:ea:21:86:88:63:db:ae:b8:1d:ea:b0:f3:d8:bf: + 3f:9e:8c:69:cd:9e:40:41:10:41:48:01:cc:e4:3b: + 3c:9b:74:ea:e5:d9:37:bf:ce:2c:59:81:b3:f4:bb: + b7:61:df:f9:ac:be:a3:63:22:bf:05:5a:46:d5:b8: + 68:fa:95:60:1e:25:b7:49:7b:4f:e0:d0:49:e9:f9: + 22:11:36:fe:4d:87:88:99:62:21:6e:ac:c7:d7:ee: + 64:07:bc:c9:87:78:67:8b:8a:40:3d:6a:c6:a7:e2: + a2:e8:2b:f5:33:5d:0e:e6:8c:b7:85:63:11:d4:fa: + fe:aa:5e:fc:a5:86:b4:b4:4d:dd:5f:f8:be:38:27: + 9f:75 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 79:CC:A4:3E:7B:31:9A:1B:9A:80:35:C3:8B:2A:C1:5A:8F:0A:BD:29 + X509v3 Authority Key Identifier: + keyid:4E:EC:98:88:CE:93:B8:9B:D0:A3:12:F9:03:90:96:AE:FF:AD:25:CE + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + + Signature Algorithm: sha256WithRSAEncryption + 1e:2c:c2:5f:5e:25:2e:7a:aa:4e:2e:05:a1:7e:dc:59:b6:43: + a7:bb:91:91:ce:78:89:0c:76:82:b7:39:79:b1:3e:f2:a2:8b: + cd:63:aa:d5:dd:c2:20:64:db:a7:d0:21:64:e6:fe:4c:b3:5c: + 70:7b:f8:31:1b:7c:c3:e6:c1:1e:42:d9:9c:a1:bb:24:e3:f8: + 94:26:3b:e3:81:11:ca:0a:f7:a6:e5:94:ad:1b:c6:4d:f6:b0: + 43:0f:13:1f:d6:c2:e3:bd:d8:aa:04:43:04:07:bf:b8:0d:86: + f7:d0:e5:1e:35:00:e6:94:e6:53:b5:4b:ee:10:dc:65:49:b3: + e9:1d:53:b6:9f:6a:83:39:9c:df:bd:40:f6:be:97:fa:81:82: + 6a:81:44:ad:15:50:2e:bb:22:e1:b6:0d:e2:2c:6b:66:14:59: + bc:0d:8b:02:39:d0:d2:88:7c:ef:c6:2b:42:19:08:3e:52:70: + 6a:68:7b:4e:66:18:66:3f:73:9a:5e:30:65:37:96:79:03:50: + a4:13:1a:2f:30:e1:37:b3:4d:14:9f:0f:a4:59:5c:f1:bb:eb: + 8b:c2:77:82:fa:00:15:66:bb:12:4c:17:7b:65:c7:6e:45:30: + b4:99:a8:8a:bc:73:cd:92:56:78:3d:1d:79:93:e6:95:12:7a: + 0f:c9:92:5d +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIBEjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA28x6FdKG +4ieHyLulUGUDOEM6naqHUoa1RQQen4Ei805i5nj/5DmKOkpVPlSQKuH+Yv+30bEG +N+uBx00Yh7skbWwmYxV/odarO3crfch0nFQzNM3P9n5tHwXqur+uXsr1qUc7J2Ek +PLp0WHAnaLYL/TDG9LZWS3ie6iGGiGPbrrgd6rDz2L8/noxpzZ5AQRBBSAHM5Ds8 +m3Tq5dk3v84sWYGz9Lu3Yd/5rL6jYyK/BVpG1bho+pVgHiW3SXtP4NBJ6fkiETb+ +TYeImWIhbqzH1+5kB7zJh3hni4pAPWrGp+Ki6Cv1M10O5oy3hWMR1Pr+ql78pYa0 +tE3dX/i+OCefdQIDAQABo4HeMIHbMB0GA1UdDgQWBBR5zKQ+ezGaG5qANcOLKsFa +jwq9KTAfBgNVHSMEGDAWgBRO7JiIzpO4m9CjEvkDkJau/60lzjA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAA +MA0GCSqGSIb3DQEBCwUAA4IBAQAeLMJfXiUueqpOLgWhftxZtkOnu5GRzniJDHaC +tzl5sT7yoovNY6rV3cIgZNun0CFk5v5Ms1xwe/gxG3zD5sEeQtmcobsk4/iUJjvj +gRHKCvem5ZStG8ZN9rBDDxMf1sLjvdiqBEMEB7+4DYb30OUeNQDmlOZTtUvuENxl +SbPpHVO2n2qDOZzfvUD2vpf6gYJqgUStFVAuuyLhtg3iLGtmFFm8DYsCOdDSiHzv +xitCGQg+UnBqaHtOZhhmP3OaXjBlN5Z5A1CkExovMOE3s00Unw+kWVzxu+uLwneC ++gAVZrsSTBd7ZcduRTC0maiKvHPNklZ4PR15k+aVEnoPyZJd +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 17 (0x11) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bd:a8:ec:69:2b:0e:2d:98:61:a7:c3:3b:d2:a6: + b5:d1:35:42:b6:f2:b1:3f:78:fa:3a:8a:8a:53:7f: + f4:f5:4e:03:c0:fa:06:df:ef:7c:83:a1:4e:78:80: + d0:22:53:20:7b:0c:ac:0e:00:67:52:a5:39:c9:6c: + b6:91:64:d0:75:61:62:aa:cd:b4:14:b8:06:14:d6: + 62:b2:71:ac:bb:f5:44:53:0f:ef:f4:ee:ba:a1:1d: + f9:40:97:50:ee:a3:a1:0e:a2:d2:45:85:66:26:55: + 70:f1:f5:9c:c2:1e:38:e6:80:3c:98:e2:be:4c:79: + c9:42:5a:5a:28:ef:18:48:73:a7:2d:b7:b5:ab:c9: + ea:7a:2a:ae:f8:34:f2:66:bf:67:82:49:b0:27:34: + 62:8b:73:49:c2:02:66:e5:a5:86:31:80:e9:ae:33: + 99:b2:9d:dc:37:aa:a0:02:35:80:de:ed:73:15:3f: + c7:77:ba:49:d9:8c:1b:b4:6e:5d:a4:2f:89:bf:e4: + c1:39:3b:bb:f6:54:59:b6:86:7e:78:da:02:5f:41: + 19:e9:ef:b3:28:9b:dc:b2:56:a1:8f:b4:be:d2:af: + 28:a9:dc:84:e8:e1:d9:86:b9:3c:87:38:3a:b2:68: + 36:29:1b:a2:57:f7:fe:2b:e5:7b:27:67:a7:bd:ed: + 88:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 4E:EC:98:88:CE:93:B8:9B:D0:A3:12:F9:03:90:96:AE:FF:AD:25:CE + X509v3 Authority Key Identifier: + keyid:4E:EC:98:88:CE:93:B8:9B:D0:A3:12:F9:03:90:96:AE:FF:AD:25:CE + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 1e:96:67:78:64:ad:6c:ec:da:97:18:00:95:1d:b8:3d:cb:31: + 69:5f:08:a0:f0:b6:13:13:ea:d0:1c:bb:17:74:ff:e4:0f:e9: + d8:d2:77:5c:31:c2:47:03:41:cd:8e:ed:83:ff:a9:03:b4:ff: + 41:da:f3:d6:18:c7:15:82:a8:4e:e4:1c:e0:df:b2:c3:b5:fb: + 61:e3:6c:98:f2:64:96:9d:11:c9:74:79:9b:a0:5b:7c:b9:fe: + 04:d2:9b:fc:c2:1e:d8:71:c7:44:6f:19:45:84:40:4a:5a:d9: + 61:bf:da:39:47:44:59:b1:df:b4:80:a9:7b:1c:32:98:ff:c0: + 40:75:bd:a8:4c:c9:aa:92:f7:5a:1e:de:f0:92:26:3c:b3:08: + 94:ba:d4:64:2b:32:1b:9a:6e:fb:8b:e6:8a:9b:5c:85:3f:88: + 21:6d:85:ba:fd:1b:19:d7:48:63:4b:1f:83:33:9f:97:e7:b2: + 2f:de:dd:e3:1d:19:d3:15:69:01:38:b3:ff:e5:35:d4:4e:16: + 44:59:2a:3c:4e:18:c9:b0:d5:9f:b6:fa:4a:04:ab:bb:70:7d: + e6:4e:27:55:9d:4c:b9:a0:53:f0:b1:b8:4b:0e:d7:72:0f:b4: + 64:53:24:76:c8:a7:58:c0:15:0e:7e:d7:20:6e:60:d5:01:6d: + 47:b2:66:29 +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBETANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2o7GkrDi2YYafDO9Km +tdE1QrbysT94+jqKilN/9PVOA8D6Bt/vfIOhTniA0CJTIHsMrA4AZ1KlOclstpFk +0HVhYqrNtBS4BhTWYrJxrLv1RFMP7/TuuqEd+UCXUO6joQ6i0kWFZiZVcPH1nMIe +OOaAPJjivkx5yUJaWijvGEhzpy23tavJ6noqrvg08ma/Z4JJsCc0YotzScICZuWl +hjGA6a4zmbKd3DeqoAI1gN7tcxU/x3e6SdmMG7RuXaQvib/kwTk7u/ZUWbaGfnja +Al9BGenvsyib3LJWoY+0vtKvKKnchOjh2Ya5PIc4OrJoNikbolf3/ivleydnp73t +iIECAwEAAaOByzCByDAdBgNVHQ4EFgQUTuyYiM6TuJvQoxL5A5CWrv+tJc4wHwYD +VR0jBBgwFoAUTuyYiM6TuJvQoxL5A5CWrv+tJc4wNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAelmd4ZK1s +7NqXGACVHbg9yzFpXwig8LYTE+rQHLsXdP/kD+nY0ndcMcJHA0HNju2D/6kDtP9B +2vPWGMcVgqhO5Bzg37LDtfth42yY8mSWnRHJdHmboFt8uf4E0pv8wh7YccdEbxlF +hEBKWtlhv9o5R0RZsd+0gKl7HDKY/8BAdb2oTMmqkvdaHt7wkiY8swiUutRkKzIb +mm77i+aKm1yFP4ghbYW6/RsZ10hjSx+DM5+X57Iv3t3jHRnTFWkBOLP/5TXUThZE +WSo8ThjJsNWftvpKBKu7cH3mTidVnUy5oFPwsbhLDtdyD7RkUyR2yKdYwBUOftcg +bmDVAW1HsmYp +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/policies_ica_audioonly_leaf_anypolicy.pem b/test/data/cast/common/certificate/certificates/policies_ica_audioonly_leaf_anypolicy.pem new file mode 100644 index 00000000..ebc29575 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/policies_ica_audioonly_leaf_anypolicy.pem @@ -0,0 +1,281 @@ +[Created by: generate_policies_tests.py] + +Cast certificate chain with the following policies: + + Root: policies={} + Intermediate: policies={audioOnly} + Leaf: policies={anyPolicy} + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Leaf + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:f6:c9:53:09:29:9f:0f:b2:8a:f9:79:7c:26:b6: + 14:bb:53:9b:96:13:72:bb:e8:04:7a:c2:b4:d3:3d: + 44:d4:ee:d5:f0:cc:0e:1b:6d:39:26:02:79:57:41: + 26:06:19:0a:72:be:db:db:a0:3a:d1:ab:34:00:9d: + 17:06:21:be:e0:26:b6:23:b4:09:d2:8c:c1:4c:57: + d6:67:6a:5f:dd:43:b1:ce:ec:b9:01:fd:c7:a3:90: + 0e:8e:6a:d1:ce:83:a0:05:d6:67:c7:be:bf:6e:1c: + bb:ba:40:52:65:5a:4e:84:d1:a9:d1:5a:9c:70:65: + 44:05:38:05:73:8e:0f:a4:9f:b3:03:a5:ff:a3:a0: + d8:f1:77:01:d5:ca:9e:77:27:37:7a:9c:ba:75:13: + 45:ee:93:57:d3:8d:b8:cc:ea:9f:ff:bf:ca:1f:63: + 22:50:13:02:2b:81:a5:d6:4a:21:97:f1:8a:0d:d5: + 59:30:0a:f9:b7:f0:6b:c4:16:13:da:af:36:b2:ef: + 52:06:eb:b2:11:64:69:ba:64:0f:6d:a6:fe:5a:92: + c9:c7:97:03:0f:4e:7b:f1:f3:af:6b:52:ac:94:3e: + b8:70:7c:eb:5d:b3:04:41:24:3a:b7:ba:cc:4c:44: + 90:51:08:07:b9:67:04:44:71:6c:df:ee:fb:55:ed: + 32:9d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B1:D8:81:D5:6B:69:FA:FC:E9:97:E3:E2:9E:74:21:7A:7C:0C:E2:1E + X509v3 Authority Key Identifier: + keyid:69:AD:46:2C:89:44:30:3B:CF:B4:E5:C1:46:D9:B6:D0:E9:4B:D9:F0 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + + Signature Algorithm: sha256WithRSAEncryption + 5a:0a:be:50:a0:12:fb:d4:4c:65:d1:c5:d8:14:f7:25:e8:6d: + 93:14:cc:de:79:9f:b2:74:f3:5f:4a:87:33:11:db:5a:df:83: + aa:13:05:ad:0b:92:0f:ba:78:93:ce:0f:2e:cb:d5:cc:cc:b7: + f3:48:2d:89:81:ce:62:46:31:65:83:d0:42:df:93:0c:fc:6a: + d1:74:6f:f2:8e:28:94:cc:af:0d:0c:ed:29:35:97:f4:dd:87: + 88:e6:37:ba:b8:b4:fe:16:20:5d:a4:9f:2c:13:6e:35:41:74: + 8d:bd:83:ae:52:25:17:a0:07:26:e9:98:ec:c0:b7:46:18:9e: + a9:62:04:14:53:91:b9:7b:5a:27:92:b9:e8:46:e7:28:8f:51: + 72:4d:36:51:54:12:e3:eb:4b:bb:28:1d:18:d8:88:2b:04:f9: + de:4a:45:b2:30:69:73:79:05:90:8c:b1:b4:48:c5:d3:e9:f2: + 01:82:34:ca:e9:10:bc:ca:bc:aa:b9:08:16:a1:d3:6d:8a:b5: + 67:bd:e1:3c:1b:fb:26:a0:f7:f4:ae:ac:1a:e1:7c:b0:b7:90: + 6f:4c:f3:e0:00:83:2f:7b:ba:b5:36:3b:ab:71:b7:b5:79:db: + 50:f7:48:89:94:86:af:fe:3e:32:7a:91:d4:fb:4b:10:b0:9f: + cc:6f:a4:9c +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD +VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9slTCSmf +D7KK+Xl8JrYUu1OblhNyu+gEesK00z1E1O7V8MwOG205JgJ5V0EmBhkKcr7b26A6 +0as0AJ0XBiG+4Ca2I7QJ0ozBTFfWZ2pf3UOxzuy5Af3Ho5AOjmrRzoOgBdZnx76/ +bhy7ukBSZVpOhNGp0VqccGVEBTgFc44PpJ+zA6X/o6DY8XcB1cqedyc3epy6dRNF +7pNX0424zOqf/7/KH2MiUBMCK4Gl1kohl/GKDdVZMAr5t/BrxBYT2q82su9SBuuy +EWRpumQPbab+WpLJx5cDD0578fOva1KslD64cHzrXbMEQSQ6t7rMTESQUQgHuWcE +RHFs3+77Ve0ynQIDAQABo4HyMIHvMB0GA1UdDgQWBBSx2IHVa2n6/OmX4+KedCF6 +fAziHjAfBgNVHSMEGDAWgBRprUYsiUQwO8+05cFG2bbQ6UvZ8DA/BggrBgEFBQcB +AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh +dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl +cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +AjARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAFoKvlCgEvvU +TGXRxdgU9yXobZMUzN55n7J0819KhzMR21rfg6oTBa0Lkg+6eJPODy7L1czMt/NI +LYmBzmJGMWWD0ELfkwz8atF0b/KOKJTMrw0M7Sk1l/Tdh4jmN7q4tP4WIF2knywT +bjVBdI29g65SJRegBybpmOzAt0YYnqliBBRTkbl7WieSuehG5yiPUXJNNlFUEuPr +S7soHRjYiCsE+d5KRbIwaXN5BZCMsbRIxdPp8gGCNMrpELzKvKq5CBah022KtWe9 +4Twb+yag9/SurBrhfLC3kG9M8+AAgy97urU2O6txt7V521D3SImUhq/+PjJ6kdT7 +SxCwn8xvpJw= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a8:13:59:fd:9e:9b:cb:c9:02:2c:44:ff:d7:e7: + 1d:10:62:8b:db:1d:ed:85:0b:c4:0c:01:7b:71:54: + e6:83:a3:56:e3:39:cb:52:0e:5a:25:97:55:82:47: + 46:e6:c1:8d:24:09:c0:ae:44:f1:b7:e8:6c:b3:4f: + 81:b2:32:31:36:b4:92:21:d7:f3:bd:d4:2e:90:43: + 09:49:20:91:b7:dd:3e:eb:54:03:b4:8a:b0:f3:1c: + 44:04:82:f8:b1:65:ae:24:57:47:87:af:9d:a2:21: + 4a:3b:6b:36:66:1e:cf:af:cb:be:b7:5c:85:a1:22: + c1:f0:a0:6c:d7:f7:d7:33:ec:86:f0:32:2f:91:5d: + 70:fc:a1:3d:7c:7b:4d:7f:3e:8a:ef:ef:3f:18:c9: + 5a:bd:b0:01:fd:a1:2c:f9:e8:80:a1:43:07:c8:b2: + c0:ed:70:47:b6:46:65:90:53:49:00:e7:f8:43:68: + ed:02:27:89:f8:d5:b8:0d:97:6b:1a:c1:37:71:e2: + 85:bb:db:3b:8b:f6:82:a4:5c:da:6a:a0:e5:4c:1b: + 09:50:3e:28:a4:ad:e6:86:95:6a:c7:b5:21:ed:aa: + 29:ad:64:9b:94:0a:44:ec:7d:45:fc:9f:3d:7a:8c: + 65:21:eb:45:f2:d3:49:98:fd:0f:69:f0:3b:f9:c8: + f3:33 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 69:AD:46:2C:89:44:30:3B:CF:B4:E5:C1:46:D9:B6:D0:E9:4B:D9:F0 + X509v3 Authority Key Identifier: + keyid:82:D5:80:DD:3D:8B:A3:17:84:E6:C1:77:1A:72:12:B7:0B:3A:11:DF + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + c0:7b:5c:a8:bd:53:58:86:46:19:a5:bd:4a:0c:29:35:f1:3f: + 77:23:52:87:b3:d1:79:16:51:14:bc:1b:37:33:be:96:86:37: + c9:9e:43:a8:3b:7e:80:45:22:e0:00:79:d9:01:ba:f6:fa:91: + 05:11:a3:0c:ce:27:48:fb:1d:45:1f:fc:eb:9a:3d:be:c2:0e: + 9c:42:ba:6c:68:6e:96:56:e9:81:b8:65:34:68:7e:84:f6:eb: + cc:67:b1:00:4b:8d:9e:19:89:be:29:c8:7f:9b:78:f6:50:68: + 88:c4:c3:82:40:76:87:7e:34:a3:16:58:9a:84:bf:0d:23:79: + 24:97:c8:34:59:71:d5:28:99:ed:a3:10:71:a0:08:1e:01:23: + 60:58:95:b6:c4:00:7e:6d:f3:e8:59:9f:fd:92:05:ed:da:e0: + b5:e3:6f:46:cc:6f:1f:ee:d4:21:4d:19:18:85:1d:ae:e6:9e: + 04:21:6c:fe:d7:b0:8a:15:54:30:3d:16:c3:97:70:67:c8:51: + 3b:a8:42:fa:85:b1:14:54:c8:43:ba:4c:8c:cf:88:87:f3:29: + 55:7e:51:5d:ef:19:4b:9e:0a:92:e5:09:29:8a:d3:2e:9e:26: + 2d:87:17:23:ff:93:7d:a6:64:fb:3a:8f:56:99:31:8a:8a:b9: + 09:4b:1d:c0 +-----BEGIN CERTIFICATE----- +MIIDhjCCAm6gAwIBAgIBBjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBNZ/Z6b +y8kCLET/1+cdEGKL2x3thQvEDAF7cVTmg6NW4znLUg5aJZdVgkdG5sGNJAnArkTx +t+hss0+BsjIxNrSSIdfzvdQukEMJSSCRt90+61QDtIqw8xxEBIL4sWWuJFdHh6+d +oiFKO2s2Zh7Pr8u+t1yFoSLB8KBs1/fXM+yG8DIvkV1w/KE9fHtNfz6K7+8/GMla +vbAB/aEs+eiAoUMHyLLA7XBHtkZlkFNJAOf4Q2jtAieJ+NW4DZdrGsE3ceKFu9s7 +i/aCpFzaaqDlTBsJUD4opK3mhpVqx7Uh7aoprWSblApE7H1F/J89eoxlIetF8tNJ +mP0PafA7+cjzMwIDAQABo4HkMIHhMB0GA1UdDgQWBBRprUYsiUQwO8+05cFG2bbQ +6UvZ8DAfBgNVHSMEGDAWgBSC1YDdPYujF4TmwXcachK3CzoR3zA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAwDjAMBgorBgEE +AdZ5AgUCMA0GCSqGSIb3DQEBCwUAA4IBAQDAe1yovVNYhkYZpb1KDCk18T93I1KH +s9F5FlEUvBs3M76WhjfJnkOoO36ARSLgAHnZAbr2+pEFEaMMzidI+x1FH/zrmj2+ +wg6cQrpsaG6WVumBuGU0aH6E9uvMZ7EAS42eGYm+Kch/m3j2UGiIxMOCQHaHfjSj +FliahL8NI3kkl8g0WXHVKJntoxBxoAgeASNgWJW2xAB+bfPoWZ/9kgXt2uC1429G +zG8f7tQhTRkYhR2u5p4EIWz+17CKFVQwPRbDl3BnyFE7qEL6hbEUVMhDukyMz4iH +8ylVflFd7xlLngqS5QkpitMuniYthxcj/5N9pmT7Oo9WmTGKirkJSx3A +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:c6:19:7e:66:50:27:4f:e1:53:c8:c1:db:27: + 48:07:35:5d:51:84:f0:8e:62:64:9b:6f:b0:25:76: + e7:d5:e3:c2:2a:57:5a:11:9d:93:e6:97:e1:bb:24: + 77:88:e4:bd:65:d9:07:a4:7d:12:67:18:19:e3:ab: + 41:85:4b:39:54:d7:bc:36:8b:e5:69:b6:38:8e:e1: + 3a:c2:8c:61:08:34:db:0a:43:fb:1c:0b:ff:ed:fe: + 8c:65:8d:76:00:8c:0b:9c:f8:51:f4:e6:e2:cf:07: + 23:b1:95:30:b7:c7:e4:b8:4f:29:54:81:c3:9a:af: + 7e:43:59:85:56:57:8e:3d:9c:ec:e4:f0:a5:c6:bd: + fa:d5:f5:19:eb:b1:90:f6:86:ae:80:f9:2b:c0:d3: + a2:87:59:97:c6:36:a6:ab:4a:60:31:ba:c6:35:72: + 30:29:3c:14:54:6b:1a:5b:72:f0:3a:eb:22:2e:d3: + 44:38:c2:f3:c8:f3:cc:32:45:71:f8:a3:98:dc:4e: + 0b:0a:f4:31:c9:31:58:1b:fa:d3:d7:73:95:05:59: + 6d:73:32:dd:97:2f:fd:89:e0:0f:49:a0:16:8e:f0: + c8:91:88:d6:08:2d:44:82:17:07:12:57:fb:f6:76: + b3:d7:09:33:29:f4:24:34:33:a3:c9:b3:33:be:4b: + 85:bb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 82:D5:80:DD:3D:8B:A3:17:84:E6:C1:77:1A:72:12:B7:0B:3A:11:DF + X509v3 Authority Key Identifier: + keyid:82:D5:80:DD:3D:8B:A3:17:84:E6:C1:77:1A:72:12:B7:0B:3A:11:DF + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 24:50:5b:fc:90:33:66:c4:43:81:73:1e:23:c6:da:63:06:4f: + 12:ee:7d:0e:a2:1e:01:66:a4:db:b4:0d:a1:45:be:4e:ed:e2: + 6d:22:bc:60:e5:18:8f:21:b5:bf:56:d5:f4:1b:de:1f:c1:18: + f1:d1:a7:88:62:3c:79:d0:aa:08:7e:65:be:09:83:70:f2:27: + 3c:48:8d:5e:59:eb:cc:c7:3a:f8:f4:81:e0:af:95:53:1b:dc: + 44:af:f0:f6:cd:cd:0f:d1:d3:9c:4c:f3:b3:48:68:ef:b3:5d: + c4:33:5c:ea:08:7d:00:75:78:07:c4:86:b6:a2:45:86:3f:20: + ee:47:4e:c3:2b:70:a5:09:cc:69:af:db:0b:ce:6d:b5:79:7e: + 9c:fd:8f:db:11:96:19:19:85:10:76:c3:ca:e8:db:98:02:bd: + 3d:40:ac:21:4a:70:0e:cb:3f:02:f2:11:1e:fa:da:90:ac:1b: + f7:c8:3e:ec:32:c7:97:01:a7:9d:94:db:ed:65:dd:5f:6c:da: + 5a:a9:5f:63:0e:1a:84:82:e4:63:32:75:79:ca:23:dc:17:02: + 13:65:1c:b0:e8:70:5a:62:25:36:24:f6:5e:47:ed:3f:d7:42: + 16:ee:59:96:80:bb:e1:7d:31:9d:e3:00:b2:8b:9e:da:89:e5: + d5:60:f4:9b +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBBTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN7GGX5mUCdP4VPIwdsn +SAc1XVGE8I5iZJtvsCV259XjwipXWhGdk+aX4bskd4jkvWXZB6R9EmcYGeOrQYVL +OVTXvDaL5Wm2OI7hOsKMYQg02wpD+xwL/+3+jGWNdgCMC5z4UfTm4s8HI7GVMLfH +5LhPKVSBw5qvfkNZhVZXjj2c7OTwpca9+tX1GeuxkPaGroD5K8DToodZl8Y2pqtK +YDG6xjVyMCk8FFRrGlty8DrrIi7TRDjC88jzzDJFcfijmNxOCwr0MckxWBv609dz +lQVZbXMy3Zcv/YngD0mgFo7wyJGI1ggtRIIXBxJX+/Z2s9cJMyn0JDQzo8mzM75L +hbsCAwEAAaOByzCByDAdBgNVHQ4EFgQUgtWA3T2LoxeE5sF3GnIStws6Ed8wHwYD +VR0jBBgwFoAUgtWA3T2LoxeE5sF3GnIStws6Ed8wNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAkUFv8kDNm +xEOBcx4jxtpjBk8S7n0Ooh4BZqTbtA2hRb5O7eJtIrxg5RiPIbW/VtX0G94fwRjx +0aeIYjx50KoIfmW+CYNw8ic8SI1eWevMxzr49IHgr5VTG9xEr/D2zc0P0dOcTPOz +SGjvs13EM1zqCH0AdXgHxIa2okWGPyDuR07DK3ClCcxpr9sLzm21eX6c/Y/bEZYZ +GYUQdsPK6NuYAr09QKwhSnAOyz8C8hEe+tqQrBv3yD7sMseXAaedlNvtZd1fbNpa +qV9jDhqEguRjMnV5yiPcFwITZRyw6HBaYiU2JPZeR+0/10IW7lmWgLvhfTGd4wCy +i57aieXVYPSb +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/policies_ica_audioonly_leaf_audioonly.pem b/test/data/cast/common/certificate/certificates/policies_ica_audioonly_leaf_audioonly.pem new file mode 100644 index 00000000..85ac0962 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/policies_ica_audioonly_leaf_audioonly.pem @@ -0,0 +1,281 @@ +[Created by: generate_policies_tests.py] + +Cast certificate chain with the following policies: + + Root: policies={} + Intermediate: policies={audioOnly} + Leaf: policies={audioOnly} + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Leaf + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d0:0b:d7:3e:98:8e:bb:3e:3c:0b:89:5d:95:79: + a7:6a:14:3e:6b:b2:0c:02:01:25:51:9d:3a:fc:ea: + b7:ee:d1:5d:e6:c1:c1:59:a9:e3:59:10:d3:04:6a: + a4:ab:33:f0:e6:cf:70:44:a6:14:88:5f:dd:63:b6: + b7:d6:ce:4b:bd:05:3f:61:7a:6d:01:5a:38:4b:64: + a3:63:d0:1b:7c:7a:37:ab:eb:a8:5b:e0:50:e6:5f: + f5:90:20:8d:76:51:5a:2b:82:4c:60:89:7d:f7:df: + d2:6d:e4:e3:65:63:13:65:90:13:91:d7:c2:f6:61: + 82:b2:4d:cc:db:47:e3:f6:cd:c4:62:f9:95:36:04: + cd:19:85:54:a6:8e:5c:28:0f:0d:22:13:d7:8d:16: + 1d:1a:68:7a:40:d6:c8:0f:e8:60:c8:fe:16:fe:45: + e1:e4:a8:b8:b8:e5:fb:40:51:2a:70:e0:de:62:35: + 78:b6:70:59:f6:7b:a2:7c:03:9c:69:8b:29:a5:3b: + fd:b9:89:ec:58:3b:c5:2e:71:f7:d5:bb:48:b3:8b: + 92:1a:a6:8a:33:1e:b7:55:c5:ff:d7:e9:f1:ef:e4: + d8:67:ae:58:51:18:66:24:f1:1b:12:1f:a1:90:f7: + d0:ba:4d:cb:a4:9e:af:ec:6d:b1:a9:f6:f2:2d:fe: + 41:01 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 49:8A:C6:9F:50:B0:1A:C4:63:BF:03:F3:E8:D1:62:7B:4F:8E:8E:6E + X509v3 Authority Key Identifier: + keyid:1A:DF:4D:09:A0:4D:8D:18:9E:B2:43:6B:AF:D5:99:96:0D:C6:6E:0A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + 1b:08:f3:4d:5a:ab:a0:3a:39:fd:08:5e:bf:d1:02:07:92:af: + 79:8b:5d:c5:67:df:cc:53:77:4a:98:84:62:13:19:e1:83:61: + c8:f6:4e:5c:34:1b:98:49:82:24:d0:13:77:be:08:87:22:02: + 3e:54:aa:a0:dc:ff:ac:50:09:98:98:e7:f5:b0:e6:53:29:71: + 62:82:95:6b:37:cd:01:a4:42:aa:6b:80:c1:70:d7:66:6c:c6: + 21:7f:7c:b0:c3:71:44:ad:ca:68:db:04:cd:ef:a5:18:75:e4: + 12:40:b1:05:47:c9:bc:86:fb:a4:2f:bf:eb:5a:3b:ff:ff:99: + 8b:2a:6f:20:0a:dc:6e:ad:79:cc:b0:aa:46:a0:d6:3c:90:b7: + c6:36:99:03:e1:ca:d2:39:5f:69:c9:e5:eb:c9:03:05:85:d8: + c2:6f:b8:75:a2:e2:77:3c:c6:24:dd:84:78:9e:b4:0e:a3:00: + 3d:50:bc:9d:5f:62:b9:75:46:3b:66:42:fd:85:93:fc:1c:41: + c7:e2:58:07:cd:ba:27:3c:58:92:7f:6f:60:e4:9c:68:cb:8d: + 3d:a9:f6:ad:e3:4d:17:e5:ff:c3:9f:7a:c1:96:7a:a2:99:79: + 7a:2d:ce:9d:49:59:20:6e:89:f9:6e:17:aa:97:44:1d:ed:28: + c2:8d:48:0c +-----BEGIN CERTIFICATE----- +MIIDmjCCAoKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD +VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0AvXPpiO +uz48C4ldlXmnahQ+a7IMAgElUZ06/Oq37tFd5sHBWanjWRDTBGqkqzPw5s9wRKYU +iF/dY7a31s5LvQU/YXptAVo4S2SjY9AbfHo3q+uoW+BQ5l/1kCCNdlFaK4JMYIl9 +99/SbeTjZWMTZZATkdfC9mGCsk3M20fj9s3EYvmVNgTNGYVUpo5cKA8NIhPXjRYd +Gmh6QNbID+hgyP4W/kXh5Ki4uOX7QFEqcODeYjV4tnBZ9nuifAOcaYsppTv9uYns +WDvFLnH31btIs4uSGqaKMx63VcX/1+nx7+TYZ65YURhmJPEbEh+hkPfQuk3LpJ6v +7G2xqfbyLf5BAQIDAQABo4H4MIH1MB0GA1UdDgQWBBRJisafULAaxGO/A/Po0WJ7 +T46ObjAfBgNVHSMEGDAWgBQa300JoE2NGJ6yQ2uv1ZmWDcZuCjA/BggrBgEFBQcB +AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh +dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl +cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +AjAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQIwDQYJKoZIhvcNAQELBQADggEBABsI +801aq6A6Of0IXr/RAgeSr3mLXcVn38xTd0qYhGITGeGDYcj2Tlw0G5hJgiTQE3e+ +CIciAj5UqqDc/6xQCZiY5/Ww5lMpcWKClWs3zQGkQqprgMFw12ZsxiF/fLDDcUSt +ymjbBM3vpRh15BJAsQVHybyG+6Qvv+taO///mYsqbyAK3G6tecywqkag1jyQt8Y2 +mQPhytI5X2nJ5evJAwWF2MJvuHWi4nc8xiTdhHietA6jAD1QvJ1fYrl1RjtmQv2F +k/wcQcfiWAfNuic8WJJ/b2DknGjLjT2p9q3jTRfl/8OfesGWeqKZeXotzp1JWSBu +ifluF6qXRB3tKMKNSAw= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:cb:9b:d4:8f:6f:27:f3:b7:4d:01:80:93:70:2a: + c0:14:26:ae:44:a8:0e:e7:3e:2f:fb:f8:07:4b:79: + 2d:e9:5f:90:ba:b4:fd:43:76:f9:1b:56:59:a1:76: + 81:75:7f:d5:8c:35:bc:d5:9f:10:f8:cd:dc:3d:40: + 6b:3d:66:eb:e5:41:06:c3:85:e9:d9:64:ff:36:41: + 99:f1:8d:cc:a2:95:7a:86:ad:16:67:cf:40:c3:bc: + 1b:b0:90:1d:8d:a7:8e:7c:89:01:f2:11:2d:b6:53: + 13:20:bb:2a:ec:9a:ba:e6:b0:5a:ee:6a:b4:aa:82: + 47:eb:cd:32:b0:c7:4b:92:11:3a:58:3c:9e:bf:7f: + df:ef:bc:fa:2c:d2:29:fb:95:76:4f:27:2d:14:a9: + 3e:34:39:29:18:84:01:c5:27:8f:d2:e4:85:72:6d: + b1:43:d7:b8:56:a7:9d:0f:c3:45:b9:3e:27:c8:c1: + 05:a4:23:aa:4d:85:77:08:91:a3:fc:ca:5f:a7:bd: + 25:fb:57:a6:d3:29:e0:b0:39:87:6e:26:a7:f1:c0: + 65:ba:9d:80:e3:26:42:b9:d7:9a:e8:2f:c9:94:67: + 08:87:f8:2a:54:72:69:36:d9:87:e9:a5:e8:91:39: + 41:66:a4:7d:d7:ec:d4:7b:8e:b9:65:05:ad:90:0c: + b3:a1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 1A:DF:4D:09:A0:4D:8D:18:9E:B2:43:6B:AF:D5:99:96:0D:C6:6E:0A + X509v3 Authority Key Identifier: + keyid:8C:07:70:06:02:9A:7D:D2:99:47:6E:2F:63:D8:B8:67:2F:CE:E3:3B + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + df:31:6f:7a:51:9b:68:73:12:e2:74:a7:c1:58:43:d1:fd:c4: + 64:1a:0c:17:9d:5c:d0:9b:ab:f6:5b:de:f1:6a:08:7d:20:db: + c2:f6:4c:87:af:ad:c1:ba:52:15:04:2e:6d:5a:61:bd:e2:73: + 15:c5:62:99:56:47:86:ce:c9:28:44:37:c7:0e:7e:af:5c:1d: + 4a:4c:ac:74:e5:74:16:81:76:5c:ec:40:72:35:41:f0:9f:ec: + 14:7f:ee:c2:35:ae:9f:57:e3:e9:68:48:c9:33:f8:ca:d5:9c: + 0e:1a:ec:83:bf:fc:02:0c:3d:30:3b:f5:aa:a8:c0:8f:36:45: + f4:0c:48:bd:d9:11:c2:b5:b0:c0:78:6d:3c:c1:1f:96:ae:01: + 31:e8:b9:9f:1f:65:41:bd:89:2b:ce:8f:cb:59:e3:8b:d1:97: + a8:83:f8:dd:63:13:e9:53:4f:0d:41:73:97:c5:06:4e:09:33: + e8:37:23:ad:5e:26:69:4c:70:7a:eb:cf:50:c0:b1:40:42:a3: + 7c:37:ad:48:d4:a5:ee:44:b5:64:43:e6:52:ac:00:f3:fc:03: + 9e:ab:fb:8d:03:4c:d3:2f:fc:b3:cb:31:9e:42:08:e1:c8:d1: + 3d:d3:a7:ec:9b:f2:11:75:15:19:b3:30:25:c5:de:a5:06:b1: + 44:17:bd:b9 +-----BEGIN CERTIFICATE----- +MIIDhjCCAm6gAwIBAgIBBDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5vUj28n +87dNAYCTcCrAFCauRKgO5z4v+/gHS3kt6V+QurT9Q3b5G1ZZoXaBdX/VjDW81Z8Q ++M3cPUBrPWbr5UEGw4Xp2WT/NkGZ8Y3MopV6hq0WZ89Aw7wbsJAdjaeOfIkB8hEt +tlMTILsq7Jq65rBa7mq0qoJH680ysMdLkhE6WDyev3/f77z6LNIp+5V2TyctFKk+ +NDkpGIQBxSeP0uSFcm2xQ9e4VqedD8NFuT4nyMEFpCOqTYV3CJGj/Mpfp70l+1em +0yngsDmHbian8cBlup2A4yZCudea6C/JlGcIh/gqVHJpNtmH6aXokTlBZqR91+zU +e465ZQWtkAyzoQIDAQABo4HkMIHhMB0GA1UdDgQWBBQa300JoE2NGJ6yQ2uv1ZmW +DcZuCjAfBgNVHSMEGDAWgBSMB3AGApp90plHbi9j2LhnL87jOzA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAwDjAMBgorBgEE +AdZ5AgUCMA0GCSqGSIb3DQEBCwUAA4IBAQDfMW96UZtocxLidKfBWEPR/cRkGgwX +nVzQm6v2W97xagh9INvC9kyHr63BulIVBC5tWmG94nMVxWKZVkeGzskoRDfHDn6v +XB1KTKx05XQWgXZc7EByNUHwn+wUf+7CNa6fV+PpaEjJM/jK1ZwOGuyDv/wCDD0w +O/WqqMCPNkX0DEi92RHCtbDAeG08wR+WrgEx6LmfH2VBvYkrzo/LWeOL0Zeog/jd +YxPpU08NQXOXxQZOCTPoNyOtXiZpTHB6689QwLFAQqN8N61I1KXuRLVkQ+ZSrADz +/AOeq/uNA0zTL/yzyzGeQgjhyNE906fsm/IRdRUZszAlxd6lBrFEF725 +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ee:16:50:2d:c1:27:44:01:0a:3f:67:6c:a5:e2: + 9c:5a:30:1a:81:73:ee:0c:07:51:44:01:0a:cc:cf: + 3a:a2:86:06:06:aa:54:46:d0:01:3e:3d:08:9d:74: + 6c:86:92:df:0c:bf:2c:ec:11:18:30:0c:a7:20:7b: + 9e:66:6b:a2:6b:fc:0d:53:5e:f1:49:69:56:ac:8d: + b6:d2:18:79:59:8b:30:dc:1d:70:86:85:7f:2a:c2: + 33:df:a2:f2:35:6b:52:8e:14:41:a0:10:c9:aa:f9: + 94:2c:f3:09:ec:9f:c9:61:da:71:47:d2:b1:76:8a: + c8:e2:2d:2b:48:b5:6d:f2:87:88:ce:97:b4:2d:53: + 99:35:7a:59:75:79:c7:e9:ed:d5:9a:03:81:f2:b5: + bb:30:50:5a:8d:4b:c0:a5:55:0c:97:ff:f4:5a:ef: + a1:4a:ae:ce:74:70:29:60:d7:84:a5:49:dd:c9:8c: + d9:cd:e8:66:cd:59:af:b5:cf:8b:d5:3d:9b:80:2c: + 9c:eb:e4:04:11:3f:1a:a6:15:bf:96:66:bf:83:9b: + 4b:e4:49:4f:17:0d:df:42:5f:af:06:a1:50:5e:aa: + c7:1f:a9:2e:7a:f0:49:6d:77:cd:e3:78:4c:3e:4b: + f9:67:60:a3:f6:18:28:ba:7d:5a:df:9b:66:02:ca: + 38:1b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 8C:07:70:06:02:9A:7D:D2:99:47:6E:2F:63:D8:B8:67:2F:CE:E3:3B + X509v3 Authority Key Identifier: + keyid:8C:07:70:06:02:9A:7D:D2:99:47:6E:2F:63:D8:B8:67:2F:CE:E3:3B + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 49:1d:f3:68:30:35:e7:2a:2d:8c:9c:fd:83:de:44:bd:1f:1e: + bf:f7:d6:ee:03:5f:e7:21:4f:f9:ca:08:ca:d4:99:ff:ab:8f: + 42:3d:02:de:3f:7d:c1:4b:fc:aa:f3:b5:cc:b4:d9:04:b6:4e: + 5a:bd:5a:65:de:2e:06:f4:90:a2:fb:18:e7:b3:54:b2:ff:37: + 2b:15:de:26:2b:d7:11:1e:17:58:f3:b8:6d:10:ba:b7:8e:9a: + 5d:8a:d7:5c:69:28:0c:0e:8b:ce:b4:e1:4a:a3:58:82:a6:f6: + 21:39:fb:eb:5b:20:12:e2:7b:36:4e:be:cf:a6:dc:29:6c:ef: + 01:44:07:e8:1f:a2:b4:7c:b1:84:c3:4b:ba:a8:bd:d8:e0:f9: + 82:49:e9:f8:08:a5:c9:d6:3a:62:ce:ad:9e:57:ed:1a:92:e2: + d9:f1:7d:46:a4:6b:72:db:16:f8:61:75:50:5b:0a:30:62:13: + 12:14:16:cc:6b:1c:f3:c4:df:a7:83:ad:c6:ee:d1:34:45:d7: + 36:14:fc:5b:82:96:87:ad:45:bc:15:40:70:ea:e1:17:62:e7: + 45:aa:a3:7f:33:f0:3f:32:8d:2a:98:64:62:17:f9:9a:8d:32: + e5:db:79:aa:50:8c:5d:91:40:76:b4:d6:92:5c:2f:81:86:92: + 0e:8f:2b:12 +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO4WUC3BJ0QBCj9nbKXi +nFowGoFz7gwHUUQBCszPOqKGBgaqVEbQAT49CJ10bIaS3wy/LOwRGDAMpyB7nmZr +omv8DVNe8UlpVqyNttIYeVmLMNwdcIaFfyrCM9+i8jVrUo4UQaAQyar5lCzzCeyf +yWHacUfSsXaKyOItK0i1bfKHiM6XtC1TmTV6WXV5x+nt1ZoDgfK1uzBQWo1LwKVV +DJf/9FrvoUquznRwKWDXhKVJ3cmM2c3oZs1Zr7XPi9U9m4AsnOvkBBE/GqYVv5Zm +v4ObS+RJTxcN30JfrwahUF6qxx+pLnrwSW13zeN4TD5L+Wdgo/YYKLp9Wt+bZgLK +OBsCAwEAAaOByzCByDAdBgNVHQ4EFgQUjAdwBgKafdKZR24vY9i4Zy/O4zswHwYD +VR0jBBgwFoAUjAdwBgKafdKZR24vY9i4Zy/O4zswNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBJHfNoMDXn +Ki2MnP2D3kS9Hx6/99buA1/nIU/5ygjK1Jn/q49CPQLeP33BS/yq87XMtNkEtk5a +vVpl3i4G9JCi+xjns1Sy/zcrFd4mK9cRHhdY87htELq3jppditdcaSgMDovOtOFK +o1iCpvYhOfvrWyAS4ns2Tr7PptwpbO8BRAfoH6K0fLGEw0u6qL3Y4PmCSen4CKXJ +1jpizq2eV+0akuLZ8X1GpGty2xb4YXVQWwowYhMSFBbMaxzzxN+ng63G7tE0Rdc2 +FPxbgpaHrUW8FUBw6uEXYudFqqN/M/A/Mo0qmGRiF/majTLl23mqUIxdkUB2tNaS +XC+BhpIOjysS +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/policies_ica_audioonly_leaf_foo.pem b/test/data/cast/common/certificate/certificates/policies_ica_audioonly_leaf_foo.pem new file mode 100644 index 00000000..cf0e8664 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/policies_ica_audioonly_leaf_foo.pem @@ -0,0 +1,281 @@ +[Created by: generate_policies_tests.py] + +Cast certificate chain with the following policies: + + Root: policies={} + Intermediate: policies={audioOnly} + Leaf: policies={foo} + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Leaf + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b4:ac:61:51:0e:40:b5:27:19:06:0b:a9:13:d8: + ec:a4:ab:ae:df:94:33:27:7e:e3:2b:0f:4b:b0:2c: + 6a:41:38:b4:0b:aa:29:31:9c:1d:17:42:32:e0:81: + bb:a3:ea:52:c0:43:f3:f1:2c:3a:5d:22:9c:e6:e9: + cc:96:3b:69:4f:63:e0:29:57:47:4c:94:02:64:39: + 52:38:2a:5e:f4:93:12:e1:85:16:87:e8:b4:15:80: + 02:ba:af:61:2e:e6:14:2a:39:81:67:27:c4:c7:fc: + 4b:f9:e6:f7:b1:84:eb:bd:b6:b0:df:01:11:49:94: + 39:8b:b3:2e:0b:c9:46:de:b9:63:ba:d2:d1:60:21: + d0:d2:e2:4a:5f:7c:df:3c:99:6f:c9:e8:a5:9f:be: + d3:76:89:dd:99:f1:fe:6e:53:bd:b2:19:f1:9f:dc: + 68:84:7f:a6:1c:81:4d:c7:7e:b1:ba:bf:d8:05:46: + 9a:43:c4:ef:08:08:80:40:49:32:ef:f8:84:0e:da: + 67:bf:7b:4b:14:69:f7:e7:c6:16:40:c5:75:21:a1: + 19:48:6e:81:88:2a:70:b0:23:87:da:43:ab:b5:f3: + 45:2b:c1:31:44:31:2d:94:a5:f6:e4:97:16:54:aa: + 76:e4:bc:4f:f9:14:59:83:61:7e:ed:4e:6a:c6:3b: + c8:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5B:20:CE:3D:64:B6:89:52:42:76:50:2E:B6:50:8C:8C:88:BD:44:6A + X509v3 Authority Key Identifier: + keyid:D7:30:75:D1:B9:8A:C0:67:E9:D7:FB:C4:45:99:2F:AF:B4:E0:DF:2A + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: 1.2.840.113554.4.1.72585.2 + + Signature Algorithm: sha256WithRSAEncryption + 23:67:1e:34:11:31:20:b8:a4:6c:36:ae:71:5a:23:6d:73:72: + 4e:5b:65:b9:8b:4a:bb:6c:c1:ba:87:24:3a:98:42:59:a3:c3: + 75:bf:1d:b4:c7:c4:c8:b9:87:a0:d8:6d:98:14:34:c6:2a:8b: + b4:e2:3a:4a:10:b7:fd:52:8e:33:7a:8b:1d:b7:28:f4:99:12: + 93:65:f9:1a:66:42:6f:da:19:f9:33:a6:72:9e:f9:15:c6:61: + 28:05:92:04:1e:9f:d9:e8:a6:81:11:32:82:38:db:61:68:24: + 7f:f8:5b:db:55:78:7c:d8:65:2b:c5:4c:78:31:f6:0e:bc:73: + 0c:33:81:47:10:bb:fe:49:66:2a:2c:2c:4c:40:23:06:97:26: + b5:d1:b9:a3:9f:0c:7d:e9:1b:6a:f9:61:fd:29:bc:6d:85:68: + 92:8f:f6:94:25:c7:85:3a:d1:ee:28:45:06:11:af:a0:0c:7d: + a9:da:02:ff:bf:d7:d2:96:7c:6e:34:bf:35:2d:85:64:79:2c: + 23:59:c9:e1:fe:0e:56:91:47:a8:22:d1:10:2d:d4:44:38:44: + ca:58:59:04:d6:81:60:7f:bc:08:a5:f3:3f:f8:8e:fa:c1:40: + 2e:40:8b:5a:15:84:17:a0:92:59:55:97:83:fe:9b:32:95:94: + a8:51:99:42 +-----BEGIN CERTIFICATE----- +MIIDnDCCAoSgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD +VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKxhUQ5A +tScZBgupE9jspKuu35QzJ37jKw9LsCxqQTi0C6opMZwdF0Iy4IG7o+pSwEPz8Sw6 +XSKc5unMljtpT2PgKVdHTJQCZDlSOCpe9JMS4YUWh+i0FYACuq9hLuYUKjmBZyfE +x/xL+eb3sYTrvbaw3wERSZQ5i7MuC8lG3rljutLRYCHQ0uJKX3zfPJlvyeiln77T +dondmfH+blO9shnxn9xohH+mHIFNx36xur/YBUaaQ8TvCAiAQEky7/iEDtpnv3tL +FGn358YWQMV1IaEZSG6BiCpwsCOH2kOrtfNFK8ExRDEtlKX25JcWVKp25LxP+RRZ +g2F+7U5qxjvICwIDAQABo4H6MIH3MB0GA1UdDgQWBBRbIM49ZLaJUkJ2UC62UIyM +iL1EajAfBgNVHSMEGDAWgBTXMHXRuYrAZ+nX+8RFmS+vtODfKjA/BggrBgEFBQcB +AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh +dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl +cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +AjAZBgNVHSAEEjAQMA4GDCqGSIb3EgQBhLcJAjANBgkqhkiG9w0BAQsFAAOCAQEA +I2ceNBExILikbDaucVojbXNyTltluYtKu2zBuockOphCWaPDdb8dtMfEyLmHoNht +mBQ0xiqLtOI6ShC3/VKOM3qLHbco9JkSk2X5GmZCb9oZ+TOmcp75FcZhKAWSBB6f +2eimgREygjjbYWgkf/hb21V4fNhlK8VMeDH2DrxzDDOBRxC7/klmKiwsTEAjBpcm +tdG5o58Mfekbavlh/Sm8bYVoko/2lCXHhTrR7ihFBhGvoAx9qdoC/7/X0pZ8bjS/ +NS2FZHksI1nJ4f4OVpFHqCLREC3URDhEylhZBNaBYH+8CKXzP/iO+sFALkCLWhWE +F6CSWVWXg/6bMpWUqFGZQg== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8 (0x8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a9:b2:82:36:54:a8:98:d5:fd:3d:04:24:22:7a: + 96:60:e6:b9:00:f2:b5:30:fe:2a:e7:01:d7:18:08: + 14:af:09:2c:2b:fc:09:1c:c5:8f:dc:80:68:0e:e4: + 33:6b:6a:e0:9a:e5:5d:7f:72:71:b6:bf:9a:c2:42: + 72:2f:02:64:a6:b1:31:9c:3b:f8:f6:f1:5f:58:c6: + 15:e7:09:d5:d7:ca:85:48:24:e9:ba:4b:77:dd:55: + 52:38:b7:98:6f:98:ac:6b:cb:aa:6b:31:9a:7e:8d: + 72:35:ff:d2:13:47:60:39:b6:c9:97:1b:6d:e6:95: + 33:c5:df:74:d3:37:7e:5d:92:11:6b:ad:74:0a:5f: + 2c:62:56:d2:f2:2e:9f:02:47:66:e4:9c:e9:67:ed: + 92:9e:5f:6c:2e:87:ea:ad:c8:b0:d2:72:be:19:7c: + a8:bb:10:e7:76:5c:74:8c:42:9c:c0:91:58:e9:ba: + b7:6a:71:4a:6f:c0:3c:5d:42:e7:e6:8d:53:57:d5: + 06:5d:80:da:f5:97:f3:a7:32:71:49:99:c0:ef:a2: + 77:3f:c0:42:a4:6e:1f:ca:41:f5:37:a0:a9:e8:f9: + f8:b0:16:5e:a3:98:e7:87:9d:31:c8:c3:c1:0c:34: + 8b:e9:0e:9b:30:b7:fc:2a:d0:ff:7d:c8:bc:b5:d6: + 7d:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D7:30:75:D1:B9:8A:C0:67:E9:D7:FB:C4:45:99:2F:AF:B4:E0:DF:2A + X509v3 Authority Key Identifier: + keyid:97:9F:F1:88:19:93:DC:19:55:06:EB:83:28:9D:18:F0:1E:50:99:EB + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + 93:84:5b:28:41:82:e9:d3:62:fb:5b:6b:2f:03:53:bf:2e:c2: + e1:65:15:5b:6d:fc:56:16:d0:d8:c5:45:b6:ce:c8:e3:76:d5: + 35:00:02:ab:b9:e1:23:ca:7d:0d:80:d6:e4:dc:70:50:56:4f: + 6f:a8:80:c5:45:40:0b:3e:6d:88:02:bc:37:e1:b2:f6:ec:d0: + 88:27:49:f6:98:2e:03:35:98:13:04:4e:25:c9:0e:65:70:f7: + 7a:da:1c:32:cb:40:3f:8b:54:75:b2:c8:63:45:45:fe:01:af: + d9:04:8b:58:18:55:ac:78:3a:20:04:7a:1e:bb:43:49:0b:cd: + ac:09:08:0a:c2:96:6f:4f:a0:4e:d5:48:f8:40:e7:f5:46:11: + 58:f0:1c:ff:91:db:e9:e8:58:ad:45:dd:ed:06:ed:63:51:93: + 4d:40:fc:7e:d8:d3:e3:dc:36:20:63:9f:f0:fd:05:8a:b0:7d: + 2d:8a:99:93:fa:73:4e:b5:24:45:e8:bf:0f:a8:e0:ee:c7:18: + 2e:b6:b3:ed:52:ba:d1:94:0d:9f:8d:c7:66:a7:91:5d:bd:dc: + ca:ff:bb:99:31:1e:78:08:b4:4d:03:2e:af:a6:f1:87:f0:80: + e7:81:47:db:be:31:2c:ee:ef:ca:16:b1:15:9e:43:0d:10:ef: + 8c:22:be:fc +-----BEGIN CERTIFICATE----- +MIIDhjCCAm6gAwIBAgIBCDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbKCNlSo +mNX9PQQkInqWYOa5APK1MP4q5wHXGAgUrwksK/wJHMWP3IBoDuQza2rgmuVdf3Jx +tr+awkJyLwJkprExnDv49vFfWMYV5wnV18qFSCTpukt33VVSOLeYb5isa8uqazGa +fo1yNf/SE0dgObbJlxtt5pUzxd900zd+XZIRa610Cl8sYlbS8i6fAkdm5JzpZ+2S +nl9sLofqrciw0nK+GXyouxDndlx0jEKcwJFY6bq3anFKb8A8XULn5o1TV9UGXYDa +9ZfzpzJxSZnA76J3P8BCpG4fykH1N6Cp6Pn4sBZeo5jnh50xyMPBDDSL6Q6bMLf8 +KtD/fci8tdZ9bwIDAQABo4HkMIHhMB0GA1UdDgQWBBTXMHXRuYrAZ+nX+8RFmS+v +tODfKjAfBgNVHSMEGDAWgBSXn/GIGZPcGVUG64MonRjwHlCZ6zA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAwDjAMBgorBgEE +AdZ5AgUCMA0GCSqGSIb3DQEBCwUAA4IBAQCThFsoQYLp02L7W2svA1O/LsLhZRVb +bfxWFtDYxUW2zsjjdtU1AAKrueEjyn0NgNbk3HBQVk9vqIDFRUALPm2IArw34bL2 +7NCIJ0n2mC4DNZgTBE4lyQ5lcPd62hwyy0A/i1R1sshjRUX+Aa/ZBItYGFWseDog +BHoeu0NJC82sCQgKwpZvT6BO1Uj4QOf1RhFY8Bz/kdvp6FitRd3tBu1jUZNNQPx+ +2NPj3DYgY5/w/QWKsH0tipmT+nNOtSRF6L8PqODuxxgutrPtUrrRlA2fjcdmp5Fd +vdzK/7uZMR54CLRNAy6vpvGH8IDngUfbvjEs7u/KFrEVnkMNEO+MIr78 +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9b:9c:73:93:62:04:5c:af:94:ef:7f:74:ac:8d: + 96:d4:50:8a:1f:08:eb:3a:2c:08:6e:53:2a:79:b7: + ee:03:31:43:0d:66:d2:af:ee:59:6c:bc:06:42:22: + cd:39:49:62:13:51:dd:94:fd:7f:03:d4:55:0f:e3: + 82:dd:f5:3f:2f:4b:01:38:e2:d2:31:e3:da:d9:b0: + 8e:c4:39:62:8a:dd:5a:68:0e:5c:65:80:e5:74:e7: + a3:5a:b7:23:eb:9c:26:6b:82:50:4e:49:f2:2a:15: + 41:0c:f8:03:7a:33:92:b6:e1:d0:de:1c:c4:08:74: + 4d:dc:e3:82:ab:0b:4e:ef:32:c7:bb:b3:45:30:3b: + d9:1e:6f:eb:6c:9a:c7:e4:9d:be:07:09:eb:43:20: + a7:b0:68:99:21:45:80:d3:90:71:ea:87:53:e1:20: + 99:ef:84:38:f5:71:0a:42:a3:30:b2:d8:6f:ab:87: + ac:9a:7c:01:b6:8a:3c:c1:c1:62:25:77:7e:51:f1: + 4f:88:92:b1:3d:16:fb:ba:3e:f9:d4:58:dd:6d:c0: + 18:a2:9e:f9:82:3f:7f:e9:de:f0:2d:a1:2a:b2:5e: + 38:15:73:15:80:ad:63:13:6b:96:4a:8e:cf:6c:f2: + 44:7b:7e:52:c6:53:1d:bc:b3:f5:1e:dd:ec:b7:19: + a0:eb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 97:9F:F1:88:19:93:DC:19:55:06:EB:83:28:9D:18:F0:1E:50:99:EB + X509v3 Authority Key Identifier: + keyid:97:9F:F1:88:19:93:DC:19:55:06:EB:83:28:9D:18:F0:1E:50:99:EB + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 24:16:e4:a2:3a:5f:d6:97:f2:b9:26:a9:03:97:85:12:bb:02: + 22:b5:82:30:14:58:a4:c1:45:37:64:a4:8e:05:e0:cf:33:d7: + d7:74:f7:ca:ea:e9:19:c8:15:d9:b0:d4:25:d5:45:a8:bb:ff: + 7e:e6:9a:d2:9f:d2:a8:7d:ac:04:e7:ab:ed:76:0c:f1:e1:ee: + 13:03:6b:71:13:c3:e9:2e:28:aa:b2:4b:0e:7b:ec:b4:d9:bb: + 47:94:3a:25:b8:df:43:26:4b:b5:ba:7a:2f:3f:33:3f:f0:7f: + 8f:86:50:5a:95:1a:ed:84:f2:cf:84:f3:2b:e6:a6:bf:92:b3: + 80:5e:bc:7a:f0:f3:b4:00:2f:ea:2b:22:b4:2a:ea:b5:bb:b2: + 68:69:76:65:94:da:89:44:36:fa:83:81:00:af:d6:9b:e5:ec: + 77:1d:db:3a:91:17:2c:ba:4f:2e:0b:4a:d5:bb:c5:79:7d:1c: + 35:9b:fc:34:88:5d:a6:f7:bc:79:30:f2:05:27:3b:6f:ca:f8: + 18:90:15:91:12:9a:d6:56:ac:93:83:1e:28:7f:2b:25:dc:2b: + d1:2c:96:8b:60:53:a5:40:21:89:71:15:fe:2d:4c:74:2e:5c: + c9:4d:f0:3e:83:c6:54:71:86:a5:9b:6c:37:4b:1a:fe:f7:e7: + 46:02:0f:f5 +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJucc5NiBFyvlO9/dKyN +ltRQih8I6zosCG5TKnm37gMxQw1m0q/uWWy8BkIizTlJYhNR3ZT9fwPUVQ/jgt31 +Py9LATji0jHj2tmwjsQ5YordWmgOXGWA5XTno1q3I+ucJmuCUE5J8ioVQQz4A3oz +krbh0N4cxAh0TdzjgqsLTu8yx7uzRTA72R5v62yax+SdvgcJ60Mgp7BomSFFgNOQ +ceqHU+Egme+EOPVxCkKjMLLYb6uHrJp8AbaKPMHBYiV3flHxT4iSsT0W+7o++dRY +3W3AGKKe+YI/f+ne8C2hKrJeOBVzFYCtYxNrlkqOz2zyRHt+UsZTHbyz9R7d7LcZ +oOsCAwEAAaOByzCByDAdBgNVHQ4EFgQUl5/xiBmT3BlVBuuDKJ0Y8B5QmeswHwYD +VR0jBBgwFoAUl5/xiBmT3BlVBuuDKJ0Y8B5QmeswNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAkFuSiOl/W +l/K5JqkDl4USuwIitYIwFFikwUU3ZKSOBeDPM9fXdPfK6ukZyBXZsNQl1UWou/9+ +5prSn9KofawE56vtdgzx4e4TA2txE8PpLiiqsksOe+y02btHlDoluN9DJku1unov +PzM/8H+PhlBalRrthPLPhPMr5qa/krOAXrx68PO0AC/qKyK0Kuq1u7JoaXZllNqJ +RDb6g4EAr9ab5ex3Hds6kRcsuk8uC0rVu8V5fRw1m/w0iF2m97x5MPIFJztvyvgY +kBWREprWVqyTgx4ofysl3CvRLJaLYFOlQCGJcRX+LUx0LlzJTfA+g8ZUcYalm2w3 +Sxr+9+dGAg/1 +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/policies_ica_audioonly_leaf_none.pem b/test/data/cast/common/certificate/certificates/policies_ica_audioonly_leaf_none.pem new file mode 100644 index 00000000..836125d7 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/policies_ica_audioonly_leaf_none.pem @@ -0,0 +1,277 @@ +[Created by: generate_policies_tests.py] + +Cast certificate chain with the following policies: + + Root: policies={} + Intermediate: policies={audioOnly} + Leaf: policies={} + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Leaf + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:97:f2:23:a5:ed:d0:98:d4:07:da:46:ef:ae:58: + 2b:4b:fb:3c:2c:41:a6:20:45:19:c4:61:3f:47:a4: + db:cf:16:73:25:56:fd:3d:db:02:60:3a:a6:7d:05: + 76:e9:4e:ca:51:64:78:58:82:55:42:43:92:e7:85: + e7:4f:cc:5e:92:fd:7a:bd:ea:ef:5f:33:33:44:6f: + 29:a5:e4:51:b1:57:ba:51:cc:b4:da:d9:99:24:5d: + 82:c7:88:b0:7c:97:f6:0a:3c:d1:14:a9:91:cc:b7: + 1b:14:98:b6:cc:c8:c8:e7:39:c7:bd:05:31:23:d2: + 95:17:61:c8:b7:8e:2d:70:84:3d:63:11:bb:d4:d5: + 92:e0:49:70:f1:2b:75:d6:a5:29:20:0f:02:ba:8f: + d3:cc:61:0b:7a:fa:bc:6c:be:4e:a0:39:ee:b4:e5: + 07:90:b7:77:98:96:95:45:38:b3:a5:c4:c3:97:ee: + ee:70:c7:78:be:b7:50:ba:62:00:2f:a6:9e:1a:9b: + 50:d6:08:fd:fe:b9:e0:85:ac:e7:91:ef:a9:41:a0: + 62:35:c4:8b:c0:78:59:6e:a8:a7:54:10:88:ed:28: + c9:19:9b:b0:4b:67:c1:42:ec:a3:5d:8b:bd:47:fd: + 9d:2c:ad:81:5c:2f:82:13:c4:cf:84:b4:64:ef:e9: + ef:7d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 86:39:F7:45:1C:19:7F:C1:8D:93:B7:C6:18:53:8E:CD:82:EA:78:8A + X509v3 Authority Key Identifier: + keyid:05:83:C2:37:26:DF:09:D8:02:81:82:DF:E5:5C:1C:FC:EB:A2:36:22 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 47:fd:b0:3b:f6:57:43:83:51:b5:c1:d2:fe:fa:b3:ee:54:6e: + 32:10:ce:da:18:be:2f:57:11:44:7e:5d:e8:09:54:dc:44:5b: + fd:17:ce:7f:97:64:1d:f8:32:61:33:55:2f:05:37:b8:35:49: + bf:41:9e:5a:0f:29:76:e2:f2:c6:f2:5a:9e:87:b9:2e:cd:ad: + 84:6b:8d:b9:71:df:a6:dc:32:36:69:25:29:8e:11:77:83:a8: + d6:aa:e5:18:89:ab:15:eb:0c:cd:24:56:6d:81:ed:08:ee:f3: + 57:59:97:41:74:3e:31:7d:ab:b1:32:bb:95:ae:1f:8a:83:60: + a4:3d:72:0e:c1:28:05:7e:4b:2e:37:64:36:f5:00:b8:50:6b: + 66:3f:23:b5:c6:1a:07:b6:c6:fa:44:69:f5:36:0a:3c:d0:16: + 00:db:4d:92:da:a6:27:89:25:df:9e:c9:48:9d:dd:10:d9:4e: + 2b:7a:cb:61:5d:32:3a:64:a8:8f:29:eb:19:68:0b:de:b5:3b: + e9:76:49:7d:93:c3:6e:75:b8:cf:ca:af:6e:37:1b:38:e4:c3: + e8:41:4f:99:dd:af:c0:4e:96:aa:50:70:95:a9:1a:cc:ef:43: + b7:08:f0:e9:0b:a7:d8:21:36:ba:98:ea:4f:db:3e:aa:4c:92: + 84:36:cd:1e +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD +VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/Ijpe3Q +mNQH2kbvrlgrS/s8LEGmIEUZxGE/R6TbzxZzJVb9PdsCYDqmfQV26U7KUWR4WIJV +QkOS54XnT8xekv16vervXzMzRG8ppeRRsVe6Ucy02tmZJF2Cx4iwfJf2CjzRFKmR +zLcbFJi2zMjI5znHvQUxI9KVF2HIt44tcIQ9YxG71NWS4Elw8St11qUpIA8Cuo/T +zGELevq8bL5OoDnutOUHkLd3mJaVRTizpcTDl+7ucMd4vrdQumIAL6aeGptQ1gj9 +/rnghaznke+pQaBiNcSLwHhZbqinVBCI7SjJGZuwS2fBQuyjXYu9R/2dLK2BXC+C +E8TPhLRk7+nvfQIDAQABo4HfMIHcMB0GA1UdDgQWBBSGOfdFHBl/wY2Tt8YYU47N +gup4ijAfBgNVHSMEGDAWgBQFg8I3Jt8J2AKBgt/lXBz866I2IjA/BggrBgEFBQcB +AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh +dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl +cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAR/2wO/ZXQ4NRtcHS/vqz7lRuMhDO2hi+L1cR +RH5d6AlU3ERb/RfOf5dkHfgyYTNVLwU3uDVJv0GeWg8pduLyxvJanoe5Ls2thGuN +uXHfptwyNmklKY4Rd4Oo1qrlGImrFesMzSRWbYHtCO7zV1mXQXQ+MX2rsTK7la4f +ioNgpD1yDsEoBX5LLjdkNvUAuFBrZj8jtcYaB7bG+kRp9TYKPNAWANtNktqmJ4kl +357JSJ3dENlOK3rLYV0yOmSojynrGWgL3rU76XZJfZPDbnW4z8qvbjcbOOTD6EFP +md2vwE6WqlBwlakazO9Dtwjw6Qun2CE2upjqT9s+qkyShDbNHg== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c5:f5:38:66:89:22:6a:2f:55:0b:c5:a1:bc:72: + 98:d9:66:94:3f:12:5c:a2:ec:6f:d1:5f:79:68:a2: + 3e:14:fd:b6:75:20:c6:ba:15:69:e4:10:8c:9e:fa: + bf:56:02:1b:c9:6b:f1:a2:d6:f1:cf:32:1e:37:db: + ae:a1:bd:af:57:b3:7a:de:52:44:46:d8:e5:34:41: + 51:55:87:4a:15:b1:a8:4e:ba:48:38:4f:41:b0:ae: + ef:c8:35:a1:ce:9f:2b:a0:84:89:a7:32:62:2e:85: + 66:90:a5:ba:e3:4f:4a:87:1c:4e:b1:59:1c:82:ce: + cd:32:f8:9c:3a:9e:79:32:88:f7:18:ea:7e:d0:f9: + 75:d1:b2:6c:bf:0c:7b:eb:52:80:2c:c0:0d:93:2d: + a5:45:5f:3d:3c:f2:9b:8a:a5:67:b0:bb:af:8d:1b: + f9:a3:57:55:f9:de:02:a9:4d:27:6d:ae:ff:65:04: + ce:22:2e:44:8f:3a:dd:e6:ee:07:a4:78:6f:a0:1e: + a8:f0:c1:35:bb:eb:6c:33:65:32:a8:e6:c9:38:8a: + cb:63:03:35:00:93:68:3f:2f:fc:f7:3e:2c:9d:4c: + 42:53:c4:49:8f:fe:2a:48:94:09:f5:dd:cd:bd:0e: + 44:21:6d:52:81:20:f4:f6:92:78:98:fd:4b:50:79: + 5e:7d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 05:83:C2:37:26:DF:09:D8:02:81:82:DF:E5:5C:1C:FC:EB:A2:36:22 + X509v3 Authority Key Identifier: + keyid:3E:D6:2F:0D:F6:31:B3:AD:E0:AA:1D:00:88:8E:39:FB:C3:E4:BC:BA + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + 92:2c:74:a2:94:0e:a8:cc:ca:17:ab:1f:c1:35:97:45:2f:63: + 6c:a7:d7:6a:a6:5a:8d:d0:1d:d5:9f:35:9d:bb:10:ba:b2:2f: + c7:41:95:7c:ac:f7:12:3d:8e:6e:af:c5:f6:ff:c0:34:7b:b3: + d0:c8:f4:ba:3d:c1:72:9c:90:10:73:de:bf:9c:50:fe:a3:a5: + 1f:93:15:4b:30:a4:ae:6c:76:ac:7c:d2:94:45:0b:05:8a:ef: + f8:b3:a1:1e:e0:ca:ca:b6:3b:1f:11:a5:64:b7:d4:bd:67:7e: + da:2d:84:f5:ba:e9:42:da:49:cb:1e:b7:51:e6:12:1b:f2:1c: + 8e:79:10:f4:00:fd:8d:e4:26:75:0b:85:6a:48:74:f1:e6:cf: + b2:92:f2:ad:df:da:b9:3c:32:70:e6:b0:16:12:bd:bf:64:45: + a7:43:8d:47:1c:f9:13:04:6f:57:f8:72:d2:68:e9:f0:c7:1e: + c8:d9:b2:05:fd:aa:36:85:f9:2c:09:43:b4:8a:14:ee:7f:82: + f3:47:67:0a:bb:7e:a1:13:6f:38:54:88:5e:87:e3:79:ee:f0: + c4:3f:76:96:5e:1d:d0:c7:4a:23:3d:d2:d6:bd:b9:ce:fb:5f: + 69:92:e3:c9:b8:4a:be:75:32:e4:f6:61:0a:38:65:16:28:59: + 48:94:5d:58 +-----BEGIN CERTIFICATE----- +MIIDhjCCAm6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfU4Zoki +ai9VC8WhvHKY2WaUPxJcouxv0V95aKI+FP22dSDGuhVp5BCMnvq/VgIbyWvxotbx +zzIeN9uuob2vV7N63lJERtjlNEFRVYdKFbGoTrpIOE9BsK7vyDWhzp8roISJpzJi +LoVmkKW6409KhxxOsVkcgs7NMvicOp55Moj3GOp+0Pl10bJsvwx761KALMANky2l +RV89PPKbiqVnsLuvjRv5o1dV+d4CqU0nba7/ZQTOIi5Ejzrd5u4HpHhvoB6o8ME1 +u+tsM2UyqObJOIrLYwM1AJNoPy/89z4snUxCU8RJj/4qSJQJ9d3NvQ5EIW1SgSD0 +9pJ4mP1LUHlefQIDAQABo4HkMIHhMB0GA1UdDgQWBBQFg8I3Jt8J2AKBgt/lXBz8 +66I2IjAfBgNVHSMEGDAWgBQ+1i8N9jGzreCqHQCIjjn7w+S8ujA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAwDjAMBgorBgEE +AdZ5AgUCMA0GCSqGSIb3DQEBCwUAA4IBAQCSLHSilA6ozMoXqx/BNZdFL2Nsp9dq +plqN0B3VnzWduxC6si/HQZV8rPcSPY5ur8X2/8A0e7PQyPS6PcFynJAQc96/nFD+ +o6UfkxVLMKSubHasfNKURQsFiu/4s6Ee4MrKtjsfEaVkt9S9Z37aLYT1uulC2knL +HrdR5hIb8hyOeRD0AP2N5CZ1C4VqSHTx5s+ykvKt39q5PDJw5rAWEr2/ZEWnQ41H +HPkTBG9X+HLSaOnwxx7I2bIF/ao2hfksCUO0ihTuf4LzR2cKu36hE284VIheh+N5 +7vDEP3aWXh3Qx0ojPdLWvbnO+19pkuPJuEq+dTLk9mEKOGUWKFlIlF1Y +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:b7:b7:b9:aa:ed:10:09:6d:50:62:43:51:cf: + e6:d8:4f:84:6c:98:1b:4d:a8:85:f0:d9:ae:db:4e: + 7d:c8:8d:1c:48:eb:24:7e:66:0d:9b:54:15:12:5c: + 07:e3:7a:db:4a:4a:8a:62:6b:71:8e:bc:55:0b:3f: + 9b:60:a3:15:6a:1f:2f:49:cc:2b:09:a3:1a:1f:4b: + 86:e1:82:5f:78:3e:e7:1e:84:42:1b:e1:fc:0c:f6: + 47:92:29:74:e8:49:c8:33:ee:25:ba:36:5a:8c:34: + ba:e4:07:a0:a4:eb:fb:cd:ab:ae:d4:d6:51:a1:63: + fb:e7:f3:03:c0:1b:8b:9b:a0:2a:9f:f6:ac:58:ef: + 3c:9d:58:42:b9:53:66:06:90:1d:0c:30:5d:db:f5: + 2d:13:da:ce:09:05:2d:d4:65:9b:c0:f8:37:07:95: + d4:fc:fc:a6:a0:cf:8f:77:b8:06:0f:22:5e:12:10: + 96:58:64:f1:d9:1a:9d:9e:16:47:3b:ce:dd:8f:8f: + 6e:06:23:1c:52:10:f1:3e:e6:4d:a8:40:fc:17:5f: + fa:9f:d9:1f:81:40:39:4f:8b:f3:74:ba:b5:07:b0: + fc:2d:ef:58:d2:db:3f:1f:04:b7:7c:d6:80:5c:59: + 4b:29:74:d8:5f:99:8e:f0:bc:c1:20:2c:34:24:eb: + be:e9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3E:D6:2F:0D:F6:31:B3:AD:E0:AA:1D:00:88:8E:39:FB:C3:E4:BC:BA + X509v3 Authority Key Identifier: + keyid:3E:D6:2F:0D:F6:31:B3:AD:E0:AA:1D:00:88:8E:39:FB:C3:E4:BC:BA + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 51:75:c8:11:3e:1f:f6:8f:29:97:5a:ef:41:d3:60:7c:61:41: + 4f:03:1a:17:db:92:a3:fd:72:11:05:c7:6a:5f:a7:30:76:41: + dd:b4:f0:f9:30:ab:d9:3f:6c:3e:2a:63:45:a9:7f:32:aa:05: + 0b:0f:c1:84:57:c9:0b:4e:f8:86:7e:c9:cc:e9:52:83:a2:c0: + 73:c1:06:f8:eb:af:0a:a9:8e:6a:12:77:f9:e3:77:f0:a8:fa: + fb:af:76:4e:c4:5a:e6:60:c6:8b:24:10:4f:5e:07:d4:4e:4d: + 78:c6:9b:5d:40:ef:a5:c3:2e:3b:1d:f6:1b:98:3c:d2:ed:ba: + 47:d6:11:af:f0:21:65:a3:72:f8:ce:29:5f:f4:e7:bc:2b:0a: + fe:d8:c3:76:28:73:67:5d:dd:9c:2c:7a:d7:f6:1b:c6:c3:10: + 10:9d:34:8e:bd:00:46:9e:9d:41:64:23:36:ed:b6:d0:29:2b: + 88:cc:9d:66:20:9f:14:d1:13:6c:9b:9f:84:04:c5:8c:e3:50: + 0c:2c:f5:2e:5c:e7:a2:74:b2:8a:ee:ae:2f:d0:c8:18:43:2d: + ad:3e:cb:f6:ad:9c:ab:27:ba:b3:15:82:03:e6:ee:69:0a:cb: + 01:4f:fb:54:b3:e0:75:d5:10:ad:7d:c5:f8:84:4a:d8:88:85: + 7a:20:0d:a6 +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN63t7mq7RAJbVBiQ1HP +5thPhGyYG02ohfDZrttOfciNHEjrJH5mDZtUFRJcB+N620pKimJrcY68VQs/m2Cj +FWofL0nMKwmjGh9LhuGCX3g+5x6EQhvh/Az2R5IpdOhJyDPuJbo2Wow0uuQHoKTr ++82rrtTWUaFj++fzA8Abi5ugKp/2rFjvPJ1YQrlTZgaQHQwwXdv1LRPazgkFLdRl +m8D4NweV1Pz8pqDPj3e4Bg8iXhIQllhk8dkanZ4WRzvO3Y+PbgYjHFIQ8T7mTahA +/Bdf+p/ZH4FAOU+L83S6tQew/C3vWNLbPx8Et3zWgFxZSyl02F+ZjvC8wSAsNCTr +vukCAwEAAaOByzCByDAdBgNVHQ4EFgQUPtYvDfYxs63gqh0AiI45+8PkvLowHwYD +VR0jBBgwFoAUPtYvDfYxs63gqh0AiI45+8PkvLowNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBRdcgRPh/2 +jymXWu9B02B8YUFPAxoX25Kj/XIRBcdqX6cwdkHdtPD5MKvZP2w+KmNFqX8yqgUL +D8GEV8kLTviGfsnM6VKDosBzwQb4668KqY5qEnf543fwqPr7r3ZOxFrmYMaLJBBP +XgfUTk14xptdQO+lwy47HfYbmDzS7bpH1hGv8CFlo3L4zilf9Oe8Kwr+2MN2KHNn +Xd2cLHrX9hvGwxAQnTSOvQBGnp1BZCM27bbQKSuIzJ1mIJ8U0RNsm5+EBMWM41AM +LPUuXOeidLKK7q4v0MgYQy2tPsv2rZyrJ7qzFYID5u5pCssBT/tUs+B11RCtfcX4 +hErYiIV6IA2m +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/policies_ica_none_leaf_anypolicy.pem b/test/data/cast/common/certificate/certificates/policies_ica_none_leaf_anypolicy.pem new file mode 100644 index 00000000..6d5208da --- /dev/null +++ b/test/data/cast/common/certificate/certificates/policies_ica_none_leaf_anypolicy.pem @@ -0,0 +1,278 @@ +[Created by: generate_policies_tests.py] + +Cast certificate chain with the following policies: + + Root: policies={} + Intermediate: policies={} + Leaf: policies={anyPolicy} + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Leaf + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:cf:15:82:72:db:54:3a:13:1f:6a:ec:55:74:fd: + c5:29:b8:33:8b:0e:f9:ab:33:6a:e7:46:e2:5c:96: + 2f:4d:50:42:a6:dc:2e:55:d3:61:01:6b:c4:a8:8d: + ab:05:79:e9:42:28:8a:5a:c2:47:29:9b:99:9a:ab: + f8:64:35:75:9b:a0:8e:ce:1e:f5:b2:47:ee:90:23: + 12:29:e9:4b:1b:1a:59:34:e3:ba:38:7a:83:d5:ce: + ce:39:39:78:8d:d1:93:20:4c:0f:60:b5:ac:9a:80: + a5:4c:d8:4e:f0:88:89:1b:d9:7a:63:8f:9b:19:75: + c5:d2:ef:48:6b:79:eb:cf:61:6d:22:a1:b7:3b:40: + 20:d2:ae:f6:48:b2:88:90:40:3f:f2:75:a9:ad:2c: + 76:ab:ca:d8:61:06:93:1c:d4:f5:a4:d8:d9:09:c9: + 1f:0d:ef:26:37:50:ad:cf:a1:a1:89:00:56:7f:92: + cf:6b:ec:0f:76:55:ab:81:55:a7:2e:8f:5e:69:c9: + 23:38:a2:18:61:20:bf:e5:c7:82:4a:d9:d0:77:03: + 35:8a:4d:43:c1:30:f8:67:b5:83:29:8c:df:a8:9d: + 0e:d6:98:64:8f:77:36:13:fc:1d:40:de:3b:3d:4c: + 19:24:cc:07:68:93:36:b5:1a:0c:fc:4e:17:95:6d: + 3a:55 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 69:F1:3A:B2:9E:B9:B5:10:AF:79:90:80:34:9D:B9:BD:1C:B0:90:A6 + X509v3 Authority Key Identifier: + keyid:2F:57:CF:1E:AE:33:BF:E2:E3:98:F4:28:80:63:6B:FF:29:21:8F:76 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + + Signature Algorithm: sha256WithRSAEncryption + 22:71:c6:67:ab:c1:d7:29:f4:41:6a:da:54:06:9d:26:f2:10: + cd:04:0d:f5:99:34:3e:08:6a:be:ff:d0:18:10:63:4d:79:46: + b5:28:b4:db:d1:27:4f:79:55:dc:45:30:d9:ba:99:7a:d7:bc: + de:14:1e:73:f2:82:2e:ca:6d:45:e4:98:28:cd:a0:28:e9:86: + 33:93:c6:c4:f0:7a:b9:bf:1d:69:6d:b8:1e:eb:81:85:a6:ad: + d0:c9:af:e2:20:5f:e5:8b:40:7b:61:0c:b8:8c:9e:cc:14:9d: + 0e:c5:e9:13:e3:30:ed:83:d3:ac:ba:cf:3e:04:20:1c:ba:07: + 2d:e7:81:0b:b0:1b:d4:7c:d9:3a:92:5d:54:44:c0:79:b9:d8: + 4f:0f:79:b2:63:ee:2f:ae:2f:00:97:7b:47:92:97:19:dd:25: + 10:a7:5a:40:ec:eb:dc:b5:c8:05:ab:2e:dc:1a:c2:06:fb:90: + b1:88:af:27:56:b5:a1:c0:a8:f5:65:3f:98:bf:0f:16:70:41: + c3:cd:fa:c5:f2:fc:21:2a:25:db:98:1e:1f:ab:a7:b0:a2:7f: + 1a:72:9f:6f:9a:84:81:7d:99:4a:09:13:2f:30:50:fc:98:da: + 0c:c0:fd:bc:7c:84:66:dc:d3:8d:52:73:28:cd:ee:1e:c7:8f: + e5:5d:1c:f7 +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIBBzANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD +VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxWCcttU +OhMfauxVdP3FKbgziw75qzNq50biXJYvTVBCptwuVdNhAWvEqI2rBXnpQiiKWsJH +KZuZmqv4ZDV1m6COzh71skfukCMSKelLGxpZNOO6OHqD1c7OOTl4jdGTIEwPYLWs +moClTNhO8IiJG9l6Y4+bGXXF0u9Ia3nrz2FtIqG3O0Ag0q72SLKIkEA/8nWprSx2 +q8rYYQaTHNT1pNjZCckfDe8mN1Ctz6GhiQBWf5LPa+wPdlWrgVWnLo9eackjOKIY +YSC/5ceCStnQdwM1ik1DwTD4Z7WDKYzfqJ0O1phkj3c2E/wdQN47PUwZJMwHaJM2 +tRoM/E4XlW06VQIDAQABo4HyMIHvMB0GA1UdDgQWBBRp8Tqynrm1EK95kIA0nbm9 +HLCQpjAfBgNVHSMEGDAWgBQvV88erjO/4uOY9CiAY2v/KSGPdjA/BggrBgEFBQcB +AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh +dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl +cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +AjARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBACJxxmerwdcp +9EFq2lQGnSbyEM0EDfWZND4Iar7/0BgQY015RrUotNvRJ095VdxFMNm6mXrXvN4U +HnPygi7KbUXkmCjNoCjphjOTxsTwerm/HWltuB7rgYWmrdDJr+IgX+WLQHthDLiM +nswUnQ7F6RPjMO2D06y6zz4EIBy6By3ngQuwG9R82TqSXVREwHm52E8PebJj7i+u +LwCXe0eSlxndJRCnWkDs69y1yAWrLtwawgb7kLGIrydWtaHAqPVlP5i/DxZwQcPN ++sXy/CEqJduYHh+rp7Cifxpyn2+ahIF9mUoJEy8wUPyY2gzA/bx8hGbc041ScyjN +7h7Hj+VdHPc= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14 (0xe) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:dc:65:d8:cd:cf:c3:59:0c:3f:6e:3a:3e:47:36: + 78:2b:84:8d:79:6d:e0:ca:4b:87:6c:48:6c:48:e4: + 55:83:5f:c9:32:65:56:6c:fa:13:67:1d:2b:da:8f: + 01:7e:ea:bd:fa:69:ed:29:9f:28:6a:b4:07:a2:10: + 15:28:46:01:b7:27:5b:3a:61:03:47:6a:fe:d2:71: + e7:aa:b7:f4:a8:29:74:cc:7e:a0:52:c1:f6:fb:81: + 90:77:55:e6:03:8a:d9:d0:e5:5e:31:1b:0d:52:7f: + 2c:4d:2d:37:7c:e9:66:1f:a9:eb:45:9a:e8:bd:a7: + 4d:5d:4a:fe:21:4b:2c:a2:3a:b5:e6:81:fd:fc:d0: + af:96:02:53:1e:b3:07:1c:9b:25:d5:a7:d9:22:6a: + e4:50:4a:86:bf:9b:54:02:04:28:6f:e2:47:c3:f8: + 02:af:ed:10:f3:f5:68:f3:ca:8b:41:85:b3:63:61: + 23:22:79:fa:0a:0f:5e:a0:5c:67:61:9b:12:e7:02: + 2f:63:da:a2:79:e3:94:10:44:2f:bd:78:62:c0:73: + f0:d0:76:ff:a1:8b:2f:be:f3:87:fa:5e:8b:63:5d: + cd:73:42:e3:a1:84:c5:a4:62:37:6f:8a:2c:2a:3d: + 97:5c:0c:00:52:e7:85:b5:a1:f9:39:b0:13:ca:a5: + 12:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 2F:57:CF:1E:AE:33:BF:E2:E3:98:F4:28:80:63:6B:FF:29:21:8F:76 + X509v3 Authority Key Identifier: + keyid:E4:A1:AC:CB:CC:C3:AD:20:0C:B2:59:77:33:E0:71:96:CC:C3:13:75 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 9b:ee:65:41:e3:21:87:17:8e:50:68:34:5e:07:9e:bf:34:eb: + 73:db:d6:f9:a0:86:68:bc:e1:49:3a:81:fd:6b:16:ac:a9:fa: + c5:c9:04:78:3e:4a:00:1d:a9:67:a3:54:2a:40:44:bb:9a:6d: + 0f:e7:2d:97:0e:c3:0a:e9:78:87:90:e3:73:63:53:4e:96:e7: + 07:f0:04:9f:57:c4:7a:54:06:10:db:a9:b6:5e:c6:2e:64:62: + 5d:da:c9:ea:91:56:aa:b2:43:c9:00:6b:60:f8:ab:28:41:59: + 27:24:de:e7:bb:fd:54:49:d5:df:df:c2:b1:1b:ca:a7:37:83: + f6:bc:0e:d6:87:cb:f7:f1:8a:5f:31:a9:32:c8:ca:1c:bd:ab: + b8:0b:13:17:5a:ec:6a:57:7f:db:a6:9d:d8:e1:d5:50:f6:15: + 08:a2:95:6a:1e:c2:ae:8d:b0:72:bb:12:84:2d:ab:10:e0:2f: + af:28:33:64:1f:3d:9b:f3:03:60:8d:58:81:6e:9b:ac:89:c9: + 06:33:06:d5:4a:e6:c3:81:34:47:6d:9b:2d:a0:30:df:f3:a7: + 17:1d:07:29:55:20:97:20:69:5b:25:fe:c4:ff:ff:32:df:41: + a2:bc:6b:85:6d:f3:3a:d4:13:42:81:6c:5e:6b:5f:7f:fc:30: + d1:3a:13:b6 +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBDjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GXYzc/D +WQw/bjo+RzZ4K4SNeW3gykuHbEhsSORVg1/JMmVWbPoTZx0r2o8Bfuq9+mntKZ8o +arQHohAVKEYBtydbOmEDR2r+0nHnqrf0qCl0zH6gUsH2+4GQd1XmA4rZ0OVeMRsN +Un8sTS03fOlmH6nrRZrovadNXUr+IUssojq15oH9/NCvlgJTHrMHHJsl1afZImrk +UEqGv5tUAgQob+JHw/gCr+0Q8/Vo88qLQYWzY2EjInn6Cg9eoFxnYZsS5wIvY9qi +eeOUEEQvvXhiwHPw0Hb/oYsvvvOH+l6LY13Nc0LjoYTFpGI3b4osKj2XXAwAUueF +taH5ObATyqUS8wIDAQABo4HLMIHIMB0GA1UdDgQWBBQvV88erjO/4uOY9CiAY2v/ +KSGPdjAfBgNVHSMEGDAWgBTkoazLzMOtIAyyWXcz4HGWzMMTdTA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AJvuZUHjIYcXjlBoNF4Hnr8063Pb1vmghmi84Uk6gf1rFqyp+sXJBHg+SgAdqWej +VCpARLuabQ/nLZcOwwrpeIeQ43NjU06W5wfwBJ9XxHpUBhDbqbZexi5kYl3ayeqR +VqqyQ8kAa2D4qyhBWSck3ue7/VRJ1d/fwrEbyqc3g/a8DtaHy/fxil8xqTLIyhy9 +q7gLExda7GpXf9umndjh1VD2FQiilWoewq6NsHK7EoQtqxDgL68oM2QfPZvzA2CN +WIFum6yJyQYzBtVK5sOBNEdtmy2gMN/zpxcdBylVIJcgaVsl/sT//zLfQaK8a4Vt +8zrUE0KBbF5rX3/8MNE6E7Y= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13 (0xd) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:df:14:ae:c9:18:37:0f:37:56:f3:f0:a6:cf:84: + 38:c2:48:88:e4:49:a5:db:0d:29:1c:71:e4:9b:2b: + 1b:23:c4:2f:2e:4a:02:c7:f7:d7:84:e5:67:f5:ab: + b2:99:49:65:82:96:70:3d:35:33:9b:da:77:4f:e0: + 02:01:dd:cb:a3:0f:1b:e4:48:6b:f1:d9:14:97:3d: + b5:b7:a7:29:6f:ce:74:47:73:df:23:3e:40:6f:01: + 4f:6e:d3:bd:0d:23:be:94:bd:e3:a0:34:1f:8c:3a: + 80:eb:98:4a:fa:2a:00:ee:0d:da:fb:f6:69:c1:73: + cc:0f:c0:23:c6:6f:1e:af:4c:d5:42:79:00:66:19: + ae:4b:c0:ed:52:a3:bf:40:4c:98:ec:92:97:d8:af: + d9:e7:47:8a:23:f7:76:b6:43:a7:bd:ee:4d:3a:4c: + 6f:1d:1b:2a:aa:c0:39:3a:e2:b5:27:dc:58:d9:b6: + 60:c5:84:77:9d:66:da:76:d3:12:de:93:37:c5:b8: + aa:dc:39:3a:2d:be:65:45:de:d9:eb:e0:0c:53:51: + ee:0b:96:9b:72:21:eb:53:5c:3b:3b:82:d8:2f:10: + 56:04:c3:12:73:f7:72:d3:30:50:ee:1d:99:6b:02: + 39:40:a1:36:fd:27:5d:f4:82:19:21:3c:68:54:e7: + d1:19 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + E4:A1:AC:CB:CC:C3:AD:20:0C:B2:59:77:33:E0:71:96:CC:C3:13:75 + X509v3 Authority Key Identifier: + keyid:E4:A1:AC:CB:CC:C3:AD:20:0C:B2:59:77:33:E0:71:96:CC:C3:13:75 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 7e:6f:b9:38:cc:e4:f7:f5:2b:de:1e:b4:1c:46:71:0e:f0:e0: + 2b:88:cd:e2:fe:d5:de:ec:87:c4:f2:fc:32:71:6d:f5:eb:f3: + 26:70:ae:48:45:6e:a6:8b:30:38:d1:30:8a:36:d8:27:6e:83: + f4:f2:96:68:db:d6:36:c7:ed:d7:d1:13:04:bf:5a:1c:8b:70: + 3e:fd:ca:50:ac:a6:21:0f:22:61:78:d8:5d:46:7e:48:ca:23: + 24:06:5e:91:09:cf:ef:0e:15:4c:c9:4a:83:b4:a7:c0:1b:93: + 9b:2a:a9:4d:3c:ad:49:b2:7c:6b:f3:b1:be:63:d2:80:c8:86: + 28:6f:87:f3:84:d2:c7:37:26:8b:f5:8c:93:89:8b:9a:32:bb: + e9:b6:50:b8:f2:8c:b8:06:f6:32:ee:2d:d4:d2:c8:bc:6d:8e: + ba:02:94:f7:68:c1:c5:6f:01:68:e3:14:31:2e:f8:90:6f:91: + 36:2e:ce:3d:3b:e3:f4:90:f8:7d:ac:b6:a2:ab:d2:ea:e1:24: + 67:25:4e:c0:65:d0:13:df:97:a6:02:b9:67:80:2d:4e:3d:da: + bc:d4:e5:53:9a:d2:91:48:33:47:d8:c4:e9:d0:8f:18:85:76: + df:d6:c0:92:90:8c:de:9e:7b:cc:1d:1c:3e:d3:c3:4b:be:e8: + e0:2c:3d:2b +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBDTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN8UrskYNw83VvPwps+E +OMJIiORJpdsNKRxx5JsrGyPELy5KAsf314TlZ/WrsplJZYKWcD01M5vad0/gAgHd +y6MPG+RIa/HZFJc9tbenKW/OdEdz3yM+QG8BT27TvQ0jvpS946A0H4w6gOuYSvoq +AO4N2vv2acFzzA/AI8ZvHq9M1UJ5AGYZrkvA7VKjv0BMmOySl9iv2edHiiP3drZD +p73uTTpMbx0bKqrAOTritSfcWNm2YMWEd51m2nbTEt6TN8W4qtw5Oi2+ZUXe2evg +DFNR7guWm3Ih61NcOzuC2C8QVgTDEnP3ctMwUO4dmWsCOUChNv0nXfSCGSE8aFTn +0RkCAwEAAaOByzCByDAdBgNVHQ4EFgQU5KGsy8zDrSAMsll3M+BxlszDE3UwHwYD +VR0jBBgwFoAU5KGsy8zDrSAMsll3M+BxlszDE3UwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB+b7k4zOT3 +9SveHrQcRnEO8OAriM3i/tXe7IfE8vwycW316/MmcK5IRW6mizA40TCKNtgnboP0 +8pZo29Y2x+3X0RMEv1oci3A+/cpQrKYhDyJheNhdRn5IyiMkBl6RCc/vDhVMyUqD +tKfAG5ObKqlNPK1Jsnxr87G+Y9KAyIYob4fzhNLHNyaL9YyTiYuaMrvptlC48oy4 +BvYy7i3U0si8bY66ApT3aMHFbwFo4xQxLviQb5E2Ls49O+P0kPh9rLaiq9Lq4SRn +JU7AZdAT35emArlngC1OPdq81OVTmtKRSDNH2MTp0I8YhXbf1sCSkIzennvMHRw+ +08NLvujgLD0r +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/policies_ica_none_leaf_audioonly.pem b/test/data/cast/common/certificate/certificates/policies_ica_none_leaf_audioonly.pem new file mode 100644 index 00000000..dd65056c --- /dev/null +++ b/test/data/cast/common/certificate/certificates/policies_ica_none_leaf_audioonly.pem @@ -0,0 +1,278 @@ +[Created by: generate_policies_tests.py] + +Cast certificate chain with the following policies: + + Root: policies={} + Intermediate: policies={} + Leaf: policies={audioOnly} + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Leaf + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ce:cf:14:1b:85:8a:fe:37:1a:11:aa:1b:4e:00: + f4:87:22:32:a2:69:45:94:a5:69:c3:06:ea:49:cf: + 1c:a3:37:70:e7:99:11:b6:cc:16:fa:ca:e7:a6:24: + 9e:1d:fb:29:08:87:3c:df:38:4d:86:c5:56:62:dc: + 47:8a:ba:89:93:97:08:3d:37:91:88:41:1c:c4:37: + 8f:c0:b5:90:2e:3d:67:8c:ea:49:30:c1:89:8e:7c: + 7e:a6:4a:9c:b7:66:6a:f3:fc:f4:00:ec:ca:52:d3: + 59:b3:ac:ef:d5:8b:71:1b:d0:4c:35:0c:ff:df:d8: + 7d:12:d6:98:78:08:02:49:2f:dc:ce:f2:1d:42:49: + b6:2c:9b:71:8e:c0:b6:61:a2:d7:5b:91:6d:36:1e: + 7d:9d:02:6e:b2:07:01:b1:33:13:a1:04:c9:1d:34: + 86:6a:2f:9f:37:7b:2e:51:03:3a:44:48:d3:a2:cf: + 91:de:62:84:a1:e7:8c:8d:cb:bf:ef:ef:50:81:a1: + 0b:19:ac:6b:91:a1:a0:d9:f9:a0:fb:b4:38:fb:99: + 84:ce:3f:61:0c:0f:5d:1f:63:3e:25:d2:75:35:af: + af:96:c8:94:a3:de:3f:0a:1d:1f:e0:6f:c8:8d:8a: + d6:f7:71:27:c2:15:ad:8c:d8:89:23:72:61:22:51: + 23:05 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + FC:0C:BC:60:61:F0:88:F1:90:76:19:33:F5:69:D3:B9:B3:4A:1B:C4 + X509v3 Authority Key Identifier: + keyid:2B:C4:DA:B5:A0:44:1C:31:AA:B3:55:36:E2:8B:DE:4A:47:67:81:40 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.11129.2.5.2 + + Signature Algorithm: sha256WithRSAEncryption + 1f:da:82:97:e6:d1:3e:8a:15:f9:7f:eb:3f:2f:0b:e4:df:34: + fe:ad:97:3f:ed:12:61:20:ac:4d:09:d5:5e:d6:b2:b3:43:d7: + 24:76:49:c3:e8:15:e5:6a:7d:a8:e0:ee:06:96:73:42:75:e2: + d7:d3:87:e9:d7:c2:e0:cc:7c:38:81:75:fc:10:62:4f:1e:83: + 5c:4c:76:5d:40:8d:cb:1d:d2:ea:11:b9:13:93:08:98:80:ea: + d1:65:3d:e6:68:a7:5e:fe:24:f0:eb:65:0a:65:3e:39:dc:b1: + 20:52:5e:2e:c2:7f:29:07:9c:97:dd:12:29:da:44:b5:64:6c: + 77:e0:6d:43:3a:d3:bc:19:a2:6e:88:e6:27:4a:66:ba:55:cc: + d7:ab:61:75:f1:80:c1:95:e1:a6:76:1b:7b:7d:b1:fa:14:61: + 0e:21:5c:3c:72:ca:c9:4d:66:f9:d4:4d:8e:73:4f:ad:09:c3: + 60:c7:c6:09:f6:2a:1b:32:cf:e1:62:bd:45:35:ab:80:66:48: + 67:36:e2:94:21:44:b5:1e:6d:b0:99:d8:b7:d3:5a:67:f3:c3: + e4:78:41:64:44:45:cd:72:45:58:c0:fd:56:79:ea:d8:df:72: + 64:c4:2e:fe:e5:ee:93:44:3f:34:2f:70:6e:82:24:71:12:68: + a6:fc:22:f1 +-----BEGIN CERTIFICATE----- +MIIDmjCCAoKgAwIBAgIBBjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD +VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzs8UG4WK +/jcaEaobTgD0hyIyomlFlKVpwwbqSc8cozdw55kRtswW+srnpiSeHfspCIc83zhN +hsVWYtxHirqJk5cIPTeRiEEcxDePwLWQLj1njOpJMMGJjnx+pkqct2Zq8/z0AOzK +UtNZs6zv1YtxG9BMNQz/39h9EtaYeAgCSS/czvIdQkm2LJtxjsC2YaLXW5FtNh59 +nQJusgcBsTMToQTJHTSGai+fN3suUQM6REjTos+R3mKEoeeMjcu/7+9QgaELGaxr +kaGg2fmg+7Q4+5mEzj9hDA9dH2M+JdJ1Na+vlsiUo94/Ch0f4G/IjYrW93EnwhWt +jNiJI3JhIlEjBQIDAQABo4H4MIH1MB0GA1UdDgQWBBT8DLxgYfCI8ZB2GTP1adO5 +s0obxDAfBgNVHSMEGDAWgBQrxNq1oEQcMaqzVTbii95KR2eBQDA/BggrBgEFBQcB +AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh +dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl +cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +AjAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQIwDQYJKoZIhvcNAQELBQADggEBAB/a +gpfm0T6KFfl/6z8vC+TfNP6tlz/tEmEgrE0J1V7WsrND1yR2ScPoFeVqfajg7gaW +c0J14tfTh+nXwuDMfDiBdfwQYk8eg1xMdl1Ajcsd0uoRuROTCJiA6tFlPeZop17+ +JPDrZQplPjncsSBSXi7CfykHnJfdEinaRLVkbHfgbUM607wZom6I5idKZrpVzNer +YXXxgMGV4aZ2G3t9sfoUYQ4hXDxyyslNZvnUTY5zT60Jw2DHxgn2Khsyz+FivUU1 +q4BmSGc24pQhRLUebbCZ2LfTWmfzw+R4QWRERc1yRVjA/VZ56tjfcmTELv7l7pNE +PzQvcG6CJHESaKb8IvE= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12 (0xc) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:a0:23:b3:bd:d5:d1:c0:14:ed:17:0d:7e:1f: + 72:17:17:6e:29:31:10:57:f9:37:e7:c8:57:0d:0c: + 25:c4:fe:98:90:e1:2d:e8:86:23:27:a0:0e:30:81: + 60:c1:2b:ba:74:29:00:58:71:c6:d6:2c:b3:8f:4b: + 67:c5:a8:7a:5a:8b:28:5b:4e:3b:1b:c9:4e:44:66: + 38:71:ed:37:83:6d:6e:01:0f:a8:a5:42:f8:ea:4f: + 7e:15:01:f5:16:70:d4:d4:95:b2:79:ee:4d:5b:02: + 18:38:ee:2b:17:6b:47:41:6b:08:50:d4:7d:b8:9f: + 5a:01:4f:4b:19:d5:18:70:24:a9:2a:8e:05:a4:af: + 53:a0:43:1d:f0:9e:2c:b2:e0:2c:de:48:66:f3:f8: + 84:3c:fc:a7:a6:b7:cd:6f:33:43:9e:05:64:34:47: + 4d:de:36:17:5b:17:6b:31:80:6f:d0:05:3e:a0:25: + c1:78:36:dc:cb:82:3e:c7:46:a2:31:ba:3c:0b:2a: + cf:bb:c7:54:8a:2c:97:2c:b9:2a:d0:e7:c5:25:38: + 8f:ab:06:67:99:8a:a4:b7:09:38:13:92:d5:b0:fe: + 65:51:7f:65:01:f9:7b:23:86:87:a5:2b:33:c3:b4: + a1:9a:77:e2:f2:cc:a6:5f:fc:2b:f0:d4:c1:0a:9e: + a6:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 2B:C4:DA:B5:A0:44:1C:31:AA:B3:55:36:E2:8B:DE:4A:47:67:81:40 + X509v3 Authority Key Identifier: + keyid:55:BB:79:DB:0A:21:38:5B:B5:81:BD:78:5B:40:BE:D1:83:FD:41:69 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 0a:5e:0d:e7:9f:eb:e9:14:07:d7:94:6e:2e:25:ab:1b:5d:1d: + c8:81:3b:e5:1d:4b:8e:f1:31:05:99:e8:78:c2:d2:e2:24:69: + 3d:54:19:68:4f:9e:d6:eb:34:94:5d:f4:46:e4:40:f7:23:d9: + ca:43:d5:30:30:b9:1c:3a:4a:a8:4f:f5:e9:97:6b:13:ce:20: + 4b:cb:e6:2c:e5:ea:b5:0f:02:9f:32:55:ef:73:a4:ca:75:e5: + 10:04:10:36:b9:00:a1:22:bb:69:01:c3:96:8b:3c:55:f6:75: + 93:1b:d2:e6:9d:3c:ae:e2:56:66:08:eb:5f:bb:be:87:73:5f: + b4:e3:27:77:d9:83:e3:b5:5a:b2:20:c6:7e:23:b5:92:38:b9: + 3c:16:09:2d:dd:00:01:ec:bc:9b:2d:ba:81:a6:88:63:5e:81: + c2:22:bd:ae:43:38:49:89:53:23:a4:c6:02:ca:13:9a:0d:98: + f7:82:2f:23:2f:4d:4b:c0:a4:36:ed:e2:50:06:2d:98:30:78: + e3:35:60:3a:20:a0:be:9d:f4:5d:de:84:8d:6c:f9:4f:c5:e5: + e7:74:8d:8d:dd:2a:61:4f:91:a4:98:07:c2:b3:18:fd:27:3d: + 55:1e:04:89:d7:e6:81:0d:c6:0d:f0:45:c3:b3:b9:f3:69:4d: + 6b:3c:0b:05 +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBDDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3qAjs73V +0cAU7RcNfh9yFxduKTEQV/k358hXDQwlxP6YkOEt6IYjJ6AOMIFgwSu6dCkAWHHG +1iyzj0tnxah6WosoW047G8lORGY4ce03g21uAQ+opUL46k9+FQH1FnDU1JWyee5N +WwIYOO4rF2tHQWsIUNR9uJ9aAU9LGdUYcCSpKo4FpK9ToEMd8J4ssuAs3khm8/iE +PPynprfNbzNDngVkNEdN3jYXWxdrMYBv0AU+oCXBeDbcy4I+x0aiMbo8CyrPu8dU +iiyXLLkq0OfFJTiPqwZnmYqktwk4E5LVsP5lUX9lAfl7I4aHpSszw7Shmnfi8sym +X/wr8NTBCp6m/wIDAQABo4HLMIHIMB0GA1UdDgQWBBQrxNq1oEQcMaqzVTbii95K +R2eBQDAfBgNVHSMEGDAWgBRVu3nbCiE4W7WBvXhbQL7Rg/1BaTA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AApeDeef6+kUB9eUbi4lqxtdHciBO+UdS47xMQWZ6HjC0uIkaT1UGWhPntbrNJRd +9EbkQPcj2cpD1TAwuRw6SqhP9emXaxPOIEvL5izl6rUPAp8yVe9zpMp15RAEEDa5 +AKEiu2kBw5aLPFX2dZMb0uadPK7iVmYI61+7vodzX7TjJ3fZg+O1WrIgxn4jtZI4 +uTwWCS3dAAHsvJstuoGmiGNegcIiva5DOEmJUyOkxgLKE5oNmPeCLyMvTUvApDbt +4lAGLZgweOM1YDogoL6d9F3ehI1s+U/F5ed0jY3dKmFPkaSYB8KzGP0nPVUeBInX +5oENxg3wRcOzufNpTWs8CwU= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11 (0xb) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c7:a4:96:f2:24:b8:16:ab:04:c1:cb:e0:f0:94: + 36:75:84:9e:d3:64:35:28:f0:7b:76:09:65:78:1a: + 0f:cf:8c:9b:ac:fe:e2:e9:b8:67:4e:40:17:ec:4e: + 04:69:ce:73:dd:6d:87:06:24:ba:9f:30:1b:e1:57: + 5e:ab:13:a3:5b:b4:2b:05:9e:8b:40:f5:a9:db:41: + 0d:13:6e:f9:61:50:83:ea:f5:21:6d:54:0e:18:66: + 36:a3:5c:48:31:dc:50:b6:c0:78:91:6e:39:11:30: + 90:2e:40:46:33:9d:06:08:a4:4a:29:f7:1c:f4:60: + 80:f3:a7:42:aa:c6:f2:b2:44:f7:b2:29:65:06:bb: + 44:a1:58:86:7b:eb:15:04:b4:14:c7:e6:7d:c4:0a: + 1b:d3:25:c7:80:fc:9d:c5:b6:fd:92:c8:9d:ed:b6: + 94:5a:90:f5:1a:9d:d3:17:8c:09:bc:f0:d1:16:70: + 91:32:d0:b6:73:3e:f3:b2:48:03:65:fd:d4:6f:c4: + f8:6f:73:c5:21:6d:19:6b:c6:ce:b4:6d:3b:3e:a7: + 5f:a0:6b:e3:76:97:62:97:b9:ce:51:8e:c2:ab:4a: + 48:ea:a1:69:f9:e9:8e:1b:46:ee:44:fd:47:4b:c0: + 19:12:74:c7:44:25:97:39:6d:02:f4:41:ec:dc:33: + e4:25 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 55:BB:79:DB:0A:21:38:5B:B5:81:BD:78:5B:40:BE:D1:83:FD:41:69 + X509v3 Authority Key Identifier: + keyid:55:BB:79:DB:0A:21:38:5B:B5:81:BD:78:5B:40:BE:D1:83:FD:41:69 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 03:dd:b9:22:de:fd:99:74:25:a7:9d:8d:f4:36:2f:23:1b:8f: + 97:d9:c2:28:53:38:3a:78:43:b0:ed:eb:a8:14:f7:39:cc:52: + cd:f8:3d:04:4a:43:9f:c9:35:32:ae:9b:5b:66:9c:54:db:d8: + ed:51:b3:09:33:0f:23:31:4b:2c:0b:04:75:05:e8:a7:e7:cb: + f9:44:55:8f:ae:34:4a:d9:c2:9e:88:aa:29:c7:02:12:f8:69: + 71:ac:b9:6f:50:72:c6:11:cf:02:37:03:e3:ec:86:28:61:6d: + 91:83:f5:21:42:d3:33:48:a0:29:32:30:0a:4a:c8:15:2b:f7: + c8:f6:6e:e4:f2:d4:46:69:08:a0:3c:33:1f:65:3a:fc:74:0e: + 92:90:61:d1:dd:48:93:4b:ac:a5:3a:0b:91:04:c2:0f:84:b2: + 40:d5:aa:20:24:98:95:34:54:37:45:9b:69:a3:f4:77:58:ce: + d0:8a:33:e1:2f:17:17:0d:48:c1:44:cd:4b:f3:6e:6c:6e:0f: + 42:4a:d7:d2:84:e8:2f:b0:dc:7a:bd:a6:c3:50:27:e5:1a:95: + ec:a6:f6:50:46:29:80:5d:63:b6:8f:1d:f9:74:5e:e7:60:8f: + 1a:19:02:c4:ee:0f:eb:4a:1c:aa:75:d7:72:bf:be:ba:62:c9: + 06:02:1d:da +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBCzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMeklvIkuBarBMHL4PCU +NnWEntNkNSjwe3YJZXgaD8+Mm6z+4um4Z05AF+xOBGnOc91thwYkup8wG+FXXqsT +o1u0KwWei0D1qdtBDRNu+WFQg+r1IW1UDhhmNqNcSDHcULbAeJFuOREwkC5ARjOd +BgikSin3HPRggPOnQqrG8rJE97IpZQa7RKFYhnvrFQS0FMfmfcQKG9Mlx4D8ncW2 +/ZLIne22lFqQ9Rqd0xeMCbzw0RZwkTLQtnM+87JIA2X91G/E+G9zxSFtGWvGzrRt +Oz6nX6Br43aXYpe5zlGOwqtKSOqhafnpjhtG7kT9R0vAGRJ0x0QllzltAvRB7Nwz +5CUCAwEAAaOByzCByDAdBgNVHQ4EFgQUVbt52wohOFu1gb14W0C+0YP9QWkwHwYD +VR0jBBgwFoAUVbt52wohOFu1gb14W0C+0YP9QWkwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAD3bki3v2Z +dCWnnY30Ni8jG4+X2cIoUzg6eEOw7euoFPc5zFLN+D0ESkOfyTUyrptbZpxU29jt +UbMJMw8jMUssCwR1Bein58v5RFWPrjRK2cKeiKopxwIS+GlxrLlvUHLGEc8CNwPj +7IYoYW2Rg/UhQtMzSKApMjAKSsgVK/fI9m7k8tRGaQigPDMfZTr8dA6SkGHR3UiT +S6ylOguRBMIPhLJA1aogJJiVNFQ3RZtpo/R3WM7QijPhLxcXDUjBRM1L825sbg9C +StfShOgvsNx6vabDUCflGpXspvZQRimAXWO2jx35dF7nYI8aGQLE7g/rShyqdddy +v766YskGAh3a +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/policies_ica_none_leaf_foo.pem b/test/data/cast/common/certificate/certificates/policies_ica_none_leaf_foo.pem new file mode 100644 index 00000000..34a3399b --- /dev/null +++ b/test/data/cast/common/certificate/certificates/policies_ica_none_leaf_foo.pem @@ -0,0 +1,278 @@ +[Created by: generate_policies_tests.py] + +Cast certificate chain with the following policies: + + Root: policies={} + Intermediate: policies={} + Leaf: policies={foo} + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8 (0x8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Leaf + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b4:f3:98:76:d2:61:f4:bf:b4:45:b7:c7:90:6b: + 24:b7:9b:15:c8:1b:85:36:ca:86:72:81:bb:9a:07: + dd:07:9b:93:36:82:f5:53:04:b7:3e:af:2a:58:9d: + 66:5a:61:e5:2c:29:17:24:e0:9a:bf:f5:c7:11:85: + 51:87:2c:c0:58:57:0e:96:22:22:4d:9e:e3:4f:8b: + cb:22:7e:90:d4:e7:e2:8a:a1:16:bd:0d:77:ac:00: + c9:dc:6b:10:96:5c:80:48:e8:54:8c:61:11:b1:55: + b4:ce:64:f6:cd:3d:d1:6e:7e:2a:19:12:b8:56:df: + 6e:4c:73:cb:65:84:17:48:e0:5c:f0:20:8b:7d:75: + 7f:01:4f:1d:d0:39:98:ba:22:f3:5c:45:6c:da:6c: + d1:7d:67:dc:bc:2d:33:90:19:9d:18:5c:59:2a:e6: + 55:81:4b:73:32:5b:b6:90:8e:fb:73:f5:ef:c1:03: + 75:ef:ce:dc:e3:f7:89:c5:a3:65:a7:40:07:17:df: + b6:f3:24:e1:7f:c0:7f:2c:70:8e:0d:b3:99:8e:97: + 52:5c:c1:fb:1b:15:55:30:f0:a8:44:4e:d1:91:c0: + fa:0c:92:31:2f:c3:67:e2:19:9d:97:30:11:e4:30: + 3a:e9:6c:77:ee:80:1b:da:de:79:9a:22:0b:be:f1: + 7f:a3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A1:81:A2:E3:16:52:66:B3:FF:D3:03:00:D2:B2:C0:94:44:5F:A6:94 + X509v3 Authority Key Identifier: + keyid:DE:56:5F:DE:CA:60:54:D4:8A:CB:84:67:A4:7C:A6:F8:6E:59:CB:CD + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Certificate Policies: + Policy: 1.2.840.113554.4.1.72585.2 + + Signature Algorithm: sha256WithRSAEncryption + 2e:65:72:a3:1d:73:c2:9f:a3:b2:25:ca:b8:80:d4:6f:b2:d2: + 49:6d:60:2c:aa:91:0d:ae:46:2c:e5:a0:a4:7e:2b:7c:15:47: + 02:b1:2d:3e:f2:a6:7a:6c:93:77:bf:a1:39:5f:b2:10:ea:26: + 5a:ce:8d:19:bf:f1:b3:0c:33:b7:13:4d:19:d1:a8:a8:74:15: + 39:08:e4:f8:43:20:85:bc:97:c4:bf:c9:40:54:ef:bf:c2:94: + bb:58:29:45:3b:ab:fb:1e:e4:93:61:12:50:ef:5e:73:70:3e: + 58:00:9a:ab:7f:8e:45:8e:c9:cf:8a:95:87:d8:df:20:bf:57: + 18:4b:8b:5c:64:16:18:90:24:a3:06:08:6d:58:8a:49:1b:08: + 33:42:a7:11:18:af:0a:f4:ee:e0:d9:7d:46:02:49:e7:ea:40: + 17:5a:33:35:28:bc:d7:aa:fd:78:1d:c7:b1:7b:a6:58:35:f6: + 09:44:39:ff:ff:3a:08:a9:68:58:28:3e:d1:76:9c:88:54:a6: + 37:50:4a:ff:32:b6:62:78:df:10:cb:0b:05:04:1c:72:62:a0: + 6a:85:f8:25:ee:0d:0b:66:26:de:5a:98:34:10:40:53:41:80: + 26:f6:64:a7:5d:15:a1:c0:08:c2:e0:e5:90:95:7a:45:2d:3c: + c7:49:ab:d4 +-----BEGIN CERTIFICATE----- +MIIDnDCCAoSgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD +VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPOYdtJh +9L+0RbfHkGskt5sVyBuFNsqGcoG7mgfdB5uTNoL1UwS3Pq8qWJ1mWmHlLCkXJOCa +v/XHEYVRhyzAWFcOliIiTZ7jT4vLIn6Q1OfiiqEWvQ13rADJ3GsQllyASOhUjGER +sVW0zmT2zT3Rbn4qGRK4Vt9uTHPLZYQXSOBc8CCLfXV/AU8d0DmYuiLzXEVs2mzR +fWfcvC0zkBmdGFxZKuZVgUtzMlu2kI77c/XvwQN1787c4/eJxaNlp0AHF9+28yTh +f8B/LHCODbOZjpdSXMH7GxVVMPCoRE7RkcD6DJIxL8Nn4hmdlzAR5DA66Wx37oAb +2t55miILvvF/owIDAQABo4H6MIH3MB0GA1UdDgQWBBShgaLjFlJms//TAwDSssCU +RF+mlDAfBgNVHSMEGDAWgBTeVl/eymBU1IrLhGekfKb4blnLzTA/BggrBgEFBQcB +AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh +dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl +cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +AjAZBgNVHSAEEjAQMA4GDCqGSIb3EgQBhLcJAjANBgkqhkiG9w0BAQsFAAOCAQEA +LmVyox1zwp+jsiXKuIDUb7LSSW1gLKqRDa5GLOWgpH4rfBVHArEtPvKmemyTd7+h +OV+yEOomWs6NGb/xswwztxNNGdGoqHQVOQjk+EMghbyXxL/JQFTvv8KUu1gpRTur ++x7kk2ESUO9ec3A+WACaq3+ORY7Jz4qVh9jfIL9XGEuLXGQWGJAkowYIbViKSRsI +M0KnERivCvTu4Nl9RgJJ5+pAF1ozNSi816r9eB3HsXumWDX2CUQ5//86CKloWCg+ +0XaciFSmN1BK/zK2YnjfEMsLBQQccmKgaoX4Je4NC2Ym3lqYNBBAU0GAJvZkp10V +ocAIwuDlkJV6RS08x0mr1A== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 16 (0x10) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ab:dc:90:0c:97:d0:d8:00:b2:82:d1:55:82:1b: + 2d:8f:f3:df:c2:4d:3c:7b:58:b7:82:a7:21:a4:3b: + 94:a0:91:84:45:6f:f3:dd:b9:3a:0b:bc:4b:07:0a: + d1:45:9d:3c:1b:d4:4c:64:a4:7e:0c:01:d9:12:c5: + c4:f2:51:8c:86:02:87:32:9f:f4:86:b6:71:73:96: + 6f:07:ab:b4:98:cc:3b:3c:75:0c:ef:29:6d:66:e6: + ac:45:5a:c7:be:0d:52:f0:e6:7f:65:0a:91:fb:1b: + 8a:67:3a:e7:ae:bb:b3:78:f5:67:89:d2:6a:37:0d: + 1b:e4:c2:a1:20:ce:cf:71:d5:4e:5d:7c:a6:53:46: + 55:bb:92:37:33:ca:9d:10:90:c8:27:12:72:ac:7c: + 53:7e:4d:d7:d9:46:04:aa:18:35:2b:f2:d8:c2:64: + a0:d7:5e:2a:c6:ca:2e:4d:7a:49:cd:4e:d7:55:b8: + 32:3e:fd:58:d8:38:da:ad:a1:97:85:40:2d:22:13: + 5e:ff:e1:42:bf:36:8b:35:48:ca:ab:9a:ec:72:9b: + 0c:8e:cc:ce:de:e6:fe:3f:f9:50:3a:08:1a:3f:95: + 24:a2:2d:96:fb:7b:f6:07:ed:15:77:cb:b2:bb:8a: + 2d:07:ee:17:bd:0d:d0:b2:f5:84:e2:3d:b3:5a:19: + d0:6b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + DE:56:5F:DE:CA:60:54:D4:8A:CB:84:67:A4:7C:A6:F8:6E:59:CB:CD + X509v3 Authority Key Identifier: + keyid:B0:D5:C8:C3:10:56:82:DD:32:BA:88:72:0A:12:17:7E:E8:81:7F:09 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + ac:4c:1c:ee:c1:15:52:c1:7d:f6:78:97:d8:80:84:cd:6b:00: + ef:6e:65:53:31:ee:c4:2f:aa:27:e5:c4:0f:ae:ef:8a:45:8d: + d0:0d:4e:c0:22:b3:72:c7:60:db:60:9d:cd:74:95:76:f1:bb: + 1e:9b:ae:f4:e5:09:d4:1b:33:70:a6:f1:ce:ab:6d:7e:d9:11: + bb:63:33:d9:49:39:16:9a:f5:e3:b6:37:cb:dc:0d:09:f6:a4: + 9f:e0:40:a1:8f:1e:79:eb:8b:4c:73:b4:23:ef:7c:c5:0c:e3: + 8e:c0:48:ed:dd:f6:c1:80:5e:5e:ba:69:a3:d7:ac:93:e1:be: + ce:23:93:20:b4:44:74:e3:92:1f:02:d9:4a:f9:f8:f5:86:13: + ab:b8:34:b0:4e:e0:2c:ec:2e:56:ab:49:85:47:8c:ce:4c:6d: + 1f:bc:50:8e:aa:b3:a4:9a:54:9b:80:93:61:70:b7:10:01:c3: + 05:80:6e:e4:ea:b8:10:26:4f:92:84:3d:65:54:3e:8d:1f:6b: + 74:68:b5:8c:b2:b0:8e:43:28:56:8d:58:a3:aa:af:70:6c:1e: + e9:13:85:d3:9c:8b:ab:65:11:cc:58:4c:c4:03:d9:99:70:c0: + 3a:cf:e7:3c:7b:1a:fc:aa:5f:f1:62:0b:d6:b0:d9:84:c1:f1: + f4:2f:f8:fa +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBEDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9yQDJfQ +2ACygtFVghstj/Pfwk08e1i3gqchpDuUoJGERW/z3bk6C7xLBwrRRZ08G9RMZKR+ +DAHZEsXE8lGMhgKHMp/0hrZxc5ZvB6u0mMw7PHUM7yltZuasRVrHvg1S8OZ/ZQqR ++xuKZzrnrruzePVnidJqNw0b5MKhIM7PcdVOXXymU0ZVu5I3M8qdEJDIJxJyrHxT +fk3X2UYEqhg1K/LYwmSg114qxsouTXpJzU7XVbgyPv1Y2DjaraGXhUAtIhNe/+FC +vzaLNUjKq5rscpsMjszO3ub+P/lQOggaP5Ukoi2W+3v2B+0Vd8uyu4otB+4XvQ3Q +svWE4j2zWhnQawIDAQABo4HLMIHIMB0GA1UdDgQWBBTeVl/eymBU1IrLhGekfKb4 +blnLzTAfBgNVHSMEGDAWgBSw1cjDEFaC3TK6iHIKEhd+6IF/CTA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AKxMHO7BFVLBffZ4l9iAhM1rAO9uZVMx7sQvqiflxA+u74pFjdANTsAis3LHYNtg +nc10lXbxux6brvTlCdQbM3Cm8c6rbX7ZEbtjM9lJORaa9eO2N8vcDQn2pJ/gQKGP +Hnnri0xztCPvfMUM447ASO3d9sGAXl66aaPXrJPhvs4jkyC0RHTjkh8C2Ur5+PWG +E6u4NLBO4CzsLlarSYVHjM5MbR+8UI6qs6SaVJuAk2FwtxABwwWAbuTquBAmT5KE +PWVUPo0fa3RotYyysI5DKFaNWKOqr3BsHukThdOci6tlEcxYTMQD2ZlwwDrP5zx7 +GvyqX/FiC9aw2YTB8fQv+Po= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15 (0xf) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ba:ae:2f:50:c5:cd:fd:5f:f6:01:bd:69:93:41: + 20:92:bd:f3:c9:b4:f0:64:d9:c6:c4:27:82:1e:5a: + 73:ad:7a:4a:8b:de:8d:81:2f:0e:00:7b:ea:9e:15: + 35:e1:6a:c7:52:89:78:91:b6:9c:ff:64:5d:ef:c4: + 51:d1:1d:e6:a1:fb:46:56:cf:49:88:1f:ad:9c:46: + 30:3c:92:8d:a6:f7:8e:f9:d1:39:48:d3:19:3f:93: + 8b:fe:fa:bf:58:56:72:aa:e7:8a:cc:1f:24:b7:18: + 5f:74:05:1b:f5:d3:ea:70:a6:19:99:0c:af:6f:1a: + eb:3a:c6:b4:6f:59:25:68:01:5a:e2:e1:45:03:cb: + 60:f3:d2:2e:e5:50:04:a0:29:c3:ab:c3:9c:17:fb: + e2:6e:83:12:64:cf:16:b9:14:a0:15:dc:58:67:7c: + 71:2f:c4:cc:d6:8a:e1:96:59:5b:bd:01:f2:23:cc: + c6:1d:da:b3:ad:04:93:59:26:b0:58:34:6f:6e:12: + 23:4f:04:9d:79:c0:59:8a:94:b7:f0:d3:12:18:a2: + c0:fa:38:2e:6a:07:40:1a:5c:28:9b:a1:b7:3b:cb: + ba:26:7c:b8:c2:a7:fd:77:f7:5a:76:34:8c:64:ae: + 93:2c:72:79:27:60:1b:33:03:8c:00:57:93:64:5d: + e7:c3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B0:D5:C8:C3:10:56:82:DD:32:BA:88:72:0A:12:17:7E:E8:81:7F:09 + X509v3 Authority Key Identifier: + keyid:B0:D5:C8:C3:10:56:82:DD:32:BA:88:72:0A:12:17:7E:E8:81:7F:09 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + b8:fd:07:a2:48:48:d7:9a:30:3a:40:d7:49:94:92:8a:11:98: + 73:8a:59:fd:02:c6:89:6c:59:ec:a1:4f:b8:f2:b2:74:fe:67: + 51:97:25:fc:76:70:2d:7f:b4:32:ef:e1:23:ad:69:a4:f7:ca: + 89:6e:aa:13:bb:30:fa:a5:26:cb:56:6f:f9:84:ab:fc:1f:89: + bb:b8:2e:4c:61:46:36:e4:d6:79:30:a4:3e:9a:36:4f:8f:20: + 43:c5:2c:1f:b7:dc:d6:e6:0f:1c:df:8c:a9:c3:7f:45:61:0d: + 0c:36:c0:b6:5c:2c:de:5e:0e:ee:21:ea:e1:50:28:3f:96:65: + 2c:cb:5a:69:e5:1f:0d:04:d4:25:c3:bc:98:74:88:8d:d8:61: + 86:ea:f9:32:3b:86:be:24:1b:ad:94:d9:4f:1f:47:77:05:8c: + e0:5d:dd:59:2f:83:b3:6a:b1:fe:6f:02:74:7f:c6:e3:5a:2f: + f3:3a:5f:13:01:e2:5e:71:99:fe:36:da:1e:98:e5:7e:38:6f: + 54:23:23:7c:c3:3b:27:e7:1e:6c:b3:78:0b:ae:a2:66:9e:0e: + b9:13:1b:09:a7:da:f5:ab:7e:64:f6:12:87:9f:40:40:e2:a5: + 09:dd:f4:3f:0e:9f:88:26:fc:2f:d5:48:fd:db:d5:70:e8:12: + c7:ae:ff:72 +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBDzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALquL1DFzf1f9gG9aZNB +IJK988m08GTZxsQngh5ac616SovejYEvDgB76p4VNeFqx1KJeJG2nP9kXe/EUdEd +5qH7RlbPSYgfrZxGMDySjab3jvnROUjTGT+Ti/76v1hWcqrniswfJLcYX3QFG/XT +6nCmGZkMr28a6zrGtG9ZJWgBWuLhRQPLYPPSLuVQBKApw6vDnBf74m6DEmTPFrkU +oBXcWGd8cS/EzNaK4ZZZW70B8iPMxh3as60Ek1kmsFg0b24SI08EnXnAWYqUt/DT +EhiiwPo4LmoHQBpcKJuhtzvLuiZ8uMKn/Xf3WnY0jGSukyxyeSdgGzMDjABXk2Rd +58MCAwEAAaOByzCByDAdBgNVHQ4EFgQUsNXIwxBWgt0yuohyChIXfuiBfwkwHwYD +VR0jBBgwFoAUsNXIwxBWgt0yuohyChIXfuiBfwkwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC4/QeiSEjX +mjA6QNdJlJKKEZhziln9AsaJbFnsoU+48rJ0/mdRlyX8dnAtf7Qy7+EjrWmk98qJ +bqoTuzD6pSbLVm/5hKv8H4m7uC5MYUY25NZ5MKQ+mjZPjyBDxSwft9zW5g8c34yp +w39FYQ0MNsC2XCzeXg7uIerhUCg/lmUsy1pp5R8NBNQlw7yYdIiN2GGG6vkyO4a+ +JButlNlPH0d3BYzgXd1ZL4OzarH+bwJ0f8bjWi/zOl8TAeJecZn+NtoemOV+OG9U +IyN8wzsn5x5ss3gLrqJmng65ExsJp9r1q35k9hKHn0BA4qUJ3fQ/Dp+IJvwv1Uj9 +29Vw6BLHrv9y +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/policies_ica_none_leaf_none.pem b/test/data/cast/common/certificate/certificates/policies_ica_none_leaf_none.pem new file mode 100644 index 00000000..460c625f --- /dev/null +++ b/test/data/cast/common/certificate/certificates/policies_ica_none_leaf_none.pem @@ -0,0 +1,274 @@ +[Created by: generate_policies_tests.py] + +Cast certificate chain with the following policies: + + Root: policies={} + Intermediate: policies={} + Leaf: policies={} + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Leaf + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c4:9e:5a:c3:98:a5:13:8c:c7:94:55:72:71:10: + c2:f3:eb:d9:7b:ce:34:57:74:d7:c1:53:2e:75:f0: + f4:15:04:80:f9:d9:60:ef:6e:be:89:9a:8f:7c:3b: + ee:a6:4c:b9:ff:87:8f:af:9b:61:ad:02:5e:f9:f7: + ad:fd:65:96:79:01:64:ff:c8:88:bd:c8:96:8a:46: + e0:62:bd:1a:20:1d:83:74:61:51:96:b0:29:f0:26: + b7:86:31:08:de:4e:16:9a:fd:f6:f3:08:10:c9:93: + bc:7d:4a:3f:76:9a:b1:5b:0f:8c:66:35:e2:5e:e0: + b9:51:ff:46:65:d2:bf:b3:45:97:eb:07:2f:74:de: + b8:f0:20:7e:2c:6e:ab:ea:09:92:28:11:70:4c:09: + 02:f4:c7:8b:fe:17:d5:b1:d6:3c:04:0e:85:8a:dc: + 3a:2a:4d:0d:62:8f:d4:d4:0c:96:e7:18:48:8c:46: + b0:a4:bb:8d:d7:7f:5b:45:d0:2a:c7:a9:83:c1:86: + 12:9b:97:75:65:91:04:bb:52:4e:56:7a:3c:2e:9c: + 72:ac:c4:eb:8a:c2:eb:28:58:94:da:df:45:bc:f6: + e1:91:ba:db:d9:3e:76:e8:87:84:eb:8c:c4:16:dd: + b7:e8:c3:b2:24:fa:e1:b1:8f:ec:74:20:70:e5:13: + e2:1d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 28:F3:70:47:2A:49:D0:97:E3:41:14:C7:6F:42:98:8B:E3:7C:7C:0B + X509v3 Authority Key Identifier: + keyid:61:89:8E:9B:4C:E5:ED:3A:40:96:77:89:D3:BD:C0:66:CC:A5:39:9D + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + af:9a:86:7d:cd:27:1e:e2:31:c5:8a:3b:3a:d5:80:e0:8a:86: + e6:1b:3c:28:75:f0:8a:a9:ac:99:eb:3e:78:bb:00:d0:2f:e6: + 8f:ce:11:dc:c9:0e:f5:87:b4:2f:6e:fd:26:cd:45:30:3a:4d: + 8d:b9:88:28:ab:c8:a2:9e:c4:30:60:05:e4:b8:73:62:a2:2c: + b5:9f:35:c5:f4:20:ab:83:29:b5:a0:e5:75:8b:fb:b5:0e:83: + 5f:81:84:79:a6:32:b0:4d:9d:91:47:19:11:e3:ac:f7:95:3a: + 81:cf:27:f2:88:5c:28:92:ce:1c:64:34:f4:0d:44:db:c4:40: + dd:4b:e7:b5:f8:7e:01:ac:1e:69:60:7b:a8:d5:e6:8b:c1:7a: + 1d:6e:e5:ce:bf:9b:c7:64:68:97:df:09:5a:c4:e0:d4:60:01: + 76:ab:31:4f:f5:2d:b0:dd:c6:a2:44:75:d2:4d:22:4d:ae:bb: + 5e:a3:61:e3:10:6d:0f:be:74:60:90:07:21:a7:d6:24:f1:a5: + 77:35:6c:33:fb:b2:3d:ea:40:b3:9b:cd:82:a0:d8:89:bd:7d: + 58:30:04:50:de:03:08:b1:02:24:91:35:77:34:b7:18:03:91: + d4:e7:74:1b:fb:a1:77:4c:8f:56:78:fe:77:18:39:57:c2:45: + 25:a6:e3:76 +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIBBTANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD +VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJ5aw5il +E4zHlFVycRDC8+vZe840V3TXwVMudfD0FQSA+dlg726+iZqPfDvupky5/4ePr5th +rQJe+fet/WWWeQFk/8iIvciWikbgYr0aIB2DdGFRlrAp8Ca3hjEI3k4Wmv328wgQ +yZO8fUo/dpqxWw+MZjXiXuC5Uf9GZdK/s0WX6wcvdN648CB+LG6r6gmSKBFwTAkC +9MeL/hfVsdY8BA6Fitw6Kk0NYo/U1AyW5xhIjEawpLuN139bRdAqx6mDwYYSm5d1 +ZZEEu1JOVno8LpxyrMTrisLrKFiU2t9FvPbhkbrb2T526IeE64zEFt236MOyJPrh +sY/sdCBw5RPiHQIDAQABo4HfMIHcMB0GA1UdDgQWBBQo83BHKknQl+NBFMdvQpiL +43x8CzAfBgNVHSMEGDAWgBRhiY6bTOXtOkCWd4nTvcBmzKU5nTA/BggrBgEFBQcB +AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh +dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl +cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAQEAr5qGfc0nHuIxxYo7OtWA4IqG5hs8KHXwiqms +mes+eLsA0C/mj84R3MkO9Ye0L279Js1FMDpNjbmIKKvIop7EMGAF5LhzYqIstZ81 +xfQgq4MptaDldYv7tQ6DX4GEeaYysE2dkUcZEeOs95U6gc8n8ohcKJLOHGQ09A1E +28RA3Uvntfh+AaweaWB7qNXmi8F6HW7lzr+bx2Rol98JWsTg1GABdqsxT/UtsN3G +okR10k0iTa67XqNh4xBtD750YJAHIafWJPGldzVsM/uyPepAs5vNgqDYib19WDAE +UN4DCLECJJE1dzS3GAOR1Od0G/uhd0yPVnj+dxg5V8JFJabjdg== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10 (0xa) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c4:2d:30:96:25:ad:86:fe:6f:7c:ed:b1:d8:67: + c1:3e:58:5d:95:22:9f:2f:a1:88:f4:e1:f1:63:7f: + 77:b4:60:95:23:57:33:ad:c4:8e:85:71:71:36:1b: + 02:78:bb:69:7a:5e:ae:af:e4:97:97:66:2d:3a:f7: + df:b9:d8:5a:34:a5:68:35:e3:5d:e4:e9:18:77:93: + c6:54:e8:6c:a0:34:20:a5:99:d0:4f:fb:44:b9:29: + 52:00:34:38:9b:17:e1:88:5c:41:d0:19:8b:4b:77: + 4a:cc:ab:a7:32:79:b4:77:25:6b:38:05:05:70:0e: + 9e:fd:94:17:de:d7:02:09:82:00:65:8f:b6:f9:d7: + a0:57:ac:e6:4c:a7:2e:f3:b8:c9:b4:d1:6d:d1:9f: + 81:d4:99:93:01:63:52:72:5d:30:75:3c:8c:1d:73: + 1c:75:7d:18:1b:a8:b3:f0:83:a4:0e:b9:15:39:03: + 81:18:b0:4e:bf:c2:fe:1d:17:f2:1c:4a:de:a5:87: + 63:30:f8:5b:93:ed:83:1b:3f:f7:72:54:49:33:31: + 33:66:2f:0e:3f:b7:e4:97:ae:63:69:9c:a0:1c:e5: + 90:42:5e:07:62:4b:a5:c4:12:fb:97:b4:a7:da:01: + 90:1e:8b:78:ee:66:40:af:dc:23:d4:7f:f5:99:f2: + 47:41 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 61:89:8E:9B:4C:E5:ED:3A:40:96:77:89:D3:BD:C0:66:CC:A5:39:9D + X509v3 Authority Key Identifier: + keyid:27:66:45:31:75:8A:E0:FB:D2:5F:C1:FB:72:52:0E:B1:1B:29:3A:A5 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + ce:dd:90:3d:0a:fe:c3:42:e6:3d:32:57:e5:84:04:6d:80:72: + 6c:92:75:cb:ae:2a:0d:a4:c8:41:2f:c7:c6:bc:02:8f:33:3d: + c5:e2:97:51:ef:8d:e5:84:aa:8a:97:fb:c3:10:a1:73:ae:68: + 76:a5:80:42:ab:df:4c:8a:8a:15:5b:bf:b9:ca:6b:3a:66:ec: + 22:9e:c8:0a:27:9d:c8:5b:07:71:ba:06:74:47:63:dc:08:06: + 9b:d6:eb:6a:11:a2:12:48:68:33:a4:0f:35:aa:a3:78:44:0e: + d6:af:96:5d:e6:26:66:df:09:be:ce:ee:38:2a:4d:b7:36:32: + d2:1c:73:b3:54:6a:a6:dd:0d:76:16:08:eb:a0:8d:30:ce:8d: + bc:b7:8b:be:c7:27:79:95:0b:80:88:57:97:b2:e8:53:46:86: + ad:62:bc:2c:04:59:e9:6b:3b:31:f8:78:93:3d:55:10:3f:da: + 47:bd:a3:89:58:f7:62:ad:8f:00:29:6c:03:ab:7b:c0:6f:bd: + 11:25:2c:35:b7:51:c4:13:ee:be:76:ae:e3:50:d6:1e:e5:a3: + 85:88:ea:fa:4f:49:68:61:c4:27:28:d0:f0:92:eb:ce:bd:59: + af:d5:a4:c8:06:4f:2c:16:8f:eb:cc:a2:91:26:72:f1:81:1f: + 82:92:0b:4c +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBCjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxC0wliWt +hv5vfO2x2GfBPlhdlSKfL6GI9OHxY393tGCVI1czrcSOhXFxNhsCeLtpel6ur+SX +l2YtOvffudhaNKVoNeNd5OkYd5PGVOhsoDQgpZnQT/tEuSlSADQ4mxfhiFxB0BmL +S3dKzKunMnm0dyVrOAUFcA6e/ZQX3tcCCYIAZY+2+degV6zmTKcu87jJtNFt0Z+B +1JmTAWNScl0wdTyMHXMcdX0YG6iz8IOkDrkVOQOBGLBOv8L+HRfyHErepYdjMPhb +k+2DGz/3clRJMzEzZi8OP7fkl65jaZygHOWQQl4HYkulxBL7l7Sn2gGQHot47mZA +r9wj1H/1mfJHQQIDAQABo4HLMIHIMB0GA1UdDgQWBBRhiY6bTOXtOkCWd4nTvcBm +zKU5nTAfBgNVHSMEGDAWgBQnZkUxdYrg+9JfwftyUg6xGyk6pTA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AM7dkD0K/sNC5j0yV+WEBG2AcmySdcuuKg2kyEEvx8a8Ao8zPcXil1HvjeWEqoqX ++8MQoXOuaHalgEKr30yKihVbv7nKazpm7CKeyAonnchbB3G6BnRHY9wIBpvW62oR +ohJIaDOkDzWqo3hEDtavll3mJmbfCb7O7jgqTbc2MtIcc7NUaqbdDXYWCOugjTDO +jby3i77HJ3mVC4CIV5ey6FNGhq1ivCwEWelrOzH4eJM9VRA/2ke9o4lY92KtjwAp +bAOre8BvvRElLDW3UcQT7r52ruNQ1h7lo4WI6vpPSWhhxCco0PCS6869Wa/VpMgG +TywWj+vMopEmcvGBH4KSC0w= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9 (0x9) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:f4:50:3d:b5:7c:ca:fd:0b:8f:4c:94:7e:6a:6e: + d7:fc:6e:b0:40:8b:e2:48:78:b6:99:7e:b6:ab:fd: + 2a:0f:c8:64:6d:2a:70:79:d8:b9:0e:33:61:21:c4: + 89:3f:79:28:db:7c:d7:8a:13:f3:2e:f1:85:be:ab: + 21:31:d2:c3:7e:0a:d6:bd:56:e2:2a:b2:29:6c:52: + 00:17:45:c8:47:15:1e:30:ff:be:4b:c9:87:5d:86: + a5:d0:f5:20:e6:79:a2:94:29:ec:5d:19:b0:e5:32: + 81:5a:34:8b:a7:06:20:33:f8:03:3e:0f:8e:e1:87: + 19:1c:0a:ab:94:f0:17:0b:67:62:9f:47:02:70:22: + 2c:d8:cb:55:51:19:b4:7f:62:f6:3a:18:e4:42:fd: + 5c:f7:f5:26:49:6e:6c:1f:90:f5:52:9a:85:fb:e0: + 05:22:24:6a:21:27:a7:03:c4:64:ba:5d:ae:20:ce: + 77:4d:25:50:4f:a4:d3:7a:11:e0:f7:51:1c:b1:8f: + d2:19:73:70:4d:d0:55:4f:ef:14:0f:1e:7a:ce:5d: + 87:45:85:6b:ab:bd:d4:fc:0b:2e:c8:2b:7d:02:19: + 89:39:37:b0:93:ab:b4:e4:db:6b:c2:d3:99:db:87: + db:ef:c5:c0:04:26:63:7a:dc:46:07:5d:09:ba:bd: + f0:a1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:66:45:31:75:8A:E0:FB:D2:5F:C1:FB:72:52:0E:B1:1B:29:3A:A5 + X509v3 Authority Key Identifier: + keyid:27:66:45:31:75:8A:E0:FB:D2:5F:C1:FB:72:52:0E:B1:1B:29:3A:A5 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 94:72:28:25:43:3a:f3:7e:0c:ad:21:54:ac:c2:08:3b:6d:0a: + 42:5c:4d:d5:73:3d:54:e3:c6:9d:52:3a:0e:f3:fc:e8:ea:bd: + 20:9b:8b:cb:35:9a:4c:42:b4:7e:cf:09:4a:18:00:e1:97:be: + e7:7b:a9:34:f2:23:fc:87:a5:06:ca:8c:2c:67:3a:19:fc:a2: + 69:ca:c9:3c:f5:aa:1b:7e:42:8a:dc:e4:3c:ce:37:f5:3b:f1: + 2c:92:f2:e8:91:6e:9c:13:f8:f2:14:a8:4f:a4:bd:76:f8:12: + 45:fb:30:45:d7:ce:4d:dd:5b:46:f1:89:9d:c5:29:d8:0f:77: + 6b:71:07:ff:ab:2d:95:7f:ba:21:a1:8a:db:d7:af:1c:29:d2: + 28:41:e1:e4:4e:4f:12:2c:ef:98:84:7c:f2:55:19:5b:46:34: + f8:1f:1d:3b:16:e4:27:8f:32:16:f8:4e:f4:14:22:bc:b6:c2: + 1b:83:c1:e2:6a:23:64:51:65:af:7f:9d:21:a1:89:2e:8e:23: + 8e:e6:20:3a:42:37:8e:f2:55:22:22:88:cd:04:da:a9:fd:5d: + fe:b3:36:6d:77:30:76:e4:a1:97:42:0e:7f:a5:b9:ac:26:88: + b9:3f:76:27:7b:fd:a7:95:f9:2b:17:58:89:fa:21:28:a0:17: + 37:9f:50:11 +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBCTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPRQPbV8yv0Lj0yUfmpu +1/xusECL4kh4tpl+tqv9Kg/IZG0qcHnYuQ4zYSHEiT95KNt814oT8y7xhb6rITHS +w34K1r1W4iqyKWxSABdFyEcVHjD/vkvJh12GpdD1IOZ5opQp7F0ZsOUygVo0i6cG +IDP4Az4PjuGHGRwKq5TwFwtnYp9HAnAiLNjLVVEZtH9i9joY5EL9XPf1JklubB+Q +9VKahfvgBSIkaiEnpwPEZLpdriDOd00lUE+k03oR4PdRHLGP0hlzcE3QVU/vFA8e +es5dh0WFa6u91PwLLsgrfQIZiTk3sJOrtOTba8LTmduH2+/FwAQmY3rcRgddCbq9 +8KECAwEAAaOByzCByDAdBgNVHQ4EFgQUJ2ZFMXWK4PvSX8H7clIOsRspOqUwHwYD +VR0jBBgwFoAUJ2ZFMXWK4PvSX8H7clIOsRspOqUwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCUciglQzrz +fgytIVSswgg7bQpCXE3Vcz1U48adUjoO8/zo6r0gm4vLNZpMQrR+zwlKGADhl77n +e6k08iP8h6UGyowsZzoZ/KJpysk89aobfkKK3OQ8zjf1O/EskvLokW6cE/jyFKhP +pL12+BJF+zBF185N3VtG8YmdxSnYD3drcQf/qy2Vf7ohoYrb168cKdIoQeHkTk8S +LO+YhHzyVRlbRjT4Hx07FuQnjzIW+E70FCK8tsIbg8HiaiNkUWWvf50hoYkujiOO +5iA6QjeO8lUiIojNBNqp/V3+szZtdzB25KGXQg5/pbmsJoi5P3Yne/2nlfkrF1iJ ++iEooBc3n1AR +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/rsa1024_device_cert.pem b/test/data/cast/common/certificate/certificates/rsa1024_device_cert.pem new file mode 100644 index 00000000..9fe330f3 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/rsa1024_device_cert.pem @@ -0,0 +1,260 @@ +[Created by: ./generate_rsa_device_certs.py] + +Cast certificate chain where device certificate uses a + 1024-bit RSA key + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=RSA 1024 Device Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:ea:1b:53:46:5f:1d:a2:d8:13:e6:e2:3d:4a:64: + 5e:fd:cf:72:63:78:be:3b:76:fe:29:ee:51:cd:86: + 25:72:de:12:8a:e2:fb:10:b8:90:c7:fa:e7:7a:2e: + 9a:4a:b6:7f:ac:d8:d2:fa:b5:c9:13:7f:31:4b:d7: + 24:52:c4:db:cf:75:56:11:0b:e4:1a:16:3a:0a:8f: + b3:52:8d:28:ed:a1:7b:ba:8f:a8:d4:d1:92:b7:bc: + 4e:bc:eb:bc:cd:91:3c:7c:95:48:c5:02:56:8d:79: + 17:74:24:dc:16:04:88:1f:a3:6f:56:5c:ee:0d:91: + 4f:81:e7:36:0d:42:0b:04:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + DE:16:32:07:B9:8D:5C:BC:0B:50:36:20:84:D6:71:94:7F:A4:79:76 + X509v3 Authority Key Identifier: + keyid:B7:38:59:7A:66:A9:B7:DE:6C:1E:81:28:0F:1F:AE:1E:A5:BF:44:8F + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 2b:ba:14:d8:45:7f:f3:95:1f:c6:4b:0b:03:8e:7c:b4:a8:7e: + 71:f5:05:09:99:b5:b0:1a:13:e1:df:be:cd:9e:06:27:f4:e6: + 61:db:25:67:06:2e:d2:f1:2f:5c:be:2b:fe:ce:d4:a2:c9:a7: + b2:01:6c:f8:a7:b3:94:b8:bc:36:27:c7:ef:4c:7c:aa:d1:b4: + e7:a3:2a:ac:b9:f9:d1:bd:60:d2:ff:fa:4e:3c:0f:23:38:b5: + ab:82:12:ce:c9:7a:26:d8:a2:60:68:a5:d5:5f:27:d4:50:7c: + 48:72:b5:14:77:b6:8d:4b:a9:aa:58:6a:d3:a3:ff:07:29:6b: + 8e:6b:4f:8b:87:38:42:f5:1b:78:36:75:ea:51:ba:7b:75:4a: + c4:f9:e4:f8:2e:e3:ea:dd:b1:e9:1a:f6:02:33:99:1e:65:00: + a0:9a:63:82:dc:05:cd:40:39:2b:58:3c:e4:ff:80:63:79:65: + ce:0c:ce:96:c3:01:64:1c:76:fe:ac:c2:23:32:63:be:bd:eb: + 68:ba:91:34:20:26:b5:66:a8:f8:0c:6f:82:82:31:1e:1d:e3: + 51:a3:be:c9:10:d8:82:13:24:02:ee:c6:75:76:75:57:aa:5d: + 76:d9:5a:44:14:0d:ab:d3:90:93:8f:28:cc:53:6a:74:07:71: + ba:9f:2e:21 +-----BEGIN CERTIFICATE----- +MIIDDTCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAfMR0wGwYD +VQQDDBRSU0EgMTAyNCBEZXZpY2UgQ2VydDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEA6htTRl8dotgT5uI9SmRe/c9yY3i+O3b+Ke5RzYYlct4SiuL7ELiQx/rn +ei6aSrZ/rNjS+rXJE38xS9ckUsTbz3VWEQvkGhY6Co+zUo0o7aF7uo+o1NGSt7xO +vOu8zZE8fJVIxQJWjXkXdCTcFgSIH6NvVlzuDZFPgec2DUILBIECAwEAAaOB3zCB +3DAdBgNVHQ4EFgQU3hYyB7mNXLwLUDYghNZxlH+keXYwHwYDVR0jBBgwFoAUtzhZ +emapt95sHoEoDx+uHqW/RI8wPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzAChiNo +dHRwOi8vdXJsLWZvci1haWEvSW50ZXJtZWRpYXRlLmNlcjA0BgNVHR8ELTArMCmg +J6AlhiNodHRwOi8vdXJsLWZvci1jcmwvSW50ZXJtZWRpYXRlLmNybDAOBgNVHQ8B +Af8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB +ACu6FNhFf/OVH8ZLCwOOfLSofnH1BQmZtbAaE+Hfvs2eBif05mHbJWcGLtLxL1y+ +K/7O1KLJp7IBbPins5S4vDYnx+9MfKrRtOejKqy5+dG9YNL/+k48DyM4tauCEs7J +eibYomBopdVfJ9RQfEhytRR3to1LqapYatOj/wcpa45rT4uHOEL1G3g2depRunt1 +SsT55Pgu4+rdseka9gIzmR5lAKCaY4LcBc1AOStYPOT/gGN5Zc4MzpbDAWQcdv6s +wiMyY76962i6kTQgJrVmqPgMb4KCMR4d41GjvskQ2IITJALuxnV2dVeqXXbZWkQU +DavTkJOPKMxTanQHcbqfLiE= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ac:8b:55:5c:b8:3c:26:2d:d8:fe:22:70:ef:15: + 38:a8:56:6d:c6:b7:d0:e1:a1:26:81:02:f8:97:f5: + 73:1b:d5:c6:1a:77:9f:ae:85:30:7c:6e:e0:03:a7: + 7f:e3:47:98:c2:d5:c3:6b:c2:cc:0d:0f:80:e1:c3: + 24:41:8f:21:10:cb:fe:ce:04:79:b6:1e:40:83:1a: + dd:44:3a:37:fb:42:8b:52:02:c6:6b:b8:47:58:bc: + 04:fc:8d:e7:fc:70:1f:07:c5:18:db:b2:6b:44:42: + 90:67:10:7f:83:38:47:4b:fd:94:cb:45:15:40:e5: + e8:2a:e1:2b:d0:f5:2e:cc:95:94:10:9c:da:b5:d4: + 47:5b:49:da:fe:c0:89:6e:7d:91:64:22:f9:fa:b5: + f4:ca:77:2e:f2:e6:cb:b3:4f:c6:67:40:f0:b9:ee: + 5c:ac:ed:cd:a6:73:b4:08:d5:76:7a:ae:91:1a:8a: + 5e:0e:e7:25:8c:82:7e:ad:d2:82:79:b1:ca:a3:77: + 1c:8f:71:68:f2:d8:ce:31:4f:db:b8:79:79:ad:2f: + d8:1d:9b:4c:c8:04:a9:de:ad:a2:68:f1:46:e4:f9: + f7:d1:8a:bd:1f:9a:d9:33:92:d3:c4:a4:a7:67:b2: + 5d:66:49:2a:15:8b:71:0d:10:1f:70:82:04:4b:70: + 4f:a5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B7:38:59:7A:66:A9:B7:DE:6C:1E:81:28:0F:1F:AE:1E:A5:BF:44:8F + X509v3 Authority Key Identifier: + keyid:94:38:F3:64:93:E5:2C:C9:0D:36:D1:16:21:13:90:2E:3E:E0:FA:94 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 4f:3f:7a:d4:5d:59:e5:0e:d7:48:49:6f:40:ea:ce:95:87:76: + ae:58:fc:59:6b:78:88:33:17:65:79:a9:a1:63:93:6a:1c:5b: + 33:a2:7d:87:50:8b:47:35:3a:47:8e:0e:e9:3d:e8:1c:9c:a6: + ab:68:e2:62:20:09:e2:b3:16:f7:43:9d:e8:61:e8:1d:c0:ac: + 19:0c:ab:dd:06:5c:8c:ad:55:e3:7f:ba:20:ba:7b:1e:78:c7: + 40:78:1f:66:e0:db:a0:3b:cd:73:90:a5:6b:71:97:ef:16:ef: + a3:91:fa:0f:06:3e:4b:23:68:81:fc:25:de:fa:99:0b:f9:b9: + f5:81:15:59:b1:b1:41:42:1c:a5:17:cb:b5:ba:9f:cd:46:fe: + 22:c8:79:a8:95:03:70:e2:54:2c:58:1a:26:a9:6b:25:b4:ed: + 77:62:57:5f:e7:94:98:72:7d:a6:b3:4c:35:4e:54:68:85:34: + d0:f3:b8:f8:c1:36:94:db:8f:99:2e:fd:ea:68:47:e1:47:4f: + bb:0c:7b:dc:85:e1:e6:1c:71:00:5d:15:d3:17:b5:33:dc:a3: + 8b:2a:5e:16:e2:a5:f0:66:c3:5d:e0:f1:b4:59:df:1a:04:65: + 77:cb:0c:95:c2:fb:2d:66:12:0a:e6:49:3b:74:76:48:6f:7e: + 99:b9:02:45 +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArItVXLg8 +Ji3Y/iJw7xU4qFZtxrfQ4aEmgQL4l/VzG9XGGnefroUwfG7gA6d/40eYwtXDa8LM +DQ+A4cMkQY8hEMv+zgR5th5AgxrdRDo3+0KLUgLGa7hHWLwE/I3n/HAfB8UY27Jr +REKQZxB/gzhHS/2Uy0UVQOXoKuEr0PUuzJWUEJzatdRHW0na/sCJbn2RZCL5+rX0 +yncu8ubLs0/GZ0Dwue5crO3NpnO0CNV2eq6RGopeDucljIJ+rdKCebHKo3ccj3Fo +8tjOMU/buHl5rS/YHZtMyASp3q2iaPFG5Pn30Yq9H5rZM5LTxKSnZ7JdZkkqFYtx +DRAfcIIES3BPpQIDAQABo4HLMIHIMB0GA1UdDgQWBBS3OFl6Zqm33mwegSgPH64e +pb9EjzAfBgNVHSMEGDAWgBSUOPNkk+UsyQ020RYhE5AuPuD6lDA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AE8/etRdWeUO10hJb0DqzpWHdq5Y/FlreIgzF2V5qaFjk2ocWzOifYdQi0c1OkeO +Duk96Bycpqto4mIgCeKzFvdDnehh6B3ArBkMq90GXIytVeN/uiC6ex54x0B4H2bg +26A7zXOQpWtxl+8W76OR+g8GPksjaIH8Jd76mQv5ufWBFVmxsUFCHKUXy7W6n81G +/iLIeaiVA3DiVCxYGiapayW07XdiV1/nlJhyfaazTDVOVGiFNNDzuPjBNpTbj5ku +/epoR+FHT7sMe9yF4eYccQBdFdMXtTPco4sqXhbipfBmw13g8bRZ3xoEZXfLDJXC ++y1mEgrmSTt0dkhvfpm5AkU= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:df:f8:ef:9a:5c:9c:67:d8:0e:b6:38:1d:ee:7c: + 41:bb:b2:43:e1:3a:f6:6d:61:1c:68:3b:6d:b7:1d: + 1b:5c:89:52:d7:2c:1a:05:d8:a5:0f:80:cf:ff:c3: + e7:32:d1:75:ca:e0:23:4e:99:96:24:ff:d5:d8:50: + de:ef:a0:88:bb:e4:2b:a1:da:80:85:68:05:4b:04: + b6:29:be:04:8a:b2:fd:5b:c8:4e:6b:9b:ad:81:c0: + 25:05:7a:eb:16:ae:21:7d:1c:2a:74:7d:a9:7a:88: + 64:55:d1:0a:79:45:14:28:ba:25:e1:7f:55:df:22: + ee:4a:15:f4:03:11:8f:8f:b4:e4:8a:6d:4a:7b:93: + 9c:82:ef:f3:f6:ef:f9:10:8e:f5:f0:7b:77:01:40: + da:bd:c2:16:e0:53:7a:2d:c2:d1:bd:69:1b:2c:0a: + 51:c8:63:02:f7:dc:94:6c:19:66:ee:d8:1f:be:41: + 99:b4:4f:18:ca:41:44:43:8c:f1:95:d7:db:2c:df: + 6c:a4:b7:b4:24:26:2a:93:8b:c5:a9:e6:91:c2:d7: + 25:3e:af:bb:c0:b2:4e:3d:38:75:30:07:3b:d7:30: + 5e:b6:91:c1:de:9d:cb:54:ab:00:f6:2a:fb:a4:4a: + 9e:8c:27:08:66:35:37:a7:3e:82:50:5a:24:18:91: + ca:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 94:38:F3:64:93:E5:2C:C9:0D:36:D1:16:21:13:90:2E:3E:E0:FA:94 + X509v3 Authority Key Identifier: + keyid:94:38:F3:64:93:E5:2C:C9:0D:36:D1:16:21:13:90:2E:3E:E0:FA:94 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6b:95:68:f5:58:3c:9d:dc:7d:55:6f:fc:51:58:6b:85:87:c4: + 6a:fd:6d:d3:e3:15:95:61:17:ec:40:67:82:98:a6:d1:36:b3: + c3:6c:71:9f:8f:b8:7c:ad:e8:bf:ed:87:46:06:e8:86:94:50: + 99:db:86:56:5c:8e:45:9b:88:d5:e3:4d:fe:06:19:b3:55:7d: + 25:a9:a9:cc:b2:99:ad:49:31:0b:89:db:79:65:86:ed:c2:d3: + a9:44:68:d3:a4:d7:b0:40:14:d7:ba:f9:d3:b1:b7:57:86:e8: + 06:ab:8d:6c:fb:be:05:2e:fc:6a:44:8f:80:bd:2d:3c:25:18: + 2e:dd:28:82:b7:04:a1:d7:dd:99:37:21:c6:0e:8c:74:79:36: + f9:95:14:6e:11:7f:3e:91:6e:88:79:9b:f5:8a:e7:32:d3:24: + f5:64:60:e2:49:df:14:f0:5b:5a:47:0f:4f:a9:16:89:f2:42: + 04:d2:ab:fa:26:12:9a:4e:fb:c5:5d:49:a5:82:13:e2:71:80: + ca:97:dc:42:9b:72:50:72:0e:06:51:0b:f4:7f:81:43:d2:31: + 9c:5c:a9:b1:06:90:1e:eb:f7:60:4b:a7:e2:c4:1d:cd:b6:53: + e8:9e:11:13:d1:b2:19:25:d8:8c:4b:ac:31:63:13:f5:85:b9: + 59:14:92:92 +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN/475pcnGfYDrY4He58 +QbuyQ+E69m1hHGg7bbcdG1yJUtcsGgXYpQ+Az//D5zLRdcrgI06ZliT/1dhQ3u+g +iLvkK6HagIVoBUsEtim+BIqy/VvITmubrYHAJQV66xauIX0cKnR9qXqIZFXRCnlF +FCi6JeF/Vd8i7koV9AMRj4+05IptSnuTnILv8/bv+RCO9fB7dwFA2r3CFuBTei3C +0b1pGywKUchjAvfclGwZZu7YH75BmbRPGMpBREOM8ZXX2yzfbKS3tCQmKpOLxanm +kcLXJT6vu8CyTj04dTAHO9cwXraRwd6dy1SrAPYq+6RKnownCGY1N6c+glBaJBiR +ytcCAwEAAaOByzCByDAdBgNVHQ4EFgQUlDjzZJPlLMkNNtEWIROQLj7g+pQwHwYD +VR0jBBgwFoAUlDjzZJPlLMkNNtEWIROQLj7g+pQwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBrlWj1WDyd +3H1Vb/xRWGuFh8Rq/W3T4xWVYRfsQGeCmKbRNrPDbHGfj7h8rei/7YdGBuiGlFCZ +24ZWXI5Fm4jV403+BhmzVX0lqanMspmtSTELidt5ZYbtwtOpRGjTpNewQBTXuvnT +sbdXhugGq41s+74FLvxqRI+AvS08JRgu3SiCtwSh192ZNyHGDox0eTb5lRRuEX8+ +kW6IeZv1iucy0yT1ZGDiSd8U8FtaRw9PqRaJ8kIE0qv6JhKaTvvFXUmlghPicYDK +l9xCm3JQcg4GUQv0f4FD0jGcXKmxBpAe6/dgS6fixB3NtlPonhET0bIZJdiMS6wx +YxP1hblZFJKS +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/rsa2048_device_cert.pem b/test/data/cast/common/certificate/certificates/rsa2048_device_cert.pem new file mode 100644 index 00000000..c63e532b --- /dev/null +++ b/test/data/cast/common/certificate/certificates/rsa2048_device_cert.pem @@ -0,0 +1,272 @@ +[Created by: ./generate_rsa_device_certs.py] + +Cast certificate chain where device certificate uses a + 2048-bit RSA key + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=RSA 2048 Device Cert + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:f6:7a:6f:33:8a:c9:b3:9d:db:a8:47:0c:2c:cd: + ff:27:db:37:7c:3f:8f:cf:6f:e4:f9:1c:77:6f:82: + 38:38:76:de:bb:2f:c5:df:47:15:3e:3d:f3:ee:d9: + 38:4e:c1:a6:2f:c4:dd:8e:ce:a9:a4:a6:4b:81:cb: + 0d:b2:89:cb:6f:a6:2c:83:cb:72:c8:26:b3:0d:d1: + b4:a1:66:f3:ca:d3:74:a9:6a:61:14:d7:6d:b0:0a: + 8f:a7:25:b5:d8:6a:0a:75:a3:e8:be:7e:6a:08:5f: + fc:31:46:2a:1d:e0:d3:21:6b:bf:1c:02:e8:b7:0a: + 6c:11:f1:69:50:32:15:59:04:c6:75:fe:2c:e7:c6: + cc:c8:89:7d:f7:16:da:89:16:b0:1f:10:b1:73:d1: + 00:06:c5:a5:e2:34:88:1f:8a:aa:d0:45:03:6e:82: + b5:ad:49:c7:ad:50:42:18:3a:35:35:88:90:68:98: + 02:bd:cc:d7:14:51:fe:86:bb:86:76:67:f2:8e:1f: + f9:3d:e1:e4:a3:dc:bd:b8:b0:6f:b6:14:b8:0b:a8: + 0d:24:cf:df:33:45:5a:0c:52:18:29:f9:94:4a:a2: + 14:c5:b8:90:6c:b6:fc:e1:a1:c5:d3:09:c0:f7:be: + 9b:be:84:e1:82:a9:58:7f:bc:7e:7a:0f:7d:40:e9: + 70:b5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 1F:F8:92:E0:17:EB:C1:D9:58:25:A3:29:5B:7D:BF:F7:0E:3D:AE:1C + X509v3 Authority Key Identifier: + keyid:66:32:63:74:0F:08:DC:E5:56:9E:6A:77:1F:94:2F:F5:10:F0:87:67 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 5f:19:b5:37:ec:ec:0a:2a:6b:30:28:7c:bd:8a:b4:f9:c0:a3: + 64:ba:ce:4a:51:6b:10:09:dd:90:08:00:b8:8e:2d:37:1d:dd: + 62:3a:13:c9:2a:15:31:6e:37:b5:15:75:2f:15:72:f3:a7:30: + 8c:f1:d1:04:78:d0:6d:cd:68:22:e5:f0:45:7b:52:7d:cf:a5: + aa:cb:a0:b0:ee:e0:a9:fe:c9:f4:3b:df:0f:49:20:bf:c1:79: + 13:65:50:b2:32:b9:4d:14:2a:7f:55:ca:82:32:e5:6e:92:19: + 3e:c9:41:fa:9b:c0:f7:0a:a8:80:8c:ac:7f:45:79:8d:24:d9: + 0f:2d:9c:65:d7:e9:83:8e:61:b1:32:01:44:8f:09:8f:b6:b2: + aa:57:d2:e2:95:67:b7:b4:9b:ae:01:ac:3e:3e:27:d0:97:20: + 02:42:3b:47:0a:bf:a2:e6:10:a8:59:f2:df:26:30:88:29:b5: + a4:81:a2:2a:e8:c0:d8:b8:96:d3:15:88:30:bc:7a:f0:9a:a4: + a1:a6:49:b4:3d:e3:4b:24:9b:f7:52:50:70:74:f3:56:4f:4f: + e3:91:bc:80:28:3b:59:b8:df:e8:23:24:67:3a:c0:c1:29:b9: + c0:4a:ba:4b:41:35:f7:eb:6a:d7:65:b3:13:70:c6:08:74:5a: + ba:2d:b1:bb +-----BEGIN CERTIFICATE----- +MIIDkTCCAnmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAfMR0wGwYD +VQQDDBRSU0EgMjA0OCBEZXZpY2UgQ2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAPZ6bzOKybOd26hHDCzN/yfbN3w/j89v5Pkcd2+CODh23rsvxd9H +FT498+7ZOE7Bpi/E3Y7OqaSmS4HLDbKJy2+mLIPLcsgmsw3RtKFm88rTdKlqYRTX +bbAKj6cltdhqCnWj6L5+aghf/DFGKh3g0yFrvxwC6LcKbBHxaVAyFVkExnX+LOfG +zMiJffcW2okWsB8QsXPRAAbFpeI0iB+KqtBFA26Cta1Jx61QQhg6NTWIkGiYAr3M +1xRR/oa7hnZn8o4f+T3h5KPcvbiwb7YUuAuoDSTP3zNFWgxSGCn5lEqiFMW4kGy2 +/OGhxdMJwPe+m76E4YKpWH+8fnoPfUDpcLUCAwEAAaOB3zCB3DAdBgNVHQ4EFgQU +H/iS4BfrwdlYJaMpW32/9w49rhwwHwYDVR0jBBgwFoAUZjJjdA8I3OVWnmp3H5Qv +9RDwh2cwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzAChiNodHRwOi8vdXJsLWZv +ci1haWEvSW50ZXJtZWRpYXRlLmNlcjA0BgNVHR8ELTArMCmgJ6AlhiNodHRwOi8v +dXJsLWZvci1jcmwvSW50ZXJtZWRpYXRlLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYD +VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAF8ZtTfs7AoqazAo +fL2KtPnAo2S6zkpRaxAJ3ZAIALiOLTcd3WI6E8kqFTFuN7UVdS8VcvOnMIzx0QR4 +0G3NaCLl8EV7Un3PparLoLDu4Kn+yfQ73w9JIL/BeRNlULIyuU0UKn9VyoIy5W6S +GT7JQfqbwPcKqICMrH9FeY0k2Q8tnGXX6YOOYbEyAUSPCY+2sqpX0uKVZ7e0m64B +rD4+J9CXIAJCO0cKv6LmEKhZ8t8mMIgptaSBoirowNi4ltMViDC8evCapKGmSbQ9 +40skm/dSUHB081ZPT+ORvIAoO1m43+gjJGc6wMEpucBKuktBNffratdlsxNwxgh0 +Wrotsbs= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:da:bd:1b:16:83:47:79:63:b4:b1:d2:d8:a7:e8: + d2:bc:4d:20:70:fd:e2:aa:d3:c8:12:ea:b4:b1:8d: + df:ed:97:70:b7:96:41:80:c0:52:7c:62:49:93:3d: + 57:43:f2:c0:f9:17:cc:11:28:ee:49:3a:e7:56:54: + 3b:08:ee:c8:77:9a:85:be:9a:28:d1:ba:69:3f:57: + 5b:f1:6e:40:d0:78:22:b5:a4:41:b4:8a:00:2e:b1: + 83:93:fc:59:dd:39:e8:77:dd:0c:a3:9a:d1:ec:c2: + bc:cd:1b:ec:14:96:45:e9:33:de:e6:53:f6:3a:80: + 66:8e:b7:f2:78:7f:5a:e5:57:3e:cc:a9:12:4b:bf: + b6:02:30:85:1a:b7:65:6e:57:32:90:bd:64:13:c4: + 43:9e:4a:2f:05:3d:c5:61:bf:2f:d0:56:c9:75:8f: + 36:95:42:b4:3a:97:38:a8:41:26:34:cc:ec:41:97: + 52:10:f9:de:2c:21:b2:52:5d:28:07:75:3a:23:2b: + 4e:01:38:fd:f5:2d:15:f2:8c:f4:32:9e:ad:b1:da: + 2d:3c:82:68:7b:0c:9b:f9:c1:38:4f:81:6f:29:e0: + ae:a7:8d:6f:69:82:24:4a:24:74:a4:fa:09:8a:bf: + 16:5d:bc:f3:a8:6c:ec:9b:ed:1d:75:a9:f2:c4:ed: + ad:87 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 66:32:63:74:0F:08:DC:E5:56:9E:6A:77:1F:94:2F:F5:10:F0:87:67 + X509v3 Authority Key Identifier: + keyid:7E:4B:E4:D7:F7:28:D4:4D:56:94:D8:9F:0A:C2:A7:CC:AD:4A:BD:C1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 58:82:68:4d:2f:e7:a1:f5:cb:16:b6:bb:52:4a:0b:34:61:ca: + 5b:d1:57:fe:11:8b:86:54:5f:9a:92:bd:31:f9:7a:16:a3:3d: + 81:7f:c9:06:63:92:5d:91:29:a7:5b:13:22:fb:99:89:78:15: + 8f:bf:67:85:ce:06:98:e7:79:03:99:fb:06:4d:88:26:c0:28: + c5:46:91:92:94:1a:7e:2b:c2:4b:5a:b3:0c:d9:df:25:4d:ae: + b8:b6:10:5e:54:dc:26:60:6c:17:99:e7:6c:66:d2:cb:f3:a9: + c8:68:5d:5b:d4:71:b0:ea:35:c9:03:3f:32:d4:e2:1b:bc:05: + 36:05:62:0d:75:95:db:17:a2:a5:0b:3e:4d:b9:bf:bb:22:e0: + 4c:64:83:29:31:31:0a:e7:5a:a2:8b:07:30:1c:53:3a:f7:7d: + 12:1d:96:85:b8:f5:e2:a9:fa:36:ad:fb:5d:43:63:da:bc:68: + 01:cb:12:ff:5a:07:1d:72:4f:ad:56:f4:70:d6:44:de:80:cc: + e5:17:77:0b:94:1b:0f:f2:5f:2a:1a:97:c0:9c:7a:61:e2:43: + 80:86:5a:62:6b:3b:2d:f5:9f:c2:a1:52:33:8e:7a:33:c2:c9: + 79:21:a2:ec:38:25:8f:44:58:c7:2e:b5:29:ae:8b:94:ed:72: + 42:22:aa:32 +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2r0bFoNH +eWO0sdLYp+jSvE0gcP3iqtPIEuq0sY3f7Zdwt5ZBgMBSfGJJkz1XQ/LA+RfMESju +STrnVlQ7CO7Id5qFvpoo0bppP1db8W5A0HgitaRBtIoALrGDk/xZ3Tnod90Mo5rR +7MK8zRvsFJZF6TPe5lP2OoBmjrfyeH9a5Vc+zKkSS7+2AjCFGrdlblcykL1kE8RD +nkovBT3FYb8v0FbJdY82lUK0Opc4qEEmNMzsQZdSEPneLCGyUl0oB3U6IytOATj9 +9S0V8oz0Mp6tsdotPIJoewyb+cE4T4FvKeCup41vaYIkSiR0pPoJir8WXbzzqGzs +m+0ddanyxO2thwIDAQABo4HLMIHIMB0GA1UdDgQWBBRmMmN0Dwjc5VaeancflC/1 +EPCHZzAfBgNVHSMEGDAWgBR+S+TX9yjUTVaU2J8KwqfMrUq9wTA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AFiCaE0v56H1yxa2u1JKCzRhylvRV/4Ri4ZUX5qSvTH5ehajPYF/yQZjkl2RKadb +EyL7mYl4FY+/Z4XOBpjneQOZ+wZNiCbAKMVGkZKUGn4rwktaswzZ3yVNrri2EF5U +3CZgbBeZ52xm0svzqchoXVvUcbDqNckDPzLU4hu8BTYFYg11ldsXoqULPk25v7si +4ExkgykxMQrnWqKLBzAcUzr3fRIdloW49eKp+jat+11DY9q8aAHLEv9aBx1yT61W +9HDWRN6AzOUXdwuUGw/yXyoal8CcemHiQ4CGWmJrOy31n8KhUjOOejPCyXkhouw4 +JY9EWMcutSmui5TtckIiqjI= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2018 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a8:ba:56:64:50:cb:eb:c8:c5:7a:6a:dc:72:24: + b9:09:22:03:5f:ca:55:51:15:eb:16:a9:4d:6c:a9: + a0:3d:26:88:5a:4c:0f:9c:b1:49:29:3b:ee:ad:c5: + 8c:11:9f:c3:75:44:e9:d1:25:80:02:ec:98:c5:0e: + 42:40:91:c3:85:cf:da:e2:98:0f:1d:66:87:c0:4a: + 46:4f:c5:ec:ac:27:82:2f:80:cb:78:e7:a7:a1:06: + c5:88:d3:b8:dd:82:d4:c7:7c:52:3c:01:7a:d7:ae: + cc:bd:0f:00:4b:8f:23:1c:c9:ee:d8:e8:b3:b7:c5: + c3:23:dd:85:2f:e9:aa:4d:b7:ef:5c:58:18:59:21: + 41:5c:40:fe:77:d9:0f:cd:5c:c8:2d:74:a2:98:c6: + 13:d4:a1:54:3a:a7:2a:e0:42:b8:4c:89:5c:b4:5c: + 34:7e:61:de:b2:5e:3f:1f:f2:5c:65:7c:53:14:94: + 76:33:36:c0:cf:16:7d:6d:52:71:20:6a:9a:7a:3d: + 0f:3d:12:ea:94:8b:eb:b0:07:61:d8:13:92:3e:e6: + ac:b8:0c:02:92:0b:a0:ca:9a:7b:52:08:05:cc:db: + 1b:40:3e:b1:30:b2:7d:18:f5:2e:e0:f2:69:df:b6: + a2:3d:94:04:47:3e:f4:63:b4:07:a1:94:30:43:02: + 7f:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 7E:4B:E4:D7:F7:28:D4:4D:56:94:D8:9F:0A:C2:A7:CC:AD:4A:BD:C1 + X509v3 Authority Key Identifier: + keyid:7E:4B:E4:D7:F7:28:D4:4D:56:94:D8:9F:0A:C2:A7:CC:AD:4A:BD:C1 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 6b:18:91:92:32:ce:f7:0e:7d:d1:87:ce:95:80:b4:6d:c5:be: + e3:83:11:be:71:b5:0c:c0:b6:97:c8:e7:10:70:02:8a:2c:09: + 79:6a:25:42:03:ef:6b:88:07:81:8f:0f:a2:d2:d8:57:39:7e: + a8:8c:de:33:b3:3d:cf:dc:b9:26:ad:82:95:83:67:3e:a2:8b: + 93:43:1d:39:9a:3e:fb:1d:81:84:e9:bc:33:a7:80:13:97:fc: + a7:00:13:f4:44:aa:2c:f4:a6:1b:da:8c:fe:9d:e6:2e:04:b1: + 4d:68:cc:c6:b9:f3:52:6e:dd:ce:6a:86:ee:a1:fa:60:c7:fe: + e0:ce:1f:14:80:dd:02:e8:08:9c:b4:d5:e3:3a:5d:5c:44:c5: + 6e:cc:99:b0:27:94:c7:56:3a:60:d9:c3:bd:e7:4c:4a:6c:0f: + 77:53:67:5f:f6:bb:3b:b9:13:dc:4f:97:ee:86:8c:17:1b:8b: + d7:6b:2a:24:40:82:4a:5f:d6:96:cd:45:2a:c8:fc:c6:93:22: + 5d:c7:e6:bc:76:9f:1f:5a:1c:4a:64:6d:10:d9:61:28:11:11: + 7d:3b:74:2a:a9:af:77:5f:b4:02:5b:b7:18:c6:3c:cf:70:a1: + a2:89:5a:5f:6f:fb:44:70:ab:29:6a:66:07:8a:85:3e:5a:32: + 50:70:5c:59 +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKi6VmRQy+vIxXpq3HIk +uQkiA1/KVVEV6xapTWypoD0miFpMD5yxSSk77q3FjBGfw3VE6dElgALsmMUOQkCR +w4XP2uKYDx1mh8BKRk/F7Kwngi+Ay3jnp6EGxYjTuN2C1Md8UjwBeteuzL0PAEuP +IxzJ7tjos7fFwyPdhS/pqk2371xYGFkhQVxA/nfZD81cyC10opjGE9ShVDqnKuBC +uEyJXLRcNH5h3rJePx/yXGV8UxSUdjM2wM8WfW1ScSBqmno9Dz0S6pSL67AHYdgT +kj7mrLgMApILoMqae1IIBczbG0A+sTCyfRj1LuDyad+2oj2UBEc+9GO0B6GUMEMC +f0MCAwEAAaOByzCByDAdBgNVHQ4EFgQUfkvk1/co1E1WlNifCsKnzK1KvcEwHwYD +VR0jBBgwFoAUfkvk1/co1E1WlNifCsKnzK1KvcEwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBrGJGSMs73 +Dn3Rh86VgLRtxb7jgxG+cbUMwLaXyOcQcAKKLAl5aiVCA+9riAeBjw+i0thXOX6o +jN4zsz3P3LkmrYKVg2c+oouTQx05mj77HYGE6bwzp4ATl/ynABP0RKos9KYb2oz+ +neYuBLFNaMzGufNSbt3Oaobuofpgx/7gzh8UgN0C6AictNXjOl1cRMVuzJmwJ5TH +Vjpg2cO950xKbA93U2df9rs7uRPcT5fuhowXG4vXayokQIJKX9aWzUUqyPzGkyJd +x+a8dp8fWhxKZG0Q2WEoERF9O3Qqqa93X7QCW7cYxjzPcKGiiVpfb/tEcKspamYH +ioU+WjJQcFxZ +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/unchained.pem b/test/data/cast/common/certificate/certificates/unchained.pem new file mode 100644 index 00000000..f4012218 --- /dev/null +++ b/test/data/cast/common/certificate/certificates/unchained.pem @@ -0,0 +1,82 @@ +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 30 (0x1e) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Test Untrusted ICA + Validity + Not Before: Jan 22 00:02:35 2015 GMT + Not After : Jan 17 00:02:35 2035 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Test Untrusted Device + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bb:68:cb:94:9a:ca:8b:41:40:8a:b7:50:6d:e4: + c9:d1:d5:c7:81:f6:c6:44:7e:cc:b3:de:bc:77:68: + 97:88:f5:ce:40:cc:f5:8f:d2:d1:44:3b:a5:8b:54: + d3:05:02:b3:dc:04:ee:b1:17:31:2c:6d:bf:bc:23: + a6:f2:55:7d:c1:f3:94:7e:65:f2:b5:5f:fc:c3:91: + fb:91:f2:d0:4f:88:33:1a:56:f9:de:f2:d3:8f:a9: + 58:1e:1f:e2:0e:99:ac:3b:6c:32:93:89:37:68:c3: + 7a:e6:28:12:8e:cf:3a:a2:10:64:d5:f8:6b:31:99: + 3d:88:56:04:1c:93:7e:5e:e3:9c:ed:a6:e3:3c:13: + 56:bc:0c:39:32:ff:4d:3e:2a:6e:b9:6e:4d:61:35: + 2d:e8:ac:ed:bd:7e:e8:66:21:7c:8c:29:17:b1:b7: + d2:36:0b:bb:a1:a8:91:73:32:76:75:cc:87:6d:a8: + b9:53:78:0b:9a:08:01:0c:09:b3:34:ac:42:1c:ec: + d2:bb:50:09:9c:b7:63:41:aa:65:a9:47:0c:88:bd: + f7:e4:94:c6:3e:47:69:ad:88:99:9b:8e:6f:d4:24: + 19:59:0a:22:a9:7d:be:f9:26:d1:75:68:07:e0:7f: + 8a:e6:72:f9:d4:5c:b3:66:21:a8:5e:2c:51:17:76: + 86:ab + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 74:4B:08:93:5E:9E:C0:19:7B:B9:0E:17:83:87:10:B8:97:B4:45:EB + X509v3 Authority Key Identifier: + keyid:6B:7E:E5:CA:B2:CD:E5:F1:71:14:86:E2:E5:2D:66:A8:59:A8:54:88 + + X509v3 Key Usage: + Digital Signature + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 6c:7a:82:f8:1a:ec:e8:ed:45:3f:12:d4:d5:8f:2c:84:1b:99: + 2a:d3:e5:6c:e2:b2:f5:cb:3e:8d:11:82:d0:3f:08:f5:fb:a8: + 21:4a:04:c9:bd:5e:eb:3b:8a:4d:61:3f:3e:86:ff:ca:13:2e: + 49:b1:1f:d7:0b:6f:58:9e:cc:02:96:95:01:81:ac:11:19:fa: + a5:0e:e8:8f:16:fd:60:6f:b2:c5:34:fa:a7:4f:4f:30:64:63: + 9a:da:ef:81:73:fc:d0:fb:40:89:5e:b0:98:cb:0d:b2:e7:ac: + 56:5b:ef:77:22:db:50:f9:d5:93:dd:a9:16:7e:c1:4e:24:20: + fe:7c:d5:a3:2e:63:86:18:f1:e2:61:96:d8:bd:e9:af:ef:a8: + 9a:8f:3c:89:86:7e:60:ce:a2:7c:c4:e4:19:93:90:6e:64:92: + 47:bd:b4:67:5a:8a:b4:a7:c8:eb:69:e6:3a:cb:ac:7e:87:a7: + 57:17:cc:02:c5:a0:85:bc:42:6e:26:b8:ed:95:ef:41:f1:75: + 95:f2:10:39:80:79:8b:2e:45:75:59:2d:36:3f:04:dc:11:0d: + b0:da:a0:0a:22:20:4d:be:b5:a0:aa:19:7d:7b:78:11:9a:9e: + e0:02:5c:20:0b:87:da:91:4b:e6:b2:a7:b8:d0:a3:07:16:3d: + bf:b7:31:e0 +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBHjANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMxEzARBgNVBAg +MCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbm +MxDTALBgNVBAsMBENhc3QxIDAeBgNVBAMMF0Nhc3QgVGVzdCBVbnRydXN0ZWQgSUNBMB4XDTE1M +DEyMjAwMDIzNVoXDTM1MDExNzAwMDIzNVowgYMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp +Zm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgSW5jMQ0wCwY +DVQQLDARDYXN0MSMwIQYDVQQDDBpDYXN0IFRlc3QgVW50cnVzdGVkIERldmljZTCCASIwDQYJKo +ZIhvcNAQEBBQADggEPADCCAQoCggEBALtoy5SayotBQIq3UG3kydHVx4H2xkR+zLPevHdol4j1z +kDM9Y/S0UQ7pYtU0wUCs9wE7rEXMSxtv7wjpvJVfcHzlH5l8rVf/MOR+5Hy0E+IMxpW+d7y04+p +WB4f4g6ZrDtsMpOJN2jDeuYoEo7POqIQZNX4azGZPYhWBByTfl7jnO2m4zwTVrwMOTL/TT4qbrl +uTWE1Leis7b1+6GYhfIwpF7G30jYLu6GokXMydnXMh22ouVN4C5oIAQwJszSsQhzs0rtQCZy3Y0 +GqZalHDIi99+SUxj5Haa2ImZuOb9QkGVkKIql9vvkm0XVoB+B/iuZy+dRcs2YhqF4sURd2hqsCA +wEAAaNvMG0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUdEsIk16ewBl7uQ4Xg4cQuJe0ReswHwYDVR0j +BBgwFoAUa37lyrLN5fFxFIbi5S1mqFmoVIgwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQU +FBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBseoL4Guzo7UU/EtTVjyyEG5kq0+Vs4rL1yz6NEYLQPw +j1+6ghSgTJvV7rO4pNYT8+hv/KEy5JsR/XC29YnswClpUBgawRGfqlDuiPFv1gb7LFNPqnT08wZ +GOa2u+Bc/zQ+0CJXrCYyw2y56xWW+93IttQ+dWT3akWfsFOJCD+fNWjLmOGGPHiYZbYvemv76ia +jzyJhn5gzqJ8xOQZk5BuZJJHvbRnWoq0p8jraeY6y6x+h6dXF8wCxaCFvEJuJrjtle9B8XWV8hA +5gHmLLkV1WS02PwTcEQ2w2qAKIiBNvrWgqhl9e3gRmp7gAlwgC4fakUvmsqe40KMHFj2/tzHg +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/certificates/violates_root_pathlen_constraint.pem b/test/data/cast/common/certificate/certificates/violates_root_pathlen_constraint.pem new file mode 100644 index 00000000..a7c3e4ae --- /dev/null +++ b/test/data/cast/common/certificate/certificates/violates_root_pathlen_constraint.pem @@ -0,0 +1,393 @@ +Certifcate chain: + +Target -> Intermediate2 -> Intermediate1 -> Root + +The root certificate has a pathlen=1 constraint on it, so when validating with +trust anchor constraints enforced this should fail. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate2 + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2017 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:cc:e7:c5:5e:00:e6:6e:62:c7:a5:ee:c5:6e:e0: + a1:1a:83:a7:fa:c8:90:ee:82:ef:94:b7:4c:b8:56: + 2e:71:e1:03:67:dc:82:35:1e:b3:68:79:43:86:8f: + 04:30:86:a7:4e:43:59:52:9f:e7:43:b8:8e:c1:70: + a4:59:d7:c0:c4:ae:da:70:dc:1a:52:a0:05:1c:c8: + 1c:3d:1f:6e:c1:b2:ea:5e:e6:56:f2:4a:3c:01:19: + 9a:19:fb:c1:fe:62:77:93:fb:4e:55:44:e3:4f:d6: + c4:bb:32:ef:aa:67:53:04:50:5c:db:06:3b:7e:37: + 82:92:26:f2:47:38:c4:6a:9b:d8:42:32:44:1b:89: + 84:ab:77:af:ec:27:c3:34:4e:d2:e5:8a:77:40:61: + 76:fb:6d:78:3d:a4:d6:00:64:83:24:3b:fc:6b:83: + 00:59:03:c1:9b:4f:5e:94:ac:f0:50:5e:e4:d1:e7: + 60:c9:f3:74:6e:91:a2:47:47:6c:5a:a3:0b:83:3d: + 50:a4:eb:1c:9e:83:7e:3c:f3:68:87:e8:d6:a6:30: + 0d:01:a8:9d:96:de:a6:ff:7f:1a:36:5c:7b:b6:92: + 73:ec:9d:f1:b6:5f:c5:3c:c8:2a:98:35:15:16:b5: + 8d:78:ea:2c:3a:22:14:d4:4d:13:7c:70:81:8b:66: + 6a:63 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 6C:44:41:6E:89:1C:49:B5:BF:47:3C:98:EA:28:86:E2:1A:17:64:09 + X509v3 Authority Key Identifier: + keyid:BE:E8:01:F9:AD:F7:6E:8B:62:7E:59:3A:10:CC:60:78:95:62:9C:CA + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate2.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate2.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 48:66:26:79:cd:4f:a1:7b:ca:fc:49:27:60:c1:e0:17:6f:14: + 13:ae:a0:be:44:d4:49:68:63:31:b1:11:f2:65:7d:2e:13:d9: + df:12:19:fd:ac:8b:03:b6:a3:84:4c:a1:0a:67:3a:35:80:a0: + c7:a1:0c:3b:c8:7a:4a:bc:b2:78:02:80:98:aa:46:ca:55:cd: + d1:5d:60:d8:80:b5:a3:f1:76:7a:0d:a1:9a:f0:4b:da:e1:24: + b7:f9:41:90:6b:fa:d5:ba:e5:31:5a:49:a7:9d:3d:b0:10:64: + fe:2f:f5:aa:88:09:75:dd:86:57:bb:29:a8:80:87:fb:5c:a9: + 97:9b:7f:9b:f9:2b:c5:9d:1e:01:46:a7:f2:a1:42:f5:5d:c7: + 95:fe:a3:85:5b:23:c1:a7:6b:1d:d5:ab:b0:09:44:14:2f:ea: + db:ca:02:4d:1c:05:b9:88:ce:1e:97:d8:aa:7e:54:5f:a5:fa: + ed:af:25:d0:a8:33:5e:b6:c7:71:0c:8d:6a:f0:d4:c7:e1:d9: + fe:9b:e9:f6:cc:cf:62:36:45:bc:10:53:27:3c:59:83:38:62: + 6f:24:87:7e:a4:9b:c9:fc:4b:2a:6e:22:cc:3a:23:17:12:68: + 16:fc:40:10:2c:fc:68:46:ff:3b:97:94:88:b3:70:05:1d:40: + f7:05:8c:cd +-----BEGIN CERTIFICATE----- +MIIDkDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1JbnRl +cm1lZGlhdGUyMB4XDTE1MDEwMTEyMDAwMFoXDTE3MDEwMTEyMDAwMFowETEPMA0G +A1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOfF +XgDmbmLHpe7FbuChGoOn+siQ7oLvlLdMuFYuceEDZ9yCNR6zaHlDho8EMIanTkNZ +Up/nQ7iOwXCkWdfAxK7acNwaUqAFHMgcPR9uwbLqXuZW8ko8ARmaGfvB/mJ3k/tO +VUTjT9bEuzLvqmdTBFBc2wY7fjeCkibyRzjEapvYQjJEG4mEq3ev7CfDNE7S5Yp3 +QGF2+214PaTWAGSDJDv8a4MAWQPBm09elKzwUF7k0edgyfN0bpGiR0dsWqMLgz1Q +pOscnoN+PPNoh+jWpjANAaidlt6m/38aNlx7tpJz7J3xtl/FPMgqmDUVFrWNeOos +OiIU1E0TfHCBi2ZqYwIDAQABo4HrMIHoMB0GA1UdDgQWBBRsREFuiRxJtb9HPJjq +KIbiGhdkCTAfBgNVHSMEGDAWgBS+6AH5rfdui2J+WToQzGB4lWKcyjBABggrBgEF +BQcBAQQ0MDIwMAYIKwYBBQUHMAKGJGh0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1l +ZGlhdGUyLmNlcjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vdXJsLWZvci1jcmwv +SW50ZXJtZWRpYXRlMi5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEASGYmec1PoXvK/Ekn +YMHgF28UE66gvkTUSWhjMbER8mV9LhPZ3xIZ/ayLA7ajhEyhCmc6NYCgx6EMO8h6 +SryyeAKAmKpGylXN0V1g2IC1o/F2eg2hmvBL2uEkt/lBkGv61brlMVpJp509sBBk +/i/1qogJdd2GV7spqICH+1ypl5t/m/krxZ0eAUan8qFC9V3Hlf6jhVsjwadrHdWr +sAlEFC/q28oCTRwFuYjOHpfYqn5UX6X67a8l0KgzXrbHcQyNavDUx+HZ/pvp9szP +YjZFvBBTJzxZgzhibySHfqSbyfxLKm4izDojFxJoFvxAECz8aEb/O5eUiLNwBR1A +9wWMzQ== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate1 + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2017 GMT + Subject: CN=Intermediate2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a7:ec:37:93:db:d9:5f:78:b7:a7:b7:41:3a:a0: + 18:c6:33:52:72:15:ea:8e:71:4b:38:45:63:fe:5c: + 82:2d:6d:ec:86:9d:42:b4:48:24:9f:48:90:a9:7d: + 88:89:c8:52:09:57:34:84:65:7b:b5:81:68:cd:86: + a6:7a:b0:ae:d4:29:e4:62:6d:4a:f3:cf:a3:c7:12: + b4:5b:9d:9d:97:a1:49:f9:50:3f:a7:e9:bf:de:1f: + 44:35:be:61:57:e0:fc:25:0c:ca:db:aa:6a:bf:c0: + 9a:54:be:ad:08:d5:0b:9e:46:4c:b9:69:06:ba:dc: + b4:d5:21:19:c6:2a:ad:7c:63:27:a5:be:a7:85:79: + a3:7b:39:47:e0:90:4e:fc:2d:1a:58:55:9b:f2:34: + e7:c6:49:be:f7:b2:98:e5:29:46:60:66:28:67:24: + 1b:86:57:f7:a3:03:dc:0c:c8:b1:44:42:e5:db:f4: + 5c:34:e4:9b:06:56:43:16:0b:09:82:7c:b4:68:d8: + 0d:cd:34:6c:24:97:16:0e:e1:15:e0:03:04:9a:c6: + c7:e1:8e:45:2b:0f:d5:90:fc:f0:8a:05:79:e5:5e: + ed:85:b0:fe:87:08:e7:6b:7c:d6:a0:37:7f:63:af: + 08:19:dd:a9:59:02:78:2d:67:6b:95:d3:e2:f2:07: + 58:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + BE:E8:01:F9:AD:F7:6E:8B:62:7E:59:3A:10:CC:60:78:95:62:9C:CA + X509v3 Authority Key Identifier: + keyid:AC:1F:06:9D:6A:D6:77:47:85:F5:29:6A:85:DF:71:F7:AC:F7:83:93 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate1.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate1.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 56:5b:1e:a3:6c:34:0f:79:dc:8c:ce:60:2d:46:9e:32:75:18: + 06:6a:c4:3e:4d:90:a8:36:33:af:37:7f:16:2b:9f:55:8f:d5: + b7:93:2e:7a:62:85:df:52:c1:e2:19:df:21:7e:0d:eb:74:1f: + 8e:dd:d2:9b:42:49:2b:bb:ca:bf:4a:65:f4:33:c7:29:fa:0a: + ce:16:95:28:77:85:eb:a3:50:f8:b0:a9:49:7a:00:15:06:92: + 63:34:38:37:aa:7c:18:15:c8:61:ef:a6:e2:43:ad:41:bd:2d: + 23:06:9c:6c:b6:ee:0c:2d:e2:b1:1f:ce:1a:39:83:db:ab:7b: + e2:cf:03:f4:bc:e1:8d:9e:22:50:bb:c3:82:04:a1:9b:1a:b6: + 8f:28:dc:2b:f0:5c:3a:c6:99:5e:5c:b0:be:c0:ad:6a:56:ba: + 1c:88:d1:d6:6a:76:d2:bd:ef:91:3c:f2:f3:ad:19:2f:1d:42: + fc:1a:c7:6a:a9:48:75:04:14:be:1d:d0:bb:4c:d8:7c:93:c4: + eb:25:58:02:0e:2f:66:a9:64:28:23:0c:a7:55:51:94:c8:e6: + 65:15:58:e3:53:02:56:f8:13:fa:08:51:3d:a7:35:e2:15:a9: + 59:0e:48:1f:9e:c7:dc:cc:a2:1f:db:c9:3d:46:b6:0e:5d:2e: + bc:85:5f:4d +-----BEGIN CERTIFICATE----- +MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1JbnRl +cm1lZGlhdGUxMB4XDTE1MDEwMTEyMDAwMFoXDTE3MDEwMTEyMDAwMFowGDEWMBQG +A1UEAwwNSW50ZXJtZWRpYXRlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAKfsN5Pb2V94t6e3QTqgGMYzUnIV6o5xSzhFY/5cgi1t7IadQrRIJJ9IkKl9 +iInIUglXNIRle7WBaM2GpnqwrtQp5GJtSvPPo8cStFudnZehSflQP6fpv94fRDW+ +YVfg/CUMytuqar/AmlS+rQjVC55GTLlpBrrctNUhGcYqrXxjJ6W+p4V5o3s5R+CQ +TvwtGlhVm/I058ZJvveymOUpRmBmKGckG4ZX96MD3AzIsURC5dv0XDTkmwZWQxYL +CYJ8tGjYDc00bCSXFg7hFeADBJrGx+GORSsP1ZD88IoFeeVe7YWw/ocI52t81qA3 +f2OvCBndqVkCeC1na5XT4vIHWOMCAwEAAaOB3TCB2jAdBgNVHQ4EFgQUvugB+a33 +botiflk6EMxgeJVinMowHwYDVR0jBBgwFoAUrB8GnWrWd0eF9Slqhd9x96z3g5Mw +QAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vdXJsLWZvci1haWEv +SW50ZXJtZWRpYXRlMS5jZXIwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL3VybC1m +b3ItY3JsL0ludGVybWVkaWF0ZTEuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB +Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBWWx6jbDQPedyMzmAtRp4ydRgG +asQ+TZCoNjOvN38WK59Vj9W3ky56YoXfUsHiGd8hfg3rdB+O3dKbQkkru8q/SmX0 +M8cp+grOFpUod4Xro1D4sKlJegAVBpJjNDg3qnwYFchh76biQ61BvS0jBpxstu4M +LeKxH84aOYPbq3vizwP0vOGNniJQu8OCBKGbGraPKNwr8Fw6xpleXLC+wK1qVroc +iNHWanbSve+RPPLzrRkvHUL8GsdqqUh1BBS+HdC7TNh8k8TrJVgCDi9mqWQoIwyn +VVGUyOZlFVjjUwJW+BP6CFE9pzXiFalZDkgfnsfczKIf28k9RrYOXS68hV9N +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2017 GMT + Subject: CN=Intermediate1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bd:dc:ee:4c:41:6f:ec:b0:20:19:e3:70:5f:b0: + 25:ed:ac:de:06:06:25:0e:6d:e8:14:cf:cd:8a:93: + 14:3d:27:d4:7f:a5:31:a0:5e:bb:7f:ce:f3:f4:3e: + 04:60:04:05:45:4b:c7:28:c7:66:75:c0:0b:dd:37: + 27:4b:43:c0:dc:20:76:34:e5:ac:8d:29:9c:62:fb: + 43:9a:4c:c0:44:52:ca:e3:fa:6f:1d:85:39:a9:c0: + 45:32:46:eb:97:4e:f4:81:0d:f2:0a:ea:36:4f:f3: + 85:4d:bf:d6:76:97:ff:05:35:fa:19:fe:d4:f2:ed: + 22:73:ad:10:5f:ce:7d:fe:a7:40:d0:dc:ef:39:65: + ce:6f:79:3d:18:96:a2:c9:5b:d4:85:2a:52:16:eb: + 66:87:90:e6:82:0f:89:0b:56:9a:26:66:4a:03:39: + ef:28:ad:a8:fa:3f:e6:cb:27:fa:fc:6b:7d:cc:de: + 5b:7d:7f:01:c7:75:0e:4b:a8:88:fa:80:61:c9:8c: + 84:43:4b:c1:73:17:be:23:ed:ee:a7:9f:68:cb:10: + 3d:bd:a1:d4:c0:f3:71:ef:40:5e:82:29:a7:e7:97: + 57:20:b7:b9:d8:0d:f2:f4:31:99:37:0d:76:4f:6e: + e4:10:e1:c5:20:20:86:30:2c:fb:2d:86:cf:22:64: + b6:17 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AC:1F:06:9D:6A:D6:77:47:85:F5:29:6A:85:DF:71:F7:AC:F7:83:93 + X509v3 Authority Key Identifier: + keyid:0A:DF:C7:0D:59:04:C9:15:E8:1C:79:ED:96:12:22:7C:E6:0D:36:3E + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 76:78:87:7e:d8:e4:50:5f:9d:c0:92:51:2a:2e:8c:f5:65:97: + 00:52:31:7f:30:8a:33:d1:37:49:1d:57:c3:60:a1:46:48:bc: + 95:51:a8:ef:4c:55:5b:8b:e5:b1:84:57:72:ad:e8:aa:30:1d: + 2c:f5:cb:e6:b4:88:1b:af:72:1b:37:72:94:16:73:8f:ad:d2: + 04:58:68:bc:ac:cc:01:5d:a6:e1:78:c7:b8:7c:38:fb:68:3d: + 58:04:77:e7:35:37:1f:30:c5:72:63:d0:2f:0f:ac:46:ad:33: + 01:58:a7:23:a7:a5:fe:c0:e2:2b:61:fc:9a:f0:ab:a7:97:9d: + d2:e6:b1:db:52:1e:c3:0c:bf:6a:e0:3c:4b:97:73:c6:84:84: + 56:d4:03:35:a0:a5:e5:16:91:02:51:5d:c9:87:13:47:63:92: + c0:ac:f0:2b:43:26:f8:f3:32:c7:a7:39:7c:84:1b:53:15:10: + 7a:94:14:e0:b6:7b:98:74:9c:55:88:6b:0d:64:02:8b:a7:17: + 4a:76:3f:1d:26:c6:4a:20:03:3a:69:e4:fb:cf:65:95:46:68: + 73:66:47:9f:50:86:26:e6:1a:db:eb:45:04:07:7a:79:4d:be: + 93:43:30:0d:5f:19:02:71:f2:d4:bc:e0:2e:51:ad:0c:af:59: + ae:47:c9:a7 +-----BEGIN CERTIFICATE----- +MIIDbjCCAlagAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE3MDEwMTEyMDAwMFowGDEWMBQGA1UEAwwNSW50 +ZXJtZWRpYXRlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3c7kxB +b+ywIBnjcF+wJe2s3gYGJQ5t6BTPzYqTFD0n1H+lMaBeu3/O8/Q+BGAEBUVLxyjH +ZnXAC903J0tDwNwgdjTlrI0pnGL7Q5pMwERSyuP6bx2FOanARTJG65dO9IEN8grq +Nk/zhU2/1naX/wU1+hn+1PLtInOtEF/Off6nQNDc7zllzm95PRiWoslb1IUqUhbr +ZoeQ5oIPiQtWmiZmSgM57yitqPo/5ssn+vxrfczeW31/Acd1DkuoiPqAYcmMhENL +wXMXviPt7qefaMsQPb2h1MDzce9AXoIpp+eXVyC3udgN8vQxmTcNdk9u5BDhxSAg +hjAs+y2GzyJkthcCAwEAAaOByzCByDAdBgNVHQ4EFgQUrB8GnWrWd0eF9Slqhd9x +96z3g5MwHwYDVR0jBBgwFoAUCt/HDVkEyRXoHHntlhIifOYNNj4wNwYIKwYBBQUH +AQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIw +LAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB +AQB2eId+2ORQX53AklEqLoz1ZZcAUjF/MIoz0TdJHVfDYKFGSLyVUajvTFVbi+Wx +hFdyreiqMB0s9cvmtIgbr3IbN3KUFnOPrdIEWGi8rMwBXabheMe4fDj7aD1YBHfn +NTcfMMVyY9AvD6xGrTMBWKcjp6X+wOIrYfya8Kunl53S5rHbUh7DDL9q4DxLl3PG +hIRW1AM1oKXlFpECUV3JhxNHY5LArPArQyb48zLHpzl8hBtTFRB6lBTgtnuYdJxV +iGsNZAKLpxdKdj8dJsZKIAM6aeT7z2WVRmhzZkefUIYm5hrb60UEB3p5Tb6TQzAN +XxkCcfLUvOAuUa0Mr1muR8mn +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2017 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:98:39:31:20:2b:a7:f7:a5:ff:43:cd:c0:09:56: + e2:85:b2:3e:ff:64:7a:12:b4:d5:8e:a5:6c:fb:b5: + 31:1e:18:cb:c6:97:fe:c8:43:b1:f3:a9:68:14:f7: + 29:1b:69:ea:39:a0:f1:b9:fd:a4:71:9f:0e:cf:67: + 0e:af:2a:16:66:e9:d1:eb:b5:d4:27:d4:b8:9c:10: + 70:ea:cb:00:3a:d2:d7:20:7d:b6:e6:29:4b:a7:21: + ba:e8:d7:42:55:83:0a:a5:9f:e3:bc:da:eb:4f:0b: + 87:7f:4a:3a:97:8f:de:e5:44:a1:fd:ef:e5:4c:08: + 67:b5:04:93:79:f6:6e:d1:ac:98:f1:e8:4c:c4:dd: + 5c:9b:f4:c2:18:4e:0b:ab:7d:51:d9:57:a8:e0:5e: + c7:4d:14:17:33:7f:b2:f5:7d:a6:90:eb:e1:3c:55: + b1:d4:4c:a3:5f:2b:19:f3:91:0d:8e:0c:08:ea:18: + 62:38:59:01:7e:e4:ed:11:1a:67:b0:72:79:39:4f: + e3:67:4d:f4:d1:af:b1:4d:b4:f8:0d:b2:c9:7d:96: + 83:f9:5c:7f:69:99:a6:44:0d:c5:b2:74:47:ca:18: + 58:10:95:bf:33:f3:34:9f:25:83:67:c2:d6:61:1a: + 7a:7e:a6:95:f6:a3:80:7f:f5:5d:c5:4d:a0:72:af: + a3:6d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 0A:DF:C7:0D:59:04:C9:15:E8:1C:79:ED:96:12:22:7C:E6:0D:36:3E + X509v3 Authority Key Identifier: + keyid:0A:DF:C7:0D:59:04:C9:15:E8:1C:79:ED:96:12:22:7C:E6:0D:36:3E + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:1 + Signature Algorithm: sha256WithRSAEncryption + 1e:01:f0:29:f0:53:fd:49:52:f0:72:79:4d:e9:ec:7d:04:47: + 32:b2:f7:ef:a0:80:15:8c:5f:77:cf:89:49:dc:f9:65:fe:c5: + 3b:03:c5:c2:a9:6f:d0:cd:cd:4b:89:6b:74:8b:1a:a5:88:d3: + aa:84:ed:2a:76:8f:60:b4:e4:5d:6f:b2:f4:09:94:6d:ff:c4: + a7:83:bc:f2:8a:95:ff:68:7b:8b:a4:9c:af:35:49:0c:5f:f4: + ac:a4:a8:ab:12:49:02:c5:4d:d2:a3:cc:c0:d8:c7:59:09:40: + d8:0e:2f:e1:f4:a6:77:df:85:51:db:51:fe:1e:75:a5:fd:6a: + 5a:cb:7d:42:5c:0c:0a:3d:5f:88:0c:ef:46:68:24:bd:e1:4f: + bf:3c:92:cf:89:8c:12:d8:14:5f:ab:4c:36:27:a7:87:cb:c9: + 25:8d:e6:ff:c8:e7:22:23:3e:15:78:ca:19:ad:d8:ce:72:4a: + 2a:8d:ce:94:87:bb:60:58:0a:da:a9:f9:f8:d2:64:c5:fd:41: + 8f:33:ff:6e:8c:86:db:b8:45:7c:f8:f1:9c:4d:7f:dc:ec:5c: + 71:e7:29:10:7f:84:2f:30:b1:a6:75:fe:ea:7f:b0:15:4a:e4: + 1a:ce:47:a9:6e:c0:e8:00:bf:e0:0e:bb:4f:3a:08:cd:d7:cc: + 83:3b:b0:6b +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE3MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJg5MSArp/el/0PNwAlW +4oWyPv9kehK01Y6lbPu1MR4Yy8aX/shDsfOpaBT3KRtp6jmg8bn9pHGfDs9nDq8q +Fmbp0eu11CfUuJwQcOrLADrS1yB9tuYpS6chuujXQlWDCqWf47za608Lh39KOpeP +3uVEof3v5UwIZ7UEk3n2btGsmPHoTMTdXJv0whhOC6t9UdlXqOBex00UFzN/svV9 +ppDr4TxVsdRMo18rGfORDY4MCOoYYjhZAX7k7REaZ7ByeTlP42dN9NGvsU20+A2y +yX2Wg/lcf2mZpkQNxbJ0R8oYWBCVvzPzNJ8lg2fC1mEaen6mlfajgH/1XcVNoHKv +o20CAwEAAaOBzjCByzAdBgNVHQ4EFgQUCt/HDVkEyRXoHHntlhIifOYNNj4wHwYD +VR0jBBgwFoAUCt/HDVkEyRXoHHntlhIifOYNNj4wNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAeAfAp +8FP9SVLwcnlN6ex9BEcysvfvoIAVjF93z4lJ3Pll/sU7A8XCqW/Qzc1LiWt0ixql +iNOqhO0qdo9gtORdb7L0CZRt/8Sng7zyipX/aHuLpJyvNUkMX/SspKirEkkCxU3S +o8zA2MdZCUDYDi/h9KZ334VR21H+HnWl/Wpay31CXAwKPV+IDO9GaCS94U+/PJLP +iYwS2BRfq0w2J6eHy8kljeb/yOciIz4VeMoZrdjOckoqjc6Uh7tgWAraqfn40mTF +/UGPM/9ujIbbuEV8+PGcTX/c7Fxx5ykQf4QvMLGmdf7qf7AVSuQazkepbsDoAL/g +DrtPOgjN18yDO7Br +-----END CERTIFICATE----- + +Target's private key. + +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzOfFXgDmbmLHpe7FbuChGoOn+siQ7oLvlLdMuFYuceEDZ9yC +NR6zaHlDho8EMIanTkNZUp/nQ7iOwXCkWdfAxK7acNwaUqAFHMgcPR9uwbLqXuZW +8ko8ARmaGfvB/mJ3k/tOVUTjT9bEuzLvqmdTBFBc2wY7fjeCkibyRzjEapvYQjJE +G4mEq3ev7CfDNE7S5Yp3QGF2+214PaTWAGSDJDv8a4MAWQPBm09elKzwUF7k0edg +yfN0bpGiR0dsWqMLgz1QpOscnoN+PPNoh+jWpjANAaidlt6m/38aNlx7tpJz7J3x +tl/FPMgqmDUVFrWNeOosOiIU1E0TfHCBi2ZqYwIDAQABAoIBAQCy/g+x8zVX3iAq ++i4rkjwJLlLxxnycbXKdxZVWPapqvjW8Z6qyfnQYYj2zcIEnZqkFu91uSNK7nJ/P +qPdYqBjzdw7Ioey4mqJ8pu3MEwYsXH9RkQMIugI6r8OmyP6Imjl84n1mDTxIRQMr +x+4GPCYP0aebiJE1y4Xa5/yibJtfx913N+mCbDyS9vOzuh5lOcsdMvfx2UvhuR+z +/fTDCcrzOgyTA4GC5zojUbgNqSJ/bxZ7EudQhkPVrP7MI7vxiL+JdRV8m30txxRn +jkiqh1nrHbyQ97p653CpgkxErlCDERq65dj1Y1OexSk5fCKVUq4jtLNCwe47BcJx +KMXZhd1ZAoGBAOYbgmYNxDpRHJ7YN+tIOcLtlh9NZ1ONcLgwiDsrQmEag3IqsYwX +G4AREhXyWlscMCSR5q2HyHIk6r3et4eoV6R+sIIl2HxiSzyJpXn0L6V2/P86d5wm +PP8MoFkMGWvUiQoNEmM1Jo80mcU29wLYGI50u8iRcRR47f9yyAe4ngLnAoGBAOP2 +ScQ0thh71Twg2PPJyuAd9F2CHWz9KXcZd/L/GifPk09DKBGItpWR0vMceZoke/7S +WubIrIjPV8ks263ivgQdzIUCi44NWKc7WkXXzgvNqzpAGs5e0jGZ4Q732rtqWWCX +CLctogFS3AgrQjGhHVPFZjthXxtaTX5VsHnG/yklAoGADULum/UVJws/rAPoDR5H +fe11Zm5ukwkmwubBIy/WDoSZqL2/J8S5KANT2IH0JSYVvDXQZpXZvoJUKQcp6p6Q +FoHaqFWICXscvOtt5v5ktJOL9yWmeRBXGZffseIZoPZJw5OHSMJqa3xrlEsbp0VO +/P7LR77iFnz1snAqCQ/hw2cCgYBtfgBUY1ULUX9MECLkhYoSN5EF0Nc9YCOodu0s +I+d2M7d3nLQEJ/w6vv3pk0W9CcUc0gCjVMO6OozZrdgeHwhRhdaUFHLfWf245UMo +xMzM0o5pvhyh/t1KwbRdsiK3Xg9r219uTFbB+ACDU/PJTq99axT9dHlv8+HAynun +IjOwmQKBgCDlcopCoJ0l9A4wvBhQVu6QRw4mgN22cHl+tYb4Ik4ql9prRJ0nxVDi +DFpyxj5O6SG/DloXzIX6nzZ4dgNVE90EuTHQ311SgZ85Q30Fif6TDGDhwnXLLgyt +O+MJ2bV2eCVsW85gMA9swzoJ1bjXMukCBtVSnOVWkRVwc5Xoy8hy +-----END RSA PRIVATE KEY----- diff --git a/test/data/cast/common/certificate/certificates/vizio.pem b/test/data/cast/common/certificate/certificates/vizio.pem new file mode 100644 index 00000000..8d55fcfe --- /dev/null +++ b/test/data/cast/common/certificate/certificates/vizio.pem @@ -0,0 +1,157 @@ +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 997 (0x3e5) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast TV ICA (Vizio) + Validity + Not Before: Nov 11 02:06:19 2015 GMT + Not After : Nov 10 02:06:19 2016 GMT + Subject: ST=California, C=US, L=Mountain View, OU=Cast TV (Vizio), O=Google Inc, CN=9V0000VB FA8FCA784D01 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a9:4b:a9:c9:1a:98:9e:71:b0:20:09:1d:bb:7c: + 7c:e9:dd:29:3d:b5:43:4e:d8:14:b3:3f:d1:0e:d1: + ce:4c:fd:5e:b2:4b:5b:19:aa:f7:f5:b9:e7:f7:b3: + b1:33:a7:6b:d2:62:67:b2:62:80:51:21:9e:db:5c: + d2:16:e5:a4:b4:e7:83:e2:43:1d:ce:d5:6a:b2:4a: + 6d:ea:b8:7a:9d:1b:a8:1f:3f:19:b5:e0:a3:db:12: + be:d2:19:e2:66:ce:d0:c9:03:6d:ab:92:db:6c:2c: + 24:64:3b:de:44:de:5a:bd:72:a6:78:94:c9:40:ca: + d9:6f:5c:b0:b7:8b:f8:51:40:e8:59:cd:52:99:0c: + be:56:8c:c6:05:ed:4c:bb:26:d8:da:04:e1:17:e9: + a5:8d:3d:d1:bb:c4:55:b4:8f:98:77:53:12:9b:8d: + ae:12:29:8f:05:bf:9a:90:d1:22:20:09:0f:4f:1c: + 9f:de:9a:98:b3:74:29:64:eb:fa:97:91:92:c0:b3: + 42:75:31:ad:a5:5b:8d:6f:df:27:db:d4:97:52:23: + fa:8e:59:c0:21:63:0f:cb:13:d1:5a:7f:c0:e2:10: + fb:05:91:d4:b1:c2:8b:f8:e4:26:bf:c8:98:55:00: + 03:51:e5:bc:dd:df:7e:74:e3:b5:c8:7b:10:6f:9c: + 08:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 61:4a:f2:50:20:68:8b:45:0d:81:6a:24:fb:bb:a1:9a:eb:36: + 4c:db:61:fd:a6:9f:03:1b:c0:62:95:c8:fc:b6:76:fd:3d:43: + 71:fd:7d:dd:b8:fa:68:02:8d:e8:76:75:f3:58:73:1a:77:89: + 24:2f:91:d3:18:54:a0:75:80:91:a5:b8:59:1f:bc:5f:09:87: + be:0e:62:83:52:f0:45:56:08:bd:ff:e3:2e:96:f9:23:18:ef: + b8:3e:a9:27:b2:ee:1d:40:36:f9:ca:bb:d9:fa:4f:1f:d9:68: + 41:48:57:cf:9a:6f:25:a1:6a:68:79:54:cb:94:68:5f:8c:c3: + 7d:e7:14:18:27:5f:5f:65:a8:4d:49:49:bb:b8:bc:d6:43:13: + e9:ef:56:74:c9:a9:f0:68:a4:02:71:43:46:98:d1:ef:e1:64: + ef:9d:7f:8a:2b:de:19:e2:79:5f:a8:38:75:8e:0b:85:f8:14: + d8:84:ac:87:57:3d:52:fa:61:0a:f6:9d:d6:b2:9a:9a:73:47: + f8:99:49:60:4c:b1:7c:1e:e8:d3:f3:4f:0e:62:10:5f:a6:69: + 94:13:08:78:9b:06:ed:57:52:da:b7:78:ac:da:08:26:2f:34: + 4e:15:08:c0:03:96:bf:a6:ce:5c:63:22:be:d0:e8:99:94:ba: + 42:f6:b9:57 +-----BEGIN CERTIFICATE----- +MIIDsTCCApmgAwIBAgICA+UwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAg +MCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbm +MxDTALBgNVBAsMBENhc3QxHDAaBgNVBAMME0Nhc3QgVFYgSUNBIChWaXppbykwHhcNMTUxMTExM +DIwNjE5WhcNMTYxMTEwMDIwNjE5WjCBiTETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMC +VVMxFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxGDAWBgNVBAsMD0Nhc3QgVFYgKFZpemlvKTETMBE +GA1UECgwKR29vZ2xlIEluYzEeMBwGA1UEAwwVOVYwMDAwVkIgRkE4RkNBNzg0RDAxMIIBIjANBg +kqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUupyRqYnnGwIAkdu3x86d0pPbVDTtgUsz/RDtHOT +P1esktbGar39bnn97OxM6dr0mJnsmKAUSGe21zSFuWktOeD4kMdztVqskpt6rh6nRuoHz8ZteCj +2xK+0hniZs7QyQNtq5LbbCwkZDveRN5avXKmeJTJQMrZb1ywt4v4UUDoWc1SmQy+VozGBe1Muyb +Y2gThF+mljT3Ru8RVtI+Yd1MSm42uEimPBb+akNEiIAkPTxyf3pqYs3QpZOv6l5GSwLNCdTGtpV +uNb98n29SXUiP6jlnAIWMPyxPRWn/A4hD7BZHUscKL+OQmv8iYVQADUeW83d9+dOO1yHsQb5wIh +QIDAQABoy8wLTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAN +BgkqhkiG9w0BAQsFAAOCAQEAYUryUCBoi0UNgWok+7uhmus2TNth/aafAxvAYpXI/LZ2/T1Dcf1 +93bj6aAKN6HZ181hzGneJJC+R0xhUoHWAkaW4WR+8XwmHvg5ig1LwRVYIvf/jLpb5IxjvuD6pJ7 +LuHUA2+cq72fpPH9loQUhXz5pvJaFqaHlUy5RoX4zDfecUGCdfX2WoTUlJu7i81kMT6e9WdMmp8 +GikAnFDRpjR7+Fk751/iiveGeJ5X6g4dY4LhfgU2ISsh1c9UvphCvad1rKamnNH+JlJYEyxfB7o +0/NPDmIQX6ZplBMIeJsG7VdS2rd4rNoIJi80ThUIwAOWv6bOXGMivtDomZS6Qva5Vw== +-----END CERTIFICATE----- + +$ openssl x509 -text -noout < [CERTIFICATE] +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 49 (0x31) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast Root CA + Validity + Not Before: Apr 20 21:03:38 2015 GMT + Not After : Apr 17 21:03:38 2025 GMT + Subject: C=US, ST=California, L=Mountain View, O=Google Inc, OU=Cast, CN=Cast TV ICA (Vizio) + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d4:02:fc:36:d7:4f:16:db:e2:95:8e:29:9a:2b: + 5d:47:8e:cc:32:78:7a:b2:f2:46:ac:bf:35:ad:c2: + ca:7a:3e:be:50:4b:50:01:77:90:a3:a2:31:51:31: + d6:7a:32:2b:43:bd:4e:f9:b6:39:2b:05:f2:97:bd: + de:bb:19:bc:5d:73:17:7d:94:1e:9b:4c:e8:68:37: + 7e:d6:36:e5:a0:fb:75:52:78:83:4c:26:84:88:48: + 54:d8:73:fc:f7:f7:4a:3f:68:a6:a3:7b:46:96:03: + 38:5e:f3:21:4d:59:91:48:66:0a:ea:ed:69:8d:b2: + 86:53:af:41:e8:ca:c0:55:63:7d:fc:72:98:bf:b2: + f4:ab:bb:2c:f3:3c:92:09:c3:01:f6:68:8e:76:c1: + 7c:a0:3b:0d:f6:a4:d5:92:b1:e3:dd:9c:4f:e8:04: + d2:9b:59:70:72:dd:a0:60:53:ee:c7:36:c6:48:45: + b7:d9:1b:3b:eb:eb:7e:c5:07:b2:9d:7d:cf:f1:6b: + ae:02:25:de:af:84:30:8c:98:d9:e1:6d:8d:ef:f6: + 0a:63:bf:be:cd:42:09:f5:af:eb:f1:cc:d9:a2:e7: + 86:32:0b:0a:53:66:23:2f:51:e6:84:64:c6:b7:0f: + 98:af:24:75:33:5d:e3:d8:96:61:d7:57:a6:63:88: + a2:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:0 + X509v3 Subject Key Identifier: + 04:71:E0:14:1C:45:75:DB:C5:DF:3E:11:6A:57:79:9D:D0:37:12:18 + X509v3 Authority Key Identifier: + keyid:7C:9A:1E:7D:DF:79:54:BC:D7:CC:5E:CA:99:86:45:79:65:74:28:19 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 86:36:6f:de:ec:8f:4a:bc:b7:de:9c:bd:9e:03:3f:57:11:62: + 88:46:ee:cf:6d:21:58:43:31:df:af:46:35:b8:89:36:28:3e: + f3:c4:95:8a:b2:91:66:fe:7f:3f:64:5a:82:63:81:89:4a:0f: + 34:5c:b2:bc:0a:80:d2:26:74:b4:69:be:39:bd:61:ad:e8:e8: + 3f:c0:5b:93:d0:91:59:4a:ec:f2:a6:36:ec:83:4c:ba:37:40: + ef:be:84:72:b9:13:78:aa:c4:d2:bc:2c:e5:1a:90:d9:07:db: + ca:aa:2d:f4:cc:ad:c3:47:4e:ff:44:6a:9f:25:d5:ba:20:e1: + ae:9b:df:24:8c:a5:85:7d:d3:1c:93:22:6d:49:89:eb:ad:ee: + 86:a6:3b:68:34:8a:24:a5:1a:11:40:f4:a2:41:16:3f:11:1e: + 56:26:ee:4e:30:5b:9d:71:7e:92:58:fc:d1:d3:8e:a7:e0:2b: + 24:1f:c3:be:b8:64:6e:61:05:88:18:fa:ee:be:b1:e0:60:26: + bf:cb:68:60:d8:6a:c7:d7:20:b4:84:9f:c0:eb:0a:fa:5e:3b: + f0:52:27:13:39:14:e4:a8:12:ea:f8:4b:19:5e:52:e6:86:6a: + be:83:7c:3d:31:26:66:d7:fb:a1:41:3c:d8:fb:a5:28:49:f9: + 3f:2b:05:ab +-----BEGIN CERTIFICATE----- +MIIDzDCCArSgAwIBAgIBMTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzETMBEGA1UECAw +KQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYz +ENMAsGA1UECwwEQ2FzdDEVMBMGA1UEAwwMQ2FzdCBSb290IENBMB4XDTE1MDQyMDIxMDMzOFoXD +TI1MDQxNzIxMDMzOFowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxDTALBgNVBAsMBENhc3QxHDA +aBgNVBAMME0Nhc3QgVFYgSUNBIChWaXppbykwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAo +IBAQDUAvw2108W2+KVjimaK11HjswyeHqy8kasvzWtwsp6Pr5QS1ABd5CjojFRMdZ6MitDvU75t +jkrBfKXvd67Gbxdcxd9lB6bTOhoN37WNuWg+3VSeINMJoSISFTYc/z390o/aKaje0aWAzhe8yFN +WZFIZgrq7WmNsoZTr0HoysBVY338cpi/svSruyzzPJIJwwH2aI52wXygOw32pNWSsePdnE/oBNK +bWXBy3aBgU+7HNsZIRbfZGzvr637FB7Kdfc/xa64CJd6vhDCMmNnhbY3v9gpjv77NQgn1r+vxzN +mi54YyCwpTZiMvUeaEZMa3D5ivJHUzXePYlmHXV6ZjiKJPAgMBAAGjYDBeMA8GA1UdEwQIMAYBA +f8CAQAwHQYDVR0OBBYEFARx4BQcRXXbxd8+EWpXeZ3QNxIYMB8GA1UdIwQYMBaAFHyaHn3feVS8 +18xeypmGRXlldCgZMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAhjZv3uyPSry33py +9ngM/VxFiiEbuz20hWEMx369GNbiJNig+88SVirKRZv5/P2RagmOBiUoPNFyyvAqA0iZ0tGm+Ob +1hrejoP8Bbk9CRWUrs8qY27INMujdA776EcrkTeKrE0rws5RqQ2Qfbyqot9Mytw0dO/0RqnyXVu +iDhrpvfJIylhX3THJMibUmJ663uhqY7aDSKJKUaEUD0okEWPxEeVibuTjBbnXF+klj80dOOp+Ar +JB/DvrhkbmEFiBj67r6x4GAmv8toYNhqx9cgtISfwOsK+l478FInEzkU5KgS6vhLGV5S5oZqvoN +8PTEmZtf7oUE82PulKEn5PysFqw== +-----END CERTIFICATE----- diff --git a/test/data/cast/common/certificate/signeddata/2ZZBG9_FA8FCA3EF91A.pem b/test/data/cast/common/certificate/signeddata/2ZZBG9_FA8FCA3EF91A.pem new file mode 100644 index 00000000..5750f30a --- /dev/null +++ b/test/data/cast/common/certificate/signeddata/2ZZBG9_FA8FCA3EF91A.pem @@ -0,0 +1,31 @@ +These signatures were generated using the public key from certificate: + CN=2ZZBG9 FA8FCA3EF91A + +Which is defined in: + ../certificates/chromecast_gen1.pem + +The data being signed is the ASCII "STRING" + +-----BEGIN MESSAGE----- +U1RSSU5H +-----END MESSAGE----- + +Signature Algorithm: RSASSA PKCS#1 v1.5 with SHA1 + +-----BEGIN SIGNATURE SHA1----- +Ctq1QFyOU4naZ0coq2QN7Lgf1nUol1/gEVE1KnDY9k3o0C7geXU6Jb9AD23RIOOCvQWHVwEedrf0 +17MQSmyK+T3n62LpX3OrbiL1WU3Eo5XDvnsEWjZn7nGy6GC+qiyQNtfwQijUKZ8wqhBPKuFyZ8y1 +RHt/iUWfw51q8Hh3bZ8TWDUJjHGvNEsYxwfS8gNI4kB1O+szdI0ztEXiWVaLx05gx+zI0zIWILDH +DRRLaL95rX5HXV21jLbDJ7nYJXDAjRImUeit3vjoPkfQ3xF9NFCoiYlZk4o9iK/VHug0LphiOcEi +Bvc+mP1vOkXQtzrlqjg1LOl4ceLwb2CVwGBfww== +-----END SIGNATURE SHA1----- + +Signature Algorithm: RSASSA PKCS#1 v1.5 with SHA256 + +-----BEGIN SIGNATURE SHA256----- +KHPkhPyRNRgMlbl2huwO0N49CRgS820hnooUYJxxb9KGv0Z5Sz+Pw8QeuQa5PGoldmnTx3t10uDs +vlEvWpKDttNv9AzitLbbCeU+eHLjpFJM9A0o/cGkygnq+3uQHgAsyYq3X6gypY+cNRK32otoCGqK +JDcqLbHlBsal+KyusUswaJXpZoZpVX+ism/hUzq2MOETZdtvHorqeYjPMW0/chau4rFXINQRaK20 +mXJUgIuyxevMfyPyrw7+71Zxbgr3CP02JC02Ii7wgcT21MCExfmbGTMYePAAWO/9R1dsZPhtpkDC +UN63lA5GI3J9EHkQaw8ld5ogd0gZ1VE/7Nw7rA== +-----END SIGNATURE SHA256----- diff --git a/test/data/cast/common/certificate/signeddata/AudioReferenceDevTest.pem b/test/data/cast/common/certificate/signeddata/AudioReferenceDevTest.pem new file mode 100644 index 00000000..e032cba8 --- /dev/null +++ b/test/data/cast/common/certificate/signeddata/AudioReferenceDevTest.pem @@ -0,0 +1,35 @@ +These signatures were generated using the public key from certificate: + CN=Audio Reference Dev Test + +Which is defined in: + ../certificates/audio_ref_dev_test_chain_3.pem + +The data being signed is a bunch of random data. + +-----BEGIN MESSAGE----- +X3YNyEvnbssxWMrTfSNVvo1Sh4MnUnj6pt3fEwBRV2qDFczFslzf5oHcE1h7lA9pzN9oQYqV4s34 +3g8vMM9zvzdShyPXvrp83lDTd5wGgihnwRr1iqDyMgmVQUGTjmKq8+MiF0OUm2P6aCBpOPZ1bOA7 +4I1jrH/jCdjekcgeB0qyHuHj9E0+ivT4gzkrUJhhkVAANFfSDff6yczZej05ehq9+L5ltupOhnTd +UXRupn8UbGpGuK/NbHhDdkdb3Lb2TRvgtfmiuCY/P7iA7c79DstIejvfkkQEgeTTHgebAq4FWhHy +wnWF1fFTTAnQmfg+9iRGroM1PmyMKp8cW/uJVg== +-----END MESSAGE----- + +Signature Algorithm: RSASSA PKCS#1 v1.5 with SHA1 + +-----BEGIN SIGNATURE SHA1----- +UlbNU/rZRDEALoUYVq758nAWyVlTwBfZCWV17rrIDQYutxvQak1Y3o6+kiJTGb90j7j8PJtCFH3h +/KNxkWxdKGmN0t7Rj6xt9kjYbw7JCvreIOCdevgwqNR5FWP7l6nvn5ysFrobLBS0pFRe7AQQhMKg +2W8F1AmMhel60VqjcAAwmxlEKpB6zZGUkGb5Ll5DJzMsRafiOm3JRFg5Rcu9L8W0CEFNRWdVDUM8 +toG7tDQHECgXwq1AO6/LwPadDpvKKyDf0KO+6j7ggnuT/ZyvlwAFRJFzaJI6i7wOll6SmHCrqm6a +jrD0ksWgoEuz1USZjqHRj+OscR4/wv0KV+3qBA== +-----END SIGNATURE SHA1----- + +Signature Algorithm: RSASSA PKCS#1 v1.5 with SHA256 + +-----BEGIN SIGNATURE SHA256----- +jUtF3BMKea5Lg5k5LlgEmH8Nxld/bNf4b0fYt6oHKWkOBTuMlFOydlEj3IXSEzdeQ5pPON38u9/w +dPVCoapgFiTDzfPSjqk5xYWZohv1bb0pd63UPr2oNLMKT2HAOZ5QQiJYzrd0FR7fVYubZAdKxnE0 +VxealtyHOCS2SN4go7muX060aegkD8qklBSXfrosGFkTyn4Pj4O/KWMVINWa97g/vx1brROIKY9f +MUJdjmnAx3bk7gQiI3OsFLTBIESAQ0FYJB4uy6aXQZSqar5VKIvhl9UbuJtL1v0sWc2LbPIeMe/o +ssuvTP7q7GO38zwqFQ7wTkoQmWLd9DJr9iMSkA== +-----END SIGNATURE SHA256----- diff --git a/test/data/cast/common/certificate/signeddata/rsa2048_device_cert_data.pem b/test/data/cast/common/certificate/signeddata/rsa2048_device_cert_data.pem new file mode 100644 index 00000000..7c5f0447 --- /dev/null +++ b/test/data/cast/common/certificate/signeddata/rsa2048_device_cert_data.pem @@ -0,0 +1,21 @@ + +These signatures were generated using the device certificate key from: + ../certificates/rsa2048_device_cert.pem + +The data being signed is a bunch of random data. + +-----BEGIN MESSAGE----- +q0V/60EAZguRPs5f2LHzZAr2R5huGkCxiqpkYnPiP5sUHh/p4hNqq1iMDmTAPhC5QHNe9bZNtddEQ4KrI3nesDDgXDtNVRadNtS3QDYYR9Bgwi2+vp3F7ZqhuzLYUci5IuEAnWueWnimGlvGTnMdxYeBJumnLqpAKJ5+s0/IsL2/DQHT4nZjWbxDQgEt77XKL5yTmq8X1idV3e/80rDdgNwviEAJKaJXbdUD7lxW96IHNCfgExq3eZoH0EWQCks8HyzQlymKYMGAx/M7BNfeLET1zX+Nx80YYQj8mpNTfABqRgb7m9OtN3YSa4ZIqcbDLL2I3Jqxlp7oKp4xc4SBRg== +-----END MESSAGE----- + +Signature Algorithm: RSASSA PKCS#1 v1.5 with SHA1 + +-----BEGIN SIGNATURE SHA1----- +y+OUQTua2lFBmkPj7HyoCR8PfhdRcGe/Fv/l+uw1ZllnCQ5iBpstfgCWZi1PQcRQ0ut+eDhMDni3UZR+ORAy/e8SgeeiVdHOucpi/g9TMBl3W3Gkd3wS44cUHI0N+DvsoPdQcZsMpgH3n+Q6oa2AXAlC2vgl7pt/8T30XV4/zzkWeeaguqZaenEVCDmly9Gflm6KVYWUotry60zaII0+5r3PDureZpWWaJidIWiR2nPCL7dujMrShjPfJ+Qk8KdVDiYLjTzmerqxehj+0fY31c/25U6f8jb7VP/9Key/SrJP/Ty596Al9NOdRsO6kZR6UyBGn9C4xz3ARlwWXE7a3w== +-----END SIGNATURE SHA1----- + +Signature Algorithm: RSASSA PKCS#1 v1.5 with SHA256 + +-----BEGIN SIGNATURE SHA256----- +Qcr5c2gILxMnDZK+Lhs1lQnuqa6Yzf63doCsjoPvCynFXNqNVr9MQaXQDvNDoyq1S6BRW5WyL6kaCC3L0M8OW3TNGXYe0Mt9iyoXt+Eswh6X8N8pW2g8GB7sILyZ1iOYvVCmws04YyCCfK/RTcIFiQb0pfdAUIVcQUbEztasZSLi8tN0+jGAMVehVTVn1lch0c3bMxLENoC4hBxXXYeM5ypYAlazzF8RLBBsTg7NjNTCPuAfCECp8U9BEUUqRyPm8ZV3yaw3Obe1PDTcB+8yMZSA+tINtf6DtgA3zr+cvq1BMmRebM3Bth6CWoyNG1uN2CD11XjkTHPlBk7hAv6gYQ== +-----END SIGNATURE SHA256----- |