diff options
Diffstat (limited to 'lib/public_key')
280 files changed, 40277 insertions, 0 deletions
diff --git a/lib/public_key/AUTHORS b/lib/public_key/AUTHORS new file mode 100644 index 0000000000..bb524037cf --- /dev/null +++ b/lib/public_key/AUTHORS @@ -0,0 +1,5 @@ +Original author: +Ingela Anderton Andin + +Contributors: +Dan Gudmundsson
\ No newline at end of file diff --git a/lib/public_key/Makefile b/lib/public_key/Makefile new file mode 100644 index 0000000000..c679678b60 --- /dev/null +++ b/lib/public_key/Makefile @@ -0,0 +1,39 @@ +# +# %CopyrightBegin% +# +# Copyright Ericsson AB 2008-2009. All Rights Reserved. +# +# The contents of this file are subject to the Erlang Public License, +# Version 1.1, (the "License"); you may not use this file except in +# compliance with the License. You should have received a copy of the +# Erlang Public License along with this software. If not, it can be +# retrieved online at http://www.erlang.org/. +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# %CopyrightEnd% +# + +# +include $(ERL_TOP)/make/target.mk +include $(ERL_TOP)/make/$(TARGET)/otp.mk + +# ---------------------------------------------------- +# Macros +# ---------------------------------------------------- + +SUB_DIRECTORIES = asn1 src doc/src + +include vsn.mk +VSN = $(PUBLIC_KEY_VSN) + +SPECIAL_TARGETS = + +# ---------------------------------------------------- +# Default Subdir Targets +# ---------------------------------------------------- +include $(ERL_TOP)/make/otp_subdir.mk + diff --git a/lib/public_key/asn1/DSS.asn1 b/lib/public_key/asn1/DSS.asn1 new file mode 100755 index 0000000000..77aca3808b --- /dev/null +++ b/lib/public_key/asn1/DSS.asn1 @@ -0,0 +1,20 @@ +DSS DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL +-- All types and values defined in this module are exported for use +-- in other ASN.1 modules. + +DSAPrivateKey ::= SEQUENCE { + version INTEGER, + p INTEGER, -- p + q INTEGER, -- q + g INTEGER, -- q + y INTEGER, -- y + x INTEGER -- x +} + +END + + diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile new file mode 100644 index 0000000000..fbea701be9 --- /dev/null +++ b/lib/public_key/asn1/Makefile @@ -0,0 +1,113 @@ +# +# %CopyrightBegin% +# +# Copyright Ericsson AB 2008-2009. All Rights Reserved. +# +# The contents of this file are subject to the Erlang Public License, +# Version 1.1, (the "License"); you may not use this file except in +# compliance with the License. You should have received a copy of the +# Erlang Public License along with this software. If not, it can be +# retrieved online at http://www.erlang.org/. +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# %CopyrightEnd% +# + +include $(ERL_TOP)/make/target.mk +include $(ERL_TOP)/make/$(TARGET)/otp.mk + +# ---------------------------------------------------- +# Application version +# ---------------------------------------------------- +include ../vsn.mk +VSN=$(PUBLIC_KEY_VSN) + +# ---------------------------------------------------- +# Release directory specification +# ---------------------------------------------------- +RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN) + +# ---------------------------------------------------- +# Common Macros +# ---------------------------------------------------- + +.SUFFIXES: .asn1 +.PRECIOUS: %.erl + +ASN_TOP = OTP-PUB-KEY +ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \ + PKIXAttributeCertificate OTP-PKIX +ASN_ASNS = $(ASN_MODULES:%=%.asn1) +ASN_ERLS = $(ASN_TOP).erl +ASN_HRLS = $(ASN_TOP).hrl +ASN_CONFIGS = OTP-PUB-KEY.asn1config +ASN_DBS = $(ASN_MODULES:%=%.asn1db) OTP-PUB-KEY.asn1db +ASN_TABLES = $(ASN_MODULES:%=%.table) + +GEN_MODULES = +GEN_ERLS = $(GEN_MODULES:%=%.erl) +ERL_MODULES = $(ASN_TOP) $(GEN_MODULES) + +TARGET_FILES= $(ERL_MODULES:%=$(EBIN)/%.$(EMULATOR)) + +HRL_FILES = $(ASN_HRLS:%=$(INCLUDE)/%) + +INCLUDE = ../include +EBIN = ../ebin + +# ---------------------------------------------------- +# FLAGS +# ---------------------------------------------------- +EXTRA_ERLC_FLAGS = +ERL_COMPILE_FLAGS += $(EXTRA_ERLC_FLAGS) + +ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj +asn1config +inline + +# ---------------------------------------------------- +# Targets +# ---------------------------------------------------- + +debug opt: $(TARGET_FILES) $(HRL_FILES) + +clean: + -rm -f $(ASN_ERLS) $(GEN_ERLS) $(ASN_HRLS) $(HRL_FILES) $(ASN_DBS) \ + $(ASN_TABLES) $(TARGET_FILES) *.beam *~ + +docs: + +%.erl: %.set.asn + erlc $(ASN_FLAGS) $< + +$(HRL_FILES): $(ASN_HRLS) + cp -p $(ASN_HRLS) $(INCLUDE) + +# ---------------------------------------------------- +# Release Target +# ---------------------------------------------------- +include $(ERL_TOP)/make/otp_release_targets.mk + +release_spec: opt + $(INSTALL_DIR) $(RELSYSDIR)/include + $(INSTALL_DATA) $(HRL_FILES) $(RELSYSDIR)/include + $(INSTALL_DIR) $(RELSYSDIR)/asn1 + $(INSTALL_DATA) $(ASN_ASNS) $(ASN_ERLS) $(ASN_HRLS) $(ASN_CONFIGS) \ + $(GEN_ERLS) $(RELSYSDIR)/asn1 + $(INSTALL_DIR) $(RELSYSDIR)/ebin + $(INSTALL_DATA) $(TARGET_FILES) $(RELSYSDIR)/ebin + +release_docs_spec: + +# +# Dependencies + +$(EBIN)/OTP-PUB-KEY.beam: OTP-PUB-KEY.erl OTP-PUB-KEY.hrl +OTP-PUB-KEY.erl OTP-PUB-KEY.hrl: OTP-PUB-KEY.asn1db +OTP-PUB-KEY.asn1db: PKIX1Algorithms88.asn1 \ + PKIX1Explicit88.asn1 \ + PKIX1Implicit88.asn1 \ + PKIXAttributeCertificate.asn1 \ + OTP-PKIX.asn1 diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1 new file mode 100644 index 0000000000..2bcacc0990 --- /dev/null +++ b/lib/public_key/asn1/OTP-PKIX.asn1 @@ -0,0 +1,709 @@ +OTP-PKIX {iso(1) identified-organization(3) dod(6) internet(1) + private(4) enterprices(1) ericsson(193) otp(19) ssl(10) + pkix1(1)} + +DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL + +IMPORTS + -- Certificate (parts of) + Version, + CertificateSerialNumber, + --AlgorithmIdentifier, + Validity, + UniqueIdentifier, + + -- AttribyteTypeAndValue + Name, + AttributeType, + id-at-name, + id-at-surname, + id-at-givenName, + id-at-initials, + id-at-generationQualifier, X520name, + id-at-commonName, X520CommonName, + id-at-localityName, X520LocalityName, + id-at-stateOrProvinceName, X520StateOrProvinceName, + id-at-organizationName, X520OrganizationName, + id-at-organizationalUnitName, X520OrganizationalUnitName, + id-at-title, X520Title, + id-at-dnQualifier, X520dnQualifier, + id-at-countryName, X520countryName, + id-at-serialNumber, X520SerialNumber, + id-at-pseudonym, X520Pseudonym, + id-domainComponent, DomainComponent, + id-emailAddress, EmailAddress, + + -- Extension Attributes + common-name, CommonName, + teletex-common-name, TeletexCommonName, + teletex-personal-name, TeletexPersonalName, + pds-name, PDSName, + physical-delivery-country-name, PhysicalDeliveryCountryName, + postal-code, PostalCode, + physical-delivery-office-name, PhysicalDeliveryOfficeName, + physical-delivery-office-number, PhysicalDeliveryOfficeNumber, + extension-OR-address-components, ExtensionORAddressComponents, + physical-delivery-personal-name, PhysicalDeliveryPersonalName, + physical-delivery-organization-name, PhysicalDeliveryOrganizationName, + extension-physical-delivery-address-components, + ExtensionPhysicalDeliveryAddressComponents, + unformatted-postal-address, UnformattedPostalAddress, + street-address, StreetAddress, + post-office-box-address, PostOfficeBoxAddress, + poste-restante-address, PosteRestanteAddress, + unique-postal-name, UniquePostalName, + local-postal-attributes, LocalPostalAttributes, + extended-network-address, ExtendedNetworkAddress, + terminal-type, TerminalType, + teletex-domain-defined-attributes, TeletexDomainDefinedAttributes + + FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-pkix1-explicit(18) } + + -- Extensions + id-ce-authorityKeyIdentifier, AuthorityKeyIdentifier, + id-ce-subjectKeyIdentifier, SubjectKeyIdentifier, + id-ce-keyUsage, KeyUsage, + id-ce-privateKeyUsagePeriod, PrivateKeyUsagePeriod, + id-ce-certificatePolicies, CertificatePolicies, + id-ce-policyMappings, PolicyMappings, + id-ce-subjectAltName, SubjectAltName, + id-ce-issuerAltName, IssuerAltName, + id-ce-subjectDirectoryAttributes, SubjectDirectoryAttributes, + id-ce-basicConstraints, BasicConstraints, + id-ce-nameConstraints, NameConstraints, + id-ce-policyConstraints, PolicyConstraints, + id-ce-cRLDistributionPoints, CRLDistributionPoints, + id-ce-extKeyUsage, ExtKeyUsageSyntax, + id-ce-inhibitAnyPolicy, InhibitAnyPolicy, + id-ce-freshestCRL, FreshestCRL, + id-pe-authorityInfoAccess, AuthorityInfoAccessSyntax, + id-pe-subjectInfoAccess, SubjectInfoAccessSyntax, + id-ce-cRLNumber, CRLNumber, + id-ce-issuingDistributionPoint, IssuingDistributionPoint, + id-ce-deltaCRLIndicator, BaseCRLNumber, + id-ce-cRLReasons, CRLReason, + id-ce-certificateIssuer, CertificateIssuer, + id-ce-holdInstructionCode, HoldInstructionCode, + id-ce-invalidityDate, InvalidityDate + + FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-pkix1-implicit(19) } + + --Keys and Signatures + id-dsa, Dss-Parms, DSAPublicKey, + id-dsa-with-sha1, + md2WithRSAEncryption, + md5WithRSAEncryption, + sha1WithRSAEncryption, + rsaEncryption, RSAPublicKey, + dhpublicnumber, DomainParameters, DHPublicKey, + id-keyExchangeAlgorithm, KEA-Parms-Id, --KEA-PublicKey, + ecdsa-with-SHA1, + prime-field, Prime-p, + characteristic-two-field, --Characteristic-two, + gnBasis, + tpBasis, Trinomial, + ppBasis, Pentanomial, + id-ecPublicKey, EcpkParameters, ECPoint + FROM PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-algorithms(17) }; + +-- +-- Certificate +-- + +OTPCertificate ::= SEQUENCE { + tbsCertificate OTPTBSCertificate, + signatureAlgorithm SignatureAlgorithm, + signature BIT STRING } + +OTPTBSCertificate ::= SEQUENCE { + version [0] Version DEFAULT v1, + serialNumber CertificateSerialNumber, + signature SignatureAlgorithm, + issuer Name, + validity Validity, + subject Name, + subjectPublicKeyInfo OTPSubjectPublicKeyInfo, + issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + extensions [3] Extensions OPTIONAL + -- If present, version MUST be v3 -- } + + +-- Attribute type and values +-- + +ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= CLASS { + &id AttributeType UNIQUE, + &Type } + WITH SYNTAX { + ID &id + TYPE &Type } + +OTPAttributeTypeAndValue ::= SEQUENCE { + type ATTRIBUTE-TYPE-AND-VALUE-CLASS.&id + ({SupportedAttributeTypeAndValues}), + value ATTRIBUTE-TYPE-AND-VALUE-CLASS.&Type + ({SupportedAttributeTypeAndValues}{@type}) } + +SupportedAttributeTypeAndValues ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= + { name | surname | givenName | initials | generationQualifier | + commonName | localityName | stateOrProvinceName | organizationName | + organizationalUnitName | title | dnQualifier | countryName | + serialNumber | pseudonym | domainComponent | emailAddress } + +name ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-name + TYPE X520name } + +surname ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-surname + TYPE X520name } + +givenName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-givenName + TYPE X520name } + +initials ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-initials + TYPE X520name } + +generationQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-generationQualifier + TYPE X520name } + +commonName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-commonName + TYPE X520CommonName } + +localityName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-localityName + TYPE X520LocalityName } + +stateOrProvinceName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-stateOrProvinceName + TYPE X520StateOrProvinceName } + +organizationName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-organizationName + TYPE X520OrganizationName } + +organizationalUnitName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-organizationalUnitName + TYPE X520OrganizationalUnitName } + +title ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-title + TYPE X520Title } + +dnQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-dnQualifier + TYPE X520dnQualifier } + +countryName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-countryName + TYPE X520countryName } + +serialNumber ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-serialNumber + TYPE X520SerialNumber } + +pseudonym ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-pseudonym + TYPE X520Pseudonym } + +domainComponent ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-domainComponent + TYPE DomainComponent } + +emailAddress ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-emailAddress + TYPE EmailAddress } + +-- +-- Signature and Public Key Algorithms +-- + +OTPOLDSubjectPublicKeyInfo ::= SEQUENCE { + algorithm SEQUENCE { + algo PUBLIC-KEY-ALGORITHM-CLASS.&id + ({SupportedPublicKeyAlgorithms}), + parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type + ({SupportedPublicKeyAlgorithms}{@.algo}) + OPTIONAL + }, + subjectPublicKey PUBLIC-KEY-ALGORITHM-CLASS.&PublicKeyType + ({SupportedPublicKeyAlgorithms}{@algorithm.algo}) } + +OTPSubjectPublicKeyInfo ::= SEQUENCE { + algorithm PublicKeyAlgorithm, + subjectPublicKey BIT STRING } + + +-- The following is needed for conversion of SubjectPublicKeyInfo. + +OTPSubjectPublicKeyInfo-Any ::= SEQUENCE { + algorithm PublicKeyAlgorithm, + subjectPublicKey ANY } + + +SIGNATURE-ALGORITHM-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type OPTIONAL } + WITH SYNTAX { + ID &id + [TYPE &Type] } + +PUBLIC-KEY-ALGORITHM-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type OPTIONAL, + &PublicKeyType OPTIONAL } + WITH SYNTAX { + ID &id + [TYPE &Type] + [PUBLIC-KEY-TYPE &PublicKeyType] } + +SignatureAlgorithm ::= SEQUENCE { + algorithm SIGNATURE-ALGORITHM-CLASS.&id + ({SupportedSignatureAlgorithms}), + parameters SIGNATURE-ALGORITHM-CLASS.&Type + ({SupportedSignatureAlgorithms}{@algorithm}) + OPTIONAL } + +SignatureAlgorithm-Any ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY OPTIONAL } + +PublicKeyAlgorithm ::= SEQUENCE { + algorithm PUBLIC-KEY-ALGORITHM-CLASS.&id + ({SupportedPublicKeyAlgorithms}), + parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type + ({SupportedPublicKeyAlgorithms}{@algorithm}) + OPTIONAL } + +SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= { + dsa-with-sha1 | md2-with-rsa-encryption | + md5-with-rsa-encryption | sha1-with-rsa-encryption | + ecdsa-with-sha1 } + +SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { + dsa | rsa-encryption | dh | kea | ec-public-key } + + -- DSA Keys and Signatures + + -- SubjectPublicKeyInfo: + + dsa PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID id-dsa + TYPE Dss-Parms -- XXX Must be OPTIONAL + PUBLIC-KEY-TYPE DSAPublicKey } + + -- Certificate.signatureAlgorithm + + dsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { + ID id-dsa-with-sha1 + TYPE NULL } -- XXX Must be empty and not NULL + + -- + -- RSA Keys and Signatures + -- + + -- Certificate.signatureAlgorithm + + md2-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { + ID md2WithRSAEncryption + TYPE NULL } + + md5-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { + ID md5WithRSAEncryption + TYPE NULL } + + sha1-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { + ID sha1WithRSAEncryption + TYPE NULL } + + -- Certificate.signature + -- See PKCS #1 (RFC 2313). XXX + + -- SubjectPublicKeyInfo: + + rsa-encryption PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID rsaEncryption + TYPE NULL + PUBLIC-KEY-TYPE RSAPublicKey } + + -- + -- Diffie-Hellman Keys + -- + + -- SubjectPublicKeyInfo: + + dh PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID dhpublicnumber + TYPE DomainParameters + PUBLIC-KEY-TYPE DHPublicKey } + + -- There are no Diffie-Hellman signature algorithms + + -- + -- KEA Keys + -- + + -- SubjectPublicKeyInfo: + + KEA-PublicKey ::= INTEGER + + kea PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID id-keyExchangeAlgorithm + TYPE KEA-Parms-Id + PUBLIC-KEY-TYPE KEA-PublicKey } + + -- There are no KEA signature algorithms + + -- + -- Elliptic Curve Keys, Signatures, and Curves + -- + + -- Certificate.signatureAlgorithm + + ecdsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { + ID ecdsa-with-SHA1 + TYPE NULL } -- XXX Must be empty and not NULL + + FIELD-ID-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type } + WITH SYNTAX { + ID &id + TYPE &Type } + + OTPFieldID ::= SEQUENCE { -- Finite field + fieldType FIELD-ID-CLASS.&id({SupportedFieldIds}), + parameters FIELD-ID-CLASS.&Type({SupportedFieldIds}{@fieldType}) } + + SupportedFieldIds FIELD-ID-CLASS ::= { + field-prime-field | field-characteristic-two } + + field-prime-field FIELD-ID-CLASS ::= { + ID prime-field + TYPE Prime-p } + + CHARACTERISTIC-TWO-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type } + WITH SYNTAX { + ID &id + TYPE &Type } + + OTPCharacteristic-two ::= SEQUENCE { -- Finite field + m INTEGER, -- Field size 2^m + basis CHARACTERISTIC-TWO-CLASS.&id({SupportedCharacteristicTwos}), + parameters CHARACTERISTIC-TWO-CLASS.&Type + ({SupportedCharacteristicTwos}{@basis}) } + + SupportedCharacteristicTwos CHARACTERISTIC-TWO-CLASS ::= { + gn-basis | tp-basis | pp-basis } + + field-characteristic-two FIELD-ID-CLASS ::= { + ID characteristic-two-field + TYPE Characteristic-two } + + gn-basis CHARACTERISTIC-TWO-CLASS ::= { + ID gnBasis + TYPE NULL } + + tp-basis CHARACTERISTIC-TWO-CLASS ::= { + ID tpBasis + TYPE Trinomial } + + pp-basis CHARACTERISTIC-TWO-CLASS ::= { + ID ppBasis + TYPE Pentanomial } + + -- SubjectPublicKeyInfo.algorithm + + ec-public-key PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID id-ecPublicKey + TYPE EcpkParameters + PUBLIC-KEY-TYPE ECPoint } + +-- +-- Extension Attributes +-- + +EXTENSION-ATTRIBUTE-CLASS ::= CLASS { + &id INTEGER UNIQUE, + &Type } + WITH SYNTAX { + ID &id + TYPE &Type } + +OTPExtensionAttributes ::= SET SIZE (1..MAX) OF ExtensionAttribute + +-- XXX Below we should have extension-attribute-type and extension- +-- attribute-value but Erlang ASN1 does not like it. +OTPExtensionAttribute ::= SEQUENCE { + extensionAttributeType [0] IMPLICIT EXTENSION-ATTRIBUTE-CLASS.&id + ({SupportedExtensionAttributes}), + extensionAttributeValue [1] EXTENSION-ATTRIBUTE-CLASS.&Type + ({SupportedExtensionAttributes}{@extensionAttributeType}) } + +SupportedExtensionAttributes EXTENSION-ATTRIBUTE-CLASS ::= { + x400-common-name | + x400-teletex-common-name | + x400-teletex-personal-name | + x400-pds-name | + x400-physical-delivery-country-name | + x400-postal-code | + x400-physical-delivery-office-name | + x400-physical-delivery-office-number | + x400-extension-OR-address-components | + x400-physical-delivery-personal-name | + x400-physical-delivery-organization-name | + x400-extension-physical-delivery-address-components | + x400-unformatted-postal-address | + x400-street-address | + x400-post-office-box-address | + x400-poste-restante-address | + x400-unique-postal-name | + x400-local-postal-attributes | + x400-extended-network-address | + x400-terminal-type | + x400-teletex-domain-defined-attributes } + +-- Extension types and attribute values + +x400-common-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID common-name + TYPE CommonName } + +x400-teletex-common-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID teletex-common-name + TYPE TeletexCommonName } + +x400-teletex-personal-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID teletex-personal-name + TYPE TeletexPersonalName } + +x400-pds-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID pds-name + TYPE PDSName } + +x400-physical-delivery-country-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-country-name + TYPE PhysicalDeliveryCountryName } + +x400-postal-code EXTENSION-ATTRIBUTE-CLASS ::= { + ID postal-code + TYPE PostalCode } + +x400-physical-delivery-office-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-office-name + TYPE PhysicalDeliveryOfficeName } + +x400-physical-delivery-office-number EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-office-number + TYPE PhysicalDeliveryOfficeNumber } + +x400-extension-OR-address-components EXTENSION-ATTRIBUTE-CLASS ::= { + ID extension-OR-address-components + TYPE ExtensionORAddressComponents } + +x400-physical-delivery-personal-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-personal-name + TYPE PhysicalDeliveryPersonalName } + +x400-physical-delivery-organization-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-organization-name + TYPE PhysicalDeliveryOrganizationName } + +x400-extension-physical-delivery-address-components + EXTENSION-ATTRIBUTE-CLASS ::= { + ID extension-physical-delivery-address-components + TYPE ExtensionPhysicalDeliveryAddressComponents } + +x400-unformatted-postal-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID unformatted-postal-address + TYPE UnformattedPostalAddress } + +x400-street-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID street-address + TYPE StreetAddress } + +x400-post-office-box-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID post-office-box-address + TYPE PostOfficeBoxAddress } + +x400-poste-restante-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID poste-restante-address + TYPE PosteRestanteAddress } + +x400-unique-postal-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID unique-postal-name + TYPE UniquePostalName } + +x400-local-postal-attributes EXTENSION-ATTRIBUTE-CLASS ::= { + ID local-postal-attributes + TYPE LocalPostalAttributes } + +x400-extended-network-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID extended-network-address + TYPE ExtendedNetworkAddress } + +x400-terminal-type EXTENSION-ATTRIBUTE-CLASS ::= { + ID terminal-type + TYPE TerminalType } + +x400-teletex-domain-defined-attributes EXTENSION-ATTRIBUTE-CLASS ::= { + ID teletex-domain-defined-attributes + TYPE TeletexDomainDefinedAttributes } + +-- Extensions + +OTPExtensions ::= SEQUENCE SIZE (1..MAX) OF Extension + +EXTENSION-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type OPTIONAL} + WITH SYNTAX { + ID &id + [TYPE &Type] } + +OTPExtension ::= SEQUENCE { + extnID EXTENSION-CLASS.&id({SupportedExtensions}), + critical BOOLEAN DEFAULT FALSE, + extnValue EXTENSION-CLASS.&Type({SupportedExtensions}{@extnID}) } + +-- The following is needed for conversion between Extension and Extension-Cd + +ObjId ::= OBJECT IDENTIFIER +Boolean ::= BOOLEAN +Any ::= ANY + +Extension-Any ::= SEQUENCE { + extnID OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue ANY } + +SupportedExtensions EXTENSION-CLASS ::= { authorityKeyIdentifier | + subjectKeyIdentifier | keyUsage | privateKeyUsagePeriod | + certificatePolicies | policyMappings | subjectAltName | + issuerAltName | subjectDirectoryAttributes | basicConstraints | + nameConstraints | policyConstraints | cRLDistributionPoints | + extKeyUsage | inhibitAnyPolicy | freshestCRL | authorityInfoAccess | + subjectInfoAccess | cRLNumber | issuingDistributionPoint | + deltaCRLIndicator | cRLReasons | certificateIssuer | + holdInstructionCode | invalidityDate } + +authorityKeyIdentifier EXTENSION-CLASS ::= { + ID id-ce-authorityKeyIdentifier + TYPE AuthorityKeyIdentifier } + +subjectKeyIdentifier EXTENSION-CLASS ::= { + ID id-ce-subjectKeyIdentifier + TYPE SubjectKeyIdentifier } + +keyUsage EXTENSION-CLASS ::= { + ID id-ce-keyUsage + TYPE KeyUsage } + +privateKeyUsagePeriod EXTENSION-CLASS ::= { + ID id-ce-privateKeyUsagePeriod + TYPE PrivateKeyUsagePeriod } + +certificatePolicies EXTENSION-CLASS ::= { + ID id-ce-certificatePolicies + TYPE CertificatePolicies } + +policyMappings EXTENSION-CLASS ::= { + ID id-ce-policyMappings + TYPE PolicyMappings } + +subjectAltName EXTENSION-CLASS ::= { + ID id-ce-subjectAltName + TYPE SubjectAltName } + +issuerAltName EXTENSION-CLASS ::= { + ID id-ce-issuerAltName + TYPE IssuerAltName } + +subjectDirectoryAttributes EXTENSION-CLASS ::= { + ID id-ce-subjectDirectoryAttributes + TYPE SubjectDirectoryAttributes } + +basicConstraints EXTENSION-CLASS ::= { + ID id-ce-basicConstraints + TYPE BasicConstraints } + +nameConstraints EXTENSION-CLASS ::= { + ID id-ce-nameConstraints + TYPE NameConstraints } + +policyConstraints EXTENSION-CLASS ::= { + ID id-ce-policyConstraints + TYPE PolicyConstraints } + +cRLDistributionPoints EXTENSION-CLASS ::= { + ID id-ce-cRLDistributionPoints + TYPE CRLDistributionPoints } + +extKeyUsage EXTENSION-CLASS ::= { + ID id-ce-extKeyUsage + TYPE ExtKeyUsageSyntax } + +inhibitAnyPolicy EXTENSION-CLASS ::= { + ID id-ce-inhibitAnyPolicy + TYPE InhibitAnyPolicy } + +freshestCRL EXTENSION-CLASS ::= { + ID id-ce-freshestCRL + TYPE FreshestCRL } + +authorityInfoAccess EXTENSION-CLASS ::= { + ID id-pe-authorityInfoAccess + TYPE AuthorityInfoAccessSyntax } + +subjectInfoAccess EXTENSION-CLASS ::= { + ID id-pe-subjectInfoAccess + TYPE SubjectInfoAccessSyntax } + +cRLNumber EXTENSION-CLASS ::= { + ID id-ce-cRLNumber + TYPE CRLNumber } + +issuingDistributionPoint EXTENSION-CLASS ::= { + ID id-ce-issuingDistributionPoint + TYPE IssuingDistributionPoint } + +deltaCRLIndicator EXTENSION-CLASS ::= { + ID id-ce-deltaCRLIndicator + TYPE BaseCRLNumber } + +cRLReasons EXTENSION-CLASS ::= { + ID id-ce-cRLReasons + TYPE CRLReason } + +certificateIssuer EXTENSION-CLASS ::= { + ID id-ce-certificateIssuer + TYPE CertificateIssuer } + +holdInstructionCode EXTENSION-CLASS ::= { + ID id-ce-holdInstructionCode + TYPE HoldInstructionCode } + +invalidityDate EXTENSION-CLASS ::= { + ID id-ce-invalidityDate + TYPE InvalidityDate } + +END diff --git a/lib/public_key/asn1/OTP-PUB-KEY.asn1config b/lib/public_key/asn1/OTP-PUB-KEY.asn1config new file mode 100644 index 0000000000..86f4c54748 --- /dev/null +++ b/lib/public_key/asn1/OTP-PUB-KEY.asn1config @@ -0,0 +1,2 @@ +{exclusive_decode,{'OTP-PUB-KEY', + [{decode_TBSCert_exclusive,['Certificate',[{tbsCertificate,undecoded}]]}]}}. diff --git a/lib/public_key/asn1/OTP-PUB-KEY.set.asn b/lib/public_key/asn1/OTP-PUB-KEY.set.asn new file mode 100644 index 0000000000..2f9ccd6b0e --- /dev/null +++ b/lib/public_key/asn1/OTP-PUB-KEY.set.asn @@ -0,0 +1,7 @@ +OTP-PKIX.asn1 +PKIX1Explicit88.asn1 +PKIX1Implicit88.asn1 +PKIXAttributeCertificate.asn1 +PKIX1Algorithms88.asn1 +PKCS-1.asn1 +DSS.asn1 diff --git a/lib/public_key/asn1/PKCS-1.asn1 b/lib/public_key/asn1/PKCS-1.asn1 new file mode 100755 index 0000000000..b06f5efa9d --- /dev/null +++ b/lib/public_key/asn1/PKCS-1.asn1 @@ -0,0 +1,116 @@ +PKCS-1 { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) + modules(0) pkcs-1(1) +} + +-- $Revision: 1.1 $ + +DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +--IMPORTS id-sha256, id-sha384, id-sha512 +-- FROM NIST-SHA2 { +-- joint-iso-itu-t(2) country(16) us(840) organization(1) +-- gov(101) csor(3) nistalgorithm(4) modules(0) sha2(1) +-- }; + +pkcs-1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 +} + +rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } + +id-RSAES-OAEP OBJECT IDENTIFIER ::= { pkcs-1 7 } + +id-pSpecified OBJECT IDENTIFIER ::= { pkcs-1 9 } + +id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } + +md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } +md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } +sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } +sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 } +sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 } +sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } + +id-sha1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) oiw(14) secsig(3) + algorithms(2) 26 +} + +id-md2 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 +} + +id-md5 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 +} + +id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } + + +RSAPublicKey ::= SEQUENCE { + modulus INTEGER, -- n + publicExponent INTEGER -- e +} + +RSAPrivateKey ::= SEQUENCE { + version Version, + modulus INTEGER, -- n + publicExponent INTEGER, -- e + privateExponent INTEGER, -- d + prime1 INTEGER, -- p + prime2 INTEGER, -- q + exponent1 INTEGER, -- d mod (p-1) + exponent2 INTEGER, -- d mod (q-1) + coefficient INTEGER, -- (inverse of q) mod p + otherPrimeInfos OtherPrimeInfos OPTIONAL +} + +Version ::= INTEGER { two-prime(0), multi(1) } + (CONSTRAINED BY { + -- version must be multi if otherPrimeInfos present -- + }) + +OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo + +OtherPrimeInfo ::= SEQUENCE { + prime INTEGER, -- ri + exponent INTEGER, -- di + coefficient INTEGER -- ti +} + +Algorithm ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL +} + +AlgorithmNull ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters NULL +} + + +RSASSA-PSS-params ::= SEQUENCE { + hashAlgorithm [0] Algorithm, -- DEFAULT sha1, + maskGenAlgorithm [1] Algorithm, -- DEFAULT mgf1SHA1, + saltLength [2] INTEGER DEFAULT 20, + trailerField [3] TrailerField DEFAULT trailerFieldBC +} + +TrailerField ::= INTEGER { trailerFieldBC(1) } + +DigestInfo ::= SEQUENCE { + digestAlgorithm Algorithm, + digest OCTET STRING +} + +DigestInfoNull ::= SEQUENCE { + digestAlgorithm AlgorithmNull, + digest OCTET STRING +} + + +END -- PKCS1Definitions + diff --git a/lib/public_key/asn1/PKIX1Algorithms88.asn1 b/lib/public_key/asn1/PKIX1Algorithms88.asn1 new file mode 100644 index 0000000000..f895b6d0cd --- /dev/null +++ b/lib/public_key/asn1/PKIX1Algorithms88.asn1 @@ -0,0 +1,235 @@ + PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-algorithms(17) } + + DEFINITIONS EXPLICIT TAGS ::= BEGIN + + -- EXPORTS All; + + -- IMPORTS NONE; + + -- + -- One-way Hash Functions + -- md2, md5, id-sha1 see PKCS-1 + + -- + -- DSA Keys and Signatures + -- + + -- OID for DSA public key + + id-dsa OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 } + + -- encoding for DSA public key + + DSAPublicKey ::= INTEGER -- public key, y + + Dss-Parms ::= SEQUENCE { + p INTEGER, + q INTEGER, + g INTEGER } + + -- OID for DSA signature generated with SHA-1 hash + + id-dsa-with-sha1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 } + + -- encoding for DSA signature generated with SHA-1 hash + + Dss-Sig-Value ::= SEQUENCE { + r INTEGER, + s INTEGER } + + -- + -- RSA Keys and Signatures, see PKCS-1 + -- + + -- + -- Diffie-Hellman Keys + -- + + dhpublicnumber OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-x942(10046) + number-type(2) 1 } + + -- encoding for DSA public key + + DHPublicKey ::= INTEGER -- public key, y = g^x mod p + + DomainParameters ::= SEQUENCE { + p INTEGER, -- odd prime, p=jq +1 + g INTEGER, -- generator, g + q INTEGER, -- factor of p-1 + j INTEGER OPTIONAL, -- subgroup factor, j>= 2 + validationParms ValidationParms OPTIONAL } + + ValidationParms ::= SEQUENCE { + seed BIT STRING, + pgenCounter INTEGER } + + -- + -- KEA Keys + -- + + id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= + { 2 16 840 1 101 2 1 1 22 } + + KEA-Parms-Id ::= OCTET STRING + + -- + -- Elliptic Curve Keys, Signatures, and Curves + -- + + ansi-X9-62 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) 10045 } + + FieldID ::= SEQUENCE { -- Finite field + fieldType OBJECT IDENTIFIER, + parameters ANY DEFINED BY fieldType } + + -- Arc for ECDSA signature OIDS + + id-ecSigType OBJECT IDENTIFIER ::= { ansi-X9-62 signatures(4) } + + -- OID for ECDSA signatures with SHA-1 + + ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 } + + -- OID for an elliptic curve signature + -- format for the value of an ECDSA signature value + + ECDSA-Sig-Value ::= SEQUENCE { + r INTEGER, + s INTEGER } + + -- recognized field type OIDs are defined in the following arc + + id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1) } + + -- where fieldType is prime-field, the parameters are of type Prime-p + + prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } + + Prime-p ::= INTEGER -- Finite field F(p), where p is an odd prime + + -- where fieldType is characteristic-two-field, the parameters are + -- of type Characteristic-two + + characteristic-two-field OBJECT IDENTIFIER ::= { id-fieldType 2 } + + Characteristic-two ::= SEQUENCE { + m INTEGER, -- Field size 2^m + basis OBJECT IDENTIFIER, + parameters ANY DEFINED BY basis } + + -- recognized basis type OIDs are defined in the following arc + + id-characteristic-two-basis OBJECT IDENTIFIER ::= { + characteristic-two-field basisType(3) } + + -- gnbasis is identified by OID gnBasis and indicates + -- parameters are NULL + + gnBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 1 } + + -- parameters for this basis are NULL + + -- trinomial basis is identified by OID tpBasis and indicates + -- parameters of type Pentanomial + + tpBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 2 } + + -- Trinomial basis representation of F2^m + -- Integer k for reduction polynomial xm + xk + 1 + + Trinomial ::= INTEGER + + -- for pentanomial basis is identified by OID ppBasis and indicates + -- parameters of type Pentanomial + + ppBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 3 } + + -- Pentanomial basis representation of F2^m + -- reduction polynomial integers k1, k2, k3 + -- f(x) = x**m + x**k3 + x**k2 + x**k1 + 1 + + Pentanomial ::= SEQUENCE { + k1 INTEGER, + k2 INTEGER, + k3 INTEGER } + + -- The object identifiers gnBasis, tpBasis and ppBasis name + -- three kinds of basis for characteristic-two finite fields + + FieldElement ::= OCTET STRING -- Finite field element + + ECPoint ::= OCTET STRING -- Elliptic curve point + + -- Elliptic Curve parameters may be specified explicitly, + -- specified implicitly through a "named curve", or + -- inherited from the CA + + EcpkParameters ::= CHOICE { + ecParameters ECParameters, + namedCurve OBJECT IDENTIFIER, + implicitlyCA NULL } + + ECParameters ::= SEQUENCE { -- Elliptic curve parameters + version ECPVer, + fieldID FieldID, + curve Curve, + base ECPoint, -- Base point G + order INTEGER, -- Order n of the base point + cofactor INTEGER OPTIONAL } -- The integer h = #E(Fq)/n + + ECPVer ::= INTEGER {ecpVer1(1)} + + Curve ::= SEQUENCE { + a FieldElement, -- Elliptic curve coefficient a + b FieldElement, -- Elliptic curve coefficient b + seed BIT STRING OPTIONAL } + + id-publicKeyType OBJECT IDENTIFIER ::= { ansi-X9-62 keyType(2) } + + id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 } + + -- Named Elliptic Curves in ANSI X9.62. + + ellipticCurve OBJECT IDENTIFIER ::= { ansi-X9-62 curves(3) } + + c-TwoCurve OBJECT IDENTIFIER ::= { + ellipticCurve characteristicTwo(0) } + + c2pnb163v1 OBJECT IDENTIFIER ::= { c-TwoCurve 1 } + c2pnb163v2 OBJECT IDENTIFIER ::= { c-TwoCurve 2 } + c2pnb163v3 OBJECT IDENTIFIER ::= { c-TwoCurve 3 } + c2pnb176w1 OBJECT IDENTIFIER ::= { c-TwoCurve 4 } + c2tnb191v1 OBJECT IDENTIFIER ::= { c-TwoCurve 5 } + c2tnb191v2 OBJECT IDENTIFIER ::= { c-TwoCurve 6 } + c2tnb191v3 OBJECT IDENTIFIER ::= { c-TwoCurve 7 } + c2onb191v4 OBJECT IDENTIFIER ::= { c-TwoCurve 8 } + c2onb191v5 OBJECT IDENTIFIER ::= { c-TwoCurve 9 } + c2pnb208w1 OBJECT IDENTIFIER ::= { c-TwoCurve 10 } + c2tnb239v1 OBJECT IDENTIFIER ::= { c-TwoCurve 11 } + c2tnb239v2 OBJECT IDENTIFIER ::= { c-TwoCurve 12 } + c2tnb239v3 OBJECT IDENTIFIER ::= { c-TwoCurve 13 } + c2onb239v4 OBJECT IDENTIFIER ::= { c-TwoCurve 14 } + c2onb239v5 OBJECT IDENTIFIER ::= { c-TwoCurve 15 } + c2pnb272w1 OBJECT IDENTIFIER ::= { c-TwoCurve 16 } + c2pnb304w1 OBJECT IDENTIFIER ::= { c-TwoCurve 17 } + c2tnb359v1 OBJECT IDENTIFIER ::= { c-TwoCurve 18 } + c2pnb368w1 OBJECT IDENTIFIER ::= { c-TwoCurve 19 } + c2tnb431r1 OBJECT IDENTIFIER ::= { c-TwoCurve 20 } + + primeCurve OBJECT IDENTIFIER ::= { ellipticCurve prime(1) } + + prime192v1 OBJECT IDENTIFIER ::= { primeCurve 1 } + prime192v2 OBJECT IDENTIFIER ::= { primeCurve 2 } + prime192v3 OBJECT IDENTIFIER ::= { primeCurve 3 } + prime239v1 OBJECT IDENTIFIER ::= { primeCurve 4 } + prime239v2 OBJECT IDENTIFIER ::= { primeCurve 5 } + prime239v3 OBJECT IDENTIFIER ::= { primeCurve 6 } + prime256v1 OBJECT IDENTIFIER ::= { primeCurve 7 } + + END diff --git a/lib/public_key/asn1/PKIX1Explicit88.asn1 b/lib/public_key/asn1/PKIX1Explicit88.asn1 new file mode 100644 index 0000000000..03e9da3e05 --- /dev/null +++ b/lib/public_key/asn1/PKIX1Explicit88.asn1 @@ -0,0 +1,619 @@ +PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) } + +DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL -- + +-- IMPORTS NONE -- + +-- UNIVERSAL Types defined in 1993 and 1998 ASN.1 +-- and required by this specification + +-- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING + -- UniversalString is defined in ASN.1:1993 + +-- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING + -- BMPString is the subtype of UniversalString and models + -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1 + +-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING + -- The content of this type conforms to RFC 2279. + +-- PKIX specific OIDs + +id-pkix OBJECT IDENTIFIER ::= + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) } + +-- PKIX arcs + +id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } + -- arc for private certificate extensions +id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } + -- arc for policy qualifier types +id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } + -- arc for extended key purpose OIDS +id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } + -- arc for access descriptors + +-- policyQualifierIds for Internet policy qualifiers + +id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } + -- OID for CPS qualifier +id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } + -- OID for user notice qualifier + +-- access descriptor definitions + +id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } +id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } +id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 } +id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 } + +-- attribute data types + +Attribute ::= SEQUENCE { + type AttributeType, + values SET OF AttributeValue } + -- at least one value is required + +AttributeType ::= OBJECT IDENTIFIER + +AttributeValue ::= ANY + +AttributeTypeAndValue ::= SEQUENCE { + type AttributeType, + value AttributeValue } + +-- suggested naming attributes: Definition of the following +-- information object set may be augmented to meet local +-- requirements. Note that deleting members of the set may +-- prevent interoperability with conforming implementations. +-- presented in pairs: the AttributeType followed by the +-- type definition for the corresponding AttributeValue +--Arc for standard naming attributes +id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 } + +-- Naming attributes of type X520name + +id-at-name AttributeType ::= { id-at 41 } +id-at-surname AttributeType ::= { id-at 4 } +id-at-givenName AttributeType ::= { id-at 42 } +id-at-initials AttributeType ::= { id-at 43 } +id-at-generationQualifier AttributeType ::= { id-at 44 } + +X520name ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-name)), + printableString PrintableString (SIZE (1..ub-name)), + universalString UniversalString (SIZE (1..ub-name)), + utf8String UTF8String (SIZE (1..ub-name)), + bmpString BMPString (SIZE (1..ub-name)) } + +-- Naming attributes of type X520CommonName + +id-at-commonName AttributeType ::= { id-at 3 } + +X520CommonName ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-common-name)), + printableString PrintableString (SIZE (1..ub-common-name)), + universalString UniversalString (SIZE (1..ub-common-name)), + utf8String UTF8String (SIZE (1..ub-common-name)), + bmpString BMPString (SIZE (1..ub-common-name)) } + +-- Naming attributes of type X520LocalityName + +id-at-localityName AttributeType ::= { id-at 7 } + +X520LocalityName ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-locality-name)), + printableString PrintableString (SIZE (1..ub-locality-name)), + universalString UniversalString (SIZE (1..ub-locality-name)), + utf8String UTF8String (SIZE (1..ub-locality-name)), + bmpString BMPString (SIZE (1..ub-locality-name)) } + +-- Naming attributes of type X520StateOrProvinceName + +id-at-stateOrProvinceName AttributeType ::= { id-at 8 } + +X520StateOrProvinceName ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-state-name)), + printableString PrintableString (SIZE (1..ub-state-name)), + universalString UniversalString (SIZE (1..ub-state-name)), + utf8String UTF8String (SIZE (1..ub-state-name)), + bmpString BMPString (SIZE(1..ub-state-name)) } + +-- Naming attributes of type X520OrganizationName + +id-at-organizationName AttributeType ::= { id-at 10 } + +X520OrganizationName ::= CHOICE { + teletexString TeletexString + (SIZE (1..ub-organization-name)), + printableString PrintableString + (SIZE (1..ub-organization-name)), + universalString UniversalString + (SIZE (1..ub-organization-name)), + utf8String UTF8String + (SIZE (1..ub-organization-name)), + bmpString BMPString + (SIZE (1..ub-organization-name)) } + +-- Naming attributes of type X520OrganizationalUnitName + +id-at-organizationalUnitName AttributeType ::= { id-at 11 } + +X520OrganizationalUnitName ::= CHOICE { + teletexString TeletexString + (SIZE (1..ub-organizational-unit-name)), + printableString PrintableString + (SIZE (1..ub-organizational-unit-name)), + universalString UniversalString + (SIZE (1..ub-organizational-unit-name)), + utf8String UTF8String + (SIZE (1..ub-organizational-unit-name)), + bmpString BMPString + (SIZE (1..ub-organizational-unit-name)) } + +-- Naming attributes of type X520Title + +id-at-title AttributeType ::= { id-at 12 } + +X520Title ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-title)), + printableString PrintableString (SIZE (1..ub-title)), + universalString UniversalString (SIZE (1..ub-title)), + utf8String UTF8String (SIZE (1..ub-title)), + bmpString BMPString (SIZE (1..ub-title)) } + +-- Naming attributes of type X520dnQualifier + +id-at-dnQualifier AttributeType ::= { id-at 46 } + +X520dnQualifier ::= PrintableString + +-- Naming attributes of type X520countryName (digraph from IS 3166) + +id-at-countryName AttributeType ::= { id-at 6 } + +X520countryName ::= PrintableString (SIZE (2)) + +-- Naming attributes of type X520SerialNumber + +id-at-serialNumber AttributeType ::= { id-at 5 } + +X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number)) + +-- Naming attributes of type X520Pseudonym + +id-at-pseudonym AttributeType ::= { id-at 65 } + +X520Pseudonym ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-pseudonym)), + printableString PrintableString (SIZE (1..ub-pseudonym)), + universalString UniversalString (SIZE (1..ub-pseudonym)), + utf8String UTF8String (SIZE (1..ub-pseudonym)), + bmpString BMPString (SIZE (1..ub-pseudonym)) } + +-- Naming attributes of type DomainComponent (from RFC 2247) + +id-domainComponent AttributeType ::= + { 0 9 2342 19200300 100 1 25 } + +DomainComponent ::= IA5String + +-- Legacy attributes + +pkcs-9 OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } + +id-emailAddress AttributeType ::= { pkcs-9 1 } + +EmailAddress ::= IA5String (SIZE (1..ub-emailaddress-length)) + +-- naming data types -- + +Name ::= CHOICE { -- only one possibility for now -- + rdnSequence RDNSequence } + +RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + +DistinguishedName ::= RDNSequence + +RelativeDistinguishedName ::= + SET SIZE (1 .. MAX) OF AttributeTypeAndValue + +-- Directory string type -- + +DirectoryString ::= CHOICE { + teletexString TeletexString (SIZE (1..MAX)), + printableString PrintableString (SIZE (1..MAX)), + universalString UniversalString (SIZE (1..MAX)), + utf8String UTF8String (SIZE (1..MAX)), + bmpString BMPString (SIZE (1..MAX)) } + +-- certificate and CRL specific structures begin here + +Certificate ::= SEQUENCE { + tbsCertificate TBSCertificate, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING } + +TBSCertificate ::= SEQUENCE { + version [0] Version DEFAULT v1, + serialNumber CertificateSerialNumber, + signature AlgorithmIdentifier, + issuer Name, + validity Validity, + subject Name, + subjectPublicKeyInfo SubjectPublicKeyInfo, + issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + extensions [3] Extensions OPTIONAL + -- If present, version MUST be v3 -- } + +Version ::= INTEGER { v1(0), v2(1), v3(2) } + +CertificateSerialNumber ::= INTEGER + +Validity ::= SEQUENCE { + notBefore Time, + notAfter Time } + +Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + +UniqueIdentifier ::= BIT STRING + +SubjectPublicKeyInfo ::= SEQUENCE { + algorithm AlgorithmIdentifier, + subjectPublicKey BIT STRING } + +Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + +Extension ::= SEQUENCE { + extnID OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING } + +-- CRL structures + +CertificateList ::= SEQUENCE { + tbsCertList TBSCertList, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING } + +TBSCertList ::= SEQUENCE { + version Version OPTIONAL, + -- if present, MUST be v2 + signature AlgorithmIdentifier, + issuer Name, + thisUpdate Time, + nextUpdate Time OPTIONAL, + revokedCertificates SEQUENCE OF SEQUENCE { + userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL + -- if present, MUST be v2 + } OPTIONAL, + crlExtensions [0] Extensions OPTIONAL } + -- if present, MUST be v2 + +-- Version, Time, CertificateSerialNumber, and Extensions were +-- defined earlier for use in the certificate structure + +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL } + -- contains a value of the type + -- registered for use with the + -- algorithm object identifier value + +-- X.400 address syntax starts here + +ORAddress ::= SEQUENCE { + built-in-standard-attributes BuiltInStandardAttributes, + built-in-domain-defined-attributes + BuiltInDomainDefinedAttributes OPTIONAL, + -- see also teletex-domain-defined-attributes + extension-attributes ExtensionAttributes OPTIONAL } + +-- Built-in Standard Attributes + +BuiltInStandardAttributes ::= SEQUENCE { + country-name CountryName OPTIONAL, + administration-domain-name AdministrationDomainName OPTIONAL, + network-address [0] IMPLICIT NetworkAddress OPTIONAL, + -- see also extended-network-address + terminal-identifier [1] IMPLICIT TerminalIdentifier OPTIONAL, + private-domain-name [2] PrivateDomainName OPTIONAL, + organization-name [3] IMPLICIT OrganizationName OPTIONAL, + -- see also teletex-organization-name + numeric-user-identifier [4] IMPLICIT NumericUserIdentifier + OPTIONAL, + personal-name [5] IMPLICIT PersonalName OPTIONAL, + -- see also teletex-personal-name + organizational-unit-names [6] IMPLICIT OrganizationalUnitNames + OPTIONAL } + -- see also teletex-organizational-unit-names + +CountryName ::= [APPLICATION 1] CHOICE { + x121-dcc-code NumericString + (SIZE (ub-country-name-numeric-length)), + iso-3166-alpha2-code PrintableString + (SIZE (ub-country-name-alpha-length)) } + +AdministrationDomainName ::= [APPLICATION 2] CHOICE { + numeric NumericString (SIZE (0..ub-domain-name-length)), + printable PrintableString (SIZE (0..ub-domain-name-length)) } + +NetworkAddress ::= X121Address -- see also extended-network-address + +X121Address ::= NumericString (SIZE (1..ub-x121-address-length)) + +TerminalIdentifier ::= PrintableString (SIZE +(1..ub-terminal-id-length)) + +PrivateDomainName ::= CHOICE { + numeric NumericString (SIZE (1..ub-domain-name-length)), + printable PrintableString (SIZE (1..ub-domain-name-length)) } + +OrganizationName ::= PrintableString + (SIZE (1..ub-organization-name-length)) + -- see also teletex-organization-name + +NumericUserIdentifier ::= NumericString + (SIZE (1..ub-numeric-user-id-length)) + +PersonalName ::= SET { + surname [0] IMPLICIT PrintableString + (SIZE (1..ub-surname-length)), + given-name [1] IMPLICIT PrintableString + (SIZE (1..ub-given-name-length)) OPTIONAL, + initials [2] IMPLICIT PrintableString + (SIZE (1..ub-initials-length)) OPTIONAL, + generation-qualifier [3] IMPLICIT PrintableString + (SIZE (1..ub-generation-qualifier-length)) + OPTIONAL } + -- see also teletex-personal-name + +OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) + OF OrganizationalUnitName + -- see also teletex-organizational-unit-names + +OrganizationalUnitName ::= PrintableString (SIZE + (1..ub-organizational-unit-name-length)) + +-- Built-in Domain-defined Attributes + +BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE + (1..ub-domain-defined-attributes) OF + BuiltInDomainDefinedAttribute + +BuiltInDomainDefinedAttribute ::= SEQUENCE { + type PrintableString (SIZE + (1..ub-domain-defined-attribute-type-length)), + value PrintableString (SIZE + (1..ub-domain-defined-attribute-value-length)) } + +-- Extension Attributes + +ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF + ExtensionAttribute + +ExtensionAttribute ::= SEQUENCE { + extension-attribute-type [0] IMPLICIT INTEGER + (0..ub-extension-attributes), + extension-attribute-value [1] + ANY DEFINED BY extension-attribute-type } + +-- Extension types and attribute values + +common-name INTEGER ::= 1 + +CommonName ::= PrintableString (SIZE (1..ub-common-name-length)) + +teletex-common-name INTEGER ::= 2 + +TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length)) + +teletex-organization-name INTEGER ::= 3 + +TeletexOrganizationName ::= + TeletexString (SIZE (1..ub-organization-name-length)) + +teletex-personal-name INTEGER ::= 4 + +TeletexPersonalName ::= SET { + surname [0] IMPLICIT TeletexString + (SIZE (1..ub-surname-length)), + given-name [1] IMPLICIT TeletexString + (SIZE (1..ub-given-name-length)) OPTIONAL, + initials [2] IMPLICIT TeletexString + (SIZE (1..ub-initials-length)) OPTIONAL, + generation-qualifier [3] IMPLICIT TeletexString + (SIZE (1..ub-generation-qualifier-length)) + OPTIONAL } + +teletex-organizational-unit-names INTEGER ::= 5 + +TeletexOrganizationalUnitNames ::= SEQUENCE SIZE + (1..ub-organizational-units) OF TeletexOrganizationalUnitName + +TeletexOrganizationalUnitName ::= TeletexString + (SIZE (1..ub-organizational-unit-name-length)) + +pds-name INTEGER ::= 7 + +PDSName ::= PrintableString (SIZE (1..ub-pds-name-length)) + +physical-delivery-country-name INTEGER ::= 8 + +PhysicalDeliveryCountryName ::= CHOICE { + x121-dcc-code NumericString (SIZE +(ub-country-name-numeric-length)), + iso-3166-alpha2-code PrintableString + (SIZE (ub-country-name-alpha-length)) } + +postal-code INTEGER ::= 9 + +PostalCode ::= CHOICE { + numeric-code NumericString (SIZE (1..ub-postal-code-length)), + printable-code PrintableString (SIZE (1..ub-postal-code-length)) } + +physical-delivery-office-name INTEGER ::= 10 + +PhysicalDeliveryOfficeName ::= PDSParameter + +physical-delivery-office-number INTEGER ::= 11 + +PhysicalDeliveryOfficeNumber ::= PDSParameter + +extension-OR-address-components INTEGER ::= 12 + +ExtensionORAddressComponents ::= PDSParameter + +physical-delivery-personal-name INTEGER ::= 13 + +PhysicalDeliveryPersonalName ::= PDSParameter + +physical-delivery-organization-name INTEGER ::= 14 + +PhysicalDeliveryOrganizationName ::= PDSParameter + +extension-physical-delivery-address-components INTEGER ::= 15 + +ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter + +unformatted-postal-address INTEGER ::= 16 + +UnformattedPostalAddress ::= SET { + printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) + OF PrintableString (SIZE (1..ub-pds-parameter-length)) + OPTIONAL, + teletex-string TeletexString + (SIZE (1..ub-unformatted-address-length)) OPTIONAL } + +street-address INTEGER ::= 17 + +StreetAddress ::= PDSParameter + +post-office-box-address INTEGER ::= 18 + +PostOfficeBoxAddress ::= PDSParameter + +poste-restante-address INTEGER ::= 19 + +PosteRestanteAddress ::= PDSParameter + +unique-postal-name INTEGER ::= 20 + +UniquePostalName ::= PDSParameter + +local-postal-attributes INTEGER ::= 21 + +LocalPostalAttributes ::= PDSParameter + +PDSParameter ::= SET { + printable-string PrintableString + (SIZE(1..ub-pds-parameter-length)) OPTIONAL, + teletex-string TeletexString + (SIZE(1..ub-pds-parameter-length)) OPTIONAL } + +extended-network-address INTEGER ::= 22 + +ExtendedNetworkAddress ::= CHOICE { + e163-4-address SEQUENCE { + number [0] IMPLICIT NumericString + (SIZE (1..ub-e163-4-number-length)), + sub-address [1] IMPLICIT NumericString + (SIZE (1..ub-e163-4-sub-address-length)) + OPTIONAL }, + psap-address [0] IMPLICIT PresentationAddress } + +PresentationAddress ::= SEQUENCE { + pSelector [0] EXPLICIT OCTET STRING OPTIONAL, + sSelector [1] EXPLICIT OCTET STRING OPTIONAL, + tSelector [2] EXPLICIT OCTET STRING OPTIONAL, + nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING } + +terminal-type INTEGER ::= 23 + +TerminalType ::= INTEGER { + telex (3), + teletex (4), + g3-facsimile (5), + g4-facsimile (6), + ia5-terminal (7), + videotex (8) } (0..ub-integer-options) + +-- Extension Domain-defined Attributes + +teletex-domain-defined-attributes INTEGER ::= 6 + +TeletexDomainDefinedAttributes ::= SEQUENCE SIZE + (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute + +TeletexDomainDefinedAttribute ::= SEQUENCE { + type TeletexString + (SIZE (1..ub-domain-defined-attribute-type-length)), + value TeletexString + (SIZE (1..ub-domain-defined-attribute-value-length)) } + +-- specifications of Upper Bounds MUST be regarded as mandatory +-- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter +-- Upper Bounds + +-- Upper Bounds +ub-name INTEGER ::= 32768 +ub-common-name INTEGER ::= 64 +ub-locality-name INTEGER ::= 128 +ub-state-name INTEGER ::= 128 +ub-organization-name INTEGER ::= 64 +ub-organizational-unit-name INTEGER ::= 64 +ub-title INTEGER ::= 64 +ub-serial-number INTEGER ::= 64 +ub-match INTEGER ::= 128 +ub-emailaddress-length INTEGER ::= 255 +ub-common-name-length INTEGER ::= 64 +ub-country-name-alpha-length INTEGER ::= 2 +ub-country-name-numeric-length INTEGER ::= 3 +ub-domain-defined-attributes INTEGER ::= 4 +ub-domain-defined-attribute-type-length INTEGER ::= 8 +ub-domain-defined-attribute-value-length INTEGER ::= 128 +ub-domain-name-length INTEGER ::= 16 +ub-extension-attributes INTEGER ::= 256 +ub-e163-4-number-length INTEGER ::= 15 +ub-e163-4-sub-address-length INTEGER ::= 40 +ub-generation-qualifier-length INTEGER ::= 3 +ub-given-name-length INTEGER ::= 16 +ub-initials-length INTEGER ::= 5 +ub-integer-options INTEGER ::= 256 +ub-numeric-user-id-length INTEGER ::= 32 +ub-organization-name-length INTEGER ::= 64 +ub-organizational-unit-name-length INTEGER ::= 32 +ub-organizational-units INTEGER ::= 4 +ub-pds-name-length INTEGER ::= 16 +ub-pds-parameter-length INTEGER ::= 30 +ub-pds-physical-address-lines INTEGER ::= 6 +ub-postal-code-length INTEGER ::= 16 +ub-pseudonym INTEGER ::= 128 +ub-surname-length INTEGER ::= 40 +ub-terminal-id-length INTEGER ::= 24 +ub-unformatted-address-length INTEGER ::= 180 +ub-x121-address-length INTEGER ::= 16 + +-- Note - upper bounds on string types, such as TeletexString, are +-- measured in characters. Excepting PrintableString or IA5String, a +-- significantly greater number of octets will be required to hold +-- such a value. As a minimum, 16 octets, or twice the specified +-- upper bound, whichever is the larger, should be allowed for +-- TeletexString. For UTF8String or UniversalString at least four +-- times the upper bound should be allowed. + +END diff --git a/lib/public_key/asn1/PKIX1Implicit88.asn1 b/lib/public_key/asn1/PKIX1Implicit88.asn1 new file mode 100644 index 0000000000..ced270baf6 --- /dev/null +++ b/lib/public_key/asn1/PKIX1Implicit88.asn1 @@ -0,0 +1,349 @@ +PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) } + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL -- + +IMPORTS + id-pe, id-kp, id-qt-unotice, id-qt-cps, + -- delete following line if "new" types are supported -- + -- BMPString, + -- UTF8String, end "new" types -- + ORAddress, Name, RelativeDistinguishedName, + CertificateSerialNumber, Attribute, DirectoryString + FROM PKIX1Explicit88 { iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-pkix1-explicit(18) }; + + +-- ISO arc for standard certificate and CRL extensions + +id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} + +-- authority key identifier OID and syntax + +id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } + +AuthorityKeyIdentifier ::= SEQUENCE { + keyIdentifier [0] KeyIdentifier OPTIONAL, + authorityCertIssuer [1] GeneralNames OPTIONAL, + authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } + -- authorityCertIssuer and authorityCertSerialNumber MUST both + -- be present or both be absent + +KeyIdentifier ::= OCTET STRING + +-- subject key identifier OID and syntax + +id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } + +SubjectKeyIdentifier ::= KeyIdentifier + +-- key usage extension OID and syntax + +id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } + +KeyUsage ::= BIT STRING { + digitalSignature (0), + nonRepudiation (1), + keyEncipherment (2), + dataEncipherment (3), + keyAgreement (4), + keyCertSign (5), + cRLSign (6), + encipherOnly (7), + decipherOnly (8) } + +-- private key usage period extension OID and syntax + +id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 } + +PrivateKeyUsagePeriod ::= SEQUENCE { + notBefore [0] GeneralizedTime OPTIONAL, + notAfter [1] GeneralizedTime OPTIONAL } + -- either notBefore or notAfter MUST be present + +-- certificate policies extension OID and syntax + +id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } + +anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } + +CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation + +PolicyInformation ::= SEQUENCE { + policyIdentifier CertPolicyId, + policyQualifiers SEQUENCE SIZE (1..MAX) OF + PolicyQualifierInfo OPTIONAL } + +CertPolicyId ::= OBJECT IDENTIFIER + +PolicyQualifierInfo ::= SEQUENCE { + policyQualifierId PolicyQualifierId, + qualifier ANY DEFINED BY policyQualifierId } + +-- Implementations that recognize additional policy qualifiers MUST +-- augment the following definition for PolicyQualifierId + +PolicyQualifierId ::= + OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) + +-- CPS pointer qualifier + +CPSuri ::= IA5String + +-- user notice qualifier + +UserNotice ::= SEQUENCE { + noticeRef NoticeReference OPTIONAL, + explicitText DisplayText OPTIONAL} + +NoticeReference ::= SEQUENCE { + organization DisplayText, + noticeNumbers SEQUENCE OF INTEGER } + +DisplayText ::= CHOICE { + ia5String IA5String (SIZE (1..200)), + visibleString VisibleString (SIZE (1..200)), + bmpString BMPString (SIZE (1..200)), + utf8String UTF8String (SIZE (1..200)) } + +-- policy mapping extension OID and syntax + +id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } + +PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { + issuerDomainPolicy CertPolicyId, + subjectDomainPolicy CertPolicyId } + +-- subject alternative name extension OID and syntax + +id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } + +SubjectAltName ::= GeneralNames + +GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + +GeneralName ::= CHOICE { + otherName [0] AnotherName, + rfc822Name [1] IA5String, + dNSName [2] IA5String, + x400Address [3] ORAddress, + directoryName [4] Name, + ediPartyName [5] EDIPartyName, + uniformResourceIdentifier [6] IA5String, + iPAddress [7] OCTET STRING, + registeredID [8] OBJECT IDENTIFIER } + +-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as +-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax + +AnotherName ::= SEQUENCE { + type-id OBJECT IDENTIFIER, + value [0] EXPLICIT ANY DEFINED BY type-id } + +EDIPartyName ::= SEQUENCE { + nameAssigner [0] DirectoryString OPTIONAL, + partyName [1] DirectoryString } + +-- issuer alternative name extension OID and syntax + +id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } + +IssuerAltName ::= GeneralNames + +id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } + +SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute + +-- basic constraints extension OID and syntax + +id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } + +BasicConstraints ::= SEQUENCE { + cA BOOLEAN DEFAULT FALSE, + pathLenConstraint INTEGER (0..MAX) OPTIONAL } + +-- name constraints extension OID and syntax + +id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } + +NameConstraints ::= SEQUENCE { + permittedSubtrees [0] GeneralSubtrees OPTIONAL, + excludedSubtrees [1] GeneralSubtrees OPTIONAL } + +GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree + +GeneralSubtree ::= SEQUENCE { + base GeneralName, + minimum [0] BaseDistance DEFAULT 0, + maximum [1] BaseDistance OPTIONAL } + +BaseDistance ::= INTEGER (0..MAX) + +-- policy constraints extension OID and syntax + +id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } + +PolicyConstraints ::= SEQUENCE { + requireExplicitPolicy [0] SkipCerts OPTIONAL, + inhibitPolicyMapping [1] SkipCerts OPTIONAL } + +SkipCerts ::= INTEGER (0..MAX) + +-- CRL distribution points extension OID and syntax + +id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31} + +CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint + +DistributionPoint ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + reasons [1] ReasonFlags OPTIONAL, + cRLIssuer [2] GeneralNames OPTIONAL } + +DistributionPointName ::= CHOICE { + fullName [0] GeneralNames, + nameRelativeToCRLIssuer [1] RelativeDistinguishedName } + +ReasonFlags ::= BIT STRING { + unused (0), + keyCompromise (1), + cACompromise (2), + affiliationChanged (3), + superseded (4), + cessationOfOperation (5), + certificateHold (6), + privilegeWithdrawn (7), + aACompromise (8) } + +-- extended key usage extension OID and syntax + +id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} + +ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId + + +KeyPurposeId ::= OBJECT IDENTIFIER + +-- permit unspecified key uses + +anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } + +-- extended key purpose OIDs + +id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } +id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } +id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } +id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } +id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } +id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } + +-- inhibit any policy OID and syntax + +id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } + +InhibitAnyPolicy ::= SkipCerts + +-- freshest (delta)CRL extension OID and syntax + +id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } + +FreshestCRL ::= CRLDistributionPoints + +-- authority info access + +id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } + +AuthorityInfoAccessSyntax ::= + SEQUENCE SIZE (1..MAX) OF AccessDescription + +AccessDescription ::= SEQUENCE { + accessMethod OBJECT IDENTIFIER, + accessLocation GeneralName } + +-- subject info access + +id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 } + +SubjectInfoAccessSyntax ::= + SEQUENCE SIZE (1..MAX) OF AccessDescription + +-- CRL number extension OID and syntax + +id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } + +CRLNumber ::= INTEGER (0..MAX) + +-- issuing distribution point extension OID and syntax + +id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } + +IssuingDistributionPoint ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, + onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, + onlySomeReasons [3] ReasonFlags OPTIONAL, + indirectCRL [4] BOOLEAN DEFAULT FALSE, + onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE } + +id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 } + +BaseCRLNumber ::= CRLNumber + +-- CRL reasons extension OID and syntax + +id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } + +CRLReason ::= ENUMERATED { + unspecified (0), + keyCompromise (1), + cACompromise (2), + affiliationChanged (3), + superseded (4), + cessationOfOperation (5), + certificateHold (6), + removeFromCRL (8), + privilegeWithdrawn (9), + aACompromise (10) } + +-- certificate issuer CRL entry extension OID and syntax + +id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 } + +CertificateIssuer ::= GeneralNames + +-- hold instruction extension OID and syntax + +id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 } + +HoldInstructionCode ::= OBJECT IDENTIFIER + +-- ANSI x9 holdinstructions + +-- ANSI x9 arc holdinstruction arc + +holdInstruction OBJECT IDENTIFIER ::= + {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2} + +-- ANSI X9 holdinstructions referenced by this standard + +id-holdinstruction-none OBJECT IDENTIFIER ::= + {holdInstruction 1} -- deprecated + +id-holdinstruction-callissuer OBJECT IDENTIFIER ::= + {holdInstruction 2} + +id-holdinstruction-reject OBJECT IDENTIFIER ::= + {holdInstruction 3} + +-- invalidity date CRL entry extension OID and syntax + +id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 } + +InvalidityDate ::= GeneralizedTime + +END diff --git a/lib/public_key/asn1/PKIXAttributeCertificate.asn1 b/lib/public_key/asn1/PKIXAttributeCertificate.asn1 new file mode 100644 index 0000000000..7d93e6b37e --- /dev/null +++ b/lib/public_key/asn1/PKIXAttributeCertificate.asn1 @@ -0,0 +1,189 @@ + PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-attribute-cert(12)} + + DEFINITIONS IMPLICIT TAGS ::= + + BEGIN + + -- EXPORTS ALL -- + + IMPORTS + + -- IMPORTed module OIDs MAY change if [PKIXPROF] changes + -- PKIX Certificate Extensions + Attribute, AlgorithmIdentifier, CertificateSerialNumber, + Extensions, UniqueIdentifier, + id-pkix, id-pe, id-kp, id-ad, id-at + FROM PKIX1Explicit88 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) + pkix(7) id-mod(0) id-pkix1-explicit-88(1)} + + GeneralName, GeneralNames, id-ce + FROM PKIX1Implicit88 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) + pkix(7) id-mod(0) id-pkix1-implicit-88(2)} ; + + id-pe-ac-auditIdentity OBJECT IDENTIFIER ::= { id-pe 4 } + id-pe-aaControls OBJECT IDENTIFIER ::= { id-pe 6 } + id-pe-ac-proxying OBJECT IDENTIFIER ::= { id-pe 10 } + id-ce-targetInformation OBJECT IDENTIFIER ::= { id-ce 55 } + + id-aca OBJECT IDENTIFIER ::= { id-pkix 10 } + id-aca-authenticationInfo OBJECT IDENTIFIER ::= { id-aca 1 } + id-aca-accessIdentity OBJECT IDENTIFIER ::= { id-aca 2 } + id-aca-chargingIdentity OBJECT IDENTIFIER ::= { id-aca 3 } + id-aca-group OBJECT IDENTIFIER ::= { id-aca 4 } + -- { id-aca 5 } is reserved + id-aca-encAttrs OBJECT IDENTIFIER ::= { id-aca 6 } + + id-at-role OBJECT IDENTIFIER ::= { id-at 72} + id-at-clearance OBJECT IDENTIFIER ::= + { joint-iso-ccitt(2) ds(5) module(1) + selected-attribute-types(5) clearance (55) } + + -- Uncomment this if using a 1988 level ASN.1 compiler + -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING + + AttributeCertificate ::= SEQUENCE { + acinfo AttributeCertificateInfo, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING + } + + AttributeCertificateInfo ::= SEQUENCE { + version AttCertVersion, -- version is v2 + holder Holder, + issuer AttCertIssuer, + signature AlgorithmIdentifier, + serialNumber CertificateSerialNumber, + attrCertValidityPeriod AttCertValidityPeriod, + attributes SEQUENCE OF Attribute, + issuerUniqueID UniqueIdentifier OPTIONAL, + extensions Extensions OPTIONAL + } + + AttCertVersion ::= INTEGER { v2(1) } + + Holder ::= SEQUENCE { + baseCertificateID [0] IssuerSerial OPTIONAL, + -- the issuer and serial number of + -- the holder's Public Key Certificate + entityName [1] GeneralNames OPTIONAL, + -- the name of the claimant or role + objectDigestInfo [2] ObjectDigestInfo OPTIONAL + -- used to directly authenticate the + -- holder, for example, an executable + } + + ObjectDigestInfo ::= SEQUENCE { + digestedObjectType ENUMERATED { + publicKey (0), + publicKeyCert (1), + otherObjectTypes (2) }, + -- otherObjectTypes MUST NOT + -- MUST NOT be used in this profile + otherObjectTypeID OBJECT IDENTIFIER OPTIONAL, + digestAlgorithm AlgorithmIdentifier, + objectDigest BIT STRING + } + + AttCertIssuer ::= CHOICE { + v1Form GeneralNames, -- MUST NOT be used in this + -- profile + v2Form [0] V2Form -- v2 only + } + + V2Form ::= SEQUENCE { + issuerName GeneralNames OPTIONAL, + baseCertificateID [0] IssuerSerial OPTIONAL, + objectDigestInfo [1] ObjectDigestInfo OPTIONAL + -- issuerName MUST be present in this profile + -- baseCertificateID and objectDigestInfo MUST + -- NOT be present in this profile + } + + IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serial CertificateSerialNumber, + issuerUID UniqueIdentifier OPTIONAL + } + + AttCertValidityPeriod ::= SEQUENCE { + notBeforeTime GeneralizedTime, + notAfterTime GeneralizedTime + } + + Targets ::= SEQUENCE OF Target + + Target ::= CHOICE { + targetName [0] GeneralName, + targetGroup [1] GeneralName, + targetCert [2] TargetCert + } + + TargetCert ::= SEQUENCE { + targetCertificate IssuerSerial, + targetName GeneralName OPTIONAL, + certDigestInfo ObjectDigestInfo OPTIONAL + } + + IetfAttrSyntax ::= SEQUENCE { + policyAuthority[0] GeneralNames OPTIONAL, + values SEQUENCE OF CHOICE { + octets OCTET STRING, + oid OBJECT IDENTIFIER, + string UTF8String + } + } + + SvceAuthInfo ::= SEQUENCE { + service GeneralName, + ident GeneralName, + authInfo OCTET STRING OPTIONAL + } + + RoleSyntax ::= SEQUENCE { + roleAuthority [0] GeneralNames OPTIONAL, + roleName [1] GeneralName + } + + Clearance ::= SEQUENCE { + policyId [0] OBJECT IDENTIFIER, + classList [1] ClassList DEFAULT {unclassified}, + securityCategories + [2] SET OF SecurityCategory OPTIONAL + } + + ClassList ::= BIT STRING { + unmarked (0), + unclassified (1), + restricted (2), + confidential (3), + secret (4), + topSecret (5) + } + + SecurityCategory ::= SEQUENCE { + type [0] IMPLICIT OBJECT IDENTIFIER, + value [1] ANY DEFINED BY type + } + + AAControls ::= SEQUENCE { + pathLenConstraint INTEGER (0..MAX) OPTIONAL, + permittedAttrs [0] AttrSpec OPTIONAL, + excludedAttrs [1] AttrSpec OPTIONAL, + permitUnSpecified BOOLEAN DEFAULT TRUE + } + + AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER + + ACClearAttrs ::= SEQUENCE { + acIssuer GeneralName, + acSerial INTEGER, + attrs SEQUENCE OF Attribute + } + + ProxyInfo ::= SEQUENCE OF Targets + + END diff --git a/lib/public_key/asn1/README b/lib/public_key/asn1/README new file mode 100644 index 0000000000..5fb8cf9725 --- /dev/null +++ b/lib/public_key/asn1/README @@ -0,0 +1,51 @@ +The files + + PKIX1Algorithms88.asn1 + PKIX1Explicit88.asn1 + PKIX1Implicit88.asn1 + PKIXAttributeCertificate.asn1 + +are from RFCs 3279, 3280 and 3281. + +We have edited PKIX1Explicit88.asn1, PKIX1Implicit88.asn1, and +PKIXAttributeCertificate.asn1 as follows: + + +1. Removal of definition of UniversalString and BMPString: + +diff -r1.1 PKIX1Explicit88.asn1 +15c15 +< UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING +--- +> -- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING +18c18 +< BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING +--- +> -- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING + + +2. Removal of definition of BMPString: + +diff -r1.1 PKIX1Implicit88.asn1 +13c13,14 +< BMPString, UTF8String, -- end "new" types -- +--- +> -- BMPString, +> UTF8String, -- end "new" types -- + + +3. Addition of definition of UTF8String, and correction of a typo. + +diff -r1.1 PKIXAttributeCertificate.asn1 +46c46 +< -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING +--- +> UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING +55c55 +< version AttCertVersion -- version is v2, +--- +> version AttCertVersion, -- version is v2 + +4. Defenitions of publuic keys from PKCS-1.asn1 present in +PKIX1Algorithms88.asn1 where removed as we take them directly from +PKCS-1.asn1
\ No newline at end of file diff --git a/lib/public_key/doc/html/.gitignore b/lib/public_key/doc/html/.gitignore new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/lib/public_key/doc/html/.gitignore diff --git a/lib/public_key/doc/man3/.gitignore b/lib/public_key/doc/man3/.gitignore new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/lib/public_key/doc/man3/.gitignore diff --git a/lib/public_key/doc/pdf/.gitignore b/lib/public_key/doc/pdf/.gitignore new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/lib/public_key/doc/pdf/.gitignore diff --git a/lib/public_key/doc/src/Makefile b/lib/public_key/doc/src/Makefile new file mode 100644 index 0000000000..08d1396cca --- /dev/null +++ b/lib/public_key/doc/src/Makefile @@ -0,0 +1,227 @@ +# +# %CopyrightBegin% +# +# Copyright Ericsson AB 2008-2009. All Rights Reserved. +# +# The contents of this file are subject to the Erlang Public License, +# Version 1.1, (the "License"); you may not use this file except in +# compliance with the License. You should have received a copy of the +# Erlang Public License along with this software. If not, it can be +# retrieved online at http://www.erlang.org/. +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# %CopyrightEnd% +# + +# +include $(ERL_TOP)/make/target.mk +include $(ERL_TOP)/make/$(TARGET)/otp.mk + +# ---------------------------------------------------- +# Application version +# ---------------------------------------------------- +include ../../vsn.mk +VSN=$(PUBLIC_KEY_VSN) +APPLICATION=public_key + +# ---------------------------------------------------- +# Include dependency +# ---------------------------------------------------- + +ifndef DOCSUPPORT +include make.dep +endif + +# ---------------------------------------------------- +# Release directory specification +# ---------------------------------------------------- +RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN) +# ---------------------------------------------------- +# Target Specs +# ---------------------------------------------------- +XML_APPLICATION_FILES = ref_man.xml +XML_REF3_FILES = public_key.xml +XML_REF6_FILES = + +XML_PART_FILES = part.xml part_notes.xml +XML_CHAPTER_FILES = \ + introduction.xml \ + public_key_records.xml \ + cert_records.xml \ + notes.xml + +BOOK_FILES = book.xml + +GIF_FILES = note.gif + +# ---------------------------------------------------- + +TOP_HTML_FILES = + +HTML_FILES = $(XML_APPLICATION_FILES:%.xml=$(HTMLDIR)/%.html) \ + $(XML_PART_FILES:%.xml=$(HTMLDIR)/%.html) + +INFO_FILE = ../../info + +EXTRA_FILES = \ + $(DEFAULT_GIF_FILES) \ + $(DEFAULT_HTML_FILES) \ + $(XML_REF3_FILES:%.xml=$(HTMLDIR)/%.html) \ + $(XML_CHAPTER_FILES:%.xml=$(HTMLDIR)/%.html) + +MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3) + +ifdef DOCSUPPORT + +HTML_REF_MAN_FILE = $(HTMLDIR)/index.html + +TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf + +else + +TEX_FILES_BOOK = \ + $(BOOK_FILES:%.xml=%.tex) +TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \ + $(XML_APPLICATION_FILES:%.xml=%.tex) +TEX_FILES_USERS_GUIDE = \ + $(XML_PART_FILES:%.xml=%.tex) \ + $(XML_CHAPTER_FILES:%.xml=%.tex) + +TOP_PDF_FILE = public_key-$(VSN).pdf +TOP_PS_FILE = public_key-$(VSN).ps + +$(TOP_PDF_FILE): book.dvi ../../vsn.mk + $(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@ + +$(TOP_PS_FILE): book.dvi ../../vsn.mk + $(DVI2PS) $(DVIPS_FLAGS) -f $< > $@ + +endif + +# ---------------------------------------------------- +# FLAGS +# ---------------------------------------------------- +XML_FLAGS += +DVIPS_FLAGS += + +# ---------------------------------------------------- +# Targets +# ---------------------------------------------------- +$(HTMLDIR)/%.gif: %.gif + $(INSTALL_DATA) $< $@ + +ifdef DOCSUPPORT + +docs: pdf html man + +$(TOP_PDF_FILE): $(XML_FILES) + +pdf: $(TOP_PDF_FILE) + +html: gifs $(HTML_REF_MAN_FILE) + +clean clean_docs: + rm -rf $(HTMLDIR)/* + rm -f $(MAN3DIR)/* + rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo) + rm -f errs core *~ + +else + +ifeq ($(DOCTYPE),pdf) +docs: pdf +else +ifeq ($(DOCTYPE),ps) +docs: ps +else +docs: html gifs man +endif +endif + +pdf: $(TOP_PDF_FILE) + +ps: $(TOP_PS_FILE) + +html: $(HTML_FILES) + +clean clean_docs clean_tex: + rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK) + rm -f $(HTML_FILES) $(MAN3_FILES) + rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE) + rm -f errs core *~ min_head.gif \ + $(LATEX_CLEAN) + +endif + +man: $(MAN3_FILES) + +gifs: $(GIF_FILES:%=$(HTMLDIR)/%) + +debug opt: + + +# ---------------------------------------------------- +# Release Target +# ---------------------------------------------------- +include $(ERL_TOP)/make/otp_release_targets.mk + +ifdef DOCSUPPORT + +release_docs_spec: docs + $(INSTALL_DIR) $(RELSYSDIR)/doc/pdf + $(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf + $(INSTALL_DIR) $(RELSYSDIR)/doc/html + $(INSTALL_DATA) $(HTMLDIR)/* \ + $(RELSYSDIR)/doc/html + $(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR) + $(INSTALL_DIR) $(RELEASE_PATH)/man/man3 + $(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3 +else + +ifeq ($(DOCTYPE),pdf) +release_docs_spec: pdf + $(INSTALL_DIR) $(RELEASE_PATH)/pdf + $(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf +else +ifeq ($(DOCTYPE),ps) +release_docs_spec: ps + $(INSTALL_DIR) $(RELEASE_PATH)/ps + $(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps +else +release_docs_spec: docs + $(INSTALL_DIR) $(RELSYSDIR)/doc/html + $(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \ + $(RELSYSDIR)/doc/html + $(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR) + $(INSTALL_DIR) $(RELEASE_PATH)/man/man3 + $(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3 +endif +endif + +endif + +release_spec: + +info: + @echo "GIF_FILES:\n$(GIF_FILES)" + @echo "" + @echo "EXTRA_FILES:\n$(EXTRA_FILES)" + @echo "" + @echo "HTML_FILES:\n$(HTML_FILES)" + @echo "" + @echo "TOP_HTML_FILES:\n$(TOP_HTML_FILES)" + @echo "" + @echo "DEFAULT_GIF_FILES:\n$(DEFAULT_GIF_FILES)" + @echo "" + @echo "DEFAULT_HTML_FILES:\n$(DEFAULT_HTML_FILES)" + @echo "" + @echo "XML_REF3_FILES:\n$(XML_REF3_FILES)" + @echo "" + @echo "XML_REF6_FILES:\n$(XML_REF6_FILES)" + @echo "" + @echo "XML_CHAPTER_FILES:\n$(XML_CHAPTER_FILES)" + @echo "" diff --git a/lib/public_key/doc/src/book.xml b/lib/public_key/doc/src/book.xml new file mode 100644 index 0000000000..d3b8c7a2c7 --- /dev/null +++ b/lib/public_key/doc/src/book.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE book SYSTEM "book.dtd"> + +<book xmlns:xi="http://www.w3.org/2001/XInclude"> + <header titlestyle="normal"> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>public_key</title> + <prepared>Ingela Anderton Andin</prepared> + <docno></docno> + <date>2008-01-22</date> + <rev></rev> + <file>book.sgml</file> + </header> + <insidecover> + </insidecover> + <pagetext>public_key</pagetext> + <preamble> + <contents level="2"></contents> + </preamble> + <parts lift="no"> + <xi:include href="part.xml"/> + </parts> + <applications> + <xi:include href="ref_man.xml"/> + </applications> + <releasenotes> + <xi:include href="notes.xml"/> + </releasenotes> + <listofterms></listofterms> + <index></index> +</book> + diff --git a/lib/public_key/doc/src/cert_records.xml b/lib/public_key/doc/src/cert_records.xml new file mode 100644 index 0000000000..8fb4ea5fd0 --- /dev/null +++ b/lib/public_key/doc/src/cert_records.xml @@ -0,0 +1,612 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE chapter SYSTEM "chapter.dtd"> + +<chapter> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>Certificate records</title> + <prepared>Ingela Anderton Andin</prepared> + <responsible></responsible> + <docno></docno> + <approved></approved> + <checked></checked> + <date>2008-02-06</date> + <rev>A</rev> + <file>cert_records.xml</file> + </header> + + <p>This chapter briefly describes erlang records derived from asn1 + specifications used to handle X509 certificates. The intent is to + describe the data types and not to specify the meaning of each + component for this we refer you to RFC 3280. + </p> + + <p>Use the following include directive to get access to the + records and constant macros described in the following sections.</p> + + <code> -include_lib("public_key/include/public_key.hrl"). </code> + + <section> + <title>Common Data Types</title> + + <p>Common non standard erlang + data types used to described the record fields in the + below sections are defined in <seealso + marker="public_key">public key reference manual </seealso> or + follows here.</p> + + <p><c>time() = uct_time() | general_time()</c></p> + + <p><c>uct_time() = {utcTime, "YYMMDDHHMMSSZ"} </c></p> + + <p><c>general_time() = {generalTime, "YYYYMMDDHHMMSSZ"} </c></p> + + <p><c> + general_name() = {rfc822Name, string()} | {dNSName, string()} + | {x400Address, string()} | {directoryName, + {rdnSequence, [#AttributeTypeAndValue'{}]}} | + | {eidPartyName, special_string()} + | {eidPartyName, special_string(), special_string()} + | {uniformResourceIdentifier, string()} | {ipAddress, string()} | + {registeredId, oid()} | {otherName, term()} + </c></p> + + <p><c> + special_string() = + {teletexString, string()} | {printableString, string()} | + {universalString, string()} | {utf8String, string()} | + {bmpString, string()} + </c></p> + + <p><c> + dist_reason() = unused | keyCompromise | cACompromise | + affiliationChanged | superseded | cessationOfOperation | + certificateHold | privilegeWithdrawn | + aACompromise + </c></p> + </section> + + <section> + <title> PKIX Certificates</title> +<code> +#'Certificate'{ + tbsCertificate, % #'TBSCertificate'{} + signatureAlgorithm, % #'AlgorithmIdentifier'{} + signature % {0, binary()} - asn1 compact bitstring + }. + +#'TBSCertificate'{ + version, % v1 | v2 | v3 + serialNumber, % integer() + signature, % #'AlgorithmIdentifier'{} + issuer, % {rdnSequence, [#AttributeTypeAndValue'{}]} + validity, % #'Validity'{} + subject, % {rdnSequence, [#AttributeTypeAndValue'{}]} + subjectPublicKeyInfo, % #'SubjectPublicKeyInfo'{} + issuerUniqueID, % binary() | asn1_novalue + subjectUniqueID, % binary() | asn1_novalue + extensions % [#'Extension'{}] + }. + +#'AlgorithmIdentifier'{ + algorithm, % oid() + parameters % asn1_der_encoded() + }. +#'SignatureAlgorithm'{ + algorithm, % id_signature_algorithm() + parameters % public_key_params() + }. +</code> + +<p><c> id_signature_algorithm() = ?oid_name_as_erlang_atom</c> for available +oid names see table below. Ex: ?'id-dsa-with-sha1'</p> +<table> + <row> + <cell align="left" valign="middle">OID name</cell> + </row> + <row> + <cell align="left" valign="middle">id-dsa-with-sha1</cell> + </row> + <row> + <cell align="left" valign="middle">md2WithRSAEncryption</cell> + </row> + <row> + <cell align="left" valign="middle">md5WithRSAEncryption</cell> + </row> + <row> + <cell align="left" valign="middle">sha1WithRSAEncryption</cell> + </row> + <row> + <cell align="left" valign="middle">ecdsa-with-SHA1</cell> + </row> + <tcaption>Signature algorithm oids </tcaption> +</table> + +<code> +#'AttributeTypeAndValue'{ + type, % id_attributes() + value % term() + }. +</code> + +<p><c>id_attributes() = ?oid_name_as_erlang_atom</c> +for available oid names see table below. Ex: ?'id-at-name'</p> +<table> + <row> + <cell align="left" valign="middle">OID name</cell> + <cell align="left" valign="middle">Value type</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-name</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-surname</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-givenName</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-initials </cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-generationQualifier</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-commonName</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-localityName</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-stateOrProvinceName</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-organizationName</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-title</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-dnQualifier</cell> + <cell align="left" valign="middle">{printableString, string()}</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-countryName</cell> + <cell align="left" valign="middle">{printableString, string()}</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-serialNumber</cell> + <cell align="left" valign="middle">{printableString, string()}</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-pseudonym</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <tcaption>Attribute oids </tcaption> +</table> + +<code> +#'Validity'{ + notBefore, % time() + notAfter % time() + }. + +#'SubjectPublicKeyInfo'{ + algorithm, % #AlgorithmIdentifier{} + subjectPublicKey % binary() + }. + +#'SubjectPublicKeyInfoAlgorithm'{ + algorithm, % id_public_key_algorithm() + parameters % public_key_params() + }. +</code> + +<p><c> id_public_key_algorithm() = ?oid_name_as_erlang_atom</c> for available +oid names see table below. Ex: ?'id-dsa'</p> +<table> + <row> + <cell align="left" valign="middle">OID name</cell> + </row> + <row> + <cell align="left" valign="middle">rsaEncryption</cell> + </row> + <row> + <cell align="left" valign="middle">id-dsa</cell> + </row> + <row> + <cell align="left" valign="middle">dhpublicnumber</cell> + </row> + <row> + <cell align="left" valign="middle">ecdsa-with-SHA1</cell> + </row> + <row> + <cell align="left" valign="middle">id-keyExchangeAlgorithm</cell> + </row> + <tcaption>Public key algorithm oids </tcaption> +</table> + + +<code> +#'Extension'{ + extnID, % id_extensions() | oid() + critical, % boolean() + extnValue % asn1_der_encoded() + }. +</code> + +<p><c>id_extensions() = ?oid_name_as_erlang_atom</c> for +available oid names see tables. Ex: ?'id-ce-authorityKeyIdentifier'<seealso +marker="#StdCertExt">Standard Certificate Extensions</seealso>, + <seealso + marker="#PrivIntExt">Private Internet Extensions</seealso>, <seealso + marker="#CRLCertExt">CRL Extensions</seealso> and + <seealso + marker="#CRLEntryExt">CRL Entry Extensions</seealso>. +</p> + +</section> + +<section> + <marker id="StdCertExt"></marker> + <title>Standard certificate extensions</title> + + <table> + <row> + <cell align="left" valign="middle">OID name</cell> + <cell align="left" valign="middle">Value type</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-authorityKeyIdentifier</cell> + <cell align="left" valign="middle">#'AuthorityKeyIdentifier'{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-subjectKeyIdentifier</cell> + <cell align="left" valign="middle">oid()</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-keyUsage</cell> + <cell align="left" valign="middle"> [key_usage()]</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-privateKeyUsagePeriod</cell> + <cell align="left" valign="middle">#'PrivateKeyUsagePeriod'{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-certificatePolicies</cell> + <cell align="left" valign="middle">#'PolicyInformation'{}</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-policyMappings</cell> + <cell align="left" valign="middle">#'PolicyMappings_SEQOF'{}</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-subjectAltName</cell> + <cell align="left" valign="middle">general_name()</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-issuerAltName</cell> + <cell align="left" valign="middle">general_name()</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-subjectDirectoryAttributes</cell> + <cell align="left" valign="middle"> [#'Attribute'{}]</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-basicConstraints</cell> + <cell align="left" valign="middle">#'BasicConstraints'{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-nameConstraints</cell> + <cell align="left" valign="middle">#'NameConstraints'{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-policyConstraints</cell> + <cell align="left" valign="middle">#'PolicyConstraints'{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-extKeyUsage</cell> + <cell align="left" valign="middle">[id_key_purpose()]</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-cRLDistributionPoints</cell> + <cell align="left" valign="middle">#'DistributionPoint'{}</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-inhibitAnyPolicy</cell> + <cell align="left" valign="middle">integer()</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-freshestCRL</cell> + <cell align="left" valign="middle">[#'DistributionPoint'{}]</cell> + </row> + + + <tcaption>Standard Certificate Extensions</tcaption> + </table> + + <p><c> + key_usage() = digitalSignature | nonRepudiation | keyEncipherment| + dataEncipherment | keyAgreement | keyCertSign | cRLSign | encipherOnly | + decipherOnly + </c></p> + + <p><c> id_key_purpose() = ?oid_name_as_erlang_atom</c> for available +oid names see table below. Ex: ?'id-kp-serverAuth'</p> + +<table> + <row> + <cell align="left" valign="middle">OID name</cell> + </row> + <row> + <cell align="left" valign="middle">id-kp-serverAuth</cell> + </row> + <row> + <cell align="left" valign="middle">id-kp-clientAuth</cell> + </row> + <row> + <cell align="left" valign="middle">id-kp-codeSigning</cell> + </row> + <row> + <cell align="left" valign="middle">id-kp-emailProtection</cell> + </row> + <row> + <cell align="left" valign="middle">id-kp-timeStamping</cell> + </row> + <row> + <cell align="left" valign="middle">id-kp-OCSPSigning</cell> + </row> + <tcaption>Key purpose oids </tcaption> +</table> + + <code> +#'AuthorityKeyIdentifier'{ + keyIdentifier, % oid() + authorityCertIssuer, % general_name() + authorityCertSerialNumber % integer() + }. + +#'PrivateKeyUsagePeriod'{ + notBefore, % general_time() + notAfter % general_time() + }. + +#'PolicyInformation'{ + policyIdentifier, % oid() + policyQualifiers % [#PolicyQualifierInfo{}] + }. + +#'PolicyQualifierInfo'{ + policyQualifierId, % oid() + qualifier % string() | #'UserNotice'{} + }. + +#'UserNotice'{ + noticeRef, % #'NoticeReference'{} + explicitText % string() + }. + +#'NoticeReference'{ + organization, % string() + noticeNumbers % [integer()] + }. + +#'PolicyMappings_SEQOF'{ + issuerDomainPolicy, % oid() + subjectDomainPolicy % oid() + }. + +#'Attribute'{ + type, % oid() + values % [asn1_der_encoded()] + }). + +#'BasicConstraints'{ + cA, % boolean() + pathLenConstraint % integer() + }). + +#'NameConstraints'{ + permittedSubtrees, % [#'GeneralSubtree'{}] + excludedSubtrees % [#'GeneralSubtree'{}] + }). + +#'GeneralSubtree'{ + base, % general_name() + minimum, % integer() + maximum % integer() + }). + +#'PolicyConstraints'{ + requireExplicitPolicy, % integer() + inhibitPolicyMapping % integer() + }). + +#'DistributionPoint'{ + distributionPoint, % general_name() | [#AttributeTypeAndValue{}] + reasons, % [dist_reason()] + cRLIssuer % general_name() + }). +</code> + +</section> + + <section> + <marker id="PrivIntExt"></marker> + <title>Private Internet Extensions</title> + + <table> + <row> + <cell align="left" valign="middle">OID name</cell> + <cell align="left" valign="middle">Value type</cell> + </row> + <row> + <cell align="left" valign="middle">id-pe-authorityInfoAccess</cell> + <cell align="left" valign="middle">[#'AccessDescription'{}]</cell> + </row> + <row> + <cell align="left" valign="middle">id-pe-subjectInfoAccess</cell> + <cell align="left" valign="middle">[#'AccessDescription'{}]</cell> + </row> + <tcaption>Private Internet Extensions</tcaption> + </table> + +<code> +#'AccessDescription'{ + accessMethod, % oid() + accessLocation % general_name() + }). +</code> + + </section> + +<section> + <title> CRL and CRL Extensions Profile</title> + + <code> +#'CertificateList'{ + tbsCertList, % #'TBSCertList{} + signatureAlgorithm, % #'AlgorithmIdentifier'{} + signature % {0, binary()} - asn1 compact bitstring + }). + +#'TBSCertList'{ + version, % v2 (if defined) + signature, % #AlgorithmIdentifier{} + issuer, % {rdnSequence, [#AttributeTypeAndValue'{}]} + thisUpdate, % time() + nextUpdate, % time() + revokedCertificates, % [#'TBSCertList_revokedCertificates_SEQOF'{}] + crlExtensions % [#'Extension'{}] + }). + +#'TBSCertList_revokedCertificates_SEQOF'{ + userCertificate, % integer() + revocationDate, % timer() + crlEntryExtensions % [#'Extension'{}] + }). + </code> + + <section> + <marker id="CRLCertExt"></marker> + <title>CRL Extensions </title> + + <table> + <row> + <cell align="left" valign="middle">OID name</cell> + <cell align="left" valign="middle">Value type</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-authorityKeyIdentifier</cell> + <cell align="left" valign="middle">#'AuthorityKeyIdentifier{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-issuerAltName</cell> + <cell align="left" valign="middle">{rdnSequence, [#AttributeTypeAndValue'{}]}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-cRLNumber</cell> + <cell align="left" valign="middle">integer()</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-deltaCRLIndicator</cell> + <cell align="left" valign="middle">integer()</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-issuingDistributionPoint</cell> + <cell align="left" valign="middle">#'IssuingDistributionPoint'{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-freshestCRL</cell> + <cell align="left" valign="middle">[#'Distributionpoint'{}]</cell> + </row> + + <tcaption>CRL Extensions</tcaption> + </table> + + <code> +#'IssuingDistributionPoint'{ + distributionPoint, % general_name() | [#AttributeTypeAndValue'{}] + onlyContainsUserCerts, % boolean() + onlyContainsCACerts, % boolean() + onlySomeReasons, % [dist_reason()] + indirectCRL, % boolean() + onlyContainsAttributeCerts % boolean() + }). + </code> + </section> + + <section> + <marker id="CRLEntryExt"></marker> + <title> CRL Entry Extensions </title> + + <table> + <row> + <cell align="left" valign="middle">OID name</cell> + <cell align="left" valign="middle">Value type</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-cRLReason</cell> + <cell align="left" valign="middle">crl_reason()</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-holdInstructionCode</cell> + <cell align="left" valign="middle">oid()</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-invalidityDate</cell> + <cell align="left" valign="middle">general_time()</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-certificateIssuer</cell> + <cell align="left" valign="middle">general_name()</cell> + </row> + <tcaption>CRL Entry Extensions</tcaption> + </table> + <p><c> + crl_reason() = unspecified | keyCompromise | cACompromise | + affiliationChanged | superseded | cessationOfOperation | + certificateHold | removeFromCRL | privilegeWithdrawn | + aACompromise + </c></p> + </section> + +</section> +</chapter> diff --git a/lib/public_key/doc/src/fascicules.xml b/lib/public_key/doc/src/fascicules.xml new file mode 100644 index 0000000000..5f41826c56 --- /dev/null +++ b/lib/public_key/doc/src/fascicules.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE fascicules SYSTEM "fascicules.dtd"> + +<fascicules> + <fascicule file="usersguide" href="part_frame.html" entry="no"> + User's Guide + </fascicule> + <fascicule file="ref_man" href="ref_man_frame.html" entry="yes"> + Reference Manual + </fascicule> + <fascicule file="release_notes" href="part_notes_frame.html" entry="no"> + Release Notes + </fascicule> + <fascicule file="" href="../../../../doc/print.html" entry="no"> + Off-Print + </fascicule> +</fascicules> + + diff --git a/lib/public_key/doc/src/introduction.xml b/lib/public_key/doc/src/introduction.xml new file mode 100644 index 0000000000..71488e435a --- /dev/null +++ b/lib/public_key/doc/src/introduction.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE chapter SYSTEM "chapter.dtd"> + +<chapter> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>Introduction</title> + <prepared>Ingela Anderton Andin</prepared> + <responsible></responsible> + <docno></docno> + <approved></approved> + <checked></checked> + <date>2008-01-22</date> + <rev>A</rev> + <file>introduction.xml</file> + </header> + + <section> + <title>Purpose</title> + <p> This application provides an API to public key infrastructure + from RFC 3280 (X.509 certificates) and public key formats defined + by the PKCS-standard.</p> + </section> + + <section> + <title>Prerequisites</title> + <p>It is assumed that the reader is familiar with the Erlang + programming language, concepts of OTP and has a basic understanding + of the concepts of using public keys.</p> + </section> + +</chapter> + diff --git a/lib/public_key/doc/src/make.dep b/lib/public_key/doc/src/make.dep new file mode 100644 index 0000000000..2675556f1b --- /dev/null +++ b/lib/public_key/doc/src/make.dep @@ -0,0 +1,21 @@ +# ---------------------------------------------------- +# >>>> Do not edit this file <<<< +# This file was automaticly generated by +# /home/otp/bin/docdepend +# ---------------------------------------------------- + + +# ---------------------------------------------------- +# TeX files that the DVI file depend on +# ---------------------------------------------------- + +book.dvi: book.tex cert_records.tex introduction.tex \ + part.tex public_key.tex public_key_records.tex \ + ref_man.tex + +# ---------------------------------------------------- +# Source inlined when transforming from source to LaTeX +# ---------------------------------------------------- + +book.tex: ref_man.xml + diff --git a/lib/public_key/doc/src/note.gif b/lib/public_key/doc/src/note.gif Binary files differnew file mode 100644 index 0000000000..6fffe30419 --- /dev/null +++ b/lib/public_key/doc/src/note.gif diff --git a/lib/public_key/doc/src/notes.xml b/lib/public_key/doc/src/notes.xml new file mode 100644 index 0000000000..822f8bdb66 --- /dev/null +++ b/lib/public_key/doc/src/notes.xml @@ -0,0 +1,120 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE chapter SYSTEM "chapter.dtd"> + +<chapter> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>public_key Release Notes</title> + <prepared>Ingela Anderton Andin</prepared> + <responsible>Ingela Anderton Andin</responsible> + <docno></docno> + <approved></approved> + <checked></checked> + <date>2008-01-22</date> + <rev>A</rev> + <file>notes.xml</file> + </header> + + + <section><title>Public_Key 0.4</title> + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + The documentation is now built with open source tools + (xsltproc and fop) that exists on most platforms. One + visible change is that the frames are removed.</p> + <p> + Own Id: OTP-8250</p> + </item> + </list> + </section> + + </section> + + <section><title>Public_Key 0.3</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Unknown attributes in certificates are left encoded + instead of crashing. Patch by Will "wglozer" thanks.</p> + <p> + Own Id: OTP-8100</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Allow public_key:pem_to_der/[1,2] to take a binary as + argument in addition to a filename. Patch by Geoff Cant, + thanks.</p> + <p> + Own Id: OTP-8142</p> + </item> + </list> + </section> + + </section> + +<section><title>Public_Key 0.2</title> + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + X509 certificate handling has been extended and improved + as a result of more extensive testing of both the ssl + and public_key application. Even more extensions of the + certificate handling is yet to be implemented.</p> + <p> + Own Id: OTP-7860</p> + </item> + </list> + </section> + +</section> + +<section><title>Public_Key 0.1</title> + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + First version.</p> + <p> + Own Id: OTP-7637</p> + </item> + </list> + </section> + +</section> + + +</chapter> + diff --git a/lib/public_key/doc/src/part.xml b/lib/public_key/doc/src/part.xml new file mode 100644 index 0000000000..b85fa063ce --- /dev/null +++ b/lib/public_key/doc/src/part.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE part SYSTEM "part.dtd"> + +<part xmlns:xi="http://www.w3.org/2001/XInclude"> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>public_key User's Guide</title> + <prepared>Ingela Anderton Andin</prepared> + <docno></docno> + <date>2008-01-22</date> + <rev></rev> + <file>part.xml</file> + </header> + <description> + <p> This application provides an API to public key infrastructure + from RFC 3280 (X.509 certificates) and some public key formats defined + by the PKCS-standard. </p> + </description> + <xi:include href="introduction.xml"/> + <xi:include href="public_key_records.xml"/> + <xi:include href="cert_records.xml"/> +</part> + diff --git a/lib/public_key/doc/src/part_notes.xml b/lib/public_key/doc/src/part_notes.xml new file mode 100644 index 0000000000..37ca516bc8 --- /dev/null +++ b/lib/public_key/doc/src/part_notes.xml @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE part SYSTEM "part.dtd"> + +<part xmlns:xi="http://www.w3.org/2001/XInclude"> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>public_key Release Notes</title> + <prepared>Ingela Anderton Andin</prepared> + <docno></docno> + <date>2008-01-22</date> + <rev></rev> + </header> + <description> + <p></p> + </description> + <xi:include href="notes.xml"/> +</part> + + diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml new file mode 100644 index 0000000000..dc9a96906f --- /dev/null +++ b/lib/public_key/doc/src/public_key.xml @@ -0,0 +1,317 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE erlref SYSTEM "erlref.dtd"> + +<erlref> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>public_key</title> + <prepared>Ingela Anderton Andin</prepared> + <responsible></responsible> + <docno></docno> + <date></date> + <rev></rev> + </header> + <module>public_key</module> + <modulesummary> API module for public key infrastructure.</modulesummary> + <description> + <p>This module provides functions to handle public key infrastructure + from RFC 3280 - X.509 certificates (will later be upgraded to RFC 5280) + and some parts of the PKCS-standard. + Currently this application is mainly used by the new + ssl implementation. The API is yet under construction + and only a few of the functions are currently documented and thereby supported. + </p> + </description> + + <section> + <title>COMMON DATA TYPES </title> + + <note><p>All records used in this manual + <!-- except #policy_tree_node{} --> + are generated from asn1 specifications + and are documented in the User's Guide. See <seealso + marker="public_key_records">Public key records</seealso> and <seealso + marker="cert_records">X.509 Certificate records</seealso>. + </p></note> + + <p>Use the following include directive to get access to the + records and constant macros described here and in the User's Guide.</p> + + <code> -include_lib("public_key/include/public_key.hrl"). </code> + + <p><em>Data Types </em></p> + + <p><c>boolean() = true | false</c></p> + + <p><c>string = [bytes()]</c></p> + + <p><c>asn1_der_encoded() = binary() | [bytes()]</c></p> + + <p><c>der_bin() = binary() </c></p> + + <p><c>oid() - a tuple of integers + as generated by the asn1 compiler.</c></p> + + <p><c>public_key() = rsa_public_key() | dsa_public_key()</c></p> + + <p><c>rsa_public_key() = #'RSAPublicKey'{}</c></p> + + <p><c>rsa_private_key() = #'RSAPrivateKey'{} </c></p> + + <p><c>dsa_public_key() = integer() </c></p> + + <p><c>public_key_params() = dsa_key_params() </c></p> + + <p><c>dsa_key_params() = #'Dss-Parms'{} </c></p> + + <p><c>private_key() = rsa_private_key() | dsa_private_key()</c></p> + + <p><c>rsa_private_key() = #'RSAPrivateKey'{} </c></p> + + <p><c>dsa_private_key() = #'DSAPrivateKey'{}</c></p> + + <p><c>x509_certificate() = "#Certificate{}"</c></p> + + <p><c>x509_tbs_certificate() = #'TBSCertificate'{} </c></p> + +<!-- <p><c>policy_tree() = [Root, Children]</c></p> --> + +<!-- <p><c>Root = #policy_tree_node{}</c></p> --> + +<!-- <p><c>Children = [] | policy_tree()</c></p> --> + +<!-- <p> The policy_tree_node record has the following fields:</p> --> + +<!-- <taglist> --> + +<!-- <tag>valid_policy</tag> --> +<!-- <item> Is a single policy OID representing a --> +<!-- valid policy for the path of length x.</item> --> + +<!-- <tag>qualifier_set</tag> --> +<!-- <item>A set of policy qualifiers associated --> +<!-- with the valid policy in certificate x.</item> --> + +<!-- <tag>critically_indicator</tag> --> +<!-- <item>The critically_indicator indicates whether the --> +<!-- certificate policy extension in certificate x was marked as --> +<!-- critical. </item> --> + +<!-- <tag>expected_policy_set</tag> --> +<!-- <item>The expected_policy_set contains one or more policy OIDs --> +<!-- that would satisfy this policy in the certificate x+1. </item> --> +<!-- </taglist> --> + </section> + +<funcs> + <func> + <name>decode_private_key(KeyInfo) -> </name> + <name>decode_private_key(KeyInfo, Password) -> {ok, PrivateKey} | {error, Reason}</name> + <fsummary> Decodes an asn1 der encoded private key.</fsummary> + <type> + <v> KeyInfo = {KeyType, der_bin(), ChipherInfo} </v> + <d> As returned from pem_to_der/1 for private keys</d> + <v> KeyType = rsa_private_key | dsa_private_key </v> + <v> ChipherInfo = opaque() | no_encryption </v> + <d> ChipherInfo may contain encryption parameters if the private key is password + protected, these are opaque to the user just pass the value returned by pem_to_der/1 + to this function.</d> + <v> Password = string() </v> + <d>Must be specified if CipherInfo =/= no_encryption</d> + <v> PrivateKey = private_key() </v> + <v> Reason = term() </v> + </type> + <desc> + <p>Decodes an asn1 der encoded private key.</p> + </desc> + </func> + + <func> + <name>pem_to_der(File) -> {ok, [Entry]}</name> + <fsummary>Reads a PEM file and translates it into its asn1 der + encoded parts.</fsummary> + <type> + <v>File = path()</v> + <v>Password = string()</v> + <v>Entry = {entry_type(), der_bin(), CipherInfo}</v> + <v> ChipherInfo = opaque() | no_encryption </v> + <d> ChipherInfo may contain encryption parameters if the private key is password + protected, these will be handled by the function decode_private_key/2. </d> + <v>entry_type() = cert | cert_req | rsa_private_key | dsa_private_key | + dh_params </v> + </type> + <desc> + <p>Reads a PEM file and translates it into its asn1 der + encoded parts.</p> + </desc> + </func> + + <func> + <name>pkix_decode_cert(Cert, Type) -> {ok, DecodedCert} | {error, Reason}</name> + <fsummary> Decodes an asn1 der encoded pkix certificate. </fsummary> + <type> + <v>Cert = asn1_der_encoded() </v> + <v>Type = plain | otp</v> + <v>DecodeCert = x509_certificate() </v> + <d>When type is specified as otp the asn1 spec OTP-PKIX.asn1 is used to decode known + extensions and enhance the signature field in + #'Certificate'{} and '#TBSCertificate'{}. This is currently used by the new ssl + implementation but not documented and supported for the public_key application.</d> + <v>Reason = term() </v> + </type> + <desc> + <p> Decodes an asn1 encoded pkix certificate.</p> + </desc> + </func> + +<!-- <func> --> +<!-- <name> pkix_encode_cert(Cert) -> {ok, EncodedCert} | {error, Reason}</name> --> +<!-- <fsummary>Encodes a certificate record using asn1. </fsummary> --> +<!-- <type> --> +<!-- <v>Cert = x509_certificate() </v> --> +<!-- <v>EncodedCert = asn1_der_encoded() </v> --> +<!-- <v>Reason = term() </v> --> +<!-- </type> --> +<!-- <desc> --> +<!-- <p> Encodes a certificate record using asn1.</p> --> +<!-- </desc> --> +<!-- </func> --> + +<!-- <func> --> +<!-- <name>pkix_path_validation(TrustedCert, CertChain, Options) -> {ok, Result} | {error, Reason}</name> --> + +<!-- <fsummary>Performs a basic path validation according to RFC 3280</fsummary> --> +<!-- <type> --> +<!-- <v>TrustedCert = asn1_der_encoded()</v> --> +<!-- <v>CertChain = [asn1_der_encoded()]</v> --> +<!-- <v>Options = [{Option, Value}]</v> --> +<!-- <v>Result = {{algorithm(), public_key(), --> +<!-- public_key_params()}, policy_tree()}</v> --> +<!-- </type> --> + +<!-- <desc> --> +<!-- <p>Available options are: </p> --> +<!-- <taglist> --> +<!-- <tag>{validate_extension_fun, fun()}</tag> --> +<!-- <item> A fun behaving according to the following outline: --> +<!-- <code> --> +<!-- [...] --> +<!-- ValidateExtensionFun = fun(Extensions, UserState) -> --> +<!-- validate_extensions(Extensions, UserState, []) --> +<!-- end, --> +<!-- [...] --> + +<!-- validate_extensions([], UserState, UnknowExtension) -> --> +<!-- {UserState, UnknowExtension}; --> +<!-- validate_extensions([#'Extension'{} = Ext | Rest], UserState, UnknowExtension) -> --> +<!-- case valid_extension(Ext) of --> +<!-- {true, NewUserState} -> --> +<!-- validate_extensions(Rest, NewUserState, UnknowExtension); --> +<!-- unknown -> --> +<!-- validate_extensions(Rest, UserState, [Ext | UnknowExtension]); --> +<!-- {false, Reason} -> --> +<!-- throw(bad_cert, Reason) --> +<!-- end. --> +<!-- </code> --> + +<!-- </item> --> + +<!-- <tag>{policy_set, [oid()]}</tag> --> +<!-- <item>A set of certificate policy --> +<!-- identifiers naming the policies that are acceptable to the --> +<!-- certificate user. If the user is not concerned about --> +<!-- certificate policy there is no need --> +<!-- to set this option. Defaults to the --> +<!-- special value [?anyPolicy]. --> +<!-- </item> --> + +<!-- <tag>{policy_mapping, boolean()}</tag> --> +<!-- <item>Indicates if policy --> +<!-- mapping, initially, is allowed in the certification path. --> +<!-- Defaults to false. --> +<!-- </item> --> + +<!-- <tag> {explicit_policy, boolean()}</tag> --> +<!-- <item>Indicates if the path, initially, must be --> +<!-- valid for at least one of the certificate policies in the user --> +<!-- specified policy set. --> +<!-- Defaults to false. --> +<!-- </item> --> + +<!-- <tag>{inhibit_any_policy, boolean()}</tag> --> +<!-- <item>Indicates whether the anyPolicy OID, initially, should --> +<!-- be processed if it is included in a certificate. --> +<!-- Defaults to false. --> +<!-- </item> --> + +<!-- </taglist> --> + +<!-- <p>Performs a basic path validation according to RFC 3280, --> +<!-- e.i. signature validation, time validation, issuer validation, --> +<!-- alternative subject name validation, CRL validation, policy --> +<!-- validation and checks that no unknown extensions --> +<!-- are marked as critical. The option <c>validate_extension_fun</c> --> +<!-- may be used to validate application specific extensions. If --> +<!-- a validation criteria is found to be invalid the validation process --> +<!-- will immediately be stopped and this functions will return --> +<!-- {error, Reason}. --> +<!-- </p> --> +<!-- </desc> --> +<!-- </func> --> + +<!-- <func> --> +<!-- <name>sign(DigestOrTBSCert, Key) -> </name> --> +<!-- <name>sign(DigestOrTBSCert, Key, KeyParams) -> {ok, SignatureOrDerCert} | {error, Reason}</name> --> +<!-- <fsummary>Signs Digest/Certificate using Key.</fsummary> --> +<!-- <type> --> +<!-- <v>DigestOrTBSCert = binary() | x509_tbs_certificate()</v> --> +<!-- <v>Key = private_key()</v> --> +<!-- <v>SignatureORDerCert = binary() | der_bin() </v> --> +<!-- <v>Reason = term() </v> --> +<!-- </type> --> +<!-- <desc> --> +<!-- <p> Signs Digest/Certificate using Key, in the later --> +<!-- case a der encoded x509_certificate() will be returned. </p> --> +<!-- </desc> --> +<!-- </func> --> + +<!-- <func> --> +<!-- <name>verify_signature(Digest, Signature, Key) -> </name> --> +<!-- <name>verify_signature(DerCert, Key, KeyParams) -> </name> --> +<!-- <name>verify_signature(Digest, Signature, Key, Params) -> Verified </name> --> +<!-- <fsummary> Verifies the signature. </fsummary> --> +<!-- <type> --> +<!-- <v>Digest = binary() </v> --> +<!-- <v>DerCert = der_bin() </v> --> +<!-- <v>Signature = binary() </v> --> +<!-- <v>Key = public_key() </v> --> +<!-- <v>Params = key_params()</v> --> +<!-- <v>Verified = boolean()</v> --> +<!-- </type> --> +<!-- <desc> --> +<!-- <p> Verifies the signature Signature. If the key is an rsa-key no --> +<!-- paramters are neeed.</p> --> +<!-- </desc> --> +<!-- </func> --> +</funcs> + +</erlref> diff --git a/lib/public_key/doc/src/public_key_records.xml b/lib/public_key/doc/src/public_key_records.xml new file mode 100644 index 0000000000..45b7106859 --- /dev/null +++ b/lib/public_key/doc/src/public_key_records.xml @@ -0,0 +1,99 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE chapter SYSTEM "chapter.dtd"> + +<chapter> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>Public key records</title> + <prepared>Ingela Anderton Andin</prepared> + <responsible></responsible> + <docno></docno> + <approved></approved> + <checked></checked> + <date>2008-02-06</date> + <rev>A</rev> + <file>public_key_records.xml</file> + </header> + + <p>This chapter briefly describes Erlang records derived from asn1 + specifications used to handle public and private keys. The intent + is to describe the data types and not to specify the meaning of + each component for this we refer you to the relevant standards and RFCs.</p> + + <p>Use the following include directive to get access to the + records and constant macros used in the following sections.</p> + + <code> -include_lib("public_key/include/public_key.hrl"). </code> + + <section> + <title>RSA as defined by the PKCS-1 standard and RFC 3447.</title> + + <code> +#'RSAPublicKey'{ + modulus, % integer() + publicExponent % integer() + }. + +#'RSAPrivateKey'{ + version, % two-prime | multi + modulus, % integer() + publicExponent, % integer() + privateExponent, % integer() + prime1, % integer() + prime2, % integer() + exponent1, % integer() + exponent2, % integer() + coefficient, % integer() + otherPrimeInfos % [#OtherPrimeInfo{}] | asn1_NOVALUE + }. + +#'OtherPrimeInfo'{ + prime, % integer() + exponent, % integer() + coefficient % integer() + }. + </code> + + </section> + + <section> + <title>DSA as defined by Digital Signature Standard (NIST FIPS PUB 186-2) + </title> + + <code> +#'DSAPrivateKey',{ + version, % integer() + p, % integer() + q, % integer() + g, % integer() + y, % integer() + x % integer() + }. + +#'Dss-Parms',{ + p, % integer() + q, % integer() + g % integer() + }. + </code> + </section> +</chapter> diff --git a/lib/public_key/doc/src/ref_man.xml b/lib/public_key/doc/src/ref_man.xml new file mode 100644 index 0000000000..0f11281d05 --- /dev/null +++ b/lib/public_key/doc/src/ref_man.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE application SYSTEM "application.dtd"> + +<application xmlns:xi="http://www.w3.org/2001/XInclude"> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>public_key Reference Manual</title> + <prepared>Ingela Anderton Andin</prepared> + <docno></docno> + <date>2008-01-22</date> + <rev></rev> + <file>ref_man.xml</file> + </header> + <description> + <p> Provides functions to handle public key infrastructure + from RFC 3280 (X.509 certificates) and some parts of the PKCS-standard. + </p> + </description> + <xi:include href="public_key.xml"/> +</application> + + + + diff --git a/lib/public_key/ebin/.gitignore b/lib/public_key/ebin/.gitignore new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/lib/public_key/ebin/.gitignore diff --git a/lib/public_key/include/public_key.hrl b/lib/public_key/include/public_key.hrl new file mode 100644 index 0000000000..fbce10f0eb --- /dev/null +++ b/lib/public_key/include/public_key.hrl @@ -0,0 +1,62 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2009. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% + +-ifndef(public_key). +-define(public_key, true). + +-include("OTP-PUB-KEY.hrl"). + +-record('SubjectPublicKeyInfoAlgorithm', { + algorithm, + parameters = asn1_NOVALUE}). + +-record(path_validation_state, { + valid_policy_tree, + explicit_policy, + inhibit_any_policy, + policy_mapping, + cert_num, + last_cert = false, + permitted_subtrees = no_constraints, %% Name constraints + excluded_subtrees = [], %% Name constraints + working_public_key_algorithm, + working_public_key, + working_public_key_parameters, + working_issuer_name, + max_path_length, + acc_errors, %% If verify_none option is set + user_state + }). + +-record(policy_tree_node, { + valid_policy, + qualifier_set, + criticality_indicator, + expected_policy_set + }). + +-record(revoke_state, { + reasons_mask, + cert_status, + interim_reasons_mask + }). + +-endif. % -ifdef(public_key). diff --git a/lib/public_key/info b/lib/public_key/info new file mode 100644 index 0000000000..0fa0248a7f --- /dev/null +++ b/lib/public_key/info @@ -0,0 +1,2 @@ +group: comm +short: API to public key infrastructure. diff --git a/lib/public_key/src/Makefile b/lib/public_key/src/Makefile new file mode 100644 index 0000000000..c30399f33a --- /dev/null +++ b/lib/public_key/src/Makefile @@ -0,0 +1,112 @@ +# +# %CopyrightBegin% +# +# Copyright Ericsson AB 2008-2009. All Rights Reserved. +# +# The contents of this file are subject to the Erlang Public License, +# Version 1.1, (the "License"); you may not use this file except in +# compliance with the License. You should have received a copy of the +# Erlang Public License along with this software. If not, it can be +# retrieved online at http://www.erlang.org/. +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# %CopyrightEnd% +# + +# +include $(ERL_TOP)/make/target.mk +include $(ERL_TOP)/make/$(TARGET)/otp.mk + +# ---------------------------------------------------- +# Application version +# ---------------------------------------------------- +include ../vsn.mk + +VSN = $(PUBLIC_KEY_VSN) +APP_VSN = "public_key-$(VSN)" + + +# ---------------------------------------------------- +# Release directory specification +# ---------------------------------------------------- +RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN) + +# ---------------------------------------------------- +# Target Specs +# ---------------------------------------------------- +MODULES = \ + public_key \ + pubkey_pem \ + pubkey_cert \ + pubkey_cert_records \ + pubkey_crypto + +HRL_FILES = $(INCLUDE)/public_key.hrl + +INTERNAL_HRL_FILES = + +ERL_FILES = $(MODULES:%=%.erl) + +TARGET_FILES= $(MODULES:%=$(EBIN)/%.$(EMULATOR)) + +APP_FILE= public_key.app +APPUP_FILE= public_key.appup + +APP_SRC= $(APP_FILE).src +APP_TARGET= $(EBIN)/$(APP_FILE) +APPUP_SRC= $(APPUP_FILE).src +APPUP_TARGET= $(EBIN)/$(APPUP_FILE) + +INCLUDE = ../include +# ---------------------------------------------------- +# INETS FLAGS +# ---------------------------------------------------- +PUB_KEY_FLAGS = + +# ---------------------------------------------------- +# FLAGS +# ---------------------------------------------------- +PUB_KEY_ERL_FLAGS += -I $(INCLUDE) -I ../asn1/ + +ERL_COMPILE_FLAGS += $(PUB_KEY_ERL_FLAGS) \ + $(PUB_KEY_FLAGS) \ + +'{parse_transform,sys_pre_attributes}' \ + +'{attribute,insert,app_vsn,$(APP_VSN)}' + +# ---------------------------------------------------- +# Targets +# ---------------------------------------------------- + +debug opt: $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) $(HRL_FILES) + +clean: + rm -f $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) + rm -f core + +docs: + +$(APP_TARGET): $(APP_SRC) ../vsn.mk + sed -e 's;%VSN%;$(VSN);' $< > $@ + +$(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk + sed -e 's;%VSN%;$(VSN);' $< > $@ + +# ---------------------------------------------------- +# Release Target +# ---------------------------------------------------- +include $(ERL_TOP)/make/otp_release_targets.mk + +release_spec: opt + $(INSTALL_DIR) $(RELSYSDIR)/src + $(INSTALL_DATA) $(INTERNAL_HRL_FILES) $(ERL_FILES) $(RELSYSDIR)/src + $(INSTALL_DIR) $(RELSYSDIR)/include + $(INSTALL_DATA) $(HRL_FILES) $(RELSYSDIR)/include + $(INSTALL_DIR) $(RELSYSDIR)/ebin + $(INSTALL_DATA) $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) $(RELSYSDIR)/ebin + +release_docs_spec: + diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl new file mode 100644 index 0000000000..0ccc74799c --- /dev/null +++ b/lib/public_key/src/pubkey_cert.erl @@ -0,0 +1,988 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2009. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% + +-module(pubkey_cert). + +-include("public_key.hrl"). + +-export([verify_signature/3, + init_validation_state/3, prepare_for_next_cert/2, + validate_time/3, validate_signature/6, + validate_issuer/4, validate_names/6, + validate_revoked_status/3, validate_extensions/4, + validate_unknown_extensions/3, + normalize_general_name/1, digest_type/1, digest/2, is_self_signed/1, + is_issuer/2, issuer_id/2, is_fixed_dh_cert/1]). + +-define(NULL, 0). + +%%==================================================================== +%% Internal application API +%%==================================================================== + +verify_signature(DerCert, Key, KeyParams) -> + {ok, OtpCert} = pubkey_cert_records:decode_cert(DerCert, otp), + verify_signature(OtpCert, DerCert, Key, KeyParams). + +init_validation_state(#'OTPCertificate'{} = OtpCert, DefaultPathLen, + Options) -> + PolicyTree = #policy_tree_node{valid_policy = ?anyPolicy, + qualifier_set = [], + criticality_indicator = false, + expected_policy_set = [?anyPolicy]}, + MaxLen = proplists:get_value(max_path_length, Options, DefaultPathLen), + ExplicitPolicy = policy_indicator(MaxLen, + proplists:get_value(explicit_policy, Options, false)), + InhibitAnyPolicy = policy_indicator(MaxLen, + proplists:get_value(inhibit_any_policy, + Options, false)), + PolicyMapping = policy_indicator(MaxLen, + proplists:get_value(policy_mapping, Options, false)), + AccErrors = proplists:get_value(acc_errors, Options, []), + State = #path_validation_state{max_path_length = MaxLen, + valid_policy_tree = PolicyTree, + explicit_policy = ExplicitPolicy, + inhibit_any_policy = InhibitAnyPolicy, + policy_mapping = PolicyMapping, + acc_errors = AccErrors, + cert_num = 0}, + prepare_for_next_cert(OtpCert, State). + +prepare_for_next_cert(OtpCert, ValidationState = #path_validation_state{ + working_public_key_algorithm = PrevAlgo, + working_public_key_parameters = + PrevParams}) -> + TBSCert = OtpCert#'OTPCertificate'.tbsCertificate, + Issuer = TBSCert#'OTPTBSCertificate'.subject, + + {Algorithm, PublicKey, PublicKeyParams0} = + public_key_info(TBSCert#'OTPTBSCertificate'.subjectPublicKeyInfo, + ValidationState), + PublicKeyParams = + case PublicKeyParams0 of + 'NULL' when Algorithm =:= PrevAlgo -> + PrevParams; + asn1_NOVALUE when Algorithm =:= PrevAlgo -> + PrevParams; + _ -> PublicKeyParams0 + end, + + ValidationState#path_validation_state{ + working_public_key_algorithm = Algorithm, + working_public_key = PublicKey, + working_public_key_parameters = PublicKeyParams, + working_issuer_name = Issuer, + cert_num = ValidationState#path_validation_state.cert_num + 1 + }. + +validate_time(OtpCert, AccErr, Verify) -> + TBSCert = OtpCert#'OTPCertificate'.tbsCertificate, + {'Validity', NotBeforeStr, NotAfterStr} + = TBSCert#'OTPTBSCertificate'.validity, + Now = calendar:datetime_to_gregorian_seconds(calendar:universal_time()), + NotBefore = time_str_2_gregorian_sec(NotBeforeStr), + NotAfter = time_str_2_gregorian_sec(NotAfterStr), + + case ((NotBefore =< Now) and (Now =< NotAfter)) of + true -> + AccErr; + false -> + not_valid({bad_cert, cert_expired}, Verify, AccErr) + end. + +validate_issuer(OtpCert, Issuer, AccErr, Verify) -> + TBSCert = OtpCert#'OTPCertificate'.tbsCertificate, + case is_issuer(Issuer, TBSCert#'OTPTBSCertificate'.issuer) of + true -> + AccErr; + _ -> + not_valid({bad_cert, invalid_issuer}, Verify, AccErr) + end. + +validate_signature(OtpCert, DerCert, Key, KeyParams, + AccErr, Verify) -> + + case verify_signature(OtpCert, DerCert, Key, KeyParams) of + true -> + AccErr; + false -> + not_valid({bad_cert, invalid_signature}, Verify, AccErr) + end. + +validate_names(OtpCert, Permit, Exclude, Last, AccErr, Verify) -> + case is_self_signed(OtpCert) andalso (not Last) of + true -> + ok; + false -> + TBSCert = OtpCert#'OTPCertificate'.tbsCertificate, + Subject = TBSCert#'OTPTBSCertificate'.subject, + AltSubject = + select_extension(?'id-ce-subjectAltName', + TBSCert#'OTPTBSCertificate'.extensions), + + EmailAddress = extract_email(Subject), + Name = [{directoryName, Subject}|EmailAddress], + + AltNames = case AltSubject of + undefined -> []; + _ -> AltSubject#'Extension'.extnValue + end, + + case (is_permitted(Name, Permit) andalso + is_permitted(AltNames, Permit) andalso + (not is_excluded(Name, Exclude)) andalso + (not is_excluded(AltNames, Exclude))) of + true -> + AccErr; + false -> + not_valid({bad_cert, name_not_permitted}, + Verify, AccErr) + end + end. + + +%% See rfc3280 4.1.2.6 Subject: regarding emails. +extract_email({rdnSequence, List}) -> + extract_email2(List). +extract_email2([[#'AttributeTypeAndValue'{type=?'id-emailAddress', + value=Mail}]|_]) -> + [{rfc822Name, Mail}]; +extract_email2([_|Rest]) -> + extract_email2(Rest); +extract_email2([]) -> []. + +validate_revoked_status(_OtpCert, _Verify, AccErr) -> + %% true | + %% throw({bad_cert, cert_revoked}) + AccErr. + +validate_extensions(OtpCert, ValidationState, Verify, AccErr) -> + TBSCert = OtpCert#'OTPCertificate'.tbsCertificate, + Extensions = TBSCert#'OTPTBSCertificate'.extensions, + validate_extensions(Extensions, ValidationState, no_basic_constraint, + is_self_signed(OtpCert), [], Verify, AccErr). + +validate_unknown_extensions([], AccErr, _Verify) -> + AccErr; +validate_unknown_extensions([#'Extension'{critical = true} | _], + AccErr, Verify) -> + not_valid({bad_cert, unknown_critical_extension}, Verify, AccErr); +validate_unknown_extensions([#'Extension'{critical = false} | Rest], + AccErr, Verify) -> + validate_unknown_extensions(Rest, AccErr, Verify). + +normalize_general_name({rdnSequence, Issuer}) -> + NormIssuer = normalize_general_name(Issuer), + {rdnSequence, NormIssuer}; + +normalize_general_name(Issuer) -> + Normalize = fun([{Description, Type, {printableString, Value}}]) -> + NewValue = string:to_lower(strip_spaces(Value)), + {Description, Type, {printableString, NewValue}}; + (Atter) -> + Atter + end, + lists:sort(lists:map(Normalize, Issuer)). + +is_self_signed(#'OTPCertificate'{tbsCertificate= + #'OTPTBSCertificate'{issuer = Issuer, + subject = Subject}}) -> + is_issuer(Issuer, Subject). + +is_issuer({rdnSequence, Issuer}, {rdnSequence, Candidate}) -> + is_dir_name(Issuer, Candidate, true). + +issuer_id(Otpcert, other) -> + TBSCert = Otpcert#'OTPCertificate'.tbsCertificate, + Extensions = TBSCert#'OTPTBSCertificate'.extensions, + case select_extension(?'id-ce-authorityKeyIdentifier', Extensions) of + undefined -> + {error, issuer_not_found}; + AuthKeyExt -> + cert_auth_key_id(AuthKeyExt#'Extension'.extnValue) + end; + +issuer_id(Otpcert, self) -> + TBSCert = Otpcert#'OTPCertificate'.tbsCertificate, + Issuer = TBSCert#'OTPTBSCertificate'.issuer, + SerialNr = TBSCert#'OTPTBSCertificate'.serialNumber, + {ok, {SerialNr, normalize_general_name(Issuer)}}. + + +is_fixed_dh_cert(#'OTPCertificate'{tbsCertificate = + #'OTPTBSCertificate'{subjectPublicKeyInfo = + SubjectPublicKeyInfo, + extensions = + Extensions}}) -> + is_fixed_dh_cert(SubjectPublicKeyInfo, Extensions). + +%%-------------------------------------------------------------------- +%%% Internal functions +%%-------------------------------------------------------------------- + +not_valid(Error, true, _) -> + throw(Error); +not_valid(Error, false, AccErrors) -> + [Error | AccErrors]. + +verify_signature(OtpCert, DerCert, Key, KeyParams) -> + %% Signature is an ASN1 compact bit string + {0, Signature} = OtpCert#'OTPCertificate'.signature, + SigAlgRec = OtpCert#'OTPCertificate'.signatureAlgorithm, + SigAlg = SigAlgRec#'SignatureAlgorithm'.algorithm, + EncTBSCert = encoded_tbs_cert(DerCert), + verify(SigAlg, EncTBSCert, Signature, Key, KeyParams). + +verify(Alg, PlainText, Signature, Key, KeyParams) -> + public_key:verify_signature(PlainText, digest_type(Alg), + Signature, Key, KeyParams). + +encoded_tbs_cert(Cert) -> + {ok, PKIXCert} = + 'OTP-PUB-KEY':decode_TBSCert_exclusive(Cert), + {'Certificate', + {'Certificate_tbsCertificate', EncodedTBSCert}, _, _} = PKIXCert, + EncodedTBSCert. + +digest_type(?sha1WithRSAEncryption) -> + sha; +digest_type(?md5WithRSAEncryption) -> + md5; +digest_type(?'id-dsa-with-sha1') -> + sha. + +digest(?sha1WithRSAEncryption, Msg) -> + crypto:sha(Msg); +digest(?md5WithRSAEncryption, Msg) -> + crypto:md5(Msg); +digest(?'id-dsa-with-sha1', Msg) -> + crypto:sha(Msg). + +public_key_info(PublicKeyInfo, + #path_validation_state{working_public_key_algorithm = + WorkingAlgorithm, + working_public_key_parameters = + WorkingParams}) -> + PublicKey = PublicKeyInfo#'OTPSubjectPublicKeyInfo'.subjectPublicKey, + AlgInfo = PublicKeyInfo#'OTPSubjectPublicKeyInfo'.algorithm, + + PublicKeyParams = AlgInfo#'PublicKeyAlgorithm'.parameters, + Algorithm = AlgInfo#'PublicKeyAlgorithm'.algorithm, + + NewPublicKeyParams = + case PublicKeyParams of + 'NULL' when WorkingAlgorithm == Algorithm -> + WorkingParams; + _ -> + PublicKeyParams + end, + {Algorithm, PublicKey, NewPublicKeyParams}. + +time_str_2_gregorian_sec({utcTime, [Y1,Y2,M1,M2,D1,D2,H1,H2,M3,M4,S1,S2,Z]}) -> + case list_to_integer([Y1,Y2]) of + N when N >= 50 -> + time_str_2_gregorian_sec({generalTime, + [$1,$9,Y1,Y2,M1,M2,D1,D2, + H1,H2,M3,M4,S1,S2,Z]}); + _ -> + time_str_2_gregorian_sec({generalTime, + [$2,$0,Y1,Y2,M1,M2,D1,D2, + H1,H2,M3,M4,S1,S2,Z]}) + end; + +time_str_2_gregorian_sec({_,[Y1,Y2,Y3,Y4,M1,M2,D1,D2,H1,H2,M3,M4,S1,S2,$Z]}) -> + Year = list_to_integer([Y1, Y2, Y3, Y4]), + Month = list_to_integer([M1, M2]), + Day = list_to_integer([D1, D2]), + Hour = list_to_integer([H1, H2]), + Min = list_to_integer([M3, M4]), + Sec = list_to_integer([S1, S2]), + calendar:datetime_to_gregorian_seconds({{Year, Month, Day}, + {Hour, Min, Sec}}). + +is_dir_name([], [], _Exact) -> true; +is_dir_name([H|R1],[H|R2], Exact) -> is_dir_name(R1,R2, Exact); +is_dir_name([[{'AttributeTypeAndValue', Type, What1}]|Rest1], + [[{'AttributeTypeAndValue', Type, What2}]|Rest2],Exact) -> + case is_dir_name2(What1,What2) of + true -> is_dir_name(Rest1,Rest2,Exact); + false -> false + end; +is_dir_name([{'AttributeTypeAndValue', Type, What1}|Rest1], + [{'AttributeTypeAndValue', Type, What2}|Rest2], Exact) -> + case is_dir_name2(What1,What2) of + true -> is_dir_name(Rest1,Rest2,Exact); + false -> false + end; +is_dir_name(_,[],false) -> + true; +is_dir_name(_,_,_) -> + false. + +is_dir_name2(Value, Value) -> true; +is_dir_name2({printableString, Value1}, {printableString, Value2}) -> + string:to_lower(strip_spaces(Value1)) =:= + string:to_lower(strip_spaces(Value2)); +is_dir_name2({utf8String, Value1}, String) -> %% BUGBUG FIX UTF8 conv + is_dir_name2({printableString, binary_to_list(Value1)}, String); +is_dir_name2(String, {utf8String, Value1}) -> %% BUGBUG FIX UTF8 conv + is_dir_name2(String, {printableString, binary_to_list(Value1)}); +is_dir_name2(_, _) -> + false. + +cert_auth_key_id(#'AuthorityKeyIdentifier'{authorityCertIssuer + = asn1_NOVALUE}) -> + {error, issuer_not_found}; +cert_auth_key_id(#'AuthorityKeyIdentifier'{authorityCertIssuer = + AuthCertIssuer, + authorityCertSerialNumber = + SerialNr}) -> + {ok, {SerialNr, decode_general_name(AuthCertIssuer)}}. + +decode_general_name([{directoryName, Issuer}]) -> + normalize_general_name(Issuer). + +%% Strip all leading and trailing spaces and make +%% sure there is no double spaces in between. +strip_spaces(String) -> + NewString = + lists:foldl(fun(Char, Acc) -> Acc ++ Char ++ " " end, [], + string:tokens(String, " ")), + string:strip(NewString). + +select_extension(_, []) -> + undefined; +select_extension(Id, [#'Extension'{extnID = Id} = Extension | _]) -> + Extension; +select_extension(Id, [_ | Extensions]) -> + select_extension(Id, Extensions). + +%% No extensions present +validate_extensions(asn1_NOVALUE, ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr) -> + validate_extensions([], ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr); + +validate_extensions([], ValidationState, basic_constraint, _SelfSigned, + UnknownExtensions, _Verify, AccErr) -> + {ValidationState, UnknownExtensions, AccErr}; +validate_extensions([], ValidationState = + #path_validation_state{max_path_length = Len, + last_cert = Last}, + no_basic_constraint, SelfSigned, UnknownExtensions, + Verify, AccErr0) -> + case Last of + true when SelfSigned -> + {ValidationState, UnknownExtensions, AccErr0}; + true -> + {ValidationState#path_validation_state{max_path_length = Len - 1}, + UnknownExtensions, AccErr0}; + %% basic_constraint must appear in certs used for digital sign + %% see 4.2.1.10 in rfc 3280 + false -> + AccErr = not_valid({bad_cert, missing_basic_constraint}, + Verify, AccErr0), + case SelfSigned of + true -> + {ValidationState, UnknownExtensions, AccErr}; + false -> + {ValidationState#path_validation_state{max_path_length = + Len - 1}, + UnknownExtensions, AccErr} + end + end; + +validate_extensions([#'Extension'{extnID = ?'id-ce-basicConstraints', + extnValue = + #'BasicConstraints'{cA = true, + pathLenConstraint = N}} | + Rest], + ValidationState = + #path_validation_state{max_path_length = Len}, _, + SelfSigned, UnknownExtensions, Verify, AccErr) -> + Length = if SelfSigned -> min(N, Len); + true -> min(N, Len-1) + end, + validate_extensions(Rest, + ValidationState#path_validation_state{max_path_length = + Length}, + basic_constraint, SelfSigned, UnknownExtensions, + Verify, AccErr); +%% The pathLenConstraint field is meaningful only if cA is set to +%% TRUE. +validate_extensions([#'Extension'{extnID = ?'id-ce-basicConstraints', + extnValue = + #'BasicConstraints'{cA = false}} | + Rest], ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr) -> + validate_extensions(Rest, ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr); + +%% +validate_extensions([#'Extension'{extnID = ?'id-ce-keyUsage', + extnValue = KeyUse + } | Rest], + #path_validation_state{last_cert=Last} = ValidationState, + ExistBasicCon, SelfSigned, UnknownExtensions, + Verify, AccErr0) -> + case Last orelse is_valid_key_usage(KeyUse, keyCertSign) of + true -> + validate_extensions(Rest, ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, + AccErr0); + false -> + AccErr = not_valid({bad_cert, invalid_key_usage}, Verify, AccErr0), + validate_extensions(Rest, ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, + AccErr) + end; + +validate_extensions([#'Extension'{extnID = ?'id-ce-extKeyUsage', + extnValue = KeyUse, + critical = true} | Rest], + #path_validation_state{} = ValidationState, + ExistBasicCon, SelfSigned, UnknownExtensions, Verify, + AccErr0) -> + case is_valid_extkey_usage(KeyUse) of + true -> + validate_extensions(Rest, ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, + Verify, AccErr0); + false -> + AccErr = + not_valid({bad_cert, invalid_ext_key_usage}, Verify, AccErr0), + validate_extensions(Rest, ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr) + end; + +validate_extensions([#'Extension'{extnID = ?'id-ce-subjectAltName', + extnValue = Names} | Rest], + ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr0) -> + case validate_subject_alt_names(Names) of + true when Names =/= [] -> + validate_extensions(Rest, ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, + AccErr0); + _ -> + AccErr = + not_valid({bad_cert, invalid_subject_altname}, + Verify, AccErr0), + validate_extensions(Rest, ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, + AccErr) + end; + +%% This extension SHOULD NOT be marked critical. Its value +%% does not have to be further validated at this point. +validate_extensions([#'Extension'{extnID = ?'id-ce-issuerAltName', + extnValue = _} | Rest], + ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr) -> + validate_extensions(Rest, ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr); + +%% This extension MUST NOT be marked critical.Its value +%% does not have to be further validated at this point. +validate_extensions([#'Extension'{extnID = Id, + extnValue = _, + critical = false} | Rest], + ValidationState, + ExistBasicCon, SelfSigned, UnknownExtensions, + Verify, AccErr) + when Id == ?'id-ce-subjectKeyIdentifier'; + Id == ?'id-ce-authorityKeyIdentifier'-> + validate_extensions(Rest, ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr); + +validate_extensions([#'Extension'{extnID = ?'id-ce-nameConstraints', + extnValue = NameConst} | Rest], + ValidationState, + ExistBasicCon, SelfSigned, UnknownExtensions, + Verify, AccErr) -> + Permitted = NameConst#'NameConstraints'.permittedSubtrees, + Excluded = NameConst#'NameConstraints'.excludedSubtrees, + + NewValidationState = add_name_constraints(Permitted, Excluded, + ValidationState), + + validate_extensions(Rest, NewValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr); + + +validate_extensions([#'Extension'{extnID = ?'id-ce-certificatePolicies', + critical = true} | Rest], ValidationState, + ExistBasicCon, SelfSigned, + UnknownExtensions, Verify, AccErr0) -> + %% TODO: Remove this clause when policy handling is + %% fully implemented + AccErr = + not_valid({bad_cert, unknown_critical_extension}, Verify, AccErr0), + validate_extensions(Rest, ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr); + +validate_extensions([#'Extension'{extnID = ?'id-ce-certificatePolicies', + extnValue = #'PolicyInformation'{ + policyIdentifier = Id, + policyQualifiers = Qualifier}} + | Rest], #path_validation_state{valid_policy_tree = Tree} + = ValidationState, + ExistBasicCon, SelfSigned, UnknownExtensions, + Verify, AccErr) -> + + %% TODO: Policy imp incomplete + NewTree = process_policy_tree(Id, Qualifier, Tree), + + validate_extensions(Rest, + ValidationState#path_validation_state{ + valid_policy_tree = NewTree}, + ExistBasicCon, SelfSigned, UnknownExtensions, + Verify, AccErr); + +validate_extensions([#'Extension'{extnID = ?'id-ce-policyConstraints', + critical = true} | Rest], ValidationState, + ExistBasicCon, SelfSigned, UnknownExtensions, Verify, + AccErr0) -> + %% TODO: Remove this clause when policy handling is + %% fully implemented + AccErr = + not_valid({bad_cert, unknown_critical_extension}, Verify, AccErr0), + validate_extensions(Rest, ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr); +validate_extensions([#'Extension'{extnID = ?'id-ce-policyConstraints', + extnValue = #'PolicyConstraints'{ + requireExplicitPolicy = ExpPolicy, + inhibitPolicyMapping = MapPolicy}} + | Rest], ValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr) -> + + %% TODO: Policy imp incomplete + NewValidationState = add_policy_constraints(ExpPolicy, MapPolicy, + ValidationState), + + validate_extensions(Rest, NewValidationState, ExistBasicCon, + SelfSigned, UnknownExtensions, Verify, AccErr); + +validate_extensions([Extension | Rest], ValidationState, + ExistBasicCon, SelfSigned, UnknownExtensions, + Verify, AccErr) -> + validate_extensions(Rest, ValidationState, ExistBasicCon, SelfSigned, + [Extension | UnknownExtensions], Verify, AccErr). + +is_valid_key_usage(KeyUse, Use) -> + lists:member(Use, KeyUse). + +is_valid_extkey_usage(?'id-kp-clientAuth') -> + true; +is_valid_extkey_usage(?'id-kp-serverAuth') -> + true; +is_valid_extkey_usage(_) -> + false. + +validate_subject_alt_names([]) -> + true; +validate_subject_alt_names([AltName | Rest]) -> + case is_valid_subject_alt_name(AltName) of + true -> + validate_subject_alt_names(Rest); + false -> + false + end. + +is_valid_subject_alt_name({Name, Value}) when Name == rfc822Name; + Name == dNSName -> + case Value of + "" -> + false; + _ -> + true + end; + +is_valid_subject_alt_name({iPAdress, Addr}) -> + case length(Addr) of + 4 -> %ipv4 + true; + 16 -> %ipv6 + true; + _ -> + false + end; +is_valid_subject_alt_name({uniformResourceIdentifier, URI}) -> + is_valid_uri(URI); + +is_valid_subject_alt_name({directoryName, _}) -> + true; +is_valid_subject_alt_name({_, [_|_]}) -> + true; +is_valid_subject_alt_name({_, _}) -> + false. + +min(N, M) when N =< M -> + N; +min(_, M) -> + M. + +is_ip_address(Address) -> + case inet_parse:address(Address) of + {ok, _} -> + true; + _ -> + false + end. + +is_fully_qualified_name(_Name) -> + true. + +is_valid_uri(AbsURI) -> + case split_uri(AbsURI) of + incomplete -> + false; + {StrScheme, _, Host, _, _} -> + case string:to_lower(StrScheme) of + Scheme when Scheme =:= "http"; Scheme =:= "ftp" -> + is_valid_host(Host); + _ -> + false + end + end. + +is_valid_host(Host) -> + case is_ip_address(Host) of + true -> + true; + false -> + is_fully_qualified_name(Host) + end. + +%% Could have a more general split URI in stdlib? Maybe when +%% regexs are improved. Needed also in inets! +split_uri(Uri) -> + case split_uri(Uri, ":", {error, no_scheme}, 1, 1) of + {error, no_scheme} -> + incomplete; + {StrScheme, "//" ++ URIPart} -> + {Authority, PathQuery} = + split_auth_path(URIPart), + {UserInfo, HostPort} = + split_uri(Authority, "@", {"", Authority}, 1, 1), + {Host, Port} = + split_uri(HostPort, ":", {HostPort, dummy_port}, 1, 1), + {StrScheme, UserInfo, Host, Port, PathQuery} + end. + +split_auth_path(URIPart) -> + case split_uri(URIPart, "/", URIPart, 1, 0) of + Split = {_, _} -> + Split; + URIPart -> + case split_uri(URIPart, "\\?", URIPart, 1, 0) of + Split = {_, _} -> + Split; + URIPart -> + {URIPart,""} + end + end. + +split_uri(UriPart, SplitChar, NoMatchResult, SkipLeft, SkipRight) -> + case regexp:first_match(UriPart, SplitChar) of + {match, Match, _} -> + {string:substr(UriPart, 1, Match - SkipLeft), + string:substr(UriPart, Match + SkipRight, length(UriPart))}; + nomatch -> + NoMatchResult + end. + +is_rdnSeq({rdnSequence,[]}, {rdnSequence,[none]}) -> + true; +is_rdnSeq({rdnSequence,DirName}, {rdnSequence,Permitted}) -> + is_dir_name(DirName, Permitted, false). + +is_permitted(_, no_constraints) -> + true; +is_permitted(Names, Constraints) -> + is_valid_name(Names, Constraints, true). + +is_excluded([], _) -> + false; +is_excluded(Names, Constraints) -> + is_valid_name(Names, Constraints, false). + +is_valid_name([], _, Default) -> + Default; +is_valid_name([{Type, Name} | Rest], Constraints, Default) -> + case type_subtree_names(Type, Constraints) of + [_|_] = ConstraintNames -> + case match_name(Type, Name, ConstraintNames) of + Default -> + is_valid_name(Rest, Constraints, Default); + Fail -> + Fail + end; + [] -> + is_valid_name(Rest, Constraints,Default) + end. + +add_name_constraints(NewPermittedTrees, NewExcludedTrees, + #path_validation_state{ + permitted_subtrees = PermittedTrees, + excluded_subtrees = ExcludedTrees} = + ValidationState) -> + NewPermitted = subtree_intersection(NewPermittedTrees, PermittedTrees), + NewExcluded = subtree_union(NewExcludedTrees, ExcludedTrees), + ValidationState#path_validation_state{permitted_subtrees = NewPermitted, + excluded_subtrees = NewExcluded}. +subtree_union(asn1_NOVALUE, Trees) -> + Trees; +subtree_union(Trees1, Trees2) -> + Trees1 ++ Trees2. + +subtree_intersection(asn1_NOVALUE, Trees) -> + Trees; +subtree_intersection(List, no_constraints) -> + List; +subtree_intersection([Tree | Trees1], Trees2) -> + Trees = is_in_intersection(Tree, Trees2), + subtree_intersection(Trees1, Trees); +subtree_intersection([], TreesInt) -> + TreesInt. + +is_in_intersection(#'GeneralSubtree'{base = + {directoryName, {rdnSequence, Name1}}} + = Name, + [#'GeneralSubtree'{base = + {directoryName, {rdnSequence, Name2}}} + | Trees]) -> + case is_dir_name(Name1, Name2, false) of + true -> + [Name|Trees]; + false -> + [Name#'GeneralSubtree'{base = + {directoryName, {rdnSequence,[none]}}} + | Trees] + end; +is_in_intersection(#'GeneralSubtree'{base = {ipAdress, Ip}}, + Trees = [#'GeneralSubtree'{base = {ipAdress, Ip}} | _]) -> + %% BUGBUG + Trees; +is_in_intersection(#'GeneralSubtree'{base = {x400Address, OrAddr1}} = Addr, + [#'GeneralSubtree'{base = {x400Address, OrAddr2}} + | Trees]) -> + case is_or_address(OrAddr1, OrAddr2) of + true -> + [Addr|Trees]; + false -> + [#'GeneralSubtree'{base = {x400Address, ""}} | Trees] + end; + +is_in_intersection(#'GeneralSubtree'{base = {Type, Name1}} = Name, + [#'GeneralSubtree'{base = {Type, Name2}} + | Trees]) -> + case case_insensitive_match(Name1, Name2) of + true -> + [Name|Trees]; + false -> + [#'GeneralSubtree'{base = {Type, ""}} | Trees] + end; +is_in_intersection(New, []) -> + [New]; +is_in_intersection(Name, [Other | IntCandidates]) -> + [Other|is_in_intersection(Name, IntCandidates)]. + +type_subtree_names(Type, SubTrees) -> + [Name || #'GeneralSubtree'{base = {TreeType, Name}} <- SubTrees, + TreeType =:= Type]. + +match_name(rfc822Name, Name, [PermittedName | Rest]) -> + match_name(fun is_valid_host_or_domain/2, Name, PermittedName, Rest); + +match_name(directoryName, DirName, [PermittedName | Rest]) -> + match_name(fun is_rdnSeq/2, DirName, PermittedName, Rest); + +match_name(uniformResourceIdentifier, URI, [PermittedName | Rest]) -> + case split_uri(URI) of + incomplete -> + false; + {_, _, Host, _, _} -> + match_name(fun is_valid_host_or_domain/2, Host, + PermittedName, Rest) + end; + +match_name(emailAddress, Name, [PermittedName | Rest]) -> + Fun = fun(Email, PermittedEmail) -> + is_valid_email_address(Email, PermittedEmail, + string:tokens(PermittedEmail,"@")) + end, + match_name(Fun, Name, PermittedName, Rest); + +match_name(dNSName, Name, [PermittedName | Rest]) -> + Fun = fun(Domain, [$.|Domain]) -> true; + (Name1,Name2) -> + lists:suffix(string:to_lower(Name2), + string:to_lower(Name1)) + end, + match_name(Fun, Name, [$.|PermittedName], Rest); + +match_name(x400Address, OrAddress, [PermittedAddr | Rest]) -> + match_name(fun is_or_address/2, OrAddress, PermittedAddr, Rest); + +match_name(ipAdress, IP, [PermittedIP | Rest]) -> + Fun = fun([IP1, IP2, IP3, IP4], + [IP5, IP6, IP7, IP8, M1, M2, M3, M4]) -> + is_permitted_ip([IP1, IP2, IP3, IP4], + [IP5, IP6, IP7, IP8], + [M1, M2, M3, M4]); + ([IP1, IP2, IP3, IP4, IP5, IP6, IP7, IP8, + IP9, IP10, IP11, IP12, IP13, IP14, IP15, IP16], + [IP17, IP18, IP19, IP20, IP21, IP22, IP23, IP24, + IP25, IP26, IP27, IP28, IP29, IP30, IP31, IP32, + M1, M2, M3, M4, M5, M6, M7, M8, + M9, M10, M11, M12, M13, M14, M15, M16]) -> + is_permitted_ip([IP1, IP2, IP3, IP4, IP5, IP6, IP7, IP8, + IP9, IP10, IP11, IP12, IP13, + IP14, IP15, IP16], + [IP17, IP18, IP19, IP20, IP21, IP22, IP23, + IP24,IP25, IP26, IP27, IP28, IP29, IP30, + IP31, IP32], + [M1, M2, M3, M4, M5, M6, M7, M8, M9, M10, + M11, M12, M13, M14, M15, M16]); + (_,_) -> + false + end, + match_name(Fun, IP, PermittedIP, Rest). + +match_name(Fun, Name, PermittedName, []) -> + Fun(Name, PermittedName); +match_name(Fun, Name, PermittedName, [Head | Tail]) -> + case Fun(Name, PermittedName) of + true -> + true; + false -> + match_name(Fun, Name, Head, Tail) + end. + +is_permitted_ip([], [], []) -> + true; +is_permitted_ip([CandidatIp | CandidatIpRest], + [PermittedIp | PermittedIpRest], [Mask | MaskRest] ) -> + case mask_cmp(CandidatIp, PermittedIp, Mask) of + true -> + is_permitted_ip(CandidatIpRest, PermittedIpRest, MaskRest); + false -> + false + end. + +mask_cmp(Canditate, Permitted, Mask) -> + (Canditate band Mask) == Permitted. + +is_valid_host_or_domain(Canditate, [$.|_] = Permitted) -> + is_suffix(Permitted, Canditate); +is_valid_host_or_domain(Canditate, Permitted) -> + case string:tokens(Canditate,"@") of + [CanditateHost] -> + case_insensitive_match(CanditateHost, Permitted); + [_, CanditateHost] -> + case_insensitive_match(CanditateHost, Permitted) + end. +is_valid_email_address(Canditate, [$.|Permitted], [_]) -> + is_suffix(Permitted, Canditate); + +is_valid_email_address(Canditate, PermittedHost, [_]) -> + [_ , CanditateHost] = string:tokens(Canditate,"@"), + case_insensitive_match(CanditateHost, PermittedHost); + +is_valid_email_address(Canditate, Permitted, [_, _]) -> + case_insensitive_match(Canditate, Permitted). + +is_suffix(Suffix, Str) -> + lists:suffix(string:to_lower(Suffix), string:to_lower(Str)). +case_insensitive_match(Str1, Str2) -> + string:to_lower(Str1) == string:to_lower(Str2). + +is_or_address(Address, Canditate) -> + %% TODO: Is case_insensitive_match sufficient? + %% study rfc2156 probably need more a complex check. + is_double_quoted(Address) andalso + is_double_quoted(Canditate) andalso + case_insensitive_match(Address, Canditate). + +is_double_quoted(["\"" | Tail]) -> + is_double_quote(lists:last(Tail)); +is_double_quoted("%22" ++ Tail) -> + case lists:reverse(Tail) of + [A, B, C | _] -> + is_double_quote([C, B, A]); + _ -> + false + end; + +is_double_quoted(_) -> + false. + +is_double_quote("%22") -> + true; +is_double_quote("\"") -> + true; +is_double_quote(_) -> + false. + +add_policy_constraints(ExpPolicy, MapPolicy, + #path_validation_state{cert_num = CertNum, + explicit_policy = CurExpPolicy, + policy_mapping = CurMapPolicy} = + ValidationState) -> + + NewExpPolicy = policy_constraint(CurExpPolicy, ExpPolicy, CertNum), + NewMapPolicy = policy_constraint(CurMapPolicy, MapPolicy, CertNum), + + ValidationState#path_validation_state{explicit_policy = NewExpPolicy, + policy_mapping = NewMapPolicy}. + +policy_constraint(Current, asn1_NOVALUE, _) -> + Current; +policy_constraint(Current, New, CertNum) -> + min(Current, New + CertNum). + +process_policy_tree(_,_, ?NULL) -> + ?NULL; +process_policy_tree(_Id, _Qualifier, Tree) -> + %% TODO real imp. + Tree. + +policy_indicator(_, true) -> + 0; +policy_indicator(N, false) -> + N + 1. + +is_fixed_dh_cert(PublicKeyInfo, Extensions) -> + AlgInfo = PublicKeyInfo#'OTPSubjectPublicKeyInfo'.algorithm, + Algorithm = AlgInfo#'PublicKeyAlgorithm'.algorithm, + + case select_extension(?'id-ce-keyUsage', Extensions) of + undefined -> + is_dh(Algorithm); + #'Extension'{extnValue=KeyUse} -> + is_dh(Algorithm) andalso is_valid_key_usage(KeyUse, keyAgreement) + end. + +is_dh(?'dhpublicnumber')-> + true; +is_dh(_) -> + false. diff --git a/lib/public_key/src/pubkey_cert_records.erl b/lib/public_key/src/pubkey_cert_records.erl new file mode 100644 index 0000000000..36b7c47a9c --- /dev/null +++ b/lib/public_key/src/pubkey_cert_records.erl @@ -0,0 +1,538 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2009. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% + +-module(pubkey_cert_records). + +-include("public_key.hrl"). + +-export([decode_cert/2, encode_cert/1, encode_tbs_cert/1]). + +-export([old_decode_cert/2, old_encode_cert/1]). %% Debugging and testing new code. + +%%==================================================================== +%% Internal application API +%%==================================================================== + +decode_cert(DerCert, plain) -> + 'OTP-PUB-KEY':decode('Certificate', DerCert); +decode_cert(DerCert, otp) -> + {ok, Cert} = 'OTP-PUB-KEY':decode('OTPCertificate', DerCert), + {ok, decode_all_otp(Cert)}. + +old_decode_cert(DerCert, otp) -> + {ok, Cert} = 'OTP-PUB-KEY':decode('Certificate', DerCert), + {ok, plain_to_otp(Cert)}. + +old_encode_cert(Cert) -> + PlainCert = otp_to_plain(Cert), + {ok, EncCert} = 'OTP-PUB-KEY':encode('Certificate', PlainCert), + list_to_binary(EncCert). + + +encode_cert(Cert = #'Certificate'{}) -> + {ok, EncCert} = 'OTP-PUB-KEY':encode('Certificate', Cert), + list_to_binary(EncCert); +encode_cert(C = #'OTPCertificate'{tbsCertificate = TBS = + #'OTPTBSCertificate'{ + issuer=Issuer0, + subject=Subject0, + subjectPublicKeyInfo=Spki0, + extensions=Exts0} + }) -> + Issuer = transform(Issuer0,encode), + Subject = transform(Subject0,encode), + Spki = encode_supportedPublicKey(Spki0), + Exts = encode_extensions(Exts0), + %% io:format("Extensions ~p~n",[Exts]), + Cert = C#'OTPCertificate'{tbsCertificate= + TBS#'OTPTBSCertificate'{ + issuer=Issuer, subject=Subject, + subjectPublicKeyInfo=Spki, + extensions=Exts}}, + {ok, EncCert} = 'OTP-PUB-KEY':encode('OTPCertificate', Cert), + list_to_binary(EncCert). + +encode_tbs_cert(TBS = #'OTPTBSCertificate'{ + issuer=Issuer0, + subject=Subject0, + subjectPublicKeyInfo=Spki0, + extensions=Exts0}) -> + Issuer = transform(Issuer0,encode), + Subject = transform(Subject0,encode), + Spki = encode_supportedPublicKey(Spki0), + Exts = encode_extensions(Exts0), + TBSCert = TBS#'OTPTBSCertificate'{issuer=Issuer,subject=Subject, + subjectPublicKeyInfo=Spki,extensions=Exts}, + {ok, EncTBSCert} = 'OTP-PUB-KEY':encode('OTPTBSCertificate', TBSCert), + list_to_binary(EncTBSCert). + +%%-------------------------------------------------------------------- +%%% Internal functions +%%-------------------------------------------------------------------- + +decode_all_otp(C = #'OTPCertificate'{tbsCertificate = TBS = + #'OTPTBSCertificate'{ + issuer=Issuer0, + subject=Subject0, + subjectPublicKeyInfo=Spki0, + extensions=Exts0} + }) -> + Issuer = transform(Issuer0,decode), + Subject = transform(Subject0,decode), + Spki = decode_supportedPublicKey(Spki0), + Exts = decode_extensions(Exts0), + %% io:format("Extensions ~p~n",[Exts]), + C#'OTPCertificate'{tbsCertificate= + TBS#'OTPTBSCertificate'{ + issuer=Issuer, subject=Subject, + subjectPublicKeyInfo=Spki,extensions=Exts}}. + + +%%% SubjectPublicKey +supportedPublicKeyAlgorithms(?'rsaEncryption') -> 'RSAPublicKey'; +supportedPublicKeyAlgorithms(?'id-dsa') -> 'DSAPublicKey'; +supportedPublicKeyAlgorithms(?'dhpublicnumber') -> 'DHPublicKey'; +supportedPublicKeyAlgorithms(?'id-keyExchangeAlgorithm') -> 'KEA-PublicKey'; +supportedPublicKeyAlgorithms(?'id-ecPublicKey') -> 'ECPoint'. + +decode_supportedPublicKey(#'OTPSubjectPublicKeyInfo'{algorithm= PA = + #'PublicKeyAlgorithm'{algorithm=Algo}, + subjectPublicKey = {0,SPK0}}) -> + Type = supportedPublicKeyAlgorithms(Algo), + {ok, SPK} = 'OTP-PUB-KEY':decode(Type, SPK0), + #'OTPSubjectPublicKeyInfo'{subjectPublicKey = SPK, algorithm=PA}. + +encode_supportedPublicKey(#'OTPSubjectPublicKeyInfo'{algorithm= PA = + #'PublicKeyAlgorithm'{algorithm=Algo}, + subjectPublicKey = SPK0}) -> + Type = supportedPublicKeyAlgorithms(Algo), + {ok, SPK} = 'OTP-PUB-KEY':encode(Type, SPK0), + #'OTPSubjectPublicKeyInfo'{subjectPublicKey = {0,list_to_binary(SPK)}, algorithm=PA}. + +%%% Extensions + +extension_id(?'id-ce-authorityKeyIdentifier') -> 'AuthorityKeyIdentifier'; +extension_id(?'id-ce-subjectKeyIdentifier') -> 'SubjectKeyIdentifier'; +extension_id(?'id-ce-keyUsage') -> 'KeyUsage'; +extension_id(?'id-ce-privateKeyUsagePeriod') -> 'PrivateKeyUsagePeriod'; +extension_id(?'id-ce-certificatePolicies') -> 'CertificatePolicies'; +extension_id(?'id-ce-policyMappings') -> 'PolicyMappings'; +extension_id(?'id-ce-subjectAltName') -> 'SubjectAltName'; +extension_id(?'id-ce-issuerAltName') -> 'IssuerAltName'; +extension_id(?'id-ce-subjectDirectoryAttributes') -> 'SubjectDirectoryAttributes'; +extension_id(?'id-ce-basicConstraints' ) -> 'BasicConstraints'; +extension_id(?'id-ce-nameConstraints') -> 'NameConstraints'; +extension_id(?'id-ce-policyConstraints') -> 'PolicyConstraints'; +extension_id(?'id-ce-cRLDistributionPoints') -> 'CRLDistributionPoints'; +extension_id(?'id-ce-extKeyUsage') -> 'ExtKeyUsageSyntax'; +extension_id(?'id-ce-inhibitAnyPolicy') -> 'InhibitAnyPolicy'; +extension_id(?'id-ce-freshestCRL') -> 'FreshestCRL'; +%% Missing in public_key doc +extension_id(?'id-pe-authorityInfoAccess') -> 'AuthorityInfoAccessSyntax'; +extension_id(?'id-pe-subjectInfoAccess') -> 'SubjectInfoAccessSyntax'; +extension_id(?'id-ce-cRLNumber') -> 'CRLNumber'; +extension_id(?'id-ce-issuingDistributionPoint') -> 'IssuingDistributionPoint'; +extension_id(?'id-ce-deltaCRLIndicator') -> 'BaseCRLNumber'; +extension_id(?'id-ce-cRLReasons') -> 'CRLReason'; +extension_id(?'id-ce-certificateIssuer') -> 'CertificateIssuer'; +extension_id(?'id-ce-holdInstructionCode') -> 'HoldInstructionCode'; +extension_id(?'id-ce-invalidityDate') -> 'InvalidityDate'; +extension_id(_) -> + undefined. + + +decode_extensions(asn1_NOVALUE) -> + asn1_NOVALUE; + +decode_extensions(Exts) -> + lists:map(fun(Ext = #'Extension'{extnID=Id, extnValue=Value0}) -> + case extension_id(Id) of + undefined -> Ext; + Type -> + {ok, Value} = 'OTP-PUB-KEY':decode(Type, list_to_binary(Value0)), + Ext#'Extension'{extnValue=transform(Value,decode)} + end + end, Exts). + +encode_extensions(asn1_NOVALUE) -> + asn1_NOVALUE; + +encode_extensions(Exts) -> + lists:map(fun(Ext = #'Extension'{extnID=Id, extnValue=Value0}) -> + case extension_id(Id) of + undefined -> Ext; + Type -> + Value1 = transform(Value0,encode), + {ok, Value} = 'OTP-PUB-KEY':encode(Type, Value1), + Ext#'Extension'{extnValue=list_to_binary(Value)} + end + end, Exts). + +transform(#'AttributeTypeAndValue'{type=Id,value=Value0} = ATAV, Func) -> + {ok, Value} = + case attribute_type(Id) of + Type when is_atom(Type) -> 'OTP-PUB-KEY':Func(Type, Value0); + _UnknownType -> {ok, Value0} + end, + ATAV#'AttributeTypeAndValue'{value=Value}; +transform(AKI = #'AuthorityKeyIdentifier'{authorityCertIssuer=ACI},Func) -> + AKI#'AuthorityKeyIdentifier'{authorityCertIssuer=transform(ACI,Func)}; +transform(List = [{directoryName, _}],Func) -> + [{directoryName, transform(Value,Func)} || {directoryName, Value} <- List]; +transform({directoryName, Value},Func) -> + {directoryName, transform(Value,Func)}; +transform({rdnSequence, SeqList},Func) when is_list(SeqList) -> + {rdnSequence, + lists:map(fun(Seq) -> + lists:map(fun(Element) -> transform(Element,Func) end, Seq) + end, SeqList)}; +%% transform(List = [{rdnSequence, _}|_],Func) -> +%% lists:map(fun(Element) -> transform(Element,Func) end, List); +transform(#'NameConstraints'{permittedSubtrees=Permitted, excludedSubtrees=Excluded}, Func) -> + Res = #'NameConstraints'{permittedSubtrees=transform_sub_tree(Permitted,Func), + excludedSubtrees=transform_sub_tree(Excluded,Func)}, +%% io:format("~p~n",[Res]), + Res; +transform(Other,_) -> + Other. +transform_sub_tree(asn1_NOVALUE,_) -> asn1_NOVALUE; +transform_sub_tree(TreeList,Func) -> + [Tree#'GeneralSubtree'{base=transform(Name,Func)} || + Tree = #'GeneralSubtree'{base=Name} <- TreeList]. + +attribute_type(?'id-at-name') -> 'X520name'; +attribute_type(?'id-at-surname') -> 'X520name'; +attribute_type(?'id-at-givenName') -> 'X520name'; +attribute_type(?'id-at-initials') -> 'X520name'; +attribute_type(?'id-at-generationQualifier') -> 'X520name'; +attribute_type(?'id-at-commonName') -> 'X520CommonName'; +attribute_type(?'id-at-localityName') -> 'X520LocalityName'; +attribute_type(?'id-at-stateOrProvinceName') -> 'X520StateOrProvinceName'; +attribute_type(?'id-at-organizationName') -> 'X520OrganizationName'; +attribute_type(?'id-at-organizationalUnitName') -> 'X520OrganizationalUnitName'; +attribute_type(?'id-at-title') -> 'X520Title'; +attribute_type(?'id-at-dnQualifier') -> 'X520dnQualifier'; +attribute_type(?'id-at-countryName') -> 'X520countryName'; +attribute_type(?'id-at-serialNumber') -> 'X520SerialNumber'; +attribute_type(?'id-at-pseudonym') -> 'X520Pseudonym'; +attribute_type(?'id-domainComponent') -> 'DomainComponent'; +attribute_type(?'id-emailAddress') -> 'EmailAddress'; +attribute_type(Type) -> Type. + +%%% Old code transforms + +plain_to_otp(#'Certificate'{tbsCertificate = TBSCert, + signatureAlgorithm = SigAlg, + signature = Signature} = Cert) -> + Cert#'Certificate'{tbsCertificate = plain_to_otp(TBSCert), + signatureAlgorithm = plain_to_otp(SigAlg), + signature = plain_to_otp(Signature)}; + +plain_to_otp(#'TBSCertificate'{signature = Signature, + issuer = Issuer, + subject = Subject, + subjectPublicKeyInfo = SPubKeyInfo, + extensions = Extensions} = TBSCert) -> + + TBSCert#'TBSCertificate'{signature = plain_to_otp(Signature), + issuer = plain_to_otp(Issuer), + subject = + plain_to_otp(Subject), + subjectPublicKeyInfo = + plain_to_otp(SPubKeyInfo), + extensions = + plain_to_otp_extensions(Extensions) + }; + +plain_to_otp(#'AlgorithmIdentifier'{algorithm = Algorithm, + parameters = Params}) -> + SignAlgAny = + #'SignatureAlgorithm-Any'{algorithm = Algorithm, + parameters = Params}, + {ok, AnyEnc} = 'OTP-PUB-KEY':encode('SignatureAlgorithm-Any', + SignAlgAny), + {ok, SignAlg} = 'OTP-PUB-KEY':decode('SignatureAlgorithm', + list_to_binary(AnyEnc)), + SignAlg; + +plain_to_otp({rdnSequence, SeqList}) when is_list(SeqList) -> + {rdnSequence, + lists:map(fun(Seq) -> + lists:map(fun(Element) -> + plain_to_otp(Element) + end, + Seq) + end, SeqList)}; + +plain_to_otp(#'AttributeTypeAndValue'{} = ATAV) -> + {ok, ATAVEnc} = + 'OTP-PUB-KEY':encode('AttributeTypeAndValue', ATAV), + {ok, ATAVDec} = 'OTP-PUB-KEY':decode('OTPAttributeTypeAndValue', + list_to_binary(ATAVEnc)), + #'AttributeTypeAndValue'{type = ATAVDec#'OTPAttributeTypeAndValue'.type, + value = + ATAVDec#'OTPAttributeTypeAndValue'.value}; + +plain_to_otp(#'SubjectPublicKeyInfo'{algorithm = + #'AlgorithmIdentifier'{algorithm + = Algo, + parameters = + Params}, + subjectPublicKey = PublicKey}) -> + + AnyAlgo = #'PublicKeyAlgorithm'{algorithm = Algo, + parameters = Params}, + {0, AnyKey} = PublicKey, + AnyDec = #'OTPSubjectPublicKeyInfo-Any'{algorithm = AnyAlgo, + subjectPublicKey = AnyKey}, + {ok, AnyEnc} = + 'OTP-PUB-KEY':encode('OTPSubjectPublicKeyInfo-Any', AnyDec), + {ok, InfoDec} = 'OTP-PUB-KEY':decode('OTPOLDSubjectPublicKeyInfo', + list_to_binary(AnyEnc)), + + AlgorithmDec = InfoDec#'OTPOLDSubjectPublicKeyInfo'.algorithm, + AlgoDec = AlgorithmDec#'OTPOLDSubjectPublicKeyInfo_algorithm'.algo, + NewParams = AlgorithmDec#'OTPOLDSubjectPublicKeyInfo_algorithm'.parameters, + PublicKeyDec = InfoDec#'OTPOLDSubjectPublicKeyInfo'.subjectPublicKey, + NewAlgorithmDec = + #'SubjectPublicKeyInfoAlgorithm'{algorithm = AlgoDec, + parameters = NewParams}, + #'SubjectPublicKeyInfo'{algorithm = NewAlgorithmDec, + subjectPublicKey = PublicKeyDec + }; + +plain_to_otp(#'Extension'{extnID = ExtID, + critical = Critical, + extnValue = Value}) + when ExtID == ?'id-ce-authorityKeyIdentifier'; + ExtID == ?'id-ce-subjectKeyIdentifier'; + ExtID == ?'id-ce-keyUsage'; + ExtID == ?'id-ce-privateKeyUsagePeriod'; + ExtID == ?'id-ce-certificatePolicies'; + ExtID == ?'id-ce-policyMappings'; + ExtID == ?'id-ce-subjectAltName'; + ExtID == ?'id-ce-issuerAltName'; + ExtID == ?'id-ce-subjectDirectoryAttributes'; + ExtID == ?'id-ce-basicConstraints'; + ExtID == ?'id-ce-nameConstraints'; + ExtID == ?'id-ce-policyConstraints'; + ExtID == ?'id-ce-extKeyUsage'; + ExtID == ?'id-ce-cRLDistributionPoints'; + ExtID == ?'id-ce-inhibitAnyPolicy'; + ExtID == ?'id-ce-freshestCRL' -> + ExtAny = #'Extension-Any'{extnID = ExtID, + critical = Critical, + extnValue = Value}, + {ok, AnyEnc} = 'OTP-PUB-KEY':encode('Extension-Any', ExtAny), + {ok, ExtDec} = 'OTP-PUB-KEY':decode('OTPExtension', + list_to_binary(AnyEnc)), + + ExtValue = plain_to_otp_extension_value(ExtID, + ExtDec#'OTPExtension'.extnValue), + #'Extension'{extnID = ExtID, + critical = ExtDec#'OTPExtension'.critical, + extnValue = ExtValue}; + +plain_to_otp(#'Extension'{} = Ext) -> + Ext; + +plain_to_otp(#'AuthorityKeyIdentifier'{} = Ext) -> + CertIssuer = Ext#'AuthorityKeyIdentifier'.authorityCertIssuer, + Ext#'AuthorityKeyIdentifier'{authorityCertIssuer = + plain_to_otp(CertIssuer)}; + + +plain_to_otp([{directoryName, Value}]) -> + [{directoryName, plain_to_otp(Value)}]; + +plain_to_otp(Value) -> + Value. + +otp_to_plain(#'Certificate'{tbsCertificate = TBSCert, + signatureAlgorithm = SigAlg, + signature = Signature} = Cert) -> + Cert#'Certificate'{tbsCertificate = otp_to_plain(TBSCert), + signatureAlgorithm = + otp_to_plain(SigAlg), + signature = otp_to_plain(Signature)}; + +otp_to_plain(#'TBSCertificate'{signature = Signature, + issuer = Issuer, + subject = Subject, + subjectPublicKeyInfo = SPubKeyInfo, + extensions = Extensions} = TBSCert) -> + + TBSCert#'TBSCertificate'{signature = otp_to_plain(Signature), + issuer = otp_to_plain(Issuer), + subject = + otp_to_plain(Subject), + subjectPublicKeyInfo = + otp_to_plain(SPubKeyInfo), + extensions = otp_to_plain_extensions(Extensions) + }; + +otp_to_plain(#'SignatureAlgorithm'{} = SignAlg) -> + {ok, EncSignAlg} = 'OTP-PUB-KEY':encode('SignatureAlgorithm', SignAlg), + {ok, #'SignatureAlgorithm-Any'{algorithm = Algorithm, + parameters = Params}} = + 'OTP-PUB-KEY':decode('SignatureAlgorithm-Any', + list_to_binary(EncSignAlg)), + #'AlgorithmIdentifier'{algorithm = Algorithm, + parameters = Params}; + +otp_to_plain({rdnSequence, SeqList}) when is_list(SeqList) -> + {rdnSequence, + lists:map(fun(Seq) -> + lists:map(fun(Element) -> + otp_to_plain(Element) + end, + Seq) + end, SeqList)}; + +otp_to_plain(#'AttributeTypeAndValue'{type = Type, value = Value}) -> + {ok, ATAVEnc} = + 'OTP-PUB-KEY':encode('OTPAttributeTypeAndValue', + #'OTPAttributeTypeAndValue'{type = Type, + value = Value}), + {ok, ATAVDec} = 'OTP-PUB-KEY':decode('AttributeTypeAndValue', + list_to_binary(ATAVEnc)), + ATAVDec; + +otp_to_plain(#'SubjectPublicKeyInfo'{algorithm = + #'SubjectPublicKeyInfoAlgorithm'{ + algorithm = Algo, + parameters = + Params}, + subjectPublicKey = PublicKey}) -> + + OtpAlgo = #'OTPOLDSubjectPublicKeyInfo_algorithm'{algo = Algo, + parameters = Params}, + OtpDec = #'OTPOLDSubjectPublicKeyInfo'{algorithm = OtpAlgo, + subjectPublicKey = PublicKey}, + {ok, OtpEnc} = + 'OTP-PUB-KEY':encode('OTPOLDSubjectPublicKeyInfo', OtpDec), + + {ok, AnyDec} = 'OTP-PUB-KEY':decode('OTPSubjectPublicKeyInfo-Any', + list_to_binary(OtpEnc)), + + #'OTPSubjectPublicKeyInfo-Any'{algorithm = #'PublicKeyAlgorithm'{ + algorithm = NewAlgo, + parameters = NewParams}, + subjectPublicKey = Bin} = AnyDec, + + #'SubjectPublicKeyInfo'{algorithm = + #'AlgorithmIdentifier'{ + algorithm = NewAlgo, + parameters = plain_key_params(NewParams)}, + subjectPublicKey = + {0, Bin} + }; + +otp_to_plain(#'Extension'{extnID = ExtID, + extnValue = Value} = Ext) -> + ExtValue = + otp_to_plain_extension_value(ExtID, Value), + + Ext#'Extension'{extnValue = ExtValue}; + +otp_to_plain(#'AuthorityKeyIdentifier'{} = Ext) -> + CertIssuer = Ext#'AuthorityKeyIdentifier'.authorityCertIssuer, + Ext#'AuthorityKeyIdentifier'{authorityCertIssuer = + otp_to_plain(CertIssuer)}; + +otp_to_plain([{directoryName, Value}]) -> + [{directoryName, otp_to_plain(Value)}]; + +otp_to_plain(Value) -> + Value. + +plain_key_params('NULL') -> + <<5,0>>; +plain_key_params(Value) -> + Value. + +plain_to_otp_extension_value(?'id-ce-authorityKeyIdentifier', Value) -> + plain_to_otp(Value); +plain_to_otp_extension_value(_, Value) -> + Value. + +plain_to_otp_extensions(Exts) when is_list(Exts) -> + lists:map(fun(Ext) -> plain_to_otp(Ext) end, Exts). + +otp_to_plain_extension_value(?'id-ce-authorityKeyIdentifier', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('AuthorityKeyIdentifier', + otp_to_plain(Value)), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-subjectKeyIdentifier', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('SubjectKeyIdentifier', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-keyUsage', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('KeyUsage', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-privateKeyUsagePeriod', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('PrivateKeyUsagePeriod', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-certificatePolicies', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('CertificatePolicies', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-policyMappings', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('PolicyMappings', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-subjectAltName', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('SubjectAltName', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-issuerAltName', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('IssuerAltName', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-subjectDirectoryAttributes', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('SubjectDirectoryAttributes', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-basicConstraints', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('BasicConstraints', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-nameConstraints', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('NameConstraints', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-policyConstraints', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('PolicyConstraints', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-extKeyUsage', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('ExtKeyUsage', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-cRLDistributionPoints', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('CRLDistributionPoints', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-inhibitAnyPolicy', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('InhibitAnyPolicy', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(?'id-ce-freshestCRL', Value) -> + {ok, Enc} = 'OTP-PUB-KEY':encode('FreshestCRL', Value), + otp_to_plain_extension_value_format(Enc); +otp_to_plain_extension_value(_Id, Value) -> + Value. + +otp_to_plain_extension_value_format(Value) -> + list_to_binary(Value). + +otp_to_plain_extensions(Exts) when is_list(Exts) -> + lists:map(fun(Ext) -> + otp_to_plain(Ext) + end, Exts). diff --git a/lib/public_key/src/pubkey_crypto.erl b/lib/public_key/src/pubkey_crypto.erl new file mode 100644 index 0000000000..fe4e97fcc5 --- /dev/null +++ b/lib/public_key/src/pubkey_crypto.erl @@ -0,0 +1,137 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2009. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% +%% Description: Functions that call the crypto driver. + +-module(pubkey_crypto). + +-include("public_key.hrl"). + +-export([encrypt_public/3, decrypt_private/3, + encrypt_private/3, decrypt_public/3, + sign/2, sign/3, verify/5]). + +-define(UINT32(X), X:32/unsigned-big-integer). + +%%==================================================================== +%% Internal application API +%%==================================================================== + +%%-------------------------------------------------------------------- +%% Function: encrypt(PlainText, Key, Padding) -> Encrypted +%% +%% PlainText = binary() +%% Key = rsa_public_key() | rsa_private_key() +%% Padding = rsa_pkcs1_padding | rsa_pkcs1_oaep_padding +%% Encrypted = binary() +%% +%% Description: Public key encrypts PlainText. +%%-------------------------------------------------------------------- +encrypt_public(PlainText, #'RSAPublicKey'{modulus=N,publicExponent=E},Padding) -> + crypto:rsa_public_encrypt(PlainText, [crypto:mpint(E),crypto:mpint(N)],Padding); +encrypt_public(PlainText, #'RSAPrivateKey'{modulus=N,publicExponent=E},Padding) -> + crypto:rsa_public_encrypt(PlainText, [crypto:mpint(E),crypto:mpint(N)],Padding). + +encrypt_private(PlainText, #'RSAPrivateKey'{modulus = N, + publicExponent = E, + privateExponent = D}, Padding) -> + crypto:rsa_private_encrypt(PlainText, [crypto:mpint(E), + crypto:mpint(N), + crypto:mpint(D)], Padding). + +%%-------------------------------------------------------------------- +%% Function: decrypt(CipherText, Key) -> PlainText +%% +%% ChipherText = binary() +%% Key = rsa_private_key() +%% Padding = rsa_pkcs1_padding | rsa_pkcs1_oaep_padding +%% PlainText = binary() +%% +%% Description: Uses private key to decrypt public key encrypted data. +%%-------------------------------------------------------------------- +decrypt_private(CipherText, + #'RSAPrivateKey'{modulus = N,publicExponent = E,privateExponent = D}, + Padding) -> + crypto:rsa_private_decrypt(CipherText, + [crypto:mpint(E), crypto:mpint(N),crypto:mpint(D)], + Padding). +decrypt_public(CipherText, #'RSAPublicKey'{modulus = N, publicExponent = E}, Padding) -> + crypto:rsa_public_decrypt(CipherText,[crypto:mpint(E), crypto:mpint(N)], Padding); +decrypt_public(CipherText, #'RSAPrivateKey'{modulus = N, publicExponent = E}, Padding) -> + crypto:rsa_public_decrypt(CipherText,[crypto:mpint(E), crypto:mpint(N)], Padding). + +%%-------------------------------------------------------------------- +%% Function: sign(PlainText, Key) -> +%% sign(DigestType, PlainText, Key) -> Signature +%% +%% DigestType = sha | md5 +%% PlainText = binary() +%% Key = rsa_private_key() | dsa_private_key() +%% Signature = binary() +%% +%% Description: Signs PlainText using Key. +%%-------------------------------------------------------------------- +sign(PlainText, Digest) -> + sign(sha, PlainText, Digest). + +sign(DigestType, PlainText, #'RSAPrivateKey'{modulus = N, publicExponent = E, + privateExponent = D}) -> + crypto:rsa_sign(DigestType, sized_binary(PlainText), [crypto:mpint(E), + crypto:mpint(N), + crypto:mpint(D)]); + +sign(sha, PlainText, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) -> + crypto:dss_sign(sized_binary(PlainText), + [crypto:mpint(P), crypto:mpint(Q), + crypto:mpint(G), crypto:mpint(X)]). + +%%-------------------------------------------------------------------- +%% Function: verify(DigestType, PlainText, Signature, Key) -> true | false +%% +%% DigestType = sha | md5 +%% PlainText = binary() +%% Signature = binary() +%% Key = rsa_public_key() | dsa_public_key() +%% +%% Description: Verifies the signature <Signature>. +%%-------------------------------------------------------------------- +verify(DigestType, PlainText, Signature, + #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}, _) -> + crypto:rsa_verify(DigestType, + sized_binary(PlainText), + sized_binary(Signature), + [crypto:mpint(Exp), crypto:mpint(Mod)]); + +verify(sha, PlainText, Signature, Key, #'Dss-Parms'{p = P, q = Q, g = G}) -> + crypto:dss_verify(sized_binary(PlainText), + sized_binary(Signature), + [crypto:mpint(P), crypto:mpint(Q), + crypto:mpint(G), crypto:mpint(Key)]). + +%%-------------------------------------------------------------------- +%%% Internal functions +%%-------------------------------------------------------------------- + +sized_binary(Binary) when is_binary(Binary) -> + Size = size(Binary), + <<?UINT32(Size), Binary/binary>>; +sized_binary(List) -> + sized_binary(list_to_binary(List)). + diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl new file mode 100644 index 0000000000..abd46fa00e --- /dev/null +++ b/lib/public_key/src/pubkey_pem.erl @@ -0,0 +1,192 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2009. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% + +%%% Description: Reading and writing of PEM type encoded files. +%% PEM encoded files have the following structure: +%% +%% <text> +%% -----BEGIN SOMETHING-----<CR><LF> +%% <Base64 encoding line><CR><LF> +%% <Base64 encoding line><CR><LF> +%% ... +%% -----END SOMETHING-----<CR><LF> +%% <text> +%% +%% A file can contain several BEGIN/END blocks. Text lines between +%% blocks are ignored. +%% +%% The encoding is divided into lines separated by <NL>, and each line +%% is precisely 64 characters long (excluding the <NL> characters, +%% except the last line which 64 characters long or shorter. <NL> may +%% follow the last line. + +-module(pubkey_pem). + +-export([read_file/1, read_file/2, write_file/2, decode/2]). +-export([decode_key/2]). + +-define(ENCODED_LINE_LENGTH, 64). + +%%==================================================================== +%% Internal application API +%%==================================================================== +read_file(File) -> + read_file(File, no_passwd). + +read_file(File, Passwd) -> + {ok, Bin} = file:read_file(File), + decode(Bin, Passwd). + +write_file(File, Ds) -> + file:write_file(File, encode_file(Ds)). + +decode_key({_Type, Bin, not_encrypted}, _) -> + Bin; +decode_key({_Type, Bin, {Chipher,Salt}}, Password) -> + decode_key(Bin, Password, Chipher, Salt). + +decode(Bin, Passwd) -> + decode_file(split_bin(Bin), Passwd). + +%%-------------------------------------------------------------------- +%%% Internal functions +%%-------------------------------------------------------------------- + +split_bin(Bin) -> + split_bin(0, Bin). + +split_bin(N, Bin) -> + case Bin of + <<Line:N/binary, "\r\n", Rest/binary>> -> + [Line | split_bin(0, Rest)]; + <<Line:N/binary, "\n", Rest/binary>> -> + [Line | split_bin(0, Rest)]; + <<Line:N/binary>> -> + [Line]; + _ -> + split_bin(N+1, Bin) + end. + +decode_file(Bin, Passwd) -> + decode_file(Bin, [], [Passwd]). + +decode_file([<<"-----BEGIN CERTIFICATE REQUEST-----", _/binary>>|Rest], Ens, Info) -> + decode_file2(Rest, [], Ens, cert_req, Info); +decode_file([<<"-----BEGIN CERTIFICATE-----", _/binary>>|Rest], Ens, Info) -> + decode_file2(Rest, [], Ens, cert, Info); +decode_file([<<"-----BEGIN RSA PRIVATE KEY-----", _/binary>>|Rest], Ens, Info) -> + decode_file2(Rest, [], Ens, rsa_private_key, Info); +decode_file([<<"-----BEGIN DSA PRIVATE KEY-----", _/binary>>|Rest], Ens, Info) -> + decode_file2(Rest, [], Ens, dsa_private_key, Info); +decode_file([<<"-----BEGIN DH PARAMETERS-----", _/binary>>|Rest], Ens, Info) -> + decode_file2(Rest, [], Ens, dh_params, Info); +decode_file([_|Rest], Ens, Info) -> + decode_file(Rest, Ens, Info); +decode_file([], Ens, _Info) -> + {ok, lists:reverse(Ens)}. + +decode_file2([<<"Proc-Type: 4,ENCRYPTED", _/binary>>| Rest0], RLs, Ens, Tag, Info0) -> + [InfoLine|Rest] = Rest0, + Info = dek_info(InfoLine, Info0), + decode_file2(Rest, RLs, Ens, Tag, Info); +decode_file2([<<"-----END", _/binary>>| Rest], RLs, Ens, Tag, Info0) -> + Cs = erlang:iolist_to_binary(lists:reverse(RLs)), + Bin = base64:mime_decode(Cs), + case Info0 of + [Password, Cipher, SaltHex | Info1] -> + Salt = unhex(SaltHex), + Enc = {Cipher, Salt}, + Decoded = decode_key(Bin, Password, Cipher, Salt), + decode_file(Rest, [{Tag, Decoded, Enc}| Ens], Info1); + _ -> + decode_file(Rest, [{Tag, Bin, not_encrypted}| Ens], Info0) + end; +decode_file2([L|Rest], RLs, Ens, Tag, Info0) -> + decode_file2(Rest, [L|RLs], Ens, Tag, Info0); +decode_file2([], _, Ens, _, _) -> + {ok, lists:reverse(Ens)}. + +%% TODO Support same as decode_file +encode_file(Ds) -> + lists:map( + fun({cert, Bin}) -> + %% PKIX (X.509) + ["-----BEGIN CERTIFICATE-----\n", + b64encode_and_split(Bin), + "-----END CERTIFICATE-----\n\n"]; + ({cert_req, Bin}) -> + %% PKCS#10 + ["-----BEGIN CERTIFICATE REQUEST-----\n", + b64encode_and_split(Bin), + "-----END CERTIFICATE REQUEST-----\n\n"]; + ({rsa_private_key, Bin}) -> + %% PKCS#? + ["XXX Following key assumed not encrypted\n", + "-----BEGIN RSA PRIVATE KEY-----\n", + b64encode_and_split(Bin), + "-----END RSA PRIVATE KEY-----\n\n"] + end, Ds). + +dek_info(Line0, Info) -> + Line = binary_to_list(Line0), + [_, DekInfo0] = string:tokens(Line, ": "), + DekInfo1 = string:tokens(DekInfo0, ",\n"), + Info ++ DekInfo1. + +unhex(S) -> + unhex(S, []). + +unhex("", Acc) -> + lists:reverse(Acc); +unhex([D1, D2 | Rest], Acc) -> + unhex(Rest, [erlang:list_to_integer([D1, D2], 16) | Acc]). + +decode_key(Data, no_passwd, _Alg, _Salt) -> + Data; +decode_key(Data, Password, "DES-CBC", Salt) -> + Key = password_to_key(Password, Salt, 8), + IV = Salt, + crypto:des_cbc_decrypt(Key, IV, Data); +decode_key(Data, Password, "DES-EDE3-CBC", Salt) -> + Key = password_to_key(Password, Salt, 24), + IV = Salt, + <<Key1:8/binary, Key2:8/binary, Key3:8/binary>> = Key, + crypto:des_ede3_cbc_decrypt(Key1, Key2, Key3, IV, Data). + +password_to_key(Data, Salt, KeyLen) -> + <<Key:KeyLen/binary, _/binary>> = + password_to_key(<<>>, Data, Salt, KeyLen, <<>>), + Key. + +password_to_key(_, _, _, Len, Acc) when Len =< 0 -> + Acc; +password_to_key(Prev, Data, Salt, Len, Acc) -> + M = crypto:md5([Prev, Data, Salt]), + password_to_key(M, Data, Salt, Len - size(M), <<Acc/binary, M/binary>>). + +b64encode_and_split(Bin) -> + split_lines(base64:encode(Bin)). + +split_lines(<<Text:?ENCODED_LINE_LENGTH/binary, Rest/binary>>) -> + [Text, $\n | split_lines(Rest)]; +split_lines(Bin) -> + [Bin, $\n]. + diff --git a/lib/public_key/src/public_key.app.src b/lib/public_key/src/public_key.app.src new file mode 100644 index 0000000000..edede7c874 --- /dev/null +++ b/lib/public_key/src/public_key.app.src @@ -0,0 +1,16 @@ +{application, public_key, + [{description, "Public key infrastructure"}, + {vsn, "%VSN%"}, + {modules, [ + public_key, + pubkey_pem, + pubkey_crypto, + pubkey_cert, + pubkey_cert_records, + 'OTP-PUB-KEY' + ]}, + {applications, [crypto, kernel, stdlib]}, + {registered, []}, + {env, []} + ] +}.
\ No newline at end of file diff --git a/lib/public_key/src/public_key.appup.src b/lib/public_key/src/public_key.appup.src new file mode 100644 index 0000000000..8d33482f11 --- /dev/null +++ b/lib/public_key/src/public_key.appup.src @@ -0,0 +1,6 @@ +%% -*- erlang -*- +{"%VSN%", + [ + ], + [ + ]}. diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl new file mode 100644 index 0000000000..b0b0b7a832 --- /dev/null +++ b/lib/public_key/src/public_key.erl @@ -0,0 +1,411 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2009. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% + +-module(public_key). + +-include("public_key.hrl"). + +-export([decode_private_key/1, decode_private_key/2, + decrypt_private/2, decrypt_private/3, encrypt_public/2, + encrypt_public/3, decrypt_public/2, decrypt_public/3, + encrypt_private/2, encrypt_private/3, + sign/2, sign/3, + verify_signature/3, verify_signature/4, verify_signature/5, + pem_to_der/1, pem_to_der/2, + pkix_decode_cert/2, pkix_encode_cert/1, + pkix_is_self_signed/1, pkix_is_fixed_dh_cert/1, + pkix_issuer_id/2, + pkix_is_issuer/2, pkix_normalize_general_name/1, + pkix_path_validation/3 + ]). + +%%==================================================================== +%% API +%%==================================================================== + +%%-------------------------------------------------------------------- +%% Function: decode_private_key(KeyInfo [,Password]) -> +%% {ok, PrivateKey} | {error, Reason} +%% +%% KeyInfo = {Type, der_bin(), ChipherInfo} - as returned from +%% pem_to_der/[1,2] for private keys +%% Type = rsa_private_key | dsa_private_key +%% ChipherInfo = opaque() | no_encryption +%% +%% Description: Decodes an asn1 der encoded private key. +%%-------------------------------------------------------------------- +decode_private_key(KeyInfo) -> + decode_private_key(KeyInfo, no_passwd). + +decode_private_key(KeyInfo = {rsa_private_key, _, _}, Password) -> + DerEncoded = pubkey_pem:decode_key(KeyInfo, Password), + 'OTP-PUB-KEY':decode('RSAPrivateKey', DerEncoded); +decode_private_key(KeyInfo = {dsa_private_key, _, _}, Password) -> + DerEncoded = pubkey_pem:decode_key(KeyInfo, Password), + 'OTP-PUB-KEY':decode('DSAPrivateKey', DerEncoded). + +%%-------------------------------------------------------------------- +%% Function: decrypt_private(CipherText, Key) -> +%% decrypt_private(CipherText, Key, Options) -> PlainTex +%% decrypt_public(CipherText, Key) -> +%% decrypt_public(CipherText, Key, Options) -> PlainTex +%% +%% CipherText = binary() +%% Key = rsa_key() +%% PlainText = binary() +%% +%% Description: Decrypts <CipherText>. +%%-------------------------------------------------------------------- +decrypt_private(CipherText, Key) -> + decrypt_private(CipherText, Key, []). +decrypt_private(CipherText, Key, Options) -> + Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_padding), + pubkey_crypto:decrypt_private(CipherText, Key, Padding). + +decrypt_public(CipherText, Key) -> + decrypt_public(CipherText, Key, []). +decrypt_public(CipherText, Key, Options) -> + Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_padding), + pubkey_crypto:decrypt_public(CipherText, Key, Padding). + +%%-------------------------------------------------------------------- +%% Function: encrypt_public(PlainText, Key, Options) -> CipherText +%% encrypt_private(PlainText, Key, Options) -> CipherText +%% +%% PlainText = iolist() +%% Key = rsa_private_key() +%% CipherText = binary() +%% +%% Description: Encrypts <Plain> +%%-------------------------------------------------------------------- +encrypt_public(PlainText, Key) -> + encrypt_public(PlainText, Key, []). +encrypt_public(PlainText, Key, Options) -> + Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_oaep_padding), + pubkey_crypto:encrypt_public(PlainText, Key, Padding). + +encrypt_private(PlainText, Key) -> + encrypt_private(PlainText, Key, []). +encrypt_private(PlainText, Key, Options) -> + Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_oaep_padding), + pubkey_crypto:encrypt_private(PlainText, Key, Padding). + +%%-------------------------------------------------------------------- +%% Function: pem_to_der(CertSource) -> +%% pem_to_der(CertSource, Password) -> {ok, [Entry]} | +%% {error, Reason} +%% +%% CertSource = File | CertData +%% CertData = binary() +%% File = path() +%% Password = string() +%% Entry = {entry_type(), der_bin(), ChipherInfo} +%% ChipherInfo = opague() | no_encryption +%% der_bin() = binary() +%% entry_type() = cert | cert_req | rsa_private_key | dsa_private_key +%% dh_params +%% +%% Description: decode PEM binary data or a PEM file and return +%% entries as asn1 der encoded entities. Currently supported entry +%% types are certificates, certificate requests, rsa private keys and +%% dsa private keys. In the case of a key entry ChipherInfo will be +%% used by decode_private_key/2 if the key is protected by a password. +%%-------------------------------------------------------------------- +pem_to_der(CertSource) -> + pem_to_der(CertSource, no_passwd). + +pem_to_der(File, Password) when is_list(File) -> + pubkey_pem:read_file(File, Password); +pem_to_der(PemBin, Password) when is_binary(PemBin) -> + pubkey_pem:decode(PemBin, Password). + +%%-------------------------------------------------------------------- +%% Function: pkix_decode_cert(BerCert, Type) -> {ok, Cert} | {error, Reason} +%% +%% BerCert = binary() +%% Type = plain | otp +%% Cert = certificate() +%% +%% Description: Decodes an asn1 ber encoded pkix certificate. +%% otp - Uses OTP-PKIX.asn1 to decode known extensions and +%% enhance the signature field in #'Certificate'{} and '#TBSCertificate'{}. +%%-------------------------------------------------------------------- +pkix_decode_cert(BinCert, Type) -> + pubkey_cert_records:decode_cert(BinCert, Type). + +%%-------------------------------------------------------------------- +%% Function: pkix_encode_cert(Cert) -> {ok, binary()} | {error, Reason} +%% +%% Cert = #'Certificate'{} +%% +%% Description: Encodes a certificate record using asn1. +%%-------------------------------------------------------------------- +pkix_encode_cert(Cert) -> + pubkey_cert_records:encode_cert(Cert). + +%%-------------------------------------------------------------------- +%% Function: pkix_path_validation(TrustedCert, CertChain, Options) -> +%% {ok, {{algorithm(), public_key(), public_key_params()} policy_tree()}} | +%% {error, Reason} +%% +%% Description: Performs a bacis path validation according to RFC 3280. +%%-------------------------------------------------------------------- +pkix_path_validation(TrustedCert, CertChain, Options) + when is_binary(TrustedCert) -> + {ok, OtpCert} = pkix_decode_cert(TrustedCert, otp), + pkix_path_validation(OtpCert, CertChain, Options); + +pkix_path_validation(#'OTPCertificate'{} = TrustedCert, CertChain, Options) + when is_list(CertChain), is_list(Options) -> + MaxPathDefault = length(CertChain), + ValidationState = pubkey_cert:init_validation_state(TrustedCert, + MaxPathDefault, + Options), + Fun = proplists:get_value(validate_extensions_fun, Options, + fun(Extensions, State, _, AccError) -> + {Extensions, State, AccError} + end), + Verify = proplists:get_value(verify, Options, true), + path_validation(CertChain, ValidationState, Fun, Verify). +%%-------------------------------------------------------------------- +%% Function: pkix_is_fixed_dh_cert(Cert) -> true | false +%% +%% Description: Checks if a Certificate is a fixed Diffie-Hellman Cert +%%-------------------------------------------------------------------- +pkix_is_fixed_dh_cert(#'OTPCertificate'{} = OTPCert) -> + pubkey_cert:is_fixed_dh_cert(OTPCert); +pkix_is_fixed_dh_cert(Cert) when is_binary(Cert) -> + {ok, OtpCert} = pkix_decode_cert(Cert, otp), + pkix_is_fixed_dh_cert(OtpCert). + +%%-------------------------------------------------------------------- +%% Function: pkix_is_self_signed(Cert) -> true | false +%% +%% Description: Checks if a Certificate is self signed. +%%-------------------------------------------------------------------- +pkix_is_self_signed(#'OTPCertificate'{} = OTPCert) -> + pubkey_cert:is_self_signed(OTPCert); +pkix_is_self_signed(Cert) when is_binary(Cert) -> + {ok, OtpCert} = pkix_decode_cert(Cert, otp), + pkix_is_self_signed(OtpCert). + +%%-------------------------------------------------------------------- +%% Function: pkix_issuer_id(Cert) -> {ok, {SerialNr, Issuer}} | {error, Reason} +%% +%% Cert = asn1_der_encoded() | 'OTPCertificate'{} +%% +%% Description: Returns the issuer id. +%%-------------------------------------------------------------------- +pkix_issuer_id(#'OTPCertificate'{} = OtpCert, self) -> + pubkey_cert:issuer_id(OtpCert, self); + +pkix_issuer_id(#'OTPCertificate'{} = OtpCert, other) -> + pubkey_cert:issuer_id(OtpCert, other); + +pkix_issuer_id(Cert, Signed) when is_binary(Cert) -> + {ok, OtpCert} = pkix_decode_cert(Cert, otp), + pkix_issuer_id(OtpCert, Signed). + +%%-------------------------------------------------------------------- +%% Function: pkix_is_issuer(Cert, IssuerCert) -> true | false +%% +%% Cert = asn1_der_encoded() | 'OTPCertificate'{} +%% IssuerCert = asn1_der_encoded() | 'OTPCertificate'{} +%% +%% Description: Checks if <IssuerCert> issued <Cert>. +%%-------------------------------------------------------------------- +pkix_is_issuer(Cert, IssuerCert) when is_binary(Cert) -> + {ok, OtpCert} = pkix_decode_cert(Cert, otp), + pkix_is_issuer(OtpCert, IssuerCert); + +pkix_is_issuer(Cert, IssuerCert) when is_binary(IssuerCert) -> + {ok, OtpIssuerCert} = pkix_decode_cert(IssuerCert, otp), + pkix_is_issuer(Cert, OtpIssuerCert); + +pkix_is_issuer(#'OTPCertificate'{tbsCertificate = TBSCert}, + #'OTPCertificate'{tbsCertificate = Candidate}) -> + pubkey_cert:is_issuer(TBSCert#'OTPTBSCertificate'.issuer, + Candidate#'OTPTBSCertificate'.subject). + +%%-------------------------------------------------------------------- +%% Function: pkix_normalize_general_name(Issuer) -> +%% +%% Issuer = general_name() - see PKIX +%% +%% Description: Normalizes a general name so that it can be easily +%% compared to another genral name. +%%-------------------------------------------------------------------- +pkix_normalize_general_name(Issuer) -> + pubkey_cert:normalize_general_name(Issuer). + +%%-------------------------------------------------------------------- +%% Function:sign(Msg, Key) -> {ok, Signature} +%% sign(Msg, Key, KeyParams) -> {ok, Signature} +%% +%% Msg = binary() | #'TBSCertificate'{} +%% Key = private_key() +%% KeyParams = key_params() +%% Signature = binary() +%% +%% Description: Signs plaintext Msg or #TBSCertificate{}, in the later +%% case a der encoded "#Certificate{}" will be returned. +%%-------------------------------------------------------------------- +sign(Msg, #'RSAPrivateKey'{} = Key) when is_binary(Msg) -> + pubkey_crypto:sign(Msg, Key); + +sign(Msg, #'DSAPrivateKey'{} = Key) when is_binary(Msg) -> + pubkey_crypto:sign(Msg, Key); + +sign(#'OTPTBSCertificate'{signature = SigAlg} = TBSCert, Key) -> + Msg = pubkey_cert_records:encode_tbs_cert(TBSCert), + DigestType = pubkey_cert:digest_type(SigAlg), + Signature = pubkey_crypto:sign(DigestType, Msg, Key), + Cert = #'OTPCertificate'{tbsCertificate= TBSCert, + signatureAlgorithm = SigAlg, + signature = {0, Signature} + }, + pkix_encode_cert(Cert). + +sign(DigestType, Msg, Key) -> + pubkey_crypto:sign(DigestType, Msg, Key). + +%%-------------------------------------------------------------------- +%% Function: verify_signature(PlainText, DigestType, Signature, Key) -> +%% verify_signature(PlainText, DigestType, +%% Signature, Key, KeyParams) -> +%% verify_signature(DerCert, Key, KeyParams) -> +%% +%% PlainText = binary() +%% DigestType = md5 | sha +%% DerCert = asn1_der_encoded() +%% Signature = binary() +%% Key = public_key() +%% KeyParams = key_params() +%% Verified = boolean() +%% +%% Description: Verifies the signature <Signature>. +%%-------------------------------------------------------------------- +verify_signature(PlainText, DigestType, Signature, #'RSAPublicKey'{} = Key) + when is_binary(PlainText), is_binary(Signature), DigestType == sha; + DigestType == md5 -> + pubkey_crypto:verify(DigestType, PlainText, Signature, Key, undefined). + +verify_signature(PlainText, DigestType, Signature, #'RSAPublicKey'{} = Key, + KeyParams) + when is_binary(PlainText), is_binary(Signature), DigestType == sha; + DigestType == md5 -> + pubkey_crypto:verify(DigestType, PlainText, Signature, Key, KeyParams); +verify_signature(PlainText, sha, Signature, Key, #'Dss-Parms'{} = KeyParams) + when is_binary(PlainText), is_binary(Signature), is_integer(Key) -> + pubkey_crypto:verify(sha, PlainText, Signature, Key, KeyParams). + +verify_signature(DerCert, Key, #'Dss-Parms'{} = KeyParams) + when is_binary(DerCert), is_integer(Key) -> + pubkey_cert:verify_signature(DerCert, Key, KeyParams); +verify_signature(DerCert, #'RSAPublicKey'{} = Key, KeyParams) + when is_binary(DerCert) -> + pubkey_cert:verify_signature(DerCert, Key, KeyParams). + +%%-------------------------------------------------------------------- +%%% Internal functions +%%-------------------------------------------------------------------- +path_validation([], #path_validation_state{working_public_key_algorithm + = Algorithm, + working_public_key = + PublicKey, + working_public_key_parameters + = PublicKeyParams, + valid_policy_tree = Tree, + acc_errors = AccErrors + }, _, _) -> + {ok, {{Algorithm, PublicKey, PublicKeyParams}, Tree, AccErrors}}; + +path_validation([DerCert | Rest], ValidationState = #path_validation_state{ + max_path_length = Len}, + Fun, Verify) when Len >= 0 -> + try validate(DerCert, + ValidationState#path_validation_state{last_cert=Rest=:=[]}, + Fun, Verify) of + #path_validation_state{} = NewValidationState -> + path_validation(Rest, NewValidationState, Fun, Verify) + catch + throw:Reason -> + {error, Reason} + end; + +path_validation(_, _, _, true) -> + {error, {bad_cert, max_path_length_reached}}; + +path_validation(_, #path_validation_state{working_public_key_algorithm + = Algorithm, + working_public_key = + PublicKey, + working_public_key_parameters + = PublicKeyParams, + valid_policy_tree = Tree, + acc_errors = AccErrors + }, _, false) -> + {ok, {{Algorithm, PublicKey, PublicKeyParams}, Tree, + [{bad_cert, max_path_length_reached}|AccErrors]}}. + +validate(DerCert, #path_validation_state{working_issuer_name = Issuer, + working_public_key = Key, + working_public_key_parameters = + KeyParams, + permitted_subtrees = Permit, + excluded_subtrees = Exclude, + last_cert = Last, + user_state = UserState0, + acc_errors = AccErr0} = + ValidationState0, ValidateExtensionFun, Verify) -> + {ok, OtpCert} = pkix_decode_cert(DerCert, otp), + %% All validate functions will throw {bad_cert, Reason} if they + %% fail and Verify = true if Verify = false errors + %% will be accumulated in the validationstate + AccErr1 = pubkey_cert:validate_time(OtpCert, AccErr0, Verify), + + AccErr2 = pubkey_cert:validate_issuer(OtpCert, Issuer, AccErr1, Verify), + + AccErr3 = pubkey_cert:validate_names(OtpCert, Permit, Exclude, Last, + AccErr2, Verify), + AccErr4 = + pubkey_cert:validate_revoked_status(OtpCert, Verify, AccErr3), + + {ValidationState1, UnknownExtensions0, AccErr5} = + pubkey_cert:validate_extensions(OtpCert, ValidationState0, Verify, + AccErr4), + %% We want the key_usage extension to be checked before we validate + %% the signature. + AccErr6 = + pubkey_cert:validate_signature(OtpCert, DerCert, Key, KeyParams, + AccErr5, Verify), + + {UnknownExtensions, UserState, AccErr7} = + ValidateExtensionFun(UnknownExtensions0, UserState0, Verify, AccErr6), + + %% Check that all critical extensions have been handled + AccErr = + pubkey_cert:validate_unknown_extensions(UnknownExtensions, AccErr7, + Verify), + ValidationState = + ValidationState1#path_validation_state{user_state = UserState, + acc_errors = AccErr}, + pubkey_cert:prepare_for_next_cert(OtpCert, ValidationState). diff --git a/lib/public_key/test/Makefile b/lib/public_key/test/Makefile new file mode 100644 index 0000000000..2a4687677c --- /dev/null +++ b/lib/public_key/test/Makefile @@ -0,0 +1,83 @@ +# +# %CopyrightBegin% +# +# Copyright Ericsson AB 2008-2009. All Rights Reserved. +# +# The contents of this file are subject to the Erlang Public License, +# Version 1.1, (the "License"); you may not use this file except in +# compliance with the License. You should have received a copy of the +# Erlang Public License along with this software. If not, it can be +# retrieved online at http://www.erlang.org/. +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# %CopyrightEnd% +# + +include $(ERL_TOP)/make/target.mk +include $(ERL_TOP)/make/$(TARGET)/otp.mk + + +INCLUDES= -I. -I$(ERL_TOP)/lib/test_server/include/ -I ../include \ + +# ---------------------------------------------------- +# Target Specs +# ---------------------------------------------------- + +MODULES= \ + public_key_SUITE \ + pkits_SUITE + +ERL_FILES= $(MODULES:%=%.erl) + +HRL_FILES= + +TARGET_FILES= \ + $(MODULES:%=$(EBIN)/%.$(EMULATOR)) + +SPEC_FILES = public_key.spec + +# ---------------------------------------------------- +# Release directory specification +# ---------------------------------------------------- +RELSYSDIR = $(RELEASE_PATH)/public_key_test + +# ---------------------------------------------------- +# FLAGS +# ---------------------------------------------------- +ERL_COMPILE_FLAGS += $(INCLUDES) + +EBIN = . + +# ---------------------------------------------------- +# Targets +# ---------------------------------------------------- + +tests debug opt: $(TARGET_FILES) + + +clean: + rm -f $(TARGET_FILES) + rm -f core + +docs: + +# ---------------------------------------------------- +# Release Target +# ---------------------------------------------------- +include $(ERL_TOP)/make/otp_release_targets.mk + +release_spec: opt + +release_tests_spec: opt + $(INSTALL_DIR) $(RELSYSDIR) + $(INSTALL_DATA) $(SPEC_FILES) $(ERL_FILES) $(HRL_FILES)$(RELSYSDIR) + $(INSTALL_DATA) $(TARGET_FILES) $(RELSYSDIR) + chmod -f -R u+w $(RELSYSDIR) + @tar cf - *_SUITE_data | (cd $(RELSYSDIR); tar xf -) +release_docs_spec: + + diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl new file mode 100644 index 0000000000..5d58b39e26 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE.erl @@ -0,0 +1,604 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2009. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + + +%% Se specification here: +%% http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html + +-module(pkits_SUITE). + +-compile(export_all). + +%%-include_lib("public_key/include/public_key.hrl"). +-include("public_key.hrl"). + +-define(error(Format,Args), error(Format,Args,?FILE,?LINE)). +-define(warning(Format,Args), warning(Format,Args,?FILE,?LINE)). + +-define(CERTS, "pkits/certs"). +-define(MIME, "pkits/smime"). +-define(CONV, "pkits/smime-pem"). + +-define(NIST1, "2.16.840.1.101.3.2.1.48.1"). +-define(NIST2, "2.16.840.1.101.3.2.1.48.2"). +-define(NIST3, "2.16.840.1.101.3.2.1.48.3"). +-define(NIST4, "2.16.840.1.101.3.2.1.48.4"). +-define(NIST5, "2.16.840.1.101.3.2.1.48.5"). +-define(NIST6, "2.16.840.1.101.3.2.1.48.6"). + +%% +all(doc) -> + ["PKITS tests for RFC3280 compliance"]; +all(suite) -> + [signature_verification, + validity_periods, + verifying_name_chaining, + %% basic_certificate_revocation_tests, + verifying_paths_with_self_issued_certificates, + verifying_basic_constraints, + key_usage, +%% certificate_policies, +%% require_explicit_policy, +%% policy_mappings, +%% inhibit_policy_mapping, +%% inhibit_any_policy, + name_constraints, +%% distribution_points, +%% delta_crls, + private_certificate_extensions]. + +signature_verification(doc) -> [""]; +signature_verification(suite) -> []; +signature_verification(Config) when is_list(Config) -> + run(signature_verification()). +validity_periods(doc) -> [""]; +validity_periods(suite) -> []; +validity_periods(Config) when is_list(Config) -> + run(validity_periods()). +verifying_name_chaining(doc) -> [""]; +verifying_name_chaining(suite) -> []; +verifying_name_chaining(Config) when is_list(Config) -> + run(verifying_name_chaining()). +basic_certificate_revocation_tests(doc) -> [""]; +basic_certificate_revocation_tests(suite) -> []; +basic_certificate_revocation_tests(Config) when is_list(Config) -> + run(basic_certificate_revocation_tests()). +verifying_paths_with_self_issued_certificates(doc) -> [""]; +verifying_paths_with_self_issued_certificates(suite) -> []; +verifying_paths_with_self_issued_certificates(Config) when is_list(Config) -> + run(verifying_paths_with_self_issued_certificates()). +verifying_basic_constraints(doc) -> [""]; +verifying_basic_constraints(suite) -> []; +verifying_basic_constraints(Config) when is_list(Config) -> + run(verifying_basic_constraints()). +key_usage(doc) -> [""]; +key_usage(suite) -> []; +key_usage(Config) when is_list(Config) -> + run(key_usage()). +certificate_policies(doc) -> [""]; +certificate_policies(suite) -> []; +certificate_policies(Config) when is_list(Config) -> + run(certificate_policies()). +require_explicit_policy(doc) -> [""]; +require_explicit_policy(suite) -> []; +require_explicit_policy(Config) when is_list(Config) -> + run(require_explicit_policy()). +policy_mappings(doc) -> [""]; +policy_mappings(suite) -> []; +policy_mappings(Config) when is_list(Config) -> + run(policy_mappings()). +inhibit_policy_mapping(doc) -> [""]; +inhibit_policy_mapping(suite) -> []; +inhibit_policy_mapping(Config) when is_list(Config) -> + run(inhibit_policy_mapping()). +inhibit_any_policy(doc) -> [""]; +inhibit_any_policy(suite) -> []; +inhibit_any_policy(Config) when is_list(Config) -> + run(inhibit_any_policy()). +name_constraints(doc) -> [""]; +name_constraints(suite) -> []; +name_constraints(Config) when is_list(Config) -> + run(name_constraints()). +distribution_points(doc) -> [""]; +distribution_points(suite) -> []; +distribution_points(Config) when is_list(Config) -> + run(distribution_points()). +delta_crls(doc) -> [""]; +delta_crls(suite) -> []; +delta_crls(Config) when is_list(Config) -> + run(delta_crls()). +private_certificate_extensions(doc) -> [""]; +private_certificate_extensions(suite) -> []; +private_certificate_extensions(Config) when is_list(Config) -> + run(private_certificate_extensions()). + +run() -> + catch crypto:start(), + Tests = + [signature_verification(), + validity_periods(), + verifying_name_chaining(), + %%basic_certificate_revocation_tests(), + verifying_paths_with_self_issued_certificates(), + verifying_basic_constraints(), + key_usage(), + %%certificate_policies(), + %%require_explicit_policy(), + %%policy_mappings(), + %%inhibit_policy_mapping(), + %%inhibit_any_policy(), + name_constraints(), + %distribution_points(), + %delta_crls(), + private_certificate_extensions() + ], + run(lists:append(Tests)). + +run(Tests) -> + File = file(?CERTS,"TrustAnchorRootCertificate.crt"), + {ok, TA} = file:read_file(File), + run(Tests, TA). + +run({Chap, Test, Result}, TA) -> + CertChain = sort_chain(read_certs(Test),TA, [], false), + try public_key:pkix_path_validation(TA, CertChain, []) of + {Result, _} -> ok; + {error,Result} when Result =/= ok -> + ok; + {error,Error} when is_integer(Result) -> + ?warning(" ~p~n Got ~p expected ~p~n",[Test, Error, Result]); + {error,Error} when Result =/= ok -> + ?error(" minor ~p~n Got ~p expected ~p~n",[Test, Error, Result]); + {error, Error} -> + ?error(" ~p ~p~n Expected ~p got ~p ~n", [Chap, Test, Result, Error]), + fail; + {ok, _} when Result =/= ok -> + ?error(" ~p ~p~n Expected ~p got ~p ~n", [Chap, Test, Result, ok]), + fail + catch Type:Reason -> + Stack = erlang:get_stacktrace(), + io:format("Crash ~p:~p in ~p~n",[Type,Reason,Stack]), + io:format(" ~p ~p Expected ~p ~n", [Chap, Test, Result]), + exit(crash) + end; + +run([Test|Rest],TA) -> + run(Test,TA), + run(Rest,TA); +run([],_) -> ok. + + +read_certs(Test) -> + File = test_file(Test), + %% io:format("Read ~p ",[File]), + {ok, Ders} = public_key:pem_to_der(File), + %% io:format("Ders ~p ~n",[length(Ders)]), + [Cert || {cert,Cert,not_encrypted} <- Ders]. + +test_file(Test) -> + file(?CONV, lists:append(string:tokens(Test, " -")) ++ ".pem"). + +file(Sub,File) -> + TestDir = case get(datadir) of + undefined -> "./pkits_SUITE_data"; + Dir when is_list(Dir) -> + Dir + end, + AbsFile = filename:join([TestDir,Sub,File]), + case filelib:is_file(AbsFile) of + true -> ok; + false -> + ?error("Couldn't read data from ~p ~n",[AbsFile]) + end, + AbsFile. + +sort_chain([First|Certs], TA, Try, Found) -> + case public_key:pkix_is_issuer(First,TA) of + true -> + [First|sort_chain(Certs,First,Try,true)]; + false -> + sort_chain(Certs,TA,[First|Try],Found) + end; +sort_chain([], _, [],_) -> []; +sort_chain([], Valid, Check, true) -> + sort_chain(lists:reverse(Check), Valid, [], false); +sort_chain([], _Valid, Check, false) -> + Check. + +signature_verification() -> + %% "4.1", "Signature Verification" , + [{ "4.1.1", "Valid Signatures Test1", ok}, + { "4.1.2", "Invalid CA Signature Test2", {bad_cert,invalid_signature}}, + { "4.1.3", "Invalid EE Signature Test3", {bad_cert,invalid_signature}}, + { "4.1.4", "Valid DSA Signatures Test4", ok}, + { "4.1.5", "Valid DSA Parameter Inheritance Test5", ok}, + { "4.1.6", "Invalid DSA Signature Test6", {bad_cert,invalid_signature}}]. +validity_periods() -> + %% { "4.2", "Validity Periods" }, + [{ "4.2.1", "Invalid CA notBefore Date Test1", {bad_cert, cert_expired}}, + { "4.2.2", "Invalid EE notBefore Date Test2", {bad_cert, cert_expired}}, + { "4.2.3", "Valid pre2000 UTC notBefore Date Test3", ok}, + { "4.2.4", "Valid GeneralizedTime notBefore Date Test4", ok}, + { "4.2.5", "Invalid CA notAfter Date Test5", {bad_cert, cert_expired}}, + { "4.2.6", "Invalid EE notAfter Date Test6", {bad_cert, cert_expired}}, + { "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", {bad_cert, cert_expired}}, + { "4.2.8", "Valid GeneralizedTime notAfter Date Test8", ok}]. +verifying_name_chaining() -> + %%{ "4.3", "Verifying Name Chaining" }, + [{ "4.3.1", "Invalid Name Chaining EE Test1", {bad_cert, invalid_issuer}}, + { "4.3.2", "Invalid Name Chaining Order Test2", {bad_cert, invalid_issuer}}, + { "4.3.3", "Valid Name Chaining Whitespace Test3", ok}, + { "4.3.4", "Valid Name Chaining Whitespace Test4", ok}, + { "4.3.5", "Valid Name Chaining Capitalization Test5", ok}, + { "4.3.6", "Valid Name Chaining UIDs Test6", ok}, + { "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", ok}, + { "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", ok}, + { "4.3.9", "Valid UTF8String Encoded Names Test9", ok}, + { "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", ok}, + { "4.3.11", "Valid UTF8String Case Insensitive Match Test11", ok}]. +basic_certificate_revocation_tests() -> + %%{ "4.4", "Basic Certificate Revocation Tests" }, + [{ "4.4.1", "Missing CRL Test1", 3 }, + { "4.4.2", "Invalid Revoked CA Test2", 23 }, + { "4.4.3", "Invalid Revoked EE Test3", 23 }, + { "4.4.4", "Invalid Bad CRL Signature Test4", 8 }, + { "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 }, + { "4.4.6", "Invalid Wrong CRL Test6", 3 }, + { "4.4.7", "Valid Two CRLs Test7", ok}, + + %% The test document suggests these should return certificate revoked... + %% Subsquent discussion has concluded they should not due to unhandle + %% critical CRL extensions. + { "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 }, + { "4.4.9", "Invalid Unknown CRL Extension Test9", 36 }, + + { "4.4.10", "Invalid Unknown CRL Extension Test10", 36 }, + { "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 }, + { "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 }, + { "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", ok}, + { "4.4.14", "Valid Negative Serial Number Test14", ok}, + { "4.4.15", "Invalid Negative Serial Number Test15", 23 }, + { "4.4.16", "Valid Long Serial Number Test16", ok}, + { "4.4.17", "Valid Long Serial Number Test17", ok}, + { "4.4.18", "Invalid Long Serial Number Test18", 23 }, + { "4.4.19", "Valid Separate Certificate and CRL Keys Test19", ok}, + { "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 }, + + %% CRL path is revoked so get a CRL path validation error + { "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 }]. +verifying_paths_with_self_issued_certificates() -> + %%{ "4.5", "Verifying Paths with Self-Issued Certificates" }, + [{ "4.5.1", "Valid Basic Self-Issued Old With New Test1", ok}, + %%{ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 }, + %%{ "4.5.3", "Valid Basic Self-Issued New With Old Test3", ok}, + %%{ "4.5.4", "Valid Basic Self-Issued New With Old Test4", ok}, + { "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 }, + %%{ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", ok}, + { "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 }, + { "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", {bad_cert,invalid_key_usage} }]. +verifying_basic_constraints() -> + [%%{ "4.6", "Verifying Basic Constraints" }, + { "4.6.1", "Invalid Missing basicConstraints Test1", + {bad_cert, missing_basic_constraint} }, + { "4.6.2", "Invalid cA False Test2", {bad_cert, missing_basic_constraint}}, + { "4.6.3", "Invalid cA False Test3", {bad_cert, missing_basic_constraint}}, + { "4.6.4", "Valid basicConstraints Not Critical Test4", ok}, + { "4.6.5", "Invalid pathLenConstraint Test5", {bad_cert, max_path_length_reached}}, + { "4.6.6", "Invalid pathLenConstraint Test6", {bad_cert, max_path_length_reached}}, + { "4.6.7", "Valid pathLenConstraint Test7", ok}, + { "4.6.8", "Valid pathLenConstraint Test8", ok}, + { "4.6.9", "Invalid pathLenConstraint Test9", {bad_cert, max_path_length_reached}}, + { "4.6.10", "Invalid pathLenConstraint Test10", {bad_cert, max_path_length_reached}}, + { "4.6.11", "Invalid pathLenConstraint Test11", {bad_cert, max_path_length_reached}}, + { "4.6.12", "Invalid pathLenConstraint Test12", {bad_cert, max_path_length_reached}}, + { "4.6.13", "Valid pathLenConstraint Test13", ok}, + { "4.6.14", "Valid pathLenConstraint Test14", ok}, + { "4.6.15", "Valid Self-Issued pathLenConstraint Test15", ok}, + { "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", {bad_cert, max_path_length_reached}}, + { "4.6.17", "Valid Self-Issued pathLenConstraint Test17", ok}]. +key_usage() -> + %%{ "4.7", "Key Usage" }, + [{ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", {bad_cert,invalid_key_usage} }, + { "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", {bad_cert,invalid_key_usage} }, + { "4.7.3", "Valid keyUsage Not Critical Test3", ok} + %%,{ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 } + %%,{ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 } + ]. + +%% Certificate policy tests need special handling. They can have several +%% sub tests and we need to check the outputs are correct. + +certificate_policies() -> + %%{ "4.8", "Certificate Policies" }, + [{"4.8.1.1", "All Certificates Same Policy Test1", "-policy anyPolicy -explicit_policy", "True", ?NIST1, ?NIST1, 0}, + {"4.8.1.2", "All Certificates Same Policy Test1", "-policy ?NIST1 -explicit_policy", "True", ?NIST1, ?NIST1, 0}, + {"4.8.1.3", "All Certificates Same Policy Test1", "-policy ?NIST2 -explicit_policy", "True", ?NIST1, "<empty>", 43}, + {"4.8.1.4", "All Certificates Same Policy Test1", "-policy ?NIST1 -policy ?NIST2 -explicit_policy", "True", ?NIST1, ?NIST1, 0}, + {"4.8.2.1", "All Certificates No Policies Test2", "-policy anyPolicy", "False", "<empty>", "<empty>", 0}, + {"4.8.2.2", "All Certificates No Policies Test2", "-policy anyPolicy -explicit_policy", "True", "<empty>", "<empty>", 43}, + {"4.8.3.1", "Different Policies Test3", "-policy anyPolicy", "False", "<empty>", "<empty>", 0}, + {"4.8.3.2", "Different Policies Test3", "-policy anyPolicy -explicit_policy", "True", "<empty>", "<empty>", 43}, + {"4.8.3.3", "Different Policies Test3", "-policy ?NIST1 -policy ?NIST2 -explicit_policy", "True", "<empty>", "<empty>", 43}, + {"4.8.4", "Different Policies Test4", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.8.5", "Different Policies Test5", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.8.6.1", "Overlapping Policies Test6", "-policy anyPolicy", "True", ?NIST1, ?NIST1, 0}, + {"4.8.6.2", "Overlapping Policies Test6", "-policy ?NIST1", "True", ?NIST1, ?NIST1, 0}, + {"4.8.6.3", "Overlapping Policies Test6", "-policy ?NIST2", "True", ?NIST1, "<empty>", 43}, + {"4.8.7", "Different Policies Test7", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.8.8", "Different Policies Test8", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.8.9", "Different Policies Test9", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.8.10.1", "All Certificates Same Policies Test10", "-policy ?NIST1", "True", "?NIST1:?NIST2", "?NIST1", 0}, + {"4.8.10.2", "All Certificates Same Policies Test10", "-policy ?NIST2", "True", "?NIST1:?NIST2", "?NIST2", 0}, + {"4.8.10.3", "All Certificates Same Policies Test10", "-policy anyPolicy", "True", "?NIST1:?NIST2", "?NIST1:?NIST2", 0}, + {"4.8.11.1", "All Certificates AnyPolicy Test11", "-policy anyPolicy", "True", "$apolicy", "$apolicy", 0}, + {"4.8.11.2", "All Certificates AnyPolicy Test11", "-policy ?NIST1", "True", "$apolicy", "?NIST1", 0}, + {"4.8.12", "Different Policies Test12", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.8.13.1", "All Certificates Same Policies Test13", "-policy ?NIST1", "True", "?NIST1:?NIST2:?NIST3", "?NIST1", 0}, + {"4.8.13.2", "All Certificates Same Policies Test13", "-policy ?NIST2", "True", "?NIST1:?NIST2:?NIST3", "?NIST2", 0}, + {"4.8.13.3", "All Certificates Same Policies Test13", "-policy ?NIST3", "True", "?NIST1:?NIST2:?NIST3", "?NIST3", 0}, + {"4.8.14.1", "AnyPolicy Test14", "-policy ?NIST1", "True", "?NIST1", "?NIST1", 0}, + {"4.8.14.2", "AnyPolicy Test14", "-policy ?NIST2", "True", "?NIST1", "<empty>", 43}, + {"4.8.15", "User Notice Qualifier Test15", "-policy anyPolicy", "False", "?NIST1", "?NIST1", 0}, + {"4.8.16", "User Notice Qualifier Test16", "-policy anyPolicy", "False", "?NIST1", "?NIST1", 0}, + {"4.8.17", "User Notice Qualifier Test17", "-policy anyPolicy", "False", "?NIST1", "?NIST1", 0}, + {"4.8.18.1", "User Notice Qualifier Test18", "-policy ?NIST1", "True", "?NIST1:?NIST2", "?NIST1", 0}, + {"4.8.18.2", "User Notice Qualifier Test18", "-policy ?NIST2", "True", "?NIST1:?NIST2", "?NIST2", 0}, + {"4.8.19", "User Notice Qualifier Test19", "-policy anyPolicy", "False", "?NIST1", "?NIST1", 0}, + {"4.8.20", "CPS Pointer Qualifier Test20", "-policy anyPolicy -explicit_policy", "True", "?NIST1", "?NIST1", 0}]. +require_explicit_policy() -> + %%{ "4.9", "Require Explicit Policy" }, + [{"4.9.1", "Valid RequireExplicitPolicy Test1", "-policy anyPolicy", "False", "<empty>", "<empty>", 0}, + {"4.9.2", "Valid RequireExplicitPolicy Test2", "-policy anyPolicy", "False", "<empty>", "<empty>", 0}, + {"4.9.3", "Invalid RequireExplicitPolicy Test3", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.9.4", "Valid RequireExplicitPolicy Test4", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + {"4.9.5", "Invalid RequireExplicitPolicy Test5", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.9.6", "Valid Self-Issued requireExplicitPolicy Test6", "-policy anyPolicy", "False", "<empty>", "<empty>", 0}, + {"4.9.7", "Invalid Self-Issued requireExplicitPolicy Test7", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.9.8", "Invalid Self-Issued requireExplicitPolicy Test8", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}]. +policy_mappings() -> + %%{ "4.10", "Policy Mappings" }, + [{"4.10.1.1", "Valid Policy Mapping Test1", "-policy ?NIST1", "True", "?NIST1", "?NIST1", 0}, + {"4.10.1.2", "Valid Policy Mapping Test1", "-policy ?NIST2", "True", "?NIST1", "<empty>", 43}, + {"4.10.1.3", "Valid Policy Mapping Test1", "-policy anyPolicy -inhibit_map", "True", "<empty>", "<empty>", 43}, + {"4.10.2.1", "Invalid Policy Mapping Test2", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.10.2.2", "Invalid Policy Mapping Test2", "-policy anyPolicy -inhibit_map", "True", "<empty>", "<empty>", 43}, + {"4.10.3.1", "Valid Policy Mapping Test3", "-policy ?NIST1", "True", "?NIST2", "<empty>", 43}, + {"4.10.3.2", "Valid Policy Mapping Test3", "-policy ?NIST2", "True", "?NIST2", "?NIST2", 0}, + {"4.10.4", "Invalid Policy Mapping Test4", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.10.5.1", "Valid Policy Mapping Test5", "-policy ?NIST1", "True", "?NIST1", "?NIST1", 0}, + {"4.10.5.2", "Valid Policy Mapping Test5", "-policy ?NIST6", "True", "?NIST1", "<empty>", 43}, + {"4.10.6.1", "Valid Policy Mapping Test6", "-policy ?NIST1", "True", "?NIST1", "?NIST1", 0}, + {"4.10.6.2", "Valid Policy Mapping Test6", "-policy ?NIST6", "True", "?NIST1", "<empty>", 43}, + { "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 }, + { "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 }, + {"4.10.9", "Valid Policy Mapping Test9", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + {"4.10.10", "Invalid Policy Mapping Test10", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.10.11", "Valid Policy Mapping Test11", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + + %% TODO: check notice display + {"4.10.12.1", "Valid Policy Mapping Test12", "-policy ?NIST1", "True", "?NIST1:?NIST2", "?NIST1", 0}, + + %% TODO: check notice display + {"4.10.12.2", "Valid Policy Mapping Test12", "-policy ?NIST2", "True", "?NIST1:?NIST2", "?NIST2", 0}, + {"4.10.13", "Valid Policy Mapping Test13", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + + %% TODO: check notice display + {"4.10.14", "Valid Policy Mapping Test14", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}]. + +inhibit_policy_mapping() -> + %%{ "4.11", "Inhibit Policy Mapping" }, + [{"4.11.1", "Invalid inhibitPolicyMapping Test1", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.11.2", "Valid inhibitPolicyMapping Test2", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + {"4.11.3", "Invalid inhibitPolicyMapping Test3", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.11.4", "Valid inhibitPolicyMapping Test4", "-policy anyPolicy", "True", "?NIST2", "?NIST2", 0}, + {"4.11.5", "Invalid inhibitPolicyMapping Test5", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.11.6", "Invalid inhibitPolicyMapping Test6", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.11.7", "Valid Self-Issued inhibitPolicyMapping Test7", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + {"4.11.8", "Invalid Self-Issued inhibitPolicyMapping Test8", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.11.9", "Invalid Self-Issued inhibitPolicyMapping Test9", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.11.10", "Invalid Self-Issued inhibitPolicyMapping Test10", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.11.11", "Invalid Self-Issued inhibitPolicyMapping Test11", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}]. +inhibit_any_policy() -> + %%{ "4.12", "Inhibit Any Policy" }, + [{"4.12.1", "Invalid inhibitAnyPolicy Test1", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.12.2", "Valid inhibitAnyPolicy Test2", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + {"4.12.3.1", "inhibitAnyPolicy Test3", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + {"4.12.3.2", "inhibitAnyPolicy Test3", "-policy anyPolicy -inhibit_any", "True", "<empty>", "<empty>", 43}, + {"4.12.4", "Invalid inhibitAnyPolicy Test4", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.12.5", "Invalid inhibitAnyPolicy Test5", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.12.6", "Invalid inhibitAnyPolicy Test6", "-policy anyPolicy", "True", "<empty>", "<empty>", 43}, + {"4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", ok}, + {"4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 }, + {"4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", ok}, + {"4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 }]. + +name_constraints() -> + %%{ "4.13", "Name Constraints" }, + [{ "4.13.1", "Valid DN nameConstraints Test1", ok}, + { "4.13.2", "Invalid DN nameConstraints Test2", {bad_cert, name_not_permitted}}, + { "4.13.3", "Invalid DN nameConstraints Test3", {bad_cert, name_not_permitted}}, + { "4.13.4", "Valid DN nameConstraints Test4", ok}, + { "4.13.5", "Valid DN nameConstraints Test5", ok}, + { "4.13.6", "Valid DN nameConstraints Test6", ok}, + { "4.13.7", "Invalid DN nameConstraints Test7", {bad_cert, name_not_permitted}}, + { "4.13.8", "Invalid DN nameConstraints Test8", {bad_cert, name_not_permitted}}, + { "4.13.9", "Invalid DN nameConstraints Test9", {bad_cert, name_not_permitted}}, + { "4.13.10", "Invalid DN nameConstraints Test10", {bad_cert, name_not_permitted}}, + { "4.13.11", "Valid DN nameConstraints Test11", ok}, + { "4.13.12", "Invalid DN nameConstraints Test12", {bad_cert, name_not_permitted}}, + { "4.13.13", "Invalid DN nameConstraints Test13", {bad_cert, name_not_permitted}}, + { "4.13.14", "Valid DN nameConstraints Test14", ok}, + { "4.13.15", "Invalid DN nameConstraints Test15", {bad_cert, name_not_permitted}}, + { "4.13.16", "Invalid DN nameConstraints Test16", {bad_cert, name_not_permitted}}, + { "4.13.17", "Invalid DN nameConstraints Test17", {bad_cert, name_not_permitted}}, + { "4.13.18", "Valid DN nameConstraints Test18", ok}, + { "4.13.19", "Valid Self-Issued DN nameConstraints Test19", ok}, + { "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", {bad_cert, name_not_permitted} }, + { "4.13.21", "Valid RFC822 nameConstraints Test21", ok}, + { "4.13.22", "Invalid RFC822 nameConstraints Test22", {bad_cert, name_not_permitted} }, + { "4.13.23", "Valid RFC822 nameConstraints Test23", ok}, + { "4.13.24", "Invalid RFC822 nameConstraints Test24", {bad_cert, name_not_permitted} }, + { "4.13.25", "Valid RFC822 nameConstraints Test25", ok}, + { "4.13.26", "Invalid RFC822 nameConstraints Test26", {bad_cert, name_not_permitted}}, + { "4.13.27", "Valid DN and RFC822 nameConstraints Test27", ok}, + { "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", {bad_cert, name_not_permitted} }, + { "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", {bad_cert, name_not_permitted} }, + { "4.13.30", "Valid DNS nameConstraints Test30", ok}, + { "4.13.31", "Invalid DNS nameConstraints Test31", {bad_cert, name_not_permitted} }, + { "4.13.32", "Valid DNS nameConstraints Test32", ok}, + { "4.13.33", "Invalid DNS nameConstraints Test33", {bad_cert, name_not_permitted}}, + { "4.13.34", "Valid URI nameConstraints Test34", ok}, + { "4.13.35", "Invalid URI nameConstraints Test35", {bad_cert, name_not_permitted} }, + { "4.13.36", "Valid URI nameConstraints Test36", ok}, + { "4.13.37", "Invalid URI nameConstraints Test37", {bad_cert, name_not_permitted}}, + { "4.13.38", "Invalid DNS nameConstraints Test38", {bad_cert, name_not_permitted} }]. +distribution_points() -> + %%{ "4.14", "Distribution Points" }, + [{ "4.14.1", "Valid distributionPoint Test1", ok}, + { "4.14.2", "Invalid distributionPoint Test2", 23 }, + { "4.14.3", "Invalid distributionPoint Test3", 44 }, + { "4.14.4", "Valid distributionPoint Test4", ok}, + { "4.14.5", "Valid distributionPoint Test5", ok}, + { "4.14.6", "Invalid distributionPoint Test6", 23 }, + { "4.14.7", "Valid distributionPoint Test7", ok}, + { "4.14.8", "Invalid distributionPoint Test8", 44 }, + { "4.14.9", "Invalid distributionPoint Test9", 44 }, + { "4.14.10", "Valid No issuingDistributionPoint Test10", ok}, + { "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 }, + { "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 }, + { "4.14.13", "Valid onlyContainsCACerts CRL Test13", ok}, + { "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 }, + { "4.14.15", "Invalid onlySomeReasons Test15", 23 }, + { "4.14.16", "Invalid onlySomeReasons Test16", 23 }, + { "4.14.17", "Invalid onlySomeReasons Test17", 3 }, + { "4.14.18", "Valid onlySomeReasons Test18", ok}, + { "4.14.19", "Valid onlySomeReasons Test19", ok}, + { "4.14.20", "Invalid onlySomeReasons Test20", 23 }, + { "4.14.21", "Invalid onlySomeReasons Test21", 23 }, + { "4.14.22", "Valid IDP with indirectCRL Test22", ok}, + { "4.14.23", "Invalid IDP with indirectCRL Test23", 23 }, + { "4.14.24", "Valid IDP with indirectCRL Test24", ok}, + { "4.14.25", "Valid IDP with indirectCRL Test25", ok}, + { "4.14.26", "Invalid IDP with indirectCRL Test26", 44 }, + { "4.14.27", "Invalid cRLIssuer Test27", 3 }, + { "4.14.28", "Valid cRLIssuer Test28", ok}, + { "4.14.29", "Valid cRLIssuer Test29", ok}, + + %% Although this test is valid it has a circular dependency. As a result + %% an attempt is made to reursively checks a CRL path and rejected due to + %% a CRL path validation error. PKITS notes suggest this test does not + %% need to be run due to this issue. + { "4.14.30", "Valid cRLIssuer Test30", 54 }, + { "4.14.31", "Invalid cRLIssuer Test31", 23 }, + { "4.14.32", "Invalid cRLIssuer Test32", 23 }, + { "4.14.33", "Valid cRLIssuer Test33", ok}, + { "4.14.34", "Invalid cRLIssuer Test34", 23 }, + { "4.14.35", "Invalid cRLIssuer Test35", 44 }]. +delta_crls() -> + %%{ "4.15", "Delta-CRLs" }, + [{ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 }, + { "4.15.2", "Valid delta-CRL Test2", ok}, + { "4.15.3", "Invalid delta-CRL Test3", 23 }, + { "4.15.4", "Invalid delta-CRL Test4", 23 }, + { "4.15.5", "Valid delta-CRL Test5", ok}, + { "4.15.6", "Invalid delta-CRL Test6", 23 }, + { "4.15.7", "Valid delta-CRL Test7", ok}, + { "4.15.8", "Valid delta-CRL Test8", ok}, + { "4.15.9", "Invalid delta-CRL Test9", 23 }, + { "4.15.10", "Invalid delta-CRL Test10", 12 }]. +private_certificate_extensions() -> + %%{ "4.16", "Private Certificate Extensions" }, + [{ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", ok}, + { "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", + {bad_cert,unknown_critical_extension}}]. + + +convert() -> + Tests = [signature_verification(), + validity_periods(), + verifying_name_chaining(), + basic_certificate_revocation_tests(), + verifying_paths_with_self_issued_certificates(), + verifying_basic_constraints(), + key_usage(), + certificate_policies(), + require_explicit_policy(), + policy_mappings(), + inhibit_policy_mapping(), + inhibit_any_policy(), + name_constraints(), + distribution_points(), + delta_crls(), + private_certificate_extensions()], + [convert(Test) || Test <- lists:flatten(Tests)]. + +convert({_,Test,_}) -> + convert1(Test); +convert({_,Test,_,_,_,_,_}) -> + convert1(Test). + +convert1(Test) -> + FName = lists:append(string:tokens(Test, " -")), + File = filename:join(?MIME, "Signed" ++ FName ++ ".eml"), + io:format("Convert ~p~n",[File]), + {ok, Mail} = file:read_file(File), + Base64 = skip_lines(Mail), + %%io:format("~s",[Base64]), + Tmp = base64:mime_decode(Base64), + file:write_file("pkits/smime-pem/tmp-pkcs7.der", Tmp), + Cmd = "openssl pkcs7 -inform der -in pkits/smime-pem/tmp-pkcs7.der" + " -print_certs -out pkits/smime-pem/" ++ FName ++ ".pem", + case os:cmd(Cmd) of + "" -> ok; + Err -> + io:format("~s",[Err]), + erlang:error(bad_cmd) + end. + +skip_lines(<<"\r\n\r\n", Rest/binary>>) -> Rest; +skip_lines(<<"\n\n", Rest/binary>>) -> Rest; +skip_lines(<<_:8, Rest/binary>>) -> + skip_lines(Rest). + +init_per_testcase(_Func, Config) -> + Datadir = proplists:get_value(data_dir, Config), + put(datadir, Datadir), + Config. + +fin_per_testcase(_Func, Config) -> + %% Nodes = select_nodes(all, Config, ?FILE, ?LINE), + %% rpc:multicall(Nodes, mnesia, lkill, []), + Config. + +init_per_suite(Config) -> + crypto:start(), + Config. + +end_per_suite(_Config) -> + crypto:stop(). + +error(Format, Args, File0, Line) -> + File = filename:basename(File0), + Pid = group_leader(), + Pid ! {failed, File, Line}, + io:format(Pid, "~s(~p): ERROR"++Format, [File,Line|Args]). + +warning(Format, Args, File0, Line) -> + File = filename:basename(File0), + io:format("~s(~p): Warning "++Format, [File,Line|Args]). diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/certs/TrustAnchorRootCertificate.crt b/lib/public_key/test/pkits_SUITE_data/pkits/certs/TrustAnchorRootCertificate.crt Binary files differnew file mode 100644 index 0000000000..21f520ee56 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/certs/TrustAnchorRootCertificate.crt diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem new file mode 100644 index 0000000000..8f00499440 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=anyPolicy CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfDCCAeWgAwIBAgIBJjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMYW55UG9saWN5 +IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGOGYJ7e91FozKo0McZ6T1 +zTYa4IXfHqChuqKgri79fgKVZZsKwOyoHWJfsLn6ClknlWE9NJATHZfQp8GfLy9k +MbdXEKgZQoyWOV2Q0s37ez+I4yuR33JZpxtpKqYQW2fKdhhOdR+DcLwgWUJ4s1Gg +KCXhxYnC4nfSho/lgR3h/QIDAQABo4GFMIGCMB8GA1UdIwQYMBaAFPts1C2Bnson +ep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAOBgNV +HQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAAMA8GA1UdEwEB/wQFMAMBAf8w +DAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQA8JxYIM/manOaFxyoO3y+p +th/jCQFiR6fDo5mhYEOjZuHDWdejSZvNtbpPfNnKmM6W/qI57hZBgVDil9P/CMSi +wYPJvKl0ofonnhhPd+uMPhJENho/NhWyc1cgruABceTtBP966dRIhejL3K7SewrT +aV+IWdHVMKREjOXtHakoKQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=All Certificates anyPolicy EE Certificate Test11 +issuer=/C=US/O=Test Certificates/CN=anyPolicy CA +-----BEGIN CERTIFICATE----- +MIICfzCCAeigAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBD +QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwQWxsIENlcnRp +ZmljYXRlcyBhbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVzdDExMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQDXI8MbFkMJTmeIdP1EpYg8qYdNkQRq1yNQYMHH +9TxFgw3L7sCGGxJS6PN4SS67CdnNZKNseFT+qAIDIbBw+p6uuAB4PWZEireOFo+s +PSdbG2Os76qFi12SpIniE64W5aSMzmccMf6RqzuqUROYH8wOzk8w6y+RI2qnkqDx +0HxJrwIDAQABo2UwYzAfBgNVHSMEGDAWgBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAd +BgNVHQ4EFgQUC8LFyye3gbbbFeNrasBg1Fq10JYwDgYDVR0PAQH/BAQDAgTwMBEG +A1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQAmASNJNMm+5XfUYE/I +IhtOmsbGvCrIWyMyhcv7gosAMSsXYU+8CzWpkjP0zS42rEphyqP8zUAWjR/BqUJV +9uwenHlpNeVflKgq0UVqYeoqc+afpvgLe+2o2Fe81Uz2tQ+LjwRQCm0/dhEVeZ4B +JutCF8LtmT3hv2RlWp5v1mmG4w== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=anyPolicy CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3E:B3:9E:A2:E4:43:85:FB:67:40:31:86:13:9B:C6:61:ED:86:D5:E2 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 2a:c3:2d:e7:f3:91:d6:67:7b:66:88:f9:22:e8:64:c9:80:a2: + 88:bb:d7:a0:84:a3:75:ab:d5:af:72:d0:fa:1f:ed:4e:42:29: + 62:23:32:25:59:4d:a3:45:c1:bc:ae:37:c8:b2:d0:79:00:96: + 84:0d:7d:a2:f0:58:d7:c4:99:64:cc:4e:8b:5f:88:f6:6f:cf: + ee:39:54:34:8c:7b:0f:e7:43:0b:26:d8:6e:c4:f8:6a:ed:80: + 9a:47:d3:38:bb:82:9b:fe:bf:6b:01:6e:c9:e7:8f:3e:cc:b1: + 4a:a3:df:86:3a:2d:ca:62:6c:dd:27:a8:51:c2:b4:3f:c5:ba: + 90:6c +-----BEGIN X509 CRL----- +MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBDQRcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUPrOeouRD +hftnQDGGE5vGYe2G1eIwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAKsMt +5/OR1md7Zoj5IuhkyYCiiLvXoISjdavVr3LQ+h/tTkIpYiMyJVlNo0XBvK43yLLQ +eQCWhA19ovBY18SZZMxOi1+I9m/P7jlUNIx7D+dDCybYbsT4au2AmkfTOLuCm/6/ +awFuyeePPsyxSqPfhjotymJs3SeoUcK0P8W6kGw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem new file mode 100644 index 0000000000..ea336fce35 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem @@ -0,0 +1,107 @@ +subject=/C=US/O=Test Certificates/CN=No Policies CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICWzCCAcSgAwIBAgIBIjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEIxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEXMBUGA1UEAxMOTm8gUG9saWNp +ZXMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWH/haSHmzYQAYFLKMA +cbwROk7OaY3N6TMLQIz4yWrwGzpy+kiIDZ2xVPnyHRHp12VlAI5u78kQKAivhpNw +ovjgrUmE86zb3/OOa341tubElI6Y9G1Y1tnzPCK+hi1vjrHAHr1Glf8VOgZ9ijpU +SjXOsw5pFlz22uc7BRI7S/K1AgMBAAGjYzBhMB8GA1UdIwQYMBaAFPts1C2Bnson +ep4NsDzqmryH/0nqMB0GA1UdDgQWBBRTwRQlfeVbPleR+JYOkJ5dxiWoujAOBgNV +HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBr +G1ayCZm1VdyAqi1JuxUTt6bQcd8iNR0vvnl49QzjKgCNRqNV69RCH0U4ZST8D57t +TVN8DJITlnH+Kbid6OWcgkb+vi5C0SPLPNym18RVzKNQtR88lJCByvNbx/CprRYl +EfsMrs6FA8loVY0rVrUpEsTjVxyDh+fb8GZ3CAJIng== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=All Certificates No Policies EE Certificate Test2 +issuer=/C=US/O=Test Certificates/CN=No Policies CA +-----BEGIN CERTIFICATE----- +MIICbzCCAdigAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDk5vIFBvbGljaWVz +IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQDEzFBbGwgQ2Vy +dGlmaWNhdGVzIE5vIFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbFHIGRAKQBl4eS/EWvFaVcb/7H30je7Yf +LmXoIYQGeWJZQfXWSsJyXyoaMhf4uLonxy8mi1Ap8vy3Fqc9b55Cm48xatNCao6D +W6YbSQu9hiSXCMxjXWnrYfi62KywO6I2y5JbT0CZ2PbQO0lFXYKPaTFDKzgf9l4x +ppvlkUQdsQIDAQABo1IwUDAfBgNVHSMEGDAWgBRTwRQlfeVbPleR+JYOkJ5dxiWo +ujAdBgNVHQ4EFgQUy5AB5Gdr2u2a+KXtJZFHFSHyopEwDgYDVR0PAQH/BAQDAgTw +MA0GCSqGSIb3DQEBBQUAA4GBAGk2l02zPeeK5Xca7UysnHmcjV08jAnZw6WqKJlS +ZK/upXnIu/i4JXjxhC/aBpFDs1foGPEPb7vPwJBq6psJ/qvrL3FxzWnmp08P4iUP +c7e9vxXYaMIQC3duKeV6SOn5VrpSPYRfchw/i70FJ+QCw9xAvNZ2X45Pzi9k9xUg +VfLw +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=No Policies CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:53:C1:14:25:7D:E5:5B:3E:57:91:F8:96:0E:90:9E:5D:C6:25:A8:BA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 32:a4:9a:ca:5f:51:9e:91:db:fb:8a:0a:85:9b:64:c7:08:ef: + d5:17:43:34:7b:ad:53:90:4d:d1:43:10:f9:47:88:de:f3:78: + 67:2a:3a:4b:0e:5c:1a:a5:ee:19:b9:ef:f9:eb:3f:f1:39:2c: + 31:ab:e5:14:a7:90:8a:87:71:c6:78:a1:75:df:84:aa:3a:68: + 37:8a:ba:65:79:1f:31:93:8c:4e:6a:f1:1c:3b:fb:68:79:34: + 55:5b:42:55:8d:f3:2d:9f:f6:47:8d:64:6a:02:84:0b:97:aa: + 2c:c6:96:18:ed:b3:b1:a1:62:b4:73:40:83:00:1f:1e:96:ec: + d2:ff +-----BEGIN X509 CRL----- +MIIBOzCBpQIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDk5vIFBvbGljaWVzIENBFw0w +MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBRTwRQl +feVbPleR+JYOkJ5dxiWoujAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQAy +pJrKX1Gekdv7igqFm2THCO/VF0M0e61TkE3RQxD5R4je83hnKjpLDlwape4Zue/5 +6z/xOSwxq+UUp5CKh3HGeKF134SqOmg3irpleR8xk4xOavEcO/toeTRVW0JVjfMt +n/ZHjWRqAoQLl6osxpYY7bOxoWK0c0CDAB8eluzS/w== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem new file mode 100644 index 0000000000..62412e9602 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Policies P12 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg +UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO +/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9 +WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0 +CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B +nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO +BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl +AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB +BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK +btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk +biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=All Certificates Same Policies EE Certificate Test10 +issuer=/C=US/O=Test Certificates/CN=Policies P12 CA +-----BEGIN CERTIFICATE----- +MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx +MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGgxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE9MDsGA1UEAxM0QWxsIENl +cnRpZmljYXRlcyBTYW1lIFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QxMDCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmrdM0DTddXChaxuvVK1/9AmbK3pj +B7nrBT7FrZ4f+6sp0e/vN7kCNEiAaRq1BDUFjyiesHIoL7gVKw96xoYTQ1qdCGZO +04GFQtVjtBx8SZCDsvjWgaXxs2BPj3ooNV199aMCiKTeNPm1TwL2zpmGRBaV5As8 +X8eCNYjiya9c6jMCAwEAAaN5MHcwHwYDVR0jBBgwFoAUAONl6YHUhrnHHefzMzkG +XkwRpfkwHQYDVR0OBBYEFMb2N25TEoHRRp8AmP8/XLXv9HDaMA4GA1UdDwEB/wQE +AwIE8DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkq +hkiG9w0BAQUFAAOBgQBM+wZzcjByDVKWb9MADcwg0VTmgmhOhSmt3fqhHagC9q3G +ZY6+OWkM6gCdmw1JBr9JRTHPl1uo/W5dI4OVIupjsct4ObPWx1yn29VM30lyaYDR +iBhgjOp5tonCixdFbt7pMnviPwsIDKdQLQz0k8m7d/au9BVHVSlyDoqm0I0uSg== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f: + df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9: + 4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38: + 86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb: + 77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05: + 70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77: + e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11: + 1d:72 +-----BEGIN X509 CRL----- +MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl +6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA +oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor +RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN +gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem new file mode 100644 index 0000000000..888f8c117a --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=Policies P123 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg +UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s +xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS +o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5 +ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt +gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww +DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB +ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD +gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM +jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext +cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY +kko1SxlW +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=All Certificates Same Policies EE Certificate Test13 +issuer=/C=US/O=Test Certificates/CN=Policies P123 CA +-----BEGIN CERTIFICATE----- +MIICqzCCAhSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx +MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBoMQswCQYDVQQG +EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNVBAMTNEFsbCBD +ZXJ0aWZpY2F0ZXMgU2FtZSBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTMw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ6RCve4HAIbl7RQiw7tPY3IJ0oT +KvS2jsUu4eNuzThRoKW0cWW3N+Jk1rkqgaaebVodXrb9cuDFONWRL0X2DZazb5h/ +4FX3obShqywkydsz7vBoixmRXa/oKtIa78h5zQTSDPR0sJeWIikOUJZMIJv4CNw1 +Pwvu3Y3i9CwT6m2fAgMBAAGjgYgwgYUwHwYDVR0jBBgwFoAU0L/Nm9/xkf2Ch1oQ +z5Cvi7zyxcwwHQYDVR0OBBYEFGqUba1DKQxc60sgeqLAqyOR/22bMA4GA1UdDwEB +/wQEAwIE8DAzBgNVHSAELDAqMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjAM +BgpghkgBZQMCATADMA0GCSqGSIb3DQEBBQUAA4GBAAd1diIEB4YaH7gH6DO1vptE +G2YpbuvISfPDhWjrLI/sLSJTH3l+kC/GE4FDEHJ0Rc76la5gyUbRwX1zTZKHGyxx +NhuE3i0XkrAlR6xRUJRcb1SgD7JqMzup7ZuFP9h3+txi71G33fMStCxKGa6ijUKd +LTzImFXGxbWm6SZujuyJ +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b: + 7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7: + 8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65: + 92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81: + 84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96: + 1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41: + 98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04: + ef:9d +-----BEGIN X509 CRL----- +MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/ +zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB +AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p +qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs +95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem new file mode 100644 index 0000000000..de409f5895 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem @@ -0,0 +1,118 @@ +subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp +ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co +7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF +H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh +i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3 +LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e +kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq +hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx +x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr +PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem new file mode 100644 index 0000000000..82576fb4a3 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=anyPolicy EE Certificate Test14 +issuer=/C=US/O=Test Certificates/CN=anyPolicy CA +-----BEGIN CERTIFICATE----- +MIICdDCCAd2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBD +QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfYW55UG9saWN5 +IEVFIENlcnRpZmljYXRlIFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAosJmcfDGby4vpcrZs7/LeCfqnvDfXgZakoRonLHgudPwLK839x7AtBqsAAsx +wYNmtj+gGNu9x2hjBOrEFHjxVhCZbr+V2b3NuZ0C2p+OcSZ6nKYxxmgtP9NrTYZs +MVo8uJ/d9zDXB7/Hflbl2iOtwHe4CpWlWkAcb55leIZdFx0CAwEAAaNrMGkwHwYD +VR0jBBgwFoAUPrOeouRDhftnQDGGE5vGYe2G1eIwHQYDVR0OBBYEFEAG933vDjVc +5TJ4xVFIKNj24AmHMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl +AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHS2x3KJlEZ/YeT5mje964ccV/zmiYkiy +SP02lLjIQuB7b4R8xS4TYb6lXC18dc0776mMu6BQVqECrBq71A77N5cd5Xuc/+5U +5ZMyLiowPxjhgjqMOZV6Vno6zYQh+4bdFIqNZ4Wv1l0KyhvD5KU5gBQ6uK/Gbmgx +gC2356iQiJE= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=anyPolicy CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfDCCAeWgAwIBAgIBJjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMYW55UG9saWN5 +IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGOGYJ7e91FozKo0McZ6T1 +zTYa4IXfHqChuqKgri79fgKVZZsKwOyoHWJfsLn6ClknlWE9NJATHZfQp8GfLy9k +MbdXEKgZQoyWOV2Q0s37ez+I4yuR33JZpxtpKqYQW2fKdhhOdR+DcLwgWUJ4s1Gg +KCXhxYnC4nfSho/lgR3h/QIDAQABo4GFMIGCMB8GA1UdIwQYMBaAFPts1C2Bnson +ep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAOBgNV +HQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAAMA8GA1UdEwEB/wQFMAMBAf8w +DAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQA8JxYIM/manOaFxyoO3y+p +th/jCQFiR6fDo5mhYEOjZuHDWdejSZvNtbpPfNnKmM6W/qI57hZBgVDil9P/CMSi +wYPJvKl0ofonnhhPd+uMPhJENho/NhWyc1cgruABceTtBP966dRIhejL3K7SewrT +aV+IWdHVMKREjOXtHakoKQ== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=anyPolicy CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3E:B3:9E:A2:E4:43:85:FB:67:40:31:86:13:9B:C6:61:ED:86:D5:E2 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 2a:c3:2d:e7:f3:91:d6:67:7b:66:88:f9:22:e8:64:c9:80:a2: + 88:bb:d7:a0:84:a3:75:ab:d5:af:72:d0:fa:1f:ed:4e:42:29: + 62:23:32:25:59:4d:a3:45:c1:bc:ae:37:c8:b2:d0:79:00:96: + 84:0d:7d:a2:f0:58:d7:c4:99:64:cc:4e:8b:5f:88:f6:6f:cf: + ee:39:54:34:8c:7b:0f:e7:43:0b:26:d8:6e:c4:f8:6a:ed:80: + 9a:47:d3:38:bb:82:9b:fe:bf:6b:01:6e:c9:e7:8f:3e:cc:b1: + 4a:a3:df:86:3a:2d:ca:62:6c:dd:27:a8:51:c2:b4:3f:c5:ba: + 90:6c +-----BEGIN X509 CRL----- +MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBDQRcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUPrOeouRD +hftnQDGGE5vGYe2G1eIwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAKsMt +5/OR1md7Zoj5IuhkyYCiiLvXoISjdavVr3LQ+h/tTkIpYiMyJVlNo0XBvK43yLLQ +eQCWhA19ovBY18SZZMxOi1+I9m/P7jlUNIx7D+dDCybYbsT4au2AmkfTOLuCm/6/ +awFuyeePPsyxSqPfhjotymJs3SeoUcK0P8W6kGw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem new file mode 100644 index 0000000000..bd06526d83 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem @@ -0,0 +1,120 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=CPS Pointer Qualifier EE Certificate Test20 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICuTCCAiKgAwIBAgIBFTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK0NQUyBQb2ludGVyIFF1 +YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjAwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAMoJaBG/FNuQhA4cgeiGiLpg79tevgtM1J+7DRztxWNGR1ETJ2fT +76YKUm8p81GifGLyp0GPixlRYrORVU04fWNYnx8Zf7rkoCPeVEDinuLDtIrrENam +41t/iHh8pI2pzuA+AUUT9MOXDyVHFx+hGhjOseGtcUIJB0h641auD/XtAgMBAAGj +gagwgaUwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE +FMLcmlwicNMKSIWer8jYAJSooOpzMA4GA1UdDwEB/wQEAwIE8DBTBgNVHSAETDBK +MEgGCmCGSAFlAwIBMAEwOjA4BggrBgEFBQcCARYsaHR0cDovL2NzcmMubmlzdC5n +b3YvY3Nvci9wa2lyZWcuaHRtI3BraXRlc3QwDQYJKoZIhvcNAQEFBQADgYEAfDo9 +XQCL4ynO7TfTvX9MENaHI304AZw1YU+SP2zkPuDd4HxsI1FK04q1NbIaJ+TOVfk3 +Fke0kNKWelXWa4JcqZ8eg1RxzRsqB47a0IdMOcVwwjKNI5U9KkHRvHjCBMip0wjU +j6Qw2ktcJRAOZf2zsNks/lq7d2+7udwTCiASQ84= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem new file mode 100644 index 0000000000..4084a4851c --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test12 +issuer=/C=US/O=Test Certificates/CN=Policies P3 CA +-----BEGIN CERTIFICATE----- +MIICfzCCAeigAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDlBvbGljaWVzIFAz +IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXDELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTEwLwYDVQQDEyhEaWZmZXJl +bnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDEyMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCyCzdT70A8+vsLoViq8TWIYg7Eta6CLxVYgGuIT/jHnsK+ ++FbOsG9GIxdLYhdZrrlKG4cAlkpS/6K9L23KfQGiNNjQ4LaWC/geLyNeOOOrnXBk +nMhffhtlQ4PzTnEtjtr0fUr5iNZtCZpTUSQKxvZfEL8s8HUbsiPagLV9TwXO3QID +AQABo2swaTAfBgNVHSMEGDAWgBSOvWaPjlVlz1HkWabJKh5iv/elvDAdBgNVHQ4E +FgQUgYdlKg2WZsyn5n9xnCVxsVRQwz4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwBDANBgkqhkiG9w0BAQUFAAOBgQA+sKsTmg7nH6jqpWTD +0+ku3zH37P/CeNynrYlFtFA/3QZZNSeBUtmPEgSANp/iYSgpIOeqcUR+vJZhsIXT ++0wX4SS7+hy3sHAuDmSZ7d4XXowNWmfn2MElY7INaPvTzjRY3+XIeTfMK43LglF5 +sftSt0FIy+7QSZiQwKIX35Hdig== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P3 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIChDCCAe2gAwIBAgIBJzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEIxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEXMBUGA1UEAxMOUG9saWNpZXMg +UDMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzB4tlymiLVW8a6Ps0y +porV4ZwLRY6O21qBHaMeOvMroSc49aMMmsNM5Hq1c37ETR2NROBT065S3xFyQT58 +Q+6gu30masLdypu0ewe1f4waXVKzrOrXleRrha2wyu33duzC9XoU5rLxLJUrPXjd +F7bYw/NIHmdKb2gKdGDD5ZhlAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAU+2zULYGe +yid6ng2wPOqavIf/SeowHQYDVR0OBBYEFI69Zo+OVWXPUeRZpskqHmK/96W8MA4G +A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/ +BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAGIeHrFlfEpz +33KeWUQrArkcbXi4ONGl0zsMAelL8FjVyZJqVjBi4/z+31K608b9FleH0H4QlO1V +pADcQhn+/9ChWXCvHtSUuBsIPFO3WWIdgYTtmSAqxsEq3uwQIR3ku8NoMpgiak6B +EdVSLx709Z1oHVmuqVn1fYV/0968h9fo +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P3 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8E:BD:66:8F:8E:55:65:CF:51:E4:59:A6:C9:2A:1E:62:BF:F7:A5:BC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 70:a1:09:11:c0:05:80:09:b9:cb:96:bd:30:59:49:1e:07:57: + d3:9b:e2:f1:41:3f:f5:f1:d7:90:67:ab:db:81:2f:1f:b6:6d: + b4:e5:45:ba:94:55:25:9c:e1:11:06:71:a3:dc:ed:1f:6d:eb: + 91:33:7f:7d:1f:40:2e:1c:84:1a:c2:45:8a:26:ed:0c:a5:6f: + 1c:00:50:99:fd:7b:d1:3a:cf:a0:1a:da:0c:f0:7a:9a:4e:b5: + f1:fb:90:9b:ab:54:57:1d:55:ab:b7:c3:a6:c4:27:e9:c8:6b: + 83:28:68:cc:9e:0b:f0:99:7e:0a:f5:f2:ca:35:28:7b:78:59: + 7c:88 +-----BEGIN X509 CRL----- +MIIBOzCBpQIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDlBvbGljaWVzIFAzIENBFw0w +MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBSOvWaP +jlVlz1HkWabJKh5iv/elvDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQBw +oQkRwAWACbnLlr0wWUkeB1fTm+LxQT/18deQZ6vbgS8ftm205UW6lFUlnOERBnGj +3O0fbeuRM399H0AuHIQawkWKJu0MpW8cAFCZ/XvROs+gGtoM8HqaTrXx+5Cbq1RX +HVWrt8OmxCfpyGuDKGjMngvwmX4K9fLKNSh7eFl8iA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem new file mode 100644 index 0000000000..81624cdd69 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem @@ -0,0 +1,170 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P2 subCA +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBEDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBFMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAyIHN1 +YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFuj/BeKqm7wDc+UMIp7Qh +eY7RqfB/VGqZuKUb5UNpLiXT37UrhteMqYSqBkd76l1qvhhBwRPJt9Nq2tf5slrS +NJOAnUfF0McB9RUJMGhkITa9As3KZy0u31hre09MUaacltcuJx4irpHKUEjn+qY1 +ZdZ7NNEzH9VXWN+6lARLIQIDAQABo3wwejAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7 +J0TXNTPfmhWUxzAdBgNVHQ4EFgQU5FhKqtjykfUZF2iehQcjbgo0680wDgYDVR0P +AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAGilgDaBiDA1cbd6xUxAl/K5DVQ8ack+2fk1 +P8G5fTuQoQtDbWX6eA7Q/nXFXBCj2i1tmJF/q8Pzh1GU6MKQ5f7J5ibEstM1+lgb +hidM5kd85uVTxTBL7GSS94BSfXFnNOOSWbRTyhSIZRxScCjERfnSfF8yBDRIbFGO +ma6qPeAC +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=Policies P2 subCA +-----BEGIN CERTIFICATE----- +MIICgTCCAeqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAy +IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowWzELMAkGA1UE +BhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTAwLgYDVQQDEydEaWZm +ZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDMwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBANc03XT9xYcVcwSWI/zfZ5VWnTC4uy5WFMe8/BNL8QuP +5xFw/xGTjgkS/ABNJJJ+a/RWsi0Q92MSeMbVNkgD0/i94SgjALWOdsg9k4LI3iH1 +ziOZ1OWKjKsJIxgCbTls+JRu7bRi4dnVYHB96WnGFVsVp9xyoS3hUYYwpCFXYLWz +AgMBAAGjazBpMB8GA1UdIwQYMBaAFORYSqrY8pH1GRdonoUHI24KNOvNMB0GA1Ud +DgQWBBRyOnvPdzFG1aaQtBqWQiKlfmoaPjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g +BBAwDjAMBgpghkgBZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBACWQn4A03gqLgppl +ROwBGIIxHZD+wVr9BgoDJj2xwX6NaofqHfhAyVq9hDqEwylmfr0rH6m8PBAgnST0 +CnoWgQEQQ2sESHf6f/7/CTcVLlx8UQDXaTlA22nhmoJG9Y4iOdjdzhgvn/9yYySs +aTByh3KCB3TV4q9GJw6nUNAmnoOo +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P2 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:E4:58:4A:AA:D8:F2:91:F5:19:17:68:9E:85:07:23:6E:0A:34:EB:CD + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + c3:6b:fd:b1:c9:49:fe:a7:76:33:87:24:1f:f7:df:41:31:b8: + 37:15:f2:3c:ae:8e:c7:17:a1:30:ea:a6:53:99:4a:8b:a1:7c: + ae:c1:4e:58:81:4f:65:e2:0d:eb:a0:cc:2d:f5:a2:ba:03:ee: + 1e:81:1c:64:3a:b1:9f:2b:d2:40:27:69:6f:32:95:fa:85:f7: + c8:76:8b:4b:7a:11:12:8d:7c:fa:1f:54:84:d7:ff:72:23:63: + 46:55:0a:e4:d2:38:1d:83:2c:57:bb:60:21:dc:44:0d:6a:95: + 11:ad:f0:b5:57:82:68:f4:20:37:f4:d7:46:93:cd:c4:c6:90: + fd:c1 +-----BEGIN X509 CRL----- +MIIBPjCBqAIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAyIHN1YkNB +Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBTk +WEqq2PKR9RkXaJ6FByNuCjTrzTAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOB +gQDDa/2xyUn+p3YzhyQf999BMbg3FfI8ro7HF6Ew6qZTmUqLoXyuwU5YgU9l4g3r +oMwt9aK6A+4egRxkOrGfK9JAJ2lvMpX6hffIdotLehESjXz6H1SE1/9yI2NGVQrk +0jgdgyxXu2Ah3EQNapURrfC1V4Jo9CA39NdGk83ExpD9wQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem new file mode 100644 index 0000000000..42c902dac2 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem @@ -0,0 +1,170 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=Good subCA +-----BEGIN CERTIFICATE----- +MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0Ew +HhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBbMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMDAuBgNVBAMTJ0RpZmZlcmVudCBQ +b2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAo97r9TnN6B3H+x4fSXruIfEelkjmA4Ti1Q93FP3Op0Pfk8ybf7W8 +/meQsMFMMXAVrZ+pwfLj3YvzTspivZUbJGWA4o7r2DwkVkuXr6Rv2n3OhPlCwljb +TAFxb5S3wOOJ53FHJw33R19R8d3B0CpxKxLK1oXQVOOu0t3UKizFJakCAwEAAaNr +MGkwHwYDVR0jBBgwFoAUfFxpfJ3IVbEiBSlD+8R7j+rquH0wHQYDVR0OBBYEFOIy +WsL+F3ByhN7vnBDlbJNEkZS3MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAIwDQYJKoZIhvcNAQEFBQADgYEAVoBWMI/tY2C3bNKXPdDQHwOq ++JplKCmu37pLQlMNSVP8yssW5khRqkKYi48Jz7b21NKFN3w3/0MuV2AxjEA6ROZX +MBwaIKyeHMRCRDJndHYU3CkOvex/eDDnLXvNxTXuda755S3qZUbhNKRZnLv1iDzH +KN6TmIq39yQReXlNoNo= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Good subCA +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA+MQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0EwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPPDgvwjnBtonTcZM5RPe+FqtX3glBmw +zdb+WOm6gKoAp5euYnW2UZOOjSztJyTUKsmnK3qhKgntDjO8z/ito6Pz0Uo7zoby +wftFeKr76K0iBIp0t2DJQ4khnA8KjIB7LJp5CKIT1rhPdrLhPbc/r+LcUTZrAfRt +ZcQkxbznhxZxAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz +35oVlMcwHQYDVR0OBBYEFHxcaXydyFWxIgUpQ/vEe4/q6rh9MA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAM +BgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAI8yIYi19lr+NUCxlq3CXkpZ +TAgRtU0pqH1VbEootkv0o7apbF2cC8SHB0UDiih/yqZjqw3kHtpbBaf75KHxqoQ4 +PKqoZXt3K4rjiQooU+2cyC+mxI3uegcFjQ444R10jXwv5EqNQ4joXhz5hocJA/PF +JGFA0gkGm2pMEBR567ka +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:7C:5C:69:7C:9D:C8:55:B1:22:05:29:43:FB:C4:7B:8F:EA:EA:B8:7D + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a1:14:35:58:41:58:4a:93:ea:8a:e7:cc:c1:be:02:22:8c:9a: + 21:32:d6:a9:bf:1d:df:7d:60:8c:ba:f2:8c:01:a9:38:a4:94: + 8a:6d:69:46:e5:ac:63:48:17:e5:c9:c0:de:df:13:73:c6:ec: + 3f:b7:ed:61:a2:6c:42:d8:cf:7a:ff:3b:35:41:8a:04:c8:fe: + 85:37:b8:7d:dc:a0:05:35:ba:e0:bb:39:c8:be:2a:79:57:82: + db:f1:da:21:e0:c6:54:2b:37:2a:e1:0d:82:aa:2f:47:ab:15: + fc:30:11:dd:52:ba:93:cf:bc:46:39:a7:94:29:7d:e0:2a:5c: + d4:ce +-----BEGIN X509 CRL----- +MIIBNzCBoQIBATANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0EXDTAxMDQx +OTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHxcaXydyFWx +IgUpQ/vEe4/q6rh9MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAKEUNVhB +WEqT6ornzMG+AiKMmiEy1qm/Hd99YIy68owBqTiklIptaUblrGNIF+XJwN7fE3PG +7D+37WGibELYz3r/OzVBigTI/oU3uH3coAU1uuC7Oci+KnlXgtvx2iHgxlQrNyrh +DYKqL0erFfwwEd1SupPPvEY5p5QpfeAqXNTO +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem new file mode 100644 index 0000000000..bb476975c0 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem @@ -0,0 +1,170 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=Policies P2 subCA2 +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAy +IHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNV +BAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnRGlm +ZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQCwZH5VW/9MO5bUFBrHnWcQmxnLKiqHAu593o6kFZKt +zkkYkVCA/vu0Wqgk09UeJz2jQPFuJEFYl/VdkkyS3U5TMdJBBcIHMYpmVTeTJSzP +G+II79/nOVLpVRfuMtKclAU+oCCJb29oiXRaOFzZjzbXuU/NvSXZu24sVctBtFQA +DQIDAQABo2swaTAfBgNVHSMEGDAWgBRx6y8V7VGl/4VJjHwa9kumm6SUBjAdBgNV +HQ4EFgQU0BTRTBvIbX1D6I9/J/Wkp7/iGNwwDgYDVR0PAQH/BAQDAgTwMBcGA1Ud +IAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAVgTBnKECQtHJE +rSdkBjW41mPMbdbsbYgsl00518Qv4kS2bIsmMOB4V6kl48oIlmIql2dgUqb0QgvA +JFFmwyLWdyUy1Ngv1H4tT2i9htTQAG7Yhx619BHqWCfqCiue49ySUsKOefY3ZYuy +Ew2nYu2yBbFQuBajQDA+6rT6RjvF+Q== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P2 subCA2 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICgzCCAeygAwIBAgIBEjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBGMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAyIHN1 +YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtLTO6yKdiF3dWPmvdMIU +ljhMl5k5/mSISipm74fsNPvCJOAfdPJa7ZsmCH2mXZeXa5xOUPG9YzcqgSoj8YEa +L6h9u4t40L+OyapOZKiYykXi9hoZEzCuilIIu3km9rU0jF/hTntZ5QSdE65fM5qn +iMQnAPkod5ehi3XASsHZu9cCAwEAAaOBizCBiDAfBgNVHSMEGDAWgBS3LqaCy8LI +vKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUcesvFe1Rpf+FSYx8GvZLppuklAYwDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8E +BTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEApvxtR+QrmkV9 +u+IYUO9+MXgIGn7U3aab9pnQfxH2Dqkx2uPGGYsw3+Md7m0+Y29god0WgGwgrmlS +9VnFhuDw0Sks4ofgjOWCrO0gK10fO2AHzYMwxcbsaqrIPS0dIkUflnnB6vUPoz1t +0/y853VkBY8fwZC5lSrXe1j/wkrITt4= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P2 subCA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:71:EB:2F:15:ED:51:A5:FF:85:49:8C:7C:1A:F6:4B:A6:9B:A4:94:06 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0f:c9:61:2b:d8:db:62:52:36:67:85:d2:bf:79:00:4e:44:4c: + 3b:2e:a1:0f:58:1d:06:1d:47:bb:2d:b2:3f:62:d5:9c:7d:da: + bd:34:86:5d:44:f2:ec:42:d8:cb:37:16:8d:87:d7:73:3b:d1: + 82:e3:e9:2c:d6:db:6f:f5:f3:db:d4:11:bf:bf:aa:15:10:7a: + 51:76:d6:56:e5:f6:27:00:54:54:87:14:e8:0f:5a:e1:5b:64: + 16:53:de:31:1a:69:c2:6b:a5:fe:77:8c:bc:f2:42:d6:ad:84: + 6a:f5:bb:94:16:c0:12:64:af:4a:2e:68:64:2f:f5:14:5c:b1: + c5:cf +-----BEGIN X509 CRL----- +MIIBPzCBqQIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAyIHN1YkNB +MhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU +cesvFe1Rpf+FSYx8GvZLppuklAYwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQAD +gYEAD8lhK9jbYlI2Z4XSv3kATkRMOy6hD1gdBh1Huy2yP2LVnH3avTSGXUTy7ELY +yzcWjYfXczvRguPpLNbbb/Xz29QRv7+qFRB6UXbWVuX2JwBUVIcU6A9a4VtkFlPe +MRppwmul/neMvPJC1q2EavW7lBbAEmSvSi5oZC/1FFyxxc8= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem new file mode 100644 index 0000000000..64913817fc --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem @@ -0,0 +1,211 @@ +subject=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1 +issuer=/C=US/O=Test Certificates/CN=Policies P123 subCAP12 +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAx +MjMgc3ViQ0FQMTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBPMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMT +G1BvbGljaWVzIFAxMjMgc3Vic3ViQ0FQMTJQMTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA3JEcFcmqBaOdX0aQIeLKgr184G8kZkUDCWXFVa8Rl8JEbH8nKumt +oT+D502p0fAxQ/lu67/+Wz9X+0bAwkuPsCzJ1QCXR2UIRpVr1NxN7Rpz/7c6kzfL +/DJwrly/lSBnj0R0YirNdtTRRbIo0/YEP7P2B0gorC16aSbZViLod4ECAwEAAaN8 +MHowHwYDVR0jBBgwFoAUWocIIfvckxBtmgt8x2qxaEvfVdcwHQYDVR0OBBYEFCOJ +nPgjYULoGZabFjVqvDC9XoqCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBE +8ZcL9nvf0LT9xC+cY0M+u5LPMYNxkecfdmiF5H1xmtqQ+pyLB7lUIyeSE0FWSbFS +HxkKQAkO31yPfR0lvAkmJS8uVhZf7kiMfNhK/iHQA2LE4ubMmgyfbnAidPaVhPJ/ +waAqgUmU3waTfWo4RyKCWsWN6L95KJNO3HkS5l83zg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P123 subCAP12 +issuer=/C=US/O=Test Certificates/CN=Policies P123 CA +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx +MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYDVQQG +EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGlj +aWVzIFAxMjMgc3ViQ0FQMTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOll +J21WulD37Mn1rV21nTiHp+5zJm7d2iKVBk051MbS63EnC5jnUm0D6a5QJiQR8Ai2 +tuB17ppJED42WQtI7o8exytiya4Y4BvDOeGlVbVZSGgbk2vjlTzg+caDcAkVSzWD +YMs02A14NrbFODXEyAyJ7rsOTycvQorNHm6zUBvRAgMBAAGjgYswgYgwHwYDVR0j +BBgwFoAU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcwwHQYDVR0OBBYEFFqHCCH73JMQbZoL +fMdqsWhL31XXMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIB +MAEwDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAD9AiTI21pU5RaP49a5YdThygUEjL+Hvvoq4cbbg7dN3qbjYJBXUruTWyY+c +pSqrS3q3rUlt99O+9JFqZSX8LCVRMg0yWSlwymdeY8a5EBS099ZFB+r9v4tIndk0 +r1uaX/PyEiMNd+eT8GdxBwl+Jo+AHTvuHx0G9iRwLbS5Es0u +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1 +-----BEGIN CERTIFICATE----- +MIICnDCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAx +MjMgc3Vic3ViQ0FQMTJQMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MFsxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4G +A1UEAxMnRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq7BLYQUkQ5JoVVov7G3lnh8JAEwYq +LMbqpRCqw7cUk5pzpmQsxkZs6/Ucuz/aR9dCCaRZJ+YQ8GZSQ+igOWzOfGwugT2P +1F9uHaqW5hLEm4nKD0sCR7e+SSsZcVLDu43aKeP9M9W+eIiVgBDqqO/sIiP+H9lA +XGxBY7aZKR9PbQIDAQABo3wwejAfBgNVHSMEGDAWgBQjiZz4I2FC6BmWmxY1arww +vV6KgjAdBgNVHQ4EFgQU8kOeHdO942r3cR78izbu/QscRBMwDgYDVR0PAQH/BAQD +AgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBBQUAA4GBAB7JKK79k5557tO3m4Z6Ggwb+wna9YjHdiEEmFrP0CbG +ydKsCOn176W5roPXJfVz4LNWRaQ1VD9hJBRNk7l7hCgrbazLj9TtrU9RrklDu54/ +tyZH3BQrH0znl+dxlEgYdfzhd0XQhMP4AGAlIzZUANHCnmjRKkqikPNXO5bMpnza +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P123 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg +UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s +xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS +o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5 +ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt +gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww +DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB +ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD +gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM +jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext +cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY +kko1SxlW +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b: + 7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7: + 8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65: + 92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81: + 84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96: + 1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41: + 98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04: + ef:9d +-----BEGIN X509 CRL----- +MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/ +zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB +AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p +qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs +95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 subCAP12 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:5A:87:08:21:FB:DC:93:10:6D:9A:0B:7C:C7:6A:B1:68:4B:DF:55:D7 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 67:b8:b5:f3:01:89:95:0b:52:9b:23:ed:15:82:33:84:16:99: + d5:19:f9:2a:ba:7a:1a:fd:61:2e:32:9b:bf:50:d0:02:cc:b8: + 5e:0c:f9:8f:7d:6b:d7:ce:29:7d:cd:9a:0d:01:4a:c9:ef:38: + 13:2e:a6:46:a5:13:4a:ba:01:58:71:13:21:6a:52:1a:e5:2f: + c8:58:ba:dd:bb:b5:18:3e:a0:5b:94:3a:96:d0:47:05:fa:a4: + 84:37:c0:e4:5a:42:31:19:c3:86:cc:42:90:32:85:aa:e4:70: + 23:e2:cf:eb:fe:f3:fe:e0:83:17:bc:c4:15:07:0f:b8:c0:d9: + 57:d2 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAxMjMgc3Vi +Q0FQMTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFFqHCCH73JMQbZoLfMdqsWhL31XXMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAGe4tfMBiZULUpsj7RWCM4QWmdUZ+Sq6ehr9YS4ym79Q0ALMuF4M+Y99 +a9fOKX3Nmg0BSsnvOBMupkalE0q6AVhxEyFqUhrlL8hYut27tRg+oFuUOpbQRwX6 +pIQ3wORaQjEZw4bMQpAyharkcCPiz+v+8/7ggxe8xBUHD7jA2VfS +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:23:89:9C:F8:23:61:42:E8:19:96:9B:16:35:6A:BC:30:BD:5E:8A:82 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 38:53:72:c0:cb:e3:f9:84:7d:49:58:c4:73:96:61:3f:7d:1a: + 78:47:82:fa:be:2b:9a:55:99:d4:73:ad:49:14:9d:a3:3c:5e: + 99:66:20:f4:df:d9:c3:d3:03:61:75:0d:18:f6:c4:b8:29:0f: + e7:e3:e9:37:f3:0d:e0:74:a0:ef:8e:9f:fa:12:18:20:a2:8a: + 3a:bb:72:e6:20:4f:2a:2b:7f:22:5d:56:01:e8:fb:76:fd:62: + 44:16:83:a8:7e:53:4d:6a:4a:0c:94:10:64:85:02:07:1d:d3: + 28:57:9f:e7:57:65:99:37:99:f4:52:ae:de:5e:4f:5c:e9:08: + f2:cc +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAxMjMgc3Vi +c3ViQ0FQMTJQMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAUI4mc+CNhQugZlpsWNWq8ML1eioIwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAOFNywMvj+YR9SVjEc5ZhP30aeEeC+r4rmlWZ1HOtSRSdozxe +mWYg9N/Zw9MDYXUNGPbEuCkP5+PpN/MN4HSg746f+hIYIKKKOrty5iBPKit/Il1W +Aej7dv1iRBaDqH5TTWpKDJQQZIUCBx3TKFef51dlmTeZ9FKu3l5PXOkI8sw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem new file mode 100644 index 0000000000..0468f302f0 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem @@ -0,0 +1,210 @@ +subject=/C=US/O=Test Certificates/CN=Policies P12 subCAP1 +issuer=/C=US/O=Test Certificates/CN=Policies P12 CA +-----BEGIN CERTIFICATE----- +MIICfTCCAeagAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx +MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUG9saWNp +ZXMgUDEyIHN1YkNBUDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKniBOhW +3+GUH9cLSjfU8TnmUuKC8zu+bx+7Vd8N20wFU83y33ReAvzS9j5mBAT6qqLMg52i +t5h4ni8MAttxqQivCwZR6U+Mg2KMdHEAbvTp8ya69ZdGzc8StBaJ1OIIRHtRicl2 +Ek85wzHazjfWPtmnO0EaIzJImL3U24pAKDq3AgMBAAGjfDB6MB8GA1UdIwQYMBaA +FADjZemB1Ia5xx3n8zM5Bl5MEaX5MB0GA1UdDgQWBBRCiBzBeLdD2gCvvd66Q6fl +tWH/8jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYKVZU12G6lcEkxyRYlMJ +umN4xtytcDe50I4AFgMJlgCcLvupgFN+5QWwSGtdBpSrN3lDBFTUQ/ZrAL3O4nzA +HaKM6LaBCQS1//FE6qbi2UvRHfp8RoYUH4hM1nzTb7/Za0wsWTwegcz1uOZ4aLQ5 +M7QKfWfzax6EarTJ4jorUQA= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2 +issuer=/C=US/O=Test Certificates/CN=Policies P12 subCAP1 +-----BEGIN CERTIFICATE----- +MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFBvbGljaWVzIFAx +MiBzdWJDQVAxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTTELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQDExlQ +b2xpY2llcyBQMTIgc3Vic3ViQ0FQMVAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCgzy2UzpvEK8JSY1wMRMaoYi/MuP+Hkmtwerm88lsIWe07HlT55nuxjp5/ +vSPZEgCYm+wk0AU87yD2n6OkCJn+oUVbeucGoJSwuTEs7HK0YZq+RyYdzcoZ7Z4Z +EzNUC2I+vPj01u9NL0XBZLJ7g5h6Au8d3zGEkn6bEPk565LiewIDAQABo3wwejAf +BgNVHSMEGDAWgBRCiBzBeLdD2gCvvd66Q6fltWH/8jAdBgNVHQ4EFgQUZ+UNjYxs +KrtVbS3oIqoES3MriCowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI +AWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAESq+2Cg +vywkdxLqsugNl7K/+BK8s0yadUr/Q/DZKPALlPRaVW7GzKJ7aCGw1xRiMmkV5Z1Z +UjSdHXTJetXdNpCfjpVnnrAB9DjkA7RrKI1KTPxhnywtwQNTpD4gceRP6icRwaN6 +7Y/GlL6Fi1LbuHlGF94I9XchvB1mTQ0PF52O +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P12 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg +UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO +/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9 +WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0 +CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B +nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO +BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl +AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB +BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK +btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk +biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test8 +issuer=/C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2 +-----BEGIN CERTIFICATE----- +MIICmjCCAgOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVBvbGljaWVzIFAx +MiBzdWJzdWJDQVAxUDIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBb +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMDAuBgNV +BAMTJ0RpZmZlcmVudCBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxJrMY6Ju+VhfX1vaWidfiPUdCuUMy5lF +7s2Vle2r9FOQQ8se76y2jPKssqb3XIIG+VLRlS5GMp8T4t6VgLtE+gqb4mcBuIdV +KMwJtDrYnfNFML4yyCKSvh51ionton2akkJGnJ2POvQ4z7sLXrKKCKcGTWvbVqej +BwfkNvwk9KcCAwEAAaN8MHowHwYDVR0jBBgwFoAUZ+UNjYxsKrtVbS3oIqoES3Mr +iCowHQYDVR0OBBYEFOEf7/tJiP53/PPTMiuw+1ENh3KRMA4GA1UdDwEB/wQEAwIB +9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQUFAAOBgQAkAFezJ/Jf3nv9Kuw+VwXEuX91e8e8wClFff+eY0Af+kXl +fvUJnXN2TOh1iBU8C21WkavgIS9o8grJb3hbDpS03Yodnt/0151BiCMdLQI02sFK +mHABJwiZZlLj7peF4avVV4Piw4arjXD7Z1bKYlHOZeTHF1hgS/XINAc8IUsfDQ== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f: + df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9: + 4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38: + 86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb: + 77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05: + 70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77: + e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11: + 1d:72 +-----BEGIN X509 CRL----- +MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl +6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA +oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor +RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN +gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P12 subCAP1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:42:88:1C:C1:78:B7:43:DA:00:AF:BD:DE:BA:43:A7:E5:B5:61:FF:F2 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 38:85:fb:83:ec:f4:d5:e4:42:27:68:d3:d6:5f:c9:d5:60:4a: + fc:33:39:94:ce:d9:28:71:4e:fe:aa:e6:61:05:6b:1c:42:96: + 56:40:e4:48:e6:96:65:21:17:f2:e6:8e:69:50:6f:44:8f:33: + a3:8c:28:e9:f5:85:d6:de:55:bb:03:30:02:eb:bc:49:70:3b: + bb:12:c6:f0:8c:8e:d6:5f:3f:30:aa:58:a9:6a:4e:3e:46:a1: + f6:76:e7:a8:7d:28:e8:d8:44:32:58:76:88:f0:05:5f:37:27: + 03:28:e0:b3:88:c3:75:41:50:81:c2:fe:04:22:be:ea:4a:2b: + fc:a1 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFBvbGljaWVzIFAxMiBzdWJD +QVAxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBRCiBzBeLdD2gCvvd66Q6fltWH/8jAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQA4hfuD7PTV5EInaNPWX8nVYEr8MzmUztkocU7+quZhBWscQpZWQORI5pZl +IRfy5o5pUG9EjzOjjCjp9YXW3lW7AzAC67xJcDu7EsbwjI7WXz8wqlipak4+RqH2 +dueofSjo2EQyWHaI8AVfNycDKOCziMN1QVCBwv4EIr7qSiv8oQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:67:E5:0D:8D:8C:6C:2A:BB:55:6D:2D:E8:22:AA:04:4B:73:2B:88:2A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 25:a2:e2:75:db:ff:f0:10:9c:e2:59:90:7c:f9:c6:8e:63:cc: + d4:d1:19:7e:d4:97:09:0e:ea:09:59:88:13:b4:ec:07:f9:58: + 7d:fd:87:4e:85:00:16:e2:e4:54:c3:ec:fe:0e:bf:f3:ab:59: + af:49:e4:97:ba:c2:df:6e:45:e9:4f:e9:0e:4a:07:41:85:8e: + f5:7c:da:c7:21:73:33:37:ff:e1:e0:fc:ae:98:29:f6:04:2d: + d1:4b:54:a4:fb:ee:17:ae:4d:73:b9:ff:ca:6e:6d:56:c3:27: + d8:d2:b4:d5:9c:c6:3d:40:48:f9:37:8d:2f:22:bb:55:4f:84: + 07:65 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVBvbGljaWVzIFAxMiBzdWJz +dWJDQVAxUDIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFGflDY2MbCq7VW0t6CKqBEtzK4gqMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBACWi4nXb//AQnOJZkHz5xo5jzNTRGX7UlwkO6glZiBO07Af5WH39 +h06FABbi5FTD7P4Ov/OrWa9J5Je6wt9uRelP6Q5KB0GFjvV82schczM3/+Hg/K6Y +KfYELdFLVKT77heuTXO5/8pubVbDJ9jStNWcxj1ASPk3jS8iu1VPhAdl +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem new file mode 100644 index 0000000000..4b2ed859a9 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem @@ -0,0 +1,263 @@ +subject=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2 +issuer=/C=US/O=Test Certificates/CN=Policies P123 subCAP12 +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAx +MjMgc3ViQ0FQMTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBPMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMT +G1BvbGljaWVzIFAxMjMgc3Vic3ViQ0FQMTJQMjCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA/QzSHTVMWeTWiSZ9qa++M+UWF0AfCPT9oTdaLUwN0Tnb845G4Jh5 +Ov5u75dfUmAmvRM1brlhZoYZZa3cBvQP+1YoAOosVY1qy4xX/6OE2zqM45IRhyLd +VlAJ2WJ96jOpb/HV3vodX2vjDndDMMxKRXd0WIHzbC/aZGzWYXwUvfkCAwEAAaN8 +MHowHwYDVR0jBBgwFoAUWocIIfvckxBtmgt8x2qxaEvfVdcwHQYDVR0OBBYEFIvs +OfOjrm45cGR/aCtNVJAsjgXAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCg +uNxU4/XUIM6O0+DSr6607Epm4PaQEAnvLsgMdHGHCLXL0mwL/9sNnSXGQg08zVpa +k5RjmIGMD+UcMJ28kArNA9u3q4QNB5OXZtrhoPTGhBaBtwR3rL2ZEvQxUw67t2wV +TpBcguqwCt7IIuNbBOoN3Uilox3T4WptJ/A7+zW8oA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P123 subCAP12 +issuer=/C=US/O=Test Certificates/CN=Policies P123 CA +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx +MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYDVQQG +EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGlj +aWVzIFAxMjMgc3ViQ0FQMTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOll +J21WulD37Mn1rV21nTiHp+5zJm7d2iKVBk051MbS63EnC5jnUm0D6a5QJiQR8Ai2 +tuB17ppJED42WQtI7o8exytiya4Y4BvDOeGlVbVZSGgbk2vjlTzg+caDcAkVSzWD +YMs02A14NrbFODXEyAyJ7rsOTycvQorNHm6zUBvRAgMBAAGjgYswgYgwHwYDVR0j +BBgwFoAU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcwwHQYDVR0OBBYEFFqHCCH73JMQbZoL +fMdqsWhL31XXMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIB +MAEwDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAD9AiTI21pU5RaP49a5YdThygUEjL+Hvvoq4cbbg7dN3qbjYJBXUruTWyY+c +pSqrS3q3rUlt99O+9JFqZSX8LCVRMg0yWSlwymdeY8a5EBS099ZFB+r9v4tIndk0 +r1uaX/PyEiMNd+eT8GdxBwl+Jo+AHTvuHx0G9iRwLbS5Es0u +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test9 +issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1 +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIFBvbGljaWVzIFAx +MjMgc3Vic3Vic3ViQ0FQMTJQMlAxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0 +NTcyMFowWzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz +MTAwLgYDVQQDEydEaWZmZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVz +dDkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKiBlSODZy8jLC4WxxNVbFCA +SbxY2A4DLV2OXhCjWmUmHQvZhiXk2p/wQCX/9VMcX7XRH9a3JLM9l6ZSEIGVT6lO +R55lGOjNfpF8x+pGe/t0yPB/6ntPn5e9ZSNhDJDoYkJHfdplTFu2AZLbaVPlysXL +AoO69sbnDPVxAjxFX2zLAgMBAAGjazBpMB8GA1UdIwQYMBaAFNMqu/C1V0GVUt3P +qLuSnOARbnO8MB0GA1UdDgQWBBQg7JO9uU0ScBZcuzznmEWH36QRTzAOBgNVHQ8B +Af8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA +A4GBAEeaZ7Bsae+J0lNKAzqJhR4MHfT/5SBBazWGVSwIbpWl02esU9RtrStOTA8d +zcMp2eLg3KDI+XRsYkxFb+fmJDckIYhGk2g3B9kW1a24k8DetYIqOXtFvleJ55dG +iROwoCaH8/bW75CMK0alSXqJCAnTq+Pbg5i0nPX0ShJlSjAf +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1 +issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2 +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAx +MjMgc3Vic3ViQ0FQMTJQMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MFQxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEpMCcG +A1UEAxMgUG9saWNpZXMgUDEyMyBzdWJzdWJzdWJDQVAxMlAyUDEwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAMa9AAnNzFuqJqv1OdC4F1PtY4Lqcc+JJQBnnaIi +roTN/plb6fUL5m/SFbfSZnf/qQbYUkosko2p0cdF5VrblaCvx7vB6l12at9Zskn4 +wKneBrfSJUVDEgSyWm7mY6t1Fla7OSfywUObt1NWEzq3pyWoSKTIQxpMJ3jnYERr +/wJ9AgMBAAGjfDB6MB8GA1UdIwQYMBaAFIvsOfOjrm45cGR/aCtNVJAsjgXAMB0G +A1UdDgQWBBTTKrvwtVdBlVLdz6i7kpzgEW5zvDAOBgNVHQ8BAf8EBAMCAQYwFwYD +VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQEFBQADgYEAgk/D/ABBm/yIi8Qk1ISreDz7OgEaqXoqyrQY9uq3nf/Xzlmrktxe +C7bEDiYGugly0cHFHGProTJppes2ECdcVmrpXoIHSlbP3WucAOsWcyIW9tfH+Xsk +HAts3bXwDmfI5WEndwM+p6kMKwRsMT8/q8XJ3ZCNgsu34eoKRWhBzlQ= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P123 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg +UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s +xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS +o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5 +ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt +gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww +DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB +ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD +gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM +jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext +cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY +kko1SxlW +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b: + 7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7: + 8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65: + 92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81: + 84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96: + 1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41: + 98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04: + ef:9d +-----BEGIN X509 CRL----- +MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/ +zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB +AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p +qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs +95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 subCAP12 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:5A:87:08:21:FB:DC:93:10:6D:9A:0B:7C:C7:6A:B1:68:4B:DF:55:D7 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 67:b8:b5:f3:01:89:95:0b:52:9b:23:ed:15:82:33:84:16:99: + d5:19:f9:2a:ba:7a:1a:fd:61:2e:32:9b:bf:50:d0:02:cc:b8: + 5e:0c:f9:8f:7d:6b:d7:ce:29:7d:cd:9a:0d:01:4a:c9:ef:38: + 13:2e:a6:46:a5:13:4a:ba:01:58:71:13:21:6a:52:1a:e5:2f: + c8:58:ba:dd:bb:b5:18:3e:a0:5b:94:3a:96:d0:47:05:fa:a4: + 84:37:c0:e4:5a:42:31:19:c3:86:cc:42:90:32:85:aa:e4:70: + 23:e2:cf:eb:fe:f3:fe:e0:83:17:bc:c4:15:07:0f:b8:c0:d9: + 57:d2 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAxMjMgc3Vi +Q0FQMTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFFqHCCH73JMQbZoLfMdqsWhL31XXMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAGe4tfMBiZULUpsj7RWCM4QWmdUZ+Sq6ehr9YS4ym79Q0ALMuF4M+Y99 +a9fOKX3Nmg0BSsnvOBMupkalE0q6AVhxEyFqUhrlL8hYut27tRg+oFuUOpbQRwX6 +pIQ3wORaQjEZw4bMQpAyharkcCPiz+v+8/7ggxe8xBUHD7jA2VfS +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8B:EC:39:F3:A3:AE:6E:39:70:64:7F:68:2B:4D:54:90:2C:8E:05:C0 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 9a:7c:38:8c:95:0d:e2:8e:c6:fb:4c:43:f5:4f:c6:0f:4b:ec: + 2e:bb:a1:8b:67:77:3f:7f:55:8a:02:ed:2a:f0:4e:0a:7c:e8: + d8:c1:26:37:47:28:ba:e5:47:de:79:74:30:b4:a1:66:8f:bd: + 8e:7d:9a:4f:37:52:71:ad:c6:50:b1:fb:ce:eb:0b:f0:58:54: + a8:22:51:9f:d5:d3:92:06:20:35:f6:e2:4b:8e:7f:a8:12:f8: + 38:a3:51:fb:cd:92:4b:2d:40:2f:f9:b9:ff:25:4d:f0:7d:9d: + 20:00:e3:eb:94:24:fe:05:ed:e2:b3:7e:fc:fb:1b:c1:4e:cf: + 9d:30 +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAxMjMgc3Vi +c3ViQ0FQMTJQMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAUi+w586OubjlwZH9oK01UkCyOBcAwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAmnw4jJUN4o7G+0xD9U/GD0vsLruhi2d3P39VigLtKvBOCnzo +2MEmN0couuVH3nl0MLShZo+9jn2aTzdSca3GULH7zusL8FhUqCJRn9XTkgYgNfbi +S45/qBL4OKNR+82SSy1AL/m5/yVN8H2dIADj65Qk/gXt4rN+/PsbwU7PnTA= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D3:2A:BB:F0:B5:57:41:95:52:DD:CF:A8:BB:92:9C:E0:11:6E:73:BC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 37:cf:8e:70:a0:12:c6:cf:ee:13:28:cd:1d:e3:f8:8c:6b:09: + fd:d7:31:1a:c3:2c:77:f5:13:3e:ff:6e:b7:23:0d:4d:33:3f: + a1:f4:37:4d:c2:84:0f:6d:2a:25:df:40:f8:25:96:40:7a:fb: + 59:29:4e:99:c8:8d:63:7b:23:b6:c8:eb:72:70:8e:f3:ca:5a: + 2a:36:bb:c6:9a:80:45:63:49:c9:9f:68:32:90:84:e4:a6:ca: + 22:52:d9:99:16:fa:34:93:38:ec:ba:f9:81:0d:26:b9:5b:03: + 3b:0a:ce:85:43:8e:bd:47:ca:de:50:4b:42:e8:97:91:74:12: + ac:5a +-----BEGIN X509 CRL----- +MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIFBvbGljaWVzIFAxMjMgc3Vi +c3Vic3ViQ0FQMTJQMlAxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w +LTAfBgNVHSMEGDAWgBTTKrvwtVdBlVLdz6i7kpzgEW5zvDAKBgNVHRQEAwIBATAN +BgkqhkiG9w0BAQUFAAOBgQA3z45woBLGz+4TKM0d4/iMawn91zEawyx39RM+/263 +Iw1NMz+h9DdNwoQPbSol30D4JZZAevtZKU6ZyI1jeyO2yOtycI7zyloqNrvGmoBF +Y0nJn2gykITkpsoiUtmZFvo0kzjsuvmBDSa5WwM7Cs6FQ469R8reUEtC6JeRdBKs +Wg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem new file mode 100644 index 0000000000..f8cfbfdebc --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Bad CRL Issuer Name CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfDCCAeWgAwIBAgIBCTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWQmFkIENSTCBJ +c3N1ZXIgTmFtZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8VTZxnGg +pV60/E3F2RBR9N0VgI/w8ZdVENnRoqcpmY276I2t0UaRM95qNori4u/6Rb6RI6Jy +BL5dPaJuS4hoVphnqLjMMF+huDF61ov49vcOtMo9Qw7NJYgeoINC4KcUrxvn5O33 +IjvyvGkMbrzczslZh1IaGrquWlS9DQDv3jECAwEAAaN8MHowHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMg02+C1YxZR0VCkMtLFWfhD +jOBnMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCYg+l+IX369jmWSOMWB2Gw +tuancmzEylYvy1g4di3sVNNOTRaST6hG6M0QkyVJDpr5wYwDCAu1me4CkJlaRHT9 +RZB8rW2LK9ydBJG5peFQa8QPQv9phrb4Hc7/2xjr0Eq6sUAQOBsCL09IY5pi2jxH +o4m0vETRDlhl/Lqsc3dLTQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Bad CRL Issuer Name EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=Bad CRL Issuer Name CA +-----BEGIN CERTIFICATE----- +MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFkJhZCBDUkwgSXNz +dWVyIE5hbWUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBkMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxOTA3BgNVBAMT +MEludmFsaWQgQmFkIENSTCBJc3N1ZXIgTmFtZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0 +NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmWwjDb3FCLH56CnXApSXwVHB +KUEdYLsDL5afA0uwYq3CutM9nFTfpI4wfWoh8z8rbcyzMhNU/b90XnkcJeUlLe4R +GVC87g/Oh67ONY431E5nS0t2mU3gA5A+QJwCJ5GgkoRJy4aZS7IhIVayya97aITa +eeInMge1hpOIbhG4RWMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUyDTb4LVjFlHRUKQy +0sVZ+EOM4GcwHQYDVR0OBBYEFLIo4xfziwpQ8zkzEpaYHC7RAmffMA4GA1UdDwEB +/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQAD +gYEAYRbr0XdXa3sve8krgu8sJ/Dj90/LJexPg4kRViyO7965tP3sBCNUAIO1Q8QW +n27WeL4IjVXDSrspE/72yM2b8MNWJ4phd+PJMkQb+ioBbC8qPrNvnesSKPbqNcDR +qLz/G2oPMHBWA5zuzG1O2ecxU1MLUV3tY4QxY1oNRuMunPo= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Incorrect CRL Issuer Name + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:C8:34:DB:E0:B5:63:16:51:D1:50:A4:32:D2:C5:59:F8:43:8C:E0:67 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 2a:95:96:bc:9d:a1:bc:e9:8b:10:db:0c:3a:19:c0:f6:b3:bc: + a0:15:ef:97:6c:c5:83:6b:e6:ee:c3:8b:fa:54:c7:86:7b:ba: + e8:73:c0:9d:d6:e5:1a:90:74:4c:8c:71:bf:ce:81:e7:36:df: + 95:4a:d8:6a:71:e6:16:6a:20:ab:9b:7b:de:eb:c6:ec:2e:83: + e9:0d:61:4f:62:df:3b:5f:02:28:98:01:04:5b:d7:19:18:1a: + f9:18:63:83:62:2f:de:0b:9f:a8:5a:d4:8b:91:5b:94:cf:bf: + 44:d8:18:71:89:fd:99:14:c9:92:7a:a0:6b:ed:15:13:5d:37: + 91:fd +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGUluY29ycmVjdCBDUkwgSXNz +dWVyIE5hbWUXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFMg02+C1YxZR0VCkMtLFWfhDjOBnMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBACqVlrydobzpixDbDDoZwPazvKAV75dsxYNr5u7Di/pUx4Z7uuhz +wJ3W5RqQdEyMcb/Ogec235VK2Gpx5hZqIKube97rxuwug+kNYU9i3ztfAiiYAQRb +1xkYGvkYY4NiL94Ln6ha1IuRW5TPv0TYGHGJ/ZkUyZJ6oGvtFRNdN5H9 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem new file mode 100644 index 0000000000..6fd7c1dc31 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Bad CRL Signature CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICejCCAeOgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUQmFkIENSTCBT +aWduYXR1cmUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJdogWv9CPXo +9rQEcxwXXws6b/WT7R/AspFsq4aVO/l7puHNxGIQybx5jK5W55wqPtHa5PPGSpJA +YkcuKVXL1ZqZh8A+VenvazNg0XoldwJZalTN0AwR3FprLL3cXYIwu8FFFERp8l/S +YgHz8wHRlA37Ph4a7cU78oLWK0wziElzAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts +1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBT7CxX9unvmOEiZWhVgVVCXqjZs +QzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAmZ8+7Hn2elBnvNREi2gDIa3P +POFc8RHEq6ajCkhgeJoQRygSFdfenhTKGtfvet/3j6hBZRHEVI2e8x5yiyBN/ZKV +SAdRCjXTg99nJJtkkqDhifkO5uUaxfcgj2LFt9DI7/b/jZzlNSD8BXqcifbjAf1s +IIlWmY0HVZgwucYLmC8= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Bad CRL Signature EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=Bad CRL Signature CA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBDUkwgU2ln +bmF0dXJlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYjELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcwNQYDVQQDEy5J +bnZhbGlkIEJhZCBDUkwgU2lnbmF0dXJlIEVFIENlcnRpZmljYXRlIFRlc3Q0MIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQDbS7uYXT/RjXcp9qBIMFgzo5WJJA +3/1rXCiA/BzowTDl87A4iGOmZ+LEkwpLarYI8mFzGmQAVIlJCn3KlTO4AuTWaMth +VZPgVZ5gVxVHQbqdb2VZXHVJGYB/yn+PJrghL5uy+kv9qzocq/jUrEHcnvBTQ+iI +8mutd/z8C/Qy9QIDAQABo2swaTAfBgNVHSMEGDAWgBT7CxX9unvmOEiZWhVgVVCX +qjZsQzAdBgNVHQ4EFgQUK1L621YMk2XrXnaVZG9PC/61mSYwDgYDVR0PAQH/BAQD +AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQA5 +Kis0tSW5S+c/zwTmKqh6DTRRISk2nn+KeQSUJdi6YXcuX3YIX/P4SxWNQ46dwKDl +lNNDVR3u7fiwwYf9BxICorMqY2FhrdFOoGclO1mCpRuBMhmER7hWivrftdi7ekeE +2aEHKWWnWwzU/qs6Z/6FK9waN4GviF8X+sqt/EHo+A== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Bad CRL Signature CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:0B:15:FD:BA:7B:E6:38:48:99:5A:15:60:55:50:97:AA:36:6C:43 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 68:7d:ef:9b:2c:27:82:c2:3c:2f:16:6a:09:27:73:ac:90:da: + 2e:66:07:a0:f4:c2:4e:4c:3a:52:02:f7:23:dc:52:f5:3e:2e: + 94:29:22:b8:f4:f1:c7:44:85:5e:84:8a:6e:37:5c:84:16:5e: + 70:b5:f5:13:81:8e:89:09:b6:48:0e:51:9c:15:94:21:f1:21: + e6:38:14:50:a4:c3:85:4c:84:e9:eb:f6:b7:6a:a4:cc:12:02: + a5:0f:42:af:9a:1c:d9:c0:4c:98:c3:1c:12:2e:f7:84:d8:fa: + 24:4b:68:3c:20:c6:7c:60:78:d6:46:37:68:28:4f:81:c1:b7: + 32:30 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBDUkwgU2lnbmF0dXJl +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBT7CxX9unvmOEiZWhVgVVCXqjZsQzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQBofe+bLCeCwjwvFmoJJ3OskNouZgeg9MJOTDpSAvcj3FL1Pi6UKSK49PHH +RIVehIpuN1yEFl5wtfUTgY6JCbZIDlGcFZQh8SHmOBRQpMOFTITp6/a3aqTMEgKl +D0KvmhzZwEyYwxwSLveE2PokS2g8IMZ8YHjWRjdoKE+BwbcyMA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem new file mode 100644 index 0000000000..a70e68731c --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem @@ -0,0 +1,175 @@ +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs +Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB +qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv +wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww +ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8 +twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8 +zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV +3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg +hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +-----BEGIN CERTIFICATE----- +MIICqzCCAhSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt +SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0 +MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj +YXRlczFHMEUGA1UEAxM+SW52YWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2ln +bmluZyBLZXkgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBANehtRiWYBhPipRRR0tIxuV4U49+DofUBRVQP5JDT79DtTbKaVOR +HWgSi30ZrKSm3WkblfZoncF9ZMN/ocoqxeUNXwBqp8/wJYbE6js5YwBGTsfi3UfP +s14vC1mU4ssE+ogwozLkXRcJGuFtJwNTZcEf43OkjdjLWiIH5DVhj9ZXAgMBAAGj +azBpMB8GA1UdIwQYMBaAFEnJ/LcDPGdtCgCTqeTWpR6SH7URMB0GA1UdDgQWBBTa +6ZIK1lgoOotgyyB2SLZbDxCDHDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAA/4ne7fgjMJuty5+P1V3QiH +TxmpO+boz9+NO3Wc2Nj23sToATQqIcc6W1G3yKbN7uQEXtHgtPcIz5diAIJ8JNQl +INBUxGlFASTWHNfnNJDgN7lwn4VjSAE7HzEKIJ3+HVTXI6+mdiCl/IYL9q02KSGi +djAHT73bFgK6ydVH8Cal +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +-----BEGIN CERTIFICATE----- +MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt +SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0 +MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj +YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5 +IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI +9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j +gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6 +KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt +CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV +HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6 +MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm +LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS +h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy +4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr +YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8: + 1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5: + 9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad: + 05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6: + b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94: + 1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb: + 77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a: + 02:f8 +-----BEGIN X509 CRL----- +MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk +IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j +BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix +yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ +0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0x.v.t.r0p1.0...U....US1.0...U. +..Test Certificates1E0C..U...<Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 2e:12:1f:54:36:68:73:b2:5c:f6:11:48:f1:d6:7a:bf:ce:1d: + d9:21:7a:96:29:44:bc:83:26:d8:8c:f5:11:36:9a:f1:23:78: + 57:00:8b:13:c6:74:57:4d:3d:ba:ee:d4:ac:d4:40:b1:d0:80: + 91:f1:06:81:91:ba:a4:f8:1e:c7:6b:d6:20:3c:92:26:23:94: + 80:33:df:c7:3b:ac:fc:94:ea:e8:3d:d0:37:c1:d5:e9:ba:53: + 83:9e:26:ed:da:fb:10:0a:6e:d8:cd:d7:20:42:2c:d6:7d:18: + 32:6b:75:2a:3c:51:03:dd:4d:a1:80:e6:d8:95:6a:2c:b0:b6: + 72:31 +-----BEGIN X509 CRL----- +MIIB2zCCAUQCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMS0wKwYDVQQDEyRCYXNpYyBTZWxmLUlzc3Vl +ZCBDUkwgU2lnbmluZyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFqggbcwgbQwHwYDVR0jBBgwFoAUScn8twM8Z20KAJOp5NalHpIftREwCgYDVR0U +BAMCAQEwgYQGA1UdHAEB/wR6MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0 +IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJ +KoZIhvcNAQEFBQADgYEALhIfVDZoc7Jc9hFI8dZ6v84d2SF6lilEvIMm2Iz1ETaa +8SN4VwCLE8Z0V009uu7UrNRAsdCAkfEGgZG6pPgex2vWIDySJiOUgDPfxzus/JTq +6D3QN8HV6bpTg54m7dr7EApu2M3XIEIs1n0YMmt1KjxRA91NoYDm2JVqLLC2cjE= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem new file mode 100644 index 0000000000..1865a68006 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem @@ -0,0 +1,175 @@ +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs +Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB +qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv +wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww +ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8 +twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8 +zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV +3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg +hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test8 +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +-----BEGIN CERTIFICATE----- +MIICqzCCAhSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt +SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0 +MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj +YXRlczFHMEUGA1UEAxM+SW52YWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2ln +bmluZyBLZXkgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAKvhIgfCe7osai3K6RoZSmpIrNAB/YJ7ImOrOZihxenRuEczoaGn +0dC3ajSeX3sg2RIomf4JTDpzcBM2swr8JOcChUwnFzOZ/Fz6Q6OREST65hRxXECk +GbkjgRrFnTgv3/s/v9Ilt/GbdIcgBxJ1797Fr+rOEDkwld4TGgIAIOO/AgMBAAGj +azBpMB8GA1UdIwQYMBaAFA9yyjNDqcQRUatj2kSHD2Gk9L5HMB0GA1UdDgQWBBRx +0uz3/5i8F8pGl1n7xes8mS3ymzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBABvl4GhXI+6jjTcXaeraQVtN +9WsB0kIXPXptGui6yVAMTsB6MhCgqlhY3xihDUJIIXRy1oV4efSfFO7UbRWOoN5T +MikwqCAVoLnl3KAZZ4qXuwi6+OIUSXx0m8CfPRNAYdEAHCHJT+KFR8wtY4eAgyVw +ZVhFDwnSxbqX6ThJ5wdN +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +-----BEGIN CERTIFICATE----- +MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt +SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0 +MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj +YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5 +IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI +9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j +gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6 +KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt +CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV +HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6 +MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm +LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS +h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy +4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr +YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8: + 1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5: + 9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad: + 05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6: + b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94: + 1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb: + 77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a: + 02:f8 +-----BEGIN X509 CRL----- +MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk +IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j +BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix +yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ +0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0x.v.t.r0p1.0...U....US1.0...U. +..Test Certificates1E0C..U...<Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 2e:12:1f:54:36:68:73:b2:5c:f6:11:48:f1:d6:7a:bf:ce:1d: + d9:21:7a:96:29:44:bc:83:26:d8:8c:f5:11:36:9a:f1:23:78: + 57:00:8b:13:c6:74:57:4d:3d:ba:ee:d4:ac:d4:40:b1:d0:80: + 91:f1:06:81:91:ba:a4:f8:1e:c7:6b:d6:20:3c:92:26:23:94: + 80:33:df:c7:3b:ac:fc:94:ea:e8:3d:d0:37:c1:d5:e9:ba:53: + 83:9e:26:ed:da:fb:10:0a:6e:d8:cd:d7:20:42:2c:d6:7d:18: + 32:6b:75:2a:3c:51:03:dd:4d:a1:80:e6:d8:95:6a:2c:b0:b6: + 72:31 +-----BEGIN X509 CRL----- +MIIB2zCCAUQCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMS0wKwYDVQQDEyRCYXNpYyBTZWxmLUlzc3Vl +ZCBDUkwgU2lnbmluZyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFqggbcwgbQwHwYDVR0jBBgwFoAUScn8twM8Z20KAJOp5NalHpIftREwCgYDVR0U +BAMCAQEwgYQGA1UdHAEB/wR6MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0 +IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJ +KoZIhvcNAQEFBQADgYEALhIfVDZoc7Jc9hFI8dZ6v84d2SF6lilEvIMm2Iz1ETaa +8SN4VwCLE8Z0V009uu7UrNRAsdCAkfEGgZG6pPgex2vWIDySJiOUgDPfxzus/JTq +6D3QN8HV6bpTg54m7dr7EApu2M3XIEIs1n0YMmt1KjxRA91NoYDm2JVqLLC2cjE= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem new file mode 100644 index 0000000000..51a795fa99 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem @@ -0,0 +1,175 @@ +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBFDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs +Zi1Jc3N1ZWQgT2xkIEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +q8Gbt04t1VYDzow3lv3G+lNNQ/gCP0fz7/PBxNPzAwluA2Qzeix8gg74cXMpRe8u +PosT3EZZ9iK1PyFmcNq+CjzCuvi8d+1gaGS36wkcQBB6g7HiKRQ8ERQ4cEE6CH21 +ntbFzVbn3d+NofzVo6e1AIdHDNPm7G0+F6f034Lo508CAwEAAaN8MHowHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPqiarnu+k/Fcp11 +00t6bYzkXDkkMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBzQl++7X/MYd9h +3E0XroNDuD8TflER0UTgWOwN5UO8BXz8j402hmhEPyw66u6R27V7U1/wf8wtCAli +W7LnTcJKWFy9HKnpibiz50ike8zgsVmv1godVgDn/xvQPRAnWq+OX9Abc+6OTqiw +aDNRQp2WD1ph+daLu1XQgeAoD4Gajw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued New With Old EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA +-----BEGIN CERTIFICATE----- +MIICoDCCAgmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt +SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBvMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBC +BgNVBAMTO0ludmFsaWQgQmFzaWMgU2VsZi1Jc3N1ZWQgTmV3IFdpdGggT2xkIEVF +IENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCT +jnQuWQQfSAPHMxbQs5/JPin7talEYrAwqnyOVuFLu5omsqP9HAX7nkKxNRfOUlP6 +af7Ha9u8C+frLG5WwPmnf9XYIBaisUdEiga8saNMEGChSlZmaPoLD/LTNlCcwCEt +HaHuhAAN62AgP9WMXsrfctRTccjIaQVsJnnTOCUAqwIDAQABo2swaTAfBgNVHSME +GDAWgBT6omq57vpPxXKdddNLem2M5Fw5JDAdBgNVHQ4EFgQUUw9DlHqj5ferws7b +XdljGKM4E7cwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATANBgkqhkiG9w0BAQUFAAOBgQAzzPXRKubQgAmne7+Rqggy+8Ezi3Q7+1cNjILV +wVSnnVggqbd6C/cOV9P4aw1ljohm6fH5IXxfCpP1UqahccTT/m0482gfIxmCobF4 +MBi/cq6qlhQQIjBxGRkyysQIb911FCME2mVUlLQJbjkgpzl6oMu0M2Lt8m8ypgVf +YqDhRA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA +-----BEGIN CERTIFICATE----- +MIIDETCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt +SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj +BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBALQ4a61C9wpu5W0cACccONm+QLNESmbHtLwy498fByU6 +h5UnHkutUfy7DbIv3rELFXUd2yM5xQI/QuQZ20EjXOZiCSJEcvzfoAyFLrAPf1pN +xQybX5HhLnJK+oGlwmD4ZatL7oDqV5IhlIS0So7g+SBOCh5lkKdzbH3l6D7nQXSD +AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAU+qJque76T8VynXXTS3ptjORcOSQwHQYD +VR0OBBYEFBu6jCGHcwcFmPrrudlvQaRF1YbqMA4GA1UdDwEB/wQEAwIBBjAXBgNV +HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDBy +MHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm +LUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAHDVnYLXKN//Mu1w +BZS8DbfQ8p/DlXZ0n9EmdXRzoHXReDWeOaoiHU1H1HNJcLMe4YgEjsttTEBGfsZo +OvyNNUZ7C/oQymaDykP9W/m1TX3ZVLmx96zj36gCkVPczoG78kQ5zVjoLl5G5BJQ +4YX3NumsNd2WpHY34K21Cd/KJ5KJ +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:1B:BA:8C:21:87:73:07:05:98:FA:EB:B9:D9:6F:41:A4:45:D5:86:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 62:de:93:8c:36:dd:b2:71:56:bb:4e:e4:32:37:51:de:6e:19: + 01:dd:3e:25:8c:d4:81:7e:fc:66:54:74:0d:32:30:d2:11:49: + dc:ad:6a:b4:fc:8f:ec:e6:56:fe:e6:ec:53:9e:41:66:31:2c: + ee:3a:be:bd:74:34:9b:71:c1:67:1d:3b:28:04:b9:85:e5:72: + cd:f0:2b:a7:d9:d5:e3:43:25:4a:52:2e:79:24:52:cf:75:e1: + 3c:35:82:d1:5d:1e:f6:05:8b:45:24:67:ed:84:9f:c7:8d:c0: + 19:55:5e:52:76:3e:2f:f4:af:13:ae:d8:24:a3:17:68:5d:b5: + 45:74 +-----BEGIN X509 CRL----- +MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk +IE9sZCBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEE +Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFBu6 +jCGHcwcFmPrrudlvQaRF1YbqMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB +AGLek4w23bJxVrtO5DI3Ud5uGQHdPiWM1IF+/GZUdA0yMNIRSdytarT8j+zmVv7m +7FOeQWYxLO46vr10NJtxwWcdOygEuYXlcs3wK6fZ1eNDJUpSLnkkUs914Tw1gtFd +HvYFi0UkZ+2En8eNwBlVXlJ2Pi/0rxOu2CSjF2hdtUV0 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FA:A2:6A:B9:EE:FA:4F:C5:72:9D:75:D3:4B:7A:6D:8C:E4:5C:39:24 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0p.n.l.j0h1.0...U....US1.0...U. +..Test Certificates1=0;..U...4Self-Issued Cert DP for Basic Self-Issued Old Key CA +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8c:6b:ec:1f:5b:3d:31:1c:fe:c6:40:ca:e3:c5:52:30:a0:9a: + 55:ee:f8:c3:bd:cd:b1:45:d0:7f:44:f6:42:1c:0f:b9:df:8f: + 4d:25:0b:ba:5b:bd:0c:68:c2:ce:b0:c4:17:e7:be:81:de:73: + 55:5c:6b:d6:3d:e5:e2:18:31:d7:5f:6e:1d:4b:0b:31:cd:44: + fe:29:d5:27:77:f5:83:bc:ee:3f:46:31:d5:66:5a:a1:9b:1f: + 16:d0:8c:ef:ae:bb:36:75:a4:b3:62:be:16:cd:de:b8:90:bd: + 5f:26:1f:a7:d8:1e:59:ce:27:af:ee:ab:de:9d:1d:66:ef:9e: + 49:cb +-----BEGIN X509 CRL----- +MIIByjCCATMCAQEwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3Vl +ZCBPbGQgS2V5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIGuMIGr +MB8GA1UdIwQYMBaAFPqiarnu+k/Fcp1100t6bYzkXDkkMAoGA1UdFAQDAgEBMHwG +A1UdHAEB/wRyMHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg +Q2VydGlmaWNhdGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBC +YXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAIxr +7B9bPTEc/sZAyuPFUjCgmlXu+MO9zbFF0H9E9kIcD7nfj00lC7pbvQxows6wxBfn +voHec1Vca9Y95eIYMddfbh1LCzHNRP4p1Sd39YO87j9GMdVmWqGbHxbQjO+uuzZ1 +pLNivhbN3riQvV8mH6fYHlnOJ6/uq96dHWbvnknL +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem new file mode 100644 index 0000000000..e0924953b8 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem @@ -0,0 +1,134 @@ +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBEzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs +Zi1Jc3N1ZWQgTmV3IEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +tCkygqcMEOy3i8p6ZV3685us1lOugSU4pUMRJNRH/lV2ykesk+JRcQy1s7WS12j9 +GCnSJ919/TgeKLmV3ps1fC1B8HziC0mzBAr+7f5LkJqSf0kS0kfpyLOoO8VSJCip +/8uENkSkpvX+Lak96OKzhtyvi4KpUdQKfwpg6xUqakECAwEAAaN8MHowHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFK+5+R3CRRjMuCHi +p0e8Sb0ZtXgoMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCuRBfDy2gSPp2k +ZR7OAvt+xDx4toJ9ImImUvJ94AOLd6Uxsi2dvQT5HLrIBrTYsSfQj1pA50XY2F7k +3eM/+JhYCcyZD9XtAslpOkjwACPJnODFAY8PWC00CcOxGb6q+S/VkrCwvlBeMjev +IH4bHvAymWsZndBZhcG8gBmDrZMwhQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA +-----BEGIN CERTIFICATE----- +MIICkjCCAfugAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt +SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj +BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBLZXkgQ0EwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBANa7RRhusOV0Ub10qBKMsUMG7QViaonYz0IcJLX0FKEI +EpTq0SV6NeVjjzmcrSrzjHQfJpkywOHRiMw7XvYunmzlwGSoD6TW1ZUYVDaQbKUT +oWooVoCzVstf6AsZiJiHQtBt4x4OHap7QRcJdlh7aPhp6TR+zq8gB1HsG8yUlG0x +AgMBAAGjfDB6MB8GA1UdIwQYMBaAFK+5+R3CRRjMuCHip0e8Sb0ZtXgoMB0GA1Ud +DgQWBBTJW9PRvwbxAcF5XLtzDY1MRsst2TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g +BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF +BQADgYEAhIZ09WrNK3jX+b8HugQygNCBEVVfX7TOCCFkmRaxp4R/QBHWvcts0YQT +6M5ZC6b877id6zRYegHadKekVVqwFbLKEO0MnpD2yGhGgDpbil2HlEaQ9yKQXpGF +CBx05/e7jkNhk/zGDsBqmNzkozrJOYBohkwUOjVFkAuLyovPhTY= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued Old With New EE Certificate Test2 +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA +-----BEGIN CERTIFICATE----- +MIICoDCCAgmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt +SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBvMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBC +BgNVBAMTO0ludmFsaWQgQmFzaWMgU2VsZi1Jc3N1ZWQgT2xkIFdpdGggTmV3IEVF +IENlcnRpZmljYXRlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv +b2Xj8btEB2QsPM7mVVrsnON6Aw/LdDQc2nszxDNBn133XQWeVkHORkod3p9DEg4i +TEdCG+rweF78vMSAhWAucXcFC59NAjUgxMiaIneUK2lKDW3afmmLHzV3nHjlNkj2 +DN/BvUmo3Pp2lhrmdTY1WFfvQdueeiZKbCB5dor8+QIDAQABo2swaTAfBgNVHSME +GDAWgBTJW9PRvwbxAcF5XLtzDY1MRsst2TAdBgNVHQ4EFgQUJuUNG88pizoZguKT +iPPiMZLmggYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATANBgkqhkiG9w0BAQUFAAOBgQDGIVBl9ctXIMIN1Zy2QYgGnP8POYBiHPRkHZwT +IGhox7QsinsIS/Lc83H8Y4OeUaJWrGGL2HkSTR/eQgSFGwf2u297IhHOwtutllNJ +MvzlnvuG6uNAfRCuJftf8hSU3ouJoVVCi9CuCg1IhW6Eg61/oFIqZW33Jr6EvI8R +WDDSrQ== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AF:B9:F9:1D:C2:45:18:CC:B8:21:E2:A7:47:BC:49:BD:19:B5:78:28 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 73:fe:c5:db:86:ee:6b:0e:f8:68:85:d2:0d:c1:44:01:d1:33: + 5d:9a:42:14:a7:a9:20:bd:38:30:c1:f1:3e:c1:b8:d9:4c:ba: + fd:3d:7c:a9:66:5f:94:fa:46:e8:23:94:4e:8d:09:1c:45:6b: + 21:ce:b5:cf:3f:e6:18:33:d0:ac:a6:ea:c5:f9:32:6e:75:31: + 79:6b:1a:8e:50:05:86:89:f9:f3:e9:8f:67:e7:93:b7:d3:05: + b0:9f:2c:97:9c:b7:7e:01:7e:c6:5e:f8:72:4d:11:6b:9d:30: + f2:69:df:68:5d:aa:a0:84:f1:07:68:15:fd:93:f6:14:a1:f9: + 90:ce +-----BEGIN X509 CRL----- +MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk +IE5ldyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgED +Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFK+5 ++R3CRRjMuCHip0e8Sb0ZtXgoMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB +AHP+xduG7msO+GiF0g3BRAHRM12aQhSnqSC9ODDB8T7BuNlMuv09fKlmX5T6Rugj +lE6NCRxFayHOtc8/5hgz0Kym6sX5Mm51MXlrGo5QBYaJ+fPpj2fnk7fTBbCfLJec +t34BfsZe+HJNEWudMPJp32hdqqCE8QdoFf2T9hSh+ZDO +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem new file mode 100644 index 0000000000..520f583902 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Invalid CA Signature Test2 +issuer=/C=US/O=Test Certificates/CN=Bad Signed CA +-----BEGIN CERTIFICATE----- +MIICcDCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDUJhZCBTaWduZWQg +Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGkludmFsaWQg +Q0EgU2lnbmF0dXJlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw +QAB1tOhQDQfPXGHNyIA/wyXWG+GAx10kyG++1vTg81Le2VcCJjiZqVFLmLfBA9n1 +cD4b9zSs2MrdUpnwVRWbHmeVYLW558PktB5UwAoEPQuV73PuRiN3GQQULGgh2AlF +k8PciufvFGkmYEco5d8AEM9Gv3QIgOKEraQME0I/NQIDAQABo2swaTAfBgNVHSME +GDAWgBRCG2+XCyN5H8EIV546pgqckIgf2DAdBgNVHQ4EFgQUfIdcwY2/jxziMCvk +H33rpDMUuV4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATANBgkqhkiG9w0BAQUFAAOBgQBgBJI+iPa3EWEHQqZr88JOAiU+tMO54vqLZ56J +visDO48tZuOHCSkrqHvBzsabiTuHjDvcHtivavtV43IyHAnyrajntNrs4lPBJlr3 +XvTn5qVlsmuNGJqUrbxiyeNH/y1OB1Embx/RaoSOy0ffruRpL5PXyFvhn9z30I8f +2zkCOA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Bad Signed CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICczCCAdygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEExCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEWMBQGA1UEAxMNQmFkIFNpZ25l +ZCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA16COIB4MAs+kpSoCuSHv +grtYTFABazGQDi3rvkQzAbL4QlKE64PAaeN4S3E9A1wg7uWYiru7ZM2D4k6grNKR +3QGx9APutE7yZHZt8Wd2upDOP62BTYHPrP7hWBSDWBmOKi367A3eviObljIH6BeF +EY6XcgDZg3o5AisPFzKK/pECAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6 +ng2wPOqavIf/SeowHQYDVR0OBBYEFEIbb5cLI3kfwQhXnjqmCpyQiB/YMA4GA1Ud +DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw +AwEB/zANBgkqhkiG9w0BAQUFAAOBgQASa6C+NTUfhhObLuxx8/8DFxAuEv5l+BQV +S7NV/MAZBPHBSw89ffEPEfbxBTcBYRI+UP59a/zHrzscTSqri7WoTEy/8tKIegHd +QDjTSXNL6oYGiQXDJY/r2kQB2mArrcL+KzKkC++gNgrdoJlpk6+4lfaBLiETQNtD +RBJVYzR5MA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Bad Signed CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:42:1B:6F:97:0B:23:79:1F:C1:08:57:9E:3A:A6:0A:9C:90:88:1F:D8 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 11:91:7d:19:a5:03:4e:a7:f1:1f:18:62:94:fa:97:a0:46:41: + 96:31:95:19:49:79:a9:e5:f1:84:aa:c8:dc:c8:7f:92:07:e4: + fc:66:96:9b:2e:8e:73:aa:ad:70:11:19:fd:8e:be:f2:74:3f: + 79:02:5a:e6:2a:67:b4:46:d7:1d:8a:de:c8:d0:b7:cc:f6:85: + db:90:a6:46:9c:ad:23:09:47:aa:f0:44:45:63:f5:40:dd:fc: + 75:bf:4b:85:2f:fa:74:09:f8:19:8f:29:97:92:ae:34:5c:6e: + 6b:6b:40:74:51:58:26:df:95:b7:72:13:3d:b1:76:9a:0a:43: + 37:31 +-----BEGIN X509 CRL----- +MIIBOjCBpAIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDUJhZCBTaWduZWQgQ0EXDTAx +MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFEIbb5cL +I3kfwQhXnjqmCpyQiB/YMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBABGR +fRmlA06n8R8YYpT6l6BGQZYxlRlJeanl8YSqyNzIf5IH5PxmlpsujnOqrXARGf2O +vvJ0P3kCWuYqZ7RG1x2K3sjQt8z2hduQpkacrSMJR6rwREVj9UDd/HW/S4Uv+nQJ ++BmPKZeSrjRcbmtrQHRRWCbflbdyEz2xdpoKQzcx +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem new file mode 100644 index 0000000000..db8f821780 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Bad notAfter Date CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICejCCAeOgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0wMjAxMDExMjAxMDBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUQmFkIG5vdEFm +dGVyIERhdGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO8t6F1gCSiD +eAh0EXEEP1RGW1G+zM3TmSeKbm0GLmH4SJp7HbsjBab4wtNEVlOrYMG5phm3dro3 +P6YEmVt0q2yzDo8OkpfbYwJEy6e/vdjF9itss2yajms7qA6xPbggpdYElK4y/1Ei +o0+nUli6dZQpEz7/V5tSk8S3zvh+lJ+jAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts +1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQtDCY+YSMuNxOnyukyqVHgELUF +MjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMDkUbWtYhitXM+mGr3TBaTgM +IlnMLUMsqxka0EQ7fiEaLtVsOD8CjMRKeNcWo6ZwVfJk7EDOnV4+E1TlAzNp1m9z +rHB+fc97XJlIaQwOF1WMnjaZl96TO5Tb8FIaebsIeknz2m8IhfZ/EuWPfqs37ZxQ +b0YPNilIGsUSrT3rTBk= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid CA notAfter Date EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=Bad notAfter Date CA +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBub3RBZnRl +ciBEYXRlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYTELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTYwNAYDVQQDEy1J +bnZhbGlkIENBIG5vdEFmdGVyIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOhmxDd5kdaDqSlvran3+R64X7ilMaOb +DINojoBxIW3XAxrXD3TFdV/twdn97GoxEkeh14g1W9IV7RTwfDoVf95tjNli7Zsg +ye+NVj1gYVV+DdMpxy44biOW6s9l2wRqNqoeE1AFSj2su1PgamWIHiGo4BQkcE5F +bMwHbJCR8znNAgMBAAGjazBpMB8GA1UdIwQYMBaAFC0MJj5hIy43E6fK6TKpUeAQ +tQUyMB0GA1UdDgQWBBRsW4S+GLLshXYDAKY/yVcV2NlPtjAOBgNVHQ8BAf8EBAMC +BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBANJW +FdT2Ss72xFAtOuGm5EoRp7tP32SI2iyLmeLRi7YeIo/95FVK6xVzjZ8zT3pjyKvx +7qe2O/cF9SyQssnebmTqLJQxCeWHWzt0BpbI4U9GZJF0vEeqTU/psLhr6p+20T6R +XmeWECYyRGe0Wmndt5GJ74PBYrUjR5mtDojhKn/o +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Bad notAfter Date CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:2D:0C:26:3E:61:23:2E:37:13:A7:CA:E9:32:A9:51:E0:10:B5:05:32 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a6:dd:d9:bd:87:0d:1d:95:02:a5:1f:92:e9:dd:bc:1f:16:df: + b4:5d:31:d9:76:6f:06:90:cf:da:09:6e:f8:15:1e:bd:41:d6: + 4f:a3:f4:78:a8:67:96:1d:ef:8a:c1:77:e8:b2:83:81:5e:d0: + f3:53:36:a8:78:39:d2:cf:eb:b7:57:e6:13:ac:33:87:9c:19: + 64:08:a3:14:5d:71:79:b7:10:88:93:44:a5:32:79:85:fc:fa: + a5:a5:81:d6:99:60:2e:a5:2e:2e:6a:60:41:29:70:2a:27:b7: + 9b:52:75:fd:9e:06:e2:80:f6:6e:0e:19:39:75:9e:a8:70:b3: + ca:d7 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBub3RBZnRlciBEYXRl +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBQtDCY+YSMuNxOnyukyqVHgELUFMjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQCm3dm9hw0dlQKlH5Lp3bwfFt+0XTHZdm8GkM/aCW74FR69QdZPo/R4qGeW +He+KwXfosoOBXtDzUzaoeDnSz+u3V+YTrDOHnBlkCKMUXXF5txCIk0SlMnmF/Pql +pYHWmWAupS4uamBBKXAqJ7ebUnX9ngbigPZuDhk5dZ6ocLPK1w== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem new file mode 100644 index 0000000000..6a9d14d41f --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Bad notBefore Date CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw00NzAxMDExMjAxMDBaFw00OTAxMDExMjAxMDBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVQmFkIG5vdEJl +Zm9yZSBEYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJp+RthgxM +5Y+NQaGv+L8CNjnEejXyimG9JuXmo6Uc6ZjMhYgIlr3iAA+dcZRCJhsJxY7RXaS4 +q3rRLSR7ROQdjSDNbuGXRht0SGe3MlOoIJEqFVGWppp3BVY4GUwN/s5zmgj/vE+2 +eCwl96Fk8NWIm/qvugmG7+bvAy80zDvMLwIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUHnoz+COKGJwqbE84ItXL/Z2Q +fVgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAJpC5ygICALpvY5i3Q5a3179 +Ao05EA6N8ZKZHoS49lok81lUMy/MLGY5zQlggicV916WyTdDd2CO8q/lSCMTRO3C +CrsU9kd4w1V1J/OnfYDuHoRIH0hqowTdm6bEnyMhuq2YnRotAKhkX2g/ekDYuC9A +Lo8Ispl3HslMbhf/mhGj +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid CA notBefore Date EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=Bad notBefore Date CA +-----BEGIN CERTIFICATE----- +MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUJhZCBub3RCZWZv +cmUgRGF0ZSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu +SW52YWxpZCBDQSBub3RCZWZvcmUgRGF0ZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuT/PBuMdSN+JtQHVYA67GVmByJJV +4dw76fphkGkaVX0EhLBs1ZK0jH4H+/rGlzrmDGTT5k2xwYc73ZJOkGDq+5EPnKy2 +0MMuiU34oORcfElE/rYu4tqGwh9aARFDBpjzBNqCNMTR6wD5uIJ1HpZI3KfyuP1b +sX5KW83tw4qRbmsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUHnoz+COKGJwqbE84ItXL +/Z2QfVgwHQYDVR0OBBYEFGl/WT2zZWdmw1t+EsACdTdTWeWwMA4GA1UdDwEB/wQE +AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA +bf33IqIzT3eBs8IJCqw6hFy40WjrIDPUgfNMdPE02k+Z8/0y+QCczqm4PXynRsyk +Zrn38tggQf2IVs/q+1IJsZS+3FWaj/iucO3twNWqPGqq60uc0xwpRhbIx1V8s1Dt +1Jh1zD4+KU9o+ai5aN2ErGWfCjBpIlFhwI1XXT0NLKY= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Bad notBefore Date CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:1E:7A:33:F8:23:8A:18:9C:2A:6C:4F:38:22:D5:CB:FD:9D:90:7D:58 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8a:4b:5c:e0:02:33:0e:3b:5e:59:a5:2d:7e:5c:16:2d:22:fc: + b4:11:aa:00:7f:9c:51:f3:38:85:a3:84:33:3e:68:e5:7a:0d: + d9:e1:c7:6a:f9:48:cc:f0:ee:0c:c8:15:b4:41:b7:a6:20:2a: + 9d:68:8e:74:dd:b6:ee:eb:03:ae:fa:4d:50:c4:80:e7:7a:6a: + 0a:0e:eb:64:ca:a5:a6:64:e4:98:96:75:f1:50:9f:c3:a6:c8: + b6:d5:b7:64:7b:8e:ce:40:f2:bc:13:1b:16:52:4a:e5:8b:22: + ae:9a:59:a9:e3:a7:44:0a:8f:92:b6:15:76:cc:25:f3:c7:a4: + 1c:f0 +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUJhZCBub3RCZWZvcmUgRGF0 +ZSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUHnoz+COKGJwqbE84ItXL/Z2QfVgwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEAiktc4AIzDjteWaUtflwWLSL8tBGqAH+cUfM4haOEMz5o5XoN2eHHavlI +zPDuDMgVtEG3piAqnWiOdN227usDrvpNUMSA53pqCg7rZMqlpmTkmJZ18VCfw6bI +ttW3ZHuOzkDyvBMbFlJK5YsirppZqeOnRAqPkrYVdswl88ekHPA= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem new file mode 100644 index 0000000000..732af1b50b --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBRjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0 +cmFpbnRzIEROUzEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKF4cGWB +eAaOHCGkAPlmkE9/9XtvEpanIGNf1g0ab0PBnZR8ffY+IK2+rwOeMVtfXmJbaxi/ +Z70teNn94XkPXH6Pmz/pL170Q96CasAsPU2uQC4AtNjkUSeFbSoY7Ul2NaBYqLrW +yQ7O3jEXdX76KQWqYcihAq1Jw+AEruMq98WrAgMBAAGjgaUwgaIwHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFHXnZ0cYCavxiIjbno3V +F1KO/HN4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoIUdGVzdGNlcnRpZmlj +YXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAzUV5anoiOD8wQQnetIFcg5wLnNlr +dPixWje4q2JQcPnqZk3TW9O0GDtWHmZwVoS3PixQlJPHZGvkliTKM9vO7a8J2FDl +/ZFRNrm2rHFjZxygk+UTwj+SI4CO8kmtSesvV0ViWwNNyfOV/nmvBjqy6pEbTnCD +pax2/2P2ruVALCk= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid DNS nameConstraints EE Certificate Test31 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA +-----BEGIN CERTIFICATE----- +MIICwjCCAiugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh +aW50cyBETlMxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD +EzFJbnZhbGlkIEROUyBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz +dDMxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8Xm5JY/SJcUmQCDr+0GM+ +besWWL+OVllIdYjVus23p+8nx/r0PV4GQIKxh/12lQHPVKesX5OzuXUnlrFs0MNS +hDKURr8PbBBD9pCKfwqTuDVGjcYNbxgOR7uCxwIWs62VK/yw3NqulTjTxjVba+Ih +NDJEggvzeyEavzd9UoppGQIDAQABo4GbMIGYMB8GA1UdIwQYMBaAFHXnZ0cYCavx +iIjbno3VF1KO/HN4MB0GA1UdDgQWBBQvlbhY4sw3ciETxMClyRfo7svC/DAOBgNV +HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMC0GA1UdEQQmMCSC +InRlc3RzZXJ2ZXIuaW52YWxpZGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEF +BQADgYEAS0/t3TgdHeRWJY1IdcR6w3gBMrNIweoAzXNnKgrodk3esABKU4lZrMr8 +UMW4sDbD1yNjLhGagmSj+1joyqYLTCh0NYgGbj7xS+zQfAGBdbctVpKYJ1l/pmxe +CVPOHHU/YkBHnWMouumAnTpEcgbtHTMvsxQNef/pH9IcCBlnOSY= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:75:E7:67:47:18:09:AB:F1:88:88:DB:9E:8D:D5:17:52:8E:FC:73:78 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 90:61:77:a1:94:8e:c3:62:6b:dd:eb:ec:3f:0d:e0:dc:1f:b9: + 04:fa:e1:74:e4:5d:d2:0a:cb:42:4f:41:9a:a5:91:d4:2d:57: + d2:6f:1d:5f:cd:9a:2c:24:5f:3d:21:9f:87:78:17:33:96:09: + 1b:d1:bd:f9:50:b7:17:c1:e0:af:50:95:7a:9d:03:9e:2c:95: + ef:f2:c2:a2:74:93:d3:9c:c2:73:74:96:90:b0:78:15:69:e5: + eb:b4:5d:dd:19:4d:ea:9a:78:af:ae:a4:b5:69:78:58:aa:7d: + 5d:9e:05:ee:a8:8d:2d:16:03:86:18:62:6b:cd:67:8c:5e:13: + 1d:46 +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE +TlMxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBR152dHGAmr8YiI256N1RdSjvxzeDAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQCQYXehlI7DYmvd6+w/DeDcH7kE+uF05F3SCstCT0GapZHULVfSbx1f +zZosJF89IZ+HeBczlgkb0b35ULcXweCvUJV6nQOeLJXv8sKidJPTnMJzdJaQsHgV +aeXrtF3dGU3qmnivrqS1aXhYqn1dngXuqI0tFgOGGGJrzWeMXhMdRg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem new file mode 100644 index 0000000000..fc1e759012 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICqjCCAhOgAwIBAgIBRzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0 +cmFpbnRzIEROUzIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANmefIFU +RUgrahNMyIfzibuPD5LXv1aF765kc/ROx4BQYuBUZehjaB0G3eHv0wGu5rSJbnoy +Lpdv0XVvBKEai/K+9iIereljhcwZzKTbHHvAdhCtgImX/Zz/KZ7OU4GZJGkdcj9r +e/szQBEqTWkWB7hT25WM4ghi5xAz1Tn3foOxAgMBAAGjgagwgaUwHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFH6Q3Dvq3pzSm0JE73sa +zW6PkuC0MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYIXaW52YWxpZGNlcnRp +ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAekwpteebcTHJ3RTTqNmNlRsw +aSa2MtBlaOVNyWi/Qsgy/LO5We9Ahkq56VlKB4WTWCFBdrbbnZ4k1Dpgj+NA8YBD +Ysuq9KofKqycs+alN4JOOMtKHzbm05wPqkhY1qbBFAUbrEm5felp5drbJys97mCX +bm7XHTxTuImtWM4ESC4= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid DNS nameConstraints EE Certificate Test33 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA +-----BEGIN CERTIFICATE----- +MIICtzCCAiCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh +aW50cyBETlMyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD +EzFJbnZhbGlkIEROUyBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz +dDMzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxL/NbfBumGy235WIg06BG +/D3/nRm8g5DewpBeSbgEPD/1yljXiblJ9TItVB7HrbJsewZWk28/396FVXb69SeD +rmYXPflrEmgQlCp6IT0axE+gS6zTeS6qCAeHVWGLLvKOx6/9j/xqw2zUUDb1kZTy +IedQLQlkNsdE966MUxr7fwIDAQABo4GQMIGNMB8GA1UdIwQYMBaAFH6Q3Dvq3pzS +m0JE73sazW6PkuC0MB0GA1UdDgQWBBTg13snqN9OjzwRLPdrP94IHHcERDAOBgNV +HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCIGA1UdEQQbMBmC +F2ludmFsaWRjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBALVLczfP +n/oPIoeyzrVNW7swi6hL0k/Hp4Ki4rB1HA+cXcuGMJTM1mnk7gLd9Mjjyp0Iz7DP +82k+Kv+9+EpOWHhwkvAJVJisKGVO4NrUbuxGhoYggP+ig5gsuHAfCAlzLfzQgW+V +BtejP9VrkYTGxKno9uiIjXfO/VQ9w8pB1Kci +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:7E:90:DC:3B:EA:DE:9C:D2:9B:42:44:EF:7B:1A:CD:6E:8F:92:E0:B4 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 02:f1:3c:9c:25:d8:e5:f3:99:97:72:47:d1:94:a1:f0:11:0a: + 8d:ef:9f:4c:c6:3e:93:23:1c:76:92:f7:68:f7:8f:9d:d0:ab: + 7d:73:20:ba:f8:ea:1c:90:10:59:01:07:c3:11:36:15:70:b3: + e1:80:3f:38:65:42:77:78:95:79:6d:a9:88:c7:54:59:b2:52: + 9d:da:5a:58:a1:73:1e:07:78:00:01:67:02:41:9e:82:b4:ab: + f3:d1:74:00:8f:ce:fa:78:8b:c5:ff:ca:40:ca:88:90:ac:74: + 78:41:4b:60:85:3f:43:31:7e:1c:60:bb:3d:91:09:df:9d:f3: + 6a:40 +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE +TlMyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBR+kNw76t6c0ptCRO97Gs1uj5LgtDAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQAC8TycJdjl85mXckfRlKHwEQqN759Mxj6TIxx2kvdo94+d0Kt9cyC6 ++OockBBZAQfDETYVcLPhgD84ZUJ3eJV5bamIx1RZslKd2lpYoXMeB3gAAWcCQZ6C +tKvz0XQAj876eIvF/8pAyoiQrHR4QUtghT9DMX4cYLs9kQnfnfNqQA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem new file mode 100644 index 0000000000..7930eb4ddc --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBRjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0 +cmFpbnRzIEROUzEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKF4cGWB +eAaOHCGkAPlmkE9/9XtvEpanIGNf1g0ab0PBnZR8ffY+IK2+rwOeMVtfXmJbaxi/ +Z70teNn94XkPXH6Pmz/pL170Q96CasAsPU2uQC4AtNjkUSeFbSoY7Ul2NaBYqLrW +yQ7O3jEXdX76KQWqYcihAq1Jw+AEruMq98WrAgMBAAGjgaUwgaIwHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFHXnZ0cYCavxiIjbno3V +F1KO/HN4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoIUdGVzdGNlcnRpZmlj +YXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAzUV5anoiOD8wQQnetIFcg5wLnNlr +dPixWje4q2JQcPnqZk3TW9O0GDtWHmZwVoS3PixQlJPHZGvkliTKM9vO7a8J2FDl +/ZFRNrm2rHFjZxygk+UTwj+SI4CO8kmtSesvV0ViWwNNyfOV/nmvBjqy6pEbTnCD +pax2/2P2ruVALCk= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid DNS nameConstraints EE Certificate Test38 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA +-----BEGIN CERTIFICATE----- +MIICtjCCAh+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh +aW50cyBETlMxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD +EzFJbnZhbGlkIEROUyBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz +dDM4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLztSKsWY+S4ZhmNgTffbb +H8aIXhiw0mDQqoBzB40KjeMgX3OEnxCBBmDLNqdQtcMhlcKST+FbcFNUzrWySjDL +UhFqTes5kgzTAyyIeMKHG/Y8b9D7mNuH3GJmtCWOCcajKBy7g9IuPRTtOu/f217J +pqw42pwtbI+7PX2v2cTiVwIDAQABo4GPMIGMMB8GA1UdIwQYMBaAFHXnZ0cYCavx +iIjbno3VF1KO/HN4MB0GA1UdDgQWBBQtwjU8JMdU3wDsp2MQVttA0RtaVTAOBgNV +HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCEGA1UdEQQaMBiC +Fm15dGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAYzw7EH4l +W8Vcu3FH96T5cE/RL5hRpoj2PU440l6/1ScnutWvY2WXwCAhO5LkkyDdE+a8Pv4S +v5BusKldAEzFQy3H6jlDnK29Z9m/6RNIrskTys2Jqt04I+JWV85ZNVCyTu4px5iY +SmR9uXP/4hfVB74Ct8bSrOBQVy0te1ZcR08= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:75:E7:67:47:18:09:AB:F1:88:88:DB:9E:8D:D5:17:52:8E:FC:73:78 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 90:61:77:a1:94:8e:c3:62:6b:dd:eb:ec:3f:0d:e0:dc:1f:b9: + 04:fa:e1:74:e4:5d:d2:0a:cb:42:4f:41:9a:a5:91:d4:2d:57: + d2:6f:1d:5f:cd:9a:2c:24:5f:3d:21:9f:87:78:17:33:96:09: + 1b:d1:bd:f9:50:b7:17:c1:e0:af:50:95:7a:9d:03:9e:2c:95: + ef:f2:c2:a2:74:93:d3:9c:c2:73:74:96:90:b0:78:15:69:e5: + eb:b4:5d:dd:19:4d:ea:9a:78:af:ae:a4:b5:69:78:58:aa:7d: + 5d:9e:05:ee:a8:8d:2d:16:03:86:18:62:6b:cd:67:8c:5e:13: + 1d:46 +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE +TlMxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBR152dHGAmr8YiI256N1RdSjvxzeDAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQCQYXehlI7DYmvd6+w/DeDcH7kE+uF05F3SCstCT0GapZHULVfSbx1f +zZosJF89IZ+HeBczlgkb0b35ULcXweCvUJV6nQOeLJXv8sKidJPTnMJzdJaQsHgV +aeXrtF3dGU3qmnivrqS1aXhYqn1dngXuqI0tFgOGGGJrzWeMXhMdRg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem new file mode 100644 index 0000000000..18fb09781b --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem @@ -0,0 +1,167 @@ +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIIC0DCCAjmgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT +EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x +IHN1YkNBMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA37aIkV7sYy0JnIQ6 +oLcZr4T5fsXvU6SzOxBfPrtNDpq884ix+hP3zDxAwCSO5mU0znQe9s5im5Mf9yKK +0FIXOAHFwMb5M5mAZNwn7Tx0XYxDfBx94lsMvJdBDCddmTB5akZgQF5Iir+Y52y7 +yiWRJM+ZmowFfoi5rp/PgkSOJxsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBROLqPn +2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQUV6v4nCfI0vTmz2+qIAs1ZwSDJGsw +DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB +Af8EBTADAQH/MCYGA1UdHgEB/wQcMBqgGDAWgRR0ZXN0Y2VydGlmaWNhdGVzLmdv +djANBgkqhkiG9w0BAQUFAAOBgQBlTO2ECGQPZsbXzVHd/rGejurHrD9MHfTQYJCn +pFjAPq3wSo4qFVopG5gl9s4rdpNU+XvoY5zO8MVxTnfFi5G+y2CWZTG0iIWQmC8b +ReqDdpVeAV3ictgaDyoU1ApdemyOS2pHV0mgm7vPYCx+17EXzFBphUICViSFv45n +cu1nCg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+ +WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY +AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX +BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558 +WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0 +ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs +UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW +2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe +Ve3YFugTb2fMnETR7A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test28 +issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3 +-----BEGIN CERTIFICATE----- +MIIDBjCCAm+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1 +YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMzAeFw0w +MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGLMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy +ZWUxMUQwQgYDVQQDEztJbnZhbGlkIEROIGFuZCBSRkM4MjIgbmFtZUNvbnN0cmFp +bnRzIEVFIENlcnRpZmljYXRlIFRlc3QyODCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEA5P+v5wlPmnZe/uEH6HyaKnq85ORqBL8HNiSn0EhAtQNHISd/M6VJvcrJ +YCdSaQbE+A61yEjhCfckVgjt0lY081fJsDvDU757lDPe7SLP5hyrVS+myINWP3V3 +Fnu8BeK5Lz4Ytkx6uvnfE73jdWSregNtKqtyQD7kyLMTFVlVXt0CAwEAAaOBmTCB +ljAfBgNVHSMEGDAWgBRXq/icJ8jS9ObPb6ogCzVnBIMkazAdBgNVHQ4EFgQUDvHN +oL4nbNoIN4BmY5QBKMupyFQwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATArBgNVHREEJDAigSBUZXN0MjhFRUBpbnZhbGlkY2VydGlmaWNh +dGVzLmdvdjANBgkqhkiG9w0BAQUFAAOBgQBtZkdww8Uz1loAnrdjOhd30Om7eO4h +Ph2kKsyLJm3aeptHUIKnAXrY4+drzXmVlzMcMK0t7VT0CMP2vWSVrzHyUXnGxpsK +ZGKNRLzdCrr4sEVtsYjGvMK9LzM66kx1CFVbl2IftM7cVEgadA7RyfakTHJJAAQw +by2klF/gQrv13A== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72: + 71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc: + 19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80: + 74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a: + 29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2: + 39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a: + f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e: + e8:eb +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx +X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L +4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:57:AB:F8:9C:27:C8:D2:F4:E6:CF:6F:AA:20:0B:35:67:04:83:24:6B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 9a:01:ff:a2:5a:8d:4a:16:d9:8f:d1:7d:40:a2:bc:eb:6f:fc: + 4d:58:3b:b2:03:77:79:60:99:5e:f7:f5:b0:39:62:10:15:8f: + 67:ad:12:b7:a6:2c:ef:de:76:3b:90:26:79:b7:1b:7c:3c:25: + b7:bd:11:82:78:21:93:5b:11:66:15:e2:e3:d9:77:e6:a1:18: + 6d:dc:46:88:f9:13:7f:28:5e:17:95:7b:a6:da:4a:00:c3:44: + 8e:f4:00:50:a6:a0:52:86:90:cd:40:54:66:92:30:0a:64:0d: + 09:19:17:64:41:33:08:5d:c3:11:b5:ab:d8:61:5e:a2:60:56: + a7:d5 +-----BEGIN X509 CRL----- +MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx +MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMxcNMDEwNDE5MTQ1 +NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+q +IAs1ZwSDJGswCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAmgH/olqNShbZ +j9F9QKK862/8TVg7sgN3eWCZXvf1sDliEBWPZ60St6Ys7952O5AmebcbfDwlt70R +gnghk1sRZhXi49l35qEYbdxGiPkTfyheF5V7ptpKAMNEjvQAUKagUoaQzUBUZpIw +CmQNCRkXZEEzCF3DEbWr2GFeomBWp9U= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem new file mode 100644 index 0000000000..cb31959b73 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem @@ -0,0 +1,167 @@ +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIIC0DCCAjmgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT +EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x +IHN1YkNBMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA37aIkV7sYy0JnIQ6 +oLcZr4T5fsXvU6SzOxBfPrtNDpq884ix+hP3zDxAwCSO5mU0znQe9s5im5Mf9yKK +0FIXOAHFwMb5M5mAZNwn7Tx0XYxDfBx94lsMvJdBDCddmTB5akZgQF5Iir+Y52y7 +yiWRJM+ZmowFfoi5rp/PgkSOJxsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBROLqPn +2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQUV6v4nCfI0vTmz2+qIAs1ZwSDJGsw +DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB +Af8EBTADAQH/MCYGA1UdHgEB/wQcMBqgGDAWgRR0ZXN0Y2VydGlmaWNhdGVzLmdv +djANBgkqhkiG9w0BAQUFAAOBgQBlTO2ECGQPZsbXzVHd/rGejurHrD9MHfTQYJCn +pFjAPq3wSo4qFVopG5gl9s4rdpNU+XvoY5zO8MVxTnfFi5G+y2CWZTG0iIWQmC8b +ReqDdpVeAV3ictgaDyoU1ApdemyOS2pHV0mgm7vPYCx+17EXzFBphUICViSFv45n +cu1nCg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+ +WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY +AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX +BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558 +WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0 +ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs +UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW +2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe +Ve3YFugTb2fMnETR7A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test29/[email protected] +issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3 +-----BEGIN CERTIFICATE----- +MIIDCDCCAnGgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1 +YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMzAeFw0w +MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIG8MQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy +ZWUxMUQwQgYDVQQDEztJbnZhbGlkIEROIGFuZCBSRkM4MjIgbmFtZUNvbnN0cmFp +bnRzIEVFIENlcnRpZmljYXRlIFRlc3QyOTEvMC0GCSqGSIb3DQEJARYgVGVzdDI5 +RUVAaW52YWxpZGNlcnRpZmljYXRlcy5nb3YwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBANFptsaiuqG58SeSbnVMTNr7XG3kbwY6wtsLkDomOXBGR/46vTeRu4CG +CaubArviUAJ+JILIVs3bO02m4H6NUk6clLHjb1iou8cA0UR8XHkzJ1ZNmDZJiBJA +CAqNmtpuolbgToov0SeuLYdDRTwLlkLpjykO6EMiAjI0bs0u769XAgMBAAGjazBp +MB8GA1UdIwQYMBaAFFer+JwnyNL05s9vqiALNWcEgyRrMB0GA1UdDgQWBBR/JuUf +MNbcNM7ktf6v5K72qnwyNzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg +hkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAHgiOAzfqxYOlP2ugGMXcXWDQai9 +VcfKXZM4zdBV3TmksgiLkZTyhj51RfoZOhQn8RB90lDZYdSqRGnGHuUZW6ejX+A2 +JXWuY3uhE2d2WwJIwYHItLSl+DVv2Jm0Wrv8BFY2PnKaDKJgLG3WM0bp2LKn2dzi +FXK5SfJJE0q4WU2x +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72: + 71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc: + 19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80: + 74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a: + 29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2: + 39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a: + f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e: + e8:eb +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx +X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L +4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:57:AB:F8:9C:27:C8:D2:F4:E6:CF:6F:AA:20:0B:35:67:04:83:24:6B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 9a:01:ff:a2:5a:8d:4a:16:d9:8f:d1:7d:40:a2:bc:eb:6f:fc: + 4d:58:3b:b2:03:77:79:60:99:5e:f7:f5:b0:39:62:10:15:8f: + 67:ad:12:b7:a6:2c:ef:de:76:3b:90:26:79:b7:1b:7c:3c:25: + b7:bd:11:82:78:21:93:5b:11:66:15:e2:e3:d9:77:e6:a1:18: + 6d:dc:46:88:f9:13:7f:28:5e:17:95:7b:a6:da:4a:00:c3:44: + 8e:f4:00:50:a6:a0:52:86:90:cd:40:54:66:92:30:0a:64:0d: + 09:19:17:64:41:33:08:5d:c3:11:b5:ab:d8:61:5e:a2:60:56: + a7:d5 +-----BEGIN X509 CRL----- +MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx +MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMxcNMDEwNDE5MTQ1 +NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+q +IAs1ZwSDJGswCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAmgH/olqNShbZ +j9F9QKK862/8TVg7sgN3eWCZXvf1sDliEBWPZ60St6Ys7952O5AmebcbfDwlt70R +gnghk1sRZhXi49l35qEYbdxGiPkTfyheF5V7ptpKAMNEjvQAUKagUoaQzUBUZpIw +CmQNCRkXZEEzCF3DEbWr2GFeomBWp9U= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem new file mode 100644 index 0000000000..d79077aaba --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem @@ -0,0 +1,113 @@ +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test10 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA +-----BEGIN CERTIFICATE----- +MIICxzCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjCBmzEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQL +ExFwZXJtaXR0ZWRTdWJ0cmVlMTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE5 +MDcGA1UEAxMwSW52YWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh +dGUgVGVzdDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4wtLGQI2aSdxL +gklYOXIk2EqQgeDaSAj8Qxcobr8rZ0rgMBdG0A4ygWX+jdsMNqu18m+WGLs4W84P +I3+0QpnI7DrNez1cOAzew7lPKnkDW9tnBqKQaGzafp/L9i/QwFxw7q0/OyJXLNqx +96I70felgr/e9i6Yk/NzhfHNoKqL1QIDAQABo2swaTAfBgNVHSMEGDAWgBQSNZ+s +wbmh4zr+8S+6d7IITk1Z7TAdBgNVHQ4EFgQUwaAOiJj2GtamtV9rZWhiH3jfonUw +DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG +9w0BAQUFAAOBgQAsM+4rszF68aQzKZtZ+iLup5xun1WT0hwwvbL4qbzJuLAcCNWj +22+3xcVPnJ/ODouOh8JN6vzYFUIm4Zojsdm6VJQlcf8Avp09vAMUWLyo7ScyNJgi +/BXluYQ6PfjP/XwskA4RlOGYZ33Ewmh1xaic85c78iFgRWe1UfjmPxvMQA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIDRjCCAq+gAwIBAgIBQjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIERONSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxmMyGO18 +wxt7plFRZcGPd5GxKiCL+NJ+O/UB82qQ1+GhwlsBTSo86QNLh9KPIjs3rrARYIo0 +FqA86FPnpIiE/yWOfuQOeI3t6yvWf0XsXvcffhjW6n6sErOqhXX7voiJODZMseiM +wQ2Md8CcE3j78i6crfbdO6xGp2xNX63VmkMCAwEAAaOCAUQwggFAMB8GA1UdIwQY +MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQSNZ+swbmh4zr+8S+6 +d7IITk1Z7TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB +MA8GA1UdEwEB/wQFMAMBAf8wgcMGA1UdHgEB/wSBuDCBtaBLMEmkRzBFMQswCQYD +VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBl +cm1pdHRlZFN1YnRyZWUxoWYwZKRiMGAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU +ZXN0IENlcnRpZmljYXRlczEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGTAX +BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTEwDQYJKoZIhvcNAQEFBQADgYEAp32j43pb +BqBj+2V14kyvmo+pgQ9H/ag1zf7WG4ei+McEkF7yvHSC6nfXJA19r+q2fAnvIU4M +TriscCGq9oE6qzd3VIQ5wx8eJp8v9SG62gxZe3n1A8gzG37TvTwBOeEgxOKBa/BS +8MNUbMO2SJwuE2pi9fnMhCgx9JxUQvQLou0= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN5 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:12:35:9F:AC:C1:B9:A1:E3:3A:FE:F1:2F:BA:77:B2:08:4E:4D:59:ED + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 74:3d:76:85:10:61:c5:e4:1e:19:16:23:27:99:ac:bf:2e:c9: + 07:40:7b:fb:45:44:5d:c1:6e:d5:5a:e5:6d:35:d1:4e:9c:e1: + b7:21:0c:2a:7b:7f:27:ed:9f:f4:59:15:1c:67:1d:4b:8e:ca: + 19:7c:a2:78:22:bf:28:67:31:5f:bf:f3:73:73:ed:c3:9c:fe: + 2f:16:56:80:ea:ec:27:dd:7a:85:15:2c:e8:fd:c5:80:2d:ad: + 36:ac:8f:39:5b:d9:79:ff:54:82:c6:61:37:e2:b6:07:46:8b: + df:2c:86:2b:69:ca:d1:c3:71:4f:3f:c7:e9:4c:c9:23:85:85: + 19:9d +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjUgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFBI1n6zBuaHjOv7xL7p3sghOTVntMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAHQ9doUQYcXkHhkWIyeZrL8uyQdAe/tFRF3BbtVa5W010U6c4bchDCp7 +fyftn/RZFRxnHUuOyhl8ongivyhnMV+/83Nz7cOc/i8WVoDq7CfdeoUVLOj9xYAt +rTasjzlb2Xn/VILGYTfitgdGi98shitpytHDcU8/x+lMySOFhRmd +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem new file mode 100644 index 0000000000..4b5c41460e --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem @@ -0,0 +1,166 @@ +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test12 +issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1 +-----BEGIN CERTIFICATE----- +MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1 +YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMTAeFw0w +MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGAMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy +ZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0 +aWZpY2F0ZSBUZXN0MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK3EJPKm +RDv1REuSTNdGYi/Gay9ESpl/z2BBw2n0WqiF9SLFNEuRfTZ7FQVNFQ0qhoP4V2xa +YUeaSgmwZNcIdZg159xf8j2Qkc3uGAQoMGmRp4vbcj1Ev5yFXhvVLPnhp5eE8wKx +u96ZMOfL8M/sxSRrI0zUKEUCMbzK2E0Mr/RBAgMBAAGjazBpMB8GA1UdIwQYMBaA +FO65z9YvjsiFkwj+EBDuo1BY/kIwMB0GA1UdDgQWBBRlWUYl70WL4wPhhb56CsXD ++SjqmzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G +CSqGSIb3DQEBBQUAA4GBAKnGr+IbKqqwN2t7AB4bae9QRHntR6fokA0gcPPMY7qA +GxZGcA1fClTM+WZKr4AoCiDelOsxy45Pim+0bZUtzqtfhWKulkfgpS5cdPZmNj2r +UkLeXnjjTjDm5s8YsQovhy20KPc4VoeYRMhkB5Wika28mXV2l0jFTG1VxcDZ2BxV +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+ +WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY +AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX +BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558 +WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0 +ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs +UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW +2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe +Ve3YFugTb2fMnETR7A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIIDHzCCAoigAwIBAgIBBTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT +EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x +IHN1YkNBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpBRaRDexKAJwtC+ +60QonOrQnFJ3VA/u5f6qj4iI30hKCIXL1aeAM5c2KmzL5gO3Vg7dZWw1f9gW2uaj +mpHjfGmScQpaIFP7yNbI29PIlN0h8H2o4I6v7zDCteSnYy2qAkDkNLX6fbVENa7f +eHcx8cvG7W1VNi0PKVQdVBz/PHkCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBROLqPn +2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU7rnP1i+OyIWTCP4QEO6jUFj+QjAw +DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB +Af8EBTADAQH/MHUGA1UdHgEB/wRrMGmgZzBlpGMwYTELMAkGA1UEBhMCVVMxGjAY +BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0 +cmVlMTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTIwDQYJKoZIhvcNAQEFBQAD +gYEAm5m4xlbfmnv2vDQ/hGoNbPv96saVQ2NMhkH3JVSF5lGUWfamMIsH866TS9Jm +BDWOWMPDF1kL5hLEiGLSWA8ki5s+29AwhYXt0jcwdIbGfGCwVX1w3KF5k1nYv8RR +FhwwXNlM+EKqqLc1nWgaXnsE8fSRMesdyNjQaJdCqRAYFXI= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72: + 71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc: + 19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80: + 74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a: + 29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2: + 39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a: + f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e: + e8:eb +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx +X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L +4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:EE:B9:CF:D6:2F:8E:C8:85:93:08:FE:10:10:EE:A3:50:58:FE:42:30 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 31:75:7f:a7:8f:25:e4:4b:09:d0:29:6a:68:0c:3c:54:a8:42: + d4:f8:f7:6e:be:e5:b0:bb:f1:4a:e5:1d:e7:1d:b8:d6:98:ba: + 3c:6f:23:4d:a0:8c:53:2a:5a:13:7e:4f:3c:1b:fc:16:c6:18: + 54:05:e5:fe:b6:48:84:fb:c1:0b:7a:ea:bc:44:55:bf:4a:7a: + 51:1a:e3:a6:d5:94:0f:37:3c:fa:4d:f8:51:ae:c6:74:de:06: + d8:41:69:92:8e:a2:a8:d9:6c:73:98:d1:63:5d:52:61:7d:90: + 88:c2:0e:ee:ba:eb:74:c9:19:b8:c8:20:f3:09:a3:50:7f:10: + f9:e0 +-----BEGIN X509 CRL----- +MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx +MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMRcNMDEwNDE5MTQ1 +NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU7rnP1i+OyIWTCP4Q +EO6jUFj+QjAwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAMXV/p48l5EsJ +0ClqaAw8VKhC1Pj3br7lsLvxSuUd5x241pi6PG8jTaCMUypaE35PPBv8FsYYVAXl +/rZIhPvBC3rqvERVv0p6URrjptWUDzc8+k34Ua7GdN4G2EFpko6iqNlsc5jRY11S +YX2QiMIO7rrrdMkZuMgg8wmjUH8Q+eA= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem new file mode 100644 index 0000000000..f80308db49 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem @@ -0,0 +1,166 @@ +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test13 +issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2 +-----BEGIN CERTIFICATE----- +MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1 +YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMjAeFw0w +MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGAMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy +ZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0 +aWZpY2F0ZSBUZXN0MTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzBUwkX +ODmjiKuO7MZlzTSc4Re/YVclO6AWzJbjVn1RazUtEisXPWkpv08n2R5ufbWSSnp9 +Q2/iMhNutgXf1w1kQ3tCZ/T3bhIR1c6w/ouwi8ykUP/dQlCo91V9PBaGbA/ARORv +R5mJqw113jWqok2Mr9xcMe393f7kLFt8yx5fAgMBAAGjazBpMB8GA1UdIwQYMBaA +FNWvaygNna1IbAyCKv/SaAkvFG1XMB0GA1UdDgQWBBSCt3/nyCSzztm6BrD2K2Fl +4aJOtjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G +CSqGSIb3DQEBBQUAA4GBAJaAuvc9jA52+D7MggYkPmix9SdKXbI3nEcYpIXuzwO2 +hAzPuV6wpHgf4Ol9x+zrbWQ2KVvJ7zXGEKOjbKZb7O7ynb0yqDv9nRbOWIEU4lwD +Fzj8Pb3n9FnnF7awDloK1pMoqxOXeLWsk7RP+psMqVuAQgVxrYYBbTwQXqMCAmIi +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+ +WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY +AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX +BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558 +WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0 +ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs +UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW +2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe +Ve3YFugTb2fMnETR7A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIIDAzCCAmygAwIBAgIBBjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT +EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x +IHN1YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAteRgCqKcIeCHmYMc +xyzmM+fCjW6MAEl+OFQ9Q7UJ1n9YE0TuaGiSxjTkrTXwDF2JoDwMtC6FoqnvEyEk +kAxNlM0oiLhRxM9FcNCow3VK458jtPozrIgd/7PAP+FXsqPanD2DRYj4c1gNKSl4 +U/l6HyTj+yV6ax5EkPgQDLQlJksCAwEAAaOB2DCB1TAfBgNVHSMEGDAWgBROLqPn +2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU1a9rKA2drUhsDIIq/9JoCS8UbVcw +DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB +Af8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMCVVMxGjAY +BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0 +cmVlMjANBgkqhkiG9w0BAQUFAAOBgQANN5YtrqXFWfdpK19qY+rn50d/fYdLaOU5 +dSIAqmnB5woTCXdWF0LUADF4DkPfcWBxbE36lwBuGXBfiInH/5yLRy0Y9cZbtHSg +QwTIf2a+38pR6QyBniftVBmBTuhO/PV+/kA8gKAZ6X4+vGMv69YjU9avYeS1o+XW +liQdX8l7vg== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72: + 71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc: + 19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80: + 74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a: + 29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2: + 39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a: + f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e: + e8:eb +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx +X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L +4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D5:AF:6B:28:0D:9D:AD:48:6C:0C:82:2A:FF:D2:68:09:2F:14:6D:57 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + af:f5:73:47:0b:2b:ce:c1:5c:82:7a:07:ed:cd:ce:55:02:85: + 34:07:7e:46:10:13:e0:94:7e:8c:27:9c:f5:52:89:55:5b:fc: + e9:08:32:b3:54:75:03:c0:ad:8a:b7:e3:fa:5e:73:10:90:5f: + 26:ca:6e:1c:e2:68:e4:99:4c:06:38:3b:56:25:ce:82:a5:7a: + 3f:0e:c5:a4:78:8b:19:d2:fc:a6:4f:f2:6d:d6:12:5f:69:03: + 98:b8:00:c2:0d:4f:9e:47:fd:66:3e:ac:e4:fb:55:f3:4b:bf: + 42:54:ce:46:a2:5c:fd:c4:5f:d8:61:5a:61:9b:a1:2c:af:0a: + a2:2e +-----BEGIN X509 CRL----- +MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx +MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMhcNMDEwNDE5MTQ1 +NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU1a9rKA2drUhsDIIq +/9JoCS8UbVcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAr/VzRwsrzsFc +gnoH7c3OVQKFNAd+RhAT4JR+jCec9VKJVVv86Qgys1R1A8Ctirfj+l5zEJBfJspu +HOJo5JlMBjg7ViXOgqV6Pw7FpHiLGdL8pk/ybdYSX2kDmLgAwg1Pnkf9Zj6s5PtV +80u/QlTORqJc/cRf2GFaYZuhLK8Koi4= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem new file mode 100644 index 0000000000..bc87ba867d --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem @@ -0,0 +1,164 @@ +subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test15 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1 +-----BEGIN CERTIFICATE----- +MIICrjCCAhegAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh +aW50cyBETjMgc3ViQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +fzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYD +VQQLExBleGNsdWRlZFN1YnRyZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVD +b25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTUwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBALLQPz8+2Ja6+sIASgBJ/ylBL061WtWS7vJK/LRNLFf9MyYG +VjXkjZyk9ZzlafhinCiXgrG77RGH8mVjuSwDNewt+DGGphh4dSnvg/MHRdi+NdSX +hjVOzH76HO6U0iKSSQCvNPSlTJrPWQkZDfj6AGO+5Pmn5RXRX7vwRuKDSsAdAgMB +AAGjazBpMB8GA1UdIwQYMBaAFK2SFB0uK9H4irG3IS5+jhlpPDR1MB0GA1UdDgQW +BBSpk2fPoInUxlgPeiQDw8iOa8Xp6DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBACfYnz7Xr82ytcccJe6v ++1rv6v8SSi/dupn3lA8ZLFPQiM8Ep2kf5XkmrQCHk498pBRQJirzWX20QQSTv83B +M9DG721LCvFZuFB17sf03DMGDXw4ISy3bs+3I87HwHyziC9OtryWACWfZ2lAGUpD +V3U25s5CA62+qbg1jhc5LAKq +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3 +pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl +4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi +LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH +NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl +ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn +4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ +Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA +Wofw3VBcFpqgolnA +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA +-----BEGIN CERTIFICATE----- +MIIC5jCCAk+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT +Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCmh9zeM9BeyKndgrRFYNxn7+qDC4AKVdFmpv1ciqlk3RwU04FCEhC9 +kN1hhqnghWi2XzHZ67kQD/azFMLQZU1b0JTg062pMox1ezyVsZCejrXUK8kMHEnW +SNSHkU6KnrSC4aHU5jSV8T2uANRsR0wQ80iBfuq+XcyF3r8jVsbpqQIDAQABo4HX +MIHUMB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBSt +khQdLivR+IqxtyEufo4ZaTw0dTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wWAYDVR0eAQH/BE4wTKFKMEik +RjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAX +BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZIhvcNAQEFBQADgYEATe1pMNm0 +Ae3tuDLPpXrBaSog47WFgLklqGnB7xH9+4x4SGehRirWS/0TH839Rbb/rmp0XptG +ECuOUS+tqrhiMPYmWxv65XMpPfwKHjxj9etcu/MgXytG7l1kFwuHP08zu43BEqRS +JY0NuHpCTzI4Natc8cB3JTktdUOAF2P22c0= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22: + dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d: + c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25: + 85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a: + db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17: + 6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1: + 7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b: + 16:a2 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC +bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd +F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AD:92:14:1D:2E:2B:D1:F8:8A:B1:B7:21:2E:7E:8E:19:69:3C:34:75 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 2e:dc:3c:fd:cc:c2:50:20:4a:d3:de:11:60:93:75:ef:28:af: + 87:35:19:c7:47:5e:f2:c0:73:35:5c:47:4a:bd:54:84:f9:04: + 30:4c:a1:32:27:85:14:cb:ca:72:9e:77:70:14:ac:20:72:a9: + d2:6f:50:b2:ae:b4:29:03:fe:00:c4:92:96:14:68:81:b3:d2: + dd:60:41:d5:ee:d5:66:db:b4:f0:d4:5f:a0:6c:93:d8:3e:e7: + a2:59:90:af:9f:05:22:b0:1e:f1:67:06:2b:85:eb:dc:a3:16: + 13:ad:74:89:dd:db:2a:71:8d:a8:22:8e:2f:f8:ca:7b:15:f3: + cf:32 +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE +TjMgc3ViQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBStkhQdLivR+IqxtyEufo4ZaTw0dTAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQAu3Dz9zMJQIErT3hFgk3XvKK+HNRnHR17ywHM1XEdKvVSE+QQw +TKEyJ4UUy8pynndwFKwgcqnSb1CyrrQpA/4AxJKWFGiBs9LdYEHV7tVm27Tw1F+g +bJPYPueiWZCvnwUisB7xZwYrhevcoxYTrXSJ3dsqcY2oIo4v+Mp7FfPPMg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem new file mode 100644 index 0000000000..febf0898f0 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem @@ -0,0 +1,164 @@ +subject=/C=US/O=Test Certificates/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test16 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1 +-----BEGIN CERTIFICATE----- +MIICrjCCAhegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh +aW50cyBETjMgc3ViQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +fzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYD +VQQLExBleGNsdWRlZFN1YnRyZWUyMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVD +b25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTYwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBAOHnVdpKkQqlze09wh5nIsO6XQJwHBHVdhdaB5eaMXveb0Vj +yiVBMk4NTrzIJ/7lL9J/qc4WzXAr1u1AFed4shRiiOEMAT10BXPoDfS3FjPytZC5 +UWXRE49DyE8Ksc9hSa0IBwf77wKXBAIM/ygc8XXYwFLHWy0Nbq1C2mo5AFpFAgMB +AAGjazBpMB8GA1UdIwQYMBaAFK2SFB0uK9H4irG3IS5+jhlpPDR1MB0GA1UdDgQW +BBT3GktmXZE00780GNgXA/GoC2kWPzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAJtYdflHLEVQC1ar27ke +RBKtpwSsi61XphZ/gDlrI7bo3wG41pjy5tvPv8xuIOsC5isYgU8dyjJw3CF5LRdF +FweDdftBHwQ/zmwL1sWj0h01k2ggA4c0AHDqG1J9gPKRO42rdqcRUQ2wgq1rZSDu +iaJY1seFNoxyls5MxFF26Gue +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3 +pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl +4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi +LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH +NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl +ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn +4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ +Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA +Wofw3VBcFpqgolnA +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA +-----BEGIN CERTIFICATE----- +MIIC5jCCAk+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT +Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCmh9zeM9BeyKndgrRFYNxn7+qDC4AKVdFmpv1ciqlk3RwU04FCEhC9 +kN1hhqnghWi2XzHZ67kQD/azFMLQZU1b0JTg062pMox1ezyVsZCejrXUK8kMHEnW +SNSHkU6KnrSC4aHU5jSV8T2uANRsR0wQ80iBfuq+XcyF3r8jVsbpqQIDAQABo4HX +MIHUMB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBSt +khQdLivR+IqxtyEufo4ZaTw0dTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wWAYDVR0eAQH/BE4wTKFKMEik +RjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAX +BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZIhvcNAQEFBQADgYEATe1pMNm0 +Ae3tuDLPpXrBaSog47WFgLklqGnB7xH9+4x4SGehRirWS/0TH839Rbb/rmp0XptG +ECuOUS+tqrhiMPYmWxv65XMpPfwKHjxj9etcu/MgXytG7l1kFwuHP08zu43BEqRS +JY0NuHpCTzI4Natc8cB3JTktdUOAF2P22c0= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22: + dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d: + c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25: + 85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a: + db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17: + 6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1: + 7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b: + 16:a2 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC +bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd +F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AD:92:14:1D:2E:2B:D1:F8:8A:B1:B7:21:2E:7E:8E:19:69:3C:34:75 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 2e:dc:3c:fd:cc:c2:50:20:4a:d3:de:11:60:93:75:ef:28:af: + 87:35:19:c7:47:5e:f2:c0:73:35:5c:47:4a:bd:54:84:f9:04: + 30:4c:a1:32:27:85:14:cb:ca:72:9e:77:70:14:ac:20:72:a9: + d2:6f:50:b2:ae:b4:29:03:fe:00:c4:92:96:14:68:81:b3:d2: + dd:60:41:d5:ee:d5:66:db:b4:f0:d4:5f:a0:6c:93:d8:3e:e7: + a2:59:90:af:9f:05:22:b0:1e:f1:67:06:2b:85:eb:dc:a3:16: + 13:ad:74:89:dd:db:2a:71:8d:a8:22:8e:2f:f8:ca:7b:15:f3: + cf:32 +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE +TjMgc3ViQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBStkhQdLivR+IqxtyEufo4ZaTw0dTAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQAu3Dz9zMJQIErT3hFgk3XvKK+HNRnHR17ywHM1XEdKvVSE+QQw +TKEyJ4UUy8pynndwFKwgcqnSb1CyrrQpA/4AxJKWFGiBs9LdYEHV7tVm27Tw1F+g +bJPYPueiWZCvnwUisB7xZwYrhevcoxYTrXSJ3dsqcY2oIo4v+Mp7FfPPMg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem new file mode 100644 index 0000000000..0c9aa3554b --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem @@ -0,0 +1,163 @@ +subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test17 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2 +-----BEGIN CERTIFICATE----- +MIICrjCCAhegAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh +aW50cyBETjMgc3ViQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +fzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYD +VQQLExBleGNsdWRlZFN1YnRyZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVD +b25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTcwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBANw5GunDquXK+XElcoKtGRzY1ESARSYhxi+qK4BM6L0rxSe5 +tXiajO4Eb379Qv2z7wkn224q4lkLiiry/gmRj27aTjhch3XF5C7E2hIeHz5qGtcu +uY6vyT4DxweIYibYubyBZC/MCk2YuLtsLiSd5QuyXXmQYZzeyu2SpRax/nXHAgMB +AAGjazBpMB8GA1UdIwQYMBaAFAtIvihxakgkCjziStQFKuLXHjXvMB0GA1UdDgQW +BBRFrHYfuo8284F89Fc//hnutkf4KTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAEPuGBhTmRXtD/1JNHgo +Jj8yfLsXQzG8AENHe1KZs7Kpj45M3p4u0TGUJI2S3MXh3IY8gEf33t9eQbJIY0s4 +AiUXe1G/CjtDeo5ZkfTpZHRd654czJ9oLQ3c2vczwYEeaeLxQXqEFS0xewIz5udq +AUVVqV79i9BB/BOmAx9qBkiH +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA +-----BEGIN CERTIFICATE----- +MIICyzCCAjSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT +Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDCH3OWCAvPFZXpNTKMN3DoOML+FK32+icT19l0MQXIXBqoJyw8qF2z +xcl4ahdLxfSFpf8OF3ttKbzN5fk2/Dxue6beAMs0L1r4VUilJaUhOmTMrlYXB6UI +QX2nzlu6lZbNrI0VFt8qM2C9CdbG+2ZQuJQQO0BtHXWJC9el4t68/QIDAQABo4G8 +MIG5MB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBQL +SL4ocWpIJAo84krUBSri1x417zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wPQYDVR0eAQH/BDMwMaAvMC2k +KzApMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMwDQYJ +KoZIhvcNAQEFBQADgYEAV7W8Yarxgw2gPgl0gz1Vz7IdH6ZbzLBpsB0W+gyPTd+R +toE/N42Efda3DIG5BoxqTj00uc9j2GF5LqBgKaEieenzkv5E6qbTrZ0F/FdX1c17 +DBpRvkchpd4FACNL+FhSq824LEKdBDOx669LmsH664nk6NSPtv04LjUxa+822aw= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3 +pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl +4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi +LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH +NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl +ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn +4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ +Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA +Wofw3VBcFpqgolnA +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22: + dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d: + c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25: + 85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a: + db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17: + 6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1: + 7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b: + 16:a2 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC +bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd +F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:0B:48:BE:28:71:6A:48:24:0A:3C:E2:4A:D4:05:2A:E2:D7:1E:35:EF + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + c0:0c:a7:28:80:0d:2c:71:66:4d:67:82:ec:c7:30:4f:48:29: + fe:d4:20:82:f2:5c:e6:ef:24:8b:9f:f2:b8:c5:3b:e0:86:53: + f4:b5:fc:67:db:b2:1d:45:77:8a:78:47:eb:63:bb:43:b8:14: + c0:05:ff:ca:7b:d5:1f:fa:df:e7:7a:a5:39:e7:00:ed:4a:d9: + 6d:fd:d1:78:a1:44:f0:71:f4:89:4c:52:d5:ef:99:5c:59:eb: + 80:c4:5d:ed:48:2b:5a:55:0b:d1:df:4a:a5:49:69:f1:67:a2: + aa:ce:9d:99:9b:74:0f:ec:da:60:d9:3e:14:45:a3:6c:5b:47: + fa:d0 +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE +TjMgc3ViQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBQLSL4ocWpIJAo84krUBSri1x417zAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQDADKcogA0scWZNZ4LsxzBPSCn+1CCC8lzm7ySLn/K4xTvghlP0 +tfxn27IdRXeKeEfrY7tDuBTABf/Ke9Uf+t/neqU55wDtStlt/dF4oUTwcfSJTFLV +75lcWeuAxF3tSCtaVQvR30qlSWnxZ6Kqzp2Zm3QP7Npg2T4URaNsW0f60A== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem new file mode 100644 index 0000000000..04a7eb62a5 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem @@ -0,0 +1,111 @@ +subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test2 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT +EGV4Y2x1ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0 +cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCbvVmVPGFgKGPBqkMhQ8HfwsS10dQ7ark92qOnKM0cmOtqxp7Y+5xK +fVwtP4znhPQr3rGzj2x81FCIghi3hwSRBg2O6DhpFdTAXAwHnM0QkUb29QTNqRfW +E4jOPciTY/BonXFJXf+VM61ntdAT4aoVshmiy64p2SBUhRYA/QrYuQIDAQABo2sw +aTAfBgNVHSMEGDAWgBROLqPn2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU3rps +AkOOTOy07L8tC4ckaa3lRqMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCOtc7hRrlpfYG3VtjPhElE0x7R +VEiASfooTBrkKHNkajTVNgolaJq1+1UqMpIFCe0KBUL+k9YQgsjDbr3m/oL7ml3x +9iNWxEjBOH8YRaPvArpcb6HMvMVTdbInB7T/ogFDs2bdUBWt4H2KJLoogGJjLBX/ +NkpGvXdFmxasmv0wkw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+ +WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY +AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX +BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558 +WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0 +ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs +UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW +2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe +Ve3YFugTb2fMnETR7A== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72: + 71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc: + 19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80: + 74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a: + 29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2: + 39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a: + f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e: + e8:eb +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx +X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L +4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem new file mode 100644 index 0000000000..7c2b410b91 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem @@ -0,0 +1,114 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+ +WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY +AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX +BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558 +WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0 +ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs +UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW +2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe +Ve3YFugTb2fMnETR7A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIIDPTCCAqagAwIBAgIBAzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB/MQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT +EXBlcm1pdHRlZFN1YnRyZWUxMTgwNgYDVQQDEy9JbnZhbGlkIEROIG5hbWVDb25z +dHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAyUV/VUccWeiLd97UNg9PsfI5JBKyMkLviLCMbEGIggBG9W+5DKyu +loDjDpVTzzz4pO4/LQqcZgxP61RsM9sdvJTyxHWpU8fEb3CFFPX47WEEdzFEjvay +iqEorgwgt0OuiDc6ygpjvje94MD9/tn2oXGXiZXf225UPJOAg/4G2CECAwEAAaOB +/TCB+jAfBgNVHSMEGDAWgBROLqPn2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU +XNZp2F2DSh5YkgNExED/5j5eRE4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w +DAYKYIZIAWUDAgEwATCBjgYDVR0RBIGGMIGDpIGAMH4xCzAJBgNVBAYTAlVTMRow +GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0 +cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUgQ2Vy +dGlmaWNhdGUgVGVzdDMwDQYJKoZIhvcNAQEFBQADgYEAF0YtbEJ7UriPhjA5X7Ms +bjlEt6/l18J5LUKX6SdvzojVZW6wSnfiinjESVIMS7+nvplPU1D5y6BBzB2jCHZx +uxC/Db9r8CeNek1COMl9nvav4pyuA1e+INl/it59qgfHMZ/pBdsYkYKI3B31oinp +TSHj4AKIIi1y358PHk3BZWw= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72: + 71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc: + 19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80: + 74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a: + 29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2: + 39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a: + f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e: + e8:eb +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx +X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L +4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem new file mode 100644 index 0000000000..66b10244d4 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem @@ -0,0 +1,111 @@ +subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA +-----BEGIN CERTIFICATE----- +MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT +EGV4Y2x1ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0 +cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCTL1HBt+N66tLKmFW98QfimYn+8h4asDqh1Q919/M7TSNyoUAS9y3U +ZCRVwviSwB78P1HReztqDDX7dkKHazvtXY28fVhPwv1lCxj8sh+U3QoprauZoukz +wx6J56XR40wEckL6qf6l2qNeVTuPEQW21ZRBgPEKIqikZYLjl1c/jQIDAQABo2sw +aTAfBgNVHSMEGDAWgBSL47hYVp8Dat892Ac7swc24cu2yjAdBgNVHQ4EFgQU8nNR +dG/7HQqs2Y/HH+yF2vQ6QYUwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQA4Lj7z67AHCPqJNPK30vJT6DzO +BIMzF5uXn1uLFPibVYwzith0bxt+lS6X+XY0D8JVcCoGvQXIajaOz6SQW1Rjl9d4 +/ZtQK/Fa4aWO/SNJ/mUev7+CaFuSpzVNwU6TyY8mBs3THbFis9zVbllRK8ejAkZz +CrLUsdP7tsReU49LLA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3 +pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl +4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi +LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH +NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl +ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn +4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ +Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA +Wofw3VBcFpqgolnA +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22: + dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d: + c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25: + 85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a: + db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17: + 6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1: + 7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b: + 16:a2 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC +bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd +F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem new file mode 100644 index 0000000000..de2503fe99 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem @@ -0,0 +1,112 @@ +subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test8 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA +-----BEGIN CERTIFICATE----- +MIICqTCCAhKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjQgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT +EGV4Y2x1ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0 +cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDRLWTNLHouiD2wN3hJ0jdnrj4fTjlz2+99l/B+6xTOCtwBUJpACTye +HIN9D2KKM0Qmh9stFmyS37OoOs2WPy4d6zXJI09x3ENRMHVD4XL8zIYvdc554XCO +r6r5F4NDD9PXfx7zbY5zIa8xvuuRodLcz7HjxXCATmiy/Ylbq/tAvQIDAQABo2sw +aTAfBgNVHSMEGDAWgBQzKeiMgEymrSeDjSUCZ8XltnYEzDAdBgNVHQ4EFgQU2i3L +WI4ETNSzaANnEBgojWiA0sowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCF1bG1gRn+77BAUXRG0YGUPMgR +9DHNB3htuZ16XVRT2TqgE6hFiTROTrYgQekzo37hAKapBXUk09KjbIEZZWimwkzo +lsh96Mt3Mri/s1KHNnRsPWR7Z9noTDZW2doxIx9IdZnbpceQ/z+E9xHaEZZX2QTU +oFgdRZWQ6koAHlJt+A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIDKDCCApGgAwIBAgIBQTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIERONCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy/f6yuk+ +9T8iA8JCNC3qD0GOvAIXRNgKM4QLcAsVsDZkgrXmmyKyX3e+W5lgLeuzzgLxM9Fc +Pm1NCRAX+AleMx8MI9Vyii9xcNT3KY90roWbXvSiixffCQyKwgjcNazm4nMgcKcY +GCrTnvtjwDq4r0ov0chfZ4FYvOdxRXKJIscCAwEAAaOCASYwggEiMB8GA1UdIwQY +MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQzKeiMgEymrSeDjSUC +Z8XltnYEzDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB +MA8GA1UdEwEB/wQFMAMBAf8wgaUGA1UdHgEB/wSBmjCBl6GBlDBIpEYwRDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBl +eGNsdWRlZFN1YnRyZWUxMEikRjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVz +dCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZI +hvcNAQEFBQADgYEABIMFw3c0vt6dsO0Lzu4cyBPZB6GobaJ9EVCLCKcuwdvmyMgo +YamK8D4AEsT88YhCFji3zELvEeg4P8QsRhtIsr0nto5r+CV02degP3F2XAPQr8gw +qBP/8ejUC0UPnOz3QlkiM4mZ3mN3A3KJPCmPmtRIVst622/8nt4HWGLYi38= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN4 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:33:29:E8:8C:80:4C:A6:AD:27:83:8D:25:02:67:C5:E5:B6:76:04:CC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 7d:57:1e:3d:c5:08:85:5b:0a:d1:cb:66:61:ba:9c:ad:1e:d1: + 7c:28:1c:08:2f:2e:52:53:18:63:ac:0f:c1:fd:30:d2:f1:90: + bd:fa:89:97:c4:2f:73:a9:c7:36:bf:5d:e6:2a:21:f2:d9:81: + ae:f3:47:05:14:8c:ec:fc:80:c9:c5:3d:37:cb:5a:e5:8c:56: + d7:be:e7:ed:8f:f7:21:0f:d6:6c:e3:f8:cd:dc:c6:bd:70:90: + b6:30:bd:d1:76:47:62:33:02:ba:bf:97:41:a1:cf:62:12:21: + 4c:1f:d0:49:a8:b7:50:f9:a3:63:40:5e:f9:0b:5b:ac:de:7e: + f4:27 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFDMp6IyATKatJ4ONJQJnxeW2dgTMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAH1XHj3FCIVbCtHLZmG6nK0e0XwoHAgvLlJTGGOsD8H9MNLxkL36iZfE +L3Opxza/XeYqIfLZga7zRwUUjOz8gMnFPTfLWuWMVte+5+2P9yEP1mzj+M3cxr1w +kLYwvdF2R2IzArq/l0Ghz2ISIUwf0Emot1D5o2NAXvkLW6zefvQn +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem new file mode 100644 index 0000000000..450c232004 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem @@ -0,0 +1,112 @@ +subject=/C=US/O=Test Certificates/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test9 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA +-----BEGIN CERTIFICATE----- +MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjQgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT +EGV4Y2x1ZGVkU3VidHJlZTIxODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0 +cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Q5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCh34/kUYUgkdgErLgpO39ywlNRcYoZme/9B+Qf6xXvtvQsMVSTRlYj +SSl7WicS1s0i8wU0jrejAaH4wKVmEKpUXvDAnMWqnRTgL7EN4ni4vaorV9S5/6+A +qXnmW+4GGg76TP9cj+SQ31mg5DHaHMGc5WeGygDJ0iaYXHqtUczkQwIDAQABo2sw +aTAfBgNVHSMEGDAWgBQzKeiMgEymrSeDjSUCZ8XltnYEzDAdBgNVHQ4EFgQUWfRX +bghjCb+4MfpDq1DFnXXWtZkwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBqpi8ums5mTqAUxfvjuqAIdAzU +vDfiJ9uAvSRyTLckdIKvbvqgn1xK4LFKEHh98dWr48RosYc8wkofI0wHpwYrhYcP +y2kgyqtaTrdeSgbBcBibusuagwpz9o25LUTRTMVg9sq+1yJJYlGHGV9LuTnn/ZcP +vCtQwWgLy74cJC0WvQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIDKDCCApGgAwIBAgIBQTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIERONCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy/f6yuk+ +9T8iA8JCNC3qD0GOvAIXRNgKM4QLcAsVsDZkgrXmmyKyX3e+W5lgLeuzzgLxM9Fc +Pm1NCRAX+AleMx8MI9Vyii9xcNT3KY90roWbXvSiixffCQyKwgjcNazm4nMgcKcY +GCrTnvtjwDq4r0ov0chfZ4FYvOdxRXKJIscCAwEAAaOCASYwggEiMB8GA1UdIwQY +MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQzKeiMgEymrSeDjSUC +Z8XltnYEzDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB +MA8GA1UdEwEB/wQFMAMBAf8wgaUGA1UdHgEB/wSBmjCBl6GBlDBIpEYwRDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBl +eGNsdWRlZFN1YnRyZWUxMEikRjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVz +dCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZI +hvcNAQEFBQADgYEABIMFw3c0vt6dsO0Lzu4cyBPZB6GobaJ9EVCLCKcuwdvmyMgo +YamK8D4AEsT88YhCFji3zELvEeg4P8QsRhtIsr0nto5r+CV02degP3F2XAPQr8gw +qBP/8ejUC0UPnOz3QlkiM4mZ3mN3A3KJPCmPmtRIVst622/8nt4HWGLYi38= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN4 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:33:29:E8:8C:80:4C:A6:AD:27:83:8D:25:02:67:C5:E5:B6:76:04:CC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 7d:57:1e:3d:c5:08:85:5b:0a:d1:cb:66:61:ba:9c:ad:1e:d1: + 7c:28:1c:08:2f:2e:52:53:18:63:ac:0f:c1:fd:30:d2:f1:90: + bd:fa:89:97:c4:2f:73:a9:c7:36:bf:5d:e6:2a:21:f2:d9:81: + ae:f3:47:05:14:8c:ec:fc:80:c9:c5:3d:37:cb:5a:e5:8c:56: + d7:be:e7:ed:8f:f7:21:0f:d6:6c:e3:f8:cd:dc:c6:bd:70:90: + b6:30:bd:d1:76:47:62:33:02:ba:bf:97:41:a1:cf:62:12:21: + 4c:1f:d0:49:a8:b7:50:f9:a3:63:40:5e:f9:0b:5b:ac:de:7e: + f4:27 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFDMp6IyATKatJ4ONJQJnxeW2dgTMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAH1XHj3FCIVbCtHLZmG6nK0e0XwoHAgvLlJTGGOsD8H9MNLxkL36iZfE +L3Opxza/XeYqIfLZga7zRwUUjOz8gMnFPTfLWuWMVte+5+2P9yEP1mzj+M3cxr1w +kLYwvdF2R2IzArq/l0Ghz2ISIUwf0Emot1D5o2NAXvkLW6zefvQn +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem new file mode 100644 index 0000000000..55164dda04 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem @@ -0,0 +1,104 @@ +subject=/C=US/O=Test Certificates/CN=Invalid DSA Signature EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=DSA CA +-----BEGIN CERTIFICATE----- +MIIDNzCCAvagAwIBAgIBAzAJBgcqhkjOOAQDMDoxCzAJBgNVBAYTAlVTMRowGAYD +VQQKExFUZXN0IENlcnRpZmljYXRlczEPMA0GA1UEAxMGRFNBIENBMB4XDTAxMDQx +OTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT +EVRlc3QgQ2VydGlmaWNhdGVzMTMwMQYDVQQDEypJbnZhbGlkIERTQSBTaWduYXR1 +cmUgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEA +vbB6Gzy0SX2N5smRzWMqz0VoZRd5JR2pZblQy69qF7L9wXPemawRZc4n8w8GB+4+ +IDHq2L8Uex+2KP9lRuXNnaUp+C/BCIB1cHBBJwA2Wzqhe0uyoVb9qvDOQuU27zRU +dymarmOqSfc+ruHC+faJMv+ZaHv5zjRd8XwpZHs0ZK0CFQCXYwgNQsqfF7gNfgA6 +5QUzpC5bwwKBgGBfbUNGPILwforCRr06QOuBEKduLdWEZngS7RkwrK5N12jxDw34 +bvbzjzqlldmdKRu8kUG2bhSV9aF/EzvyppEkVBZ0j4NmnQtO/kvigCL12hmSucnN +3Ir4+32prJX4ycxuECJYsbU5LPfHicJT9x5o8Yy4IcxJkzfkL/O3WE1KA4GEAAKB +gC1pr90wK1tDu2BegyCB0M5MOerDtoYTJ+js/5N0yrMApqjdguHSRoq6nyc/33dn +gAlOKsmYuClo4V9v5sQ1rPYYa4Pt9DL105oCu3uZAlASTSqiUc6FV1IYlEEyErXp +JM5sYFEtet0LoIq2QvmcbHx3OZXrTS7ZgvKCNwNFBQ3Qo2swaTAdBgNVHQ4EFgQU +3GZpOXKnsDrffRsT0zC/TrR+oPEwHwYDVR0jBBgwFoAUdBXVJBy9XmWIH+GLCX5/ +6hlITmEwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQEAwIGwDAJ +BgcqhkjOOAQDAzAAMC0CFQC8jW6jJtLFOVb/3gB8Ud6zDADC1AIUXggJS+znTQfq +yuMe+SHndjnV3Gw= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=DSA CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIDhjCCAu+gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo +b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBkRTQSBDQTCC +AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDf5RE+2um2bhDW6p3inTqwR71EAMdWyMxu +0DOEVkc1PfZUyOPCrbu6dfMvMwym+THsZ+PlmW38KW6qV4hyNOKOAJDgo6xkjsD2 +PB2PtMhKSDBef6qcdiYL2xNzM4OXwMWz5jf1Pv8VDdShLrox+KuH2AvMd5hCbqyT +mMK9Lns0CwIVAM8GBNj/i+sA6fZcB5Zz/ZZlOi8HAoGBAMzhfLDOkl9j7Di7RLrd +kjS2Xr5le9hxdwSd7GZ8OwTOtvNS/g+SVQLvThKrXZouL25W83Dsau2bIrioE8sM +nBbqwQqOISZEpQz5oOxi4HAxzGj1C4WkShtuefTB+TZaOG9O74RT32f9zPdZYo+c +nM0Qj1ykD5y3B+xg876vfjmYA4GEAAKBgBHyudi+QivFhL6RAhz8jDJyi6hsIdeI +ihS6MGV1wBw9gmllp6yQehQdhXvlU8Jg/LHPZ6/B8i4IMmo4x5FOO7w8CdD5cW0I +3ydJjQV02L1G0NtRpVO6h/P6XSWDT38KdeWp44mnQXdjQF8rLITSwXF4CttrVxnh +5xQMnsT2MjkOo3wwejAdBgNVHQ4EFgQUdBXVJBy9XmWIH+GLCX5/6hlITmEwHwYD +VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowFwYDVR0gBBAwDjAMBgpghkgB +ZQMCATABMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBBQUAA4GBADo7ch93LLrc7PUdW0XOP3+kP+Sywfqf2ApcmOLufmM60siw4rzA +1ssoITB2Rs3TPQKBiJzMdFKrq8tQ+8TcpXJ9M4SVfbAFB0P0vB4UC2Eg6iSnVJbB +tsZFj12gpqv5Gawo3yUTw34h3opDGSX1pz6eZUIZBFKpAX5gyIpiEBI2 +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2: + 13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20: + 81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5: + 07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca: + ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4: + 07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f: + 7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01: + 38:8d +-----BEGIN X509 CRL----- +MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe +yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq +If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB +6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg +j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: dsaWithSHA1 + Issuer: /C=US/O=Test Certificates/CN=DSA CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:74:15:D5:24:1C:BD:5E:65:88:1F:E1:8B:09:7E:7F:EA:19:48:4E:61 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: dsaWithSHA1 + 30:2c:02:14:46:20:d2:4b:f9:cd:91:09:e9:71:6a:bf:d2:3e: + 88:5d:d0:47:ee:aa:02:14:25:ae:d3:6a:ca:3f:a4:54:41:d9: + a3:57:74:b3:48:ab:c5:9f:01:f9 +-----BEGIN X509 CRL----- +MIHYMIGZAgEBMAkGByqGSM44BAMwOjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl +c3QgQ2VydGlmaWNhdGVzMQ8wDQYDVQQDEwZEU0EgQ0EXDTAxMDQxOTE0NTcyMFoX +DTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZ +SE5hMAoGA1UdFAQDAgEBMAkGByqGSM44BAMDLwAwLAIURiDSS/nNkQnpcWq/0j6I +XdBH7qoCFCWu02rKP6RUQdmjV3SzSKvFnwH5 +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem new file mode 100644 index 0000000000..998b139518 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem @@ -0,0 +1,118 @@ +subject=/C=US/O=Test Certificates/CN=Invalid EE Signature Test3 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICajCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGkludmFsaWQgRUUgU2ln +bmF0dXJlIFRlc3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYuEosZMlo +4XLnLFz0FHAoAVIElosiQpT0Z0p3AtLcG9tCIN83S7m8WXOBhuRBoRLaHQvEnPE0 +n5azBwJ+zhWD4+MglyPcJ1FrO7SPiHOB9UotWr0EG4cjkAVUMrrkFRLfoLIPJqz3 +sNEYnP5qPOe32IGDKbXybjoddfzHbompcwIDAQABo2swaTAfBgNVHSMEGDAWgBS3 +LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUU/uacMtyT3ntU/H7h/8/HstM +ebcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq +hkiG9w0BAQUFAAOBgQBHY2fzJrZTRjpqPLxzU7ZABeS9O/01ZTY/9uYl0JrJsfN4 +WlxaYMtSRcTJceQAvfyrafk1x354iJF+GjW7XIJR9RhGlkQXquT1Pqlv/Z2vpSjq +glf4JuAbERm1V92qP2Acyiphm+P98Pu21c/Vq9xK3Jh/9/GUSOCmPIhvVG00MA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem new file mode 100644 index 0000000000..a9fb2b27fc --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem @@ -0,0 +1,119 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid EE notAfter Date EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICfTCCAeagAwIBAgIBBjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMDIwMTAxMTIwMTAwWjBhMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUludmFsaWQgRUUgbm90 +QWZ0ZXIgRGF0ZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAyCOeDYaml7SOL+2x9UWcwqcMIR9a0vGlP8Do87TNFZz+wiLZ +0nMYVMfnQWT28E37L2tcdoZUM7SW8dlvfMfTKIoSKeXUiD4bRftrWVj4/s9Ipb/h +8Gl9k0GwUmg9gN3LDvdRw2z2CiBtP6xsNJZ9vFW+o5QIhd84r74TPs1H2xECAwEA +AaNrMGkwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE +FP4ipJtrQCKWa5Vq2wk2HfpPnJnGMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO +MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEADdATbChw44x7r1EYA7A2 +1BGzR/9Qmz2Dhd9d1stBum7SiD6Rclpo9A+CfwMmPhzNuaAScE6jL7LGwOYIbKp0 +LczJhPXVy5XLwf+pciCQFDFVc04/qEIugQJm25iQkm6W0E6kpOuwrOlpUU6SRAB8 +AktPedUhRoKNsB06vemChz8= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem new file mode 100644 index 0000000000..6208b7d277 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem @@ -0,0 +1,119 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid EE notBefore Date EE Certificate Test2 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +NDcwMTAxMTIwMTAwWhcNNDkwMTAxMTIwMTAwWjBiMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNzA1BgNVBAMTLkludmFsaWQgRUUgbm90 +QmVmb3JlIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDIwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBAM6vu936ab1N3e528zJ2ryTW9quJh45gf03iwH7dWEYsZpO5 +t9UBImXpFR+j74ZQenhHmcgGQNy58Zc4KwbzxnNMnvW7INMVc36TZzdvq5hfXCsV +SX5gBctkPQ1hgh6LZHLQoUnxJiI7iijUUE6P2p4HfaqfEkh1tQfjivyF2yo1AgMB +AAGjazBpMB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1M9+aFZTHMB0GA1UdDgQW +BBShT/d1PnEn2vh4FZtBbivDFsd2djAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAGYyJnIuxfaHwIyiOnLc +T3IRt4wcrAOMimrliGD1dHOozDxUnNA2gZqA11JYlTJ6QzScfOQ7Wg8XKu3mxA8u +c2A/x1cX9PYiJ5Js37f4OBW3/sWTk+X+9G5iS3cDB4e7LDqCdf+Q4eEGlyEZ8xw3 +FgxmIZrL8hh7RlY8QIAMRc3S +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem new file mode 100644 index 0000000000..e8f2b80b3d --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem @@ -0,0 +1,116 @@ +subject=/C=US/O=Test Certificates/CN=indirectCRL CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD +UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV +EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t +vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD +ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki +QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA +tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc +XHLxTJCox/SL +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid IDP with indirectCRL EE Certificate Test23 +issuer=/C=US/O=Test Certificates/CN=indirectCRL CA1 +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM +IENBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGYxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE7MDkGA1UEAxMySW52YWxp +ZCBJRFAgd2l0aCBpbmRpcmVjdENSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjMwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJR1Ogq33bnWdnMPT8T7u4psSBkPFbwr +6mSgwNE1ZPPI3wkF66/zJAKMPK8LTskPhZ9QVaKvAt2MnLz004Yv+rS2N5H+cvTL +oeXp0h0SbIgwRsgHWNBoOLACifcpIqR+dGuSakGD7dHG+NClC6jVJp8mf9EzxW84 +bjJvdhmADg7LAgMBAAGjazBpMB8GA1UdIwQYMBaAFGzBFF/Ypy3ghpMZXAvwSbkl +W+gcMB0GA1UdDgQWBBTbRhIag+0VzAQ6Vki6uTqYN+IjxzAOBgNVHQ8BAf8EBAMC +BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAGxw +5QQhnpLypGVABOGVcbBYU+WO8Wkdo3htkGA1XHJSVggDQSbnHzX+1V/ETnAicQrh +6ktOuzBTCLOG5TjmgKKcnS5y7rIndkGZ/3lo3DJydBzVGoLVUs5FWAvuWjIikQZO +BEymYFtHwJh7iV0ma8n5No+re9BhnsQuWIfS7YXX +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0.... +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5: + c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28: + a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2: + 6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13: + 25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e: + 9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89: + a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e: + 87:e8 +-----BEGIN X509 CRL----- +MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy +MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ +uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF +AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF +lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b +IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem new file mode 100644 index 0000000000..ec66261d9d --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem @@ -0,0 +1,137 @@ +subject=/C=US/O=Test Certificates/CN=indirectCRL CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD +UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV +EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t +vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD +ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki +QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA +tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc +XHLxTJCox/SL +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=indirectCRL CA2 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD +UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE +/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW +Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80 +7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD +VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y +YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA +nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc +0meAGzOu5kHt +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid IDP with indirectCRL EE Certificate Test26 +issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2 +-----BEGIN CERTIFICATE----- +MIIC4zCCAkygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM +IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGYxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE7MDkGA1UEAxMySW52YWxp +ZCBJRFAgd2l0aCBpbmRpcmVjdENSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjYwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJWG0QMGGkC8v7EYNdgiIW21p0tpEHdc +A5GWLdFuWvXKCk0fjKc6H/xux8sQgSPzqQkSVwRCvoQZuP8YbELalcOpbU1KN+NY +xJUjVXB1FZwvz+9tBl8EXV6h+WdvQ5i0H9q5HIhiRqKx3ol2pTbnbE7Tq2lSeFZs +J9pjj19d2bEvAgMBAAGjgcMwgcAwHwYDVR0jBBgwFoAUwa+CD9XTTxDwMWI8WIm5 +inS7nAEwHQYDVR0OBBYEFNqqzRuM3BRGiQozMByWP0u9kYvjMA4GA1UdDwEB/wQE +AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwVQYDVR0fBE4wTDBKokikRjBE +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNV +BAMTEGluZGlyZWN0Q1JMIENBMXgwDQYJKoZIhvcNAQEFBQADgYEASYGU+PXCspmb +cqsXmUr/HLCeEc9QXXTDPtkqweBOdgVc27fLaugIkTOEcwkHnxGBst2VRxbG7TXR +sdcakIKE52+VN4ll8u/oPLs+rp+Fp4Xe9nMj0scOzjcSzBRMTN1VtpVoFUM1Jp5T +JFEnAXzAMD3ex1dtQYriGo4yHKWcpkc= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0.... +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5: + c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28: + a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2: + 6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13: + 25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e: + 9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89: + a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e: + 87:e8 +-----BEGIN X509 CRL----- +MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy +MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ +uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF +AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF +lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b +IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem new file mode 100644 index 0000000000..81cb0d51d7 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem @@ -0,0 +1,115 @@ +subject=/C=US/O=Test Certificates/CN=Long Serial Number CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVTG9uZyBTZXJp +YWwgTnVtYmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1mCudsqPk +irIFe3XQBPzhyyRQyreJH26B3Yg6kYq1Obd6I1j7Ber4BDVyCCAvnS6rNkzsbaJf ++sWVf27Vug0uhasZx/3XGc0DbhZNr5iYknU1LEh8Ccq1Oymq0LPolAHqaJNOaYpb +K5Fq0P0RDcBK/ENgmtdY0CJrR7MWUTttqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU3z1I++My57kmUova7PgJT7PH +36YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHJqd5P8eBN05uB3+fPCfVjO +qX7csbAx6X1LNibOoWDlB9Y6fElHQS+i8HDPmIIdC7N/9xoCW/fhzZqb6VKDQXNM +9pwf6jOJKnNQOaQISdoIvj2Jn1FoE4Bo1SGGQo6ZgCWfXPA1TE93BXTua9Oa+FZ5 +fhG3y3gMYLC6ciKePSDf +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Long Serial Number EE Certificate Test18 +issuer=/C=US/O=Test Certificates/CN=Long Serial Number CA +-----BEGIN CERTIFICATE----- +MIICoTCCAgqgAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEF +BQAwSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w +HAYDVQQDExVMb25nIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcN +MTEwNDE5MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0 +aWZpY2F0ZXMxOTA3BgNVBAMTMEludmFsaWQgTG9uZyBTZXJpYWwgTnVtYmVyIEVF +IENlcnRpZmljYXRlIFRlc3QxODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +2sI1yl0rje3fSYBkT9yPudlTELF0ndMo5oaWr8vE9UjhpBrgSFFtYu6GZAbqeZEB +i0faI9SWBl06pWZj47auSdPeU0Akrzn6If3Vc2eVJKCtAHQuxnd9dToJDqjIiA0z +YVT7YTE7zLs9d0HHhDhM/VYqBKqtqrOTEhss0ryQRSsCAwEAAaNrMGkwHwYDVR0j +BBgwFoAU3z1I++My57kmUova7PgJT7PH36YwHQYDVR0OBBYEFLVbztWeCD3WQICU +BucmQT4POFoDMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDQYJKoZIhvcNAQEFBQADgYEAZjyhu29ssno3io8WqDGabhCgGRL6lS3tgEsq +k5sxDXO5xgZf//iGlwXTy8w2H+MZ/SX+2acfmFnALYXcGkK5ZHjKQjMOpJZwF/kB +mzJP4HDEVY5lsvPyVKYqks4lRkbJOMXVBh3Ub5/ag1eOcTeljYhwU66DUMByVzQP +1RwAcK8= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Long Serial Number CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:DF:3D:48:FB:E3:32:E7:B9:26:52:8B:DA:EC:F8:09:4F:B3:C7:DF:A6 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 7F0102030405060708090A0B0C0D0E0F10111213 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 7a:20:63:9e:55:8d:d1:c3:ab:3f:37:97:45:61:6c:a3:21:9f: + 83:bd:ce:63:48:7c:a8:ca:36:15:02:3b:1b:51:66:e0:23:df: + de:ea:86:72:e6:92:9a:63:c7:0e:31:30:ee:62:83:1c:3e:23: + 20:29:23:ec:aa:2e:f6:18:ba:94:45:e7:af:5e:44:0d:3c:2b: + 13:6b:8c:7c:7a:6d:a2:f7:b5:9e:ea:d6:f9:9d:4d:31:91:8f: + ea:4d:b7:ef:5f:5a:2e:63:fc:37:02:5a:db:a6:3e:de:6b:a7: + 84:83:d2:a7:5b:e2:07:85:9f:0a:03:f0:33:53:eb:a3:d1:d4: + 16:02 +-----BEGIN X509 CRL----- +MIIBeTCB4wIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJl +ciBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA1MDMCFH8BAgMEBQYH +CAkKCwwNDg8QERITFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8G +A1UdIwQYMBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAHogY55VjdHDqz83l0VhbKMhn4O9zmNIfKjKNhUCOxtRZuAj +397qhnLmkppjxw4xMO5igxw+IyApI+yqLvYYupRF569eRA08KxNrjHx6baL3tZ7q +1vmdTTGRj+pNt+9fWi5j/DcCWtumPt5rp4SD0qdb4geFnwoD8DNT66PR1BYC +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem new file mode 100644 index 0000000000..792032e282 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem @@ -0,0 +1,109 @@ +subject=/C=US/O=Test Certificates/CN=Invalid Mapping From anyPolicy EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=Mapping From anyPolicy CA +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU1hcHBpbmcgRnJv +bSBhbnlQb2xpY3kgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBn +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPDA6BgNV +BAMTM0ludmFsaWQgTWFwcGluZyBGcm9tIGFueVBvbGljeSBFRSBDZXJ0aWZpY2F0 +ZSBUZXN0NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtfiBNk2i7y/WBuI5 +GCW0+6q3VwFnT3frj/wV+Ie2r2bKy2iasXlilOldX5jcywoO2qcMHUmoeK2eE6rM +/ffDK4Zd4EhJJ5RJdgoWhjBpfKNGD73JlCIAVGGooCiVx9zJICN9DFl/X6hybpM8 +Gs/BWxcHB7vzpzCGqKwI91lstiUCAwEAAaNrMGkwHwYDVR0jBBgwFoAU98GrNdgv +hgNaNjdZb8HBpG2kpEgwHQYDVR0OBBYEFNuifbLkKO+WtPZNnKM58l/XwUD6MA4G +A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN +AQEFBQADgYEAXZ+i/Dd4d11xpuKLT90bOID/badZcsjgBbJ2hTG4JhzrHQN6kxzI +Xt3L5FBaqgg1SfvC0K6/eex8SDEdEJ5LlbmflMths7r8DICoo3Dyo+y/G6ziqRR7 +fOrYKBk6zhliAHXNqrtQ/fUCCNke/OMk62U7WgbaQuELj+tzZHPHShA= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Mapping From anyPolicy CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICrjCCAhegAwIBAgIBMzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZTWFwcGluZyBG +cm9tIGFueVBvbGljeSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmMII +TPwdFq+61dFOwrrjLrVHakDcX3fO14s58oprgJ0Qcm88Fjs1+HyurbqB1r7rySfg +zIZhJjb6ZZqV4qwd2fyQGhYHSctVTxOfxYc+JnK/eLQ09eCM0Uv2U2e9AyyObT0A +Gt8DpfnfiMrkyadyKRICC/6dOHLb/OnT82jrw/UCAwEAAaOBqjCBpzAfBgNVHSME +GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU98GrNdgvhgNaNjdZ +b8HBpG2kpEgwDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgwBgYEVR0gADAgBgNV +HSEBAf8EFjAUMBIGBFUdIAAGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAP +BgNVHSQBAf8EBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAImTlpjaX4CkEQLrZZsd +iyLe+gkOFWF7maBKcZQcCHDUNuIGFeYmRqB+eXsYqooAvYOUfSz30L709ODiWLH4 +Zm5y79xssrJYzS+sDfDHmNMjKo/U9Dj4nVO+ln6PGGe8PPW7P04gUXcQjJFHCLfh ++czJLt8J7JUOUznIvSEIIsto +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Mapping From anyPolicy CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:F7:C1:AB:35:D8:2F:86:03:5A:36:37:59:6F:C1:C1:A4:6D:A4:A4:48 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 05:b0:d2:68:c9:a0:5c:dd:e8:e0:e1:ed:95:35:cd:01:70:d6: + 24:88:d7:37:d3:05:59:04:38:c3:51:64:ca:aa:c4:07:31:80: + c5:12:d7:9a:38:5f:67:c7:dd:0b:05:98:71:a1:b3:65:dd:09: + cb:87:c5:8a:e2:bf:26:27:0a:56:0b:8d:c3:46:b1:75:4f:f3: + 03:5b:3d:ec:84:f9:e1:03:ee:a1:8a:c7:e9:22:6f:29:b2:6b: + 64:02:e4:aa:7b:5e:bd:84:fe:af:a9:25:98:7d:7b:b8:f0:ef: + 3f:df:f9:26:a6:84:d0:16:6e:b9:2d:bd:15:95:8f:47:7a:a8: + 28:28 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU1hcHBpbmcgRnJvbSBhbnlQ +b2xpY3kgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFPfBqzXYL4YDWjY3WW/BwaRtpKRIMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAAWw0mjJoFzd6ODh7ZU1zQFw1iSI1zfTBVkEOMNRZMqqxAcxgMUS +15o4X2fH3QsFmHGhs2XdCcuHxYrivyYnClYLjcNGsXVP8wNbPeyE+eED7qGKx+ki +bymya2QC5Kp7Xr2E/q+pJZh9e7jw7z/f+SamhNAWbrktvRWVj0d6qCgo +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem new file mode 100644 index 0000000000..9981bba023 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem @@ -0,0 +1,109 @@ +subject=/C=US/O=Test Certificates/CN=Invalid Mapping To anyPolicy EE Certificate Test8 +issuer=/C=US/O=Test Certificates/CN=Mapping To anyPolicy CA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF01hcHBpbmcgVG8g +YW55UG9saWN5IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD +EzFJbnZhbGlkIE1hcHBpbmcgVG8gYW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRl +c3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1bl/gTqVbi6yVtJxnXxNx +DlekTcCxPmcwCs7HEqTWzpbyvYxgoXfNIP7bjtabs/IK9+SG1YQpqAHt/UFImBzC +jdgEBzfRwt2eGR4wSeGN09s2jAjT2aq9dbkF+Ib99D2DNKjlPKBbb4GeNWnNEDno +yf4eZEPAx8P3QSsAfUqocQIDAQABo2UwYzAfBgNVHSMEGDAWgBS6gMx6LKdjWhCr +Tj+ExFNVCmn6HTAdBgNVHQ4EFgQUm+ENjbV3/gxDFuaWw6Dwa1YRk3swDgYDVR0P +AQH/BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQCQ +H92kSHC9YZU7taUlRQda3eEkg775JMosyIMd1DwSzbT/wRoWU7/6BnsV99dq1Ja8 +2pZn316o7wfz6POeSg/VzNFd4HC+j84NTUMBrFt/SSdoqh1CkUXNAKbqffDzn4gN +Sry4MX5zRGXwI3GYFol9TnNutj6HQl9Tr3iolkPufg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Mapping To anyPolicy CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICsjCCAhugAwIBAgIBNDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXTWFwcGluZyBU +byBhbnlQb2xpY3kgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJrojWZR +mKqz0wTzKWxK+BvdLHiNYkl7deU8v1nJqthPCd0D2ZxiM1IwaskiG9Nm+sO+91AZ +pk/QFCW8XKa70to819onqj29QyYeO8ukMtlXuLI0pXVjyN4cWxfHH9o5IUH897/t +hcTbFWYC1+TqZUNaPASnCw67YZejfdZZtD4VAgMBAAGjgbAwga0wHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFLqAzHosp2NaEKtOP4TE +U1UKafodMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +IAYDVR0hAQH/BBYwFDASBgpghkgBZQMCATABBgRVHSAAMA8GA1UdEwEB/wQFMAMB +Af8wDwYDVR0kAQH/BAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQC4HMzKV0x+spl2 +wCvBKf+ArCiSCklHEDKpj3HrJ7zIH1lqU73rZjOJQB3hsnSMYEB+ch4DQNDzOQIB +bGspRwEeTIRjZ1u6CZ9h+kIVu2R4eyfq9mNYOvYFeY/kB/zwrMQnoeJtJ9sQ6IQi +rwtT53uxl1gZv4pBZRIURDq8KEyoUQ== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Mapping To anyPolicy CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:BA:80:CC:7A:2C:A7:63:5A:10:AB:4E:3F:84:C4:53:55:0A:69:FA:1D + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 92:da:09:1f:2a:48:11:8d:5a:7b:8f:a6:74:bc:32:70:4a:03: + 30:8b:f1:26:b4:cf:a0:9c:9d:89:84:98:71:48:4f:93:09:59: + 08:c0:07:e4:65:bf:12:ca:49:90:3d:36:f3:31:83:3e:34:b3: + 9a:df:d3:a4:f6:7d:cb:ee:5b:1e:cf:e0:70:25:94:0e:0e:54: + 9c:32:4a:50:41:ea:bf:f4:57:d3:53:02:7c:c7:bc:d4:04:a9: + 9f:36:51:04:26:6f:37:1f:62:8a:ea:f7:7b:2f:d1:24:53:17: + de:db:e1:ce:89:00:3e:71:23:73:b2:da:af:79:f7:4a:2b:a4: + 2a:bb +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF01hcHBpbmcgVG8gYW55UG9s +aWN5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBS6gMx6LKdjWhCrTj+ExFNVCmn6HTAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQCS2gkfKkgRjVp7j6Z0vDJwSgMwi/EmtM+gnJ2JhJhxSE+TCVkIwAfk +Zb8SykmQPTbzMYM+NLOa39Ok9n3L7lsez+BwJZQODlScMkpQQeq/9FfTUwJ8x7zU +BKmfNlEEJm83H2KK6vd7L9EkUxfe2+HOiQA+cSNzstqvefdKK6Qquw== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem new file mode 100644 index 0000000000..77a888caf9 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Missing basicConstraints CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcDCCAdmgAwIBAgIBFjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbTWlzc2luZyBi +YXNpY0NvbnN0cmFpbnRzIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO +9yKuCeu6dhjdDO1FYBjOw7a3vWSCZ6ukoQAD5724THVzb548yc2GIGKHC0mWgXiX +fB6PBIQAwAhwCIetZaZICbOaJLAEgrfYEc2BK1uYPcnPDq3akXxh5lwFwL8N/xT9 +ajSDOeq+fWCIH4K3cgzvQFksXSMBrCLeSqRqpxg7aQIDAQABo2swaTAfBgNVHSME +GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQURqBdN9KpBRGTRazt +XDHnzRcB9gEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATANBgkqhkiG9w0BAQUFAAOBgQCIvIvzmMIwJ8YV4vFP0812ct/Jsheq3QAcCH22 +0akUpHCoryoLL8cVkdCCP6lG5QD0BdEszwovHnuu6X1kPCe/85mpvlueAMAcr3Wh +sSZA7vot2fdmAqwje/64fADpW2pI3muEixUfmNSMsjXFzGSFT2tWJ1XNfFAI9EYK +j0nmiw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Missing basicConstraints EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=Missing basicConstraints CA +-----BEGIN CERTIFICATE----- +MIICmTCCAgKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG01pc3NpbmcgYmFz +aWNDb25zdHJhaW50cyBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MGkxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE+MDwG +A1UEAxM1SW52YWxpZCBNaXNzaW5nIGJhc2ljQ29uc3RyYWludHMgRUUgQ2VydGlm +aWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIu/B3NsTKFd +3NwujgznvY/HGzG+YIVddeXJ/bIUYqj0gIh6FNebF1p5DnC4tljBvuux5UMrmGOi +6/MoDmiVL8VyVr87z69Hx4DKUjwmHa8KOQ8L5KcklyNCiqovL+IWvl/ifcvU3tQ2 +olOq4vjYRupu8NdmpY4IZl6UQScR5P6lAgMBAAGjazBpMB8GA1UdIwQYMBaAFEag +XTfSqQURk0Ws7Vwx580XAfYBMB0GA1UdDgQWBBT7lvAQxDdV8M61puLxGf+ZGq5u +WDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG +SIb3DQEBBQUAA4GBALqhV3pig7Li1sMxfgarLLYB4xxjsbFinx7EtEDlju0sTe3j +F7e9rh62n7fnZqZ8KSyRCikPu3r3qBCLx2TV+i31inM/GqvU2yrBGdVm9HUi2CSp +YUePLjOyojWECk+rYNq3vVYFVKJkonzfR3533mruAKakqDJ0PQLTEx84ugv9 +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Missing basicConstraints CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:46:A0:5D:37:D2:A9:05:11:93:45:AC:ED:5C:31:E7:CD:17:01:F6:01 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 94:49:47:9b:06:de:66:8d:df:13:40:35:7f:95:83:f5:1c:92: + da:0d:33:78:99:cd:9c:34:02:32:14:17:ea:86:48:3a:9e:ba: + c6:5a:de:0e:5b:68:0d:1e:9c:f5:07:b6:81:e3:47:fe:29:45: + aa:c4:51:01:21:b6:70:ed:1b:28:cd:c1:81:f2:43:e7:12:00: + 48:78:7b:6e:28:5f:71:8f:f9:56:2a:22:8f:3a:7c:8b:8b:7c: + 8a:f4:2c:23:67:c7:b6:b4:85:02:99:d9:48:01:29:c8:6c:ad: + be:24:a7:3a:8e:56:ea:92:4b:e4:8d:d8:9b:f7:17:b3:e9:b5: + 87:fa +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG01pc3NpbmcgYmFzaWNDb25z +dHJhaW50cyBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAURqBdN9KpBRGTRaztXDHnzRcB9gEwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAlElHmwbeZo3fE0A1f5WD9RyS2g0zeJnNnDQCMhQX6oZIOp66 +xlreDltoDR6c9Qe2geNH/ilFqsRRASG2cO0bKM3BgfJD5xIASHh7bihfcY/5Vioi +jzp8i4t8ivQsI2fHtrSFApnZSAEpyGytviSnOo5W6pJL5I3Ym/cXs+m1h/o= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem new file mode 100644 index 0000000000..ce0428ec3b --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem @@ -0,0 +1,119 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Name Chaining EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=Good CA Root +-----BEGIN CERTIFICATE----- +MIICfzCCAeigAwIBAgIBCTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDEdvb2QgQ0EgUm9v +dDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF4xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEGA1UEAxMqSW52YWxpZCBO +YW1lIENoYWluaW5nIEVFIENlcnRpZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCtoV9f+SA4KyB9i+bRylcLprvUHWg6W/anXTtNepZjeYRI +h45BCVfF9mYQIoBvqYkSOdB64I/qUShwGf3kj75YiGotm1AzP/e8A1dIyvdxVT75 +vZwCWaOjqX5wEyaGnXS2u1NDzvZ/5JBtwo1KumaVAd9bLw2nhHAwbJ65Hx1eWwID +AQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4E +FgQU0QFCXwgNnxwQuYUlKF7ehgYiFvYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQB8cokOobcm6ZNTDk59 +Ieo9rWzeCUeh8ku0vO2bp0hyVadPHfCvXRRFlWZ6WKMTkBXOs/i5gHEtEGB9cLDO +kmOOHijG06pi9KyYqh54As2hG8wKngUEyOZsIkKK6JfdMx9besNZ5lQlSK3SZpV4 +wTIx6poqzlbJx24yad7rPgiUxg== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem new file mode 100644 index 0000000000..dd9f0a5d86 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem @@ -0,0 +1,113 @@ +subject=/C=US/O=Test Certificates/OU=Organizational Unit Name 1/OU=Organizational Unit Name 2/CN=Name Ordering CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICwTCCAiqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGOMQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAsTGk9yZ2FuaXph +dGlvbmFsIFVuaXQgTmFtZSAxMSMwIQYDVQQLExpPcmdhbml6YXRpb25hbCBVbml0 +IE5hbWUgMjEZMBcGA1UEAxMQTmFtZSBPcmRlcmluZyBDQTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAz4GBJOnsdl/i9wT8fK6n4zN5AHkLGLTaV9MLbBL5heti +HmMEj4t80NsHynN8WrNyxjxjeDoAnlUixCHAT6totgzgeWKumN7Pt48lWyP7K9eV +j0mJ/e0X8EYCrm1idgjBevSpFpC8sT0m7Lgo60wWBrYqKBE2OW2oLqjK2a9itJkC +AwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0O +BBYEFP/4JkT0Lojo+NeoS4SRoshoYlphMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE +EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF +AAOBgQCrzt7jsc3zpys78suxiiHSl9hYrO0L3UJE4TYhMKsTdu2r1KStNCY1MA05 +8U2gLxTSvnibuRTn81AHALvjm5bd3oiKFRr3ISzo9SkBx6wXO7x23f26giO4h6WR +Yjce1wWutjpvkyXJWxLqKD5eE2PVqwjujs3eiNAV0KkiQTqZkQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Name Chaining Order EE Certificate Test2 +issuer=/C=US/O=Test Certificates/OU=Organizational Unit Name 2/OU=Organizational Unit Name 1/CN=Name Ordering CA +-----BEGIN CERTIFICATE----- +MIIC1DCCAj2gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSMwIQYDVQQLExpPcmdhbml6YXRp +b25hbCBVbml0IE5hbWUgMjEjMCEGA1UECxMaT3JnYW5pemF0aW9uYWwgVW5pdCBO +YW1lIDExGTAXBgNVBAMTEE5hbWUgT3JkZXJpbmcgQ0EwHhcNMDEwNDE5MTQ1NzIw +WhcNMTEwNDE5MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD +ZXJ0aWZpY2F0ZXMxOTA3BgNVBAMTMEludmFsaWQgTmFtZSBDaGFpbmluZyBPcmRl +ciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAlIUiHjq7IwwwfDgHAnDwX3nPnYsaZ6Bu8w8lZNS/15MDdOmQg71tVoCIC0he +PJBMDiqwuUQ3pbgsavDR26tQnAXGzmJllHIFry4XfdUozW3Du9KUR4eFHDkgiQCj +IXj4VSgaMAXyDSGO8tQpZvweKQLreeur5220Pf3K7zabhcMCAwEAAaNrMGkwHwYD +VR0jBBgwFoAU//gmRPQuiOj416hLhJGiyGhiWmEwHQYDVR0OBBYEFEu0FDAWAxWm +n1pTTcqqIcZ0G7JJMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl +AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHrnqIOietTCGSRZ38iulDWfnU8JraF8Z +x0MJGiOWHh5iM21Rfwux8XyoJ022fncuDoZAsUjriRwBn3u0faPPFouOEEVMglWU +woUFoMYymfDUYmA+kavP7A4gRhSfhi4JJJHdb1AbnNkHbMfIBRSz48wsphGJEyk/ +NE5gmcum3Bg= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=Organizational Unit Name 1/OU=Organizational Unit Name 2/CN=Name Ordering CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FF:F8:26:44:F4:2E:88:E8:F8:D7:A8:4B:84:91:A2:C8:68:62:5A:61 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + b4:c4:1d:56:f0:e3:a4:27:bc:09:13:d4:99:6e:6a:94:5c:0a: + 5e:33:09:0a:a0:6c:df:0f:3d:a5:03:15:e8:da:cd:53:10:e0: + 26:82:d4:82:34:2e:75:62:f0:8d:a5:b0:17:ba:77:e5:1c:b2: + ca:d4:71:78:2c:fb:3c:cb:51:58:4f:1f:b8:90:22:7e:60:c1: + 60:03:64:04:58:60:3d:a8:36:c4:37:6e:b4:c1:28:0c:4d:16: + 89:5e:31:4b:1a:7d:4d:33:35:8d:0b:92:38:90:f2:70:e1:f4: + c6:14:7e:fd:3b:9c:c2:d7:da:8f:ce:1f:6d:36:3b:ce:5e:28: + 1b:fb +-----BEGIN X509 CRL----- +MIIBiDCB8gIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSMwIQYDVQQLExpPcmdhbml6YXRpb25hbCBV +bml0IE5hbWUgMTEjMCEGA1UECxMaT3JnYW5pemF0aW9uYWwgVW5pdCBOYW1lIDIx +GTAXBgNVBAMTEE5hbWUgT3JkZXJpbmcgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQx +OTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFP/4JkT0Lojo+NeoS4SRoshoYlphMAoG +A1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBALTEHVbw46QnvAkT1JluapRcCl4z +CQqgbN8PPaUDFejazVMQ4CaC1II0LnVi8I2lsBe6d+UcssrUcXgs+zzLUVhPH7iQ +In5gwWADZARYYD2oNsQ3brTBKAxNFoleMUsafU0zNY0LkjiQ8nDh9MYUfv07nMLX +2o/OH202O85eKBv7 +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem new file mode 100644 index 0000000000..9310adbf42 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem @@ -0,0 +1,114 @@ +subject=/C=US/O=Test Certificates/CN=Negative Serial Number CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfzCCAeigAwIBAgIBETANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZTmVnYXRpdmUg +U2VyaWFsIE51bWJlciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw5yD +rVmP3dVETqSrKKVXvXWAnpc5K5Xh6mhHBvy/YpoERigE1MP8A/6eE3mY6OnMJVAh +QJRWniYBrIDg5zR873cTAbn1O7MwSfs3LLxEO81iAf2k4nFFxAGtQp5AUwx0cQVK +8oMVty8BEcAkazVA87HQgpycQySqDLmklHNqkncCAwEAAaN8MHowHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJCMpyNNS/fqobISh7nA +0w4zWMuCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBYz9xXPhMcniA6W0RG +0A59JbhJJpAZmnLBusWQjWYIZsVit1M1OXc/zDGAP/ik3blednL+t+wbdJc1qg9m +4bgoXS14lg+6IGMF2VWcoKkDJDIHpkVrdQc9WGNm0qqPyHGW0ggbi5VrBv1potkF +xBtl1WkY3ZTLuI71pJ15ebGZ/A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Negative Serial Number EE Certificate Test15 +issuer=/C=US/O=Test Certificates/CN=Negative Serial Number CA +-----BEGIN CERTIFICATE----- +MIICljCCAf+gAwIBAgIB/zANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU5lZ2F0aXZlIFNl +cmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBo +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNV +BAMTNEludmFsaWQgTmVnYXRpdmUgU2VyaWFsIE51bWJlciBFRSBDZXJ0aWZpY2F0 +ZSBUZXN0MTUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANKczL4/N4jrniwj +6tO7tR683qVrEG+1DB4XcrWL4wENZS5O2qkppGZD7cOXkGuOemheT0QGmaEtQjOa +yRVw86jvq4n3iQdSEvRb6C2GtYQ7hFASTBsQn4qKbcldkhv+XQAzLMc65GcFv0l6 +n0xR1miZq8E0mDxBLg9J5iv6abyHAgMBAAGjazBpMB8GA1UdIwQYMBaAFJCMpyNN +S/fqobISh7nA0w4zWMuCMB0GA1UdDgQWBBR1iOR4fH+ykQ1KqxHgeC1Wl2TuQzAO +BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3 +DQEBBQUAA4GBAAAfyUd30ByRjggXgiu4vNE7KBbaY6fbiYYugGriPx/HPPIJM3M9 +3W2m85AhLW9Qt/dpaXQGeICkDfrLrpTCV8MWnedoVwQMBla8v5QNs4pUdkTXuV7R +9LZqxgeDvUTEadGrNLjZ4WumiFApRA+DRjJE0LsnS58wWtklsYDoHJtH +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Negative Serial Number CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:90:8C:A7:23:4D:4B:F7:EA:A1:B2:12:87:B9:C0:D3:0E:33:58:CB:82 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: -01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 7d:55:77:de:74:f8:ae:25:02:35:ad:53:74:92:6f:89:f9:ed: + b3:4c:bf:a7:70:b1:0e:20:4a:c3:03:7f:a9:99:01:5b:5a:a0: + 67:df:cd:74:08:d6:80:2d:ca:f7:c0:be:9e:68:35:d3:79:89: + 45:a7:6e:f2:75:86:e5:28:d0:00:2c:96:14:03:96:eb:75:d0: + fa:a7:78:f8:50:e7:70:6b:cc:1a:9d:8a:30:1e:c5:5d:22:a9: + ef:dd:07:48:85:87:d6:2f:15:02:d0:07:81:2c:bf:fa:c6:ce: + 49:03:44:08:37:f3:f3:79:b1:61:ab:c7:f9:21:29:3f:4f:cb: + 36:c0 +-----BEGIN X509 CRL----- +MIIBajCB1AIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU5lZ2F0aXZlIFNlcmlhbCBO +dW1iZXIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgH/Fw0w +MTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFJCMpyNN +S/fqobISh7nA0w4zWMuCMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAH1V +d950+K4lAjWtU3SSb4n57bNMv6dwsQ4gSsMDf6mZAVtaoGffzXQI1oAtyvfAvp5o +NdN5iUWnbvJ1huUo0AAslhQDlut10PqnePhQ53BrzBqdijAexV0iqe/dB0iFh9Yv +FQLQB4Esv/rGzkkDRAg38/N5sWGrx/khKT9PyzbA +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem new file mode 100644 index 0000000000..43f4c11eeb --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Old CRL nextUpdate CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBDjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVT2xkIENSTCBu +ZXh0VXBkYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3mWvvYS5A +sFNH3PbxcSFtUQ/3TzWlO4y6wINHN6Ypk9Okpx3uHSwBpkQ1N0htmUhGQYFyhzBx +ATrb4vlB4KzylhOwfX0F4cYko464NaCZNL7OzwjzOCgZ8097o6RD+Z2vsM0GmOeD +ycpB9yeqLhC4e30k8dFJqxzCAEJC0Et5swIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwGrz/yOO0EdEUB5DUcJ8XjGJ +zAcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADOSGYLxhRxOj7gm33bTOeiQ +PIlmAlvVtqg+44hgkcovBETHehNU1xBQRF/tdPACobZUA1/0YoyNZTHIY87qLDkJ +Ks0twBDEHmgmadu+IKhutKIZzHSsU9xVfyipeAX7BfgDDeEaRdyPCan3KO9hpbhS +CruOE+/WuIQiY2bS2SPs +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Old CRL nextUpdate EE Certificate Test11 +issuer=/C=US/O=Test Certificates/CN=Old CRL nextUpdate CA +-----BEGIN CERTIFICATE----- +MIICjjCCAfegAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFU9sZCBDUkwgbmV4 +dFVwZGF0ZSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMw +SW52YWxpZCBPbGQgQ1JMIG5leHRVcGRhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDEx +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvSHDwBMR2xa4zMZPJ+4WCtp4V +RyIBBXrHretH519ipC4dqURqRrI7/N9ApYs6t/xevUxi+T2rDzXZB8L6x3AhE+BZ +xOknZ/gpSN3du4ofSeM8DT7vzkwkj9S+bdEcU480Om0P40OwnQUIiR92HM8xO5r1 +qNrXauV14rf3F461HwIDAQABo2swaTAfBgNVHSMEGDAWgBTAavP/I47QR0RQHkNR +wnxeMYnMBzAdBgNVHQ4EFgQU/pqWPiQxXU/VEoME39jSmPZFApEwDgYDVR0PAQH/ +BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOB +gQC2hDiZpMieKwCdZ3STNKZnLhmmgmcxMnshFx6iQ2B8XIbpY8fNvTUCPf9MMEvP +a+1O7EDTEdrQCEpnKZWExBuB5qpOeP6ddjsedieij7YZUsPCn8aYxz3Cc8uBailz +2ooOjU9ubv3hI/vnWXYKhZZwPdognMfenzqgqVonVkrt7A== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Old CRL nextUpdate CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Jan 1 12:01:00 2002 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:C0:6A:F3:FF:23:8E:D0:47:44:50:1E:43:51:C2:7C:5E:31:89:CC:07 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 09:dc:b4:50:29:96:87:a1:e0:b8:2e:39:6e:17:6e:95:7c:a2: + 45:a8:24:5d:ce:da:6a:00:6f:8c:7a:19:77:5e:d8:d6:ff:63: + 12:a5:68:c5:3e:e2:17:87:57:98:08:d7:2b:26:2e:1b:3d:12: + 56:39:9c:93:8c:0e:c4:ed:19:af:37:4e:9c:2e:4a:54:85:8b: + 54:2f:b2:a5:c9:ca:5a:9c:d2:a7:76:c5:00:1f:92:c0:cb:3e: + 1d:0f:69:63:4c:f9:40:fe:40:d7:17:fa:ae:b2:5f:e2:f4:8b: + 01:b1:2f:bc:7e:8a:b4:05:1a:97:21:8a:84:66:94:ec:5f:fa: + 4d:28 +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFU9sZCBDUkwgbmV4dFVwZGF0 +ZSBDQRcNMDEwNDE5MTQ1NzIwWhcNMDIwMTAxMTIwMTAwWqAvMC0wHwYDVR0jBBgw +FoAUwGrz/yOO0EdEUB5DUcJ8XjGJzAcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEACdy0UCmWh6HguC45bhdulXyiRagkXc7aagBvjHoZd17Y1v9jEqVoxT7i +F4dXmAjXKyYuGz0SVjmck4wOxO0ZrzdOnC5KVIWLVC+ypcnKWpzSp3bFAB+SwMs+ +HQ9pY0z5QP5A1xf6rrJf4vSLAbEvvH6KtAUalyGKhGaU7F/6TSg= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem new file mode 100644 index 0000000000..3c896b358d --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem @@ -0,0 +1,172 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Policy Mapping EE Certificate Test10 +issuer=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2 +-----BEGIN CERTIFICATE----- +MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0Eg +UGFueVBvbGljeSBNYXBwaW5nIDF0bzIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5 +MTQ1NzIwWjBgMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0 +ZXMxNTAzBgNVBAMTLEludmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNh +dGUgVGVzdDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChB9eTYlpZl1JR +8TrbGxGjxB92HiDmmZ2KLK8LOAzDhLn6pDzsOGwkyo7M6CDyAoWz/eaCmRD1i6qy +QKVu2sn162p7KlvlNyd1JYAVIAPjkGR/a8VfCm9q3N/lRKwsSj/GZIek/8iSW/KC +FdaqSGbsEbHK6Fn8vcQ4Lh4eUroNKwIDAQABo2swaTAfBgNVHSMEGDAWgBSR1+G1 +pJYIkfGicS9m2Sd7SoKTmjAdBgNVHQ4EFgQUqFpT/L04k96R6J+5dQbd8YN6qoMw +DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG +9w0BAQUFAAOBgQADIM+40SMZ1r8wWXESNPXd8FCdvGJyWdeFjUA0Ads0pN+XIsnC +4sPLYgWB1xdrSQyNdrwkLoyy2UGPHgSTwlhlX7NxZHyfxaMZRN1FKRPHs6alDc/M +603qZ04FrwJd54rHiHLAI5/fgJzZRu5bOUBiDFxW7skEOp/4AiVZG4+8Wg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICtTCCAh6gAwIBAgIBFjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFu +eVBvbGljeSBNYXBwaW5nIDF0bzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ANGY6UqVJ9oB3KneANaPiYS3vFaEAo7CVhPn358boVTv2/wQv8iwT9MvDcASa4Fi +5kaob+B5k7T8qjNOtxaZJb69UDUDsAYww6r/NK5pkS1KNf7CJZW6/RQC06GsivKO +kQoudXfGEjAMhmHNuEXS4biTlRuVUXJqLPq2yLwAJPZ1AgMBAAGjga0wgaowHwYD +VR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYEFJHX4bWklgiR +8aJxL2bZJ3tKgpOaMA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUdIAAw +JgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA8GA1UdEwEB +/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQBNuXYJvgOn +wez9J/K4ZZhWpMPo/7Qso2S6BAoJh7QdTymJKxD6nDnPwetIpbQkbEtq+V30ZA+o +6v+0cntT/I7cm9JKOXMOKn35BODzS8u5UJTDwWc/l5SA0scCSRfTT9LJambCyz+m +C0/k+v5zw5VpFozVY4FoV4/KnwIhJPuDwg== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:91:D7:E1:B5:A4:96:08:91:F1:A2:71:2F:66:D9:27:7B:4A:82:93:9A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 97:e7:b7:e3:46:cf:59:49:72:d2:0e:de:0e:f6:c3:1a:ca:34: + 59:50:f1:2d:fb:11:31:f7:bb:b2:f7:dd:0e:fb:bd:6b:7a:7f: + e7:dd:02:be:6c:7b:36:1c:49:50:38:d9:85:67:97:a5:0f:84: + 49:de:8a:d5:0b:d0:36:fc:6c:4a:82:cb:83:73:ed:1e:af:31: + dc:0f:6f:eb:69:18:67:b7:fb:1e:a8:1d:a5:36:84:dd:05:72: + 52:f1:51:e1:93:6a:ff:2f:92:6b:7a:c1:67:90:0b:7f:66:0e: + f1:83:22:d9:52:5e:f7:58:5d:5c:7a:1b:69:84:91:da:b1:18: + 11:c2 +-----BEGIN X509 CRL----- +MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFueVBv +bGljeSBNYXBwaW5nIDF0bzIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg +LzAtMB8GA1UdIwQYMBaAFJHX4bWklgiR8aJxL2bZJ3tKgpOaMAoGA1UdFAQDAgEB +MA0GCSqGSIb3DQEBBQUAA4GBAJfnt+NGz1lJctIO3g72wxrKNFlQ8S37ETH3u7L3 +3Q77vWt6f+fdAr5sezYcSVA42YVnl6UPhEneitUL0Db8bEqCy4Nz7R6vMdwPb+tp +GGe3+x6oHaU2hN0FclLxUeGTav8vkmt6wWeQC39mDvGDItlSXvdYXVx6G2mEkdqx +GBHC +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem new file mode 100644 index 0000000000..43fc124d7d --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem @@ -0,0 +1,109 @@ +subject=/C=US/O=Test Certificates/CN=Invalid Policy Mapping EE Certificate Test2 +issuer=/C=US/O=Test Certificates/CN=Mapping 1to2 CA +-----BEGIN CERTIFICATE----- +MIICgzCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRv +MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrSW52YWxp +ZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAoadvCebWnauqUaHFp40w4mCV71scsCOfYsKd2A1Z +qG7a+bY47N5PYZ3U5Ma08y9eYo1tp/KdyjpqVjRyjuThypOpD9w0G+SKNSSO9qWC +MDvLPUi28tTApRjWztYYwN/g5vFkSu17fxV+2UFjktKI5L7kajObs+ukIn+CZjp2 +ZJsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUNzuKobqNp3SbwOvWOcshDI2jVn0wHQYD +VR0OBBYEFP3Ru6m0Dy03xmdc1XvYMeSY1zK/MA4GA1UdDwEB/wQEAwIE8DAXBgNV +HSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAGhBCvmaevxrJ +N0Kz2kBu8iSaQ909Y6uo5N0DyRRCZQGADpcApXIr7/C/Uu4qBIyC3WTBsx2cxZFV +5FThscR7x6s7loGSYxVh2GrCKj3t643zzznkIP7iMZxSGBdVJpEsjScMJ/7tXnkp +IaawhSXoSuDs35Gvi32ldHbXmUh9NvY= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Mapping 1to2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICrTCCAhagAwIBAgIBMDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPTWFwcGluZyAx +dG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXwTHRx8gVHWtSe1VX +oLPFQmGX4Y0U4v535jowfMd9254hmwW4VbZzK7rrXGOAimFxGHKwa7mkPEo80MIW +8YQC5HZs3jaXLh/xsmV1qlzwceCXooef+wu8W0pgoJ63MmY+ZJWiNK2ygRV/EVFF +x2ii8ZGDW+SKEX2WIYI7JhmcTQIDAQABo4GzMIGwMB8GA1UdIwQYMBaAFPts1C2B +nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ3O4qhuo2ndJvA69Y5yyEMjaNWfTAO +BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB +/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/ +MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAphAVDZECciXjDiCta9HU +ZubezLaRjcl0IaUmTlvuhUqkfGG2x1KhB6QTq7JGCmBrlxL93qhU+8sGW1k26/3p +c3hc60bKZ5oBG96iN05oLWWF3udbqBESMO7gn1zX14s97qLtuqQAyuERy2L2uOkk +n/emInqTFTixe284WjHR3XY= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Mapping 1to2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:37:3B:8A:A1:BA:8D:A7:74:9B:C0:EB:D6:39:CB:21:0C:8D:A3:56:7D + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 29:63:8c:57:a4:35:bb:2c:2e:a0:1e:7e:c1:e2:0e:39:2c:83: + d6:5f:29:3a:03:70:63:aa:1f:42:e8:fd:3f:64:f6:8b:ad:86: + 27:c3:a6:5d:48:9d:ef:6d:bc:be:7a:24:a9:6d:b0:4e:4d:58: + 4f:52:c8:bf:dc:70:7c:ea:8d:5e:54:12:db:5d:62:c5:63:06: + 2e:00:b4:d2:fa:51:6c:da:3f:41:04:36:14:ce:63:b5:46:e6: + 7d:10:01:db:50:07:69:82:6a:34:45:0b:38:5e:f2:d5:8b:77: + e4:ea:6a:7f:9a:18:fa:74:ed:b4:5a:ba:68:f2:68:c4:d2:55: + 17:9e +-----BEGIN X509 CRL----- +MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRvMiBDQRcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUNzuK +obqNp3SbwOvWOcshDI2jVn0wCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA +KWOMV6Q1uywuoB5+weIOOSyD1l8pOgNwY6ofQuj9P2T2i62GJ8OmXUid7228vnok +qW2wTk1YT1LIv9xwfOqNXlQS211ixWMGLgC00vpRbNo/QQQ2FM5jtUbmfRAB21AH +aYJqNEULOF7y1Yt35Opqf5oY+nTttFq6aPJoxNJVF54= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem new file mode 100644 index 0000000000..5c77a406bd --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem @@ -0,0 +1,214 @@ +subject=/C=US/O=Test Certificates/CN=Invalid Policy Mapping EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA +-----BEGIN CERTIFICATE----- +MIICjTCCAfagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5n +IDF0bzMgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBf +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNV +BAMTK0ludmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDQw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJprKoJhJkwv9iBN1IYtMV3uRD5s +uHrGKo8QKVwNvqYLHai3buTlKV5MkXVGAX4jOoo4gsNST1yqaYHmB/PN8gpC5Zei +k0+5yWdAraOAj6IeMEJzs6Vu9ajsCKNQ/hbc6SBJ7wYIxviyUzvUVS9L7tGbO9ww ++pDzJ+GDcBzAhMJNAgMBAAGjazBpMB8GA1UdIwQYMBaAFPYssbcpta6Vf7D4OUFT +LS4PBOPHMB0GA1UdDgQWBBSEY/EgMg6/W2kqOBHmu0ZzH+8FdjAOBgNVHQ8BAf8E +BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATADMA0GCSqGSIb3DQEBBQUAA4GB +AI26nbSlHGf56TsealBKtrzfLJm4+UtAODZ+a5qU/JtzajvXGdh66TgEK+NFB83w +h3OtGs/OQ39fhXosCcXXmXk8mNBj6MokhRptFdnJz+edT9yqz96ufAHZSKpG1Di2 +d9bllknCKDikzWUOGTOiCuHc2n7ymexbgnYnUAdvLw2s +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICvzCCAiigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTUDEyIE1hcHBp +bmcgMXRvMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmTEwLH6u6mb6 +kvz4ulbBVFC2Ea6WdEv2uH/vNi23mER2Nl+xAbeopiy3OLEiXavvD3uvVjX0bSOH +BGk2j/ern/Urw6djfKt5V4O3NMYi6Grvfm346kdutjJuBcNlhLOE8mLXUguspocr +AoAEjrQtuS4Bkb9A5wj3OYy4jr2JhtMCAwEAAaOBwTCBvjAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUreIKE61SbSWszamYogoEaK1y +rrIwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpg +hkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEw +AzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQAD +gYEAEelnHhW6SAs3Zj4a5YMVTKDe7vCThen9bA1Awt3yFincViRt5/s2ZyzTN5fr +Xi+2m42Gm+Anb3D7rpV9IJ/PahHq4yrKSrcAzhT3IcHbuHFNwiw8Z3T+31hhjJUx +3atYpYOZZPYwuT0inFHJWRfBNA8NGBtqYlxI1C+/ucdy7ik= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA +issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA +-----BEGIN CERTIFICATE----- +MIICwTCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5n +IDF0bzMgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBNMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMT +GVAxMiBNYXBwaW5nIDF0bzMgc3Vic3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBAJjo4/4TekqllLI7gPzmE2OceB30SRuraEVWVdR/lmFpFTks5fKkqf96 +WjYpnJZwaqE1ZdUQxgeNsswPm4pUAhVmU9IHvqBaM+bNXFsrwBOYYhfZY3xnwcxp +IZsvkLPuEq1vLwxpn+0zTDOpDGf9zhiTrswEUoGYBwOVqRDaToYdAgMBAAGjgbMw +gbAwHwYDVR0jBBgwFoAUXcS6eHk0JsNyV9FZ9KPiVKcocdEwHQYDVR0OBBYEFPYs +sbcpta6Vf7D4OUFTLS4PBOPHMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwG +CmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNVHSEBAf8EHDAaMBgGCmCGSAFl +AwIBMAQGCmCGSAFlAwIBMAgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF +AAOBgQCass0kmtqSdWX5lffBs/tSTSvnGK38REo2IwTFLHduO4cvzAyS7ProbF/J +al8FtT9mdnl+NpwrH4KlFNu+uti47wFj9xov/kbcmp21DvZ/m8ihmStk4FG2r6Ad +0gdmVfBYem0mOu/1r/F8deNFP/Dpd8w3KFnv3Dd9wZd/Eb5hrg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA +issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA +-----BEGIN CERTIFICATE----- +MIIC1TCCAj6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5n +IDF0bzMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYD +VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAx +MiBNYXBwaW5nIDF0bzMgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AMsNrOgngQPHY/5QvmR5y8mHOJJ2T8Vjf+3/DPv5eMF+q11urxfCat4faDdtchBa +QXOWQ2TEy6tqpR7u8UJ2wnI7phld51gAcT2I8V7swo/EM1Ga1i5bWa5G10vPmZw5 +l7QwqT/D6JkHdthcaJdQrBP9zesYPEp13RFQU9mP5451AgMBAAGjgc0wgcowHwYD +VR0jBBgwFoAUreIKE61SbSWszamYogoEaK1yrrIwHQYDVR0OBBYEFF3Eunh5NCbD +clfRWfSj4lSnKHHRMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFl +AwIBMAIwDAYKYIZIAWUDAgEwBTBABgNVHSEBAf8ENjA0MBgGCmCGSAFlAwIBMAIG +CmCGSAFlAwIBMAQwGAYKYIZIAWUDAgEwBQYKYIZIAWUDAgEwBzAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHwK+aOYJpXAoXSRQ1o82pqD++jA/uvr +2eJoXbcch64CAdRNuCA7rQoRAx1nSUgjoLmHcTDrowQzodrVXVmCmYqXxB5XswG6 +z5Oj09NorxHxpAs7E/izElYwEXl5n0NMInD6S2r1SWOnRpGnCL8PYM3gW+xne8rJ +CZMIMADOWvrc +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AD:E2:0A:13:AD:52:6D:25:AC:CD:A9:98:A2:0A:04:68:AD:72:AE:B2 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 94:34:62:ba:34:51:b4:ad:dd:01:40:fe:3d:eb:bc:6c:7c:89: + cb:f0:7e:e5:38:03:50:93:5b:68:ba:d1:ca:14:39:ec:a8:9c: + 37:24:c3:0f:01:eb:14:67:8c:07:fc:37:1f:bb:45:b9:4f:5f: + 56:ad:f3:85:03:23:a8:bd:93:1c:ca:01:e8:b5:1c:c8:60:18: + 13:95:bf:5a:11:11:b2:3c:3c:27:69:bf:97:08:c0:b7:4a:7a: + 39:5e:03:2c:67:5a:11:a0:4f:6f:8d:70:4e:e2:b5:31:73:2a: + bf:5b:15:af:5b:4e:14:e0:73:5b:f1:2d:cd:bc:75:44:42:d4: + da:3b +-----BEGIN X509 CRL----- +MIIBQDCBqgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5nIDF0bzMg +Q0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaA +FK3iChOtUm0lrM2pmKIKBGitcq6yMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA +A4GBAJQ0Yro0UbSt3QFA/j3rvGx8icvwfuU4A1CTW2i60coUOeyonDckww8B6xRn +jAf8Nx+7RblPX1at84UDI6i9kxzKAei1HMhgGBOVv1oREbI8PCdpv5cIwLdKejle +AyxnWhGgT2+NcE7itTFzKr9bFa9bThTgc1vxLc28dURC1No7 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:5D:C4:BA:78:79:34:26:C3:72:57:D1:59:F4:A3:E2:54:A7:28:71:D1 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 15:bb:13:8f:22:9e:5f:ae:7d:26:76:5b:6f:8d:8b:a4:37:1d: + fa:87:83:61:23:70:ca:f2:bd:ba:ae:72:04:3e:0a:21:70:4e: + 01:97:4c:e3:16:d0:ef:d9:31:50:6f:5b:ff:51:10:40:73:82: + 0f:f2:00:90:1a:bb:f8:93:68:b9:0c:15:9d:b2:c3:5b:56:73: + 52:d3:1c:0f:75:2f:51:5b:40:3f:8b:71:42:54:33:af:55:20: + c8:ff:bf:ff:68:43:78:93:55:01:fb:7e:4d:db:a8:57:36:34: + df:a2:90:75:bb:fa:23:f3:9f:de:e4:4d:92:30:65:8c:f2:64: + e0:01 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5nIDF0bzMg +c3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFF3Eunh5NCbDclfRWfSj4lSnKHHRMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBABW7E48inl+ufSZ2W2+Ni6Q3HfqHg2EjcMryvbqucgQ+CiFwTgGXTOMW +0O/ZMVBvW/9REEBzgg/yAJAau/iTaLkMFZ2yw1tWc1LTHA91L1FbQD+LcUJUM69V +IMj/v/9oQ3iTVQH7fk3bqFc2NN+ikHW7+iPzn97kTZIwZYzyZOAB +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:F6:2C:B1:B7:29:B5:AE:95:7F:B0:F8:39:41:53:2D:2E:0F:04:E3:C7 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 6f:b3:1a:29:36:35:76:c7:62:11:6e:e9:29:e6:83:8b:5e:bf: + 25:ea:4d:71:56:16:50:25:92:68:a8:a2:e9:4d:09:a3:74:36: + e2:9b:c1:52:dd:87:0a:64:98:58:da:6a:96:e6:c4:02:90:d8: + cd:4c:10:71:4c:98:1d:bb:d4:8d:7d:74:f9:34:3f:98:f7:8a: + 5e:eb:bf:7c:8f:90:2a:7b:c4:f3:29:cc:3c:62:a3:f8:08:c2: + 0a:ae:35:92:8d:ed:c0:30:a3:f2:a1:c7:7c:a1:68:1d:b0:48: + 4d:c1:4f:50:7f:1f:af:c6:f3:a1:d0:ad:8a:1a:78:05:84:6d: + d9:7e +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5nIDF0bzMg +c3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFPYssbcpta6Vf7D4OUFTLS4PBOPHMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAG+zGik2NXbHYhFu6Snmg4tevyXqTXFWFlAlkmiooulNCaN0NuKb +wVLdhwpkmFjaapbmxAKQ2M1MEHFMmB271I19dPk0P5j3il7rv3yPkCp7xPMpzDxi +o/gIwgquNZKN7cAwo/Khx3yhaB2wSE3BT1B/H6/G86HQrYoaeAWEbdl+ +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem new file mode 100644 index 0000000000..074716e415 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICqzCCAhSgAwIBAgIBQzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0 +cmFpbnRzIFJGQzgyMiBDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOYG +d2HszTJIsVTazKriCUJ/ExxUo4U4HEZN9+/XVXsQVkZYIzWtyCTC3IFmSAyb9ZED +Gu3jmF/evXpfNXmxiURUu6W0bLEpIkZiVpPpTKqoJx2EHj+wXOfe31AD0OmKidXP +66+LVgIJLWGMr3Msbzb4T3gpKb2ynQc2/XnE3RkbAgMBAAGjgaYwgaMwHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFON/hXqOojue7rgS +HXkTqsS9LlmtMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4EVLnRlc3RjZXJ0 +aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAJjXEGmrQ1/Muud+NZwajR9x +it/32SNVvHI+/O7bopout/RnhJudrmsdqGlcSk0KXfcXI22cJOkAYe1M39znxgba +VitYYLxfsS+3O2pLpMgQMFCZuOJATfAQUlui+dVtPTaIam7jimms5Qam2K2SuZ/t +eJ2J/rIDHCOrIGktQS8H +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid RFC822 nameConstraints EE Certificate Test22 +issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1 +-----BEGIN CERTIFICATE----- +MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh +aW50cyBSRkM4MjIgQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYD +VQQDEzRJbnZhbGlkIFJGQzgyMiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh +dGUgVGVzdDIyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ3Uy3P0KWoLsX +XvhOf4ODgEJBTbtvW+xeevCGrTVdm3mG+1Lobp74rIRSpQShRCN+ltNnmEOHPIeJ +YuV92pX3FQbBX9mz3ZgKznyb9qVBwysiyfX19PBeESDLn+O6Kcvl9XfUu3HdXMQP +KA+UPU6txM1pbhkvRK5OSG/TBaRI+QIDAQABo4GWMIGTMB8GA1UdIwQYMBaAFON/ +hXqOojue7rgSHXkTqsS9LlmtMB0GA1UdDgQWBBT4EdpzVCY8SgosOEgawdqBAjYT +5zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCgGA1Ud +EQQhMB+BHVRlc3QyMkVFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEB +BQUAA4GBAENRegfOIUdgTAhpzFZDtmSaJUrYqkW4ft0v2t+flv6Nf+uAjlYMXThj +7Q4LUtevMKeoFkGX5gnGL7HKo0/QwTPETD0qTCYcQo9uw3SCdVie4kp7X0/w/rHo +sNUMPAPe86k7l98/xN3/zO6P4o82pX4vp5xqgs5koOZKqExh8kzH +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:E3:7F:85:7A:8E:A2:3B:9E:EE:B8:12:1D:79:13:AA:C4:BD:2E:59:AD + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + b4:77:73:f7:12:e7:d7:20:9a:bd:e1:00:a8:b1:6a:7a:65:1e: + 8e:56:c9:ca:38:33:7e:d5:37:41:c1:e7:95:a4:81:ab:9b:40: + 31:1d:aa:6c:14:f9:19:e4:3f:85:6b:24:ff:d6:bf:cb:fd:27: + a9:65:35:5c:b7:6b:82:87:b7:e1:c2:4d:34:ca:42:5c:46:66: + 45:11:d2:c0:48:0f:08:8c:b0:a7:58:66:63:9d:ae:0a:68:0a: + 5b:5b:ee:fe:12:93:77:03:90:6e:a4:8d:32:2e:56:56:cf:1f: + 85:b8:95:52:f7:73:78:5e:d0:04:66:2c:8c:ca:78:36:da:43: + 10:07 +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS +RkM4MjIgQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBTjf4V6jqI7nu64Eh15E6rEvS5ZrTAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQC0d3P3EufXIJq94QCosWp6ZR6OVsnKODN+1TdBweeVpIGrm0Ax +HapsFPkZ5D+FayT/1r/L/SepZTVct2uCh7fhwk00ykJcRmZFEdLASA8IjLCnWGZj +na4KaApbW+7+EpN3A5BupI0yLlZWzx+FuJVS93N4XtAEZiyMyng22kMQBw== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem new file mode 100644 index 0000000000..10cf51c207 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem @@ -0,0 +1,111 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICqjCCAhOgAwIBAgIBRDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0 +cmFpbnRzIFJGQzgyMiBDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPZ +S8+5+/2AgG2N8tsByPeKGxCC5bOrNXho0b3fSjvK452P3luNUPIf46KvIBU6UYAP +4rGMqcUdmgFD+PdXq6TMW8bWNuYRICw6c6ni5uyre5bovptoJCsmBw/IqinDoqbO +Qyoq0YDltds+lSROlTUCA/7qOBHOdwpcjhVfYJSJAgMBAAGjgaUwgaIwHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFBQbKzZmdEuTqzFV +h6QxqzZjbzXJMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoEUdGVzdGNlcnRp +ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAsOYxl05xGFDRHUO8Myp9EM/X +ahfChzUabmgo1Tqpk+TLbxcZw+GfesxOp+jCd7jtTBJKhB0HeX1vaCVUpURbWEAt +fuE35slQQr/c9dgwCw/JwBNdkFFT2z/73nDEN96rUK3GYs2OO8OJVMqdKb4iBUxH +M/bZyCy4CB3+hthr4to= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid RFC822 nameConstraints EE Certificate Test24 +issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2 +-----BEGIN CERTIFICATE----- +MIICzjCCAjegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh +aW50cyBSRkM4MjIgQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYD +VQQDEzRJbnZhbGlkIFJGQzgyMiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh +dGUgVGVzdDI0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqPW6bvTBs4Led +75oTaGYT0mZgPeMvygJtDc882QlIF9vXBnhm4761p+ULe5iKwIWjfjyGva96UcKU +bFfkfWeMxS+dDwb9v7pBjxCUMp9tTVWIFZDPZJTi/RpNCwPVSN9pE7JxoXKPHZsN +20WcbrGJtUvvKFhei9eltGndiYkSrQIDAQABo4GhMIGeMB8GA1UdIwQYMBaAFBQb +KzZmdEuTqzFVh6QxqzZjbzXJMB0GA1UdDgQWBBTyvLyqMRiaUCgziZZt9Dl46omW +eDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDMGA1Ud +EQQsMCqBKFRlc3QyNEVFQG1haWxzZXJ2ZXIudGVzdGNlcnRpZmljYXRlcy5nb3Yw +DQYJKoZIhvcNAQEFBQADgYEArrFpI+Kiy9ZDD8Q9WoEG1XixP5/icUu/fk+PYsad +2fU9G82dE2gBtN0L/T5FqgYo7uMY8R/ZDptaB6l/exqrPIGsA7xvvOYBzO8sAPyS +GZul8SmHmKX117/0ZhZ6Ln9vCMK/IablztFZ+LcEDvpldAu8ro/lW2XXgd/KLdY5 +m8g= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:14:1B:2B:36:66:74:4B:93:AB:31:55:87:A4:31:AB:36:63:6F:35:C9 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 47:93:cd:d6:9b:31:b0:dd:6a:d8:c4:e2:5e:3a:73:cd:2b:69: + 5c:47:1a:75:56:6b:56:1c:a4:2f:c2:66:4c:6b:a4:9a:86:53: + fb:26:39:3e:61:d2:14:1b:85:1e:9c:f0:1e:ac:c8:c1:73:a5: + c3:29:1c:c6:12:21:08:4c:4a:5a:d6:1d:21:4e:eb:7d:16:14: + a4:a8:18:07:2e:e9:31:ef:39:ce:f8:6e:2b:d7:09:c1:ad:be: + 6a:c3:d8:46:24:95:12:ea:cf:2c:c6:84:50:bf:78:31:91:79: + 35:8c:02:47:d1:11:0d:aa:55:34:22:d6:d4:a2:ac:be:b8:07: + 60:3c +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS +RkM4MjIgQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBQUGys2ZnRLk6sxVYekMas2Y281yTAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQBHk83WmzGw3WrYxOJeOnPNK2lcRxp1VmtWHKQvwmZMa6SahlP7 +Jjk+YdIUG4UenPAerMjBc6XDKRzGEiEITEpa1h0hTut9FhSkqBgHLukx7znO+G4r +1wnBrb5qw9hGJJUS6s8sxoRQv3gxkXk1jAJH0RENqlU0ItbUoqy+uAdgPA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem new file mode 100644 index 0000000000..05b770b3f2 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICqjCCAhOgAwIBAgIBRTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0 +cmFpbnRzIFJGQzgyMiBDQTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMii +1odFMCSlNLo+1reNBLAhQ3rkRllmPUUfznMkHE+tVOXNCuGNSPuCJPQNO5495PH/ +vsBZUVltMrhOpo00ibzoFrcLwaxj5Gmb8rNV/aPwDiRX8frLslhpw+QEjxMZKP8O +bdOlItBR3dFauvxrwLz1DUUlG7aX/QoEtws/fE59AgMBAAGjgaUwgaIwHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOq3bporCYA2Z2m1 +jdo1pYY9KXgcMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoRgwFoEUdGVzdGNlcnRp +ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAcyB2R0h4mQZ671JhQ0r6cmPF +iaEHtdJL+REJT8yGWiERgT/2wh65vHtCierHK8+0aJ8Wy/nJzUAWcKeGESTPVTey +IxQg08VdFJIohXm1lvJ3hfzgHIcFPk2tXZvYSk3qYllYHt8tGCoyh4p3q4vpyTou +HcOOTD0ogzE9KbjD3Dk= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid RFC822 nameConstraints EE Certificate Test26 +issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3 +-----BEGIN CERTIFICATE----- +MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh +aW50cyBSRkM4MjIgQ0EzMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYD +VQQDEzRJbnZhbGlkIFJGQzgyMiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh +dGUgVGVzdDI2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7jNtdzJgwipTJ +BBs5x+7Zode/Av/i5gvFc0vC7CQSf8VCYp5gKT5H1lXopLZt6hYd0cr+IuDRVMCU +ipwl1nRUgnh+5XOWwN83Eu4AVd8B/aAWOngoac5Th0S+Dm4jCE0MNgOEySMKDZEQ +niPNQo8/t6RyIkKxWqVbIyazMwecSwIDAQABo4GWMIGTMB8GA1UdIwQYMBaAFOq3 +bporCYA2Z2m1jdo1pYY9KXgcMB0GA1UdDgQWBBSUvOjq7LDrQWg4ycgFgZma5kZn +KjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCgGA1Ud +EQQhMB+BHVRlc3QyNkVFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEB +BQUAA4GBAMNNCicEAT2nht/rinoSsxFccd2XKYncNITOUA/eKz2SqXcRPCimQjHn +CEfGgdPU+/Sw47+dBQ2aFNUmGyJazLIdnx18TczXpVmTIcgyUQGWOkG+RdAeSn15 +kIsvSAdiDQuzrptYG9TvTicyLKcl+FuOCLN+uBJ5FutlSWvMNIpa +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:EA:B7:6E:9A:2B:09:80:36:67:69:B5:8D:DA:35:A5:86:3D:29:78:1C + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8c:6d:0a:0a:c4:67:91:af:de:5d:89:9f:fc:df:e2:7a:7a:52: + 3e:4d:ec:50:b9:46:83:3a:7d:2d:9b:5d:84:8b:6d:ba:bf:4b: + 41:74:e3:3b:c1:90:73:a2:83:02:4f:e4:04:b8:b9:7a:70:7b: + 0c:bc:59:f7:db:83:93:00:87:98:53:43:a2:71:d5:2f:d0:fe: + 2f:c2:46:55:d5:64:54:01:90:72:4f:a2:37:dd:88:b8:3b:63: + 24:df:d3:ed:7e:6d:da:2f:57:9b:cc:d7:96:67:48:7e:a5:b0: + 6d:cb:c9:5e:e9:78:58:c6:be:f0:cc:b1:16:e3:4a:57:45:86: + 90:12 +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS +RkM4MjIgQ0EzFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBTqt26aKwmANmdptY3aNaWGPSl4HDAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQCMbQoKxGeRr95diZ/83+J6elI+TexQuUaDOn0tm12Ei226v0tB +dOM7wZBzooMCT+QEuLl6cHsMvFn324OTAIeYU0OicdUv0P4vwkZV1WRUAZByT6I3 +3Yi4O2Mk39Ptfm3aL1ebzNeWZ0h+pbBty8le6XhYxr7wzLEW40pXRYaQEg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem new file mode 100644 index 0000000000..1b70f7cd0f --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem @@ -0,0 +1,262 @@ +subject=/C=US/O=Test Certificates/CN=Invalid requireExplicitPolicy EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubsubCA +-----BEGIN CERTIFICATE----- +MIIChDCCAe2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBs +aWNpdFBvbGljeTQgc3Vic3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5 +MTQ1NzIwWjBmMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0 +ZXMxOzA5BgNVBAMTMkludmFsaWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5IEVFIENl +cnRpZmljYXRlIFRlc3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFGGwB +xudAxGlVkjikIYygmyMRqHU1E/QoVNlt9Ebezg0wLbnUUkCIPw2HMIMfbDIHeaJN +eOaIwT3f4QVMET9H4tp5gWQOKRBl8Lj3Qted/du3ZnX85zwGimmHpE5HPLUus1xJ +FEDvx8tiCGFe/MThjl7mwPANLHMWEQN0JqJhNwIDAQABo1IwUDAfBgNVHSMEGDAW +gBT3hCvdsfuVH7p6WmLgczEWsirIeTAdBgNVHQ4EFgQUT4ePIvuBwyFLywgAVQDh +kO/dvOwwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBAJkkSBpAtETJ +/dkW/B+frVBgw9yRjQ5r03xtGarbShYju5enZfbWEg2t8HkbDzyw3b0Upp8GcSyX +zrbFBiGyo2hxjN8U6j5w+MCd9NJtGEW1C2O8m3S2uP44Zi0rTALMCI1thhoiDezC ++To+oSu15R1fOkNPNHwlpaFpryy8ZJM2 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 CA +-----BEGIN CERTIFICATE----- +MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs +aWNpdFBvbGljeTQgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV +BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTQgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBAKa5BuVP6ndJvlLbsZTTbB4nvZWYbY2Ihc7C5sly521U1EBj +aLheGs9ObXh32aFJ3kZQuAj8VpBEakL9zChjwFkBU7dEWO9OQFf8NV+RD01i6c7g +NquatLdDUmTvS16/E23aZBNa9jDAQ4nQffOf/cx06GbvOBF80dnNnM8TXve5AgMB +AAGjfDB6MB8GA1UdIwQYMBaAFCV+kLQN0LLzwRNH8EF577JC5jX7MB0GA1UdDgQW +BBQjYThxLAlhvqK819WJ1thQPr3rxTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +gYEAzVx4zKfg2OZPg4KGdTVJSzYGD69T0AfuFdTI101IvDNbKuc2SEmpmul33Px4 +z5gMKCZsIpsVXzf4rm6kuxl89PofVdztUuHIivKy5gr4iBt07YDmUNZZfl86CPoF +7aARp2XRQ0rJCbF1RU0YVWZRyn//oFYyY49Bq1aDelri0WM= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkjCCAfugAwIBAgIBLDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4 +cGxpY2l0UG9saWN5NCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5LYa +vXx/4T4pOwg2eV0ZZmBRTcjTivfmUhGf4t3BjAXalsDsWFkwmVCVg0jnQW4iuT3s +a3lq9JO4ZUMcejACcPBO0AyXyrTo6DjXDy7Snf89AIpyDx/ct/WqvnO07ceHwTDO +CZY11pYLMerONqANweAyCKsio69S35piBx1QqmcCAwEAAaOBjjCBizAfBgNVHSME +GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUJX6QtA3QsvPBE0fw +QXnvskLmNfswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQQwDQYJKoZIhvcNAQEF +BQADgYEAPUNGMb0+cubTj0DAP3jW3mlPGZeGtc6jDLe/Fdrf30Au88GX5G2FJTql +/I7wFlUgHTGQyHF3Zad9Qfzf6+dO0j9RhlEqgCk5+FqFsboPQ9E8rtCrABUUuovD +RgkPDAKZsSLR7uQBUDgk0A3OqN1UpiMKKxFz1O1ya8u1DgGWxJU= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subCA +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs +aWNpdFBvbGljeTQgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm +BgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTQgc3Vic3ViQ0EwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBANF3obVmdl9+Tj44uOFKTDkrdPu/AlUyitHu0YQC +vsUY7GjYy3dKjm70g7hQfnCtA3XIwm3H1a36Wo41R0Dvj8QJ/8qPhQNejONRzBzB +jnXx2Lr+bfh3zxebwgUmDyzCkPXj8tjFerVTpxc8aAgfWcSLD6xK9h5OtKy17aME +zZ9zAgMBAAGjfDB6MB8GA1UdIwQYMBaAFCNhOHEsCWG+orzX1YnW2FA+vevFMB0G +A1UdDgQWBBS+bKwACUxTlLgb5MIRkSOlqwdjCDAOBgNVHQ8BAf8EBAMCAQYwFwYD +VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQEFBQADgYEAF1/+ajWFOu2Im9slgmi4YnPnqk5oWYqOrOh3yAR44wEchHfHD74/ +ed+jlGZewF+V4QotdYoG8dnld7lbYZzkdtTxcOUr4k/aUgml3yTeb5O8rBXNXytN +JqEKXEp/ggaG4rKzUyA8zwYm9fIjG1jL0KU/1L9JSMzmwJAmR6aIq0Q= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubsubCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubCA +-----BEGIN CERTIFICATE----- +MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs +aWNpdFBvbGljeTQgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1 +NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx +KzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBvbGljeTQgc3Vic3Vic3ViQ0EwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALjYqyTd452AWgD9QeSfn+Exc56nVJkK +dx0FEleM5YEqeEUl33GTd7FRwtkYdznsQzeFYOWbWluYE5Gl3DapcqpMlu2PQmo6 +dZMbzh1Bi2yahE1wWmY15NSjOz3TFAJBZRZk0PgxvohpdPP8LLCwA9zQUlTnpG7D +LBESzn390XCLAgMBAAGjfDB6MB8GA1UdIwQYMBaAFL5srAAJTFOUuBvkwhGRI6Wr +B2MIMB0GA1UdDgQWBBT3hCvdsfuVH7p6WmLgczEWsirIeTAOBgNVHQ8BAf8EBAMC +AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQEFBQADgYEAJzvxMRdZl5IWypM7YNiMcWqk7GpMuRvozUyoRQq8cA+z +fdskZk75lh97jsW2RFnP/fyA30/5NAfVuD2R8+TqJaF28jgHOnU/6qTcM5sxnRJ0 +h+icRKt6II8LNfWUQ1zv+pBxfuy/yOrYpw7/7ba2Zeson/cLpa0dhLFNCGEkfbs= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:25:7E:90:B4:0D:D0:B2:F3:C1:13:47:F0:41:79:EF:B2:42:E6:35:FB + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 98:e7:69:c4:4c:c3:6b:08:80:30:4c:81:3c:d8:b3:06:88:91: + e8:a3:c5:d3:c0:35:51:35:f0:16:8e:38:0f:b3:e6:26:20:d1: + 45:39:1a:a9:08:be:f0:5f:e1:00:8c:a6:91:54:ff:ec:32:bd: + e2:17:92:a3:41:f3:c0:fc:e0:84:86:54:18:ff:b5:89:9d:15: + e9:a9:92:a8:96:a7:4e:97:02:2e:d5:e5:e5:f7:70:5a:1e:5d: + d2:6f:40:34:f5:c6:63:65:5b:85:c9:b7:6a:4b:60:5a:76:35: + 12:01:1c:80:59:9a:d3:1a:a7:27:7d:f4:f8:00:ea:b7:f1:3a: + 62:e6 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv +bGljeTQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFCV+kLQN0LLzwRNH8EF577JC5jX7MAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAJjnacRMw2sIgDBMgTzYswaIkeijxdPANVE18BaOOA+z5iYg0UU5 +GqkIvvBf4QCMppFU/+wyveIXkqNB88D84ISGVBj/tYmdFempkqiWp06XAi7V5eX3 +cFoeXdJvQDT1xmNlW4XJt2pLYFp2NRIBHIBZmtMapyd99PgA6rfxOmLm +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:23:61:38:71:2C:09:61:BE:A2:BC:D7:D5:89:D6:D8:50:3E:BD:EB:C5 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a3:9c:67:02:44:57:a0:9d:d2:78:46:fb:e7:76:bb:66:cc:60: + 1c:2c:7a:7e:d6:ec:a4:c2:4d:2c:51:8a:97:1a:e2:c2:7a:0e: + e7:7b:4d:79:49:c2:6c:a2:b7:a5:e1:74:64:9a:03:f5:7a:5d: + cc:18:2e:25:dd:a2:fd:84:03:ae:d8:cf:1d:17:ea:fa:59:77: + 9e:22:3b:7e:97:f5:74:12:34:71:c1:10:6a:4b:03:6e:92:d0: + a9:6d:cd:ca:5f:69:7f:c8:b0:b5:97:78:5f:14:b1:34:d3:30: + 09:36:f3:03:2e:dd:01:52:33:61:2c:8d:cf:74:01:71:47:9e: + f4:66 +-----BEGIN X509 CRL----- +MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv +bGljeTQgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G +A1UdIwQYMBaAFCNhOHEsCWG+orzX1YnW2FA+vevFMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAKOcZwJEV6Cd0nhG++d2u2bMYBwsen7W7KTCTSxRipca4sJ6 +Dud7TXlJwmyit6XhdGSaA/V6XcwYLiXdov2EA67Yzx0X6vpZd54iO36X9XQSNHHB +EGpLA26S0KltzcpfaX/IsLWXeF8UsTTTMAk28wMu3QFSM2Esjc90AXFHnvRm +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:BE:6C:AC:00:09:4C:53:94:B8:1B:E4:C2:11:91:23:A5:AB:07:63:08 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 84:fa:09:1f:fe:84:d0:14:26:86:5c:37:6b:2c:31:aa:04:7a: + 22:84:ec:b0:df:99:15:99:f0:b7:e9:d6:fc:70:9a:8f:4f:50: + d5:24:28:0b:12:79:90:85:69:a3:56:ca:0e:16:79:5e:77:d3: + 7a:62:9f:14:58:8a:d5:7d:de:e2:6f:a4:0f:d1:2e:27:ec:25: + 82:a2:91:67:0b:44:39:cc:b2:e5:21:49:ac:25:2c:91:df:33: + 95:1d:08:6e:ab:8d:8b:fc:2a:59:7b:8d:5d:c2:68:90:c2:a7: + 06:00:26:e0:cd:40:6e:f3:37:1f:37:61:f6:6a:50:a1:dd:92: + 53:fe +-----BEGIN X509 CRL----- +MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv +bGljeTQgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt +MB8GA1UdIwQYMBaAFL5srAAJTFOUuBvkwhGRI6WrB2MIMAoGA1UdFAQDAgEBMA0G +CSqGSIb3DQEBBQUAA4GBAIT6CR/+hNAUJoZcN2ssMaoEeiKE7LDfmRWZ8Lfp1vxw +mo9PUNUkKAsSeZCFaaNWyg4WeV5303pinxRYitV93uJvpA/RLifsJYKikWcLRDnM +suUhSawlLJHfM5UdCG6rjYv8Kll7jV3CaJDCpwYAJuDNQG7zNx83YfZqUKHdklP+ +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:F7:84:2B:DD:B1:FB:95:1F:BA:7A:5A:62:E0:73:31:16:B2:2A:C8:79 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 05:e0:f0:e8:75:5d:d6:4f:dc:29:ea:db:22:b6:bb:72:13:f1: + ff:b5:e0:03:31:9c:64:d9:3b:2b:4d:78:f7:5e:ab:0b:e5:82: + 13:7e:61:18:95:79:42:bb:9d:56:78:dd:9a:01:92:5e:0b:e8: + fa:78:b3:b3:e2:4a:9e:d7:d1:30:60:03:7d:31:e4:04:13:61: + a0:de:ac:e9:0e:a0:97:16:aa:03:81:40:56:de:36:a8:e2:13: + 45:f6:08:72:c2:4e:d3:2d:55:25:9e:0c:dd:da:40:82:d8:75: + 01:44:75:35:92:92:fc:79:bb:d8:b1:54:83:7f:ff:13:da:df: + 11:ea +-----BEGIN X509 CRL----- +MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBv +bGljeTQgc3Vic3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg +LzAtMB8GA1UdIwQYMBaAFPeEK92x+5UfunpaYuBzMRayKsh5MAoGA1UdFAQDAgEB +MA0GCSqGSIb3DQEBBQUAA4GBAAXg8Oh1XdZP3Cnq2yK2u3IT8f+14AMxnGTZOytN +ePdeqwvlghN+YRiVeUK7nVZ43ZoBkl4L6Pp4s7PiSp7X0TBgA30x5AQTYaDerOkO +oJcWqgOBQFbeNqjiE0X2CHLCTtMtVSWeDN3aQILYdQFEdTWSkvx5u9ixVIN//xPa +3xHq +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem new file mode 100644 index 0000000000..8eccc6c3b0 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem @@ -0,0 +1,266 @@ +subject=/C=US/O=Test Certificates/CN=Invalid requireExplicitPolicy EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubsubCARE2RE4 +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMTAvBgNVBAMTKHJlcXVpcmVFeHBs +aWNpdFBvbGljeTcgc3Vic3Vic3ViQ0FSRTJSRTQwHhcNMDEwNDE5MTQ1NzIwWhcN +MTEwNDE5MTQ1NzIwWjBmMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0 +aWZpY2F0ZXMxOzA5BgNVBAMTMkludmFsaWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5 +IEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQCg0lngplHQSomxVxizv8r33zMQpbWDB+H13FvEhgFq5KE02tWBVkz7vXAr2hXP +Y7LVgaGSQIOZqHrbMR+Izv57cGr+79ResVXZ4ulw8qxCgVrA/1Bty6kmyvQiyQZ/ +1z8EARO+Mu2R/XgSx2uCasNmLtgo3Stuop+2coLPfwqW9QIDAQABo1IwUDAfBgNV +HSMEGDAWgBTnAqvOKOVo6WoEaT4ppTZjcAShmjAdBgNVHQ4EFgQUUj/qKg3WunpK +bbAcCDrHDB8Awg8wDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBAAZO +rTXTH1bBaJ1hKzh+NWBuI+gHfWUhVlxs3mgw4oCtqqhrbDCBQwA+D5sN/91EPODR +oEUqrZbyUgTQWas37LqDXhoxm9uvX0Z3521iA5pwllvHgtmrNpPxNE1ylbIT5lLa +927kjS03tbzpOlbvFj/OTmh4yyPaeL2oJyvDaC3X +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkjCCAfugAwIBAgIBLjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4 +cGxpY2l0UG9saWN5NyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoN8Q +UsSTUjVJGaxxoQdGouge30kgdc3+9+sup5NAWj8oyZQiGa/FlrayJlgnNXIO5xbA +Foe3dhwCEAfsrDIofXlPacb6W9dTxdlh3GwG4GJY9gvfuVfkEb4EaYVyU8J+tmPq +WDI/P7B03nMhQNNChUFIcuBKaAzDRwqIIGd5I7cCAwEAAaOBjjCBizAfBgNVHSME +GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnSIV59sBcIhO8mIv +cMu1wc0QTk0wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQcwDQYJKoZIhvcNAQEF +BQADgYEAL+ADYS2dJuo7zZ5LoNXv2wNfJcyaTU25ajW4jvi4dN4jwEPgqCfrQ1Vy +lf1YHDAzKYc6nIZnG031PEqEFTZmuXCcngo+CFmOpT3O8WOb/vHVolb6Cd5MhCZj +AWkQgkXQ7HW3nIEkPFqNC5ljPrmRkGtu1MjN5jAq70iztFF1hpw= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subCARE2 +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 CA +-----BEGIN CERTIFICATE----- +MIICpTCCAg6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs +aWNpdFBvbGljeTcgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBT +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNV +BAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTcgc3ViQ0FSRTIwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAN8u+z8KfD1wxuMq85cY2R9ISBwrx0kSTvHcxkgfd8Hh +/aOd/f5SUqPS0TsXeUJZ4491ildJLBmeyOsaMXfR1wUCjs1GzCTV2lwmHy1v8TEA +Y8Zk77Z0xk7JM+Qa6sYNBQDvcqMerys/5ky8Lvqentpzs/rW1L3SBQYg2PfJX3S9 +AgMBAAGjgY4wgYswHwYDVR0jBBgwFoAUnSIV59sBcIhO8mIvcMu1wc0QTk0wHQYD +VR0OBBYEFOtoCcblL8PzCgZRS7NYc5w5GD9LMA4GA1UdDwEB/wQEAwIBBjAXBgNV +HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8E +BTADgAECMA0GCSqGSIb3DQEBBQUAA4GBACFHfp/nuX3TO1xb40P5+iKE+BZPRduA +ftJoYKvefkbjxlmMHoUdIUcntVLAyhaJlW797m/y+C+FDfkqtbBUFDjycGuAmFgA +y59FSYCF8j4X1ghg+neMHyCzvkhN2IokMmzt3IITVLINy17XKITOwuMtJJSaR34A +e0IQMPlYYnGK +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubsubCARE2RE4 +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubCARE2RE4 +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJXJlcXVpcmVFeHBs +aWNpdFBvbGljeTcgc3Vic3ViQ0FSRTJSRTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw +NDE5MTQ1NzIwWjBcMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp +Y2F0ZXMxMTAvBgNVBAMTKHJlcXVpcmVFeHBsaWNpdFBvbGljeTcgc3Vic3Vic3Vi +Q0FSRTJSRTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALo8WG8R0uWydjHS +XfEB/PfNI/TnhECaPZoH2W5ht/eblnw1w1zAJGFgDQt3USnxkZvjIa/Eud0VJ3KP +1WFyD2IA40YtxHQsVTWF608T2eRLc1URZ23e/C7Op7EiXdo+YoJ7KwhiUyhNxxS6 +oIa1OQlAEOurYT7cU1BSxe4X+oY5AgMBAAGjfDB6MB8GA1UdIwQYMBaAFMsSDLuK +o5HnMkT9UFBgNQkdakUmMB0GA1UdDgQWBBTnAqvOKOVo6WoEaT4ppTZjcAShmjAO +BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAR64KcgRdPGS/TLDzWJlnI2aOww1U +eFC/9/IQbIeFS6Q6uwO58GzT7DdeGDwBiztdMcGMUx0z0HX9lTVEQu1zWMNnTWuz +7LJPjucrwXeA/s2vhMTA44l0hgMIJjjiLDOJWm3/gI2DWh0HPOGCo/cRdLeXKiyO +O9E/0IzZw84Ul+k= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubCARE2RE4 +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subCARE2 +-----BEGIN CERTIFICATE----- +MIICsTCCAhqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs +aWNpdFBvbGljeTcgc3ViQ0FSRTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1 +NzIwWjBZMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx +LjAsBgNVBAMTJXJlcXVpcmVFeHBsaWNpdFBvbGljeTcgc3Vic3ViQ0FSRTJSRTQw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALR5w4GO7XWupkCybIrksb86Qn9A +XltnfkZIGhDabLaMyFOrnfcfJnh1RKKwqJfi8/pF7xDxJL301Qud+jUZc78vFUYT +lMO6u7jmYYl6zLgoshCc4T95EMH8r/qoGx7U4S1o5B9maWm/Xrov12WP7mjPxeBb +BmWY4BAPOQBt6gS9AgMBAAGjgY4wgYswHwYDVR0jBBgwFoAU62gJxuUvw/MKBlFL +s1hznDkYP0swHQYDVR0OBBYEFMsSDLuKo5HnMkT9UFBgNQkdakUmMA4GA1UdDwEB +/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB +/zAPBgNVHSQBAf8EBTADgAEEMA0GCSqGSIb3DQEBBQUAA4GBACwLeGO55YLNW2d9 +1sZkNe3ulFUkXCfVtxfO7FoO7gvCv9xKjnGOef+hnMFeLj5L4UtOUeekpnipm/51 +pi2QP8O9Vvwt6YtZ57t+ednuOPORQsvh/SaPSo7GT5H6ILwf4E/JaFiAtuwgYJQX +D9YTw88ufWnBrPQ1yX8ReXseLZPN +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9D:22:15:E7:DB:01:70:88:4E:F2:62:2F:70:CB:B5:C1:CD:10:4E:4D + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 95:5b:d2:82:80:08:3a:f4:5f:8a:3a:63:b6:7e:46:e6:49:5f: + d1:ea:1e:82:24:cf:15:80:4b:37:bd:f2:e4:b7:28:10:54:eb: + 60:d8:3b:e5:be:a0:3e:38:70:aa:d0:7b:0e:98:99:55:9a:0c: + 30:2e:8d:86:ce:65:a1:16:5d:60:55:e9:b4:af:c1:a2:df:cb: + 63:c7:a3:45:82:85:87:4e:2c:7a:3b:52:e7:3f:37:0b:0b:8a: + 41:f2:a8:e8:d9:db:2a:a9:e5:e8:50:4a:bc:f5:51:b2:47:fd: + 8c:73:13:57:cf:97:35:dd:0f:08:a3:c7:cb:ac:2a:cb:53:0d: + df:45 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv +bGljeTcgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFJ0iFefbAXCITvJiL3DLtcHNEE5NMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAJVb0oKACDr0X4o6Y7Z+RuZJX9HqHoIkzxWASze98uS3KBBU62DY +O+W+oD44cKrQew6YmVWaDDAujYbOZaEWXWBV6bSvwaLfy2PHo0WChYdOLHo7Uuc/ +NwsLikHyqOjZ2yqp5ehQSrz1UbJH/YxzE1fPlzXdDwijx8usKstTDd9F +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 subCARE2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:EB:68:09:C6:E5:2F:C3:F3:0A:06:51:4B:B3:58:73:9C:39:18:3F:4B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 00:dc:24:0a:9b:ba:25:d9:fb:09:b0:e6:d8:9c:61:d1:09:f9: + f9:d8:09:86:fb:ea:e4:13:5a:c6:0e:0c:53:c6:e2:38:78:70: + 1e:6f:39:25:5c:b5:4f:b7:5c:07:7c:1a:7f:b4:8e:0b:7a:b3: + 6e:85:c9:88:9a:8d:07:d4:f2:8b:8d:e0:49:f0:86:7e:b7:2b: + a2:be:c4:8d:e5:36:03:b4:47:3b:c1:8d:eb:8d:34:3e:a1:97: + ce:97:10:84:e9:06:79:72:c1:a1:4c:7a:b3:78:99:97:01:1f: + 90:cd:a4:ed:30:2c:df:36:64:46:ff:c1:0a:9d:61:26:89:c7: + 40:b2 +-----BEGIN X509 CRL----- +MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv +bGljeTcgc3ViQ0FSRTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt +MB8GA1UdIwQYMBaAFOtoCcblL8PzCgZRS7NYc5w5GD9LMAoGA1UdFAQDAgEBMA0G +CSqGSIb3DQEBBQUAA4GBAADcJAqbuiXZ+wmw5ticYdEJ+fnYCYb76uQTWsYODFPG +4jh4cB5vOSVctU+3XAd8Gn+0jgt6s26FyYiajQfU8ouN4Enwhn63K6K+xI3lNgO0 +RzvBjeuNND6hl86XEITpBnlywaFMerN4mZcBH5DNpO0wLN82ZEb/wQqdYSaJx0Cy +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubCARE2RE4 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:CB:12:0C:BB:8A:A3:91:E7:32:44:FD:50:50:60:35:09:1D:6A:45:26 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a6:50:12:5a:4a:b8:b4:85:a7:62:1c:b0:bf:67:05:d6:37:9f: + 56:37:ff:51:90:9e:8e:f1:7a:27:03:e2:02:8d:2b:64:0f:fc: + db:28:76:69:63:2c:36:63:48:43:12:3f:06:7b:29:87:cf:2d: + 7a:05:9f:8b:03:3f:be:fd:e7:0f:fb:5c:19:fb:c1:35:b1:27: + 17:dd:00:b4:10:70:f0:92:79:33:0b:05:89:8b:07:c1:96:2e: + 72:03:00:ce:db:e7:a0:f6:05:69:15:e4:c7:7f:4a:ba:e7:ff: + 9a:f0:6f:98:f9:e9:aa:df:d4:c4:7b:14:d6:1e:8d:a7:83:48: + 33:a8 +-----BEGIN X509 CRL----- +MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJXJlcXVpcmVFeHBsaWNpdFBv +bGljeTcgc3Vic3ViQ0FSRTJSRTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFqgLzAtMB8GA1UdIwQYMBaAFMsSDLuKo5HnMkT9UFBgNQkdakUmMAoGA1UdFAQD +AgEBMA0GCSqGSIb3DQEBBQUAA4GBAKZQElpKuLSFp2IcsL9nBdY3n1Y3/1GQno7x +eicD4gKNK2QP/NsodmljLDZjSEMSPwZ7KYfPLXoFn4sDP7795w/7XBn7wTWxJxfd +ALQQcPCSeTMLBYmLB8GWLnIDAM7b56D2BWkV5Md/Srrn/5rwb5j56arf1MR7FNYe +jaeDSDOo +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubsubCARE2RE4 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:E7:02:AB:CE:28:E5:68:E9:6A:04:69:3E:29:A5:36:63:70:04:A1:9A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 01:2e:d1:19:d1:46:60:25:13:6f:1e:9c:04:5b:c9:4f:6e:e2: + fe:f6:3a:8c:eb:4d:50:cd:03:36:d9:aa:cf:ce:14:30:7e:8a: + 0c:24:6d:67:63:c8:87:69:a4:1b:cd:86:aa:d2:3b:40:38:c9: + f9:ff:19:47:8d:23:f1:3e:dc:f8:9f:d1:af:30:a5:47:59:cf: + 8a:c2:0e:8f:2a:8c:9c:d9:78:63:5d:8c:cf:18:1c:79:fa:13: + 0e:3e:f0:8e:0f:97:dc:67:28:af:5f:19:6d:01:87:e5:e0:26: + 8d:03:8b:91:f5:69:f6:09:30:f8:5e:d0:79:e2:86:51:36:32: + 1f:48 +-----BEGIN X509 CRL----- +MIIBVTCBvwIBATANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMTAvBgNVBAMTKHJlcXVpcmVFeHBsaWNpdFBv +bGljeTcgc3Vic3Vic3ViQ0FSRTJSRTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0 +NTcyMFqgLzAtMB8GA1UdIwQYMBaAFOcCq84o5WjpagRpPimlNmNwBKGaMAoGA1Ud +FAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAAEu0RnRRmAlE28enARbyU9u4v72Oozr +TVDNAzbZqs/OFDB+igwkbWdjyIdppBvNhqrSO0A4yfn/GUeNI/E+3Pif0a8wpUdZ +z4rCDo8qjJzZeGNdjM8YHHn6Ew4+8I4Pl9xnKK9fGW0Bh+XgJo0Di5H1afYJMPhe +0HnihlE2Mh9I +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem new file mode 100644 index 0000000000..da9273524d --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem @@ -0,0 +1,170 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Revoked subCA +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICbjCCAdegAwIBAgIBDjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBBMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDVJldm9rZWQgc3ViQ0Ew +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOOm11GxhTUrNTzIsGL2HeKkXDSY +fuue6iKn5fTFuhHFBY9sABHgqkRwS7lT9J5OL+Li0oTfq3En9SzqPZ1pTG7nI0tc +qo/XLks9e9E5GrdjiSPJSvcdETspZ4MKgNIeEQXyX/KqhvOlFuIkvQ6CkB26h0Ys +ds/2NM1G2HIcqoGdAgMBAAGjfDB6MB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1 +M9+aFZTHMB0GA1UdDgQWBBR49b1LlhuzLeZAUDLruLRHVAvySDAOBgNVHQ8BAf8E +BAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADgYEAUGhyEOC1558EMH9u+aVPXS5vZ39mJh2Y719gMZiT +OXDZsqIbxJ5npOYdL40yZD5vhio5mvpKFm0DtAmAQsp6SF5nTdj9Rn70rqQI0rdN +9m7nF1ZRRL6YBRkSymloliboDsspsoZUSitT7yMtxcIocV9V0QxcGFSFw1i6W3/H +OYw= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Revoked CA Certificate Test2 +issuer=/C=US/O=Test Certificates/CN=Revoked subCA +-----BEGIN CERTIFICATE----- +MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDVJldm9rZWQgc3Vi +Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBYMQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEludmFsaWQg +UmV2b2tlZCBDQSBDZXJ0aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA2aktQuUqYvrSvuQR0Y5vu/X29VQgITZB3a39NV5uIZXvWgUWyD1Q +SGYbtu0YzKSDMzLAeuSgs9c6u4r1wTxno9XgzSJvcaupysi94Eeqqt3OCaJmLg5Z +sV12741X6CqpUSZ6Tap8rsFqYspyzMExUZqJ0d1zszbDQ9uqfCan5ocCAwEAAaNr +MGkwHwYDVR0jBBgwFoAUePW9S5Ybsy3mQFAy67i0R1QL8kgwHQYDVR0OBBYEFD7V +xiNcO7bHOzxBFfhSNMhrEZnyMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA3uoPgaDGPEy7AddpjA6a7Dm4 +3Mm2CcAZuFUSURGmmoYfaTQldWpf6ySCHr9t7vOm+7Gv607TPdqF1Gw0BU6DpC7h +Et/uaN0/vE/XHxyYEi3Gfzx//aNgr9ZcDnhr6iGmVAAxjfSmVoq1SYvWo2cskAq1 +UO8Ub1+lilBTCeJDLTo= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Revoked subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:78:F5:BD:4B:96:1B:B3:2D:E6:40:50:32:EB:B8:B4:47:54:0B:F2:48 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 38:13:8b:21:ea:c4:2e:36:3b:d1:23:d0:aa:e8:87:13:62:4b: + 63:07:14:68:8d:92:b1:00:5a:22:3a:99:5e:72:a7:92:01:41: + b6:b0:85:f0:ff:48:ea:da:58:d2:77:26:c2:e1:56:52:69:45: + ca:38:98:f5:ab:9d:1b:4c:fe:9a:30:64:58:64:e3:68:f7:a5: + 3f:86:1c:ff:3a:82:bd:56:a7:a3:a2:5b:fb:f7:21:8d:14:98: + 0d:00:3b:81:bc:09:3d:94:90:8c:df:4f:6b:14:b5:10:68:3c: + 07:cf:e7:06:69:71:4c:0d:b1:7a:53:24:5c:49:8f:fa:05:05: + 18:9a +-----BEGIN X509 CRL----- +MIIBOjCBpAIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDVJldm9rZWQgc3ViQ0EXDTAx +MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHj1vUuW +G7Mt5kBQMuu4tEdUC/JIMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBADgT +iyHqxC42O9Ej0KrohxNiS2MHFGiNkrEAWiI6mV5yp5IBQbawhfD/SOraWNJ3JsLh +VlJpRco4mPWrnRtM/powZFhk42j3pT+GHP86gr1Wp6OiW/v3IY0UmA0AO4G8CT2U +kIzfT2sUtRBoPAfP5wZpcUwNsXpTJFxJj/oFBRia +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem new file mode 100644 index 0000000000..1463a6fd34 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem @@ -0,0 +1,119 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Revoked EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICdDCCAd2gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBYMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEludmFsaWQgUmV2b2tl +ZCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEArULgNTYVsg53ILvaQpaeciApmyq6N0bmhjEiwYKYPdZSQ6A5tHN2X0hNYGEf +Qg37W+OVgufTdQYW9KHRNQDisSLHoFpDaxdeSJbRshvd3iaY70ad01q0/L+mAhoq +ULHc6QVDrE3PiDd2M2Rt+JNpIMX07CPN/nq8EyiJQUYI5AsCAwEAAaNrMGkwHwYD +VR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYEFJyIJr6rimQM +qOzR65FZzrJ1clsAMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl +AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHLF0HF9GpuEFWTdc4BuejhAejEBiOTAb +YfTbYZYqwl0l+JU5CtXiOOdbOcY0XNpPI1XwN1HtIhTiFIxjaRLQ8uSd7yExaiJp +HR2lqTC8A1efBd0eFY2MuknW6tGu3XWv+2I/NKGGyIKfWAwpPZbt3EdRnjKGhfgU +VixHhlnpHlE= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem new file mode 100644 index 0000000000..eb302f72da --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBCTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMT +Fm5hbWVDb25zdHJhaW50cyBETjEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBANItJYQvAndzEuOPLnWhU3+T5fsnTmDZ6JJ02F66VAcrpMjpsFaFiojEgiY/ +nfnbJzFwi6A0VjvStsiM6fOFbVY0vALdhKMSl1OJvPspcf6YMW1MUg68akqffpG2 +1zIqiltFmmT4Lvq/yg9+q2A9W7yB68fS6173hf2h+fGzR8JDAgMBAAGjazBpMB8G +A1UdIwQYMBaAFE4uo+fZ3YungjtBSsOefFkjV05TMB0GA1UdDgQWBBShuvXAVFzy +kwUMm0EKULQY2GdPITAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB +ZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAElrFa8GafGokZssZp8xXcrnM2FIcSbd +JXCXQeSFsH7JvXS+3BT1v+0saEhJou7UQ55B7Z0t6COKHryuC0E0ySNyDAOMHGJy +nbbqmdyyKeXb8cEzFUWN+jTte+P4bCc7qJW+mBGNMLjWFZ0sD6R//NF/LiS8kDhU +CSYphECUPTcs +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+ +WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY +AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX +BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558 +WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0 +ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs +UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW +2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe +Ve3YFugTb2fMnETR7A== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72: + 71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc: + 19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80: + 74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a: + 29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2: + 39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a: + f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e: + e8:eb +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx +X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L +4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem new file mode 100644 index 0000000000..7462210961 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem @@ -0,0 +1,178 @@ +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +-----BEGIN CERTIFICATE----- +MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp +bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL +RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R +WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G +A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV +TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr +Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD +zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw +JEDyqFgkV/+0sLFjQvvcCdY9ucM= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp +bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X +Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB +Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j +BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq +d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K +Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56 +UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO +hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 +-----BEGIN CERTIFICATE----- +MIIChDCCAe2gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ +b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UE +AxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCd/67ojjbNifZYVq2WHl1rQRvHb6qWjPGD/UvROusJiCTgq+tLG56G +Yhb5//E5lAwUUzNZIfrwHml2Pn4iH3vJeRDzhdlPd0IIlP6Q2Dxy2/QrBf7k4luQ +F9TLihsAH9NuOh1bR/+hB4tV3/E2fvztlVmHOlxbAW/c0xE3jI+WiwIDAQABo3Yw +dDAfBgNVHSMEGDAWgBSryEEAJtDVTOYrVmfs74LEwt3yVTAdBgNVHQ4EFgQU7253 +ms8B2VtX6DNkqlHmWAPzWTgwDgYDVR0PAQH/BAQDAgH2MBEGA1UdIAQKMAgwBgYE +VR0gADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACgW+giBnGTr +WXyUZ38pVKHUK9uAxjpPOw5UZC2krfC4nqifiItuVLJgqbPmvETc+8fGD4hi07Lv +owJkVeBq0ZQGlYoxtz7z6/gEt46nf+lK5gU+al33eTzgga0845cxLE7kpKRYsyhX +eCRGC8Cmifmc+1AJ12kj61Ys7XE8P9q+ +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu +eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ +SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa +sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT +W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN +KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF +HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V +CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b: + 21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5: + 15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c: + fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a: + 43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c: + 88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de: + 9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6: + 38:b5 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw +zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI +/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23: + 92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59: + db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6: + c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af: + 18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b: + 88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a: + d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25: + 45:1c +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx +IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse +3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW +me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem new file mode 100644 index 0000000000..c4536e1bc9 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem @@ -0,0 +1,230 @@ +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +-----BEGIN CERTIFICATE----- +MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp +bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL +RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R +WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G +A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV +TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr +Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD +zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw +JEDyqFgkV/+0sLFjQvvcCdY9ucM= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp +bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X +Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB +Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j +BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq +d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K +Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56 +UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO +hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subsubCA2 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 +-----BEGIN CERTIFICATE----- +MIIChzCCAfCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ +b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8x +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UE +AxMbaW5oaWJpdEFueVBvbGljeTEgc3Vic3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQCSWo7+2d9aVEIC1GxMTDBcE+ozTf3DLetgbtqH0eb/EK+ZLwVz +cVTjWrdl1UTfNgUR9FkYIxWkXmme/JXqvYFtYTmNiz0Yj4KGpl25Mi4qoxtRFk2M +BKLOpp+oY4PsNGSc5CMRc3sfZHeKe8jZK3nA4G5nv0/KELI4m69QKI7u4wIDAQAB +o3YwdDAfBgNVHSMEGDAWgBSryEEAJtDVTOYrVmfs74LEwt3yVTAdBgNVHQ4EFgQU +Iskd1THdwnbnw9yS/MCFk6rmzc4wDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgw +BgYEVR0gADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADf72Lgp +rqTepmy2dScOvurWUGzi/mA303snWu2b/DOnZOn2MJmmN2OIau2+7H9N1CVJDq+9 +gF97Zy3sIukm2yyJ623TL2sO5JeKNIP87CGXEiuU8qe/7BaW8C4dkm9dE0hIq82/ +vPG+JF3KAey6HeGOdaLoj+DyiSWJsJmzb1OC +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu +eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ +SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa +sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT +W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN +KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF +HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V +CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitAnyPolicy EE Certificate Test8 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subsubCA2 +-----BEGIN CERTIFICATE----- +MIICnTCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQ +b2xpY3kxIHN1YnN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MG0xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAG +A1UEAxM5SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0QW55UG9saWN5IEVFIENl +cnRpZmljYXRlIFRlc3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQ/9Ia +17vdObtOssUs8md1zwyBeKcC3f6mFfybdaruKZpzVmuAkDJec9ZV+ye3BJUB/5Vd +FE+xni7v7HcxxRwnFHLMDEqoBYuAuMxi8tWDpWAT9bG9tlMH27i6in9PqUFDtMba +A2eI2p7J64Nm+mtNtbwY8obe+0CbvRPJDnBU+wIDAQABo2swaTAfBgNVHSMEGDAW +gBQiyR3VMd3CdufD3JL8wIWTqubNzjAdBgNVHQ4EFgQUON+KAQ3zmTRqwEhvTM0g +vMZUZF4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN +BgkqhkiG9w0BAQUFAAOBgQBxH+ujnhDuJ8w84wkOZvsaXK8TaJMO7AkbWriyl9Bm +rMj0tb0bKud0bFlnK+uuetnpFGNysBArTwGQMpQ8C9KsHDEDVoC5A7TAUXHJgtyG +geWX6fiC8ZBA/LDkDjqLchdfF2r/Enjo84+EbjA28xHQeJt+AMv2PrX41z7EWjjj +dA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b: + 21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5: + 15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c: + fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a: + 43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c: + 88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de: + 9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6: + 38:b5 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw +zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI +/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23: + 92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59: + db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6: + c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af: + 18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b: + 88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a: + d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25: + 45:1c +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx +IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse +3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW +me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subsubCA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:22:C9:1D:D5:31:DD:C2:76:E7:C3:DC:92:FC:C0:85:93:AA:E6:CD:CE + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 1d:88:c0:b5:68:f8:c5:35:0c:66:d2:54:82:7f:06:cd:fb:e4: + 14:7b:81:fd:e0:ff:7f:0c:33:e4:b4:07:82:8e:40:8e:46:36: + 5c:05:8c:72:bc:b9:83:50:2b:c9:d5:23:08:40:c9:a3:47:ca: + cf:41:15:86:1d:a8:fe:50:a9:ec:75:78:c9:d1:6f:94:00:86: + c3:05:3d:e4:39:af:b4:a0:9e:07:88:24:fe:66:f9:7b:f5:95: + 7c:dc:08:c5:ca:e4:4c:d3:82:bb:6c:de:07:8a:f2:18:71:ff: + 8b:d2:a0:95:2d:c4:e2:12:37:bf:12:cc:e9:bb:75:de:16:9f: + 86:32 +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQb2xpY3kx +IHN1YnN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAUIskd1THdwnbnw9yS/MCFk6rmzc4wCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAHYjAtWj4xTUMZtJUgn8GzfvkFHuB/eD/fwwz5LQHgo5AjkY2 +XAWMcry5g1ArydUjCEDJo0fKz0EVhh2o/lCp7HV4ydFvlACGwwU95DmvtKCeB4gk +/mb5e/WVfNwIxcrkTNOCu2zeB4ryGHH/i9KglS3E4hI3vxLM6bt13hafhjI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem new file mode 100644 index 0000000000..5d5bad56aa --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem @@ -0,0 +1,200 @@ +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG +A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE +99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y +emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID +AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E +FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu +YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD +OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv +bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA +643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY +Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk +m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud +IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK +oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC +ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG +9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb +IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99 +pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test10 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +-----BEGIN CERTIFICATE----- +MIICpTCCAg6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFH +MEUGA1UEAxM+SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFwcGlu +ZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBALSurY6um4v6Evz2ZZkBR0WlROEOIvWcYk9AFjbvZnEXlHBzmkfiz93q0Bi1 +a98FZyy05zNbGmfXdXDbAuNwWdWnYFJqFQF5yKUTSQOjNNy5afttfVbM3ibrmE52 +KsMfdN73UU2pHclkhpRJ9ex52s3nofBFCXZQVRZzoeOqe/tfAgMBAAGjazBpMB8G +A1UdIwQYMBaAFEGmJOdLRsqNTr1i/ZUfoEVERdaDMB0GA1UdDgQWBBThQ779KH6I +bjPzWxJ3ysMVnek3RjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB +ZQMCATADMA0GCSqGSIb3DQEBBQUAA4GBAHsSdG99XQKSMIQzQLp/vngNcqtmTCC5 +jBCt3KnnUwJ/Nrk2oEQpRwjetItPwFFYN/IR1MUnb0TtKwr+WqFeMI5MgyzkuiG8 +b8Wi8Nfa+GP+ZaWx9W0hIwlvixhloYr/wO5roHJLmZdiyrUJlEGb/7VLK5ZlmSDd +LhmwYoEZUDxg +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +-----BEGIN CERTIFICATE----- +MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG +A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/ +EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP +uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt +iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G +A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD +VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw +AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB +AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD +6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC +WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +-----BEGIN CERTIFICATE----- +MIICwDCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaMFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEn +MCUGA1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQC8nvl2y4d/yNUHP7aG5vOrKPi3d7UXdNZHRGzP +KFYbJk+OVhNwnX26uR8hCEDDfjBI28f/541hjsDbgy60IS+nCklaPQkS5uD2R6Lq +9WPZpnSNT+obNGFQqIuE0iQbBIXeXKy/E1lxCIQazKZHl7/QhjIso5/eRagUVF6m +ahAnsQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5jMwwV +MB0GA1UdDgQWBBRBpiTnS0bKjU69Yv2VH6BFREXWgzAOBgNVHQ8BAf8EBAMCAQYw +FwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD +AgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAKKfnJVgNVANlABGqhZPFB+MA6EeX9BLJIERR69poKaUCigLoIdovWQx9/sT +MYvGE/gIulPhyTI2P+UM8yJHPmsucrlDwVwgyTE9WCsfVRZOV/DVqGzvHtpUGetp +GZVUYWRIJtdAFXq1h04c6KSFenC2BqH6A19N8SkUyT9v8khC +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25: + 50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2: + 09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56: + 7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7: + 2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e: + 74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86: + f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db: + f7:a4 +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw +aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y +CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC +VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee: + 4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51: + 0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9: + c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64: + ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb: + cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22: + d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9: + 45:a0 +-----BEGIN X509 CRL----- +MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w +HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ +KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw +v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh +zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem new file mode 100644 index 0000000000..30cfbd8ac3 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem @@ -0,0 +1,200 @@ +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG +A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE +99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y +emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID +AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E +FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu +YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD +OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv +bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA +643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY +Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk +m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud +IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK +oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC +ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG +9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb +IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99 +pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test11 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +-----BEGIN CERTIFICATE----- +MIICpTCCAg6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFH +MEUGA1UEAxM+SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFwcGlu +ZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBALCdOCljPs8W35hbzEaZA4tSBiEAP7TpJfmh7c+CyK7UORyXxmyvM6U8V4Gs +PBqmswzgVMkMhosS/Bhk73RmCn38i5dNYizu/3yOGp9piOxNNtktH6bhKyeHq/wM +hHhgiZhACGBZZDdZFinn4ohF2SmbpxFuugZsJPnX4tj1KZJRAgMBAAGjazBpMB8G +A1UdIwQYMBaAFEGmJOdLRsqNTr1i/ZUfoEVERdaDMB0GA1UdDgQWBBTTdhSEDG2I +nAn6zC50pNDdzdZIezAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB +ZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBAK/N3uvvde9B7whxXVd4IA0MSe3DHGLK +n/OBEw3cIXCYST42xPqPV8mkuz82JMTlete1834sdk/ayNFUloeyXzQTAdDg1JoD +s6Cq3DzqfG1sVcu3wcsYbmpq7zxjXAERJQb2xSOYTvaJC0eb8FSfY6pXWx57qak/ +EPSox/J2fkc6 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +-----BEGIN CERTIFICATE----- +MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG +A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/ +EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP +uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt +iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G +A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD +VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw +AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB +AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD +6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC +WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +-----BEGIN CERTIFICATE----- +MIICwDCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaMFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEn +MCUGA1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQC8nvl2y4d/yNUHP7aG5vOrKPi3d7UXdNZHRGzP +KFYbJk+OVhNwnX26uR8hCEDDfjBI28f/541hjsDbgy60IS+nCklaPQkS5uD2R6Lq +9WPZpnSNT+obNGFQqIuE0iQbBIXeXKy/E1lxCIQazKZHl7/QhjIso5/eRagUVF6m +ahAnsQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5jMwwV +MB0GA1UdDgQWBBRBpiTnS0bKjU69Yv2VH6BFREXWgzAOBgNVHQ8BAf8EBAMCAQYw +FwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD +AgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAKKfnJVgNVANlABGqhZPFB+MA6EeX9BLJIERR69poKaUCigLoIdovWQx9/sT +MYvGE/gIulPhyTI2P+UM8yJHPmsucrlDwVwgyTE9WCsfVRZOV/DVqGzvHtpUGetp +GZVUYWRIJtdAFXq1h04c6KSFenC2BqH6A19N8SkUyT9v8khC +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25: + 50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2: + 09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56: + 7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7: + 2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e: + 74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86: + f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db: + f7:a4 +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw +aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y +CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC +VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee: + 4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51: + 0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9: + c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64: + ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb: + cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22: + d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9: + 45:a0 +-----BEGIN X509 CRL----- +MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w +HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ +KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw +v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh +zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem new file mode 100644 index 0000000000..c6ef8e0f7a --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem @@ -0,0 +1,233 @@ +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG +A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE +99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y +emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID +AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E +FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu +YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD +OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv +bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA +643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY +Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk +m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud +IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK +oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC +ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG +9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb +IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99 +pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test8 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx +NDU3MjBaMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl +czFGMEQGA1UEAxM9SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFw +cGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEA2ZkYyttS3QceAgvQBMI8apGZ8GOGdNJJrZmaGrXTlkDpRqFBGwv5vx0I +D958BpDYH1LIN7/T0VKWubFI7UIsU8brS5aic8C92RXCvZM2QdGkQKoiWLE66AeH ++Fy35j8Tkrk/hoO764l/U3eQB3MD2u4Hf5NuqRAGcngjWAJyIjsCAwEAAaNrMGkw +HwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwHQYDVR0OBBYEFDKnsv6Y +5OcDK1R9UWEjFuJ9ytbxMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAMwDQYJKoZIhvcNAQEFBQADgYEARAcPbJvFFgARsBpZO6o4SSHkn4if +ZfTlwL3z5foZWrjQ0JDVIBj6uz9n3sP0V/xTfR+ZYVH13WgaoIxBIRMhV8lzW7yu +d2Zz/d98BA0wwE8C9yxqVUuPje9zLRlmAEVQcYY4eWMlFZz2d8XHyckt/LcrCYrK +iNQtbHdgmlb3dDM= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +-----BEGIN CERTIFICATE----- +MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG +A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/ +EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP +uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt +iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G +A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD +VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw +AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB +AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD +6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC +WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +-----BEGIN CERTIFICATE----- +MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaMFUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEq +MCgGA1UEAxMhaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDzSzQEVqFvTtWkK35YRQKG14a/Ui8zOCix +lDhIv5FBbG4G15V4laMoRYB38uWxU4/v0K/7UsU7J2ZQZA0iJNgZdYZmM9mMF//t +37x13Zxd4GcHDbX0FoSgZUNXxSF/AUN86GXCCjrFMhHZAFgqLuYaust5NQdTk9Li +tSFfyfRl1QIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5j +MwwVMB0GA1UdDgQWBBR+l0OkAn3eZZE7Nxl9J70SpPPQozAOBgNVHQ8BAf8EBAMC +AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZI +AWUDAgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +BQUAA4GBALHfJ6kZFXxW875Sui9xpPd2/OXVv4ltULYqS4sYa6iAKR2nNl2dwe4x +g4crvrxXC8Dp29uqsmno4zOqNaSVjEYctbN3htkL/k/QG4Y9GgklkdqZosT2UXV7 +BI1xQXAiQVbBwcABjHTEAoW4flzUO7+GhapXp36TsEUOYA32+n5X +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25: + 50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2: + 09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56: + 7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7: + 2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e: + 74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86: + f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db: + f7:a4 +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw +aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y +CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC +VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee: + 4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51: + 0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9: + c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64: + ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb: + cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22: + d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9: + 45:a0 +-----BEGIN X509 CRL----- +MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w +HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ +KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw +v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh +zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:7E:97:43:A4:02:7D:DE:65:91:3B:37:19:7D:27:BD:12:A4:F3:D0:A3 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 04:cc:f2:b1:f4:89:f0:41:53:c8:66:c7:4d:6f:88:a1:63:45: + 28:ff:81:51:07:c0:ef:98:b9:b5:a7:9b:b3:77:d9:1d:ed:f1: + 6e:80:66:f4:0d:cf:35:ab:67:18:fd:e0:10:7c:0c:06:50:44: + fa:4e:bd:eb:1a:69:b4:e5:80:56:a2:21:b2:8c:0c:36:6d:13: + ac:b4:1a:00:86:bb:90:69:00:ff:66:c4:a2:16:bf:e3:70:5f: + 2a:dd:c1:78:cf:a8:cf:1c:d3:33:4b:b2:67:6d:16:96:23:3b: + 08:68:e3:00:c0:71:88:38:16:17:7e:fd:fb:f7:5a:79:77:f6: + 6c:f5 +-----BEGIN X509 CRL----- +MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMSBzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv +MC0wHwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwCgYDVR0UBAMCAQEw +DQYJKoZIhvcNAQEFBQADgYEABMzysfSJ8EFTyGbHTW+IoWNFKP+BUQfA75i5taeb +s3fZHe3xboBm9A3PNatnGP3gEHwMBlBE+k696xpptOWAVqIhsowMNm0TrLQaAIa7 +kGkA/2bEoha/43BfKt3BeM+ozxzTM0uyZ20WliM7CGjjAMBxiDgWF379+/daeXf2 +bPU= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem new file mode 100644 index 0000000000..ecd49f4f58 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem @@ -0,0 +1,233 @@ +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG +A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE +99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y +emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID +AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E +FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu +YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD +OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv +bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA +643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY +Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk +m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud +IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK +oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC +ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG +9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb +IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99 +pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test9 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx +NDU3MjBaMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl +czFGMEQGA1UEAxM9SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFw +cGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAylxeQoRBPgPQvR6PrLfrhYdQPa+pAircmIyNSp/en2b65foW6Dvx/sHc +Y9lLvbx48Dv+XPUR4a0xsGGvX0GBy4GOUv+6nqaFOdce8VYwmIFybQGDaxoqytYo +bhhZZD8g6dfyWuWMQ5LUt5vyIL2FbCnDevgD/ivnIwBKJFEn/B0CAwEAAaNrMGkw +HwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwHQYDVR0OBBYEFN+F7ghB +89TFNj8vas0p8wMYmcU1MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAIwDQYJKoZIhvcNAQEFBQADgYEAKODQTLmhlOsijlIfpBZNXzohZOzj +J27r0eok4ACPAFNwUCue2GMNerlrKqHiHChov8zvh4AoQDfcZBwRFcGnRMq8QyDn +EkxvE9P/4Ib7XERwVDPmVPgvQYvcqC7hz7B7oYO7rigckrroh2X2x/tynphxnIRS +6Mpc00/1Fs34Cv0= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +-----BEGIN CERTIFICATE----- +MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG +A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/ +EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP +uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt +iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G +A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD +VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw +AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB +AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD +6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC +WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +-----BEGIN CERTIFICATE----- +MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaMFUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEq +MCgGA1UEAxMhaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDzSzQEVqFvTtWkK35YRQKG14a/Ui8zOCix +lDhIv5FBbG4G15V4laMoRYB38uWxU4/v0K/7UsU7J2ZQZA0iJNgZdYZmM9mMF//t +37x13Zxd4GcHDbX0FoSgZUNXxSF/AUN86GXCCjrFMhHZAFgqLuYaust5NQdTk9Li +tSFfyfRl1QIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5j +MwwVMB0GA1UdDgQWBBR+l0OkAn3eZZE7Nxl9J70SpPPQozAOBgNVHQ8BAf8EBAMC +AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZI +AWUDAgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +BQUAA4GBALHfJ6kZFXxW875Sui9xpPd2/OXVv4ltULYqS4sYa6iAKR2nNl2dwe4x +g4crvrxXC8Dp29uqsmno4zOqNaSVjEYctbN3htkL/k/QG4Y9GgklkdqZosT2UXV7 +BI1xQXAiQVbBwcABjHTEAoW4flzUO7+GhapXp36TsEUOYA32+n5X +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25: + 50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2: + 09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56: + 7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7: + 2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e: + 74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86: + f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db: + f7:a4 +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw +aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y +CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC +VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee: + 4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51: + 0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9: + c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64: + ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb: + cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22: + d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9: + 45:a0 +-----BEGIN X509 CRL----- +MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w +HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ +KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw +v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh +zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:7E:97:43:A4:02:7D:DE:65:91:3B:37:19:7D:27:BD:12:A4:F3:D0:A3 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 04:cc:f2:b1:f4:89:f0:41:53:c8:66:c7:4d:6f:88:a1:63:45: + 28:ff:81:51:07:c0:ef:98:b9:b5:a7:9b:b3:77:d9:1d:ed:f1: + 6e:80:66:f4:0d:cf:35:ab:67:18:fd:e0:10:7c:0c:06:50:44: + fa:4e:bd:eb:1a:69:b4:e5:80:56:a2:21:b2:8c:0c:36:6d:13: + ac:b4:1a:00:86:bb:90:69:00:ff:66:c4:a2:16:bf:e3:70:5f: + 2a:dd:c1:78:cf:a8:cf:1c:d3:33:4b:b2:67:6d:16:96:23:3b: + 08:68:e3:00:c0:71:88:38:16:17:7e:fd:fb:f7:5a:79:77:f6: + 6c:f5 +-----BEGIN X509 CRL----- +MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMSBzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv +MC0wHwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwCgYDVR0UBAMCAQEw +DQYJKoZIhvcNAQEFBQADgYEABMzysfSJ8EFTyGbHTW+IoWNFKP+BUQfA75i5taeb +s3fZHe3xboBm9A3PNatnGP3gEHwMBlBE+k696xpptOWAVqIhsowMNm0TrLQaAIa7 +kGkA/2bEoha/43BfKt3BeM+ozxzTM0uyZ20WliM7CGjjAMBxiDgWF379+/daeXf2 +bPU= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem new file mode 100644 index 0000000000..cec2eaaf87 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem @@ -0,0 +1,179 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk +MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w +LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1 +RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah +b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt +BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr +NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE +6cbcSe7zaz5qdojy0B72dLHC +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +-----BEGIN CERTIFICATE----- +MIIChDCCAe2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMV +cGF0aExlbkNvbnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDDqMCqoLUxLw5wCcxhD3+5J80k2C5ESu+Co4n3V3Nu2SyzcfKET0wx5QvxYm5V +bzsntf6IudJpfXgzxHIwJ4i5v+Ycc8NYiqmCNhsW5sFRzhjQDyTWu0fEYm+tmyBv +FavwXAcp8ptUMElDMAv/bKSD+7MDC9uHZQOmVsY0ndcNUQIDAQABo3wwejAfBgNV +HSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUOK0lyEJa1w3p +SvQY5iylU6RQ9EwwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD +AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAA9NjcDXXcF4 +FXkwZWIDYtowLXCpbshsU80nGx0/7QVNApSTnUq9pe0t8qAClcYZuaXgB/uYINl5 +qozAW6KR4wFaNUv6mnm+0ppWeiTnIn5O37IycPbAKVZRhauf3p/cTkZ6RZ3MJ5Q+ +fMTJscvSXtMhU+Q3Pp5PGRXlXhs1zFNp +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA2 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +-----BEGIN CERTIFICATE----- +MIICiDCCAfGgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ +cGF0aExlbkNvbnN0cmFpbnQwIHN1YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAsFRY6folIcigIrpQ/iMlyqdk9EBMIL6NqCJEqkvun/36zcYeHsPv8t29 +hFHDBrhQT/Fi+9MNOXx0uiJT0cetYETo/HiiAqub27NG0Z82sxwsEiLASEWZ4ctu +8AIom0mQl11rsK/4z4OemcI4Mxh5j6fCiI1ouogv1Vx4us4ew/UCAwEAAaN8MHow +HwYDVR0jBBgwFoAUOK0lyEJa1w3pSvQY5iylU6RQ9EwwHQYDVR0OBBYEFAJSemtC +TrDjzYKlY89uAwAjlIk1MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCFLUIH +3Nuh+TAs+Kpg/tZTFK3cl2DGM1+W+wnsgn3pQhJnqIYCI/iAuPRs2bJGH1lQ0CTr +HAQU9y0kmWpsNCzI6k9ZyuLd2w7MdXezVhjpE3iwAQCnVG1vw0MTFGzyR7wMeWp0 +Ejrp6mVdwu8LV6lngeqmNv0QNjYSutrFAsDHUg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued pathLenConstraint EE Certificate Test16 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA2 +-----BEGIN CERTIFICATE----- +MIICnTCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z +dHJhaW50MCBzdWJDQTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBv +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBCBgNV +BAMTO0ludmFsaWQgU2VsZi1Jc3N1ZWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2Vy +dGlmaWNhdGUgVGVzdDE2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfnEYg +5tV8iksMhoNkR/PLNDStGXw9l6sTCiF+m+EF+/pDeN0Y/509SepxvXOZbQ8D7CkB +PfgmSL8hs0dxdE3Fvf/AjvTFyyjI1q5wkFXd/qWMewquuMMm2j+FWn0fmSoFnyM6 +EEYvKLhqj1QuWiJJN/250ngjuufsh51HnlR/6QIDAQABo2swaTAfBgNVHSMEGDAW +gBQCUnprQk6w482CpWPPbgMAI5SJNTAdBgNVHQ4EFgQURA7pZi8vxURs7KKf3U9B +ItsxSAMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN +BgkqhkiG9w0BAQUFAAOBgQAweIEFGj6V0Kr9Dz4wEyhUVK5bf5Frg+J8ap0YnoNT +EmoLFqQtKPB3MVfcUkXrZAY149XFJJLI0v5VCK2mBN535do/Grxve2MMW8BbmmU4 +FQOKJruMJARneqYEHxbZUEmBvEoIoi4C/2SLxO7hOnhpiK+6UsetU35F19FPfGVp +UQ== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba: + cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3: + d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f: + 53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec: + b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80: + 3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91: + 55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da: + cd:a2 +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6 +rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA +Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 subCA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:02:52:7A:6B:42:4E:B0:E3:CD:82:A5:63:CF:6E:03:00:23:94:89:35 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 23:10:0e:ae:60:60:7f:db:a0:d8:fe:8e:bb:0e:99:db:df:36: + 32:a0:54:7c:1c:ea:79:12:34:f1:a5:cb:75:f7:4b:d6:5d:6e: + df:56:9d:c1:d9:a2:a1:ab:7e:53:ac:ab:4f:fb:61:c6:86:bb: + 60:ec:f2:44:14:49:22:54:6e:5e:72:96:23:b0:bb:d7:8f:e8: + 4b:c1:5e:f1:16:d7:1b:2a:68:ef:ca:25:1c:63:15:21:7b:a3: + 80:c3:50:97:f6:41:81:b1:ec:5c:5b:77:b2:df:1c:cc:48:97: + 61:56:01:b2:9e:6e:8e:c0:89:05:82:7c:42:1f:61:34:e8:12: + c6:72 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50 +MCBzdWJDQTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFAJSemtCTrDjzYKlY89uAwAjlIk1MAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBACMQDq5gYH/boNj+jrsOmdvfNjKgVHwc6nkSNPGly3X3S9Zdbt9W +ncHZoqGrflOsq0/7YcaGu2Ds8kQUSSJUbl5yliOwu9eP6EvBXvEW1xsqaO/KJRxj +FSF7o4DDUJf2QYGx7Fxbd7LfHMxIl2FWAbKebo7AiQWCfEIfYTToEsZy +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem new file mode 100644 index 0000000000..317350f047 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem @@ -0,0 +1,178 @@ +subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs +aWNpdFBvbGljeTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjByMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRzBF +BgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5 +IEVFIENlcnRpZmljYXRlIFRlc3Q3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDXic0buOl4pV10DvAMBMgoZ3V0agmq+0F+nQLwUbtdeSIl99vQg0Mm1p7TLuBE +ABo1EoiXuHlZCog5DA4XokYy6FpTEonY7whLXSUYYCfOzPAvG9v83mIGwoIlGyAf +r80gVbCuYRpW2LcaqwmGiplI/k7AW4HgDPnPNoTI6wndIwIDAQABo1IwUDAfBgNV +HSMEGDAWgBTeKdbm40+XHQOoOqbqTeRGX4+CMDAdBgNVHQ4EFgQUq/kyDfFv0NrK +Hsyq7J+/np0Fn38wDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBADdS +qEYYNaD9ukw0/coVvMDpPV7exx7R58ORlWTm0f/OMOI/dQv35ePIHaJCgInLtKgZ +/e6UcxGi76E3j9oFzHjd3B9LIYeleJD5w0oASN+63KCbbtpVphjTo7KdsJUli+Cl +WZJMNDS1X6486Y2zjJcQZ6F8SWW3+ij1o/JqEyfq +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA +-----BEGIN CERTIFICATE----- +MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs +aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBN +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNV +BAMTGXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBALnxr9bA0oGlaihhiPR0d8F/y9ai99F6w8+DtAfGlFtJ4WU3GPih +ftUTRqZelcu+u6hZgekMwVhjUHyo6sFt5SfbCzJEmjWxI1anTrGAAcH6pG7zF2Z0 +iae8kVE7C8GOgwm+F1Y1RHkw8Wz/UbZ4QGIhzA++KPDi2du40LEGD4BZAgMBAAGj +fDB6MB8GA1UdIwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMB0GA1UdDgQWBBQT +5ozBKw9nS0x6HQ62wCFaJJlQhDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +B6X+ALEMO8yG/lXfGuoX4XPyaZrb1A8oWFk2ZNCx9QIzI6CQ0vRfO47TF20iK5wr +HN8y7yXpJGZcNTa5+697/kRziJ/zrNiL4b4BP6QRxYv+3Edq7FOb842JguqWw6nP +SfsshPhMilo3C4X3PESiI67m18AlqgJcYcmemF1R6Ng= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA +-----BEGIN CERTIFICATE----- +MIICjzCCAfigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs +aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV +BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTIgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBAJ2xj97xq5PBOjaij1jBcMKFCjaRE1wlUR+5Zz8QkwCtipee +6O1spOPGECu/sOzZ766YgD6B9GrGQsjXYGzHSxnOl8rcgpkeN99/57f2LYSLxKfc +/qvcMvgHk6SZiGtpkYOvlLl1r1qUMedtPK29920CI0sp5sxygDaL6PgMvtoVAgMB +AAGjfDB6MB8GA1UdIwQYMBaAFBPmjMErD2dLTHodDrbAIVokmVCEMB0GA1UdDgQW +BBTeKdbm40+XHQOoOqbqTeRGX4+CMDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +gYEAH0fkK5ieWFtKe6g/7cN3kI240vvPajxZTkTPnacLXOL4nCfA7kkHnhVVIgzP +liF4TQ60/yMlUBSBBgTV3/AaMaSO4eZlEdLkKchYp9OwrZ9dfyKdJW3wuEFyGKpZ +6END4vk7F87/ZyFQNkhMPLD890f4ArarDhqw5eHuFoarvxo= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkjCCAfugAwIBAgIBLzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4 +cGxpY2l0UG9saWN5MiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnrdC +9sroeA9MJlV1ukIu8XNT9cUF70XCDwxMm5vKZZc2+XVNwgxe4aGse4bPdZ9okZ7y +2ZMuLyDLEBZaA7GsBzG6snQRgHkmMFS6v+pC3ep9ieqtpnrP3b1f743Y1jFp9zvX +ZDoddeI/xvYF/73KgiYdTFPLa9ARaKiwpQPMXyECAwEAAaOBjjCBizAfBgNVHSME +GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUccI8Tjs1Yvclh5+9 +owEeOOAldMgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQIwDQYJKoZIhvcNAQEF +BQADgYEADGhYvyIjl02LK5PZdbH9TrAFF66SGgdk+7nl93vr3XB9UnpvJqUfyG55 +ljoX+kKaRd7Z2O+GLTMmH+tqjMQ6bW+7RawMpFVzfhE3EdAr9/K31K6Q6lft8NuP +wgqhDrrVqYMPa3YM7n+ebATJ0DJ26evfQu5HfIL7Cs/w+CpXi2E= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:71:C2:3C:4E:3B:35:62:F7:25:87:9F:BD:A3:01:1E:38:E0:25:74:C8 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 95:0a:96:af:24:83:ca:92:a2:7b:e7:d9:50:bb:49:ec:22:19: + 7b:a3:b9:3d:5f:b4:8c:5b:76:25:27:88:6a:26:24:c1:e1:cd: + 3e:b6:ef:b4:0f:ef:85:7c:0e:95:9b:13:fa:dd:c0:bf:7c:fe: + e1:d9:fc:2a:7a:2f:fd:48:0d:11:58:69:6d:5a:e8:37:26:30: + 67:83:83:90:4c:b1:9e:6b:1b:04:d0:8d:60:42:88:13:25:91: + ae:42:24:ea:61:ba:5d:34:6a:7c:22:6b:be:cf:2c:e0:67:36: + db:28:0e:5c:be:bd:7a:75:3d:ac:cf:3c:9a:44:8e:ca:30:7a: + e9:97 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv +bGljeTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAJUKlq8kg8qSonvn2VC7SewiGXujuT1ftIxbdiUniGomJMHhzT62 +77QP74V8DpWbE/rdwL98/uHZ/Cp6L/1IDRFYaW1a6DcmMGeDg5BMsZ5rGwTQjWBC +iBMlka5CJOphul00anwia77PLOBnNtsoDly+vXp1PazPPJpEjsoweumX +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:DE:29:D6:E6:E3:4F:97:1D:03:A8:3A:A6:EA:4D:E4:46:5F:8F:82:30 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 85:5f:f9:84:20:e3:84:f0:ea:6b:4e:78:c8:18:98:e9:17:56: + 9b:ed:99:2f:d5:94:89:60:a0:11:82:40:e0:7f:94:0b:36:76: + 9e:1b:88:e2:bb:e2:41:81:cd:f7:66:e4:85:e7:ad:63:d7:e0: + 07:7a:9b:4e:54:27:76:49:c4:8d:30:07:c6:ce:6a:e4:b7:d9: + f5:9d:94:02:e7:91:5a:17:bb:ef:23:8a:66:20:27:cc:34:f7: + 3f:e0:f0:57:43:1e:72:4f:2f:ac:75:48:a6:ab:74:19:95:a1: + a2:38:5b:3b:6d:67:4b:69:6b:01:ca:96:b0:76:83:2a:b5:1e: + c3:fe +-----BEGIN X509 CRL----- +MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv +bGljeTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G +A1UdIwQYMBaAFN4p1ubjT5cdA6g6pupN5EZfj4IwMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAIVf+YQg44Tw6mtOeMgYmOkXVpvtmS/VlIlgoBGCQOB/lAs2 +dp4biOK74kGBzfdm5IXnrWPX4Ad6m05UJ3ZJxI0wB8bOauS32fWdlALnkVoXu+8j +imYgJ8w09z/g8FdDHnJPL6x1SKardBmVoaI4WzttZ0tpawHKlrB2gyq1HsP+ +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem new file mode 100644 index 0000000000..d87c1081b1 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem @@ -0,0 +1,197 @@ +subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test8 +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs +aWNpdFBvbGljeTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjByMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRzBF +BgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5 +IEVFIENlcnRpZmljYXRlIFRlc3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDJsMQQW4ogbj2q9WRWxOqmrcy6BVtHesg3yJh2pcqzUxvNGZWtrZ3M/JI82WbD +Ns4kgihlmrZZH3sZhjzcdMw/+m05p+rvy7//zB6P1qCRraiYdNJHquzG/7HSnf6f +i6GdUBsK6YzhP7MtTwfpwVRIUepSCNPIXMVlbIqmh+7fdwIDAQABo1IwUDAfBgNV +HSMEGDAWgBTTC/BpEgViARafFwSWNmeHq7iGMDAdBgNVHQ4EFgQUjuHoODqDJSoy +729WEoyqq6oPRNYwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBAKvn +C5ifYeQnv76PvBmEmSAh1whhdRDKTrua+Zl86HgUZZY7/NJl3ny9FyJr0kE9DAN9 ++KRem7jju5ciq8gEwArflK87sdGcpAIq+jiPbGFnD698w7EANZIhIefy3d+lcB6k +LWpjLAY3+ontoTQAB+/iTBtv4mXMzEh/M7kC3CSC +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA +-----BEGIN CERTIFICATE----- +MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs +aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBN +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNV +BAMTGXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBALnxr9bA0oGlaihhiPR0d8F/y9ai99F6w8+DtAfGlFtJ4WU3GPih +ftUTRqZelcu+u6hZgekMwVhjUHyo6sFt5SfbCzJEmjWxI1anTrGAAcH6pG7zF2Z0 +iae8kVE7C8GOgwm+F1Y1RHkw8Wz/UbZ4QGIhzA++KPDi2du40LEGD4BZAgMBAAGj +fDB6MB8GA1UdIwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMB0GA1UdDgQWBBQT +5ozBKw9nS0x6HQ62wCFaJJlQhDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +B6X+ALEMO8yG/lXfGuoX4XPyaZrb1A8oWFk2ZNCx9QIzI6CQ0vRfO47TF20iK5wr +HN8y7yXpJGZcNTa5+697/kRziJ/zrNiL4b4BP6QRxYv+3Edq7FOb842JguqWw6nP +SfsshPhMilo3C4X3PESiI67m18AlqgJcYcmemF1R6Ng= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA +-----BEGIN CERTIFICATE----- +MIICjzCCAfigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs +aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV +BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTIgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBAJ2xj97xq5PBOjaij1jBcMKFCjaRE1wlUR+5Zz8QkwCtipee +6O1spOPGECu/sOzZ766YgD6B9GrGQsjXYGzHSxnOl8rcgpkeN99/57f2LYSLxKfc +/qvcMvgHk6SZiGtpkYOvlLl1r1qUMedtPK29920CI0sp5sxygDaL6PgMvtoVAgMB +AAGjfDB6MB8GA1UdIwQYMBaAFBPmjMErD2dLTHodDrbAIVokmVCEMB0GA1UdDgQW +BBTeKdbm40+XHQOoOqbqTeRGX4+CMDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +gYEAH0fkK5ieWFtKe6g/7cN3kI240vvPajxZTkTPnacLXOL4nCfA7kkHnhVVIgzP +liF4TQ60/yMlUBSBBgTV3/AaMaSO4eZlEdLkKchYp9OwrZ9dfyKdJW3wuEFyGKpZ +6END4vk7F87/ZyFQNkhMPLD890f4ArarDhqw5eHuFoarvxo= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA +-----BEGIN CERTIFICATE----- +MIICkjCCAfugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs +aWNpdFBvbGljeTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj +BgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTIgc3ViQ0EwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBANKdKlFcL/bTvKva2ieqdnoU22tpCEtz1o0HfL/Pz/O0 +4DV5ZVG6hKXh69ev5TjepWl25LTNShr/q+MzVRAEaZ2nxmlAcK9/bneomo1JEuyi +nE2YDexqxrA8mvilh7k7KF88FBLM6x62rRoW5Pa3rImUa7BruBnOVENN9FiT+Bzr +AgMBAAGjfDB6MB8GA1UdIwQYMBaAFN4p1ubjT5cdA6g6pupN5EZfj4IwMB0GA1Ud +DgQWBBTTC/BpEgViARafFwSWNmeHq7iGMDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g +BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF +BQADgYEAG301e612hE7Pdkp3cuJYqwZjTc3NpGnxXnr9uwU44o7qHInBBN0S9GDe +L++I1sIIiGLIeCflVfEsrGNpkRdHUM2fpfAR7iI0fOfQE7bnAxzFMRyVXXnBoTu/ +N6DupbEncPs47o/raseXsxSBteu7BkiORxBEOXxGtbCktIZ+tRk= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkjCCAfugAwIBAgIBLzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4 +cGxpY2l0UG9saWN5MiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnrdC +9sroeA9MJlV1ukIu8XNT9cUF70XCDwxMm5vKZZc2+XVNwgxe4aGse4bPdZ9okZ7y +2ZMuLyDLEBZaA7GsBzG6snQRgHkmMFS6v+pC3ep9ieqtpnrP3b1f743Y1jFp9zvX +ZDoddeI/xvYF/73KgiYdTFPLa9ARaKiwpQPMXyECAwEAAaOBjjCBizAfBgNVHSME +GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUccI8Tjs1Yvclh5+9 +owEeOOAldMgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQIwDQYJKoZIhvcNAQEF +BQADgYEADGhYvyIjl02LK5PZdbH9TrAFF66SGgdk+7nl93vr3XB9UnpvJqUfyG55 +ljoX+kKaRd7Z2O+GLTMmH+tqjMQ6bW+7RawMpFVzfhE3EdAr9/K31K6Q6lft8NuP +wgqhDrrVqYMPa3YM7n+ebATJ0DJ26evfQu5HfIL7Cs/w+CpXi2E= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:71:C2:3C:4E:3B:35:62:F7:25:87:9F:BD:A3:01:1E:38:E0:25:74:C8 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 95:0a:96:af:24:83:ca:92:a2:7b:e7:d9:50:bb:49:ec:22:19: + 7b:a3:b9:3d:5f:b4:8c:5b:76:25:27:88:6a:26:24:c1:e1:cd: + 3e:b6:ef:b4:0f:ef:85:7c:0e:95:9b:13:fa:dd:c0:bf:7c:fe: + e1:d9:fc:2a:7a:2f:fd:48:0d:11:58:69:6d:5a:e8:37:26:30: + 67:83:83:90:4c:b1:9e:6b:1b:04:d0:8d:60:42:88:13:25:91: + ae:42:24:ea:61:ba:5d:34:6a:7c:22:6b:be:cf:2c:e0:67:36: + db:28:0e:5c:be:bd:7a:75:3d:ac:cf:3c:9a:44:8e:ca:30:7a: + e9:97 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv +bGljeTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAJUKlq8kg8qSonvn2VC7SewiGXujuT1ftIxbdiUniGomJMHhzT62 +77QP74V8DpWbE/rdwL98/uHZ/Cp6L/1IDRFYaW1a6DcmMGeDg5BMsZ5rGwTQjWBC +iBMlka5CJOphul00anwia77PLOBnNtsoDly+vXp1PazPPJpEjsoweumX +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:DE:29:D6:E6:E3:4F:97:1D:03:A8:3A:A6:EA:4D:E4:46:5F:8F:82:30 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 85:5f:f9:84:20:e3:84:f0:ea:6b:4e:78:c8:18:98:e9:17:56: + 9b:ed:99:2f:d5:94:89:60:a0:11:82:40:e0:7f:94:0b:36:76: + 9e:1b:88:e2:bb:e2:41:81:cd:f7:66:e4:85:e7:ad:63:d7:e0: + 07:7a:9b:4e:54:27:76:49:c4:8d:30:07:c6:ce:6a:e4:b7:d9: + f5:9d:94:02:e7:91:5a:17:bb:ef:23:8a:66:20:27:cc:34:f7: + 3f:e0:f0:57:43:1e:72:4f:2f:ac:75:48:a6:ab:74:19:95:a1: + a2:38:5b:3b:6d:67:4b:69:6b:01:ca:96:b0:76:83:2a:b5:1e: + c3:fe +-----BEGIN X509 CRL----- +MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv +bGljeTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G +A1UdIwQYMBaAFN4p1ubjT5cdA6g6pupN5EZfj4IwMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAIVf+YQg44Tw6mtOeMgYmOkXVpvtmS/VlIlgoBGCQOB/lAs2 +dp4biOK74kGBzfdm5IXnrWPX4Ad6m05UJ3ZJxI0wB8bOauS32fWdlALnkVoXu+8j +imYgJ8w09z/g8FdDHnJPL6x1SKardBmVoaI4WzttZ0tpawHKlrB2gyq1HsP+ +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem new file mode 100644 index 0000000000..8850f5ee64 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem @@ -0,0 +1,134 @@ +subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICejCCAeOgAwIBAgIBZjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg +Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAzpVbQYnufknoy1tKbCSY840pKcfP2S+jFm6OFC9hzkLFn9uiYzCV +rCjczQI8lFfM/4p9rUApMIgp4IUAxCOEcgJuKPKmiuoTwPD9XxbmZ/uv+iaLXqF+ +QVcbDGouj0z6RMNz3KGtf0pbgg+/+/wIK4c0XOIM9wTSK0aJVqweAnECAwEAAaNr +MGkwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIr9 +Qil7WXhSSvdIHHG3xHGKplfbMA4GA1UdDwEB/wQEAwIBAjAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAo0h6slmGQJsCsth+yeyOMK3j +2CqJ9gEajx3fWs7x2JJ8LM4zfbFFYctGPKpXdGRBTO8Dj9lQJCr7i1IMMHTitTa/ +xpjn8E0SQgzvkB/0BnSt7DiwV0LXCdtBlLxOS2Fw9NdvbE7jsuBK2W4KDOPElhHJ +TKQ0T3TjKv8gwxTq8mw= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBZTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg +Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAtI4Yuumg8WznOojgeWHVZxG23imfdB9ntiQccDxAnvywEfQv6Vlq +HNVQ5vsVQfvfUZCad2Nbf42DHRtpmVhlxIhKBjoNu/m6xdvz/A6/kvDvrEg+7M7N +A2ZRVI0T3Z/mMaPuLHuCzKwU20TF6NonxgZXIbATrppAqRUfSY+UQCsCAwEAAaN8 +MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJtc +UbwiJzEiQJQJJf/Pg3mto4EZMA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBs +BZsxRaZk1qx3balE6qmVZd7jG6C9Gg/n+I5QfXR75ZIus+0Y6GAviBzywvJ8CDZ3 +kIOOrYolpnycedLS17Jnv4D/IDP6OwvmT6/0XvforKDQlmAk6ioJBRAwHRDYHBZg +lj8FXyMNUS313Un0l2FXJBhfJNBqb1ZqYwWcmJ2t+w== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test20 +issuer=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1 +-----BEGIN CERTIFICATE----- +MIICrTCCAhagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENl +cnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw +NDE5MTQ1NzIwWjBzMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp +Y2F0ZXMxSDBGBgNVBAMTP0ludmFsaWQgU2VwYXJhdGUgQ2VydGlmaWNhdGUgYW5k +IENSTCBLZXlzIEVFIENlcnRpZmljYXRlIFRlc3QyMDCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA19qbNR+soft39JVcTiKn2OTKmaGswAGUpi1lZGYOE4O7xiq9 +FIlSEq2xDeNXvcOEx0GFhZxKefbPzGp8mxtaGpfnV17G1SS/dCxeGZL4D8FUGlzg +Q0GmhbMZvgroxNvGQD6X/+kdpA34fc6mtgHcR94KE+O5sYTKO4MhqLczr7cCAwEA +AaNrMGkwHwYDVR0jBBgwFoAUm1xRvCInMSJAlAkl/8+Dea2jgRkwHQYDVR0OBBYE +FDep7bd0aDt8e8YpJLYhvRpdGYqPMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO +MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAAMSu/B2VpmHV3q3fxUJ3 +7MbeT000oqwthzAG8xJUMten8hTYui0iB5EdxQXBnai07+ZHPBKZVSu6kya/W/zU +PbSkjS5Agq5eVUDUjCnuVkjOwQsZGA4V86i3oLxyrYeUgmxUSl2/O2tbonLm2u7o +jkncAUpUj+Sk1N2wFIiBenI= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8A:FD:42:29:7B:59:78:52:4A:F7:48:1C:71:B7:C4:71:8A:A6:57:DB + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 05:7f:8e:79:fc:1e:57:0e:34:9e:bc:05:3c:28:df:90:bb:1f: + c7:f4:6a:a1:95:51:f1:d2:b4:1f:3a:64:41:35:b6:42:62:b7: + e7:14:1c:bf:0b:ed:6b:ca:f6:4c:c9:a7:48:ab:42:9e:04:9e: + 0a:b5:f1:86:99:0f:b1:7e:6e:dd:d6:a6:b3:b1:3f:fc:79:6a: + bf:f0:39:3f:03:ac:69:15:b5:2f:5a:17:12:64:8b:e9:46:9f: + 82:09:f2:09:91:90:b4:fd:56:a1:ab:04:79:a0:17:33:26:c6: + 49:6a:96:d9:42:8b:44:a5:ed:ad:69:82:63:78:8e:e7:96:1d: + 17:2d +-----BEGIN X509 CRL----- +MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENlcnRpZmlj +YXRlIGFuZCBDUkwgS2V5cyBDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFowIjAgAgECFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1Ud +IwQYMBaAFIr9Qil7WXhSSvdIHHG3xHGKplfbMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAAV/jnn8HlcONJ68BTwo35C7H8f0aqGVUfHStB86ZEE1tkJit+cU +HL8L7WvK9kzJp0irQp4Engq18YaZD7F+bt3WprOxP/x5ar/wOT8DrGkVtS9aFxJk +i+lGn4IJ8gmRkLT9VqGrBHmgFzMmxklqltlCi0Sl7a1pgmN4jueWHRct +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem new file mode 100644 index 0000000000..10fae293df --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem @@ -0,0 +1,129 @@ +subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICejCCAeOgAwIBAgIBaDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg +Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMjCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAkE8ewG6H/K9jn0Mr7uh5z08m2Q6L7j8F5TVV2RmRs5Pg7bhbYp84 +NplFussZhcF8atUil4VjtO7lRP7tJU1+whPYfXiGfJD4zPT/Xm6lmDdSFc8R2y0q +tzJgoGWHlJgV//Pqd+n+UOLGZ5zGu6RW032gStSaTqwSKJZb4teHKEECAwEAAaNr +MGkwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFFX8 +0tqrZMOyYTeQKZ7TKM9hKhqnMA4GA1UdDwEB/wQEAwIBAjAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAQED5V5G6uHHjObLE3i2wzZcA +u6p/+2z2HqalTsdJp8Nrbi6HIYSknqTJISfZtamnd7a5yoevYv6NCt2pE35uXibI +4RppXx1RfRHygFa/owUulclmTIfUnF2OqAvKJ2kIHyaEaS4xOZsH2czU9tHC63Nf +ps1BS8MMZbABdGW8398= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBZzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg +Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMjCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA3KYLjNA57lhgkT+vLnGuU5pyEDLnM+ziS9ieLUKICACgJVoWIffi +mlCwAibbpcCvUUXOXuJafNB0BrgRf40KooyTOQJUckIm4UsMNuth0c0rkM0uT8sO +dzfZ2OmD4or6Og4QQlHHFnSJJ/Z8sELlzOot8jb1LmpNW+j9DamSUq8CAwEAAaN8 +MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFLgZ +mHzJeDS0JL5/mP3lo87ejVq+MA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCt +w82gQMooCa5xgbsT0eM6FUdx767nks7Ty/HLHe0EJ6NwKxIV1JQ7QO1A9+B/i3oX +I4bStXzp7xb6I0F+9vkpjDf/rOLN384olQ5WMvck2yiud7606uYPGPKNY5pK2KbP +Au452W+m5r1g5hzg7Cp/VolIepWLazfVISLk/D3EuA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test21 +issuer=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2 +-----BEGIN CERTIFICATE----- +MIICrTCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENl +cnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw +NDE5MTQ1NzIwWjBzMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp +Y2F0ZXMxSDBGBgNVBAMTP0ludmFsaWQgU2VwYXJhdGUgQ2VydGlmaWNhdGUgYW5k +IENSTCBLZXlzIEVFIENlcnRpZmljYXRlIFRlc3QyMTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAz5LVC14LIVOAWSDaOhj3dMdR3uhZoXO8IIu2MptactPNTm0y +vKDMchcc9c33HActpSJH6vGOrl1DWTMfFv7g+lAfhxAyD7/Pe+MY82bUCee/2y3M +5hlk9MlVlFKCuZ3w3GST1bOxnwIunLQ3OuZw90o88OWQ56udtd1pDlFSs3sCAwEA +AaNrMGkwHwYDVR0jBBgwFoAUuBmYfMl4NLQkvn+Y/eWjzt6NWr4wHQYDVR0OBBYE +FIRTaV2lGD+eaFK3LoplVXGjlEG0MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO +MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAX8GUnKuy9YrVyKYhWiNY +XXNHf78GfFyK+477KeBSUdNQlX3swh3jQZAMgEY0hy/SrunP4TcO/G9Wba1y+O3T +dO7bBLaMNHNcbnfJZL7py11wtl0BryXFbQWeWQulRw/8AohgtrAzhz4C6KCNZBKl +x5j9BiH1ClsZAQMLLFjZYEk= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:55:FC:D2:DA:AB:64:C3:B2:61:37:90:29:9E:D3:28:CF:61:2A:1A:A7 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 73:25:e2:82:ca:46:5a:88:06:0d:a4:bb:97:86:32:d8:a0:c7: + 8e:04:6d:f3:43:05:d5:a5:e3:87:f6:6f:19:5a:56:49:87:15: + c1:f8:26:67:e2:ec:28:c3:e1:3f:ab:aa:ed:3f:40:9a:0d:e0: + 16:22:47:ba:3a:c2:b4:ff:ea:5d:80:82:df:68:0d:ad:b0:11: + bd:15:3c:1d:1c:56:87:81:2e:d4:e8:cf:53:ac:c0:41:fa:5d: + 22:53:3c:f5:6e:25:e4:8f:43:59:c8:17:22:4f:13:da:38:55: + dd:92:d3:b0:23:27:8e:c5:85:35:1e:28:e2:a7:6b:79:f9:25: + 43:ee +-----BEGIN X509 CRL----- +MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENlcnRpZmlj +YXRlIGFuZCBDUkwgS2V5cyBDQTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFqgLzAtMB8GA1UdIwQYMBaAFFX80tqrZMOyYTeQKZ7TKM9hKhqnMAoGA1UdFAQD +AgEBMA0GCSqGSIb3DQEBBQUAA4GBAHMl4oLKRlqIBg2ku5eGMtigx44EbfNDBdWl +44f2bxlaVkmHFcH4Jmfi7CjD4T+rqu0/QJoN4BYiR7o6wrT/6l2Agt9oDa2wEb0V +PB0cVoeBLtToz1OswEH6XSJTPPVuJeSPQ1nIFyJPE9o4Vd2S07AjJ47FhTUeKOKn +a3n5JUPu +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem new file mode 100644 index 0000000000..8cda2ecdb0 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICqDCCAhGgAwIBAgIBSDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0 +cmFpbnRzIFVSSTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKxL9gyE +2WbKCoEEU+RviucDsSOeDHQfoVxci7AD0RhpGDZkMaDQhM+DUHywwIo9zUpLVeGi +xQNu1+1bQ4SzVBT6k7vcf8ZxPOUI+8WQzMNO5H2/PGz3XGpfIw/RJrRH79ICwZlC +6QzvSbLJhOtJTQS9kFTECA4AeBzHEN3f0igTAgMBAAGjgaYwgaMwHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFKwdFrpLHgtf4rxhruHZ +ZFp5vkXWMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4YVLnRlc3RjZXJ0aWZp +Y2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAHbVqbpvjgN0GV8abRGms01xVNHT +PtqMarG3/zQImm9xDzqUqv81kX/8DOy9I/lo3Mvp83M9B74mEEiTTnxkYEpaSouE +fE3/VAW8dTJb35NeZcOCNWDQv3eA7bufOVO+4KjEHERlxBfEYlPEkJGSLD98SF62 +OYmmR3Cda8cKBk6p +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid URI nameConstraints EE Certificate Test35 +issuer=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA +-----BEGIN CERTIFICATE----- +MIICyDCCAjGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh +aW50cyBVUkkxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD +EzFJbnZhbGlkIFVSSSBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz +dDM1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq7pFXOed1oA+6DHAsdURi +YtGnBPvAO55F3hR42UcP8vCvKmdtq0HpJsn34xYHoFPjGctei8AiFVXnj1jrbb8w +LyDLTRVPFPFHmy3Q956KRU0DteJ8ptI4FRQRT7KeqKADvth4tP91aH2DyFy4MTr4 +wvUfV1mnYKgY7gpfBGlOPQIDAQABo4GhMIGeMB8GA1UdIwQYMBaAFKwdFrpLHgtf +4rxhruHZZFp5vkXWMB0GA1UdDgQWBBRJujI3sGa+0thW8SoF9JqAlJH04zAOBgNV +HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDMGA1UdEQQsMCqG +KGh0dHA6Ly90ZXN0Y2VydGlmaWNhdGVzLmdvdi9pbnZhbGlkLmh0bWwwDQYJKoZI +hvcNAQEFBQADgYEAMZko+lW6d/NUyq1yPydllz9hzKbH8duOaaM8azG14FqmvYnz +EylKSfh2WuqTwkvpusjhdtr/33S7AFU74OJ9dJy1IgqvLWhD/qCm4fbEq44Ejhr5 +sChHIwMIvecNIEOi6e2R7Ue9ivA2gtFEQCfse4ZVPf/f3MLErRsp1dtITxI= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AC:1D:16:BA:4B:1E:0B:5F:E2:BC:61:AE:E1:D9:64:5A:79:BE:45:D6 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 48:8d:62:fe:d7:4c:f3:06:9a:78:4d:e0:96:d6:4b:12:b3:93: + 23:96:6d:00:b6:6b:7f:35:25:e3:94:20:1b:fe:c8:cb:3d:5c: + 7b:e8:f3:cf:c3:db:96:d3:62:4e:b7:5b:93:05:11:c3:7f:41: + 94:e8:75:d2:8a:67:bf:f3:b0:81:25:22:99:a3:4c:02:9f:1c: + 87:1d:b1:20:a6:0f:b7:c8:f2:2b:e5:b2:4d:b4:e1:bc:c3:85: + b7:54:29:13:e8:7e:53:ed:d2:cc:a7:95:3f:71:32:5d:3a:09: + a1:fe:af:ba:45:14:41:1a:67:fb:8f:46:03:6a:fb:78:26:71: + 02:1b +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV +UkkxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBSsHRa6Sx4LX+K8Ya7h2WRaeb5F1jAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQBIjWL+10zzBpp4TeCW1ksSs5Mjlm0Atmt/NSXjlCAb/sjLPVx76PPP +w9uW02JOt1uTBRHDf0GU6HXSime/87CBJSKZo0wCnxyHHbEgpg+3yPIr5bJNtOG8 +w4W3VCkT6H5T7dLMp5U/cTJdOgmh/q+6RRRBGmf7j0YDavt4JnECGw== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem new file mode 100644 index 0000000000..8564b40553 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICqjCCAhOgAwIBAgIBSTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0 +cmFpbnRzIFVSSTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANCu/tVS +XB6TUXM4bU2lQ7EKvQrGMy49TSnHlIwEVZ9UNvbSA/ChnCxPIKWiVWlqdqr0evlL +xdLPxQe6xHuVjkvgFleY6RjA9LqD7YFFvf8AnDD6BV0kIr3itChNI2abON8Dh6IG ++o48bCPAt9bqxCepQbrSn4mYSlcKjyn66Ev7AgMBAAGjgagwgaUwHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIakVWPxjKAjp6e8y2yq +bdBaxg9aMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYYXaW52YWxpZGNlcnRp +ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAXeaQUlCHmmhg1rKHYxVfKaCq +S574GPbDh1QtQoNmVqFF+yGHse9s4hcYcv7VZB74kYKCFUShbBWl1VcmgPbJLDnc +MDjP1B35WdH4IGAxCBLHOiuv/1AWL9EfHUdhX2ZoFpJqNty9lFkahCZ6MARJwtS2 +fBh60OItInetzMDECnE= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid URI nameConstraints EE Certificate Test37 +issuer=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA +-----BEGIN CERTIFICATE----- +MIICyDCCAjGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh +aW50cyBVUkkyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD +EzFJbnZhbGlkIFVSSSBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz +dDM3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7RoVBb6HAXuZfLDEJZHtZ +ZqQoQWTPZt8PsM1IGx7uBWtoC8OpBufVE0QTJZV7uKwsbPCvIAHlsKsoTgxWMPpG +83/daynjox1RbmbI9Vlc+tK/SbwbkIVJ7bO65t52t1SDIfnPSxBa24BxP8wPqbCj +d1alYdvUt+5ERxY6pW+3tQIDAQABo4GhMIGeMB8GA1UdIwQYMBaAFIakVWPxjKAj +p6e8y2yqbdBaxg9aMB0GA1UdDgQWBBQJ/mqtsTQDfDnYag36Bwgfh5EMFDAOBgNV +HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDMGA1UdEQQsMCqG +KGZ0cDovL2ludmFsaWRjZXJ0aWZpY2F0ZXMuZ292OjIxL3Rlc3QzNy8wDQYJKoZI +hvcNAQEFBQADgYEAWfo3+4bDtxvUvo7zJGGkAMWVXpX27OK57XmNG8U6Ge4H9ruL +S3OImTHGFt4EbUhw7OIxtSSCdT9x3SAg+jLVLn5FZYM3tkPk83lLSgSS1kvoRJNN +zf69vibTDpsT9yzeMDt0vFKe/YN4RJwfBWm0ty7yrI6uUu3oxcwLsV7+Wbo= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:86:A4:55:63:F1:8C:A0:23:A7:A7:BC:CB:6C:AA:6D:D0:5A:C6:0F:5A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 73:1d:ee:ad:1d:21:24:88:c7:70:27:82:cf:68:1d:fa:61:18: + da:2c:a9:9e:05:0d:b4:7e:e3:ac:49:fc:82:76:d0:6c:80:1c: + b3:b0:36:4c:44:da:e9:0e:aa:9a:df:66:1e:0a:80:f4:f0:0c: + 84:02:2f:57:47:96:e1:f7:ae:e6:be:85:9e:53:e0:97:1e:9a: + 68:7e:f2:32:8c:d7:89:1e:63:dd:3f:47:06:30:44:e3:42:ee: + 30:c2:d6:ce:3a:46:4f:6c:8c:e2:43:c3:7e:5a:51:ce:5e:73: + 7a:ed:f7:5a:04:a8:0d:f2:f0:67:af:e1:0e:b8:eb:9f:cd:2b: + 24:62 +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV +UkkyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBSGpFVj8YygI6envMtsqm3QWsYPWjAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQBzHe6tHSEkiMdwJ4LPaB36YRjaLKmeBQ20fuOsSfyCdtBsgByzsDZM +RNrpDqqa32YeCoD08AyEAi9XR5bh967mvoWeU+CXHppofvIyjNeJHmPdP0cGMETj +Qu4wwtbOOkZPbIziQ8N+WlHOXnN67fdaBKgN8vBnr+EOuOufzSskYg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem new file mode 100644 index 0000000000..0834f93e74 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem @@ -0,0 +1,118 @@ +subject=/C=US/O=Test Certificates/CN=Unknown CRL Entry Extension CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIChDCCAe2gAwIBAgIBDDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFIxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUGA1UEAxMeVW5rbm93biBD +UkwgRW50cnkgRXh0ZW5zaW9uIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQC4N3fv71Sg97CctA2gdnDYdBCxvD0dw26KQaNDbFJBOuoUZ2YczhV1669VascT +67yTxIEcK9/IDZ3YH24KxfGvQ/QPio8W8AMrVyCcHJvX6LyAe8VOYc1STiqxmpxi +lp0TtHeYT9eIybRSaoqtDChQrkbPKB3unwxZbFwK7EJz+QIDAQABo3wwejAfBgNV +HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU9Vvr2srl76qI +n9lsv1vOk2kRTYAwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD +AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAAHH0P2ABpSL +gN0JmwJ5PRblM4ot5qt69t9Qxgui/fn5pIZa+tDA3zKtJx1/S1Sm3gdZb+2A71hS +3h/LIkmSD7rTwgJTfjtKd2rVxvPhLlvC6Pt+8cOlOAfxT88Q5atXsU0P+7ZMw/4U +3F6PnahEk6JTNn1ylgi/e3jRoVAew8qv +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Unknown CRL Entry Extension EE Certificate Test8 +issuer=/C=US/O=Test Certificates/CN=Unknown CRL Entry Extension CA +-----BEGIN CERTIFICATE----- +MIICnzCCAgigAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlVua25vd24gQ1JM +IEVudHJ5IEV4dGVuc2lvbiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaMGwxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFB +MD8GA1UEAxM4SW52YWxpZCBVbmtub3duIENSTCBFbnRyeSBFeHRlbnNpb24gRUUg +Q2VydGlmaWNhdGUgVGVzdDgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPIB +J/eXGbgEoIPq9cvpKM1LhdR/nU/V8FVZG6E6cGIPHhm6FpNthtmafeQMPHMkT4eV +41lXx8f9O4+xj0BUXNv/WhGhsT1PHxs+VzLNTG2mp4a6gOaLprNo0vi8C0jMfyQ/ +QMqq0d3vM/QmM4H1AJnguuG4xoSFqLZqIAYC1Xb1AgMBAAGjazBpMB8GA1UdIwQY +MBaAFPVb69rK5e+qiJ/ZbL9bzpNpEU2AMB0GA1UdDgQWBBQoe5/NueRG8dILVNg3 +c7z7YF5PVjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB +MA0GCSqGSIb3DQEBBQUAA4GBADjyBhwUgM1wXGm948RATjxho9tRdPLLVwj3K0Mh +JSy5uURrxX2u5UUutqr2ZOpMjUcO0KY0qePFA7Oi2i1Wh49awyxUEqYVxRgBxNtB +sKxMJG/iV6sX+9X3ObXDCG960+AD2q16GmjPiVrqxE3JQE/1dvdEyHduVgugTEpu +WOKs +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Unknown CRL Entry Extension CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:F5:5B:EB:DA:CA:E5:EF:AA:88:9F:D9:6C:BF:5B:CE:93:69:11:4D:80 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.16.840.1.101.2.1.12.2: critical + ... + Signature Algorithm: sha1WithRSAEncryption + 46:89:76:03:d1:a8:eb:7d:04:de:bf:a8:1f:86:48:8a:d9:78: + ae:21:21:62:91:3d:ba:79:b0:17:d4:ca:41:ae:d3:43:4c:77: + 2d:9e:99:65:93:59:dc:72:dc:d4:90:04:e4:f3:ec:ed:63:bd: + 09:59:3c:a8:0b:ae:fa:ef:11:73:b2:a4:9a:e7:6e:c2:fe:11: + 04:f1:f5:58:78:95:d2:24:2d:4c:4b:7e:7b:f1:8e:9f:ce:82: + 76:be:a5:5e:77:e2:33:10:a5:d1:2a:2a:c8:e2:f5:09:6d:e2: + e7:c7:9c:cc:5b:3c:52:29:f4:a0:3d:6e:8a:87:8a:94:2a:65: + 74:fb +-----BEGIN X509 CRL----- +MIIBhDCB7gIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlVua25vd24gQ1JMIEVudHJ5 +IEV4dGVuc2lvbiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA3MDUC +AQEXDTAxMDQxOTE0NTcyMFowITAKBgNVHRUEAwoBATATBglghkgBZQIBDAIBAf8E +AwIBAKAvMC0wHwYDVR0jBBgwFoAU9Vvr2srl76qIn9lsv1vOk2kRTYAwCgYDVR0U +BAMCAQEwDQYJKoZIhvcNAQEFBQADgYEARol2A9Go630E3r+oH4ZIitl4riEhYpE9 +unmwF9TKQa7TQ0x3LZ6ZZZNZ3HLc1JAE5PPs7WO9CVk8qAuu+u8Rc7Kkmuduwv4R +BPH1WHiV0iQtTEt+e/GOn86Cdr6lXnfiMxCl0SoqyOL1CW3i58eczFs8Uin0oD1u +ioeKlCpldPs= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem new file mode 100644 index 0000000000..8dc7416970 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem @@ -0,0 +1,117 @@ +subject=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBDTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYVW5rbm93biBD +UkwgRXh0ZW5zaW9uIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCytAs/ +JAs2Ja8c89As83uwUulH9T9tQPZcA7nYHvlyElO2ck8TAyHsxyTJEX3dSXo5IOhG +VD2Onq3BDeRFf6pu5OMpoQ3OGJbb4q22/qZtN6etR0haIBvS2ftAIPX1mJHU48rv +TuMEQ0hoVtFxKdyYSeFaw9iBTbcaZdPUCMbnIwIDAQABo3wwejAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUao8V/5j0N/1M9CcF3W7o +YaFVtKswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFoi3BNwtKmwgQu7YVgw +RJCuLiqFCNPny8zbrLdJOyTSB1MqnPBzrnx0E2U6i+5RTiuIUrD5V54/46OcAenb +ABT5jTygyoV5M03Iy6ZRQ71ZqeX2hc8LeHetvMTN1fZiNOtwt6Qn4LtWGyw5KH34 +KMAytthglbz5meZVb+cbK820 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Unknown CRL Extension EE Certificate Test10 +issuer=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA +-----BEGIN CERTIFICATE----- +MIIClDCCAf2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JM +IEV4dGVuc2lvbiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGcx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE8MDoGA1UE +AxMzSW52YWxpZCBVbmtub3duIENSTCBFeHRlbnNpb24gRUUgQ2VydGlmaWNhdGUg +VGVzdDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCi6/iZeRoibZWIgFQb +pVXsmxIdt4k56SpvzvPgJPyoxkehfaVCNpZQ9udynRLZaogzk1Js85Xmf+O3MBul +a/xJq4BU0Mit5jPBDcfqEpOu4ovFBfX7i+nBDbBiS+2v+QkqntokkwaDKKCnDRV2 +qjQdAnTFbFNpkpyO3yhWJ6ASOwIDAQABo2swaTAfBgNVHSMEGDAWgBRqjxX/mPQ3 +/Uz0JwXdbuhhoVW0qzAdBgNVHQ4EFgQUkm2zSID0l7fhHwrbvsB+O9PRHtkwDgYD +VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B +AQUFAAOBgQCMYaiiImk6MCNreccITRisfSs0mHnXu7opjgpXuD6GcKnQtOhN/52T +12dfAZMp+ROHHg2hZ1xWY7Uvn5IWbWEepjY0SpyGDsuzLgEO2xXg7DU5n1yxZpao +mnsYHYHJPrTQK7jpsbutOP27RSNid2jQNfnyDoYsn2uCl6zen1aoCw== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Unknown CRL Extension CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6A:8F:15:FF:98:F4:37:FD:4C:F4:27:05:DD:6E:E8:61:A1:55:B4:AB + + X509v3 CRL Number: + 1 + 2.16.840.1.101.2.1.12.2: critical + ... +Revoked Certificates: + Serial Number: 01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 87:83:34:a5:84:cb:5a:ea:95:df:cf:c0:15:aa:4a:32:5a:e7: + 29:82:92:af:40:f0:c1:5b:0f:f8:4f:c5:ba:af:bf:12:16:85: + b2:d9:df:d5:f3:5a:da:bd:15:8a:ec:d3:a1:af:e7:8f:80:48: + 54:1f:22:c2:8a:74:9e:c1:c8:5b:33:a4:8f:6a:30:43:91:35: + 0b:08:c2:87:c5:5a:b0:b4:30:6c:f4:f7:22:7b:71:b6:ff:7e: + 3f:ae:da:aa:b7:d2:4a:a7:10:7c:70:b7:6a:10:85:d1:9f:d1: + 5d:bc:36:44:30:32:6c:bc:a6:8e:24:96:62:d6:68:c0:24:13: + 55:3a +-----BEGIN X509 CRL----- +MIIBfjCB6AIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JMIEV4dGVu +c2lvbiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQEXDTAx +MDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaBEMEIwHwYDVR0jBBgwFoAUao8V/5j0 +N/1M9CcF3W7oYaFVtKswCgYDVR0UBAMCAQEwEwYJYIZIAWUCAQwCAQH/BAMCAQAw +DQYJKoZIhvcNAQEFBQADgYEAh4M0pYTLWuqV38/AFapKMlrnKYKSr0DwwVsP+E/F +uq+/EhaFstnf1fNa2r0ViuzToa/nj4BIVB8iwop0nsHIWzOkj2owQ5E1CwjCh8Va +sLQwbPT3Intxtv9+P67aqrfSSqcQfHC3ahCF0Z/RXbw2RDAybLymjiSWYtZowCQT +VTo= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem new file mode 100644 index 0000000000..ed2ddac429 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem @@ -0,0 +1,117 @@ +subject=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBDTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYVW5rbm93biBD +UkwgRXh0ZW5zaW9uIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCytAs/ +JAs2Ja8c89As83uwUulH9T9tQPZcA7nYHvlyElO2ck8TAyHsxyTJEX3dSXo5IOhG +VD2Onq3BDeRFf6pu5OMpoQ3OGJbb4q22/qZtN6etR0haIBvS2ftAIPX1mJHU48rv +TuMEQ0hoVtFxKdyYSeFaw9iBTbcaZdPUCMbnIwIDAQABo3wwejAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUao8V/5j0N/1M9CcF3W7o +YaFVtKswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFoi3BNwtKmwgQu7YVgw +RJCuLiqFCNPny8zbrLdJOyTSB1MqnPBzrnx0E2U6i+5RTiuIUrD5V54/46OcAenb +ABT5jTygyoV5M03Iy6ZRQ71ZqeX2hc8LeHetvMTN1fZiNOtwt6Qn4LtWGyw5KH34 +KMAytthglbz5meZVb+cbK820 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Unknown CRL Extension EE Certificate Test9 +issuer=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JM +IEV4dGVuc2lvbiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGYx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE7MDkGA1UE +AxMySW52YWxpZCBVbmtub3duIENSTCBFeHRlbnNpb24gRUUgQ2VydGlmaWNhdGUg +VGVzdDkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN5hxrET3bqQkPGYoOqM +k59f/6Bz8rfuR0w0CP8UqMM+W2xDKIj+J1+sHfl1rsbgm3kKLrIF/DeRgOUS9k+m +1gTj4NxYqTLXRu3AeqoWe7Z04z8WxqhHyD40VbqJeZgRl960H7nqSS7FUCE5Uhrz +cBhoLlhH2/lYNtZmNFemPVA9AgMBAAGjazBpMB8GA1UdIwQYMBaAFGqPFf+Y9Df9 +TPQnBd1u6GGhVbSrMB0GA1UdDgQWBBQ/ld8yhWsnGl6nmqhcM8TxDa9n7jAOBgNV +HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB +BQUAA4GBADFhplcYCh5Wt/vpCzwZMGj0be5RMlPSh+6UWKY8gR+TknXyeyhIN0TU +R7DRXv/XE6ZRQda9Pslooz1WB/VBez54Sg3EirsB8hK/E+PS//mo0NN5ooOdWb8s +WqML3eEo3XVs0Fj1mYc+8U4bYRPrtDVO4Mr/SnyKNNCf1O5R+X74 +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Unknown CRL Extension CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6A:8F:15:FF:98:F4:37:FD:4C:F4:27:05:DD:6E:E8:61:A1:55:B4:AB + + X509v3 CRL Number: + 1 + 2.16.840.1.101.2.1.12.2: critical + ... +Revoked Certificates: + Serial Number: 01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 87:83:34:a5:84:cb:5a:ea:95:df:cf:c0:15:aa:4a:32:5a:e7: + 29:82:92:af:40:f0:c1:5b:0f:f8:4f:c5:ba:af:bf:12:16:85: + b2:d9:df:d5:f3:5a:da:bd:15:8a:ec:d3:a1:af:e7:8f:80:48: + 54:1f:22:c2:8a:74:9e:c1:c8:5b:33:a4:8f:6a:30:43:91:35: + 0b:08:c2:87:c5:5a:b0:b4:30:6c:f4:f7:22:7b:71:b6:ff:7e: + 3f:ae:da:aa:b7:d2:4a:a7:10:7c:70:b7:6a:10:85:d1:9f:d1: + 5d:bc:36:44:30:32:6c:bc:a6:8e:24:96:62:d6:68:c0:24:13: + 55:3a +-----BEGIN X509 CRL----- +MIIBfjCB6AIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JMIEV4dGVu +c2lvbiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQEXDTAx +MDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaBEMEIwHwYDVR0jBBgwFoAUao8V/5j0 +N/1M9CcF3W7oYaFVtKswCgYDVR0UBAMCAQEwEwYJYIZIAWUCAQwCAQH/BAMCAQAw +DQYJKoZIhvcNAQEFBQADgYEAh4M0pYTLWuqV38/AFapKMlrnKYKSr0DwwVsP+E/F +uq+/EhaFstnf1fNa2r0ViuzToa/nj4BIVB8iwop0nsHIWzOkj2owQ5E1CwjCh8Va +sLQwbPT3Intxtv9+P67aqrfSSqcQfHC3ahCF0Z/RXbw2RDAybLymjiSWYtZowCQT +VTo= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem new file mode 100644 index 0000000000..bf772ff279 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem @@ -0,0 +1,58 @@ +subject=/C=US/O=Test Certificates/CN=Invalid Unknown Critical Certificate Extension EE Cert Test2 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBXzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMHAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFFMEMGA1UEAxM8SW52YWxpZCBV +bmtub3duIENyaXRpY2FsIENlcnRpZmljYXRlIEV4dGVuc2lvbiBFRSBDZXJ0IFRl +c3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdgE9VN0Ghm/NmN4sGBIWC +mYNYrK8ADbOxwu75ug/F5jR3Wq3Hlg4aC8SCNQ2h/sEnsGhZ1nsQwF1mDWMvsGrR +87vV31pE9SlPQvMPG5S9UlqHO0b/4wj057sWoMHSvOcROdgJti2Dzt9p9+ArbK56 +kYAf4TYDVQi/UvCb4TYe9wIDAQABo4GAMH4wHwYDVR0jBBgwFoAU+2zULYGeyid6 +ng2wPOqavIf/SeowHQYDVR0OBBYEFCWr0F6axQ7dDvC4QVdDsvqzwEdgMA4GA1Ud +DwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEwYJYIZIAWUCAQwC +AQH/BAMCAQAwDQYJKoZIhvcNAQEFBQADgYEAC49hK2AAPynegAqkmf6gK9o2lbGR +G1PQFqTf+zLATRWYbB+S1lvMJEOYcf1/T2arOgWO6xXJHvQ2xvYr6VbfBSnIdhUW +OoIQIAowM3RWpZaHu9Ze31BXnoiw3AJxmzIzuD5l+4RyE5OeqTtfJK15kOpeJVdH +aMmBFW2/5/9zl0k= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem new file mode 100644 index 0000000000..7f10e7695f --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Wrong CRL CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBCjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMV3JvbmcgQ1JM +IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrjpkZYUtNf/4W6weCyaK0 +JDUtJyXxK8YEL9R2hpnPnGceXRXEkq7XPWyNBAC+lpGPd+mWjvX4A/MAsGHsOiY3 +I35sJHR0ViNoDDIpACYBuNhtFTQ0JHS34zOZR+jG0BYSib4h+svHctlVWGOY3l8F +lp8EWSm8YZ3kt7kycshWzQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe +DbA86pq8h/9J6jAdBgNVHQ4EFgQU1G3jwp/Wffea3VwN0SfwS1Rpd6gwDgYDVR0P +AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAI844RkGSuDIY9HF+gW3Nd6C3sILutA0Zsqw +Ih0wWh/y9VOV6TNvPd8BlF1i0WkAMcswgqhrODgySpG7fdDlgMTSI/Tz0ObYbsA/ +Dcd3OplmCfRKi8biDWnBn6LdZysZ9uiIOBFyOFr5cfWGlgSctiXxtZc15sju+TTA +EwWcPVar +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Wrong CRL EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=Wrong CRL CA +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFdyb25nIENSTCBD +QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMmSW52YWxpZCBX +cm9uZyBDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDYwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBALC3wWGmw5/yOOPg3RNvStJ9JJIfBz6CyFWksquf/4icnW/wL4rx +hCxN1vNOSiH+IrOgWYTpkpGPiMvbvn4h9I2Ytzimw1O0EPTXFAE6CdJagxdcsFHA +1UJMR/+666NEypeYmyaFMPduqmcR7rED7TZZgQGhltY2+06s0SghWO1fAgMBAAGj +azBpMB8GA1UdIwQYMBaAFNRt48Kf1n33mt1cDdEn8EtUaXeoMB0GA1UdDgQWBBTI +T2I2nkS+ARaPkr3QPXOlb30emTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAKM9XsZ6SDRWXHk1nyBsa28P +ItsxtO1B0ZnK4Aboih9fOPg14udmRCVjgc7Z3UCl+F8YXFWKkisitt55o74MCv60 +2vlEaBrRBPMvTpHwqyNIWCcuDYBT4JrfC+iF8RwHtts9c0KUUn/bwXAuvDclEg79 +XUWTzrxsqFVOnMEktZUm +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2: + 13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20: + 81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5: + 07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca: + ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4: + 07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f: + 7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01: + 38:8d +-----BEGIN X509 CRL----- +MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe +yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq +If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB +6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg +j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem new file mode 100644 index 0000000000..f64a9bb06c --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem @@ -0,0 +1,109 @@ +subject=/C=US/O=Test Certificates/CN=basicConstraints Critical cA False CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICiDCCAfGgAwIBAgIBFzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlYmFzaWNDb25z +dHJhaW50cyBDcml0aWNhbCBjQSBGYWxzZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAsmocvHtIhy06xoGU8RgpDv0nBGXIPSXRG6Poy/+IGxarpbG06NmC +maF9YsRYKMKl35fIYgRSJXsZQNbNdFp+OP0unEc2gkWnRFkd5UYXaUYUw+1joRBQ +rv66WNwMkTSpFnzmb0Pvvxw+5Yy8MMzvfYTwnw4GIgLtTrffpS9B4V8CAwEAAaN5 +MHcwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMdH +T3Qigo2QmpSYRbO1Q8N1GDbOMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOBgQCYmJK2 +5OMOWxlviglY0yKGvQpDwTyJ4CJmsGGI/rtSjvfFiqHPmq2c/QGm+pAdKMqkhGXN +FjVPKm8pLqrFbAnWXSG5OeWq5wEMckNe1Qjp91ag5gmWEVwdq86eNxkkA6w/+hjp +BxoCAT74c74EqPpOX8c6NGlI3VyN0hODzePSHA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid cA False EE Certificate Test2 +issuer=/C=US/O=Test Certificates/CN=basicConstraints Critical cA False CA +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJWJhc2ljQ29uc3Ry +YWludHMgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw +NDE5MTQ1NzIwWjBZMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp +Y2F0ZXMxLjAsBgNVBAMTJUludmFsaWQgY0EgRmFsc2UgRUUgQ2VydGlmaWNhdGUg +VGVzdDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWAnb4eGXIMKqcvxV1N +I1WYOIgPGw0pmor0ePIVaJFQZALxDndu3IUvzZCuK/m5nBAn3qtGItKULZEqeZx1 +sqbagMshYrHDkntnRShl1luH40b/RdWn0SnkWcYiA+ZTmcUYTV4t0OmgeUzQMtMj +LRQ76i3JymtkR6MDgbJ6NWQzAgMBAAGjazBpMB8GA1UdIwQYMBaAFMdHT3Qigo2Q +mpSYRbO1Q8N1GDbOMB0GA1UdDgQWBBTQ3jc8Qy+MJLvnf+0PWJpzZUdgHzAOBgNV +HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB +BQUAA4GBAKhCguYapRZdH/DcOaj9Mtc/x8+/QbXwwWTyETUNHItDAWqwXgCbEHKN +tbgWB6IZnzhzWvLcNk0HJrqf8jnYEC3EWj9ruOl7oaCWRuq5uLwtnf6MCI32zjzT +yJDh7QLWt2STzMDmppGt84nl3PjN8MaQhp2qTJyP9f8ue+n+Ng0D +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=basicConstraints Critical cA False CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:C7:47:4F:74:22:82:8D:90:9A:94:98:45:B3:B5:43:C3:75:18:36:CE + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 32:bc:12:1f:84:d0:b6:3e:72:a0:fb:d9:75:99:ca:e5:2a:05: + 09:e6:c8:27:74:47:1c:dc:0c:d4:9f:bc:9f:b2:62:25:b4:6d: + 5b:e5:0b:e8:2a:8e:07:eb:3e:6b:c5:1e:9a:d2:14:fd:89:5b: + c3:10:bf:19:77:67:0a:33:45:1b:bc:6c:ed:af:84:30:59:fb: + 7c:71:95:63:60:31:9b:9b:0a:ea:77:f1:70:f1:b9:2e:d1:a9: + 04:42:66:94:b9:54:48:db:44:56:56:1a:57:5a:01:0e:7c:4d: + d7:c0:1f:5c:6f:13:f5:a3:57:88:6a:9a:71:cd:d5:ae:c3:00: + b1:28 +-----BEGIN X509 CRL----- +MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJWJhc2ljQ29uc3RyYWludHMg +Q3JpdGljYWwgY0EgRmFsc2UgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFqgLzAtMB8GA1UdIwQYMBaAFMdHT3Qigo2QmpSYRbO1Q8N1GDbOMAoGA1UdFAQD +AgEBMA0GCSqGSIb3DQEBBQUAA4GBADK8Eh+E0LY+cqD72XWZyuUqBQnmyCd0Rxzc +DNSfvJ+yYiW0bVvlC+gqjgfrPmvFHprSFP2JW8MQvxl3ZwozRRu8bO2vhDBZ+3xx +lWNgMZubCup38XDxuS7RqQRCZpS5VEjbRFZWGldaAQ58TdfAH1xvE/WjV4hqmnHN +1a7DALEo +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem new file mode 100644 index 0000000000..8784c21050 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem @@ -0,0 +1,109 @@ +subject=/C=US/O=Test Certificates/CN=basicConstraints Not Critical cA False CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIBGDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEyMDAGA1UEAxMpYmFzaWNDb25z +dHJhaW50cyBOb3QgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBALebKuy5EJW95AkM4MZ0p12UxwWQqlclzW+C7Ntov96ejAjA +ciH9FrTh8IzXl99nnQnHHO8O+pZ1jzh8hQx+kAGx6ENV87E9ByTgcNUwSgHgEHX+ +59fIr8RTbdUtF2T1U8iyFM88FkpI682I0GvNDuej65588/P/OAHTmZbqcWrfAgMB +AAGjdjB0MB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQW +BBTEleK6dmzd47tLaP1CRfgUVOxbzTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADgYEAhjgF +Diuvic63KpOvuZxczWMf0K//uMCtUxtXXRTI3/Wm4ryKa+yI52FUGhUcNB5wRAES +R1tJSuphGx6rdcSHZTE95gLo24lnyc+oTZQ3gcK2xouTy3F3CvhmPs9QMMjaqtfn +NDJKzUyBvAasUQ9SZxk+bifeeSQ/RDzmQxNKHr8= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid cA False EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=basicConstraints Not Critical cA False CA +-----BEGIN CERTIFICATE----- +MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMjAwBgNVBAMTKWJhc2ljQ29uc3Ry +YWludHMgTm90IENyaXRpY2FsIGNBIEZhbHNlIENBMB4XDTAxMDQxOTE0NTcyMFoX +DTExMDQxOTE0NTcyMFowWTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy +dGlmaWNhdGVzMS4wLAYDVQQDEyVJbnZhbGlkIGNBIEZhbHNlIEVFIENlcnRpZmlj +YXRlIFRlc3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5JEpPUEhR94hD +geH4nu6tuBiM/sUvTffvOfzdSftTXOQ/4pHuZPXKDz7SrM5gAimRZMXlC0ZngP7z +9Q7StXqOqMvZI75GjHGYr3S3W56vvCxfDh639L/x3UlhfKqEzn3rMLMDC52lJzcH +npMqMRIYWdedIvqg6OaxMDj30va12wIDAQABo2swaTAfBgNVHSMEGDAWgBTEleK6 +dmzd47tLaP1CRfgUVOxbzTAdBgNVHQ4EFgQUxBUts6LKOH9HITo2TnmeY1hdGNsw +DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG +9w0BAQUFAAOBgQAnnZ9Y8fdKeA3cdodXsQqz302mCLQLH1jhcE7UnfAYrTdecJ5s +8xxE7AKdNEG7/KUAoSwKDsGw0HBIQDPD62kblZEWKViT4+e4isf4Dy3G31BRbkiu +bcJsDKzOOdCeCdXJvGXAJ18su8P+4srOddrQuINqRy2YgDG5Rka2WArY2g== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=basicConstraints Not Critical cA False CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:C4:95:E2:BA:76:6C:DD:E3:BB:4B:68:FD:42:45:F8:14:54:EC:5B:CD + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a4:53:e8:4c:ac:c5:d6:66:9f:c8:a6:4c:ad:d2:6f:2e:31:b6: + 48:37:6b:9e:e8:76:8a:ff:23:80:3a:49:a2:91:d4:94:0a:bd: + 9b:2c:0b:cd:c3:9f:e8:a4:7e:b1:ce:37:ea:23:5c:ff:c2:76: + 6e:c4:84:d3:21:2a:ef:7d:2e:fd:71:54:2d:8a:ef:f5:96:73: + f1:7a:c9:1a:7c:77:86:b4:df:0c:47:a3:8b:9b:b1:f7:bc:21: + 64:6d:19:97:ca:b2:1b:e8:4d:f7:66:c4:78:75:5d:76:b8:7c: + 5d:88:f4:ae:b8:6c:27:11:c4:96:09:b2:35:fb:6a:da:f8:fe: + 73:df +-----BEGIN X509 CRL----- +MIIBVjCBwAIBATANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMjAwBgNVBAMTKWJhc2ljQ29uc3RyYWludHMg +Tm90IENyaXRpY2FsIGNBIEZhbHNlIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx +NDU3MjBaoC8wLTAfBgNVHSMEGDAWgBTEleK6dmzd47tLaP1CRfgUVOxbzTAKBgNV +HRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQCkU+hMrMXWZp/Ipkyt0m8uMbZIN2ue +6HaK/yOAOkmikdSUCr2bLAvNw5/opH6xzjfqI1z/wnZuxITTISrvfS79cVQtiu/1 +lnPxeskafHeGtN8MR6OLm7H3vCFkbRmXyrIb6E33ZsR4dV12uHxdiPSuuGwnEcSW +CbI1+2ra+P5z3w== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem new file mode 100644 index 0000000000..357566f6e2 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem @@ -0,0 +1,140 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=indirectCRL CA2 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD +UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE +/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW +Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80 +7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD +VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y +YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA +nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc +0meAGzOu5kHt +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test27 +issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2 +-----BEGIN CERTIFICATE----- +MIICzzCCAjigAwIBAgIBBDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM +IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp +ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDI3MIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDBePXreW7TEQz9U98u5IjkoUpf/CRELuDW4EWLSx0ib7kJ +njp5do8pREmTX9nvLo1/CiJnv0RRNY4hKwqjR3V+j/2+BT7JDu5T8YuM3MmgWlJt +G46pHVekb8uXAofDTqMlvAtGTQauE9F3JU7oJ1FJebMo9SRHwIBQvvwnLIn2qQID +AQABo4G6MIG3MB8GA1UdIwQYMBaAFMGvgg/V008Q8DFiPFiJuYp0u5wBMB0GA1Ud +DgQWBBRA5ST4jwbcfGOGKDw9sAjuw+hKSzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g +BBAwDjAMBgpghkgBZQMCATABMEwGA1UdHwRFMEMwQaI/pD0wOzELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRAwDgYDVQQDEwdHb29kIENB +MA0GCSqGSIb3DQEBBQUAA4GBADHmdwVGWHDLCpX0n65DVgDpC2wWpGgu929rlB5w +nhGi79lgn3z2a5+3UCaXHQY+vMhJgMFVYoOfmUCNd4cnTgHMtr5Ai9tOS934lj0Z +xL/XOfx1v6ownw2VOZ5LWxMi2YnYTqC8323wPhcHjTecnE9JprakdJa6q54gsbZR +j1fs +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem new file mode 100644 index 0000000000..a370fa86a3 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem @@ -0,0 +1,226 @@ +subject=/C=US/O=Test Certificates/OU=indirectCRL CA5 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD +UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI +iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok +km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM +6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn +6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J +7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H +sN+wLRApTQTr +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=indirectCRL CA6 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBWTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD +UkwgQ0E2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/raWoeX0Fp14qkKY +Ypdts+gzpB6uEBcK8SpAa5FzydBYcIJajJ7MbWLlH1o1nzd27E2YQQPaVuRvB9vS +4Tih5plnbOXvkaUVh/iohILhb0Q49JWe4JU2yQsphppmzXgUH7C0Zygn3N/fd8JF +MUxK0kDYmuerHsZ7DDIJsAOTpQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwhs+qhpOwTOKGqpZSQOxZqIc8H0wDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACMudfomzqT284TDQDAaT8SdUGpP0bH0 +ofTP/6WODMD3M2+AYgM5ES2McuNKWBx/iifIy42icqmtiP4EjbwjK5JKPJzSSyIF +/BL1+/TdNfvGBuDBG7qoVzqALx4QeAdCh9tjM9eZQbwVuIIUiI94VPU3hT1OcJRE +ZCkFIjgPYCPR +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test31 +issuer=/C=US/O=Test Certificates/CN=indirectCRL CA6 +-----BEGIN CERTIFICATE----- +MIIDUzCCArygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM +IENBNjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp +ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDMxMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDF62+bmWqsIJDuZD87vUAXArOAHy8ctB87FGlfVI/UMp3x +SJEM7Bb7cFD9DtWIsr+NcvEGIJIHqxSS+uqbSTkhLRkkQ6V3vZBWw9iK4YCixNHV +4ngJovgzMWKjjTHBN0+8wtZz2gccx4lD4l8gvC41scMQ7qyQqIX0ByUafTEMAQID +AQABo4IBPTCCATkwHwYDVR0jBBgwFoAUwhs+qhpOwTOKGqpZSQOxZqIc8H0wHQYD +VR0OBBYEFDRJXOe+nS5RsQPtEvFYSSZSIXVPMA4GA1UdDwEB/wQEAwIE8DAXBgNV +HSAEEDAOMAwGCmCGSAFlAwIBMAEwgc0GA1UdHwSBxTCBwjCBv6B0oHKkcDBuMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsT +D2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBpbmRp +cmVjdENSTCBDQTaiR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENl +cnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RDUkwgQ0E1MA0GCSqGSIb3DQEB +BQUAA4GBAIPT9aAYLcz53VCc4i5LC7bw2UhSE06ovDozPQVlLW7ykaoApryS0aRb +jRDf/csLFBaDbcmymFBGlYDsnDMv1+R2Azj5eUy4ssEpCYDsKyJnNvY1AD1aldyn +hwyrIcLgWdU0rmHIT9m+/yLKdk31P8B3WKl6nNEtJVe1hlyeR8Fs +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0..Y...R...N.p0n1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5... +Revoked Certificates: + Serial Number: 01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA6 + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA7 + Serial Number: 06 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 07 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 08 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA6 + Serial Number: 09 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0A + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA5 + Serial Number: 0B + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c: + d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c: + f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e: + 44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce: + 51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53: + 79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab: + 7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c: + c7:af +-----BEGIN X509 CRL----- +MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0 +NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V +BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU +ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX +DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB +MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD +ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG +A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV +HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm +aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1 +NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE +AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl +c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN +MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU +lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd +MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy +dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu +ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS +TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3 +pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw +FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly +ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb +uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu +TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq +xL1FzpoJ1fesDYN8YjzHrw== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem new file mode 100644 index 0000000000..5dab635a7e --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem @@ -0,0 +1,226 @@ +subject=/C=US/O=Test Certificates/OU=indirectCRL CA5 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD +UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI +iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok +km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM +6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn +6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J +7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H +sN+wLRApTQTr +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=indirectCRL CA6 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBWTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD +UkwgQ0E2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/raWoeX0Fp14qkKY +Ypdts+gzpB6uEBcK8SpAa5FzydBYcIJajJ7MbWLlH1o1nzd27E2YQQPaVuRvB9vS +4Tih5plnbOXvkaUVh/iohILhb0Q49JWe4JU2yQsphppmzXgUH7C0Zygn3N/fd8JF +MUxK0kDYmuerHsZ7DDIJsAOTpQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwhs+qhpOwTOKGqpZSQOxZqIc8H0wDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACMudfomzqT284TDQDAaT8SdUGpP0bH0 +ofTP/6WODMD3M2+AYgM5ES2McuNKWBx/iifIy42icqmtiP4EjbwjK5JKPJzSSyIF +/BL1+/TdNfvGBuDBG7qoVzqALx4QeAdCh9tjM9eZQbwVuIIUiI94VPU3hT1OcJRE +ZCkFIjgPYCPR +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test32 +issuer=/C=US/O=Test Certificates/CN=indirectCRL CA6 +-----BEGIN CERTIFICATE----- +MIIDUzCCArygAwIBAgIBCTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM +IENBNjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp +ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDMyMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDGNK1Y+eOYRm50GYuyrg+CaupAyx1885TUh0lz/2sHwXp2 +OmsLIqfukEyyIfBt/gEHZ4e3CvSb8unsTq/Jlt++srjlPkTPaJAJZmVhhLBS33c/ +L4t1J9CE+W5JEzzQjzhhtAgsOxH4gy6PqQ7MQ3LPRSUFqwtFlOjUaVDekanP/wID +AQABo4IBPTCCATkwHwYDVR0jBBgwFoAUwhs+qhpOwTOKGqpZSQOxZqIc8H0wHQYD +VR0OBBYEFCFEpTMSRVJmDIG3biuYZ63bFngaMA4GA1UdDwEB/wQEAwIE8DAXBgNV +HSAEEDAOMAwGCmCGSAFlAwIBMAEwgc0GA1UdHwSBxTCBwjCBv6B0oHKkcDBuMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsT +D2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBpbmRp +cmVjdENSTCBDQTaiR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENl +cnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RDUkwgQ0E1MA0GCSqGSIb3DQEB +BQUAA4GBAKZ16nizt2hCVkrf+WfJV1t/frRX9W7Oi4whQqH9BEA2nEZ9LVeGnCAZ +he10WnY1rXA2JHICijj3YDBoAlOMWtp43Qhv32QJ4dFR08kuSWjvCygSokh9uyoX +Q/zpF1amF1x/Br/uteHCBILXFFGLLsSauW15U4HWUiJQHob56396 +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0..Y...R...N.p0n1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5... +Revoked Certificates: + Serial Number: 01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA6 + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA7 + Serial Number: 06 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 07 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 08 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA6 + Serial Number: 09 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0A + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA5 + Serial Number: 0B + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c: + d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c: + f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e: + 44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce: + 51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53: + 79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab: + 7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c: + c7:af +-----BEGIN X509 CRL----- +MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0 +NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V +BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU +ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX +DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB +MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD +ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG +A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV +HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm +aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1 +NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE +AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl +c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN +MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU +lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd +MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy +dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu +ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS +TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3 +pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw +FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly +ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb +uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu +TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq +xL1FzpoJ1fesDYN8YjzHrw== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem new file mode 100644 index 0000000000..2e62d70320 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem @@ -0,0 +1,205 @@ +subject=/C=US/O=Test Certificates/OU=indirectCRL CA5 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD +UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI +iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok +km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM +6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn +6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J +7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H +sN+wLRApTQTr +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test34 +issuer=/C=US/O=Test Certificates/OU=indirectCRL CA5 +-----BEGIN CERTIFICATE----- +MIIC/DCCAmWgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM +IENBNTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp +ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDM0MIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCSaPRkABN56ESU2SA5P4mVXVChuwxsllnznUrRrpaH+L60 +m9Sa11iyGiUqTcGPQbEsPUN8zQQmsjnGSpIMtMRrnkaOTaUmzszVKp9xOuZ5vgSd +8KeQJjqISqeeJL/oSynuMBOfir1TH2HToo+HetNsfXhumdPDKUojywjZcp1N7wID +AQABo4HnMIHkMB8GA1UdIwQYMBaAFJStEtHhDn7DuzdLQT1tWYA/RFdtMB0GA1Ud +DgQWBBQ4QCS2SjHLQtR3kH7i8O8sleHk8DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g +BBAwDjAMBgpghkgBZQMCATABMHkGA1UdHwRyMHAwbqBsoGqkaDBmMQswCQYDVQQG +EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGly +ZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RDUkwgQ0E1MA0G +CSqGSIb3DQEBBQUAA4GBAAppj9RM8AKRmrj/d56ZzOcNlN79bi39iFp7ZuxrkdL7 +ZcnUm4A5y0u2ZoywD1LTUUYh+egAhtpccsYYjmMVQVbEtgwVKorXOwcm6iNmENQ6 +lsZPlEkEXBLlfZLuhPr4Ju+QjaMo7SLAiXOG9lwry8ZFcfAGLIfpLlQyGZ2cnahX +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0..Y...R...N.p0n1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5... +Revoked Certificates: + Serial Number: 01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA6 + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA7 + Serial Number: 06 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 07 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 08 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA6 + Serial Number: 09 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0A + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA5 + Serial Number: 0B + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c: + d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c: + f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e: + 44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce: + 51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53: + 79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab: + 7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c: + c7:af +-----BEGIN X509 CRL----- +MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0 +NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V +BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU +ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX +DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB +MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD +ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG +A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV +HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm +aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1 +NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE +AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl +c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN +MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU +lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd +MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy +dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu +ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS +TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3 +pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw +FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly +ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb +uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu +TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq +xL1FzpoJ1fesDYN8YjzHrw== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem new file mode 100644 index 0000000000..814ed525f6 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem @@ -0,0 +1,207 @@ +subject=/C=US/O=Test Certificates/OU=indirectCRL CA5 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD +UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI +iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok +km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM +6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn +6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J +7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H +sN+wLRApTQTr +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test35 +issuer=/C=US/O=Test Certificates/OU=indirectCRL CA5 +-----BEGIN CERTIFICATE----- +MIIDSzCCArSgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM +IENBNTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp +ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDM1MIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDcad27MapNxZI8cHsmcsbc69H6JrfyxEdrb8jo4H7kREvw +Ysye/I+06+hyhrY2ziYjoPjk5qwOT6MZoD6a8nysxt+wJwTtwWP7qrrHUrTTM4wZ +825zHunib1GDGS6NDkRGi3ZZyHgwYGJIpNFvpZ2tYbnQ1YCd+82ApJ/pVK7luwID +AQABo4IBNTCCATEwHwYDVR0jBBgwFoAUlK0S0eEOfsO7N0tBPW1ZgD9EV20wHQYD +VR0OBBYEFHF/hceoUsXQv3cfdoCyVLgI9NqMMA4GA1UdDwEB/wQEAwIE8DAXBgNV +HSAEEDAOMAwGCmCGSAFlAwIBMAEwgcUGA1UdHwSBvTCBujCBt6BsoGqkaDBmMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsT +D2luZGlyZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RDUkwg +Q0E1okekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0 +ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNjANBgkqhkiG9w0BAQUFAAOBgQAH +2pRXjertT5rd9nPU9I5ZthZL8EBhTAfMObbfi8/CYJ+Cftct++cBQATBDBr6ho3Z +TNjd6Qkd1wPPR2EgMk1HWJ6QS4/eQooeTsqstbgz6n/KcMB/+gQeYZbEyFoVu5e6 +C13SPmHSsdy1dtEVVELLreIOhfgSjoMBBQYMCJwffw== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0..Y...R...N.p0n1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5... +Revoked Certificates: + Serial Number: 01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA6 + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA7 + Serial Number: 06 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 07 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 08 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA6 + Serial Number: 09 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0A + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA5 + Serial Number: 0B + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c: + d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c: + f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e: + 44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce: + 51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53: + 79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab: + 7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c: + c7:af +-----BEGIN X509 CRL----- +MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0 +NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V +BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU +ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX +DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB +MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD +ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG +A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV +HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm +aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1 +NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE +AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl +c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN +MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU +lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd +MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy +dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu +ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS +TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3 +pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw +FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly +ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb +uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu +TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq +xL1FzpoJ1fesDYN8YjzHrw== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem new file mode 100644 index 0000000000..3cafe6afb8 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem @@ -0,0 +1,111 @@ +subject=/C=US/O=Test Certificates/CN=deltaCRLIndicator No Base CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBWjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcZGVsdGFDUkxJ +bmRpY2F0b3IgTm8gQmFzZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +oG4BhBi9qCt4Gbrc/LcngtoFA7DzmY22GBOLt1eBY0FyQGpf4K9UJ/LOfsnV+Q1z +VMrQi85AV2IqI6mgtxHLyw698P62RlAXRHWMHyj7K/bgc9YjZXUrY7Dy/rAbHaww +JVlnlNsli3eVdnIPzuxxJ4qRhRgxixJng9IvLPDQaSUCAwEAAaN8MHowHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIvW/54p6SweUNEj +eV1lB9tgcPTTMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQARpTTRRjgFmYIu +Mnx53B9cpWlZhaDRm9P+XdLuN3Tc4rdqxW3PccPPBB02TbfuXKXNGOQZpKhhF2BR +oulfvRUkwEfeB7DHQNuEGVct08IknDXryj2KFLPQgWdprgO0hOgZxF1SPuUOh1q7 +iSvok8TmmeNswbnOq7EszJMT6EmnUA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid deltaCRLIndicator No Base EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=deltaCRLIndicator No Base CA +-----BEGIN CERTIFICATE----- +MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGRlbHRhQ1JMSW5k +aWNhdG9yIE5vIEJhc2UgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBqMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPzA9 +BgNVBAMTNkludmFsaWQgZGVsdGFDUkxJbmRpY2F0b3IgTm8gQmFzZSBFRSBDZXJ0 +aWZpY2F0ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvGpcW2w +QEDfvwR7XCYsQkH0qjyrTAjaWC37qTDFXdVea7SsRiN2tW0REkGLtoF/BGWwq3/K +KNS47aRTkHkYyNJIlv+1vRXEYxlHI0k6HGfH+50i/40w6T3EzV7RUhcGUGQzP2bT +K9Bpc6fHT2sjEgqChhY1By2i/j1sQcIt9TMCAwEAAaNrMGkwHwYDVR0jBBgwFoAU +i9b/ninpLB5Q0SN5XWUH22Bw9NMwHQYDVR0OBBYEFGc/qnf9bJRTuHQc0l5B5FN/ +kKYbMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ +KoZIhvcNAQEFBQADgYEADuC/4FucvKYngf2DKlHL2CRM7Io+GiuRab4hlwCc+ma1 +VPQC6R+vlIABlQvMPmw4WG+SuFUDZNUssb8KPHQZdrvlnFHPjim3wRzYsdvAPIJt +5zncVjkebsrXuA///nNffcUlemq0f871Une/4Vtxe1VBbGzCZ7s8DxQumEH4B6E= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRLIndicator No Base CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8B:D6:FF:9E:29:E9:2C:1E:50:D1:23:79:5D:65:07:DB:60:70:F4:D3 + + X509v3 CRL Number: + 1 + X509v3 Delta CRL Indicator: critical + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 73:84:e0:d0:5d:12:bb:90:a4:b0:49:2d:9c:98:2f:c5:8f:39: + aa:08:09:8d:4a:14:7f:5b:59:00:a0:4d:f2:b6:47:88:33:fb: + a8:51:d9:b1:44:71:66:7d:48:c4:02:fe:ee:fd:2b:ab:80:0d: + 07:ad:41:d6:51:cb:86:03:c8:8e:99:0a:6e:b3:65:72:65:58: + 3b:f1:b9:af:cc:75:ab:ac:7c:59:18:32:59:8e:ca:d9:cd:50: + f2:f9:03:d6:4e:41:13:5e:62:2a:e2:3a:98:12:d8:ff:08:cb: + 14:6e:1d:69:4d:d6:19:74:cf:b5:2d:c7:2d:3c:60:a6:30:95: + 34:4c +-----BEGIN X509 CRL----- +MIIBWDCBwgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGRlbHRhQ1JMSW5kaWNhdG9y +IE5vIEJhc2UgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgPjA8MB8G +A1UdIwQYMBaAFIvW/54p6SweUNEjeV1lB9tgcPTTMAoGA1UdFAQDAgEBMA0GA1Ud +GwEB/wQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAHOE4NBdEruQpLBJLZyYL8WPOaoI +CY1KFH9bWQCgTfK2R4gz+6hR2bFEcWZ9SMQC/u79K6uADQetQdZRy4YDyI6ZCm6z +ZXJlWDvxua/MdausfFkYMlmOytnNUPL5A9ZOQRNeYiriOpgS2P8IyxRuHWlN1hl0 +z7Utxy08YKYwlTRM +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem new file mode 100644 index 0000000000..4ca36378b2 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem @@ -0,0 +1,150 @@ +subject=/C=US/O=Test Certificates/CN=deltaCRL CA3 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBXTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg +Q0EzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyjb9j3IekGOkHy1SMKbO2 +cxwOgq+Yl8JiAoQJk+wbolHouwKi3RFA75+gpgOiN0SeLz08puksttu+6NNeBmlI +VBHm6vN402CMD2mE5JN9ze88PmgzLW/NusnlGNUoYksZn6JLwIyAMqCq9ftTWh/d +Dy0s9MipYeAfErZCKqRoewIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe +DbA86pq8h/9J6jAdBgNVHQ4EFgQU4hgGT7/eQNb/M10iVoncEPfOcL0wDgYDVR0P +AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJ3F2hdP5d9HdGajPqfdokQc5GBFeZOqwu0M +3NB8RwFrC1PmrnRvCZETjCk9bMAlDIYde7XTym3nNwdl2xrMWn6xBBnBtVBU1uAo +96PxqkGgbm/uFUgMLUlww+CwMtAWfpZylChZNNxZSK40iS4jOlN5JajF1iLB+CTG +rC1IKMyc +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test10 +issuer=/C=US/O=Test Certificates/CN=deltaCRL CA3 +-----BEGIN CERTIFICATE----- +MIIDKTCCApKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB +MzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMmSW52YWxpZCBk +ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTAwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAPg+ULgLYvxSkvSwcxwt2gPwS+Snwayze8EhWojhINAcpYlb8sPh +4OaEgcnDvdOrOUGPIB2D/KOYrKEAqlRmM5zx12ZvpLevcV81RvNfe4FTRCqAqwhK +Vs+5ktfrGpJxjBVWC0Lds9VitDFQpVoA8ksVekcaTe2bHsI0Ovr0DJiXAgMBAAGj +ggEXMIIBEzAfBgNVHSMEGDAWgBTiGAZPv95A1v8zXSJWidwQ985wvTAdBgNVHQ4E +FgQU10CyKhocLN3j/y/kw/ue6MjvEF8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNS +TCBDQTMwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQK +ExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0EzMA0GCSqG +SIb3DQEBBQUAA4GBAAUoNQS5AyzkN32ziPcC+VbKBJACILROlR93/RKUabl710wa +BNk1iOD+MQ9iUwOLXI/bAo5bqQP43gvVFETGio6KpzbsDfofpXMbliYNRyX6NYqy +38eEMeX/Tu2GvtAwIWPlW2rdCrAl0KS57hwRtpXvyikNxUHoYGmtREmOdFN+ +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA3 + Last Update: Jan 1 12:00:00 2003 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:E2:18:06:4F:BF:DE:40:D6:FF:33:5D:22:56:89:DC:10:F7:CE:70:BD + + X509v3 CRL Number: + 3 + X509v3 Delta CRL Indicator: critical + 2 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 14:8e:0d:04:69:d0:fb:fc:c1:e0:51:af:b2:9c:b1:0e:d6:8d: + da:4a:f1:94:a2:23:3e:6f:c9:9c:4d:d6:b0:03:6e:ae:c7:23: + fc:6c:69:3e:66:ee:12:fa:2d:b4:12:08:76:16:e7:45:7c:6b: + 7c:b5:ca:dd:f3:67:81:c7:78:d0:0a:54:52:05:0e:a9:8e:36: + 5c:3e:9b:b7:b5:f1:18:a9:04:61:5a:95:4c:3f:a9:d2:76:c3: + 71:dd:2a:9a:78:27:4d:3e:e8:02:93:40:21:42:14:02:a8:0d: + 86:f4:27:53:8c:3c:07:ab:d4:70:29:2e:42:6b:db:5a:2d:06: + 54:e9 +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMxcNMDMw +MTAxMTIwMDAwWhcNMTEwNDE5MTQ1NzIwWqA+MDwwHwYDVR0jBBgwFoAU4hgGT7/e +QNb/M10iVoncEPfOcL0wCgYDVR0UBAMCAQMwDQYDVR0bAQH/BAMCAQIwDQYJKoZI +hvcNAQEFBQADgYEAFI4NBGnQ+/zB4FGvspyxDtaN2krxlKIjPm/JnE3WsANurscj +/GxpPmbuEvottBIIdhbnRXxrfLXK3fNngcd40ApUUgUOqY42XD6bt7XxGKkEYVqV +TD+p0nbDcd0qmngnTT7oApNAIUIUAqgNhvQnU4w8B6vUcCkuQmvbWi0GVOk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA3 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Jan 1 12:00:00 2003 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:E2:18:06:4F:BF:DE:40:D6:FF:33:5D:22:56:89:DC:10:F7:CE:70:BD + + X509v3 CRL Number: + 1 + 2.5.29.46: +..Test Certificates1.0...U....deltaCRL CA3 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 87:f9:64:9d:19:1d:03:e9:68:e0:a8:3b:2a:8a:f2:74:a3:26: + 8a:2b:00:7e:6c:b3:4f:ae:70:d1:e3:ad:39:b5:ba:70:25:34: + 31:9b:12:06:6e:b2:59:f0:a8:56:24:67:c9:fc:76:54:74:4f: + 28:14:6c:7d:51:20:d7:8f:52:69:12:e1:67:2b:3a:d1:70:03: + d6:8a:e5:c5:92:1e:61:29:9d:e5:55:c6:54:bb:8a:a9:b4:b7: + f6:3b:ee:b1:63:90:a3:39:2c:29:b0:f3:2e:00:1c:f4:dd:76: + 46:40:31:0c:7e:29:ab:fb:35:ae:a8:73:8e:ca:a1:23:1c:12: + 8e:50 +-----BEGIN X509 CRL----- +MIIBkDCB+gIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMxcNMDEw +NDE5MTQ1NzIwWhcNMDMwMTAxMTIwMDAwWqCBhTCBgjAfBgNVHSMEGDAWgBTiGAZP +v95A1v8zXSJWidwQ985wvTAKBgNVHRQEAwIBATBTBgNVHS4ETDBKMEigRqBEpEIw +QDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYD +VQQDEwxkZWx0YUNSTCBDQTMwDQYJKoZIhvcNAQEFBQADgYEAh/lknRkdA+lo4Kg7 +KorydKMmiisAfmyzT65w0eOtObW6cCU0MZsSBm6yWfCoViRnyfx2VHRPKBRsfVEg +149SaRLhZys60XAD1orlxZIeYSmd5VXGVLuKqbS39jvusWOQozksKbDzLgAc9N12 +RkAxDH4pq/s1rqhzjsqhIxwSjlA= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem new file mode 100644 index 0000000000..b76c876c1e --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem @@ -0,0 +1,190 @@ +subject=/C=US/O=Test Certificates/CN=deltaCRL CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg +Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF +msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT +zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg +7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe +DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P +AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi +xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys +XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9 +247eEnnm +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1 +-----BEGIN CERTIFICATE----- +MIIDKDCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB +MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk +ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAzxx97S8BoEgN9xfoNoA/Llxt6uPlOWZ+ivv604fkNJjK8fwEFgGh +IX2rOp0JvgxD9GNhW03cAb99VuVWaKCGZetc3qdUF2xWlxxXgYBV1Js2xsyjmGbR +pqAvaRtcrtlqE6hmltSJmkP92c49XhgCOIkV/KNyODYzPpFNe5RyZ/MCAwEAAaOC +ARcwggETMB8GA1UdIwQYMBaAFJOPTbzyHNcMriBIrLoyGg3X6A3NMB0GA1UdDgQW +BBSxLLxeL6rboh2Wk+01TTFMKEr2LTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM +IENBMTBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT +EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZI +hvcNAQEFBQADgYEAjeR/ZFSYPKsGsR0G5k/dJwEp8GMQM/lG8s5DOWP1JbD8Ebl6 +aao3oD0FCF9jzK+rtRkL1GVRXX48sLANOStAEInSVm06g7LocOuGGb7NRggCbLRY +rMCjHVqCHM8aJLARHyGGvUlhNfuzWxTNX4Ru6LnhGQmXqvWcGlY4dVv4vUg= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1 + Last Update: Jan 1 12:00:00 2003 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD + + X509v3 CRL Number: + 2 + X509v3 Delta CRL Indicator: critical + 1 +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Remove From CRL + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 06 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Remove From CRL + Signature Algorithm: sha1WithRSAEncryption + 63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8: + b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85: + 29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48: + 9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71: + 58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98: + d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c: + 1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35: + 90:7a +-----BEGIN X509 CRL----- +MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz +MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw +WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB +CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g +SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B +AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k +ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7 +RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD + + X509v3 CRL Number: + 1 + 2.5.29.46: +..Test Certificates1.0...U....deltaCRL CA1 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Signature Algorithm: sha1WithRSAEncryption + 48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96: + b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4: + 73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0: + db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e: + fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e: + 06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92: + 71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d: + eb:4e +-----BEGIN X509 CRL----- +MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx +MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG +MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME +GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK +MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb +2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR +YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli +fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem new file mode 100644 index 0000000000..a23bf8d464 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem @@ -0,0 +1,190 @@ +subject=/C=US/O=Test Certificates/CN=deltaCRL CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg +Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF +msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT +zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg +7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe +DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P +AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi +xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys +XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9 +247eEnnm +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1 +-----BEGIN CERTIFICATE----- +MIIDKDCCApGgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB +MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk +ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEApl35weU2/WxOlBNEikRZQw51mRQgwiHdME99VsoaDgFPYglJARYk +IQDYMoImgMANlcfHOiVaOAyXU4lXuGmpw8z64BNhazbSkSEl5lHedJaTrG3pwst8 +RIaAAvQbxOYAqrZyDz+9InoAj7ci9+TPhthUrmjkHxs7x/Bmkbmj9pcCAwEAAaOC +ARcwggETMB8GA1UdIwQYMBaAFJOPTbzyHNcMriBIrLoyGg3X6A3NMB0GA1UdDgQW +BBSZxHSKiyXXvxkmVXDhDuryYei0YTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM +IENBMTBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT +EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZI +hvcNAQEFBQADgYEAVQbnMvz/UBEqrjWC/M/CNgiN/9NfiIj2+eYySOYG+HoJrVWC +qCDdYeXfKIHh8CtoS6s+S+xaYpEschIVX3kOjn/VMGOmvAtWlR3iy0nvVoRUoGDa +4eBv1NPq2MlQn5L7WsYHJFnJrLx+z9lWgfFYNKPiDY60dVmNPSfFzQpevu8= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1 + Last Update: Jan 1 12:00:00 2003 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD + + X509v3 CRL Number: + 2 + X509v3 Delta CRL Indicator: critical + 1 +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Remove From CRL + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 06 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Remove From CRL + Signature Algorithm: sha1WithRSAEncryption + 63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8: + b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85: + 29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48: + 9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71: + 58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98: + d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c: + 1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35: + 90:7a +-----BEGIN X509 CRL----- +MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz +MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw +WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB +CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g +SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B +AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k +ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7 +RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD + + X509v3 CRL Number: + 1 + 2.5.29.46: +..Test Certificates1.0...U....deltaCRL CA1 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Signature Algorithm: sha1WithRSAEncryption + 48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96: + b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4: + 73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0: + db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e: + fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e: + 06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92: + 71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d: + eb:4e +-----BEGIN X509 CRL----- +MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx +MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG +MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME +GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK +MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb +2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR +YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli +fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem new file mode 100644 index 0000000000..e918530f97 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem @@ -0,0 +1,190 @@ +subject=/C=US/O=Test Certificates/CN=deltaCRL CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg +Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF +msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT +zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg +7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe +DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P +AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi +xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys +XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9 +247eEnnm +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1 +-----BEGIN CERTIFICATE----- +MIIDKDCCApGgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB +MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk +ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAscrNGz91htFkIREH4kXyOxo9/1St8nJA9dIDFUm8mrrSSju1W8oD +Xp8EeOhyKguxnDGTfGnp5SIrvLUB3IEn2Jjme0QUKtz3lVdWYMNZcyESeKIhz2Hs +GCFxmYHAzafSbJ4dh9VLWVEkARbN31prGZT9BIls24r6PWhRDanqOZ0CAwEAAaOC +ARcwggETMB8GA1UdIwQYMBaAFJOPTbzyHNcMriBIrLoyGg3X6A3NMB0GA1UdDgQW +BBRyJcnOHzbSUbchF1gWSl+d/EKipjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM +IENBMTBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT +EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZI +hvcNAQEFBQADgYEAUGZgoTW4dnlTr4u8+RArHmwDwiSDY0cXQimlo5QXcoeZczkt +s6hrTXRDO2ZiijUqoKqP+F7hBWROoKc2U9kq0yLfZXxsRBx5atus0zwV9PE2pYS9 +5doAUve+eXvnEBzwjBzlPNoWo0yklkwaVIhBZFY8HS2G8P115VnipQebcZk= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1 + Last Update: Jan 1 12:00:00 2003 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD + + X509v3 CRL Number: + 2 + X509v3 Delta CRL Indicator: critical + 1 +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Remove From CRL + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 06 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Remove From CRL + Signature Algorithm: sha1WithRSAEncryption + 63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8: + b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85: + 29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48: + 9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71: + 58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98: + d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c: + 1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35: + 90:7a +-----BEGIN X509 CRL----- +MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz +MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw +WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB +CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g +SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B +AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k +ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7 +RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD + + X509v3 CRL Number: + 1 + 2.5.29.46: +..Test Certificates1.0...U....deltaCRL CA1 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Signature Algorithm: sha1WithRSAEncryption + 48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96: + b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4: + 73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0: + db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e: + fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e: + 06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92: + 71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d: + eb:4e +-----BEGIN X509 CRL----- +MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx +MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG +MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME +GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK +MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb +2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR +YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli +fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem new file mode 100644 index 0000000000..f96feae051 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem @@ -0,0 +1,162 @@ +subject=/C=US/O=Test Certificates/CN=deltaCRL CA2 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBXDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg +Q0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr2MUpxzH8HIqzmAylEvng +qJvVIxI4xzM8NSpC7P7T2R1dmFXK/19W+m5yqOagB9VxgxP9IYbI2VJ/FrbQSD/+ +afpuHA8++piSAs2e/1BoRagiln3PnQTLemPsmVy00eSLnsw6QRdC0MIZjme0/SHv +Z6XuWPNvicDyA/Uml2pCqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe +DbA86pq8h/9J6jAdBgNVHQ4EFgQUo5OrV2YmbXI6bLyDZaOa/I4MQwswDgYDVR0P +AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAFnKbCQCHJI6HhnaoKJkHKk3dBK/E1DNHc3a +u9yx3wYdmqwkoG5iKJjssQDLcbLfpjuF7jU9nKbk2gcmOIa5//lgCmUaok4WZSUA +u8bzMnpiZyzIjjoW78RyuntCMXbZzcs7umsOKfOlDXj4wwsev4E7m5nvP2Qv7hEX +ECR/9DaG +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test9 +issuer=/C=US/O=Test Certificates/CN=deltaCRL CA2 +-----BEGIN CERTIFICATE----- +MIIDKDCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB +MjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk +ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAuJgOh28x++Wg1L68WeOKQN8XdV1qhrZmuHQgwEWL8HA4HNqPU18v +laXijT2AqIMjNJs0Ja41CFGbeaiVSNrV7nMsuQAiXTiiS6R8yrRScEd1baqSvzRT +PPgXoN1qSTYKXXeEYR3dKsHZ2DVAjdlvm/bwIm6lGKGchu4FxwoHCecCAwEAAaOC +ARcwggETMB8GA1UdIwQYMBaAFKOTq1dmJm1yOmy8g2WjmvyODEMLMB0GA1UdDgQW +BBRJKQemGd+zHC3BYsO7nLEzQ8rHazAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM +IENBMjBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT +EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIwDQYJKoZI +hvcNAQEFBQADgYEAf2NJLZQsLgMF9j1YG0b0IP3nQETOE/M1kAExKmgex/QteM25 +DBV4d4vJzuh6DFQxNk91Y9K9bR7qIPlsK31NGGpq4lbct4XgbIlM0+4phq3sORcJ +AU3cfsMvJwZNmfJ6W22nEhF9Dgd0JNo+9g9FQGlSH6z2O34vBB/jPtkDJEU= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2 + Last Update: Jan 1 12:00:00 2003 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B + + X509v3 CRL Number: + 3 + X509v3 Delta CRL Indicator: critical + 1 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 25:e0:e6:a0:65:11:f0:81:2b:f1:ed:47:8c:1c:a4:dd:79:26: + 78:05:22:84:96:35:60:de:7b:13:ec:70:ee:50:3d:ac:d4:9a: + 22:fe:e3:9a:77:a4:fb:bb:86:98:21:80:3e:d3:20:85:57:b2: + 0f:2e:bd:53:d4:7a:ac:96:02:3e:17:00:67:67:6d:16:01:9d: + 93:cb:fc:b6:f1:c2:23:0b:e2:de:c2:02:5a:70:05:34:35:8a: + 72:8c:cb:78:ad:62:96:86:50:5d:6c:ba:1a:bb:e5:b8:e8:5f: + b6:7c:33:8f:8b:aa:c6:b1:78:a7:e4:56:12:76:09:7a:db:ae: + f5:ff +-----BEGIN X509 CRL----- +MIIBbDCB1gIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMhcNMDMw +MTAxMTIwMDAwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaA+MDwwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa/I4M +QwswCgYDVR0UBAMCAQMwDQYDVR0bAQH/BAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA +JeDmoGUR8IEr8e1HjByk3XkmeAUihJY1YN57E+xw7lA9rNSaIv7jmnek+7uGmCGA +PtMghVeyDy69U9R6rJYCPhcAZ2dtFgGdk8v8tvHCIwvi3sICWnAFNDWKcozLeK1i +loZQXWy6GrvluOhftnwzj4uqxrF4p+RWEnYJetuu9f8= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B + + X509v3 CRL Number: + 2 + 2.5.29.46: +..Test Certificates1.0...U....deltaCRL CA2 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 6a:af:6c:a0:70:12:90:02:5b:70:fd:d4:b6:8d:28:9a:51:5c: + fd:04:ed:47:e1:a0:5a:60:e7:41:83:23:ff:a3:e0:c6:b1:fc: + 71:db:cb:8e:a7:20:0e:f6:9a:ae:e3:fd:61:33:a6:21:69:4f: + 7f:7f:23:cc:33:47:45:23:bc:fc:a1:79:02:31:3f:8d:77:e7: + c0:9c:8d:90:ef:6a:9d:38:fe:13:b7:03:dd:ac:36:72:b5:94: + e5:7b:43:a8:7a:96:ce:16:bc:55:00:bd:cc:1b:a7:81:93:40: + f7:f6:11:bf:c6:dd:7a:ab:32:e5:be:fb:88:32:e2:06:41:9f: + 5f:d5 +-----BEGIN X509 CRL----- +MIIBtTCCAR4CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIXDTAx +MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQGggYUwgYIwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa +/I4MQwswCgYDVR0UBAMCAQIwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFD +UkwgQ0EyMA0GCSqGSIb3DQEBBQUAA4GBAGqvbKBwEpACW3D91LaNKJpRXP0E7Ufh +oFpg50GDI/+j4Max/HHby46nIA72mq7j/WEzpiFpT39/I8wzR0UjvPyheQIxP413 +58CcjZDvap04/hO3A92sNnK1lOV7Q6h6ls4WvFUAvcwbp4GTQPf2Eb/G3XqrMuW+ ++4gy4gZBn1/V +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem new file mode 100644 index 0000000000..e2b8ef58dc --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem @@ -0,0 +1,123 @@ +subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0 +aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue +jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V +wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+ +UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+ +uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y +eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56 +Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK +0dm+b6846EQQbmI8jNru +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test2 +issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA +-----BEGIN CERTIFICATE----- +MIIDFTCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv +blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu +SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA737UO+PFs1t9bQRYiD1XQvoj5CgT +W0o3qMiBsk3AhuMx4ozSScw86kyooet/wxn2pJeFuHhNbdmWF5Mz4kyUuTWHl11Z +T0aauPWb15KkPWKyYGcwMPrh1xNR17ddZWhDJsgvtraLthiXLTiumcoof7LrTWd8 +lR6y9AZzJkxw3aUCAwEAAaOB8zCB8DAfBgNVHSMEGDAWgBSeHx1QV2qFbxv45kFe +63q6MH669DAdBgNVHQ4EFgQUDby2uXBoHkNmqlHt58+tVdKbG6UwDgYDVR0PAQH/ +BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCBhAYDVR0fBH0wezB5oHeg +daRzMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEe +MBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQxIENBMSYwJAYDVQQDEx1DUkwxIG9m +IGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQUFAAOBgQDcQ+nXCvsA +WSXbtnoQr+PKV/BOIwQGVJgCtsiEj3Qt04kNFEDjXnXwsKB4LNclGBe5Hi/PsxLG +nrxqkXIoArMFjjZe4eNbkZotgOz2xN1lH/e4+5O1Ji7CbuNXbtSABVh4ZJYzZJYu +d418yGh18wIXgBC0R7QwhHtX5I5tRJPSOA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0y.w.u.s0q1.0...U....US1.0...U. +..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9: + 1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57: + 8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88: + 6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9: + 7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25: + 75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91: + 2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39: + 6a:49 +-----BEGIN X509 CRL----- +MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu +dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq +hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw +cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD +VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz +dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf +pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9 +DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2 +kS0PufUqzgxG5N2xPCOSqGfSOWpJ +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem new file mode 100644 index 0000000000..2772115950 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem @@ -0,0 +1,123 @@ +subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0 +aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue +jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V +wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+ +UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+ +uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y +eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56 +Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK +0dm+b6846EQQbmI8jNru +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test3 +issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA +-----BEGIN CERTIFICATE----- +MIIDFTCCAn6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv +blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu +SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuS5Lgb3o+ul4HsVLgHgzRL9MeLx1 +KnKHTzQ7EedCPCAL/7h2oNWVaOCqaRzy5E4ke3W53AP0lHEyygZjKFnLw2QjEtGj +1qytIz79bI9YKeHX1pnOldsesBJtKAfb/RBhtwEsieibfV3nFTTckFhqtMWkRX+b +xgbfcd5yKPMhQRECAwEAAaOB8zCB8DAfBgNVHSMEGDAWgBSeHx1QV2qFbxv45kFe +63q6MH669DAdBgNVHQ4EFgQUxeG0ipAP1oMfhg4iMi/dmI5iNgcwDgYDVR0PAQH/ +BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCBhAYDVR0fBH0wezB5oHeg +daRzMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEe +MBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQxIENBMSYwJAYDVQQDEx1DUkx4IG9m +IGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQUFAAOBgQDnY+V8RkGw ++kpIYbTDHFKNX/7Tkk4ZRLWJXXk21ah6V7OqKJblsAWGSOKJa65p4GKLrf+uNvW5 +BuOTRbdFpJrjslIZ87Z8XSdWXo/guQWTLacYkBPfKeimVeBInc2uoKkzt3L3gunO +zcm1s3DmNsCcQFvuG+GsDDn3xIkTxnTkHQ== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0y.w.u.s0q1.0...U....US1.0...U. +..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9: + 1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57: + 8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88: + 6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9: + 7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25: + 75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91: + 2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39: + 6a:49 +-----BEGIN X509 CRL----- +MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu +dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq +hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw +cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD +VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz +dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf +pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9 +DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2 +kS0PufUqzgxG5N2xPCOSqGfSOWpJ +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem new file mode 100644 index 0000000000..0d018c8e11 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem @@ -0,0 +1,118 @@ +subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0 +aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z +XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna +SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK +u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd +uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i +8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA +p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF +nhKgwK6jkVuYAf9HHtVh +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test6 +issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA +-----BEGIN CERTIFICATE----- +MIICxTCCAi6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv +blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu +SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwbnDywy9lvaPs3ihfyfLPtBoMo+v +C+fBtx91KNEmBz2ACO825iLx9Cyq+vbSLMDPiBbEbBpUtXDAXuaa6omJ1BnyVp+4 +dDmnpIB7IZm6z2mwQ1/xp1Nse1vb1zxkbDnMVVpkSJTqaTqMUnR5s9ht0XI62DgL +ZEFlpTiBkCVCWFsCAwEAAaOBozCBoDAfBgNVHSMEGDAWgBQ6NIsF43ZYWMSHBJh9 +fh2MrF25TjAdBgNVHQ4EFgQUNTlA81m7xBu1FOhMV8hYWiP2hpIwDgYDVR0PAQH/ +BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATA1BgNVHR8ELjAsMCqgKKEm +MCQGA1UEAxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcN +AQEFBQADgYEANn9ezG9vEUyKzHQDQt0yQTrF9KcG5PUqzKQiaIIzKvEBLX9d/nj5 +N0wEpklLq//fxWFFPlhZS7qsDal+jjkPnccIlgIDLNAYYOXEm05+6eeXXKMKwC9I +TdJghmMFwSDvbp2s/dnQvjOrHIexlatSbbCEDS9XnSeMmHVJ0lx7aZ8= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0*.(.&0$..U....CRL1 of distributionPoint2 CA +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f: + e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0: + 1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e: + ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06: + bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3: + fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95: + a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad: + d9:03 +-----BEGIN X509 CRL----- +MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu +dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY +xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE +AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD +gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis +MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6 +OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem new file mode 100644 index 0000000000..2ccff7ecb8 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem @@ -0,0 +1,119 @@ +subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0 +aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z +XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna +SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK +u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd +uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i +8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA +p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF +nhKgwK6jkVuYAf9HHtVh +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test8 +issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA +-----BEGIN CERTIFICATE----- +MIIC7DCCAlWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv +blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu +SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtqwbk/YTst4JgaZksbi+cItOdDg1 +ZDBk0znRRey4EXHLWBRaSV8RAAw9bNbbQEuq8IgHKD2Gny2ObJsV1WXdoGXwz/Kt +zGLxkxN7VMH/euhCh/0aMr7sO4yRZgC72ub09FOxmDtEynuiurF5+jGJ8FoLHkke +TMWpLls04hy4ITUCAwEAAaOByjCBxzAfBgNVHSMEGDAWgBQ6NIsF43ZYWMSHBJh9 +fh2MrF25TjAdBgNVHQ4EFgQUsMTcbBp2ScLfBL5qe3q9w9pjVuUwDgYDVR0PAQH/ +BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATBcBgNVHR8EVTBTMFGgT6BN +pEswSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w +HAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQADgYEA +lvXRt3px1v5T+WzaqJpecpxWzan+l2WrMC4vCYTcyFyQvQKDZl2jGO2PubJTDLym +xwenSbt7quBVMKJ9pbXkNe9gFQInbT/3+NMPsI9Kc3Ajn7cfWW8TslHPaxtG5pcM +XQR5wls8vzdmE9pirEbf4HDsnKBfC5sP1GOAYhIt/Ms= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0*.(.&0$..U....CRL1 of distributionPoint2 CA +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f: + e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0: + 1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e: + ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06: + bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3: + fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95: + a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad: + d9:03 +-----BEGIN X509 CRL----- +MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu +dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY +xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE +AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD +gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis +MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6 +OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem new file mode 100644 index 0000000000..3a3eeefc07 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem @@ -0,0 +1,117 @@ +subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0 +aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z +XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna +SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK +u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd +uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i +8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA +p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF +nhKgwK6jkVuYAf9HHtVh +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test9 +issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA +-----BEGIN CERTIFICATE----- +MIICjDCCAfWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv +blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu +SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0/suVDtpZX4ZdGIHhrhtDHDiiy4k +5awaeTNhUVeZhKlIDNnniPSVG5/0Q2JlWvIywo/Ch0y41j/ihleGbI69zoL1p5z8 +hh+yK51J32JdQ5gpc49P1NnVtoNSZApTJt1VUR4LwJv1/AhIksEEOg6YHN3/yq/C +wVMoMv7wnisqqykCAwEAAaNrMGkwHwYDVR0jBBgwFoAUOjSLBeN2WFjEhwSYfX4d +jKxduU4wHQYDVR0OBBYEFLYB9DyXTb7g1exMOFd6gOIt97g+MA4GA1UdDwEB/wQE +AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA +HdkglZQIYTBxilyAJvuFkSrvNo90F3wuIb0FmfVrjH6Hs147bgRF9nsp3sh/VvC4 +gf7pwYRING0tY/RV+n79U2FxHcE3MN6WNGA+GX77LcWth+s3Sa6Hr5QMaUcapGbq +2B+bkzQUiWX8sXPvX0KWzBmbcY3Aup56MpwytlF7ywQ= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0*.(.&0$..U....CRL1 of distributionPoint2 CA +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f: + e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0: + 1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e: + ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06: + bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3: + fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95: + a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad: + d9:03 +-----BEGIN X509 CRL----- +MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu +dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY +xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE +AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD +gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis +MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6 +OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem new file mode 100644 index 0000000000..c873549a35 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA +-----BEGIN CERTIFICATE----- +MIIChDCCAe2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kwIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYTELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTYwNAYDVQQDEy1J +bnZhbGlkIGluaGliaXRBbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALU75+fsqkoJ1rj9rLPys9PtX999U+V+ +71N40CaTnqxIlY4+U6A/BBm3iqNTQdcyEGo3Buy3OJEELx0+8jI3Sm9ja4iR/4tk +gi9OYh29Ps0LcRyqUihECPaPFOvI2vEFJId74DFoUPgwNfPD0CzYkm1bYwNcMHwb +0QMmUcxk8yTDAgMBAAGjZTBjMB8GA1UdIwQYMBaAFJ1AmGAI5sj9XNHYLwvqAOwa +RQbPMB0GA1UdDgQWBBRgJfQvy84RFEADVPWlCcnfV9YiljAOBgNVHQ8BAf8EBAMC +BPAwEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBBQUAA4GBAI1bh7Hi4BQZ +w7LpH+0QxTA+hUMNiV3kKdM9vhGFAwm+UbQvTYeIDaIpDxX42Sv2j7Vw9Z9nkMc1 +UyaIcxezk4LAN4vG3WIJiO/eAFuCz49QWhE53AbRVprrra8N/Mzv0yB/8ysQ9fUJ +AVMgwRz+4Fd2AoK0CWNHeDRUD+IN+enU +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICmTCCAgKgAwIBAgIBOzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu +eVBvbGljeTAgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALXCzoaXAEbX +pgMPDk3SCu2nzrt+I18MsI4lg/0oLjQAgPsD0np8LOGHMzo3UBtfJtpV0BXCc+E+ ++Ni+ehXFWfA4BXjFc3GdUdJmn7y3F9X7XSIauTE1GSYR2+bMW/IRbmjpMDzldmRs +WNb40N+jWAxw1h+YN61Pv0MD7Ef2ds0NAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJ1AmGAI5sj9XNHYLwvqAOwa +RQbPMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEAMA0GCSqG +SIb3DQEBBQUAA4GBALhhUDb9VolIM2bKpbpat4dNjGrkOmVT/HvGBl+FGwSXa7Mj +cLgZ3WygZ9gil3l7X+wL7lM9zKpXljV5WNpX+58RclQ2kK7Yk4qcY0tpPEUn8R4/ +9yg64Nferl/2gn9W79ODU3BiBFF/GiAJJ4SiwvLWl/JnPDoQuJv67IS24+Oa +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9D:40:98:60:08:E6:C8:FD:5C:D1:D8:2F:0B:EA:00:EC:1A:45:06:CF + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 60:ab:a2:8a:e3:22:04:cb:95:4a:c5:ca:68:46:70:0a:d0:31: + b0:98:cc:ad:4b:23:8c:3e:fc:b4:c7:7a:93:0d:6a:31:68:c4: + ff:30:37:7b:5c:48:01:6d:e1:85:f7:d0:9b:73:53:ca:62:36: + 00:5c:29:c8:af:a6:40:62:d5:f5:af:32:a9:4a:b6:a2:a7:0b: + cb:bb:72:2e:3e:0b:77:64:17:8d:2d:59:2f:fc:cf:2f:1f:a6: + 77:83:9a:7c:68:b0:15:f6:5a:63:67:74:b2:3a:fa:74:b8:d3: + a9:70:e6:87:04:bc:4c:79:ef:c8:b4:31:70:17:ae:f3:ef:ae: + 7a:3b +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kw +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBSdQJhgCObI/VzR2C8L6gDsGkUGzzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQBgq6KK4yIEy5VKxcpoRnAK0DGwmMytSyOMPvy0x3qTDWoxaMT/MDd7XEgB +beGF99Cbc1PKYjYAXCnIr6ZAYtX1rzKpSraipwvLu3IuPgt3ZBeNLVkv/M8vH6Z3 +g5p8aLAV9lpjZ3SyOvp0uNOpcOaHBLxMee/ItDFwF67z7656Ow== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem new file mode 100644 index 0000000000..a81968caaa --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem @@ -0,0 +1,159 @@ +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +-----BEGIN CERTIFICATE----- +MIICgDCCAemgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp +bmhpYml0QW55UG9saWN5MSBzdWJDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBAMvuM5rrG+hunxSZwR8TVsLND7teVaTAzIxbnJv0xpVvawDeQiN1A+CIdJH8 +TUXrgcfdU+E04StBCqDRBr1+DBMt/PuBDS/I2PcKqBuP6sfkSDr/lPYkbRBI8wZ9 +87H/ke7seqh7cSVORfqg4KupdEE3i2gxONHlTT/7XV0C5aOlAgMBAAGjdjB0MB8G +A1UdIwQYMBaAFGbbtZTHBcSzPiuRud/IqNBNKzREMB0GA1UdDgQWBBQpIHiUjoSQ +KUJLfKsOgyq+NVs8FTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAuKZUyh6gvU8Ab5pl +P79yddRQcx4G1navwUD3YSS7q2rnmqY2ucmHX8H1JsOhQUqvLL81fIqAkWPANAmQ +K4NU/ZSkkjtfTcJy5oYsVXjz0MyLKOwrt52j8MLZsUW/TIf5e57kPbORC7RQhEr+ +yMDT6AY3En8iF4h8mqMhwnQnO3U= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1 +-----BEGIN CERTIFICATE----- +MIICiDCCAfGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ +b2xpY3kxIHN1YkNBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGEx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE2MDQGA1UE +AxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRlc3Q0 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCulajzJmaByVbyDkLDGhU38CXN +JW16bKIyjnbsg1tPLvigEcShDVU6jXZt8gRlscw+5nINvdOEYD9l/0QEzonMhVRP +0GFT8aToKcCcPBlmhIA0PJqChMNZBGp4uitZKXKi8F8lGo09eB84V7bGs5YvP1LK +J/G7vkncZXQbCUaX0wIDAQABo2UwYzAfBgNVHSMEGDAWgBQpIHiUjoSQKUJLfKsO +gyq+NVs8FTAdBgNVHQ4EFgQUhUkKnqSDJde1NS49+ClAYeMS9kswDgYDVR0PAQH/ +BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQDK4Dok +Sw1YWZrBgRIF5omNPAn9ZimPP/+5QRuYz42bdOl0F3v0uID3CnVfk+7UHbeylW/2 +n2KlU7OeOk5/B/FtFEm9RFaQIoeMkZadszaleUIvZxkrYkkwd///I0T9LzBBKUGV +gDbif+oCGUYlgqLCQ/aXPDWA0mHKwmHD3FdRoQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu +eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ +SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa +sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT +W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN +KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF +HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V +CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b: + 21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5: + 15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c: + fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a: + 43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c: + 88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de: + 9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6: + 38:b5 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw +zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI +/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:29:20:78:94:8E:84:90:29:42:4B:7C:AB:0E:83:2A:BE:35:5B:3C:15 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 75:3b:42:7f:44:c5:fa:ab:b2:c4:63:ac:10:89:84:e0:50:32: + 4b:96:80:48:15:1d:19:1c:b8:49:6d:42:c3:4c:b4:bd:a0:29: + e0:14:56:1a:1d:df:92:90:19:27:a0:b7:f3:1b:7a:32:32:2d: + cd:ee:29:38:d0:75:8e:8c:51:9d:02:7f:92:a6:af:08:ef:23: + 8e:bc:b2:a6:47:36:d1:9c:e6:dd:4b:05:55:1c:56:47:1a:40: + 67:4b:01:bd:b4:d0:74:12:5a:97:83:20:d5:4e:a7:d2:bb:ad: + 52:a5:ac:13:44:fc:95:1f:d9:70:fa:a2:05:fb:73:e2:9d:15: + 61:ac +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx +IHN1YkNBMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUKSB4lI6EkClCS3yrDoMqvjVbPBUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAdTtCf0TF+quyxGOsEImE4FAyS5aASBUdGRy4SW1Cw0y0vaAp4BRW +Gh3fkpAZJ6C38xt6MjItze4pONB1joxRnQJ/kqavCO8jjryypkc20Zzm3UsFVRxW +RxpAZ0sBvbTQdBJal4Mg1U6n0rutUqWsE0T8lR/ZcPqiBftz4p0VYaw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem new file mode 100644 index 0000000000..20f42c20ac --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem @@ -0,0 +1,210 @@ +subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subsubCA +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGmluaGliaXRBbnlQ +b2xpY3k1IHN1YnN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +YTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTYwNAYD +VQQDEy1JbnZhbGlkIGluaGliaXRBbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVz +dDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALJx+sbJu7vInzoWetJ2rz0L +6GPGRCd/xtyjMfyMSExsWdgxczZPdBMn9ON9XI/ASBPwvhcoq2pB9VqD+g2X9tfV +y7usPePkKYweFOPmIlrWZb9tAEfTgwkoHYiWEWazYt+6y65407713raA+9DmYQgX +m9RHrTFiSVJ3Z9RAtBEHAgMBAAGjZTBjMB8GA1UdIwQYMBaAFHMQBPkM9GScsvEb +je+3VaqkohmvMB0GA1UdDgQWBBQTUueG5HoT3TWlqqICt/b/VK5ROjAOBgNVHQ8B +Af8EBAMCBPAwEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBBQUAA4GBAEp6 +lUPLqrzZI5cW9d33rfE+6PJIi7fI3T6aRuc2eG0GuaiGnwOJvwDXA1uHC2GzbiJZ +U61janUuTgxWCdE7uDZFU7f4M6Ws0V/RP0BDzWca9mLZenhrmNFYwCp+9ve9QMMx +6WjbrV0PBuEStbrdAH4wRquSNws7JKnHrpW2O88C +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subsubCA +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subCA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF2luaGliaXRBbnlQ +b2xpY3k1IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTjEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSMwIQYDVQQD +ExppbmhpYml0QW55UG9saWN5NSBzdWJzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEArf8a4YQqh0caACibKN+ne7IKGYWnwL8N2E4534sCUjlfic+5O3/s +ELf3kOpyOfw7NMoMTXQcsi+9wtB24eilTbHwdStKU/Mt15FCe5go7GepA2TbdomL +3mKUocf87YN4pZc8QBPA/hs5sYPbnCx4X2TK2oCNCwvfUgWWhnCN2mMCAwEAAaN8 +MHowHwYDVR0jBBgwFoAUSndiWCMHosO57sdu3+0AiYhNl28wHQYDVR0OBBYEFHMQ +BPkM9GScsvEbje+3VaqkohmvMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCG +LcmSqA61BeAN21ekDRt5DAa9UGDAU8Bp/txAT+4H81/dzp5710w8QBHUcViEoL7l +Znf4/IR4isqKlRS6ctmN/K2BRJ/19TQiYN8JiaZQAluzpLlgMUV4iC+/JwZHnJZu +2c4mhWPSSBfUqHME3sp4dQxsrZNou/yOwzhTjmsNVw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 CA +-----BEGIN CERTIFICATE----- +MIICljCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3k1IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSzELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSAwHgYDVQQDExdp +bmhpYml0QW55UG9saWN5NSBzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAqzUjeD5TJL7TtPxRXU0nMcnBDmkPWyIAC1pNu3Tv0XwSE59I5Wr/Ytc+wMkJ +dM4d1IFPKtN+MlzNv4dHwxOQrb9Fi3ItNVRIOLRIttgQFMvCWl0FTh9svTC8NIUZ +lKD8zzDoBGD2ZEwHTYX1qLzneeTf3hMN4AyvxDVGekJWsdECAwEAAaOBjDCBiTAf +BgNVHSMEGDAWgBTGAIxxpplipn/SVG/ybgTKMLU6vzAdBgNVHQ4EFgQUSndiWCMH +osO57sdu3+0AiYhNl28wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI +AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GA1UdNgEB/wQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBABOzlfB8CEJvHMdfoVtuMRmwTdF+Ypyvb6ileMKr9P+8j4gRzVgr +jZiHkH/a8ODtOat8ADR9USeVUAMIv2LZnw33x6xKWCZNJCwPysTVz72PLIPQ+2c0 +yeOayIZxdJb9hidU7BT4q6FdbFecUUgSZS5FySOod8WI1jYTyHNEZeLa +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICmTCCAgKgAwIBAgIBPTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu +eVBvbGljeTUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJDz7OZ8u34K +hjI6cDaSvyyjIWPPGVdObfPls5iLOT434gz5hx3uyX17mOJnw+/5rOgcqatRDJ1I +mAI1pl0ZUVaaattiyBifI6LONlUpzVOmtr6yotsGY0DiCmtKBJh4geA9jQl/UCou +of64Smt1vsIL3SqiWkqCg0XFrXpTCCz1AgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMYAjHGmmWKmf9JUb/JuBMow +tTq/MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEFMA0GCSqG +SIb3DQEBBQUAA4GBAGt+M+PIMRTWFAO2C58l6vCjg40P4NFF6B3LWjGcpPnRDYP4 +injOp/wD4IVvnXRpIFOq59qlJzmOJJDxCHGB11jkkxJK0v+pi7gvDrDw2av8wznR +K735aiuC7KCpEy7tQ59Ive9M8PPOuQ+Vd3CgKhv0GuGNb/6M+3cojz0fCNx6 +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy5 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:C6:00:8C:71:A6:99:62:A6:7F:D2:54:6F:F2:6E:04:CA:30:B5:3A:BF + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 4e:c7:09:29:78:ea:ef:43:a3:de:f8:6f:a5:b6:13:f2:ac:8e: + 93:7b:ce:f9:4f:12:e3:48:f5:f5:1e:47:b1:39:20:b4:ce:33: + ea:bc:72:c1:11:a0:ab:75:59:68:03:68:dd:c8:96:02:1d:73: + 7f:fa:39:9d:2a:88:ce:53:d0:3d:73:27:d3:61:6f:d3:75:01: + f2:2f:f8:02:cb:d4:00:63:71:eb:0c:84:19:10:d9:ac:48:6d: + 77:8f:3a:23:36:9a:63:98:4d:9a:16:bd:bd:08:1d:77:4b:59: + 98:21:d2:89:fd:1a:f5:f0:70:86:40:08:c5:be:59:5f:de:a8: + fb:f2 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3k1 +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBTGAIxxpplipn/SVG/ybgTKMLU6vzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQBOxwkpeOrvQ6Pe+G+lthPyrI6Te875TxLjSPX1HkexOSC0zjPqvHLBEaCr +dVloA2jdyJYCHXN/+jmdKojOU9A9cyfTYW/TdQHyL/gCy9QAY3HrDIQZENmsSG13 +jzojNppjmE2aFr29CB13S1mYIdKJ/Rr18HCGQAjFvllf3qj78g== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4A:77:62:58:23:07:A2:C3:B9:EE:C7:6E:DF:ED:00:89:88:4D:97:6F + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 86:aa:0d:7c:0b:72:97:47:34:6d:6c:97:58:2d:d9:6a:0d:c5: + 8c:df:04:31:39:f7:22:cf:a8:20:3f:06:71:91:7b:72:cc:08: + ae:bd:b5:c6:21:ec:95:a9:7c:95:8a:4d:b0:f5:ab:ff:0f:bf: + 5c:24:8f:01:fd:f6:1b:d2:08:61:ef:d0:8a:6e:84:29:cf:6c: + 32:bd:79:b6:bb:e1:cb:71:c9:ef:eb:17:14:fd:ca:87:4d:c9: + 54:5b:47:ee:f9:39:c4:9c:c2:fd:64:0e:2b:66:8d:0a:a8:6c: + 83:9b:07:e4:fa:5d:8a:34:91:99:e9:9a:0d:34:60:7c:0c:20: + ba:44 +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF2luaGliaXRBbnlQb2xpY3k1 +IHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBRKd2JYIweiw7nux27f7QCJiE2XbzAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQCGqg18C3KXRzRtbJdYLdlqDcWM3wQxOfciz6ggPwZxkXtyzAiuvbXG +IeyVqXyVik2w9av/D79cJI8B/fYb0ghh79CKboQpz2wyvXm2u+HLccnv6xcU/cqH +TclUW0fu+TnEnML9ZA4rZo0KqGyDmwfk+l2KNJGZ6ZoNNGB8DCC6RA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:73:10:04:F9:0C:F4:64:9C:B2:F1:1B:8D:EF:B7:55:AA:A4:A2:19:AF + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 1d:c7:8a:0a:91:d4:7e:b5:29:3b:00:db:72:e0:8f:61:ef:9a: + d1:b2:cc:11:bb:06:bb:aa:dd:6b:aa:76:8a:44:f5:57:b4:d2: + ae:b5:28:29:7b:eb:06:a6:1c:c9:de:0c:61:d5:f4:6d:df:76: + ee:9f:d4:00:6b:29:2d:15:18:e6:cb:02:52:4b:48:38:4c:b1: + ed:4e:50:1d:60:68:92:85:86:b5:fb:98:d5:b5:1a:52:ba:a1: + 7e:d8:22:fe:b4:f1:04:b6:8b:6d:cc:5f:1f:dd:25:a2:a6:42: + f0:13:60:de:bf:2e:fb:d6:38:dd:ed:ec:ea:7c:dd:5d:f0:a7: + 4a:c3 +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGmluaGliaXRBbnlQb2xpY3k1 +IHN1YnN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBRzEAT5DPRknLLxG43vt1WqpKIZrzAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQAdx4oKkdR+tSk7ANty4I9h75rRsswRuwa7qt1rqnaKRPVXtNKu +tSgpe+sGphzJ3gxh1fRt33bun9QAayktFRjmywJSS0g4TLHtTlAdYGiShYa1+5jV +tRpSuqF+2CL+tPEEtottzF8f3SWipkLwE2Devy771jjd7ezqfN1d8KdKww== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem new file mode 100644 index 0000000000..ed99033596 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem @@ -0,0 +1,159 @@ +subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCAIAP5 +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQ +b2xpY3kxIHN1YkNBSUFQNTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MGExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE2MDQG +A1UEAxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRl +c3Q2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmovuW9G83CLO5Kfr9ogDW +3M2PMCzM46Btwj9BIzBg6T+Z0toxnoHQHTRXf2tp8Nj5bLXb66AotgJeHWXGrGxI +Kjx0w4OKRuhiBVjMsT7gJmbmJ9neH+D6gfc83LPzHtMNrH0OPlfAEiCXGfTeHBug +bMfQlc3WJ747aWkIv54emwIDAQABo2UwYzAfBgNVHSMEGDAWgBQFKWMS3ubCghc9 +e190DHOosBJvaDAdBgNVHQ4EFgQUswzkrq5gD2HHDjnsZYw9qjeh7WEwDgYDVR0P +AQH/BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQBl +Ndj1mSjoh6od200M/46rSMjCcoQ92FMFygp/7mEK3MomCWTKikCKTp1xDYS20vE6 +R2hCQlhkV2nRYNoSLvYM88uba0diTZDbX+txbiJ1DX82U9f0/zpXhCVLxc962ftK +ZneaZF9AzYxqTvGS1yOwGFV7jimzg4ZdSKWcUX44+g== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu +eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ +SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa +sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT +W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN +KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF +HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V +CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCAIAP5 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +-----BEGIN CERTIFICATE----- +MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTzELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSQwIgYDVQQDExtp +bmhpYml0QW55UG9saWN5MSBzdWJDQUlBUDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBANW9X4Le7QZci9gVhxS6PY2u0Fxe2EtutUH8zZO66QHNyygwW510D4dQ +tOvvKfuiS+Ciu2PV2zjc2AcL5U1x9j6hGKIl7NbVFo+mZbBV6GzWLP+oaTy8oz69 +BNSDXwFW6FPTOQbaiyRa8f4nXVFl3QQYM8jTdGGS9lalXnxusSE3AgMBAAGjgYww +gYkwHwYDVR0jBBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFAUp +YxLe5sKCFz17X3QMc6iwEm9oMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgNVHTYBAf8EAwIBBTANBgkq +hkiG9w0BAQUFAAOBgQCzfOac7wbFryN6VSS2bfYlcBtdLypBJugZaDururS3VvRk +Y9SVSAQSh/m+ydbzhZ8LyNw7e7Uj4mjGuyFzznlAHsWxyO0JTPbhUwutJ3QrQhJW +kIbsGR97otFLnmhZwotzU9dr0LhhJEqeyrM64zPoOT2SyhbooCh7Oh27eUSSjg== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b: + 21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5: + 15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c: + fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a: + 43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c: + 88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de: + 9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6: + 38:b5 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw +zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI +/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCAIAP5 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:05:29:63:12:DE:E6:C2:82:17:3D:7B:5F:74:0C:73:A8:B0:12:6F:68 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + cf:a9:d2:6e:1b:81:59:22:25:1b:6b:2a:df:26:ac:ee:64:cf: + 2d:65:1b:ad:15:43:22:fd:7b:ec:84:c0:8d:4e:b1:17:dc:9d: + ae:d3:45:ba:91:2d:b6:7c:be:a5:80:5c:d6:e2:89:80:fe:54: + 8e:15:90:f8:dd:e4:0d:c6:16:c2:24:6e:61:94:44:6a:fe:4d: + 44:ac:be:fb:46:4c:c7:3b:24:36:10:c1:d5:9c:89:3e:a6:f8: + f3:7e:0c:79:08:65:68:a0:c5:18:30:4c:d3:e4:c1:c8:7e:2d: + 9a:65:b6:e0:84:2c:b2:58:e2:fc:96:8f:95:13:cb:e1:e5:fa: + e8:9b +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQb2xpY3kx +IHN1YkNBSUFQNRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAUBSljEt7mwoIXPXtfdAxzqLASb2gwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAz6nSbhuBWSIlG2sq3yas7mTPLWUbrRVDIv177ITAjU6xF9yd +rtNFupEttny+pYBc1uKJgP5UjhWQ+N3kDcYWwiRuYZREav5NRKy++0ZMxzskNhDB +1ZyJPqb4834MeQhlaKDFGDBM0+TByH4tmmW24IQsslji/JaPlRPL4eX66Js= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem new file mode 100644 index 0000000000..785448794a --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem @@ -0,0 +1,161 @@ +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIClDCCAf2gAwIBAgIBNzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYaW5oaWJpdFBv +bGljeU1hcHBpbmcwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQIzx8 +7J8x9DkeOhXlBG/eAUo6B99wk9uPjSwrZ7f+CXzaECXTCOk88n35mahe/lgpBbr8 +ujs9D6bCgS+AVciyqJAtZFW45FX6xjb6fcLzebF4HTOpBYVxkqlJ9nLLCkaBHMIq +1U5jR8jDZhgTnMBvNm0yBdNFo6Lh6A5d+Gr5jwIDAQABo4GRMIGOMB8GA1UdIwQY +MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBRs6ccKAUJAQfXzcI7u +4dFSXtc3WjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB +MA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBADANBgkqhkiG9w0B +AQUFAAOBgQDR8om42wMsHX434zvF/Yl3Lm4GBdFmFWIiRNpqH5iS8X1lGbi1pEAg +m37Pvvobd5tcsZd2tsz0/DOTvntZhUdX5rmvN4x0i3JUXb9bOPMDs2iJs5oFF6Iq +TSk9wJXUwsPy3ltGGWpU817s4uj8HU3tffkyOyc7j1u3l8x2LJWPvA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 subCA +-----BEGIN CERTIFICATE----- +MIICozCCAgygAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp +Y3lNYXBwaW5nMCBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MGUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE6MDgG +A1UEAxMxSW52YWxpZCBpbmhpYml0UG9saWN5TWFwcGluZyBFRSBDZXJ0aWZpY2F0 +ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsNiBmaKBCN2+twi8 +zZHkggWucFtI5ZszQOXjX8ivFQMOkIaUz2HqFIeurNmSEN2Ta8WHJJ/thRgpUF4l +p8ovjgthh7/tScnTlJMN60ros1uQl6+qm/dzqn8kQ42EGLA9n6Ut5LuJ8AGCil+L +9TFs7vbPktHo0h2YcwCvEjyyZRECAwEAAaN5MHcwHwYDVR0jBBgwFoAUMLGv3K7V +MPIMOabjLBUhOK+ii9AwHQYDVR0OBBYEFDO/lIeGch/Q9DaWzigYcWwKxuVBMA4G +A1UdDwEB/wQEAwIE8DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUD +AgEwAjANBgkqhkiG9w0BAQUFAAOBgQCKhd9JcXnw+W9w7fb+IhKEeepUh2J7y4w6 +11+U8Skm7KgNeSHdCzQjFMqGyeoJK+XV1j21mGK1YqXrbLjo+fHbHF68tf2rzWTC +Y2igOFwDQFpFFbqrKbYogBOuqR8TCR3LFH9mypYIqbcfiohQF5XSwMnyNEzDc8WH +hEapxbpusQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 CA +-----BEGIN CERTIFICATE----- +MIICtzCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xp +Y3lNYXBwaW5nMCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8x +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UE +AxMbaW5oaWJpdFBvbGljeU1hcHBpbmcwIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDWkQsHOT5qYxFfYJsGV/LbLwMtr5DBFdB/k19gzvAjYpjlKgVD +MgfJDc/d3WyMB8t5oICqdJDVFEq4JBU+T/J27G89SJusZSRJdmQXogfiXWHSOXtA +f3Z4IcRxAwjoNJaF6n9LR2q5YTDIoiEK3+h1jhOiNoFwYmvTajzcJ15SKQIDAQAB +o4GlMIGiMB8GA1UdIwQYMBaAFGzpxwoBQkBB9fNwju7h0VJe1zdaMB0GA1UdDgQW +BBQwsa/crtUw8gw5puMsFSE4r6KL0DAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZI +AWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKnjTqcv +cg3JfloLHCOwWWPdk64BNIs0gLMI584sPNdiQR5bCz4KCoKMzvzIEZDL+kVo6RnR +l39fdQ1rIbv5lE6nUVlTJNcj5Mq66NMsdVFsz5plRGUN4YpEDhz30hiwjkoo/B6N +Bs76rDEC1VReVfNcwcglyKXIIEjHTMMsG0GH +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping0 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6C:E9:C7:0A:01:42:40:41:F5:F3:70:8E:EE:E1:D1:52:5E:D7:37:5A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + cc:98:13:01:ea:eb:7a:16:12:f0:2e:66:3a:2e:6b:fd:c4:2a: + 17:89:46:64:18:5a:ca:d2:00:55:3e:bd:00:bc:ce:f4:76:7e: + 68:bf:f2:73:cb:d2:04:b4:e4:b4:21:6b:e0:4e:ea:c5:61:20: + 3d:b8:db:61:e2:d5:27:19:48:65:cb:47:d1:66:3b:29:a9:c7: + 66:f6:11:09:2c:48:9a:c3:37:a9:b0:74:16:91:b3:d4:ea:90: + 2c:af:a8:4a:6a:1f:4e:fb:40:b0:e8:5e:13:58:f6:cb:82:53: + 47:43:79:ef:05:89:6b:5e:e9:99:1c:1e:83:07:10:5d:40:ed: + f2:06 +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xpY3lNYXBw +aW5nMCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUbOnHCgFCQEH183CO7uHRUl7XN1owCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAzJgTAerrehYS8C5mOi5r/cQqF4lGZBhaytIAVT69ALzO9HZ+aL/y +c8vSBLTktCFr4E7qxWEgPbjbYeLVJxlIZctH0WY7KanHZvYRCSxImsM3qbB0FpGz +1OqQLK+oSmofTvtAsOheE1j2y4JTR0N57wWJa17pmRwegwcQXUDt8gY= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping0 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:30:B1:AF:DC:AE:D5:30:F2:0C:39:A6:E3:2C:15:21:38:AF:A2:8B:D0 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + ce:d5:06:91:52:5b:f0:21:b9:9e:d1:3b:5c:d3:17:a9:f1:b7: + 70:51:ab:64:ac:d3:3d:4b:e6:bd:eb:68:fb:0b:45:7e:04:45: + 4b:26:b5:fd:ca:66:7f:39:9b:42:2d:bc:1a:56:92:65:39:2a: + 28:6b:d3:6a:7e:6a:8f:eb:c6:2c:3f:29:1e:73:75:9e:dd:01: + 19:29:e5:d4:5c:fd:d8:ce:15:81:35:f7:8c:45:19:1a:64:35: + 79:e2:00:cb:3c:38:56:63:11:38:05:07:c6:1c:c4:27:61:fb: + 0e:a8:b1:1a:3c:6f:8c:e9:0f:3c:8e:ab:d7:3a:45:bb:15:4b: + 41:60 +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw +aW5nMCBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAUMLGv3K7VMPIMOabjLBUhOK+ii9AwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAztUGkVJb8CG5ntE7XNMXqfG3cFGrZKzTPUvmveto+wtFfgRF +Sya1/cpmfzmbQi28GlaSZTkqKGvTan5qj+vGLD8pHnN1nt0BGSnl1Fz92M4VgTX3 +jEUZGmQ1eeIAyzw4VmMROAUHxhzEJ2H7DqixGjxvjOkPPI6r1zpFuxVLQWA= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem new file mode 100644 index 0000000000..b1fe680fbd --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem @@ -0,0 +1,216 @@ +subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA +-----BEGIN CERTIFICATE----- +MIICnDCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5 +MTQ1NzIwWjBlMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0 +ZXMxOjA4BgNVBAMTMUludmFsaWQgaW5oaWJpdFBvbGljeU1hcHBpbmcgRUUgQ2Vy +dGlmaWNhdGUgVGVzdDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKb7DrW9 +Hb+KTJCO7IrKHRUs3FihVXeQr2+m4mUyxOo1SFMZQq+7bojuyImkv08GBbeMXPqV +RHdNWwVUgMMfynWekNRrlwGFNAfSKd+vxmPUTTqzH6fxQqCRx1CGp4dVV1o9BTES +DuwmZurFPYEu2/tf6gnxaHBNUUsYqRdztXIZAgMBAAGjazBpMB8GA1UdIwQYMBaA +FFqTS++Wnq4+QxYmpBgeeYui5pshMB0GA1UdDgQWBBS7Wt9YatmqgSrox0Q7yWRL +lJU+9zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAFMA0G +CSqGSIb3DQEBBQUAA4GBADOVfkwUiMO6wkkOxQ/lMXr+bjJlFLz4nFQx7/YBmUBH +cn7z1B8KAhf9SlqwOmMSz0OD/1ALmdjyX0oymWVB9RWyQyvvmin7tTZKBW0KdcQZ +GKmRog0HaZ8rHx37ewB3ANJfyarjBABp9einu4Aj8ak+aePYU1mth1YNGS1YVwfb +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv +bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6 +zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0 +MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV +HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ +FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD +AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw +BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka +eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN +uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK +wGB7PyQXRRDWjA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA +-----BEGIN CERTIFICATE----- +MIIC0zCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1 +NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx +KzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJiRgbTlXD7Tr33rE8bkM1fLhA/0RcC0 +n6UIcVb6xSELqRqVIpXK2C038i/3Ta6+eoiCdjT6kvQwsM9uMBJnB7uePzDzpkSE +G3Php6MSbnAO+6LPrGFBJ0LNo6yXvsV3HQ1Uwh8iND8Yt37obPJ05PzfU6hSnMgV +47YDMrmE5h+5AgMBAAGjgbMwgbAwHwYDVR0jBBgwFoAUF3qKMAb26lw2QA2u2J+/ +ub2CzFIwHQYDVR0OBBYEFFqTS++Wnq4+QxYmpBgeeYui5pshMA4GA1UdDwEB/wQE +AwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNV +HSEBAf8EHDAaMBgGCmCGSAFlAwIBMAMGCmCGSAFlAwIBMAUwDwYDVR0TAQH/BAUw +AwEB/zANBgkqhkiG9w0BAQUFAAOBgQCh/ZM7m2L0OxzF6RXxeVUhY5xlTjRO0HGd +0xOnDkOesSYfCI4gUflMo6/T9Ot67Vnb9mgzwWSEXB6g2R22/3DVR1ord/UgZFKe +w4llbMnwRS5e3zjqLGsLeWk2ZdyjoD2vmKiFBiX+rlHvaLk+5xYcGEfOupTVqWMO +OHuz9iinWQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA +-----BEGIN CERTIFICATE----- +MIIC5zCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm +BgNVBAMTH2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0EwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAMX6LszkJcSryGVxfI4egJDv3zFztB0M+jGHKEc8 +uPkbpVlPSjM2LWqUOks/C1q34lfaC6J5O+V3/DmN7GjLpJmdjBDn7k/aqGeE7XHR +Wns707M/rcEWxPP/ErMQNIsqSkvy92GtwuaG7wsY4a+KyB0YCdqikJr6oK2Cvhwf +LmC1AgMBAAGjgc0wgcowHwYDVR0jBBgwFoAUj3Ywg1+jhUuQFB4GBHs3AQUgJmYw +HQYDVR0OBBYEFBd6ijAG9upcNkANrtifv7m9gsxSMA4GA1UdDwEB/wQEAwIBBjAl +BgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBABgNVHSEBAf8E +NjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAgYKYIZI +AWUDAgEwBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3ZflJR +6b/Pwip7bO1ZIkiym+8uTzlT5nx3CF4P5Yyhje4VKVqoAOdljbZoaL5x1Zdd733W +MxbQk/QP+wziLjZJlnqX+lSxg4wUiSU6mGtDJ1rPwMsbiiVBld7iP5JhFAWoTg0b +XJ0ZSTHABPtNeMg2desSHwfh2I5WtX3hpXwE +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58: + 7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c: + b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52: + 21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75: + ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02: + 18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43: + 08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e: + c1:7e +-----BEGIN X509 CRL----- +MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G +A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB +PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy +pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+ +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:17:7A:8A:30:06:F6:EA:5C:36:40:0D:AE:D8:9F:BF:B9:BD:82:CC:52 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 01:73:17:d4:24:e8:3a:79:6d:9c:a4:96:74:fd:60:fa:65:82: + c6:0a:26:9c:64:d6:f8:c5:01:8e:ce:70:b2:a4:1a:a0:1c:41: + df:1e:a2:36:1b:4f:2d:56:6f:ef:e2:fb:e7:84:d3:aa:0c:08: + 04:44:67:57:88:8b:34:b1:74:8c:57:96:9b:e2:b7:dc:2e:d4: + a3:05:41:bb:24:fa:be:2c:a4:cf:be:0a:aa:8d:64:ff:6f:ee: + e1:24:c8:06:8e:15:fb:fd:19:fe:92:d6:55:84:ae:71:58:2c: + 6a:65:53:34:39:20:43:1a:5b:20:41:81:00:6c:5c:10:25:b0: + 3f:f3 +-----BEGIN X509 CRL----- +MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xpY3lNYXBw +aW5nMSBQMTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt +MB8GA1UdIwQYMBaAFBd6ijAG9upcNkANrtifv7m9gsxSMAoGA1UdFAQDAgEBMA0G +CSqGSIb3DQEBBQUAA4GBAAFzF9Qk6Dp5bZyklnT9YPplgsYKJpxk1vjFAY7OcLKk +GqAcQd8eojYbTy1Wb+/i++eE06oMCAREZ1eIizSxdIxXlpvit9wu1KMFQbsk+r4s +pM++CqqNZP9v7uEkyAaOFfv9Gf6S1lWErnFYLGplUzQ5IEMaWyBBgQBsXBAlsD/z +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:5A:93:4B:EF:96:9E:AE:3E:43:16:26:A4:18:1E:79:8B:A2:E6:9B:21 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 64:90:80:33:7a:e3:e8:e4:66:09:4e:4d:1d:ae:cb:f4:f5:b2: + ea:4d:48:24:be:04:8f:39:9e:c1:da:6c:14:fa:0a:a5:be:47: + 84:19:27:c0:3e:15:ab:18:78:71:0e:93:e7:6e:c8:05:ea:f2: + bd:c3:7b:fc:52:04:be:fc:b2:22:80:81:35:b3:ab:57:7b:23: + ca:39:66:ed:47:19:cd:1f:2c:ab:14:4a:28:5d:23:ab:24:7b: + e3:51:bb:78:79:05:20:25:ff:13:4f:c5:d1:2c:e1:67:b3:e4: + 29:35:2b:1c:5e:aa:01:17:aa:49:bb:04:66:52:a3:1a:7c:0b: + f5:57 +-----BEGIN X509 CRL----- +MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMTIgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg +LzAtMB8GA1UdIwQYMBaAFFqTS++Wnq4+QxYmpBgeeYui5pshMAoGA1UdFAQDAgEB +MA0GCSqGSIb3DQEBBQUAA4GBAGSQgDN64+jkZglOTR2uy/T1supNSCS+BI85nsHa +bBT6CqW+R4QZJ8A+FasYeHEOk+duyAXq8r3De/xSBL78siKAgTWzq1d7I8o5Zu1H +Gc0fLKsUSihdI6ske+NRu3h5BSAl/xNPxdEs4Wez5Ck1KxxeqgEXqkm7BGZSoxp8 +C/VX +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem new file mode 100644 index 0000000000..a14824bcb7 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem @@ -0,0 +1,264 @@ +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subCA +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp +Y3lNYXBwaW5nNSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG +A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmc1IHN1YnN1YkNBMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQCzgPv0jUMseTafKoAOspqZCAtVctNqO5SipAee2vLt +7PijWRyqmveQUmDdJ5SFkFnevzRHhOINFIhKjygmtJQe0px86XknNJhW6OPICI2M +jxgzst9Cs5w3cYjsOxsD5+FXzritqz6jSQ8Fa52IhmBYcbRncSOcu2IOGGMOUfLf +7wIDAQABo3wwejAfBgNVHSMEGDAWgBTvkHRdvSchXG13RCZt3L/7vmNrCzAdBgNV +HQ4EFgQUBN9qa50ER9oRS3e69lS0UhaUJsowDgYDVR0PAQH/BAQDAgEGMBcGA1Ud +IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +BQUAA4GBALo5V4PwqAf314Emx79p7ce/cKrLjdi63pS2BsN4dFQ7TbY4Uru6/0Gc +lZvOzyBVyvb4KxYTgvmOUkaNIpEe6xyRjHN5oAOEuOOgnXjL6kQz1st793h3WaTA +hTg1AyHkktBRVhr0g1rCHCsGdrq6HSU9jZqvOOPaWomS+woTciNh +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIClDCCAf2gAwIBAgIBOTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYaW5oaWJpdFBv +bGljeU1hcHBpbmc1IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmgb4z +lKzduO0U0YgdsR69hYe1HUrPtFTUc7C3KMaX2LsYdutgdW5fQ5atnORTBTTRY11C +G4hIuo7WabxJOcSK9lrleEw58bZjDsNc5/o8xo3cF1zkmc6/DH4P5CGxk0nOzeLY +XJ9vyj/nZc5i0k6H7NU+cde/s5tknCDntmnf3QIDAQABo4GRMIGOMB8GA1UdIwQY +MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBRAFr9wLgI4+Lavp1rZ +sgNDWZj1TDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB +MA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBBTANBgkqhkiG9w0B +AQUFAAOBgQAfLQvmb/5mx+Mi05zSJQyITwTfrw+AMrYezSpljeUZcymBLkK64BCs +eVXrxImcI3hi3oWPcJL2dt5mmQB/o96qOYkEBbxDD0WQ0rwKgXOODhD+Di5aZPqB +g9ZeBDxQgveLqLpEh0JL0MwJDLXH8Lca6XVdmPmFuaob3aIOP/zdcQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubsubCA +-----BEGIN CERTIFICATE----- +MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xp +Y3lNYXBwaW5nNSBzdWJzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx +NDU3MjBaMGUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl +czE6MDgGA1UEAxMxSW52YWxpZCBpbmhpYml0UG9saWN5TWFwcGluZyBFRSBDZXJ0 +aWZpY2F0ZSBUZXN0NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqU2HY4J5 +i4TyagwhHyTz6DgQT7GKk0xSor3iKrPjBUTpEVWM041qODnfp8RL42lhZ24okQbQ +8DoNH5dL/jtH5RsbZnfJnhHL8GDttKjLwHpRVRLbv4IlV4eQoPzTSRR7D0ishs06 +PdRXDoy0+UhNcABrm3ko1gZjAcPRL/ammFMCAwEAAaNrMGkwHwYDVR0jBBgwFoAU +JLZxrVfA94Sar1a34h5IbPP9rjEwHQYDVR0OBBYEFEqYOSxfq1nokOSM2rwp2uDB +0O6pMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJ +KoZIhvcNAQEFBQADgYEASMkNNbv9N1yfYt5C2j3Lmy5rhbrTjrEDjNCJsQ1Pun3c +qrJCtX52pGRNef3Sabh2W4jOExljobE/P45PdPw5uJtQd7YgGN58cr6wOz08SA2c +j4vAlaNjcbNW5d3sUX6LgXFOHsamawjTncegVpR7mCY8lqVjxmW9ha9NF7h6ACY= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 CA +-----BEGIN CERTIFICATE----- +MIICoDCCAgmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xp +Y3lNYXBwaW5nNSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8x +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UE +AxMbaW5oaWJpdFBvbGljeU1hcHBpbmc1IHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDcDskVa22gKY6hi1NN0qxc3EGcrc7Ef9QD5LomWJ0NbPF2omux +VOp4diM850F8rFaVpqHpOI6ElWc1K4PYVN+gp/sZ5V6unFR0ixzEvpsPTZa38btH +kcqGMFfxw/f5HtdvgB1dt09da6xG2UFKxnubgQuxUPEx9FcEYSCrbLq3gQIDAQAB +o4GOMIGLMB8GA1UdIwQYMBaAFEAWv3AuAjj4tq+nWtmyA0NZmPVMMB0GA1UdDgQW +BBTvkHRdvSchXG13RCZt3L/7vmNrCzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUwA4EB +ATANBgkqhkiG9w0BAQUFAAOBgQBNZ4dVlouj30O2fD0c418lyzVO85YIAuof3wDW +LW4XjH/r40L/BUPDyFJceZXA7Yaym+UuYLZh9RQBEtkplLkcqgezH5GT5EkefBjQ +CrQFgsqRttLQAuw03v+2I9a8vHY3u0L2puzJQ1l1GkV4gqSAgEv2YVdva0gkq7sQ +52udtw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubsubCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubCA +-----BEGIN CERTIFICATE----- +MIICwzCCAiygAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp +Y3lNYXBwaW5nNSBzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaMFUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEq +MCgGA1UEAxMhaW5oaWJpdFBvbGljeU1hcHBpbmc1IHN1YnN1YnN1YkNBMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT9hQ7qYK6NHbsH0I4rzox6PZHPasVXKNr +Er1k+U5DVQ4tuCaZk6QEdBpLSMc4V62MtVl6mu/Zox73h6yvllHZDBuH63fEVFLc +WWCQ0TejhcMx4wp6A0TVqocawS4C1gMhOeXrYZ18ZWakU8DPVwOb23y4/zseqUt6 +1tXPvs2uwQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFATfamudBEfaEUt3uvZUtFIW +lCbKMB0GA1UdDgQWBBQktnGtV8D3hJqvVrfiHkhs8/2uMTAOBgNVHQ8BAf8EBAMC +AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZI +AWUDAgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +BQUAA4GBAHwn3D10SDne03e21/XMdNEGPmNE+jCS3S12gtAPbeHa3KxqsmmuBcEv +ahsKPoF8CtAAPiLUK4M9GqwK5Vf0bsBlduOnF6vSnZQGKp9OQKOhbTfIoLSWRGIF +TtQX94lVnOBpO+qXCl+FBKm/eUGyAa6/K1s6vwVtNwW2uT1YPKe/ +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:40:16:BF:70:2E:02:38:F8:B6:AF:A7:5A:D9:B2:03:43:59:98:F5:4C + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 6f:3b:6c:aa:51:1a:cf:0c:81:3f:8c:c1:f0:60:03:0a:7f:36: + 01:0d:82:fe:71:4a:14:99:5d:f7:cd:33:30:2c:e5:11:0c:8b: + 6e:7e:79:6f:56:9a:eb:cc:20:49:44:c0:1d:33:2a:3c:52:98: + 3a:dc:32:37:d1:54:16:96:4c:b8:e5:32:39:ae:93:d5:8b:1d: + 36:06:b8:bc:05:d5:d9:71:bf:79:4f:b9:45:6d:86:50:38:b1: + af:af:68:eb:32:c5:77:86:53:6f:d8:dc:f1:a8:bc:e2:fd:e0: + 4b:81:5b:1f:33:7f:9d:2e:45:c9:66:1d:5d:8c:da:ad:79:aa: + 8b:7f +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xpY3lNYXBw +aW5nNSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUQBa/cC4COPi2r6da2bIDQ1mY9UwwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAbztsqlEazwyBP4zB8GADCn82AQ2C/nFKFJld980zMCzlEQyLbn55 +b1aa68wgSUTAHTMqPFKYOtwyN9FUFpZMuOUyOa6T1YsdNga4vAXV2XG/eU+5RW2G +UDixr69o6zLFd4ZTb9jc8ai84v3gS4FbHzN/nS5FyWYdXYzarXmqi38= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:EF:90:74:5D:BD:27:21:5C:6D:77:44:26:6D:DC:BF:FB:BE:63:6B:0B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 33:e0:23:55:35:fa:8c:e8:35:21:f8:35:28:a6:2f:57:5b:6b: + df:3e:12:97:76:05:15:72:73:5c:da:7b:17:86:63:13:80:19: + 33:5e:c8:f6:3b:13:a1:33:e0:06:ed:1a:8e:1f:ef:8a:02:cc: + 9e:33:22:c2:b5:94:05:32:98:0e:65:71:02:c4:ae:e8:36:9d: + 81:d3:9e:24:51:01:77:ea:d1:a9:a1:e6:04:c5:62:bb:82:2a: + 7f:aa:3a:59:a6:72:48:95:07:91:ba:34:20:26:a9:d4:ef:6b: + 11:09:57:8e:64:19:29:70:77:34:92:e3:eb:82:9a:c1:ee:a9: + 83:32 +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw +aW5nNSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAU75B0Xb0nIVxtd0Qmbdy/+75jawswCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAM+AjVTX6jOg1Ifg1KKYvV1tr3z4Sl3YFFXJzXNp7F4ZjE4AZ +M17I9jsToTPgBu0ajh/vigLMnjMiwrWUBTKYDmVxAsSu6DadgdOeJFEBd+rRqaHm +BMViu4Iqf6o6WaZySJUHkbo0ICap1O9rEQlXjmQZKXB3NJLj64Kawe6pgzI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:04:DF:6A:6B:9D:04:47:DA:11:4B:77:BA:F6:54:B4:52:16:94:26:CA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 1c:39:2f:17:f0:d4:ca:3a:70:97:52:46:b0:ed:08:8e:3a:3a: + 92:e3:5e:f5:33:4c:73:0a:a8:14:49:ae:ca:d8:90:6f:e1:ec: + 23:36:9f:95:e8:a9:d2:b1:6c:2d:99:94:21:f2:6b:7f:98:c8: + f4:e7:f0:a8:26:e4:58:e6:a1:f4:68:dc:10:33:a1:c6:c5:0f: + a7:a6:7d:1b:4e:cf:6e:b7:72:71:a2:6a:d2:e5:e5:e1:b8:d7: + 88:3a:a8:d2:e7:bd:a4:ce:ff:1f:ca:f5:7e:7d:fd:2c:4c:03: + 2f:96:87:d8:4b:ba:35:a3:63:e2:87:cd:95:2e:c9:34:97:9c: + fe:30 +-----BEGIN X509 CRL----- +MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw +aW5nNSBzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w +HwYDVR0jBBgwFoAUBN9qa50ER9oRS3e69lS0UhaUJsowCgYDVR0UBAMCAQEwDQYJ +KoZIhvcNAQEFBQADgYEAHDkvF/DUyjpwl1JGsO0Ijjo6kuNe9TNMcwqoFEmuytiQ +b+HsIzafleip0rFsLZmUIfJrf5jI9OfwqCbkWOah9GjcEDOhxsUPp6Z9G07Pbrdy +caJq0uXl4bjXiDqo0ue9pM7/H8r1fn39LEwDL5aH2Eu6NaNj4ofNlS7JNJec/jA= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:24:B6:71:AD:57:C0:F7:84:9A:AF:56:B7:E2:1E:48:6C:F3:FD:AE:31 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 35:d5:ce:cc:ec:10:2e:1a:1a:f7:ff:19:1f:16:bd:7e:46:c2: + ea:f8:79:b1:36:48:74:28:e9:6a:68:59:f0:a0:32:c5:9f:64: + f4:02:5a:bc:5c:2a:bb:62:10:2f:73:66:a7:cf:de:b7:77:26: + 1b:c8:7a:95:6a:2f:1d:e6:3e:db:1b:15:02:3b:fe:bf:e1:5f: + 3f:08:29:6b:a7:84:0a:08:46:6f:66:f3:71:84:41:97:8f:96: + 02:39:ab:ea:c3:c9:21:99:1f:6f:93:5d:19:4b:df:95:59:60: + 0a:71:2b:a9:e6:a1:bc:e0:e4:fc:5e:b4:a6:2c:99:a0:2a:76: + cd:d4 +-----BEGIN X509 CRL----- +MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBw +aW5nNSBzdWJzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv +MC0wHwYDVR0jBBgwFoAUJLZxrVfA94Sar1a34h5IbPP9rjEwCgYDVR0UBAMCAQEw +DQYJKoZIhvcNAQEFBQADgYEANdXOzOwQLhoa9/8ZHxa9fkbC6vh5sTZIdCjpamhZ +8KAyxZ9k9AJavFwqu2IQL3Nmp8/et3cmG8h6lWovHeY+2xsVAjv+v+FfPwgpa6eE +CghGb2bzcYRBl4+WAjmr6sPJIZkfb5NdGUvflVlgCnErqeahvODk/F60piyZoCp2 +zdQ= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem new file mode 100644 index 0000000000..1e617839c9 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem @@ -0,0 +1,217 @@ +subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCAIPM5 +-----BEGIN CERTIFICATE----- +MIICoDCCAgmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0FJUE01MB4XDTAxMDQxOTE0NTcyMFoXDTEx +MDQxOTE0NTcyMFowZTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm +aWNhdGVzMTowOAYDVQQDEzFJbnZhbGlkIGluaGliaXRQb2xpY3lNYXBwaW5nIEVF +IENlcnRpZmljYXRlIFRlc3Q2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA +pIyvpHy1AEaR244X+WehPi6kJ4zfm/clYT73uCvd/wtRc1ecFT83WALtOg6iWRxn +DxQ/Av2+6Sb5BGvOIyHVT/2cJIf325EZ/zxW6u9qb6+u2oWp8PX5ddUbH7yKAmXm +l3p3cVsZB1GkL4KdBrCQGdF8Khnb5cF5YBSuYEPZXQIDAQABo2swaTAfBgNVHSME +GDAWgBQkqwNVlYuV1wNEx93/fv32kbGgFjAdBgNVHQ4EFgQUYSBfuS0yhqXL/Jfv +5l9yYaw12g8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +AzANBgkqhkiG9w0BAQUFAAOBgQBa/IMv8cgYRBzo8cjsbIb+tzD4986MKnaHn5lL +SEdCOU8nZTscVwdXEg0N1Bza86ara3HXHtgpLauXgmcA0L7BUkGJty9vIMzqc6LN +VfDTX5iZoftoIKzFx8AsQio3Y9BlGRGU1NxKWyvrZj+PvT9lXym/Moe+b5pxez8b +WLtRZw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv +bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6 +zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0 +MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV +HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ +FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD +AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw +BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka +eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN +uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK +wGB7PyQXRRDWjA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCAIPM5 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA +-----BEGIN CERTIFICATE----- +MIICujCCAiOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBXMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAq +BgNVBAMTI2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0FJUE01MIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg4hWz7PbBhsTO+fpr6qznJLoay+MQhSxm +gq7gcER+qcx6hOwpIxvX2HUQ/q5RqJ6X539C1HyngpS383VGDqxzWTILMJ9p79He +5GhleTga2r/BSvq51G4uSJz4iJUJDEhzhQncRKUY65v1L8dz+lh/IHLRBGues3zP +dWc1cRQ1mQIDAQABo4GcMIGZMB8GA1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEF +ICZmMB0GA1UdDgQWBBTm3o5WsPOWysSqTpK6CZqUqZRwPjAOBgNVHQ8BAf8EBAMC +AQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDwYDVR0T +AQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgQEFMA0GCSqGSIb3DQEBBQUAA4GBAEge +Ag2ZoOuHLLqscTmz4NbRwXvWWtesM8lVBhQtShOlAgBpxm6c7kd4e1LMeAPN7yPD +63DL3mDZnK+qtyvqXaK3uVSMg9CMGsGCqXGDRbmml0nbxbkLNGKYEtkJVzmIR9nZ +vf0ZHnAqC4006H8s1uFPNIJwjb6hfK6oecY1nqms +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCAIPM5 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCAIPM5 +-----BEGIN CERTIFICATE----- +MIIC2zCCAkSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMTIgc3ViQ0FJUE01MB4XDTAxMDQxOTE0NTcyMFoXDTExMDQx +OTE0NTcyMFowWjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMS8wLQYDVQQDEyZpbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1YnN1YkNB +SVBNNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoWsXQ0sXtSdVHZZ6NBai +/YaSnuULPstaxcOXjt23ujwGnhffZLbzqoz6crjhOj3j7u5CAl76NNcQPuYi9/EW +vxys93HyGAbgpl+YZ/zKL61BPTj5sBK4l5NEQoKUoPZsoeTDTXyD3HDWMDlJifXK +gDYpaao45yFD8N0WCfd8pccCAwEAAaOBszCBsDAfBgNVHSMEGDAWgBTm3o5WsPOW +ysSqTpK6CZqUqZRwPjAdBgNVHQ4EFgQUJKsDVZWLldcDRMfd/3799pGxoBYwDgYD +VR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMC +ATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAzAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAImakMw5q9O9ghGN6g4TQ/IG +gI7NgrjqoAKQiqZuD+kmbzSf1sGONmiLK44kykgJ0zZY4xbkoXVOQiNrnqDclNdf +Za0+Fmvfx9vVTlSoLQGwSHE3oWDKcamton847GkEmnP0RacqUkRkgpZam83tnDEX +c6eHTCxBYDmTTPuFe4fi +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58: + 7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c: + b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52: + 21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75: + ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02: + 18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43: + 08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e: + c1:7e +-----BEGIN X509 CRL----- +MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G +A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB +PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy +pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+ +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCAIPM5 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:E6:DE:8E:56:B0:F3:96:CA:C4:AA:4E:92:BA:09:9A:94:A9:94:70:3E + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 14:9f:a7:ad:6e:15:65:a1:9b:cc:49:11:63:ae:0e:76:54:26: + 5f:8b:a3:f4:12:98:db:47:80:4f:38:bf:c0:0a:f6:d8:df:b4: + 07:7e:06:6a:ae:f2:9c:6a:c2:9c:6a:75:99:df:19:36:ee:d3: + de:59:91:32:7f:08:93:c3:31:6c:b1:cd:42:cb:72:74:04:27: + 1c:49:66:33:e0:10:8a:99:32:7b:66:6b:8b:8d:48:21:23:6d: + 1f:c4:b4:40:d6:8f:76:00:00:9c:6e:a1:bf:90:95:5e:b8:8d: + e9:c7:a1:18:f1:bc:5c:28:05:7c:73:72:85:da:f1:a6:00:53: + 5c:0e +-----BEGIN X509 CRL----- +MIIBUDCBugIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI2luaGliaXRQb2xpY3lNYXBw +aW5nMSBQMTIgc3ViQ0FJUE01Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +oC8wLTAfBgNVHSMEGDAWgBTm3o5WsPOWysSqTpK6CZqUqZRwPjAKBgNVHRQEAwIB +ATANBgkqhkiG9w0BAQUFAAOBgQAUn6etbhVloZvMSRFjrg52VCZfi6P0EpjbR4BP +OL/ACvbY37QHfgZqrvKcasKcanWZ3xk27tPeWZEyfwiTwzFssc1Cy3J0BCccSWYz +4BCKmTJ7ZmuLjUghI20fxLRA1o92AACcbqG/kJVeuI3px6EY8bxcKAV8c3KF2vGm +AFNcDg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCAIPM5 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:24:AB:03:55:95:8B:95:D7:03:44:C7:DD:FF:7E:FD:F6:91:B1:A0:16 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 03:dc:20:33:f7:b1:e9:f8:9d:47:00:86:08:2e:56:bc:02:0a: + e4:46:90:48:a0:cd:37:63:71:fb:69:34:e1:0a:d0:aa:e4:f7: + 61:67:46:a7:b8:ba:11:67:30:eb:1b:85:e1:1d:0c:9b:e6:fd: + fb:50:ea:c9:f3:e4:19:73:05:85:6b:cc:c3:f0:4a:2b:bc:75: + 7e:0f:b4:d1:64:39:b6:38:39:dc:30:77:33:91:b8:77:52:b6: + 70:ed:24:b3:34:7a:b8:ef:46:93:78:f7:7e:6d:6a:ae:2e:c8: + a0:d7:76:ac:46:47:ff:1e:9d:fa:51:9b:47:cb:06:c3:c6:85: + 4c:9e +-----BEGIN X509 CRL----- +MIIBUzCBvQIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMTIgc3Vic3ViQ0FJUE01Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaoC8wLTAfBgNVHSMEGDAWgBQkqwNVlYuV1wNEx93/fv32kbGgFjAKBgNVHRQE +AwIBATANBgkqhkiG9w0BAQUFAAOBgQAD3CAz97Hp+J1HAIYILla8AgrkRpBIoM03 +Y3H7aTThCtCq5PdhZ0anuLoRZzDrG4XhHQyb5v37UOrJ8+QZcwWFa8zD8EorvHV+ +D7TRZDm2ODncMHczkbh3UrZw7SSzNHq470aTePd+bWquLsig13asRkf/Hp36UZtH +ywbDxoVMng== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem new file mode 100644 index 0000000000..12418ff1a1 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=keyUsage Critical cRLSign False CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICiDCCAfGgAwIBAgIBIDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFYxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczErMCkGA1UEAxMia2V5VXNhZ2Ug +Q3JpdGljYWwgY1JMU2lnbiBGYWxzZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEA4iwG9rt4eJXUwy+UTNrUEq7gFuAYWGYaf0DCMDkLcYPIAwlWow99RTeX +jXir2B5PC/YcGARB1+bLQDTn7C8R2bilNXujkHWU4w10Vt56sONz+0ASNoIXCPn4 +EFXAneC3z7q9ZONoU4U3MBxMhuepSqGeBWNgh5KI/ICyYI/P61UCAwEAAaN8MHow +HwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJSB6cRQ +9gcgcCaUPO/fMC7eP3TNMA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBvUd6L +OoQLwzSqlbFY2JYA5GGxYuAdrT0FxeuRK2wGwiPmNCKn0w8t/wwQTrbPdrENV2Rc +gzeZ9A5RY/Qs6EogNvy0qfC6lw2aUZsjEFjpPvnXmjb23sL2A3twFUWuoZdy8Wtd +PTGWD96vq7KEdsMb3IRwUMk0XxyPZ4MUOqtVyg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Critical cRLSign False EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=keyUsage Critical cRLSign False CA +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImtleVVzYWdlIENy +aXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5 +MTQ1NzIwWjBwMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0 +ZXMxRTBDBgNVBAMTPEludmFsaWQga2V5VXNhZ2UgQ3JpdGljYWwgY1JMU2lnbiBG +YWxzZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAy7qxBfmtCspcqkqi9Slrzqm5Oaxst+HoLMAM77zVMEmIDI2IYsm1+PKV +WNIdR8whYpz9OvVP16/Ujt4D4902/HLCQGcMfprQ4M7S2ba4Ujvig4fe6SFwVCRs +YbCOmVA7rHiPEz2uguVgeAkJolSooUz/QEtakvGSEKGO8zhuQFsCAwEAAaNrMGkw +HwYDVR0jBBgwFoAUlIHpxFD2ByBwJpQ8798wLt4/dM0wHQYDVR0OBBYEFOsTlV2h +OTNSDv1rZhunjIMov0boMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAgST/vGwENhUdJayqletDgqTapBVi +mXOpojLaV5Q71AWzCA6oY3D0ATMW3QbzK9OBaDtURLb6zyKPLtx/2jZU3hw1c1Ia +bIIKe8MPc9VVlABo3GW8vYwKucYZValIq4YAV9AbtFYz+5L+7UAsZC3iU9t5UJ9G +GftSrxstYAKAeRg= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=keyUsage Critical cRLSign False CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:94:81:E9:C4:50:F6:07:20:70:26:94:3C:EF:DF:30:2E:DE:3F:74:CD + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + df:6c:04:71:99:bd:11:54:35:2e:e7:bb:54:60:3c:46:38:0c: + cb:d3:e9:06:bd:55:2a:03:35:2b:cf:e5:a3:b6:f1:13:5c:8b: + 43:5e:9b:8c:10:8e:c6:82:83:ee:af:1f:50:3a:14:2c:f3:a4: + 43:00:90:21:f9:59:4b:15:c4:5c:30:1c:86:75:2a:cb:a1:86: + 33:b1:f9:75:46:99:34:07:64:dc:4f:6e:d1:f2:cd:f5:0b:7f: + 00:1d:ca:9e:60:0f:93:8a:c5:22:cd:59:46:e5:21:2d:26:ef: + 98:ff:6d:50:2a:7d:5e:15:81:4c:b8:3c:ca:9a:1a:b5:1b:6f: + 4c:9f +-----BEGIN X509 CRL----- +MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImtleVVzYWdlIENyaXRpY2Fs +IGNSTFNpZ24gRmFsc2UgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg +LzAtMB8GA1UdIwQYMBaAFJSB6cRQ9gcgcCaUPO/fMC7eP3TNMAoGA1UdFAQDAgEB +MA0GCSqGSIb3DQEBBQUAA4GBAN9sBHGZvRFUNS7nu1RgPEY4DMvT6Qa9VSoDNSvP +5aO28RNci0Nem4wQjsaCg+6vH1A6FCzzpEMAkCH5WUsVxFwwHIZ1KsuhhjOx+XVG +mTQHZNxPbtHyzfULfwAdyp5gD5OKxSLNWUblIS0m75j/bVAqfV4VgUy4PMqaGrUb +b0yf +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem new file mode 100644 index 0000000000..70eca0a203 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=keyUsage Critical keyCertSign False CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICjDCCAfWgAwIBAgIBHTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMma2V5VXNhZ2Ug +Q3JpdGljYWwga2V5Q2VydFNpZ24gRmFsc2UgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBALm+L1UcoJG+mviuHuN0sBN3JeuYb9p4T8GP3zMU2o4qU0bwjq9L +PcOqj8RnfIrHIMUR9kgNmxJVXX+02rORMvzU9LsxdQxFNxN8sokG04ZZv5iqSr4W +NnG/UD+RYlBLRrHuNx0fDoW1zAac8JO28LeCdhot2Un+J1W8knpYlAt9AgMBAAGj +fDB6MB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSU +Abz4nHw/6JK2TckGtNNyMU46NzAOBgNVHQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +ifJcYkKWo1wikfXTF8s9sBKQjt+cMW2Kn2+25hF8KBXRmo3lJzJXyKtMQucC/+6W +rWB4brLC4KiyxVC9OCbEIxlsc9Mx35cgX39iXI5b2BEn/pZt9ceios9WPQYU6t/Y +D78koBp3ni6yy5WGa3mpU/xh18UaG/8VnfARvbTQcGs= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Critical keyCertSign False EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=keyUsage Critical keyCertSign False CA +-----BEGIN CERTIFICATE----- +MIICrzCCAhigAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIENy +aXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTEx +MDQxOTE0NTcyMFowdDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm +aWNhdGVzMUkwRwYDVQQDE0BJbnZhbGlkIGtleVVzYWdlIENyaXRpY2FsIGtleUNl +cnRTaWduIEZhbHNlIEVFIENlcnRpZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCgVfrVarIrsGAAz+ak13NJrkcspcEeCVsjrOtzHf619eeO +TDalq7iyspJxTEhn7lG7q/UazRqEp6lBu1fVFkdFBPHi1uuNtyLB80MNy0ztjPAf +Ct0/wV1jDvNbaCg/TFXflKtDTY+jcVWTOmWMwI6hZwokQ7Csbee02czrHw3gLQID +AQABo2swaTAfBgNVHSMEGDAWgBSUAbz4nHw/6JK2TckGtNNyMU46NzAdBgNVHQ4E +FgQU9ghpzs2MqUouYVwzB2XsoCyL6W8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQADeKlzkdXLEofSM2r4 +SIPYc9g0A4EXIb1h+1YhhYyiuhSRb3zpAHlvgtfDaHu/ic2pHNDRKAjHGf6349p8 +OCAnqQvl9yZIvOa5/N7F13V1Ay+igdgGSPXmKRD76jX5ccQvoEQUQlA9G4P5/qaC +IonfinaLZXjcklWJuhV/XMzYWA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=keyUsage Critical keyCertSign False CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:94:01:BC:F8:9C:7C:3F:E8:92:B6:4D:C9:06:B4:D3:72:31:4E:3A:37 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 37:7b:99:a3:64:09:89:d3:3b:eb:15:ec:5c:bf:4e:86:74:eb: + de:88:f2:7e:33:ee:e1:2a:ed:04:81:bd:f3:bb:33:69:16:ca: + f0:89:38:11:1f:5c:11:ba:83:2a:be:e4:8b:ff:12:68:c5:58: + d4:fd:cc:fd:58:8f:49:5c:6f:2d:86:7c:1c:86:b8:b9:3b:4d: + 47:06:4d:e3:f5:d3:c4:f0:b0:e2:56:41:19:b9:a7:08:77:78: + 80:49:55:f9:7d:d7:b0:84:92:28:bb:25:e2:83:75:e2:59:a9: + 12:8c:cb:d0:7b:03:c7:30:13:c2:79:d6:c5:9c:f3:73:7d:63: + 3a:e0 +-----BEGIN X509 CRL----- +MIIBUzCBvQIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIENyaXRpY2Fs +IGtleUNlcnRTaWduIEZhbHNlIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaoC8wLTAfBgNVHSMEGDAWgBSUAbz4nHw/6JK2TckGtNNyMU46NzAKBgNVHRQE +AwIBATANBgkqhkiG9w0BAQUFAAOBgQA3e5mjZAmJ0zvrFexcv06GdOveiPJ+M+7h +Ku0Egb3zuzNpFsrwiTgRH1wRuoMqvuSL/xJoxVjU/cz9WI9JXG8thnwchri5O01H +Bk3j9dPE8LDiVkEZuacId3iASVX5fdewhJIouyXig3XiWakSjMvQewPHMBPCedbF +nPNzfWM64A== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem new file mode 100644 index 0000000000..0efaff7138 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=keyUsage Not Critical cRLSign False CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIBITANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMma2V5VXNhZ2Ug +Tm90IENyaXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAMLOm8AZjGbhdJ7A5TMeS8YqKDv+sSvYbu/N0xYhBYw9btWqMvhg +UQRchnPigIMNH270hJTB0xUODgi5kEfd3aMcqP4p7092jT7nGwWiWqMfcOiDob/B +jwJbfa/pcDWtLtL9gGu3mD5phBMV422/vXk7DNPVTOsm0LK+kYcbkutzAgMBAAGj +eTB3MB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSb +FqRb5CIAWLVWFP8usoK/Iuj2+DALBgNVHQ8EBAMCAgQwFwYDVR0gBBAwDjAMBgpg +hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAXayz +RGBvRtkZyRHdFZY+3aIHHo7AdgjRSbvWFShHnbrZnd2E8mbkkk5NH7sD6IQygi5b +6s2ZEpMFRDc8NNSG1Qh5NagIp8Wguyqa8HgSA15CytfKd9nDdIY8NSFPiqXCXIOp +AXIf+LI9d8QnF/zOuRdKQiX26iVbh/Ofiij5b8s= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Not Critical cRLSign False EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=keyUsage Not Critical cRLSign False CA +-----BEGIN CERTIFICATE----- +MIICrzCCAhigAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIE5v +dCBDcml0aWNhbCBjUkxTaWduIEZhbHNlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTEx +MDQxOTE0NTcyMFowdDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm +aWNhdGVzMUkwRwYDVQQDE0BJbnZhbGlkIGtleVVzYWdlIE5vdCBDcml0aWNhbCBj +UkxTaWduIEZhbHNlIEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCniZx3i5eOoYfB4+DHDtBDWS3+uKOzezExgLASJeRuST/z +FBDywPOCHD9BqbsVdo+fQMjOEBs5C2QePhrQmo36vBpuTGeS6o0ZwnPqZEiR7BDm +BhaU5GfHWArITIQqqKeGMrcd6inS3EgiNfLoIgErgIYUE2Ay7N3jNAkZ+gHFsQID +AQABo2swaTAfBgNVHSMEGDAWgBSbFqRb5CIAWLVWFP8usoK/Iuj2+DAdBgNVHQ4E +FgQUO/h+SZvyJuF7i3RkSFnq+ekut+kwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQB63lqdcOrQ5elffexi +Pm+erQomlHA4QBd/o7W9oGu3wh9o/OxaXUX+q1y/xsFQPWY8rnd9WX2K/GbDnAkg +b9VumR4AI31DBsR9ON1LP252rSHzpH5VeLVX4yp+RU1J6VvXAFXD3RgVwYE16JFC +NKsFf0HL8FRjpLQp9+/qcp6A7Q== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=keyUsage Not Critical cRLSign False CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9B:16:A4:5B:E4:22:00:58:B5:56:14:FF:2E:B2:82:BF:22:E8:F6:F8 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 09:d0:9f:43:ea:14:8b:96:bc:51:a7:26:e2:ad:a1:d9:85:d4: + c4:54:67:72:3b:27:b9:51:74:ca:a5:72:a2:88:21:2d:f0:46: + 21:ca:5e:36:02:5f:bb:9c:1f:a4:84:63:64:8a:52:5a:17:b8: + d5:5f:3f:d5:73:38:f0:f5:7e:e3:59:80:ef:1a:70:89:da:37: + d4:b1:31:4a:94:01:ea:c9:71:98:aa:c4:ae:e2:8c:18:ab:7d: + a9:7a:fc:23:1b:57:ee:90:81:0e:29:4b:c6:1f:78:2f:65:4d: + 38:df:f9:6e:74:90:71:57:a1:aa:06:4a:8a:a9:15:ab:87:17: + 1a:ee +-----BEGIN X509 CRL----- +MIIBUzCBvQIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIE5vdCBDcml0 +aWNhbCBjUkxTaWduIEZhbHNlIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaoC8wLTAfBgNVHSMEGDAWgBSbFqRb5CIAWLVWFP8usoK/Iuj2+DAKBgNVHRQE +AwIBATANBgkqhkiG9w0BAQUFAAOBgQAJ0J9D6hSLlrxRpybiraHZhdTEVGdyOye5 +UXTKpXKiiCEt8EYhyl42Al+7nB+khGNkilJaF7jVXz/Vczjw9X7jWYDvGnCJ2jfU +sTFKlAHqyXGYqsSu4owYq32pevwjG1fukIEOKUvGH3gvZU043/ludJBxV6GqBkqK +qRWrhxca7g== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem new file mode 100644 index 0000000000..7fc272ea18 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=keyUsage Not Critical keyCertSign False CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICjTCCAfagAwIBAgIBHjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF4xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEGA1UEAxMqa2V5VXNhZ2Ug +Tm90IENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCo1QPZC5T5F1L7XkkAguXC8vf9C9YbYfj8VbP8CXU6/3EG +wUPK43eDJfWBzzwk7bgumreNheNFRcFW+dcroOFvVflXXBjj/UR7qkXULMf9DqK4 +dqMYYafyTrI3QrgNfdN06ngaY0qNnXa4Z58ecPAQPnQprJHJ0fDTlwultqudJQID +AQABo3kwdzAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4E +FgQU3wy5NIl1eNIjkh7wgSHfwnYXZbQwCwYDVR0PBAQDAgECMBcGA1UdIAQQMA4w +DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB +AFYPjvJm9+IVM7cHs7OMJLoeNCnhUL5nlx9HuDLzP6/+0o4V3aQgiP787/zfOBFj +yWLTLfKqJTkm+8fs+TLFf675Vs2s3dPELXJLvFwgQFYDiSQpV46thD7NLw474dse +tN1i9Scl7y0RsDHbi9qBIPsRX4UV8/8nawbo9yW8hpqt +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Not Critical keyCertSign False EE Cert Test2 +issuer=/C=US/O=Test Certificates/CN=keyUsage Not Critical keyCertSign False CA +-----BEGIN CERTIFICATE----- +MIICsDCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMzAxBgNVBAMTKmtleVVzYWdlIE5v +dCBDcml0aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBDQTAeFw0wMTA0MTkxNDU3MjBa +Fw0xMTA0MTkxNDU3MjBaMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENl +cnRpZmljYXRlczFGMEQGA1UEAxM9SW52YWxpZCBrZXlVc2FnZSBOb3QgQ3JpdGlj +YWwga2V5Q2VydFNpZ24gRmFsc2UgRUUgQ2VydCBUZXN0MjCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAp67g5m0ja/YdBc6nUr+UTz3XzQoajL7y9/EF7M0He7yq +nlQvh/d2kEpE3e0EUZviJtg9L9sxQRgCFWVR+f9rLpPNEBIAZ2HQ83SxFRr+UbfX +LTOLNaLhasu4lG9LY8DtyYxjrnvmOHkvTk14kD9L+YPJbR9LmCjNHbmoFiNu0Z8C +AwEAAaNrMGkwHwYDVR0jBBgwFoAU3wy5NIl1eNIjkh7wgSHfwnYXZbQwHQYDVR0O +BBYEFLkvB65lcMDXjd55uk984ACgePDSMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE +EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAf9WmZ9PcF2mY7Fst +f0t6wDbfkMenvluK5yTnfZGZi1Xa5WFt+1ifSxYjkxTMTw4DJ5IXWRZNr40+NhCo +2dvFQbeTEh90GuwSrFOY1LoT6stxoc/OXatyOCuO4rved9tzjRAArQndpnd6Zqsd +p/cT+7yvFwM9fxMinMUy3p6rR9E= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=keyUsage Not Critical keyCertSign False CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:DF:0C:B9:34:89:75:78:D2:23:92:1E:F0:81:21:DF:C2:76:17:65:B4 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 9e:b2:db:db:fb:42:09:bb:05:d6:af:1d:1e:b5:2a:e7:88:75: + f0:e6:a9:52:0d:ad:a3:4d:a6:64:06:e3:53:b4:39:db:4f:96: + 08:5d:ea:da:bb:09:d1:d6:32:53:91:62:ed:33:e9:0d:87:6c: + f9:12:a0:4a:c5:e9:e9:6f:d5:d1:02:8f:22:9a:d7:7c:82:d2: + 17:48:0c:c3:2a:c2:d9:e5:f7:0e:77:1b:52:e7:1a:9c:2c:7d: + 5f:31:a3:aa:90:32:ca:9e:ad:42:ef:b3:9b:cd:11:da:13:36: + 7c:cb:85:48:75:59:7e:6c:03:9a:a0:70:e3:19:d4:c1:dd:c5: + 7a:3b +-----BEGIN X509 CRL----- +MIIBVzCBwQIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMzAxBgNVBAMTKmtleVVzYWdlIE5vdCBDcml0 +aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5 +MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU3wy5NIl1eNIjkh7wgSHfwnYXZbQwCgYD +VR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAnrLb2/tCCbsF1q8dHrUq54h18Oap +Ug2to02mZAbjU7Q520+WCF3q2rsJ0dYyU5Fi7TPpDYds+RKgSsXp6W/V0QKPIprX +fILSF0gMwyrC2eX3DncbUucanCx9XzGjqpAyyp6tQu+zm80R2hM2fMuFSHVZfmwD +mqBw4xnUwd3Fejs= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem new file mode 100644 index 0000000000..f1d3094eed --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem @@ -0,0 +1,112 @@ +subject=/C=US/O=Test Certificates/CN=onlyContainsAttributeCerts CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICgzCCAeygAwIBAgIBTzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFExCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEmMCQGA1UEAxMdb25seUNvbnRh +aW5zQXR0cmlidXRlQ2VydHMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALSCJ7MnQSSfqf3cAKyFUJRK6CV6MSLa2t9JmoGgpu6snUGfPogvAguvdYP27085 +2+7ZAe2MA5+VRBKl2gtUJeS0qdMlrQyLMw8SBfIuCc0cMrbGnRHqeBPHPVdq1n3b +xx+pwvDV2egYWx53Vyq72HVv7E6QhdGjEwO41216OFXzAgMBAAGjfDB6MB8GA1Ud +IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBTFKJWbEsMCo9m4 ++7Yd323jU625IjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC +ATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAH50jqtmZxb9s +51U/Olz2Z4OskoazeeNVJ0LXvUzF2vYzqBhXseLUd996wDmvQWsoczt8etO5zJdI +/iXtC61WyqmSDgSSSEvoIAL/xWFYQh1QAjG+FD7qHxfJ5TUiVFUzkQe/nE2wSWYL +oiZe8DkJHsi/T6sBMbZeNLcXa8CliLI= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid onlyContainsAttirubteCerts EE Certificate Test14 +issuer=/C=US/O=Test Certificates/CN=onlyContainsAttributeCerts CA +-----BEGIN CERTIFICATE----- +MIICnjCCAgegAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHW9ubHlDb250YWlu +c0F0dHJpYnV0ZUNlcnRzIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFowbDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMUEw +PwYDVQQDEzhJbnZhbGlkIG9ubHlDb250YWluc0F0dGlydWJ0ZUNlcnRzIEVFIENl +cnRpZmljYXRlIFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnRFu +rk1+JntR2FWOywl3/YsAK7L4yrNCEx5T7OIJOPeYo2gQ4HcNYzhCfrs8BnXBgRWm +SmYiz83DHjDXf1v1EYvmLbuorfhe6oqbZjFFmFSFVYoBBQGoweqSBuEP+Dfz5JCQ +3j/U5P9kHacuVt5EvNDFuxC2QpNlKDMKVp1kO1ECAwEAAaNrMGkwHwYDVR0jBBgw +FoAUxSiVmxLDAqPZuPu2Hd9t41OtuSIwHQYDVR0OBBYEFH75KmUzZ/T1lVkx9E97 +tlW7zv91MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DQYJKoZIhvcNAQEFBQADgYEAcnsbImj6Bq19wrmv1lsHuwr0rR9v5AU5A5BvxBGX +7L9250MNODFbkR2trDXDu8Aj4xDl14ksrH1CW5oqqvhSIN890dWabjEIWXzPJPXm +Ogj5ekGTXsXnOsbO8CEfvjAvg8zfRVlWuR+mxGvk8qw4t0xB0GIqutURQegGF/zY +tJ4= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=onlyContainsAttributeCerts CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:C5:28:95:9B:12:C3:02:A3:D9:B8:FB:B6:1D:DF:6D:E3:53:AD:B9:22 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0.... +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 4d:d0:f1:a7:37:36:13:e4:57:d2:e5:1b:bb:c0:68:35:91:0c: + 84:53:55:01:9e:2f:bf:4b:d4:7e:55:4f:ea:6c:71:f4:54:a5: + b7:38:50:ac:43:c7:85:b9:13:88:4f:36:5c:35:5c:83:56:49: + 1d:ea:d0:34:ce:bf:d6:21:40:f8:4a:62:ee:c4:88:74:f7:05: + 13:cc:15:90:46:d3:8e:04:5f:00:2e:ef:1f:43:cf:da:84:d4: + 27:b1:22:c6:b5:ad:83:cd:aa:8b:cf:0e:d7:1f:76:37:a6:29: + 8e:3a:e7:3f:58:12:8d:2b:77:58:b1:eb:7f:35:6d:96:74:f6: + 48:1d +-----BEGIN X509 CRL----- +MIIBWzCBxQIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHW9ubHlDb250YWluc0F0dHJp +YnV0ZUNlcnRzIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoEAwPjAf +BgNVHSMEGDAWgBTFKJWbEsMCo9m4+7Yd323jU625IjAKBgNVHRQEAwIBATAPBgNV +HRwBAf8EBTADhQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3Q8ac3NhPkV9LlG7vAaDWR +DIRTVQGeL79L1H5VT+pscfRUpbc4UKxDx4W5E4hPNlw1XINWSR3q0DTOv9YhQPhK +Yu7EiHT3BRPMFZBG044EXwAu7x9Dz9qE1CexIsa1rYPNqovPDtcfdjemKY465z9Y +Eo0rd1ix6381bZZ09kgd +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem new file mode 100644 index 0000000000..14d5cba2f9 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem @@ -0,0 +1,111 @@ +subject=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfDCCAeWgAwIBAgIBTjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWb25seUNvbnRh +aW5zQ0FDZXJ0cyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqP8z3Y0v +UCVXIVXCpbr+dcdoZFi0UZQPvl77hqqVORSs9FefV5mTeuoDDfhtUYa+O6Wzh2v/ +Yzv1MzPQzePG3eho/6CLs4pzqVWZDzYTG6OXubjPvYT10WykqfaWuivcn5YxbHuA +cRitNsBAvY1Nq/kPDtsPJz1t5+PDRVO64gsCAwEAAaN8MHowHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPOhB0Zne+mPWavrVYaTyKzk +VbcYMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGkMUjQFfto4SQpRJ2fAeU +qXp2dn4kt+s/ITPOIykUFaybQ6eaGRcWN4kTi7IufbSeI7lmaa4SC+bq14tfSf/w +gJSpwu58pIbPHKN0IgB+9S8eRS8wmB4HcBflmNZz/NX6wJzwJt15ZC+gek+eZGUw +Qck6L9wt5i1wMFyRwBmAHQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid onlyContainsCACerts EE Certificate Test12 +issuer=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWlu +c0NBQ2VydHMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBlMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxOjA4BgNVBAMT +MUludmFsaWQgb25seUNvbnRhaW5zQ0FDZXJ0cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0 +MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANFmoy4sb7+FLLRfH0FTJkEA +4DUgy6WKlx+o6gViRTKyicSNbY5GWZ31r5z+B8SyeL0HaAYwkDBBNIJ2tLhSgKCs +YASvqHqBa8YgpnDs3fh7d7perSH4t7SLblf2Ul9ABuDvFt/lCizK2LXgfDhcdrUU +D7ZeOZTr59cuMd+tAN+vAgMBAAGjazBpMB8GA1UdIwQYMBaAFPOhB0Zne+mPWavr +VYaTyKzkVbcYMB0GA1UdDgQWBBSsVnmrX9OpfaLqvFvE4FydtKiYrDAOBgNVHQ8B +Af8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA +A4GBAFqv88cSXJ667X0tM4dQ5AyFGYONJIioud7mI0SXcDeh0Me/J1wmqDmlS7oj +3vVTE6unv0EjjtEcLJr6FkHqYIksi9Fsuudte8FvQQ7aJEz6nzBpTe+kBINtK59k +picBSyDN77AoX8AMqoDj39NP9DCaiq7fO3XL2Ei0MF4uG/1Y +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=onlyContainsCACerts CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:F3:A1:07:46:67:7B:E9:8F:59:AB:EB:55:86:93:C8:AC:E4:55:B7:18 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0.... +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 54:27:ac:fc:b5:7a:93:93:e7:f2:e9:63:f7:52:ad:20:08:4c: + 52:08:62:e6:f6:81:71:1d:72:f4:1d:bf:db:06:52:d6:4f:8b: + 86:68:4a:ca:01:4a:fd:b9:7e:5d:7a:df:48:67:36:9b:31:12: + dd:13:29:b2:8e:b6:ba:c4:20:31:57:4f:7e:c6:d1:3c:0b:e5: + 1c:a0:c2:15:c6:09:5b:77:ca:95:37:31:7d:a8:08:4d:ae:60: + 4f:3c:b4:ef:92:9d:f1:11:5f:a1:1b:2d:ff:e6:2e:07:88:4e: + 2c:88:54:b8:e1:be:4e:6c:22:90:0e:37:0d:b2:8d:61:21:46: + 36:29 +-----BEGIN X509 CRL----- +MIIBVDCBvgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWluc0NBQ2Vy +dHMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQDA+MB8GA1UdIwQY +MBaAFPOhB0Zne+mPWavrVYaTyKzkVbcYMAoGA1UdFAQDAgEBMA8GA1UdHAEB/wQF +MAOCAf8wDQYJKoZIhvcNAQEFBQADgYEAVCes/LV6k5Pn8ulj91KtIAhMUghi5vaB +cR1y9B2/2wZS1k+LhmhKygFK/bl+XXrfSGc2mzES3RMpso62usQgMVdPfsbRPAvl +HKDCFcYJW3fKlTcxfagITa5gTzy075Kd8RFfoRst/+YuB4hOLIhUuOG+TmwikA43 +DbKNYSFGNik= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem new file mode 100644 index 0000000000..237f79a05e --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem @@ -0,0 +1,112 @@ +subject=/C=US/O=Test Certificates/CN=onlyContainsUserCerts CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBTTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYb25seUNvbnRh +aW5zVXNlckNlcnRzIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9uYsu +53u2+DI6YJnVIbUEBXbifJtOvR4Id3dAWtLRtp1J1/cjbUdtunT8MP8UdMiOu5GH +qkkjCow40bwn18zVUFC+tbTitFHZwkcY6vpoBiYh7kfUGyOWMuGhYDDmL6f1GyGq +1cPMSG3TI65vxTRu69NqZ6A69+6oecCzEhZwDQIDAQABo3wwejAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUWss3HtJGmFwTlfjfuDr/ +EUCtFfIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB4p94csINQawOHlCIzE +BoDqe6fIaND41iV0Ho1HK5OQyoKdGUAUm3cuoyXOmA++mMrGdqZd+xqQswur3Ve1 +iKj1z3ZAfFHI07GT7nOS9yTHPwIwW1FaFsaMkJyHm5McmiVJ2RVPcuhZM8Hg/O1t +lEtxFRbVcGf+7bi5eI/HHmmB +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid onlyContainsUserCerts EE Certificate Test11 +issuer=/C=US/O=Test Certificates/CN=onlyContainsUserCerts CA +-----BEGIN CERTIFICATE----- +MIICpTCCAg6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGG9ubHlDb250YWlu +c1VzZXJDZXJ0cyBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGcx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE8MDoGA1UE +AxMzSW52YWxpZCBvbmx5Q29udGFpbnNVc2VyQ2VydHMgRUUgQ2VydGlmaWNhdGUg +VGVzdDExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgvtvHKcfaEySW+gTB +goP/idcErgtO4WHFdiTLJV2wwSRVKNwruXMNUfgnsksQ+Tqa24KJWAJpnh44cvcT +C63piJcmXs35SuSRbS3kefpDW1HmvkZUJ+xEp+jouS6IXKBI+bX0iASJpBC8rDtw +TdyTa1MWv7veksCshAZr3cxBgQIDAQABo3wwejAfBgNVHSMEGDAWgBRayzce0kaY +XBOV+N+4Ov8RQK0V8jAdBgNVHQ4EFgQUb0/1XSOZ9YvHmG7rvM8eBcBgOI8wDgYD +VR0PAQH/BAQDAgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAJybyf0fbsSEKPlQbxKeyZBQXdWfQGeo +1NVyDN87XSKQUe9fech7qiUC4Ua2z7mWrIIbDBylvl7ff0NFiPTK6+tl4Rt+zaX9 +qzA+dIuVr/7NPrlaTSmJglaX5n1/2h/dYhFbJUXe5L5FOpE3uq/Cp83MC5AQzDxR +UrWoUQdNtOhm +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=onlyContainsUserCerts CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:5A:CB:37:1E:D2:46:98:5C:13:95:F8:DF:B8:3A:FF:11:40:AD:15:F2 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0.... +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 52:63:40:55:91:4a:88:23:0d:64:84:b4:3e:50:a2:0c:ba:30: + 81:b2:86:2f:ce:0e:b5:b7:e0:c2:d5:10:63:82:0e:88:ab:90: + d6:a4:df:11:22:96:15:f3:7e:cd:ce:0b:87:54:0b:3f:60:c7: + 6b:a6:04:9a:25:8d:51:af:b2:c4:da:f9:d5:63:57:f2:b8:f8: + 07:d1:bf:0b:a3:77:a7:e6:e3:87:a0:97:5d:4a:41:07:b9:36: + 98:bd:54:93:95:32:d9:7c:07:83:e5:d7:54:77:be:e4:eb:e1: + 03:fa:e7:83:fd:78:45:4b:a0:42:87:52:c1:1c:18:06:4f:39: + f3:09 +-----BEGIN X509 CRL----- +MIIBVjCBwAIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGG9ubHlDb250YWluc1VzZXJD +ZXJ0cyBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqBAMD4wHwYDVR0j +BBgwFoAUWss3HtJGmFwTlfjfuDr/EUCtFfIwCgYDVR0UBAMCAQEwDwYDVR0cAQH/ +BAUwA4EB/zANBgkqhkiG9w0BAQUFAAOBgQBSY0BVkUqIIw1khLQ+UKIMujCBsoYv +zg61t+DC1RBjgg6Iq5DWpN8RIpYV837NzguHVAs/YMdrpgSaJY1Rr7LE2vnVY1fy +uPgH0b8Lo3en5uOHoJddSkEHuTaYvVSTlTLZfAeD5ddUd77k6+ED+ueD/XhFS6BC +h1LBHBgGTznzCQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem new file mode 100644 index 0000000000..819cc4017f --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem @@ -0,0 +1,156 @@ +subject=/C=US/O=Test Certificates/CN=onlySomeReasons CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICeTCCAeKgAwIBAgIBUDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTb25seVNvbWVS +ZWFzb25zIENBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqY5YemfCgwOg +IB+hdOlRZFTinhkf1OaHBpkEgH6r2jJPiuhXh30ZT2TwX9aBiEGnnKuHuZmwGUK/ +DCnAfvpZ621Oo7LXsNQFtGDYrh8Rfu93TxunsJNZQ9ZXWEcIjot4YGkbOO8Nu0il +Z/zLKJKQUSKKBW/5glVtiynAaixm6k0CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU +LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOBimt8FUL0fD1sYSf6+cB3M3Dlu +MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCbnkFzDActclPpCRyu9PWbUrnQ +ZU76d5EXV40N6ma0OBngkU+7TJgmUNS2anUuxF51tkeYvMlqADT7KijrN/rGSipZ +yVR/ds2UaXdbfIfuFOs5TuVeClJ21BkYQgrmZ90/ti2fgIKn+cA1MQcnthtmtGJx +1JuSgthIOVfbeMWdCQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test15 +issuer=/C=US/O=Test Certificates/CN=onlySomeReasons CA1 +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVh +c29ucyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD +VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu +dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QxNTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlsynYvXyvl+q7eNnQ1pHRTzYR3jQt0ko +GQ/U1Q9AsMdHihxgohDFbqyRbq2ODI6t3HGT/h8JPCPLT+dLhvwixeYhgms3m/TJ ++mnXebr5bHI3PjF61Cw/mJe45Ab+arDxdumnvJRtw4EIB5lDwOrD9bHBE/WS1mem +ndOkBLQNG8UCAwEAAaNrMGkwHwYDVR0jBBgwFoAU4GKa3wVQvR8PWxhJ/r5wHczc +OW4wHQYDVR0OBBYEFKqEMbmbidNhzPioeu9tHpG1I305MA4GA1UdDwEB/wQEAwIE +8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAIIqO +DY8YnDAv4BQddow4PTv5P8bnPkA2Ogs3Du04Lps9gxrBVYHDIT7UQVZ5hzZeXnmW +rLwQeI2wDJNhjMhemXksv4rrf1pL65em4hQCuwlCsY0Nlc3z5hJjLslTd85fgQXk +mDYbw0db0b1fRGsA+RkiIRM7ynpuT6753gVv4ho= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0....` +Revoked Certificates: + Serial Number: 01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 99:f8:e1:09:a8:5d:d4:4d:a9:18:5c:91:9c:2c:a2:51:7c:dd: + 61:bd:4a:38:0c:5c:88:46:56:55:06:29:70:0f:cc:1d:cf:44: + d9:9a:b9:11:94:82:53:48:b5:08:4d:19:89:42:c0:ff:7d:42: + e0:39:98:43:6f:40:f3:e9:5e:8e:fe:56:3f:f4:4c:60:0e:22: + 29:c3:90:7d:2d:ea:d2:96:f1:3d:ce:35:d4:30:72:f2:9b:fc: + 86:44:fb:05:b7:3a:08:d2:bc:95:e8:d3:2b:18:a1:64:c9:25: + 19:3f:6e:8a:a5:9b:99:e4:f4:ac:1f:f9:ea:72:9c:88:b8:8f: + ac:e9 +-----BEGIN X509 CRL----- +MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD +QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEBFw0wMTA0MTkx +NDU3MjBaMAwwCgYDVR0VBAMKAQGgQTA/MB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY +Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASDAgVgMA0GCSqGSIb3 +DQEBBQUAA4GBAJn44QmoXdRNqRhckZwsolF83WG9SjgMXIhGVlUGKXAPzB3PRNma +uRGUglNItQhNGYlCwP99QuA5mENvQPPpXo7+Vj/0TGAOIinDkH0t6tKW8T3ONdQw +cvKb/IZE+wW3OgjSvJXo0ysYoWTJJRk/boqlm5nk9Kwf+epynIi4j6zp +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0...... +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Signature Algorithm: sha1WithRSAEncryption + 5a:9a:70:59:4f:6b:42:27:d8:2a:70:9e:91:bf:f5:09:c0:2c: + 8e:21:5d:6a:76:0f:70:61:ee:f8:20:c3:00:cf:7b:40:78:c5: + 25:5d:17:cf:c7:74:61:29:40:93:91:c1:52:68:4c:02:e3:b7: + c2:0c:e3:26:ab:fa:2f:e2:0e:70:60:d9:ed:34:ec:72:4b:98: + 57:8c:5a:dd:1c:50:d2:6c:44:ee:4b:89:d6:f9:d4:79:64:9f: + e7:f2:4f:e9:10:0c:8b:12:c4:ef:e4:2d:f8:8a:c6:94:9a:59: + 24:1b:f9:d4:6e:4c:19:4d:ed:4f:3f:e8:b1:29:f6:6e:2e:0c: + d1:ef +-----BEGIN X509 CRL----- +MIIBdzCB4QIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD +QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkx +NDU3MjBaMAwwCgYDVR0VBAMKAQagQjBAMB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY +Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBEGA1UdHAEB/wQHMAWDAwefgDANBgkqhkiG +9w0BAQUFAAOBgQBamnBZT2tCJ9gqcJ6Rv/UJwCyOIV1qdg9wYe74IMMAz3tAeMUl +XRfPx3RhKUCTkcFSaEwC47fCDOMmq/ov4g5wYNntNOxyS5hXjFrdHFDSbETuS4nW ++dR5ZJ/n8k/pEAyLEsTv5C34isaUmlkkG/nUbkwZTe1PP+ixKfZuLgzR7w== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem new file mode 100644 index 0000000000..76ef3b7b53 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem @@ -0,0 +1,156 @@ +subject=/C=US/O=Test Certificates/CN=onlySomeReasons CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICeTCCAeKgAwIBAgIBUDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTb25seVNvbWVS +ZWFzb25zIENBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqY5YemfCgwOg +IB+hdOlRZFTinhkf1OaHBpkEgH6r2jJPiuhXh30ZT2TwX9aBiEGnnKuHuZmwGUK/ +DCnAfvpZ621Oo7LXsNQFtGDYrh8Rfu93TxunsJNZQ9ZXWEcIjot4YGkbOO8Nu0il +Z/zLKJKQUSKKBW/5glVtiynAaixm6k0CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU +LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOBimt8FUL0fD1sYSf6+cB3M3Dlu +MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCbnkFzDActclPpCRyu9PWbUrnQ +ZU76d5EXV40N6ma0OBngkU+7TJgmUNS2anUuxF51tkeYvMlqADT7KijrN/rGSipZ +yVR/ds2UaXdbfIfuFOs5TuVeClJ21BkYQgrmZ90/ti2fgIKn+cA1MQcnthtmtGJx +1JuSgthIOVfbeMWdCQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test16 +issuer=/C=US/O=Test Certificates/CN=onlySomeReasons CA1 +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVh +c29ucyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD +VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu +dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QxNjCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlmAr5pfd8vA/RDJSfo8qPEDAbLwbxhVf +lv1WYCncGfhiyC77BYzSvBHiEp+84tJW6lBUUEewGRBDKerNZAnqkirYwLYccwav +76qQJnSFTKmjDS7BofPWH8/bVZXjwjGikKAChuVcBykwZt9zOhFCM4y5wUv1IEHe +iiDpoHEIPqsCAwEAAaNrMGkwHwYDVR0jBBgwFoAU4GKa3wVQvR8PWxhJ/r5wHczc +OW4wHQYDVR0OBBYEFJdQKB8LbKa2dsGgu3qroJY+rlmzMA4GA1UdDwEB/wQEAwIE +8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAG5qf +f86xb10ogmC7H1f//9eykm6gAA0EWFwyXzjCkIlk9WPjGOTBU3WNURziN5LdblcZ +Csf3gFtni07sN4ISdLTnJFzuW8Nk9vfmmhV74guH9wvMv4fCVInMBZEaak0bR2dY +LxvWYJ8K2rgUN4E3A5nNFA81/1xxbwCq7c2koa8= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0....` +Revoked Certificates: + Serial Number: 01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 99:f8:e1:09:a8:5d:d4:4d:a9:18:5c:91:9c:2c:a2:51:7c:dd: + 61:bd:4a:38:0c:5c:88:46:56:55:06:29:70:0f:cc:1d:cf:44: + d9:9a:b9:11:94:82:53:48:b5:08:4d:19:89:42:c0:ff:7d:42: + e0:39:98:43:6f:40:f3:e9:5e:8e:fe:56:3f:f4:4c:60:0e:22: + 29:c3:90:7d:2d:ea:d2:96:f1:3d:ce:35:d4:30:72:f2:9b:fc: + 86:44:fb:05:b7:3a:08:d2:bc:95:e8:d3:2b:18:a1:64:c9:25: + 19:3f:6e:8a:a5:9b:99:e4:f4:ac:1f:f9:ea:72:9c:88:b8:8f: + ac:e9 +-----BEGIN X509 CRL----- +MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD +QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEBFw0wMTA0MTkx +NDU3MjBaMAwwCgYDVR0VBAMKAQGgQTA/MB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY +Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASDAgVgMA0GCSqGSIb3 +DQEBBQUAA4GBAJn44QmoXdRNqRhckZwsolF83WG9SjgMXIhGVlUGKXAPzB3PRNma +uRGUglNItQhNGYlCwP99QuA5mENvQPPpXo7+Vj/0TGAOIinDkH0t6tKW8T3ONdQw +cvKb/IZE+wW3OgjSvJXo0ysYoWTJJRk/boqlm5nk9Kwf+epynIi4j6zp +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0...... +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Signature Algorithm: sha1WithRSAEncryption + 5a:9a:70:59:4f:6b:42:27:d8:2a:70:9e:91:bf:f5:09:c0:2c: + 8e:21:5d:6a:76:0f:70:61:ee:f8:20:c3:00:cf:7b:40:78:c5: + 25:5d:17:cf:c7:74:61:29:40:93:91:c1:52:68:4c:02:e3:b7: + c2:0c:e3:26:ab:fa:2f:e2:0e:70:60:d9:ed:34:ec:72:4b:98: + 57:8c:5a:dd:1c:50:d2:6c:44:ee:4b:89:d6:f9:d4:79:64:9f: + e7:f2:4f:e9:10:0c:8b:12:c4:ef:e4:2d:f8:8a:c6:94:9a:59: + 24:1b:f9:d4:6e:4c:19:4d:ed:4f:3f:e8:b1:29:f6:6e:2e:0c: + d1:ef +-----BEGIN X509 CRL----- +MIIBdzCB4QIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD +QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkx +NDU3MjBaMAwwCgYDVR0VBAMKAQagQjBAMB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY +Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBEGA1UdHAEB/wQHMAWDAwefgDANBgkqhkiG +9w0BAQUFAAOBgQBamnBZT2tCJ9gqcJ6Rv/UJwCyOIV1qdg9wYe74IMMAz3tAeMUl +XRfPx3RhKUCTkcFSaEwC47fCDOMmq/ov4g5wYNntNOxyS5hXjFrdHFDSbETuS4nW ++dR5ZJ/n8k/pEAyLEsTv5C34isaUmlkkG/nUbkwZTe1PP+ixKfZuLgzR7w== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem new file mode 100644 index 0000000000..c20945cd91 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem @@ -0,0 +1,146 @@ +subject=/C=US/O=Test Certificates/CN=onlySomeReasons CA2 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICeTCCAeKgAwIBAgIBUTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTb25seVNvbWVS +ZWFzb25zIENBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxjus5muZnJK+ +vbTiSr7l+wNZkm4bBceUnfDkXaEsbIwJRhzBb2TVPT0Do+y3R/r9DGfLYXxCHohP +OsEkgaaxsJcVNb560ICl7I/WjFftw3D82YeCiqtUageZZbHBGBpb/utZyPdGLoc+ +F6OmUprS/F3KhP6SSVq5/tN8vYA7dqsCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU +LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFKqh79hc2DiyM4fnkx5FQRjQinuN +MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAn3+Yq1ETHIYeBdtTuzCeQHWWo +VC03XoW3PZMLAKJZof8WbYui9I0Mz8eF7Ae1tgk4luOkc+1VEuf9Yj1R3/DnrFYR +Ws6bImkBgnSYYiUSo1GuqCC6L3FuD7KLs7vaCp+9EfS0igqOXxJwEESXgJixsOkz +/lp/IH1QU84Vh6fKlw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test17 +issuer=/C=US/O=Test Certificates/CN=onlySomeReasons CA2 +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVh +c29ucyBDQTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD +VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu +dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QxNzCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr8VCnAdQKISRnLmjaXbkkMYcS02qC5Mj +4f2jw/FDEJKBWKopXex3k9qR+Dvaz6yGEJoi2wj1sUo8xdChVd1XbjGEYxwkaqpe +cOPYjHlvVF43YGWYhqWOtohBZfIT5uJi0rxZNApuHARfo6UGBaceSk/DUFbos1ag +lCxoF4pf+5cCAwEAAaNrMGkwHwYDVR0jBBgwFoAUqqHv2FzYOLIzh+eTHkVBGNCK +e40wHQYDVR0OBBYEFK5QFuk+bZ4HFuTJCRy2qPFS7YZ6MA4GA1UdDwEB/wQEAwIE +8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAOShO +p8bEYTzkGWyiUXPs0fZAQzFbgCpN3Q+ky2VZblbIuJTOToG/UiyIQ2FNCq53oBYe +ZYiuewxa/WWDunOwx7LwPtcksOo3M5BzFmZEqTKALQryiXj9X3ob3tZJFTpAs+X2 +joJ0q+U06GYvbXscfXdm8nvBNA+r5BczWTlAG/4= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AA:A1:EF:D8:5C:D8:38:B2:33:87:E7:93:1E:45:41:18:D0:8A:7B:8D + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0..... +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 38:01:7c:3a:47:fa:d7:7a:f9:a0:3c:17:f8:db:94:e7:1d:a0: + fa:47:07:6b:ae:03:68:f4:f8:b4:4c:7b:70:a5:0b:5f:92:8c: + b8:c3:32:e9:55:34:38:53:61:ba:d9:3d:dc:8f:39:45:dc:51: + 5c:ab:7b:67:80:47:b8:60:6c:88:4b:1a:8a:57:fd:73:69:0a: + ff:2d:c3:23:8a:62:ea:31:c3:4a:07:3b:8b:89:a6:dd:4e:e8: + 8b:99:67:71:62:92:db:40:1e:af:e0:b4:e1:09:62:1d:42:69: + b6:45:64:d8:94:4f:30:40:43:e9:38:3a:59:29:6d:0f:8d:72: + 0d:8c +-----BEGIN X509 CRL----- +MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD +QTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQTA/MB8GA1UdIwQYMBaA +FKqh79hc2DiyM4fnkx5FQRjQinuNMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASD +AgEGMA0GCSqGSIb3DQEBBQUAA4GBADgBfDpH+td6+aA8F/jblOcdoPpHB2uuA2j0 ++LRMe3ClC1+SjLjDMulVNDhTYbrZPdyPOUXcUVyre2eAR7hgbIhLGopX/XNpCv8t +wyOKYuoxw0oHO4uJpt1O6IuZZ3FikttAHq/gtOEJYh1CabZFZNiUTzBAQ+k4Olkp +bQ+Ncg2M +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AA:A1:EF:D8:5C:D8:38:B2:33:87:E7:93:1E:45:41:18:D0:8A:7B:8D + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0..... +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0e:a8:95:98:a1:9d:34:e4:fd:7f:b4:bf:94:48:d5:42:03:a5: + cc:e1:85:55:65:15:c2:e7:cb:33:a1:fd:d8:cd:12:04:92:50: + cb:bf:ea:6c:e2:ae:bc:55:48:cf:4a:29:61:6b:42:00:4c:08: + 35:f6:49:30:e7:37:94:a7:38:bc:bb:3c:8c:c3:11:ea:11:f3: + 0e:bd:9f:8f:a0:32:a2:b9:8a:03:cf:6c:eb:75:d7:5d:5f:f1: + fe:97:f7:d8:33:e8:9d:9e:21:b6:8e:ba:2a:63:c1:0c:57:64: + dd:90:98:34:4f:db:a1:d1:11:0e:77:13:87:f4:b0:61:c1:36: + 1f:c8 +-----BEGIN X509 CRL----- +MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD +QTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQTA/MB8GA1UdIwQYMBaA +FKqh79hc2DiyM4fnkx5FQRjQinuNMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASD +AgMYMA0GCSqGSIb3DQEBBQUAA4GBAA6olZihnTTk/X+0v5RI1UIDpczhhVVlFcLn +yzOh/djNEgSSUMu/6mzirrxVSM9KKWFrQgBMCDX2STDnN5SnOLy7PIzDEeoR8w69 +n4+gMqK5igPPbOt1111f8f6X99gz6J2eIbaOuipjwQxXZN2QmDRP26HREQ53E4f0 +sGHBNh/I +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem new file mode 100644 index 0000000000..91c6b1fb56 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem @@ -0,0 +1,167 @@ +subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS +ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ +024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2 +wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a +MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU +LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ +MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461 +hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr +eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN +/veMciSwQ7N4Ku7Zjw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test20 +issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4 +-----BEGIN CERTIFICATE----- +MIIDZDCCAs2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh +c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD +VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu +dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QyMDCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo/2deWn2P1temSytp9fRh3t+UZIp62k5 +iNe1RKLHz08HxSTMrPeCRNnJFp5opbLpQEsUk8xludZeIcWGyLtBTN5w46xk04gh +1Px8Z2+/mnT/ngizwoMvKZf1dqA1/IYacDNHoZB8wlR7iMEa3scvBmFE/B/Ieudc +hxnOxEhEprUCAwEAAaOCAUQwggFAMB8GA1UdIwQYMBaAFD++QPH3awL7sFnDAKRa +4JdUCOkZMB0GA1UdDgQWBBT9Hi+HZ9Okq+jLk3TXM424X5IyqzAOBgNVHQ8BAf8E +BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIHUBgNVHR8EgcwwgckwYqBc +oFqkWDBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx +HDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGBAgVg +MGOgXKBapFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwy +gQMHn4AwDQYJKoZIhvcNAQEFBQADgYEAEyLMappHZG7NaHTIJRCcyylzQD0od1Bi +cIsRgkSX4W6BWas7pnbYsIaBtY7SX6PU8lcrIBdjUlKUmzZP+0f08ptO5a4ZPaY3 +mJ7GjPUXPN8T/P8cfpU5A3AlaLam894aWe2vJuwmNlrEs6I0mP20WbXkYjmg2qzP +joyjMV62Zb4= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0b.\.Z.X0V1.0...U....US1.0...U. +..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...` +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd: + 0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1: + fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10: + 1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d: + 01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92: + 96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1: + 4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7: + 28:75 +-----BEGIN X509 CRL----- +MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg +Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7 +sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL +ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG +9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+ +wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i +5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0c.\.Z.X0V1.0...U....US1.0...U. +..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2..... +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Affiliation Changed + Signature Algorithm: sha1WithRSAEncryption + 3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18: + 19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69: + 90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58: + b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1: + 8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2: + a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2: + 4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38: + 45:4d +-----BEGIN X509 CRL----- +MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg +Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7 +sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL +ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI +hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp +kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2 +OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem new file mode 100644 index 0000000000..07b5c9b27a --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem @@ -0,0 +1,167 @@ +subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS +ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ +024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2 +wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a +MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU +LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ +MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461 +hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr +eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN +/veMciSwQ7N4Ku7Zjw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test21 +issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4 +-----BEGIN CERTIFICATE----- +MIIDZDCCAs2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh +c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD +VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu +dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QyMTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzgd55Gu4oIU3A4rk6mO8UVYckksUPNUx +c+r5iyehCTZg5HpsL0JSKVXAlRwGm5Q7YtHJE+teXB2BM0iMSAIZGNX8fktIN8nK +Lrw3CHA+5ZySf38wiaNzTgw3V7UTBQ01sd50PWuvL+jOm+AcaCMvdcqFJBP0yhCS +nkdd2MUeY1MCAwEAAaOCAUQwggFAMB8GA1UdIwQYMBaAFD++QPH3awL7sFnDAKRa +4JdUCOkZMB0GA1UdDgQWBBT41fIkHaXWHPGTFvG2DPuOcjtPXDAOBgNVHQ8BAf8E +BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIHUBgNVHR8EgcwwgckwYqBc +oFqkWDBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx +HDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGBAgVg +MGOgXKBapFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwy +gQMHn4AwDQYJKoZIhvcNAQEFBQADgYEANlJq9PF7a+NShO7uJTf788sIG++L3xeT +OiO5bnuAe91jbQN8l4j+dHxDiT4CdVBdlUPwlENF5rtuKsjSn6baeKMwAo5A6ji0 +7YObkqeg6Be0P6fIKT29KyT17o0bXi7rRTK6PqODvOePJ/kf+x5pMpQrHEutym09 +VmHbVhUkHEA= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0b.\.Z.X0V1.0...U....US1.0...U. +..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...` +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd: + 0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1: + fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10: + 1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d: + 01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92: + 96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1: + 4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7: + 28:75 +-----BEGIN X509 CRL----- +MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg +Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7 +sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL +ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG +9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+ +wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i +5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0c.\.Z.X0V1.0...U....US1.0...U. +..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2..... +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Affiliation Changed + Signature Algorithm: sha1WithRSAEncryption + 3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18: + 19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69: + 90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58: + b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1: + 8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2: + a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2: + 4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38: + 45:4d +-----BEGIN X509 CRL----- +MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg +Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7 +sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL +ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI +hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp +kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2 +OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem new file mode 100644 index 0000000000..1ef60f3971 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem @@ -0,0 +1,211 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd +RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ +AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS +icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO +hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs +k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2 +9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp +Cu6s2eBv0+DeibQTg73sQuTj +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ +cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAt36UX+gq562CFiw9L16IZ/AjJhU0BB9ji/77uw3AfvBGggmikeDq79BD +yzBFrHys/L5UeXepakX1v+XvlxFjwvc8c226jf6uKEop5KJZDI8aV4byQvc1C8Ol +MdgZ4pd6ofTl28r1VDkdDt94c7+Gl0CqBo6LawwGmNfSHUWqf6UCAwEAAaN/MH0w +HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFAJIeLnM +AVExdH85KjfCRJN+mGmAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQCm +Qa7i6335O64eyxJjXl3U2Bw5wN3JaK9t7f4dJAxfOlcblWbbes+Gk12UCYtxTZDj +oZ70F4IoGU7JQt5CcdB2yQtctPK+X7A3/Vsxjknm11nCn4IhcU7LDkEiSovBGLR0 +KV3NAqQQhr1WQoY1Uf3Ncpl7b+SaZscZ3r35UJo4iw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0 +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z +dHJhaW50NiBzdWJDQTAwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV +BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTAwMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQC3rH58cOqP9U5iyQflKaVyYw+1LMhr3jDW9/Q3aedlH/TY +iLmT71FUjHaJMWOCO6sAEYMphrRdIUy82rai3iJgrNtJ21uIFOlmjgwgl9amHX8B +yT+qgiwLs8kzE6NgPYHgLgbKEIqgZ+AZplCt60tCbeGKLR/WtXrxAIgqU+ar1wID +AQABo38wfTAfBgNVHSMEGDAWgBQCSHi5zAFRMXR/OSo3wkSTfphpgDAdBgNVHQ4E +FgQUauYRxUFtrRo+gtywXa3yGfFQzgswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEB +BQUAA4GBADnBidpEzasWbrLankXCoCaeizozu2dGAMMWpbs02cplC/vIlcr0myWK +noFSuxUuQa7sMxp72p5r2ziJp5pk1gT2KX/kgOYlQqgbJ4UmARGP7er+zIPulXib +suMShSCGO1xC+fXppdhPy+YQq8a7Mzi7XKqP5su+aTWw/B3a8ys9 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test10 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00 +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z +dHJhaW50NiBzdWJzdWJDQTAwMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFowYzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgw +NgYDVQQDEy9JbnZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl +IFRlc3QxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr0SfgP3iREpEpoxL +34yNQOjycTI5wM/Y9YXQ6E26DxRndEt8gy0Nt+w7/WcO0aJ/EA76704ckmtzahRW +gH7YAntSVCkBwyB8EDt0eBxom9vWRhPmqJgF6PJtcuAZnkISqXfw7zurQN/p1HzT +iBta6ocTlilBTPujtQ/X4O12W5kCAwEAAaN8MHowHwYDVR0jBBgwFoAUauYRxUFt +rRo+gtywXa3yGfFQzgswHQYDVR0OBBYEFLsMSzv8dfhgJ3MxRW07FltMDKkGMA4G +A1UdDwEB/wQEAwIB9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/ +BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAfOH+DXogRwi00dAkv43qzCo23eOg7 +uaaD7fgNVn7RrEYkyc0RZWf1P56IXe9aTM41eVmi1PyblkZ0aXH9e7ShaOW11Jk4 +OpIpx+vR7HqBjW0yqIXES3pbA6Vm26gj1WDuq0oSps0+BxKTL5cHxVlCT9+YES4B +T1SmCaLl/UdsEA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0: + af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0: + 11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3: + 5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58: + ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd: + 08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16: + 1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78: + fa:7a +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn +gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d +CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:02:48:78:B9:CC:01:51:31:74:7F:39:2A:37:C2:44:93:7E:98:69:80 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 44:34:f6:c5:c0:16:f7:24:42:33:a8:e4:ca:74:71:94:76:93: + e7:4b:7c:a3:8b:ac:ae:11:ab:46:94:f6:0d:88:b6:e0:96:1f: + ab:04:6a:92:b7:6d:4b:aa:6a:b0:13:58:58:a7:7e:06:de:c1: + 26:d4:09:e0:7b:a9:e4:dd:73:da:b0:cc:a0:61:ab:c4:c7:cb: + c2:e1:66:f9:f2:2a:c2:c9:59:5f:05:c6:74:f8:bd:bb:92:24: + 77:12:34:23:7d:95:99:bf:35:e0:6f:cf:2a:b6:19:29:9e:59: + d2:0b:2f:07:44:25:66:6a:e9:5a:ed:7f:99:33:b5:3e:65:69: + 57:95 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJDQTAXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFAJIeLnMAVExdH85KjfCRJN+mGmAMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAEQ09sXAFvckQjOo5Mp0cZR2k+dLfKOLrK4Rq0aU9g2ItuCWH6sE +apK3bUuqarATWFinfgbewSbUCeB7qeTdc9qwzKBhq8THy8LhZvnyKsLJWV8FxnT4 +vbuSJHcSNCN9lZm/NeBvzyq2GSmeWdILLwdEJWZq6Vrtf5kztT5laVeV +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6A:E6:11:C5:41:6D:AD:1A:3E:82:DC:B0:5D:AD:F2:19:F1:50:CE:0B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 42:5b:18:71:be:d6:f0:b4:80:f6:33:3c:cd:99:0d:26:f3:90: + 70:42:44:f8:f9:61:72:1c:b3:91:02:0a:14:55:67:d0:1b:23: + 06:f0:90:76:49:c6:82:23:70:da:3a:15:95:90:80:aa:8f:0e: + fb:4e:5b:9b:66:38:21:14:15:c1:65:71:1d:e5:b6:90:ae:b2: + 7a:73:84:9a:1d:3c:f2:2f:65:0a:b4:7f:52:90:a1:1d:37:a6: + 24:a8:7f:5e:72:e5:1a:8b:89:31:ac:dc:0a:3a:d2:15:7f:f5: + 97:f3:1a:82:d6:fd:74:b5:92:0f:d5:d3:a5:74:1d:a3:7f:62: + 1b:c4 +-----BEGIN X509 CRL----- +MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJzdWJDQTAwFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf +BgNVHSMEGDAWgBRq5hHFQW2tGj6C3LBdrfIZ8VDOCzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQBCWxhxvtbwtID2MzzNmQ0m85BwQkT4+WFyHLORAgoUVWfQ +GyMG8JB2ScaCI3DaOhWVkICqjw77TlubZjghFBXBZXEd5baQrrJ6c4SaHTzyL2UK +tH9SkKEdN6YkqH9ecuUai4kxrNwKOtIVf/WX8xqC1v10tZIP1dOldB2jf2IbxA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem new file mode 100644 index 0000000000..259d24610f --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem @@ -0,0 +1,262 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd +RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ +AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS +icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO +hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs +k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2 +9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp +Cu6s2eBv0+DeibQTg73sQuTj +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ +cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAmzChDurmjaO/gLW4mwfnkQwkFgDcZvpMdZEqpd4u4+RaoyI7I6LlTFQ+ +wkZ0cnLVA8C/F6+ZqpMXg4s9pb04PuHb0xsgBHFefpSASxTCIBWVOmLq462zY6o8 +Iun/AQo4JVGx175EcIUkcldAg19+3l1NV4fg7BN7waHWiVfIzS0CAwEAAaN/MH0w +HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEQ04VAm +/zwjDK2/vU7Ge+AMSIqqMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQUFAAOBgQCK +Fy4Zq2RJVwWE4qzs2QbzST7CRcwqzwlUwH2S53MA3J38uXAEjqjJLyLSG7k9xjYq +Xwq0hQZIfdeOkSMfSEUl3XWgYfQFGfmHdsUPJ0NX79NXXoyxsfZPRH9LF+CPnv8d +kwA/on1VypfAuAv4/M6L3p7jFDISJRRGcXRBRB13lA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1 +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z +dHJhaW50NiBzdWJDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV +BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTExMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDSXWC7L0WLN2ZeSCkEhh0EhpdojjOAr8wqSRoVWRnyzGMM +swGD3i80PXaZFl1qIeaER7LF0udID27SF6sC5g+kklfiK3UAn0YscNa2U6r27vwO +2pj95+SfvnAuFgQoO82T4VQtUJnUOB+NAwWHGZ0Y9WiAxus6qNqEVTbr3CcT4wID +AQABo38wfTAfBgNVHSMEGDAWgBRENOFQJv88Iwytv71OxnvgDEiKqjAdBgNVHQ4E +FgQUs8D3URQQ9lyaTiyHUFHlkdNYWyswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB +BQUAA4GBADYFuhgJI8Nyw7Mhpcq5n2NHNEXkP8g5ibaa86O1I//NQRsXnQ42VQrQ +UemJMwtYlYjXHCL3MaiZOOXv+jaJDAbAE8zDq1c11WuKYBQ/ABNR+jCYnOlnR4lH +1Ibtl3Y4v7sEq5V6MyO6DugCihflJSVSOV8UFaYxZQ3cb/AgI41q +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11 +-----BEGIN CERTIFICATE----- +MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z +dHJhaW50NiBzdWJzdWJDQTExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow +KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0ExMVgwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBALXNtkOI9gcg1V1Ecg8VBS17NqL8yaeNOG8h +VgH8Peay4GsCzxqYOSnPDeBKtlMJ+TAmMmz30FZ4XtEJScvx9yllHjEM85LdyvTM +ZD6gy7yWApPgkhMipi9vww7JUtH6RrDQmKurTvtx5BhM/lYWlDVSnxX/CmWFm22r +vwk/Rbz1AgMBAAGjfDB6MB8GA1UdIwQYMBaAFLPA91EUEPZcmk4sh1BR5ZHTWFsr +MB0GA1UdDgQWBBRqNvBXdT9CFVC16QgdKDfFreIGvDAOBgNVHQ8BAf8EBAMCAQYw +FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQEFBQADgYEAXlaYIT0dDTF0GGAJ8H41hvUkovy3ge8i7YDWofVBhdt+rEeC +v0tvUcc+7mPSj3i5flZgJnbXMwS7wNlLhttOpbBMqL5/vWyIcvrgXm3qmXowQF0H +WuW/WllHgGzQ8tIbGUWcl2bvkFNA5nIeumCrK1vmIgNqYaRUdOH9xuPuvxw= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test11 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X +-----BEGIN CERTIFICATE----- +MIICmTCCAgKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z +dHJhaW50NiBzdWJzdWJzdWJDQTExWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx +NDU3MjBaMGMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl +czE4MDYGA1UEAxMvSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZp +Y2F0ZSBUZXN0MTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK/Kz6a5RrnL +VxjtAz2f5jD2LFhGyAiWK8+D2zGdebUqwosPmO1bFaTy4UpTN1y2NDdhbZJ9u6q4 +UyBlEswNHWLbKw2eAhhlj4tL8W7qCcCTiIDusf+/it87dawc9FbLFDa6ZhPQn3zf +fOKdROTtdR1GLihtxkPeVht0YCU0Y5jBAgMBAAGjazBpMB8GA1UdIwQYMBaAFGo2 +8Fd1P0IVULXpCB0oN8Wt4ga8MB0GA1UdDgQWBBSms0sRlWo2giuUP4b24hz3mOOT +ZjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG +SIb3DQEBBQUAA4GBAGVBiyATRLrOnNHi80uCRg3a7ZWI4275SlflSYwZhFBkGkd2 +C4kyAGKsNrFGtuCpDNM7IgF4xbQweHBODNwwCOfsdc9OahGntqhxeKxUQpDkwc8a +3Faqn6fs/BnZqkNzepiZdHCsTdiyiiB7LxL9LVo7575vfuB0yBsCk2lGgbkz +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0: + af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0: + 11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3: + 5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58: + ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd: + 08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16: + 1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78: + fa:7a +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn +gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d +CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:44:34:E1:50:26:FF:3C:23:0C:AD:BF:BD:4E:C6:7B:E0:0C:48:8A:AA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8d:23:83:69:3d:e9:a9:b9:0c:9f:fd:64:34:97:b1:1e:e3:c6: + 25:62:c4:d5:cb:ee:87:98:04:d6:96:04:0e:7e:96:3b:22:7c: + 3f:e7:f6:f8:a5:d4:14:a2:86:2c:10:d6:b6:08:a6:da:2a:3e: + 7e:70:f1:d1:e6:a0:6e:55:1c:68:10:4f:65:d2:1f:51:d7:a0: + 6b:d7:df:db:7e:2e:f6:8f:5e:64:5e:6a:ca:48:2b:8c:f0:85: + 37:f3:70:67:c9:44:c4:8f:7f:ad:93:93:e6:d9:c0:7e:8d:0e: + 01:16:01:82:e2:b9:a6:28:1f:3b:e9:0a:d0:ea:d6:23:a1:c4: + a5:1a +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFEQ04VAm/zwjDK2/vU7Ge+AMSIqqMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAI0jg2k96am5DJ/9ZDSXsR7jxiVixNXL7oeYBNaWBA5+ljsifD/n +9vil1BSihiwQ1rYIptoqPn5w8dHmoG5VHGgQT2XSH1HXoGvX39t+LvaPXmReaspI +K4zwhTfzcGfJRMSPf62Tk+bZwH6NDgEWAYLiuaYoHzvpCtDq1iOhxKUa +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B3:C0:F7:51:14:10:F6:5C:9A:4E:2C:87:50:51:E5:91:D3:58:5B:2B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 5f:3d:a5:ee:09:93:d8:4f:cf:28:3b:05:87:8e:8b:08:7e:2d: + 36:0e:c2:f0:cd:54:94:05:54:07:2f:9d:e6:8d:1b:9c:f5:fe: + 92:7e:3f:bc:94:d5:fd:82:c0:87:dc:93:32:c8:ab:01:59:3b: + 6a:df:8e:af:cb:14:f7:f7:39:50:da:8c:ac:02:7c:97:24:27: + ce:11:a9:9b:38:72:6e:32:c4:a1:0a:f3:34:5d:62:9d:f8:ea: + 21:1a:bc:0e:22:98:6f:80:25:1f:5c:c4:fe:1e:7b:ff:9c:4a: + 83:ec:02:29:db:a0:6e:cb:9e:98:89:33:be:25:8c:2d:48:9d: + 70:3d +-----BEGIN X509 CRL----- +MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJzdWJDQTExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf +BgNVHSMEGDAWgBSzwPdRFBD2XJpOLIdQUeWR01hbKzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQBfPaXuCZPYT88oOwWHjosIfi02DsLwzVSUBVQHL53mjRuc +9f6Sfj+8lNX9gsCH3JMyyKsBWTtq346vyxT39zlQ2oysAnyXJCfOEambOHJuMsSh +CvM0XWKd+OohGrwOIphvgCUfXMT+Hnv/nEqD7AIp26Buy56YiTO+JYwtSJ1wPQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6A:36:F0:57:75:3F:42:15:50:B5:E9:08:1D:28:37:C5:AD:E2:06:BC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 93:c1:d4:9f:53:f4:86:55:66:46:ba:2f:82:df:c3:81:ad:52: + 95:0f:cb:f0:c0:25:ca:b2:fa:80:c7:b4:50:a3:95:70:ea:01: + b1:30:fe:c9:da:a0:b4:fb:a6:9f:55:ec:3f:df:12:37:bb:44: + cf:6a:5c:7d:fa:34:93:7c:9d:5f:f0:d6:fc:dc:07:9f:1f:2d: + bc:02:3f:80:59:de:31:ba:19:c8:e8:a9:3c:e7:1d:28:e8:cb: + f7:4d:e2:f6:26:cd:45:2f:d4:70:77:68:ae:1e:5d:0f:55:c6: + fb:f4:5d:64:3c:e0:30:a7:2d:3a:ed:4e:7b:a1:e2:13:70:da: + 30:e4 +-----BEGIN X509 CRL----- +MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJzdWJzdWJDQTExWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv +MC0wHwYDVR0jBBgwFoAUajbwV3U/QhVQtekIHSg3xa3iBrwwCgYDVR0UBAMCAQEw +DQYJKoZIhvcNAQEFBQADgYEAk8HUn1P0hlVmRrovgt/Dga1SlQ/L8MAlyrL6gMe0 +UKOVcOoBsTD+ydqgtPumn1XsP98SN7tEz2pcffo0k3ydX/DW/NwHnx8tvAI/gFne +MboZyOipPOcdKOjL903i9ibNRS/UcHdorh5dD1XG+/RdZDzgMKctOu1Oe6HiE3Da +MOQ= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem new file mode 100644 index 0000000000..3325707a9b --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem @@ -0,0 +1,263 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd +RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ +AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS +icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO +hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs +k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2 +9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp +Cu6s2eBv0+DeibQTg73sQuTj +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ +cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAmzChDurmjaO/gLW4mwfnkQwkFgDcZvpMdZEqpd4u4+RaoyI7I6LlTFQ+ +wkZ0cnLVA8C/F6+ZqpMXg4s9pb04PuHb0xsgBHFefpSASxTCIBWVOmLq462zY6o8 +Iun/AQo4JVGx175EcIUkcldAg19+3l1NV4fg7BN7waHWiVfIzS0CAwEAAaN/MH0w +HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEQ04VAm +/zwjDK2/vU7Ge+AMSIqqMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQUFAAOBgQCK +Fy4Zq2RJVwWE4qzs2QbzST7CRcwqzwlUwH2S53MA3J38uXAEjqjJLyLSG7k9xjYq +Xwq0hQZIfdeOkSMfSEUl3XWgYfQFGfmHdsUPJ0NX79NXXoyxsfZPRH9LF+CPnv8d +kwA/on1VypfAuAv4/M6L3p7jFDISJRRGcXRBRB13lA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1 +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z +dHJhaW50NiBzdWJDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV +BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTExMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDSXWC7L0WLN2ZeSCkEhh0EhpdojjOAr8wqSRoVWRnyzGMM +swGD3i80PXaZFl1qIeaER7LF0udID27SF6sC5g+kklfiK3UAn0YscNa2U6r27vwO +2pj95+SfvnAuFgQoO82T4VQtUJnUOB+NAwWHGZ0Y9WiAxus6qNqEVTbr3CcT4wID +AQABo38wfTAfBgNVHSMEGDAWgBRENOFQJv88Iwytv71OxnvgDEiKqjAdBgNVHQ4E +FgQUs8D3URQQ9lyaTiyHUFHlkdNYWyswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB +BQUAA4GBADYFuhgJI8Nyw7Mhpcq5n2NHNEXkP8g5ibaa86O1I//NQRsXnQ42VQrQ +UemJMwtYlYjXHCL3MaiZOOXv+jaJDAbAE8zDq1c11WuKYBQ/ABNR+jCYnOlnR4lH +1Ibtl3Y4v7sEq5V6MyO6DugCihflJSVSOV8UFaYxZQ3cb/AgI41q +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11 +-----BEGIN CERTIFICATE----- +MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z +dHJhaW50NiBzdWJzdWJDQTExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow +KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0ExMVgwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBALXNtkOI9gcg1V1Ecg8VBS17NqL8yaeNOG8h +VgH8Peay4GsCzxqYOSnPDeBKtlMJ+TAmMmz30FZ4XtEJScvx9yllHjEM85LdyvTM +ZD6gy7yWApPgkhMipi9vww7JUtH6RrDQmKurTvtx5BhM/lYWlDVSnxX/CmWFm22r +vwk/Rbz1AgMBAAGjfDB6MB8GA1UdIwQYMBaAFLPA91EUEPZcmk4sh1BR5ZHTWFsr +MB0GA1UdDgQWBBRqNvBXdT9CFVC16QgdKDfFreIGvDAOBgNVHQ8BAf8EBAMCAQYw +FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQEFBQADgYEAXlaYIT0dDTF0GGAJ8H41hvUkovy3ge8i7YDWofVBhdt+rEeC +v0tvUcc+7mPSj3i5flZgJnbXMwS7wNlLhttOpbBMqL5/vWyIcvrgXm3qmXowQF0H +WuW/WllHgGzQ8tIbGUWcl2bvkFNA5nIeumCrK1vmIgNqYaRUdOH9xuPuvxw= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test12 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X +-----BEGIN CERTIFICATE----- +MIICqjCCAhOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z +dHJhaW50NiBzdWJzdWJzdWJDQTExWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx +NDU3MjBaMGMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl +czE4MDYGA1UEAxMvSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZp +Y2F0ZSBUZXN0MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYWPPc7psjO +loPqdJ0NVow1+jFLB3yaoLHoJ+72kbII2gHjDiiZqm3e1E8Bqo136BrJlUrf5ZBj +5G7DoA0OWn12+0bHhTNOEucIAFe/M6DpdHEIRR3l9CA20h4VMN5dUnQlVRt5uzGb +RWcxgL5F79IUTDI1M2JJz2z8Aj/WIsbRAgMBAAGjfDB6MB8GA1UdIwQYMBaAFGo2 +8Fd1P0IVULXpCB0oN8Wt4ga8MB0GA1UdDgQWBBQfCYLms5akqSyTnpkK+G20CC7J +7zAOBgNVHQ8BAf8EBAMCAfYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEABeLBzaJ0fJ0vgFUpXxNodli4 +jWo3oP+YW75X3NsMhhl31MbHAyUVw7CCEspHiIIRtSfJCALAaH9Ug7kMFjFDrxTH +2790IdTodWieyUn/sdU9WWVRXiR7d5M2SVIYwdc6NjmsSVg6m++W99Uv5pBzoTAA +ClExK3cmR6k5T7cF58Y= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0: + af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0: + 11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3: + 5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58: + ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd: + 08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16: + 1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78: + fa:7a +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn +gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d +CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:44:34:E1:50:26:FF:3C:23:0C:AD:BF:BD:4E:C6:7B:E0:0C:48:8A:AA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8d:23:83:69:3d:e9:a9:b9:0c:9f:fd:64:34:97:b1:1e:e3:c6: + 25:62:c4:d5:cb:ee:87:98:04:d6:96:04:0e:7e:96:3b:22:7c: + 3f:e7:f6:f8:a5:d4:14:a2:86:2c:10:d6:b6:08:a6:da:2a:3e: + 7e:70:f1:d1:e6:a0:6e:55:1c:68:10:4f:65:d2:1f:51:d7:a0: + 6b:d7:df:db:7e:2e:f6:8f:5e:64:5e:6a:ca:48:2b:8c:f0:85: + 37:f3:70:67:c9:44:c4:8f:7f:ad:93:93:e6:d9:c0:7e:8d:0e: + 01:16:01:82:e2:b9:a6:28:1f:3b:e9:0a:d0:ea:d6:23:a1:c4: + a5:1a +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFEQ04VAm/zwjDK2/vU7Ge+AMSIqqMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAI0jg2k96am5DJ/9ZDSXsR7jxiVixNXL7oeYBNaWBA5+ljsifD/n +9vil1BSihiwQ1rYIptoqPn5w8dHmoG5VHGgQT2XSH1HXoGvX39t+LvaPXmReaspI +K4zwhTfzcGfJRMSPf62Tk+bZwH6NDgEWAYLiuaYoHzvpCtDq1iOhxKUa +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B3:C0:F7:51:14:10:F6:5C:9A:4E:2C:87:50:51:E5:91:D3:58:5B:2B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 5f:3d:a5:ee:09:93:d8:4f:cf:28:3b:05:87:8e:8b:08:7e:2d: + 36:0e:c2:f0:cd:54:94:05:54:07:2f:9d:e6:8d:1b:9c:f5:fe: + 92:7e:3f:bc:94:d5:fd:82:c0:87:dc:93:32:c8:ab:01:59:3b: + 6a:df:8e:af:cb:14:f7:f7:39:50:da:8c:ac:02:7c:97:24:27: + ce:11:a9:9b:38:72:6e:32:c4:a1:0a:f3:34:5d:62:9d:f8:ea: + 21:1a:bc:0e:22:98:6f:80:25:1f:5c:c4:fe:1e:7b:ff:9c:4a: + 83:ec:02:29:db:a0:6e:cb:9e:98:89:33:be:25:8c:2d:48:9d: + 70:3d +-----BEGIN X509 CRL----- +MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJzdWJDQTExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf +BgNVHSMEGDAWgBSzwPdRFBD2XJpOLIdQUeWR01hbKzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQBfPaXuCZPYT88oOwWHjosIfi02DsLwzVSUBVQHL53mjRuc +9f6Sfj+8lNX9gsCH3JMyyKsBWTtq346vyxT39zlQ2oysAnyXJCfOEambOHJuMsSh +CvM0XWKd+OohGrwOIphvgCUfXMT+Hnv/nEqD7AIp26Buy56YiTO+JYwtSJ1wPQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6A:36:F0:57:75:3F:42:15:50:B5:E9:08:1D:28:37:C5:AD:E2:06:BC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 93:c1:d4:9f:53:f4:86:55:66:46:ba:2f:82:df:c3:81:ad:52: + 95:0f:cb:f0:c0:25:ca:b2:fa:80:c7:b4:50:a3:95:70:ea:01: + b1:30:fe:c9:da:a0:b4:fb:a6:9f:55:ec:3f:df:12:37:bb:44: + cf:6a:5c:7d:fa:34:93:7c:9d:5f:f0:d6:fc:dc:07:9f:1f:2d: + bc:02:3f:80:59:de:31:ba:19:c8:e8:a9:3c:e7:1d:28:e8:cb: + f7:4d:e2:f6:26:cd:45:2f:d4:70:77:68:ae:1e:5d:0f:55:c6: + fb:f4:5d:64:3c:e0:30:a7:2d:3a:ed:4e:7b:a1:e2:13:70:da: + 30:e4 +-----BEGIN X509 CRL----- +MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJzdWJzdWJDQTExWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv +MC0wHwYDVR0jBBgwFoAUajbwV3U/QhVQtekIHSg3xa3iBrwwCgYDVR0UBAMCAQEw +DQYJKoZIhvcNAQEFBQADgYEAk8HUn1P0hlVmRrovgt/Dga1SlQ/L8MAlyrL6gMe0 +UKOVcOoBsTD+ydqgtPumn1XsP98SN7tEz2pcffo0k3ydX/DW/NwHnx8tvAI/gFne +MboZyOipPOcdKOjL903i9ibNRS/UcHdorh5dD1XG+/RdZDzgMKctOu1Oe6HiE3Da +MOQ= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem new file mode 100644 index 0000000000..6f28f19db3 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem @@ -0,0 +1,159 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk +MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w +LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1 +RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah +b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt +BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr +NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE +6cbcSe7zaz5qdojy0B72dLHC +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +-----BEGIN CERTIFICATE----- +MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMY +cGF0aExlbkNvbnN0cmFpbnQwIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQC9F8qrs0xS57Qn1kibsZC0kS6JQNJyITUgX+oGjw6Y9R6Jh9m5WVI7BwMI +FsyIDhUK42ZsG9b6hMdQyp5NKHZbYOh53VhWzsEAk3veMZvsEyE6K2Ip6SZO1xDq +ta7FYY4SF+2S3nw8tyJGqXqNEG4Aob2k+QW1L7UgcsPyrAE66QIDAQABo3wwejAf +BgNVHSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUjh+rRpwO +S27n5VeIDCeT/ifW5xIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI +AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADW1rIN2 +092d2UN+8PysNq18Cl0i7qsx9JbK7SUwreNTgbpyw9Uh7HFYzJwBW9ACs94rDhZo +iqG0u0K4zLTijCS3ixy9sVKVha/+QTy6YxHFcjLmriX4bfiYUjXJPqmmZFExM3vO +XMyum0wyXdEc+hbuAj1+6WBRec8clffFlRdv +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA +-----BEGIN CERTIFICATE----- +MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z +dHJhaW50MCBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UE +AxMuSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0 +NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsZWQnm88nqSXHt/QuMDuN373 +VZ5lU/JhChuvs6DBS9f9L9NFBKtTS7+iq0QmlWuc3qB1RDAUjwAF85QyXYlqujEL +h22h7CWzEP26t43/megvHJFuT/wCuRBzbTm+fzKTlWI2v7u8YILgQcOxb9vbRKzc +FpwTBBqlnT//Xqavj98CAwEAAaNrMGkwHwYDVR0jBBgwFoAUjh+rRpwOS27n5VeI +DCeT/ifW5xIwHQYDVR0OBBYEFDsP7IkBHltfUoRf9AuD3aINP8pHMA4GA1UdDwEB +/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQAD +gYEAeuTAbPsAB5hEhGMN18ygmQ2hryyEu5o0OlbfiZbwgOSaNISSeYEUGr/+1uxV +MHb6zNrauChrz4hTCgHMmhThDhfxHeIlh0bM/xKd1dOmlB9g/WMr59Uy8R6vvo/4 +HZC6bTc4Ukzj7n2maNkUNogPKghLEho3hlGx/dZoxOr59pI= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba: + cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3: + d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f: + 53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec: + b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80: + 3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91: + 55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da: + cd:a2 +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6 +rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA +Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8E:1F:AB:46:9C:0E:4B:6E:E7:E5:57:88:0C:27:93:FE:27:D6:E7:12 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8b:2d:ce:68:13:85:60:64:90:ea:5e:1d:ad:93:65:9c:93:9e: + a7:20:49:c9:bc:37:41:b6:05:bb:6e:b9:8e:c6:20:5b:d8:6b: + a5:76:f7:d1:40:f0:73:d7:19:68:a4:b0:68:ad:63:f0:b1:b5: + a0:52:b8:f6:ec:55:74:22:37:a5:2f:01:c0:af:a9:69:b8:54: + e3:0a:3c:06:10:23:3c:0b:7b:0d:e8:6d:ad:9c:36:b3:d3:54: + 9c:6f:4d:c2:e6:35:e0:6b:0b:3b:a8:10:3a:86:78:76:1d:17: + 08:b6:ec:1e:da:17:a1:3c:1b:ed:a7:e3:41:cf:45:cd:d2:b3: + b5:83 +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50 +MCBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUjh+rRpwOS27n5VeIDCeT/ifW5xIwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAiy3OaBOFYGSQ6l4drZNlnJOepyBJybw3QbYFu265jsYgW9hrpXb3 +0UDwc9cZaKSwaK1j8LG1oFK49uxVdCI3pS8BwK+pabhU4wo8BhAjPAt7DehtrZw2 +s9NUnG9NwuY14GsLO6gQOoZ4dh0XCLbsHtoXoTwb7afjQc9FzdKztYM= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem new file mode 100644 index 0000000000..c4fdb25d66 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem @@ -0,0 +1,160 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk +MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w +LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1 +RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah +b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt +BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr +NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE +6cbcSe7zaz5qdojy0B72dLHC +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +-----BEGIN CERTIFICATE----- +MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMY +cGF0aExlbkNvbnN0cmFpbnQwIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQC9F8qrs0xS57Qn1kibsZC0kS6JQNJyITUgX+oGjw6Y9R6Jh9m5WVI7BwMI +FsyIDhUK42ZsG9b6hMdQyp5NKHZbYOh53VhWzsEAk3veMZvsEyE6K2Ip6SZO1xDq +ta7FYY4SF+2S3nw8tyJGqXqNEG4Aob2k+QW1L7UgcsPyrAE66QIDAQABo3wwejAf +BgNVHSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUjh+rRpwO +S27n5VeIDCeT/ifW5xIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI +AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADW1rIN2 +092d2UN+8PysNq18Cl0i7qsx9JbK7SUwreNTgbpyw9Uh7HFYzJwBW9ACs94rDhZo +iqG0u0K4zLTijCS3ixy9sVKVha/+QTy6YxHFcjLmriX4bfiYUjXJPqmmZFExM3vO +XMyum0wyXdEc+hbuAj1+6WBRec8clffFlRdv +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA +-----BEGIN CERTIFICATE----- +MIICoDCCAgmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z +dHJhaW50MCBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UE +AxMuSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0 +NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqRnKex0cxpUb1ZFo+pXGEX8V +39ndPC9BNFgD6o0pAqBpYd6zlYIIkQo+rpciQ1vHnizx6WP3ulT6unn4w5UhXCP7 +S9h+TKQt6KFwZNXaCASi/VTEgHt5XLrwqjrhCtIDamjCgEcR1L/VS6N+c+SARpEG +aWQzmao86RmaEKBaI10CAwEAAaN8MHowHwYDVR0jBBgwFoAUjh+rRpwOS27n5VeI +DCeT/ifW5xIwHQYDVR0OBBYEFCw8vCsEA7QX0lC4KFyI8IP18fO9MA4GA1UdDwEB +/wQEAwIB9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQUFAAOBgQAUW32gQakGpEtbmPGP8WBo5wdAtIRXbRp/VGK0 +zZZzXsoEoME9XCHEOVvWO09Qcu1VP7hwwnaEqgYGWl1ooUih33plStn8ETtzLcQ6 +BhOfvj216EgmZINuLcozCAusomtXZJ9yRHO0uRveEebjOJYPWqqv3zD9NgKck6cm +kq1Hlw== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba: + cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3: + d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f: + 53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec: + b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80: + 3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91: + 55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da: + cd:a2 +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6 +rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA +Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8E:1F:AB:46:9C:0E:4B:6E:E7:E5:57:88:0C:27:93:FE:27:D6:E7:12 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8b:2d:ce:68:13:85:60:64:90:ea:5e:1d:ad:93:65:9c:93:9e: + a7:20:49:c9:bc:37:41:b6:05:bb:6e:b9:8e:c6:20:5b:d8:6b: + a5:76:f7:d1:40:f0:73:d7:19:68:a4:b0:68:ad:63:f0:b1:b5: + a0:52:b8:f6:ec:55:74:22:37:a5:2f:01:c0:af:a9:69:b8:54: + e3:0a:3c:06:10:23:3c:0b:7b:0d:e8:6d:ad:9c:36:b3:d3:54: + 9c:6f:4d:c2:e6:35:e0:6b:0b:3b:a8:10:3a:86:78:76:1d:17: + 08:b6:ec:1e:da:17:a1:3c:1b:ed:a7:e3:41:cf:45:cd:d2:b3: + b5:83 +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50 +MCBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUjh+rRpwOS27n5VeIDCeT/ifW5xIwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAiy3OaBOFYGSQ6l4drZNlnJOepyBJybw3QbYFu265jsYgW9hrpXb3 +0UDwc9cZaKSwaK1j8LG1oFK49uxVdCI3pS8BwK+pabhU4wo8BhAjPAt7DehtrZw2 +s9NUnG9NwuY14GsLO6gQOoZ4dh0XCLbsHtoXoTwb7afjQc9FzdKztYM= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem new file mode 100644 index 0000000000..8b61201901 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem @@ -0,0 +1,210 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd +RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ +AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS +icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO +hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs +k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2 +9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp +Cu6s2eBv0+DeibQTg73sQuTj +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ +cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAt36UX+gq562CFiw9L16IZ/AjJhU0BB9ji/77uw3AfvBGggmikeDq79BD +yzBFrHys/L5UeXepakX1v+XvlxFjwvc8c226jf6uKEop5KJZDI8aV4byQvc1C8Ol +MdgZ4pd6ofTl28r1VDkdDt94c7+Gl0CqBo6LawwGmNfSHUWqf6UCAwEAAaN/MH0w +HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFAJIeLnM +AVExdH85KjfCRJN+mGmAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQCm +Qa7i6335O64eyxJjXl3U2Bw5wN3JaK9t7f4dJAxfOlcblWbbes+Gk12UCYtxTZDj +oZ70F4IoGU7JQt5CcdB2yQtctPK+X7A3/Vsxjknm11nCn4IhcU7LDkEiSovBGLR0 +KV3NAqQQhr1WQoY1Uf3Ncpl7b+SaZscZ3r35UJo4iw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0 +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z +dHJhaW50NiBzdWJDQTAwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV +BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTAwMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQC3rH58cOqP9U5iyQflKaVyYw+1LMhr3jDW9/Q3aedlH/TY +iLmT71FUjHaJMWOCO6sAEYMphrRdIUy82rai3iJgrNtJ21uIFOlmjgwgl9amHX8B +yT+qgiwLs8kzE6NgPYHgLgbKEIqgZ+AZplCt60tCbeGKLR/WtXrxAIgqU+ar1wID +AQABo38wfTAfBgNVHSMEGDAWgBQCSHi5zAFRMXR/OSo3wkSTfphpgDAdBgNVHQ4E +FgQUauYRxUFtrRo+gtywXa3yGfFQzgswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEB +BQUAA4GBADnBidpEzasWbrLankXCoCaeizozu2dGAMMWpbs02cplC/vIlcr0myWK +noFSuxUuQa7sMxp72p5r2ziJp5pk1gT2KX/kgOYlQqgbJ4UmARGP7er+zIPulXib +suMShSCGO1xC+fXppdhPy+YQq8a7Mzi7XKqP5su+aTWw/B3a8ys9 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test9 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00 +-----BEGIN CERTIFICATE----- +MIIClDCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z +dHJhaW50NiBzdWJzdWJDQTAwMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFowYjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcw +NQYDVQQDEy5JbnZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl +IFRlc3Q5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxOmk5mQAdlYGqq0qW +czN6fmOoFbl/XRAhBs0fzOYu7b06yC5QFIdW3963nkjYahDg/x0F2buDbOSNRvG9 +DPmercWLmz3Sar1KgPxqTCQ5XiTZ0t+20u/oYEM+0anic4RKiQNtuF9Ro4U83wdW +w8ljyEFY255kWP0HVLh8REn+dQIDAQABo2swaTAfBgNVHSMEGDAWgBRq5hHFQW2t +Gj6C3LBdrfIZ8VDOCzAdBgNVHQ4EFgQU1Bk+MIR/ztV37I8S8/91EZ2nlYUwDgYD +VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B +AQUFAAOBgQCWb/JZpNi+GTLgqlUUktJuhFQzGNKwQLHtea991BN5v6GnXYtgGZhJ +T9plUX42APML+l+b1J6DzyJYlrIw6EXf/1ZtBf0YzmNbJ7robzIjx0+3/EHFeOZ2 +B7X0aaJ6+tt/sgGcLueuSG2C/6j8cnWbKJpAzzocI8hklIO+EWdRWw== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0: + af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0: + 11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3: + 5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58: + ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd: + 08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16: + 1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78: + fa:7a +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn +gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d +CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:02:48:78:B9:CC:01:51:31:74:7F:39:2A:37:C2:44:93:7E:98:69:80 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 44:34:f6:c5:c0:16:f7:24:42:33:a8:e4:ca:74:71:94:76:93: + e7:4b:7c:a3:8b:ac:ae:11:ab:46:94:f6:0d:88:b6:e0:96:1f: + ab:04:6a:92:b7:6d:4b:aa:6a:b0:13:58:58:a7:7e:06:de:c1: + 26:d4:09:e0:7b:a9:e4:dd:73:da:b0:cc:a0:61:ab:c4:c7:cb: + c2:e1:66:f9:f2:2a:c2:c9:59:5f:05:c6:74:f8:bd:bb:92:24: + 77:12:34:23:7d:95:99:bf:35:e0:6f:cf:2a:b6:19:29:9e:59: + d2:0b:2f:07:44:25:66:6a:e9:5a:ed:7f:99:33:b5:3e:65:69: + 57:95 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJDQTAXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFAJIeLnMAVExdH85KjfCRJN+mGmAMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAEQ09sXAFvckQjOo5Mp0cZR2k+dLfKOLrK4Rq0aU9g2ItuCWH6sE +apK3bUuqarATWFinfgbewSbUCeB7qeTdc9qwzKBhq8THy8LhZvnyKsLJWV8FxnT4 +vbuSJHcSNCN9lZm/NeBvzyq2GSmeWdILLwdEJWZq6Vrtf5kztT5laVeV +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6A:E6:11:C5:41:6D:AD:1A:3E:82:DC:B0:5D:AD:F2:19:F1:50:CE:0B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 42:5b:18:71:be:d6:f0:b4:80:f6:33:3c:cd:99:0d:26:f3:90: + 70:42:44:f8:f9:61:72:1c:b3:91:02:0a:14:55:67:d0:1b:23: + 06:f0:90:76:49:c6:82:23:70:da:3a:15:95:90:80:aa:8f:0e: + fb:4e:5b:9b:66:38:21:14:15:c1:65:71:1d:e5:b6:90:ae:b2: + 7a:73:84:9a:1d:3c:f2:2f:65:0a:b4:7f:52:90:a1:1d:37:a6: + 24:a8:7f:5e:72:e5:1a:8b:89:31:ac:dc:0a:3a:d2:15:7f:f5: + 97:f3:1a:82:d6:fd:74:b5:92:0f:d5:d3:a5:74:1d:a3:7f:62: + 1b:c4 +-----BEGIN X509 CRL----- +MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJzdWJDQTAwFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf +BgNVHSMEGDAWgBRq5hHFQW2tGj6C3LBdrfIZ8VDOCzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQBCWxhxvtbwtID2MzzNmQ0m85BwQkT4+WFyHLORAgoUVWfQ +GyMG8JB2ScaCI3DaOhWVkICqjw77TlubZjghFBXBZXEd5baQrrJ6c4SaHTzyL2UK +tH9SkKEdN6YkqH9ecuUai4kxrNwKOtIVf/WX8xqC1v10tZIP1dOldB2jf2IbxA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem new file mode 100644 index 0000000000..2f78fa8423 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=pre2000 CRL nextUpdate CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfzCCAeigAwIBAgIBDzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcHJlMjAwMCBD +UkwgbmV4dFVwZGF0ZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlMZQ +vRTxm+l3FRtimp7Exo1NygL3qQsF8cpvpQMmM4S+vWWIQcZPBAGfTi4eW4ubaKOh +UqzxbVtY6R97mA0Ng6GHXIclN5ozja/xJdqdIOz9CsB38IvgyXTTQv3kF7nch9Ir +xAN+7Bf5oWOdRbN6Y+i5iDHb3j7f3r8EFtXX+EcCAwEAAaN8MHowHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFL16NgTVXQmVv12uq+yk +UWCNJq9WMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB9/jemk5S7bYWeZC4Y +bzwXzQEjfRTlrJ5xIj/cOAWG+BvCzeSkaoi3hw+Ltt/T571j6NoAQu84Mx/Jwbt/ +zNBwu4iMmeaeU5GM+9oTVU8JTOog2ZPGR2Yn1luPQv5LwbPE+mysPaEsM/mTl5cM +OMB0yUOD5/jo/76IJhN/M48tvw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid pre2000 CRL nextUpdate EE Certificate Test12 +issuer=/C=US/O=Test Certificates/CN=pre2000 CRL nextUpdate CA +-----BEGIN CERTIFICATE----- +MIICljCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXByZTIwMDAgQ1JM +IG5leHRVcGRhdGUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBo +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNV +BAMTNEludmFsaWQgcHJlMjAwMCBDUkwgbmV4dFVwZGF0ZSBFRSBDZXJ0aWZpY2F0 +ZSBUZXN0MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANBocZCE1yNSbZiU +rcH9R8bB0cZERzxNK6g7d9v0tUsmbo0Gk2JgSaKG9vBnOpxJhJ3hhSxNmpGpp61Q +QlGo9louMi1AzibkrqOllW+FgXQImr89cxEicI9taSS9QRSIIKPW3kF4EhuZp4vR +SksCSxXsghAsSWeDqx9CQG772BiRAgMBAAGjazBpMB8GA1UdIwQYMBaAFL16NgTV +XQmVv12uq+ykUWCNJq9WMB0GA1UdDgQWBBRtKwIpcpf5JIosL9wN9VKKwAiAWzAO +BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3 +DQEBBQUAA4GBAIk3Dg2P1RArTBrVZ/kPeRAld8oPoTdmer7YAloo1Zavmcm5Fcvn +WmJfONAye0p7jsYSkv6HMK3DL2b4/KEnEDB/Ok9CLOdvoTtptk04CiSXOcQcP9uK +NY3uZgZoTo2O/lBe6KwA2apKitWtaHf/2Ig9AGhPvMBWtiDmgvpWE4T7 +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pre2000 CRL nextUpdate CA + Last Update: Jan 1 12:01:00 1998 GMT + Next Update: Jan 1 12:01:00 1999 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:BD:7A:36:04:D5:5D:09:95:BF:5D:AE:AB:EC:A4:51:60:8D:26:AF:56 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 3f:41:4b:5b:b5:47:1a:77:7e:2a:87:63:65:06:9e:f7:18:96: + 8c:41:41:e6:9a:4f:45:91:ed:dd:8c:b1:d6:1f:e3:41:71:70: + ed:98:51:35:e2:24:bb:cd:26:8a:c9:43:f1:4c:58:43:2a:31: + 5e:94:a5:5e:09:93:dd:a0:f9:d0:1a:c7:fd:d6:8b:4d:4c:6f: + 3c:d7:43:6b:b9:87:8d:c0:fd:f6:5a:a7:4b:f0:74:01:23:fc: + 61:24:fb:3d:32:5e:f7:fd:86:de:52:3f:09:2e:b2:f9:b5:99: + a2:2d:96:83:2e:b9:a9:99:58:fa:c0:e5:5b:8b:15:fc:0e:d0: + 53:32 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXByZTIwMDAgQ1JMIG5leHRV +cGRhdGUgQ0EXDTk4MDEwMTEyMDEwMFoXDTk5MDEwMTEyMDEwMFqgLzAtMB8GA1Ud +IwQYMBaAFL16NgTVXQmVv12uq+ykUWCNJq9WMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAD9BS1u1Rxp3fiqHY2UGnvcYloxBQeaaT0WR7d2MsdYf40FxcO2Y +UTXiJLvNJorJQ/FMWEMqMV6UpV4Jk92g+dAax/3Wi01MbzzXQ2u5h43A/fZap0vw +dAEj/GEk+z0yXvf9ht5SPwkusvm1maItloMuuamZWPrA5VuLFfwO0FMy +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem new file mode 100644 index 0000000000..b36583cba8 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem @@ -0,0 +1,119 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid pre2000 UTC EE notAfter Date EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBBzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwIBgP +MTk5NzAxMDExMjAxMDBaFw05OTAxMDExMjAxMDBaMG0xCzAJBgNVBAYTAlVTMRow +GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UEAxM5SW52YWxpZCBwcmUy +MDAwIFVUQyBFRSBub3RBZnRlciBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7fxx2WFOac683w9E/iwLeqyFtr0OO +RdS+onLEY/+HO6DR2uuIPEkhZ8MwxAnnLs+6tichSMDs3WUijbbI0KTEulpVVGVz +D1Y8zI7z7TEWD1B/oB1pSot67IosuyjfSIOMRr3UlQHRonE2nY04nyFUfb4yYE3F +GlcCUdTLgIEgSwIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPf +mhWUxzAdBgNVHQ4EFgQU5KvHTN9wvcrF55wNiarbUUzd0tswDgYDVR0PAQH/BAQD +AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAW +bdxkjCg9Ra6xo4ngUHF/RWRpe2353pvN0p32EjVjMyKTe1p3xZuFzCM9oi/PvMT+ +DlqUJpiiJJa3pDXT3Kh330VeTOYLPaAgRqxqm85gUTM3K+/1aHYOKNzbZCy6180y +8ARB/lNpi1PO1KeJN1DmmeBdDVuRGte4wUXH+NSjpw== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem new file mode 100644 index 0000000000..fcad66a5a3 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem @@ -0,0 +1,76 @@ +subject=/C=US/O=Test Certificates/CN=No CRL CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbzCCAdigAwIBAgIBBzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMD0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczESMBAGA1UEAxMJTm8gQ1JMIENB +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvjr78zG/GobZnKabi/siuJQm7 +6k5APCdB3g3SJzzlYR3ivCQg+7i1pEFgHqLLPTEHOCHunC5EedZUGzUGQX0sXAxr +KYeCqLS/s0+saOR0HBk/YsOaCwW7v6yBHA3s2XrtK8N4qJg6LdZaGEjUefMfUM7p +iVQQPpw3uAQmZuYf7wIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA8 +6pq8h/9J6jAdBgNVHQ4EFgQUB6jzF5xOAmiWRcwRmAF9yHg/9SQwDgYDVR0PAQH/ +BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBBQUAA4GBAAWDjIUq/V6y1p4vxO+A1xdmmM8c6yRveH2Lq2CM +OwmpClTYfhLpqkWwm3WSXd2VvjiPUTgTC5y7EquFuZCCZkgLDVvUW9VplIm3a6I6 +dgZiOZDqnXZ5rC+CHGSszfdDo8gwjJ+vA8AV/CNSGNkkbo/ZQ1n7Ppm8dW/bS+8k +anSO +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Missing CRL EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=No CRL CA +-----BEGIN CERTIFICATE----- +MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEjAQBgNVBAMTCU5vIENSTCBDQTAe +Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFwxCzAJBgNVBAYTAlVTMRow +GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczExMC8GA1UEAxMoSW52YWxpZCBNaXNz +aW5nIENSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAz8OlGINaG0uEl2RAD7DtTn54qLrlCtUbCKs3O1dr9nEDDohfVU5x +nLweQfR/m7b9F17BzhHcxFYjfRh26aj4eOQcxHrpBfNMj6U87coAeJ4ERn7okfqM +lcGlHWS/Wh48iiZvnCvg4jeHhSktwMppTGKIBKmJ2S0L4yKNYCjZ32MCAwEAAaNr +MGkwHwYDVR0jBBgwFoAUB6jzF5xOAmiWRcwRmAF9yHg/9SQwHQYDVR0OBBYEFJYM +oy9aXt4kJDgRNj4KDS29NtDXMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAlNJLCSyrRZNUza9eL2Jc6eFS +bjriRrz8ryND+rn0dnsceIVrXVApplWnVwUjfm8fjOZlNOLM4snxmzRJ+FyTR6z5 +u9nK9TAEkMrGo/NinCET2Y5v4mtxj0E6hJOIaFxfkZoj1mz8BvOYgiEIYxAK65lA +BNDlWIYdh16AIUEZNAY= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem new file mode 100644 index 0000000000..85f0b79c2c --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem @@ -0,0 +1,214 @@ +subject=/C=US/O=Test Certificates/CN=Policies P1234 subsubCAP123P12 +issuer=/C=US/O=Test Certificates/CN=Policies P1234 subCAP123 +-----BEGIN CERTIFICATE----- +MIICoDCCAgmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFBvbGljaWVzIFAx +MjM0IHN1YkNBUDEyMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFIx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUGA1UE +AxMeUG9saWNpZXMgUDEyMzQgc3Vic3ViQ0FQMTIzUDEyMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDSpQwaDoPydLNMC8zANHGCiwSSV/p+yyB92D3cy4OofA3o +E/MneZrL0kkAoaM3sxpkniK7a37+ghg7ydyUw5n9CRxAyNMONSetp9uBB9X1+fZy +9JVVK2W+5ycWBDxh2YOfyFE/wQBbJK7rIIrqtgUgNi7O+6ppcpbnguodB17MZQID +AQABo4GLMIGIMB8GA1UdIwQYMBaAFLZ7gxmIHEmBIEPO8oJM80aGKITZMB0GA1Ud +DgQWBBTMtOdc+dU31FBVf7Ixli7kkaTEaDAOBgNVHQ8BAf8EBAMCAQYwJQYDVR0g +BB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQUFAAOBgQB4KomH+VcsPxXsULBeuMVL7QtJMD6RoGaCHnL5 +NCdwpt7QE3TVRnWgL88gSXtmMudJ5QIb3ko7PYOsuUhA/6YZvoBvQIdJAnprjYbr +kxDMfK3PoouD3cQncVSz4xqJ9VcIaH6/oAKGpDt36xSUY2uqOHb1DLO2qmKiStvW +Cprikw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P1234 subCAP123 +issuer=/C=US/O=Test Certificates/CN=Policies P1234 CA +-----BEGIN CERTIFICATE----- +MIICoTCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAx +MjM0IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkGA1UE +BhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhQb2xp +Y2llcyBQMTIzNCBzdWJDQVAxMjMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALs/TklxdGqU1GnW9LkoRaacXCpRHoy8tYpTUbUhznd5fkjOW5Dyc9HK7DWs8q1q +aAvU0KeqAEtguNCACjKFeXPyWtQuYKRB5o5G1WXcqy4pYK2CCHsyaa6hf8+kU1Y/ +3VcEuHoDX0WFJ5JFlaRERNagLbzDTjG6KtM4yhcEnTHfAgMBAAGjgZkwgZYwHwYD +VR0jBBgwFoAUMLt5B08Db7IYg3poQ6v3TKFAcQowHQYDVR0OBBYEFLZ7gxmIHEmB +IEPO8oJM80aGKITZMA4GA1UdDwEB/wQEAwIBBjAzBgNVHSAELDAqMAwGCmCGSAFl +AwIBMAEwDAYKYIZIAWUDAgEwAjAMBgpghkgBZQMCATADMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEFBQADgYEAM38BPBwz3qjIhPI9byaqLmDkw3tA5mxae/P9 +N6WYYwW+Dm0KyjXs9SQZ3BlHDl/+D9dJYNScOXjKpc3hnrAUT31rGyhC2CwV52mt +xGukdJIxKOQgucIylxyxF7N5x66TyC5sxJGUh3sjItg6NAOQGMwBwKOz/5zNTdK6 +qDuaEoI= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Overlapping Policies EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=Policies P1234 subsubCAP123P12 +-----BEGIN CERTIFICATE----- +MIICoTCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlBvbGljaWVzIFAx +MjM0IHN1YnN1YkNBUDEyM1AxMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaMF0xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEy +MDAGA1UEAxMpT3ZlcmxhcHBpbmcgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVz +dDYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT4JJTriZO8+53ZvgYrbg9m +azzLgmYzgvBJ8/IvzLaXsCv7sw/M2DU/CyOdIPy8g9XchC9QBJrAI65Muvlpf8a0 +CGqWH5AQElXjIkicPMgfC14xd1govVHxaRIrM/g6zNgGPnSivMXOrTm6fMNphEvC +CnG+SqRQ6oKAkO1k7jWxAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMy051z51TfUUFV/ +sjGWLuSRpMRoMB0GA1UdDgQWBBQLhzG1VDzXbIBJ1rnYkrn+iSfrCTAOBgNVHQ8B +Af8EBAMCAfYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEFBQADgYEACuuacGsxw8Rq6HznT/dvzsw93OA250kOCJei +8VJbyNw5x61+F9LxLZSBUtYgIfCOid3gUBe8MU0W1r8Qpg1PD4Vgq76l5IWyvH+K +ACy4A7XpJB8a5zF7OUGexEkFC9RQ45PJ6i4JILtMeMLTR7c0pCkRthg2CW/vIc6a +Cs1zrEk= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P1234 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICsTCCAhqgAwIBAgIBIzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEUxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEaMBgGA1UEAxMRUG9saWNpZXMg +UDEyMzQgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMUyBhDbDKsFVn2a +KCxh5Y64ZiH8OTq134EGg3NL8l0mqcA01qEhLCasHMR98sd5xKPtNEQB0kN9jf3d +Zmv4gop4bAAqPlhvkcJ/KUMPLpLdMBT+1xLAdu1yKh7eKpoIo9vfus0fjH0aOWhT +Wa7rCSuf+9I6DoDk1gC1Q9k57jDFAgMBAAGjgbUwgbIwHwYDVR0jBBgwFoAU+2zU +LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFDC7eQdPA2+yGIN6aEOr90yhQHEK +MA4GA1UdDwEB/wQEAwIBBjBBBgNVHSAEOjA4MAwGCmCGSAFlAwIBMAEwDAYKYIZI +AWUDAgEwAjAMBgpghkgBZQMCATADMAwGCmCGSAFlAwIBMAQwDwYDVR0TAQH/BAUw +AwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAMoj83UxGqz/rAVr +SXl/vP2tx92XqrJj7UYRHcHHcTodTHoJ3j+m3MUHwwsoZrqvnhS1HtIqPQsoD9DD +8Qg+uHFd5EH+Js40QK7zU7mHBOI64Kl8T8xrpgcnlLgXpg2H88at02UvMTDj4Lix +ANfajLNnQx1htjJhMY3zzIgPApd+ +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P1234 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:30:BB:79:07:4F:03:6F:B2:18:83:7A:68:43:AB:F7:4C:A1:40:71:0A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + bb:b2:2e:86:63:50:7a:60:75:e3:ef:14:96:e2:19:21:90:ce: + 61:fe:2a:1a:d1:37:59:b0:8f:3d:fe:c3:eb:b9:87:61:3a:7a: + f4:ef:3d:46:ce:ef:e4:a7:de:a6:7f:ff:25:1e:78:bd:df:4d: + 8b:96:70:ac:47:8c:e4:77:1c:f2:94:3f:bb:36:18:21:35:0d: + 10:d9:69:b9:80:42:d0:7e:81:15:55:df:6f:fc:50:b2:9c:b2: + 53:0d:b5:0d:6c:69:55:b7:0b:65:84:7a:13:9f:74:8f:52:49: + 58:2e:6c:bd:b7:19:b6:34:eb:d3:1d:cc:08:a9:3f:07:04:69: + 75:e6 +-----BEGIN X509 CRL----- +MIIBPjCBqAIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAxMjM0IENB +Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBQw +u3kHTwNvshiDemhDq/dMoUBxCjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOB +gQC7si6GY1B6YHXj7xSW4hkhkM5h/ioa0TdZsI89/sPruYdhOnr07z1Gzu/kp96m +f/8lHni9302LlnCsR4zkdxzylD+7NhghNQ0Q2Wm5gELQfoEVVd9v/FCynLJTDbUN +bGlVtwtlhHoTn3SPUklYLmy9txm2NOvTHcwIqT8HBGl15g== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P1234 subCAP123 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B6:7B:83:19:88:1C:49:81:20:43:CE:F2:82:4C:F3:46:86:28:84:D9 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 45:d4:de:34:51:48:6a:d1:4b:e0:d7:2d:55:52:e2:e5:8d:a5: + ee:bc:a1:c6:44:0c:9d:b7:61:cb:a2:1c:58:1d:03:a1:cd:8e: + e5:9c:28:00:4c:07:c4:0d:ae:a3:b1:c8:aa:8e:8a:59:12:41: + 57:b6:fc:db:34:10:a8:e6:c9:cb:0e:5c:28:6f:b5:3a:00:70: + 9a:a9:ac:35:83:47:7a:02:24:69:46:26:63:29:0c:c5:51:c3: + 92:c6:c2:6d:cf:5e:b8:25:eb:d5:b6:d1:62:87:3b:9b:24:6a: + b1:9e:33:a2:96:bb:14:74:21:ad:b7:7f:98:ab:b2:6a:25:2b: + 0b:ed +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFBvbGljaWVzIFAxMjM0IHN1 +YkNBUDEyMxcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUtnuDGYgcSYEgQ87ygkzzRoYohNkwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEARdTeNFFIatFL4NctVVLi5Y2l7ryhxkQMnbdhy6IcWB0Doc2O5Zwo +AEwHxA2uo7HIqo6KWRJBV7b82zQQqObJyw5cKG+1OgBwmqmsNYNHegIkaUYmYykM +xVHDksbCbc9euCXr1bbRYoc7myRqsZ4zopa7FHQhrbd/mKuyaiUrC+0= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P1234 subsubCAP123P12 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:CC:B4:E7:5C:F9:D5:37:D4:50:55:7F:B2:31:96:2E:E4:91:A4:C4:68 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 5e:89:62:c5:3b:e0:10:f8:22:cd:fd:e2:44:73:c0:23:98:67: + 89:29:67:ae:39:3b:53:4c:02:24:85:6a:37:16:1b:a0:c8:fa: + ae:0d:02:27:ed:3c:06:8d:e2:ed:35:53:a3:06:f4:a3:ce:6d: + 63:d9:86:33:2c:95:ce:47:95:2d:7f:5a:f0:a0:68:79:5a:a8: + aa:12:5d:79:b9:4a:bb:a2:5a:85:af:39:1d:aa:b6:a0:18:da: + 39:f6:0a:00:f1:0e:2e:fb:62:1f:6f:2d:d9:0e:b7:da:0e:a5: + 92:1f:fd:1c:60:73:7d:48:f3:9a:73:2a:14:65:78:2a:9d:7c: + 88:5a +-----BEGIN X509 CRL----- +MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlBvbGljaWVzIFAxMjM0IHN1 +YnN1YkNBUDEyM1AxMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w +HwYDVR0jBBgwFoAUzLTnXPnVN9RQVX+yMZYu5JGkxGgwCgYDVR0UBAMCAQEwDQYJ +KoZIhvcNAQEFBQADgYEAXolixTvgEPgizf3iRHPAI5hniSlnrjk7U0wCJIVqNxYb +oMj6rg0CJ+08Bo3i7TVTowb0o85tY9mGMyyVzkeVLX9a8KBoeVqoqhJdeblKu6Ja +ha85Haq2oBjaOfYKAPEOLvtiH28t2Q632g6lkh/9HGBzfUjzmnMqFGV4Kp18iFo= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem new file mode 100644 index 0000000000..d22dbe7f91 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem @@ -0,0 +1,59 @@ +subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test15 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC7zCCAligAwIBAgIBKDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrVXNlciBOb3Rp +Y2UgUXVhbGlmaWVyIEVFIENlcnRpZmljYXRlIFRlc3QxNTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEA0qDoX3O5t52G/m1yV6MSg0EJQQn8QFWgZUnEutHYAAdA +GuRrFRXtkbdQkbyePIu4nzj2LCmMAfVM+QlOWLFCnc6/s38tfZDAir7WFHBFyUzB +gkw+q1a9DIXfaq32yn22txxzus3dqRZJui+5J1DMNLbHPYS1WS7Hu/3dL5ZoR30C +AwEAAaOB2TCB1jAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNV +HQ4EFgQUHYqwkDHyipKBoBuH/YaAiORSh0owDgYDVR0PAQH/BAQDAgTwMIGDBgNV +HSAEfDB6MHgGCmCGSAFlAwIBMAEwajBoBggrBgEFBQcCAjBcGlpxMTogIFRoaXMg +aXMgdGhlIHVzZXIgbm90aWNlIGZyb20gcXVhbGlmaWVyIDEuICBUaGlzIGNlcnRp +ZmljYXRlIGlzIGZvciB0ZXN0IHB1cnBvc2VzIG9ubHkwDQYJKoZIhvcNAQEFBQAD +gYEASWwltYc1aGeHLYySbO4SCTVSgVrZAXfAoa/0RHmL0et8olJXCLdXTMq2/6rI +gibDeTUDQ2N+5z23QN3hDG+Syz9rDBbj+m3MtvcsvyyXFK62g1NhZxyw1+dFrxwK +Ci+jbMqXaXsdBG6a9cTYKw2geUpx9ig46FLMyn7idA7OrrY= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem new file mode 100644 index 0000000000..df2bc3c515 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem @@ -0,0 +1,124 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test16 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIIDZjCCAs+gAwIBAgIBEzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1VzZXIgTm90aWNlIFF1 +YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTYwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAKCz6DLhyX/EGx3xwNiwBuBXrfpuLfLcaPz4q3aq3BiiJS+f2vwk +WI3BqpDluVEq7FW5zE6ATQc/K7hIiuRCHCD5ErXMnYb70mtz8xeVjU97316FzK/z +eQYQMIIpb2JJ4JEU/ZyVNX5NW3W8tjAhuvEp+4brMLxyCM+xmA+S751zAgMBAAGj +ggFUMIIBUDAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4E +FgQUQFe42RtzGbaxdkQ6QallbyGIuDAwDgYDVR0PAQH/BAQDAgTwMIH9BgNVHSAE +gfUwgfIweAYKYIZIAWUDAgEwATBqMGgGCCsGAQUFBwICMFwaWnExOiAgVGhpcyBp +cyB0aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgMS4gIFRoaXMgY2VydGlm +aWNhdGUgaXMgZm9yIHRlc3QgcHVycG9zZXMgb25seTB2BgpghkgBZQMCATACMGgw +ZgYIKwYBBQUHAgIwWhpYcTI6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9t +IHF1YWxpZmllciAyLiAgVGhpcyB1c2VyIG5vdGljZSBzaG91bGQgbm90IGJlIGRp +c3BsYXllZDANBgkqhkiG9w0BAQUFAAOBgQCrY2KIowGX/5zlQBKmdhF8WiCRnHfd +VuzeXhc6C3G4YPpYBWQrnhxO88VH8QbvJefBpvRKIYsxu/tyihlkw2Vy5eztflUq +Jkj5YbDicL/7U3VKfjfp3sW6ZBgqKKLQY2eDHtYup9wBzB/qzny9xfuVIlQQ+ihR +vMKO1iVYGVLxPg== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem new file mode 100644 index 0000000000..de751b01b9 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem @@ -0,0 +1,121 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test17 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIIC4zCCAkygAwIBAgIBFDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1VzZXIgTm90aWNlIFF1 +YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTcwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBALG5QbkrUYEf/BsUOmiq+gmSjIMtxbiVJ8G4i1XsVOAFNuJhfPyL +nhsnhig2d+tp2aJHFnDfMbvmjdmCtwPwqrcuxVO5PhjkLyfFo9Pt7zNCF5xtCkLK +P7LCEtvtBt5jXh7REsOPlQzQkxng4SxG6VdndW1ZiNAJIDAsONONmetRAgMBAAGj +gdIwgc8wHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE +FM7tf43yWQflUjDL35BzbeLwWXDAMA4GA1UdDwEB/wQEAwIE8DB9BgNVHSAEdjB0 +MHIGBFUdIAAwajBoBggrBgEFBQcCAjBcGlpxMzogIFRoaXMgaXMgdGhlIHVzZXIg +bm90aWNlIGZyb20gcXVhbGlmaWVyIDMuICBUaGlzIGNlcnRpZmljYXRlIGlzIGZv +ciB0ZXN0IHB1cnBvc2VzIG9ubHkwDQYJKoZIhvcNAQEFBQADgYEAPium8qIa/cDO +l7vNWoULaBGP7Z9XxxEyexzl2Y83xGab/xw+KGtbV+6+GiGhCw4qpn7XLidQQ6Xn +t7D2vKo+KoLg3BAdbt/azb3wf5tYakf//0bv4xQZ7ANzWxxH0gP5VdHaRIcfKXXR +3kHnu/lecCM8V+F9V8pEU8K3zREtp/8= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem new file mode 100644 index 0000000000..177e92ffad --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem @@ -0,0 +1,115 @@ +subject=/C=US/O=Test Certificates/CN=Policies P12 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg +UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO +/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9 +WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0 +CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B +nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO +BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl +AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB +BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK +btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk +biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test18 +issuer=/C=US/O=Test Certificates/CN=Policies P12 CA +-----BEGIN CERTIFICATE----- +MIIDxTCCAy6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx +MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrVXNlciBO +b3RpY2UgUXVhbGlmaWVyIEVFIENlcnRpZmljYXRlIFRlc3QxODCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAxkN3itGxxUqfb6j8AgRX2jxaI/oIBzr2RuZsAfon +x/XVoUmmiSxWDooZhr/PlfubyixNG5VJX2K/ukJ6gfIGMXCAqunKm8/9bXgzZB3T +i2oIgAy6WnRwKE0cgbedH6fY003jwsQNDt/HilRB+atbEJ/engTxLOIpwBcsN1qj +rg0CAwEAAaOCAaswggGnMB8GA1UdIwQYMBaAFADjZemB1Ia5xx3n8zM5Bl5MEaX5 +MB0GA1UdDgQWBBT8A5L4pL/8ywpme6U8lushm7qgwzAOBgNVHQ8BAf8EBAMCBPAw +ggFTBgNVHSAEggFKMIIBRjCBnQYKYIZIAWUDAgEwATCBjjCBiwYIKwYBBQUHAgIw +fxp9cTQ6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmllciA0 +IGFzc29jaWF0ZWQgd2l0aCBOSVNULXRlc3QtcG9saWN5LTEuICBUaGlzIGNlcnRp +ZmljYXRlIGlzIGZvciB0ZXN0IHB1cnBvc2VzIG9ubHkwgaMGBFUdIAAwgZowgZcG +CCsGAQUFBwICMIGKGoGHcTU6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9t +IHF1YWxpZmllciA1IGFzc29jaWF0ZWQgd2l0aCBhbnlQb2xpY3kuICBUaGlzIHVz +ZXIgbm90aWNlIHNob3VsZCBiZSBhc3NvY2lhdGVkIHdpdGggTklTVC10ZXN0LXBv +bGljeS0yMA0GCSqGSIb3DQEBBQUAA4GBAGFe+mIs7y5351adHxETDUI8/Oki9cBU +9ShrYKlpGJn8K0ST8XCe3FhVI/EMMxPJ7a7cYnl/7VQjyrFH9ulMmB3zoFiwbijM +hfv2DyMPMTMB1pN57MpoBl7NEV0ze1I/u0CKcemqthj2jynTljGeLyJOCAd2Oat/ +J0ohqgkjwhfW +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f: + df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9: + 4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38: + 86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb: + 77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05: + 70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77: + e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11: + 1d:72 +-----BEGIN X509 CRL----- +MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl +6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA +oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor +RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN +gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem new file mode 100644 index 0000000000..cdfe8367ae --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem @@ -0,0 +1,64 @@ +subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test19 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIID3DCCA0WgAwIBAgIBKTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrVXNlciBOb3Rp +Y2UgUXVhbGlmaWVyIEVFIENlcnRpZmljYXRlIFRlc3QxOTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAmkrJdJV6KkYpFv+9djQ5ybyWHKyjUB8Km9OL5bgATpab +SN8gXK6Jd/EmkSQLM58dolce8oaizez9cBhO/myxYLK4WQGi/eR1zCWhOYz75f/o ++MUwF1WFbuHvk7JcW6/0e7tI3sxdgtz2k8JDvyDZ6CH3Hb678ZfrlMMuCODEw1sC +AwEAAaOCAcUwggHBMB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0G +A1UdDgQWBBR2o4bo1PW8nDTv5jAQJQYPDPfgtTAOBgNVHQ8BAf8EBAMCBPAwggFt +BgNVHSAEggFkMIIBYDCCAVwGCmCGSAFlAwIBMAEwggFMMIIBSAYIKwYBBQUHAgIw +ggE6GoIBNnE2OiAgU2VjdGlvbiA0LjIuMS41IG9mIFJGQyAzMjgwIHN0YXRlcyB0 +aGUgbWF4aW11bSBzaXplIG9mIGV4cGxpY2l0VGV4dCBpcyAyMDAgY2hhcmFjdGVy +cywgYnV0IHdhcm5zIHRoYXQgc29tZSBub24tY29uZm9ybWluZyBDQXMgZXhjZWVk +IHRoaXMgbGltaXQuICBUaHVzIFJGQyAzMjgwIHN0YXRlcyB0aGF0IGNlcnRpZmlj +YXRlIHVzZXJzIFNIT1VMRCBncmFjZWZ1bGx5IGhhbmRsZSBleHBsaWNpdFRleHQg +d2l0aCBtb3JlIHRoYW4gMjAwIGNoYXJhY3RlcnMuICBUaGlzIGV4cGxpY2l0VGV4 +dCBpcyBvdmVyIDIwMCBjaGFyYWN0ZXJzIGxvbmcwDQYJKoZIhvcNAQEFBQADgYEA +J8J9A+SBJzSCvCFxcnWEMXbjUkKjp4BAEhkrRH5llfYFIwM5+QAqZTFKTvP5mhTj +eeMD/sF7Ej90V/1wRzadHnmhXe3WRwe09BUVM4Aa4b+/th9PihRNvI7x10+mAuMD +39/vWkwe5e0DTYQwe0t+8fHohmDgmJ6JkOiccJl0auE= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem new file mode 100644 index 0000000000..a97ce07ad0 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem @@ -0,0 +1,175 @@ +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs +Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB +qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv +wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww +ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8 +twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8 +zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV +3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg +hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued CRL Signing Key EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +-----BEGIN CERTIFICATE----- +MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt +SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0 +MTkxNDU3MjBaMHAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj +YXRlczFFMEMGA1UEAxM8VmFsaWQgQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25p +bmcgS2V5IEVFIENlcnRpZmljYXRlIFRlc3Q2MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQC99k/Db5BB/DrP9cxgHHm842L/I4al7GOXLq3eb2h8ego1QdJ9IsNb +ExIULQIAAGVlTriZ118rlLqlVxj05ehWT5HaDh0ygcNDziiUc4NoLYqE7Vh+wK6V +z29q5vKajywEjZ0mAsvkfQvi1aBL9DB28K87sCS7xIEAf3zu7znQGwIDAQABo2sw +aTAfBgNVHSMEGDAWgBRJyfy3AzxnbQoAk6nk1qUekh+1ETAdBgNVHQ4EFgQUNe4s +lmPDT3wyx9zkVIWEuwRUL10wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAtn7y8N9W/74qmny6jUyLJcq4P +ni0IjpLLS1hl4RYbKPyeekw3t2Lbuk7jdg9LP2GTY68plnzvHyqcKa0IL+gWvk7j +6g1SHNMi2utPONRFStefcOubKxjT4c/HZHcPjYVBrmnssH4wzOi8bd8MQ8ZfdQLO +l3ADkB1F2GjjIofr1A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +-----BEGIN CERTIFICATE----- +MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt +SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0 +MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj +YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5 +IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI +9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j +gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6 +KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt +CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV +HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6 +MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm +LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS +h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy +4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr +YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8: + 1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5: + 9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad: + 05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6: + b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94: + 1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb: + 77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a: + 02:f8 +-----BEGIN X509 CRL----- +MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk +IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j +BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix +yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ +0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0x.v.t.r0p1.0...U....US1.0...U. +..Test Certificates1E0C..U...<Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 2e:12:1f:54:36:68:73:b2:5c:f6:11:48:f1:d6:7a:bf:ce:1d: + d9:21:7a:96:29:44:bc:83:26:d8:8c:f5:11:36:9a:f1:23:78: + 57:00:8b:13:c6:74:57:4d:3d:ba:ee:d4:ac:d4:40:b1:d0:80: + 91:f1:06:81:91:ba:a4:f8:1e:c7:6b:d6:20:3c:92:26:23:94: + 80:33:df:c7:3b:ac:fc:94:ea:e8:3d:d0:37:c1:d5:e9:ba:53: + 83:9e:26:ed:da:fb:10:0a:6e:d8:cd:d7:20:42:2c:d6:7d:18: + 32:6b:75:2a:3c:51:03:dd:4d:a1:80:e6:d8:95:6a:2c:b0:b6: + 72:31 +-----BEGIN X509 CRL----- +MIIB2zCCAUQCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMS0wKwYDVQQDEyRCYXNpYyBTZWxmLUlzc3Vl +ZCBDUkwgU2lnbmluZyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFqggbcwgbQwHwYDVR0jBBgwFoAUScn8twM8Z20KAJOp5NalHpIftREwCgYDVR0U +BAMCAQEwgYQGA1UdHAEB/wR6MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0 +IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJ +KoZIhvcNAQEFBQADgYEALhIfVDZoc7Jc9hFI8dZ6v84d2SF6lilEvIMm2Iz1ETaa +8SN4VwCLE8Z0V009uu7UrNRAsdCAkfEGgZG6pPgex2vWIDySJiOUgDPfxzus/JTq +6D3QN8HV6bpTg54m7dr7EApu2M3XIEIs1n0YMmt1KjxRA91NoYDm2JVqLLC2cjE= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem new file mode 100644 index 0000000000..1e0db3236e --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem @@ -0,0 +1,175 @@ +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBFDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs +Zi1Jc3N1ZWQgT2xkIEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +q8Gbt04t1VYDzow3lv3G+lNNQ/gCP0fz7/PBxNPzAwluA2Qzeix8gg74cXMpRe8u +PosT3EZZ9iK1PyFmcNq+CjzCuvi8d+1gaGS36wkcQBB6g7HiKRQ8ERQ4cEE6CH21 +ntbFzVbn3d+NofzVo6e1AIdHDNPm7G0+F6f034Lo508CAwEAAaN8MHowHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPqiarnu+k/Fcp11 +00t6bYzkXDkkMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBzQl++7X/MYd9h +3E0XroNDuD8TflER0UTgWOwN5UO8BXz8j402hmhEPyw66u6R27V7U1/wf8wtCAli +W7LnTcJKWFy9HKnpibiz50ike8zgsVmv1godVgDn/xvQPRAnWq+OX9Abc+6OTqiw +aDNRQp2WD1ph+daLu1XQgeAoD4Gajw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued New With Old EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA +-----BEGIN CERTIFICATE----- +MIICnjCCAgegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt +SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBtMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQjBA +BgNVBAMTOVZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBXaXRoIE9sZCBFRSBD +ZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAln5v +UhL9o7sN5MyQTZEB3Fhj6lKfzTNHMBCsngHpQqTP8zlmPvaEGpR53N+RNthxaW8K +XmN4WVFvyXl8eaVl8+U5cewY1K/m/6OqDIZ6kvjXugMkKLbjL7ptsAGx5VoyHs/F +xy4n0cEOmAXTZ7dbzFqM4xfqJRLqi2CgQUHnb1kCAwEAAaNrMGkwHwYDVR0jBBgw +FoAUG7qMIYdzBwWY+uu52W9BpEXVhuowHQYDVR0OBBYEFKVAiq/jp5QN4XgK0S+E +OKaV0NBCMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DQYJKoZIhvcNAQEFBQADgYEAIgeBhcCa3jeEq1F6/+iNWMXRVgzyV3vsDielCRFy +wKdpYGocHPJG59OSZEHCUsdDRF2n3hhGkEILL4huEgX+oiiOhyGM/Xrr+ACuEIaS +qfs4gBQ/HrYydCxNN4OHOuLoFDmotodh/lvY9igeeaRZ1AFI7AicI0D4CAqXyLcU +9WI= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA +-----BEGIN CERTIFICATE----- +MIIDETCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt +SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj +BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBALQ4a61C9wpu5W0cACccONm+QLNESmbHtLwy498fByU6 +h5UnHkutUfy7DbIv3rELFXUd2yM5xQI/QuQZ20EjXOZiCSJEcvzfoAyFLrAPf1pN +xQybX5HhLnJK+oGlwmD4ZatL7oDqV5IhlIS0So7g+SBOCh5lkKdzbH3l6D7nQXSD +AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAU+qJque76T8VynXXTS3ptjORcOSQwHQYD +VR0OBBYEFBu6jCGHcwcFmPrrudlvQaRF1YbqMA4GA1UdDwEB/wQEAwIBBjAXBgNV +HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDBy +MHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm +LUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAHDVnYLXKN//Mu1w +BZS8DbfQ8p/DlXZ0n9EmdXRzoHXReDWeOaoiHU1H1HNJcLMe4YgEjsttTEBGfsZo +OvyNNUZ7C/oQymaDykP9W/m1TX3ZVLmx96zj36gCkVPczoG78kQ5zVjoLl5G5BJQ +4YX3NumsNd2WpHY34K21Cd/KJ5KJ +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:1B:BA:8C:21:87:73:07:05:98:FA:EB:B9:D9:6F:41:A4:45:D5:86:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 62:de:93:8c:36:dd:b2:71:56:bb:4e:e4:32:37:51:de:6e:19: + 01:dd:3e:25:8c:d4:81:7e:fc:66:54:74:0d:32:30:d2:11:49: + dc:ad:6a:b4:fc:8f:ec:e6:56:fe:e6:ec:53:9e:41:66:31:2c: + ee:3a:be:bd:74:34:9b:71:c1:67:1d:3b:28:04:b9:85:e5:72: + cd:f0:2b:a7:d9:d5:e3:43:25:4a:52:2e:79:24:52:cf:75:e1: + 3c:35:82:d1:5d:1e:f6:05:8b:45:24:67:ed:84:9f:c7:8d:c0: + 19:55:5e:52:76:3e:2f:f4:af:13:ae:d8:24:a3:17:68:5d:b5: + 45:74 +-----BEGIN X509 CRL----- +MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk +IE9sZCBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEE +Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFBu6 +jCGHcwcFmPrrudlvQaRF1YbqMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB +AGLek4w23bJxVrtO5DI3Ud5uGQHdPiWM1IF+/GZUdA0yMNIRSdytarT8j+zmVv7m +7FOeQWYxLO46vr10NJtxwWcdOygEuYXlcs3wK6fZ1eNDJUpSLnkkUs914Tw1gtFd +HvYFi0UkZ+2En8eNwBlVXlJ2Pi/0rxOu2CSjF2hdtUV0 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FA:A2:6A:B9:EE:FA:4F:C5:72:9D:75:D3:4B:7A:6D:8C:E4:5C:39:24 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0p.n.l.j0h1.0...U....US1.0...U. +..Test Certificates1=0;..U...4Self-Issued Cert DP for Basic Self-Issued Old Key CA +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8c:6b:ec:1f:5b:3d:31:1c:fe:c6:40:ca:e3:c5:52:30:a0:9a: + 55:ee:f8:c3:bd:cd:b1:45:d0:7f:44:f6:42:1c:0f:b9:df:8f: + 4d:25:0b:ba:5b:bd:0c:68:c2:ce:b0:c4:17:e7:be:81:de:73: + 55:5c:6b:d6:3d:e5:e2:18:31:d7:5f:6e:1d:4b:0b:31:cd:44: + fe:29:d5:27:77:f5:83:bc:ee:3f:46:31:d5:66:5a:a1:9b:1f: + 16:d0:8c:ef:ae:bb:36:75:a4:b3:62:be:16:cd:de:b8:90:bd: + 5f:26:1f:a7:d8:1e:59:ce:27:af:ee:ab:de:9d:1d:66:ef:9e: + 49:cb +-----BEGIN X509 CRL----- +MIIByjCCATMCAQEwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3Vl +ZCBPbGQgS2V5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIGuMIGr +MB8GA1UdIwQYMBaAFPqiarnu+k/Fcp1100t6bYzkXDkkMAoGA1UdFAQDAgEBMHwG +A1UdHAEB/wRyMHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg +Q2VydGlmaWNhdGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBC +YXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAIxr +7B9bPTEc/sZAyuPFUjCgmlXu+MO9zbFF0H9E9kIcD7nfj00lC7pbvQxows6wxBfn +voHec1Vca9Y95eIYMddfbh1LCzHNRP4p1Sd39YO87j9GMdVmWqGbHxbQjO+uuzZ1 +pLNivhbN3riQvV8mH6fYHlnOJ6/uq96dHWbvnknL +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem new file mode 100644 index 0000000000..dc7432e631 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem @@ -0,0 +1,175 @@ +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBFDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs +Zi1Jc3N1ZWQgT2xkIEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +q8Gbt04t1VYDzow3lv3G+lNNQ/gCP0fz7/PBxNPzAwluA2Qzeix8gg74cXMpRe8u +PosT3EZZ9iK1PyFmcNq+CjzCuvi8d+1gaGS36wkcQBB6g7HiKRQ8ERQ4cEE6CH21 +ntbFzVbn3d+NofzVo6e1AIdHDNPm7G0+F6f034Lo508CAwEAAaN8MHowHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPqiarnu+k/Fcp11 +00t6bYzkXDkkMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBzQl++7X/MYd9h +3E0XroNDuD8TflER0UTgWOwN5UO8BXz8j402hmhEPyw66u6R27V7U1/wf8wtCAli +W7LnTcJKWFy9HKnpibiz50ike8zgsVmv1godVgDn/xvQPRAnWq+OX9Abc+6OTqiw +aDNRQp2WD1ph+daLu1XQgeAoD4Gajw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued New With Old EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA +-----BEGIN CERTIFICATE----- +MIICnjCCAgegAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt +SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBtMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQjBA +BgNVBAMTOVZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBXaXRoIE9sZCBFRSBD +ZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAogdB +BnysUr/KTFA61NvJ5idc2kOLUlr2Nyx1WK3KTTQwISpC6JWv5b2oERCJDCL7/3g1 +C3k8J0WWk7CG0T6ydQI7A90xJDYMPGdknO2Sc+8vm/JBnwo5Qgfz2X5Oeo0Bedbz +IDJHs35fj6KCHCxExaw5BHTbxC2cIu9YU35+KTECAwEAAaNrMGkwHwYDVR0jBBgw +FoAU+qJque76T8VynXXTS3ptjORcOSQwHQYDVR0OBBYEFHx6BhJiF7QEIUB6yCAl +MoN5MbxqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DQYJKoZIhvcNAQEFBQADgYEAkmGbvODeNeoPt8PMnRvdgOCxlnqA/pzPuD+JbKui +VPa3xQM64kKjbdTsq8JU+BtYbgy1Ocx4Lmvv/wdJ5AuIosaWiAfwW/+VVni4f6pq +lb08+5rRTA6k0Z5lhV2RSx+AomDcQnrwsxgi+LPj2aWfwxPL3RkpQ+gnBnoRdOwI +Fak= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA +-----BEGIN CERTIFICATE----- +MIIDETCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt +SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj +BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBALQ4a61C9wpu5W0cACccONm+QLNESmbHtLwy498fByU6 +h5UnHkutUfy7DbIv3rELFXUd2yM5xQI/QuQZ20EjXOZiCSJEcvzfoAyFLrAPf1pN +xQybX5HhLnJK+oGlwmD4ZatL7oDqV5IhlIS0So7g+SBOCh5lkKdzbH3l6D7nQXSD +AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAU+qJque76T8VynXXTS3ptjORcOSQwHQYD +VR0OBBYEFBu6jCGHcwcFmPrrudlvQaRF1YbqMA4GA1UdDwEB/wQEAwIBBjAXBgNV +HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDBy +MHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm +LUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAHDVnYLXKN//Mu1w +BZS8DbfQ8p/DlXZ0n9EmdXRzoHXReDWeOaoiHU1H1HNJcLMe4YgEjsttTEBGfsZo +OvyNNUZ7C/oQymaDykP9W/m1TX3ZVLmx96zj36gCkVPczoG78kQ5zVjoLl5G5BJQ +4YX3NumsNd2WpHY34K21Cd/KJ5KJ +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:1B:BA:8C:21:87:73:07:05:98:FA:EB:B9:D9:6F:41:A4:45:D5:86:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 62:de:93:8c:36:dd:b2:71:56:bb:4e:e4:32:37:51:de:6e:19: + 01:dd:3e:25:8c:d4:81:7e:fc:66:54:74:0d:32:30:d2:11:49: + dc:ad:6a:b4:fc:8f:ec:e6:56:fe:e6:ec:53:9e:41:66:31:2c: + ee:3a:be:bd:74:34:9b:71:c1:67:1d:3b:28:04:b9:85:e5:72: + cd:f0:2b:a7:d9:d5:e3:43:25:4a:52:2e:79:24:52:cf:75:e1: + 3c:35:82:d1:5d:1e:f6:05:8b:45:24:67:ed:84:9f:c7:8d:c0: + 19:55:5e:52:76:3e:2f:f4:af:13:ae:d8:24:a3:17:68:5d:b5: + 45:74 +-----BEGIN X509 CRL----- +MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk +IE9sZCBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEE +Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFBu6 +jCGHcwcFmPrrudlvQaRF1YbqMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB +AGLek4w23bJxVrtO5DI3Ud5uGQHdPiWM1IF+/GZUdA0yMNIRSdytarT8j+zmVv7m +7FOeQWYxLO46vr10NJtxwWcdOygEuYXlcs3wK6fZ1eNDJUpSLnkkUs914Tw1gtFd +HvYFi0UkZ+2En8eNwBlVXlJ2Pi/0rxOu2CSjF2hdtUV0 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FA:A2:6A:B9:EE:FA:4F:C5:72:9D:75:D3:4B:7A:6D:8C:E4:5C:39:24 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0p.n.l.j0h1.0...U....US1.0...U. +..Test Certificates1=0;..U...4Self-Issued Cert DP for Basic Self-Issued Old Key CA +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8c:6b:ec:1f:5b:3d:31:1c:fe:c6:40:ca:e3:c5:52:30:a0:9a: + 55:ee:f8:c3:bd:cd:b1:45:d0:7f:44:f6:42:1c:0f:b9:df:8f: + 4d:25:0b:ba:5b:bd:0c:68:c2:ce:b0:c4:17:e7:be:81:de:73: + 55:5c:6b:d6:3d:e5:e2:18:31:d7:5f:6e:1d:4b:0b:31:cd:44: + fe:29:d5:27:77:f5:83:bc:ee:3f:46:31:d5:66:5a:a1:9b:1f: + 16:d0:8c:ef:ae:bb:36:75:a4:b3:62:be:16:cd:de:b8:90:bd: + 5f:26:1f:a7:d8:1e:59:ce:27:af:ee:ab:de:9d:1d:66:ef:9e: + 49:cb +-----BEGIN X509 CRL----- +MIIByjCCATMCAQEwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3Vl +ZCBPbGQgS2V5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIGuMIGr +MB8GA1UdIwQYMBaAFPqiarnu+k/Fcp1100t6bYzkXDkkMAoGA1UdFAQDAgEBMHwG +A1UdHAEB/wRyMHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg +Q2VydGlmaWNhdGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBC +YXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAIxr +7B9bPTEc/sZAyuPFUjCgmlXu+MO9zbFF0H9E9kIcD7nfj00lC7pbvQxows6wxBfn +voHec1Vca9Y95eIYMddfbh1LCzHNRP4p1Sd39YO87j9GMdVmWqGbHxbQjO+uuzZ1 +pLNivhbN3riQvV8mH6fYHlnOJ6/uq96dHWbvnknL +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem new file mode 100644 index 0000000000..8a896652d7 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem @@ -0,0 +1,134 @@ +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBEzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs +Zi1Jc3N1ZWQgTmV3IEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +tCkygqcMEOy3i8p6ZV3685us1lOugSU4pUMRJNRH/lV2ykesk+JRcQy1s7WS12j9 +GCnSJ919/TgeKLmV3ps1fC1B8HziC0mzBAr+7f5LkJqSf0kS0kfpyLOoO8VSJCip +/8uENkSkpvX+Lak96OKzhtyvi4KpUdQKfwpg6xUqakECAwEAAaN8MHowHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFK+5+R3CRRjMuCHi +p0e8Sb0ZtXgoMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCuRBfDy2gSPp2k +ZR7OAvt+xDx4toJ9ImImUvJ94AOLd6Uxsi2dvQT5HLrIBrTYsSfQj1pA50XY2F7k +3eM/+JhYCcyZD9XtAslpOkjwACPJnODFAY8PWC00CcOxGb6q+S/VkrCwvlBeMjev +IH4bHvAymWsZndBZhcG8gBmDrZMwhQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA +-----BEGIN CERTIFICATE----- +MIICkjCCAfugAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt +SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj +BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBLZXkgQ0EwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBANa7RRhusOV0Ub10qBKMsUMG7QViaonYz0IcJLX0FKEI +EpTq0SV6NeVjjzmcrSrzjHQfJpkywOHRiMw7XvYunmzlwGSoD6TW1ZUYVDaQbKUT +oWooVoCzVstf6AsZiJiHQtBt4x4OHap7QRcJdlh7aPhp6TR+zq8gB1HsG8yUlG0x +AgMBAAGjfDB6MB8GA1UdIwQYMBaAFK+5+R3CRRjMuCHip0e8Sb0ZtXgoMB0GA1Ud +DgQWBBTJW9PRvwbxAcF5XLtzDY1MRsst2TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g +BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF +BQADgYEAhIZ09WrNK3jX+b8HugQygNCBEVVfX7TOCCFkmRaxp4R/QBHWvcts0YQT +6M5ZC6b877id6zRYegHadKekVVqwFbLKEO0MnpD2yGhGgDpbil2HlEaQ9yKQXpGF +CBx05/e7jkNhk/zGDsBqmNzkozrJOYBohkwUOjVFkAuLyovPhTY= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued Old With New EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA +-----BEGIN CERTIFICATE----- +MIICnjCCAgegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt +SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBtMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQjBA +BgNVBAMTOVZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBXaXRoIE5ldyBFRSBD +ZXJ0aWZpY2F0ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArImc +Yf7s6ea0+dqzWPAcGg4gZE8CjbYlhP964Da56tk10sqLVKHCKxnRYgymvojftLHO +4WYGhfOfDGxlEex3i/AvnxEqVlwzH0M1fCU7mvycYjZtMSObA4U1mr/MRoO7U2so +ege9jkx/dSbZIRGY1huIipH8TjGnOmfa56IBLpECAwEAAaNrMGkwHwYDVR0jBBgw +FoAUyVvT0b8G8QHBeVy7cw2NTEbLLdkwHQYDVR0OBBYEFLKHIZkLlnQV1U2SSzrY +JQOcna7uMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DQYJKoZIhvcNAQEFBQADgYEAZu2t7x1PqFyZIdjnp2j/D37jnc5xmuhC2UOUuyt2 +WFggO+apFns8iYM3azA0uj819lQexXHqKAZi5tQnMzPcYJgDjb1ix0kUCwiW3v20 +LlHf39XU7HJjfXn5USPwqNvrHcWADkRfL10y0ve+F7tmkESFvb/yF3ZU+t/OBKb4 +Dgs= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AF:B9:F9:1D:C2:45:18:CC:B8:21:E2:A7:47:BC:49:BD:19:B5:78:28 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 73:fe:c5:db:86:ee:6b:0e:f8:68:85:d2:0d:c1:44:01:d1:33: + 5d:9a:42:14:a7:a9:20:bd:38:30:c1:f1:3e:c1:b8:d9:4c:ba: + fd:3d:7c:a9:66:5f:94:fa:46:e8:23:94:4e:8d:09:1c:45:6b: + 21:ce:b5:cf:3f:e6:18:33:d0:ac:a6:ea:c5:f9:32:6e:75:31: + 79:6b:1a:8e:50:05:86:89:f9:f3:e9:8f:67:e7:93:b7:d3:05: + b0:9f:2c:97:9c:b7:7e:01:7e:c6:5e:f8:72:4d:11:6b:9d:30: + f2:69:df:68:5d:aa:a0:84:f1:07:68:15:fd:93:f6:14:a1:f9: + 90:ce +-----BEGIN X509 CRL----- +MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk +IE5ldyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgED +Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFK+5 ++R3CRRjMuCHip0e8Sb0ZtXgoMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB +AHP+xduG7msO+GiF0g3BRAHRM12aQhSnqSC9ODDB8T7BuNlMuv09fKlmX5T6Rugj +lE6NCRxFayHOtc8/5hgz0Kym6sX5Mm51MXlrGo5QBYaJ+fPpj2fnk7fTBbCfLJec +t34BfsZe+HJNEWudMPJp32hdqqCE8QdoFf2T9hSh+ZDO +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem new file mode 100644 index 0000000000..cdaee8592d --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBRjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0 +cmFpbnRzIEROUzEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKF4cGWB +eAaOHCGkAPlmkE9/9XtvEpanIGNf1g0ab0PBnZR8ffY+IK2+rwOeMVtfXmJbaxi/ +Z70teNn94XkPXH6Pmz/pL170Q96CasAsPU2uQC4AtNjkUSeFbSoY7Ul2NaBYqLrW +yQ7O3jEXdX76KQWqYcihAq1Jw+AEruMq98WrAgMBAAGjgaUwgaIwHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFHXnZ0cYCavxiIjbno3V +F1KO/HN4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoIUdGVzdGNlcnRpZmlj +YXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAzUV5anoiOD8wQQnetIFcg5wLnNlr +dPixWje4q2JQcPnqZk3TW9O0GDtWHmZwVoS3PixQlJPHZGvkliTKM9vO7a8J2FDl +/ZFRNrm2rHFjZxygk+UTwj+SI4CO8kmtSesvV0ViWwNNyfOV/nmvBjqy6pEbTnCD +pax2/2P2ruVALCk= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid DNS nameConstraints EE Certificate Test30 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA +-----BEGIN CERTIFICATE----- +MIICvTCCAiagAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh +aW50cyBETlMxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD +Ey9WYWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz +MDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA08C22ZtMqDmJQjt6hWE9rPJX +rWB8T165lEh/iTleDZqyVWl5PRT8V1PTxkkp5aURAXm8BsNc1b7YFZfdsiMx1bjU +iBSvqDWP8HtarPF6+J0wsXO8Zxp8OV8kCjU1gA4hLHUvVghURkKoVXwzB2cwhlqm +iJcKkvv65JpzZPinbCsCAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBR152dHGAmr8YiI +256N1RdSjvxzeDAdBgNVHQ4EFgQUYmleNHVLgQPdh5BhovyETaAgDeAwDgYDVR0P +AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAqBgNVHREEIzAhgh90 +ZXN0c2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GB +AJCvVAtnYWZDsmocwYuC7e6N0annLwnm6MvbUgS7+KHuXfm1ty9YuZRe3t1SFQxX +yhuTKj9iERpNsz7ldpdAKftS6PasptiZLlqhi3Z6csOnVtmFErdgN56iJoZgkDlv +YTSVuG8xVfNBvOTHve/LWxGMlTGPDLMLf0hamDdBTfCK +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:75:E7:67:47:18:09:AB:F1:88:88:DB:9E:8D:D5:17:52:8E:FC:73:78 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 90:61:77:a1:94:8e:c3:62:6b:dd:eb:ec:3f:0d:e0:dc:1f:b9: + 04:fa:e1:74:e4:5d:d2:0a:cb:42:4f:41:9a:a5:91:d4:2d:57: + d2:6f:1d:5f:cd:9a:2c:24:5f:3d:21:9f:87:78:17:33:96:09: + 1b:d1:bd:f9:50:b7:17:c1:e0:af:50:95:7a:9d:03:9e:2c:95: + ef:f2:c2:a2:74:93:d3:9c:c2:73:74:96:90:b0:78:15:69:e5: + eb:b4:5d:dd:19:4d:ea:9a:78:af:ae:a4:b5:69:78:58:aa:7d: + 5d:9e:05:ee:a8:8d:2d:16:03:86:18:62:6b:cd:67:8c:5e:13: + 1d:46 +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE +TlMxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBR152dHGAmr8YiI256N1RdSjvxzeDAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQCQYXehlI7DYmvd6+w/DeDcH7kE+uF05F3SCstCT0GapZHULVfSbx1f +zZosJF89IZ+HeBczlgkb0b35ULcXweCvUJV6nQOeLJXv8sKidJPTnMJzdJaQsHgV +aeXrtF3dGU3qmnivrqS1aXhYqn1dngXuqI0tFgOGGGJrzWeMXhMdRg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem new file mode 100644 index 0000000000..62413ef929 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICqjCCAhOgAwIBAgIBRzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0 +cmFpbnRzIEROUzIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANmefIFU +RUgrahNMyIfzibuPD5LXv1aF765kc/ROx4BQYuBUZehjaB0G3eHv0wGu5rSJbnoy +Lpdv0XVvBKEai/K+9iIereljhcwZzKTbHHvAdhCtgImX/Zz/KZ7OU4GZJGkdcj9r +e/szQBEqTWkWB7hT25WM4ghi5xAz1Tn3foOxAgMBAAGjgagwgaUwHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFH6Q3Dvq3pzSm0JE73sa +zW6PkuC0MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYIXaW52YWxpZGNlcnRp +ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAekwpteebcTHJ3RTTqNmNlRsw +aSa2MtBlaOVNyWi/Qsgy/LO5We9Ahkq56VlKB4WTWCFBdrbbnZ4k1Dpgj+NA8YBD +Ysuq9KofKqycs+alN4JOOMtKHzbm05wPqkhY1qbBFAUbrEm5felp5drbJys97mCX +bm7XHTxTuImtWM4ESC4= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid DNS nameConstraints EE Certificate Test32 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA +-----BEGIN CERTIFICATE----- +MIICvTCCAiagAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh +aW50cyBETlMyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD +Ey9WYWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz +MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA374o7AtX/s5zVHxqAws7oJ0X +W9efE9ztupuhz0gxjrTuRbVoFj3Z98ikVL8RLG00VdWjgbKd9gWB+UI4GD01A7Wn +M5bSXi2t5fcyVYPxPjzhrl2gW/DfUYO4U6LHtTqID+ARhddd3Xlz/6WXt+gOLARC +4zuqAsvNuNpnFbI5yA8CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBR+kNw76t6c0ptC +RO97Gs1uj5LgtDAdBgNVHQ4EFgQUpTkqy96R+925D9dnz/clmePZZx0wDgYDVR0P +AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAqBgNVHREEIzAhgh90 +ZXN0c2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GB +ABBLDmNvZzxO6JM+lTiTscA+ikguaFV+BdfdORenOIJYUHV/j5MhzLCcOqh32U/B +KZqQ9ataMvRSnqfnTHtRCWo19S5qT0QjVjVfYsDfX8QQy2jJ6bI9S5vn4bLO2HUK +jLOabPS5lyHm10fdN+g59VKHjcBKmkBkngTkhVqVLOxL +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:7E:90:DC:3B:EA:DE:9C:D2:9B:42:44:EF:7B:1A:CD:6E:8F:92:E0:B4 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 02:f1:3c:9c:25:d8:e5:f3:99:97:72:47:d1:94:a1:f0:11:0a: + 8d:ef:9f:4c:c6:3e:93:23:1c:76:92:f7:68:f7:8f:9d:d0:ab: + 7d:73:20:ba:f8:ea:1c:90:10:59:01:07:c3:11:36:15:70:b3: + e1:80:3f:38:65:42:77:78:95:79:6d:a9:88:c7:54:59:b2:52: + 9d:da:5a:58:a1:73:1e:07:78:00:01:67:02:41:9e:82:b4:ab: + f3:d1:74:00:8f:ce:fa:78:8b:c5:ff:ca:40:ca:88:90:ac:74: + 78:41:4b:60:85:3f:43:31:7e:1c:60:bb:3d:91:09:df:9d:f3: + 6a:40 +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE +TlMyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBR+kNw76t6c0ptCRO97Gs1uj5LgtDAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQAC8TycJdjl85mXckfRlKHwEQqN759Mxj6TIxx2kvdo94+d0Kt9cyC6 ++OockBBZAQfDETYVcLPhgD84ZUJ3eJV5bamIx1RZslKd2lpYoXMeB3gAAWcCQZ6C +tKvz0XQAj876eIvF/8pAyoiQrHR4QUtghT9DMX4cYLs9kQnfnfNqQA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem new file mode 100644 index 0000000000..1da7bd70d8 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem @@ -0,0 +1,167 @@ +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIIC0DCCAjmgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT +EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x +IHN1YkNBMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA37aIkV7sYy0JnIQ6 +oLcZr4T5fsXvU6SzOxBfPrtNDpq884ix+hP3zDxAwCSO5mU0znQe9s5im5Mf9yKK +0FIXOAHFwMb5M5mAZNwn7Tx0XYxDfBx94lsMvJdBDCddmTB5akZgQF5Iir+Y52y7 +yiWRJM+ZmowFfoi5rp/PgkSOJxsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBROLqPn +2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQUV6v4nCfI0vTmz2+qIAs1ZwSDJGsw +DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB +Af8EBTADAQH/MCYGA1UdHgEB/wQcMBqgGDAWgRR0ZXN0Y2VydGlmaWNhdGVzLmdv +djANBgkqhkiG9w0BAQUFAAOBgQBlTO2ECGQPZsbXzVHd/rGejurHrD9MHfTQYJCn +pFjAPq3wSo4qFVopG5gl9s4rdpNU+XvoY5zO8MVxTnfFi5G+y2CWZTG0iIWQmC8b +ReqDdpVeAV3ictgaDyoU1ApdemyOS2pHV0mgm7vPYCx+17EXzFBphUICViSFv45n +cu1nCg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+ +WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY +AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX +BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558 +WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0 +ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs +UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW +2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe +Ve3YFugTb2fMnETR7A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN and RFC822 nameConstraints EE Certificate Test27 +issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3 +-----BEGIN CERTIFICATE----- +MIIDATCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1 +YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMzAeFw0w +MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGJMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy +ZWUxMUIwQAYDVQQDEzlWYWxpZCBETiBhbmQgUkZDODIyIG5hbWVDb25zdHJhaW50 +cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBAL23wxEGImwm+05H4yzrxRQXdJBQp/RrfHB1tjFbPIUzr6hR7T+xNjC+3M8r +Y//0sOjggeDwLkrbhDl5TK9qQUui3Oys3QORkLfvuBIKjHtzUYfyizTV86KvAybY +dMOrY8sc5zivU0N9+FESFwg/Kv+meXt0vgL9DSe7PsFnaC8fAgMBAAGjgZYwgZMw +HwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+qIAs1ZwSDJGswHQYDVR0OBBYEFN3zmdIg +RlRJJv9aNE/zRRJu9+n7MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAEwKAYDVR0RBCEwH4EdVGVzdDI3RUVAdGVzdGNlcnRpZmljYXRlcy5n +b3YwDQYJKoZIhvcNAQEFBQADgYEAEiXPBPlFwaHGZ5TqIDXXTXn8ViKz9zfr1imR +nhJlqZJTu2TlScmSN4vEg6++1wS0vVxiPiwNQkrH78lRNTH56MQOH92DxRyxF40M +5YJc2GuFb6+ZkSKVWDG6UbkbMxjaZvqd+jnODcW1K2lBl1jHiv61hoNxe6VrNb4i +m1dYiFQ= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72: + 71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc: + 19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80: + 74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a: + 29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2: + 39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a: + f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e: + e8:eb +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx +X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L +4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:57:AB:F8:9C:27:C8:D2:F4:E6:CF:6F:AA:20:0B:35:67:04:83:24:6B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 9a:01:ff:a2:5a:8d:4a:16:d9:8f:d1:7d:40:a2:bc:eb:6f:fc: + 4d:58:3b:b2:03:77:79:60:99:5e:f7:f5:b0:39:62:10:15:8f: + 67:ad:12:b7:a6:2c:ef:de:76:3b:90:26:79:b7:1b:7c:3c:25: + b7:bd:11:82:78:21:93:5b:11:66:15:e2:e3:d9:77:e6:a1:18: + 6d:dc:46:88:f9:13:7f:28:5e:17:95:7b:a6:da:4a:00:c3:44: + 8e:f4:00:50:a6:a0:52:86:90:cd:40:54:66:92:30:0a:64:0d: + 09:19:17:64:41:33:08:5d:c3:11:b5:ab:d8:61:5e:a2:60:56: + a7:d5 +-----BEGIN X509 CRL----- +MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx +MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMxcNMDEwNDE5MTQ1 +NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+q +IAs1ZwSDJGswCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAmgH/olqNShbZ +j9F9QKK862/8TVg7sgN3eWCZXvf1sDliEBWPZ60St6Ys7952O5AmebcbfDwlt70R +gnghk1sRZhXi49l35qEYbdxGiPkTfyheF5V7ptpKAMNEjvQAUKagUoaQzUBUZpIw +CmQNCRkXZEEzCF3DEbWr2GFeomBWp9U= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem new file mode 100644 index 0000000000..45a7bb6036 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem @@ -0,0 +1,111 @@ +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIICqDCCAhGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT +EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry +YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBALJBCTy1/LSNTMnBOuzrGV4EuZM/iXN4/m+w9j5uwlLzfyPGdceIOSA+ +vOAPdr/9ralb/4Wvr2H7ive/ruSrj338JwY50O9BMowjNWiBs+G30rUMo+lFNoHV +eUfBE9TZF5MiZMRPH2UiH1QqCHSn8Myeb19XahMyIfCVqISqwIEPAgMBAAGjazBp +MB8GA1UdIwQYMBaAFE4uo+fZ3YungjtBSsOefFkjV05TMB0GA1UdDgQWBBSa/kUI +iD544eivJJmZZwWNNFasSDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg +hkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAGlp4H06BUnD5PHzz/2nv9PBE7Vc +UFLCQzhBdC13Ml9hLy/5ZLFWjlxnMKCuL51OVW25ocoUaUubwgvi3crDc4O9p72W +xYXIEa7PYpuPadAEOKbdZJNB0X1aKWORBpaj6yiK48WMG0UydqIZps0wcfAP3HwK +yZa23hxUZyeu9lkv +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+ +WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY +AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX +BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558 +WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0 +ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs +UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW +2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe +Ve3YFugTb2fMnETR7A== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72: + 71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc: + 19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80: + 74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a: + 29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2: + 39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a: + f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e: + e8:eb +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx +X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L +4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem new file mode 100644 index 0000000000..921ee94669 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem @@ -0,0 +1,113 @@ +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/OU=permittedSubtree2/CN=Valid DN nameConstraints EE Certificate Test11 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA +-----BEGIN CERTIFICATE----- +MIICxjCCAi+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjCBmjEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQL +ExFwZXJtaXR0ZWRTdWJ0cmVlMTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTIx +NzA1BgNVBAMTLlZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0 +ZSBUZXN0MTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJlfx3jHiQnBHgwQ +XhHjF5QJIB+q+2Mc2w6gHDzym/PiEa5utF2eNcy1cskZiVaLmODreo/HtQpn8Iv+ +YBfTuMT3GDXVTpPFfhVvtm4c7xz+e8QcJhK5TapF4kA4ejKPY8/JzpEtMvIS1tbt +w4ZQteFe2G55WqBlnMnwK3yQtphFAgMBAAGjazBpMB8GA1UdIwQYMBaAFBI1n6zB +uaHjOv7xL7p3sghOTVntMB0GA1UdDgQWBBRiLDLb16WReucmARwbU+K2PP+CPjAO +BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3 +DQEBBQUAA4GBAD8UOLijF/GmDv8mf/f0lhyLAbW8kylUTYgCUJpSlOL5pbtDoy/d +9OGqYA3uzDmQJxeaW2dzPwxOjV1IVBVFjA1yBiOpxQrLhc4vDGnVBpYfcvVzy1Dh +0jntUoxeVGCVSTd5DX1DWqzfQcOvEP3kiPGhodlCrY1udMFkLCuleB7B +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIDRjCCAq+gAwIBAgIBQjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIERONSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxmMyGO18 +wxt7plFRZcGPd5GxKiCL+NJ+O/UB82qQ1+GhwlsBTSo86QNLh9KPIjs3rrARYIo0 +FqA86FPnpIiE/yWOfuQOeI3t6yvWf0XsXvcffhjW6n6sErOqhXX7voiJODZMseiM +wQ2Md8CcE3j78i6crfbdO6xGp2xNX63VmkMCAwEAAaOCAUQwggFAMB8GA1UdIwQY +MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQSNZ+swbmh4zr+8S+6 +d7IITk1Z7TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB +MA8GA1UdEwEB/wQFMAMBAf8wgcMGA1UdHgEB/wSBuDCBtaBLMEmkRzBFMQswCQYD +VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBl +cm1pdHRlZFN1YnRyZWUxoWYwZKRiMGAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU +ZXN0IENlcnRpZmljYXRlczEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGTAX +BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTEwDQYJKoZIhvcNAQEFBQADgYEAp32j43pb +BqBj+2V14kyvmo+pgQ9H/ag1zf7WG4ei+McEkF7yvHSC6nfXJA19r+q2fAnvIU4M +TriscCGq9oE6qzd3VIQ5wx8eJp8v9SG62gxZe3n1A8gzG37TvTwBOeEgxOKBa/BS +8MNUbMO2SJwuE2pi9fnMhCgx9JxUQvQLou0= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN5 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:12:35:9F:AC:C1:B9:A1:E3:3A:FE:F1:2F:BA:77:B2:08:4E:4D:59:ED + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 74:3d:76:85:10:61:c5:e4:1e:19:16:23:27:99:ac:bf:2e:c9: + 07:40:7b:fb:45:44:5d:c1:6e:d5:5a:e5:6d:35:d1:4e:9c:e1: + b7:21:0c:2a:7b:7f:27:ed:9f:f4:59:15:1c:67:1d:4b:8e:ca: + 19:7c:a2:78:22:bf:28:67:31:5f:bf:f3:73:73:ed:c3:9c:fe: + 2f:16:56:80:ea:ec:27:dd:7a:85:15:2c:e8:fd:c5:80:2d:ad: + 36:ac:8f:39:5b:d9:79:ff:54:82:c6:61:37:e2:b6:07:46:8b: + df:2c:86:2b:69:ca:d1:c3:71:4f:3f:c7:e9:4c:c9:23:85:85: + 19:9d +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjUgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFBI1n6zBuaHjOv7xL7p3sghOTVntMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAHQ9doUQYcXkHhkWIyeZrL8uyQdAe/tFRF3BbtVa5W010U6c4bchDCp7 +fyftn/RZFRxnHUuOyhl8ongivyhnMV+/83Nz7cOc/i8WVoDq7CfdeoUVLOj9xYAt +rTasjzlb2Xn/VILGYTfitgdGi98shitpytHDcU8/x+lMySOFhRmd +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem new file mode 100644 index 0000000000..320f1d446b --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem @@ -0,0 +1,165 @@ +subject= +issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2 +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1 +YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMjAeFw0w +MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMAAwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAK5n11EFLCX399YnLoDu+WMSsdD5RH6rHhn9p0cp2PAWiwDuXGka +pOpn/ZgxpgF/Ydw7ASh9/R0rJD0EfAG7rADF6j3ECZntAJmdiO7euB16HhemfpVN +ZRiCcehJVtTK+G3vptIsyPFsdWYusjaRHdEniqEv0+rI8ZdP2RBn/pn5AgMBAAGj +ga8wgawwHwYDVR0jBBgwFoAU1a9rKA2drUhsDIIq/9JoCS8UbVcwHQYDVR0OBBYE +FDv0z/QxqCSlpmLnB0ps7mSrkwUoMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO +MAwGCmCGSAFlAwIBMAEwQQYDVR0RAQH/BDcwNYEzVmFsaWRETm5hbWVDb25zdHJh +aW50c1Rlc3QxNEVFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUA +A4GBAEfjsvrVypBwFe1Fa4RRq10LsqrrCLc1NPiFR0B2yliqIBq81FAJcdEDNmZq +D8C5gctYTrk9OgXYKgTzUkO8UGNtOYhDPrz1LyBnpND5D1ggYJe+xur2EX0ilhDO +iq9+08Vo59/dYFQlttOeyY+LJMNzWqQAxxtf3p89oTOgQfxW +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+ +WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY +AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX +BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558 +WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0 +ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs +UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW +2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe +Ve3YFugTb2fMnETR7A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIIDAzCCAmygAwIBAgIBBjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT +EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x +IHN1YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAteRgCqKcIeCHmYMc +xyzmM+fCjW6MAEl+OFQ9Q7UJ1n9YE0TuaGiSxjTkrTXwDF2JoDwMtC6FoqnvEyEk +kAxNlM0oiLhRxM9FcNCow3VK458jtPozrIgd/7PAP+FXsqPanD2DRYj4c1gNKSl4 +U/l6HyTj+yV6ax5EkPgQDLQlJksCAwEAAaOB2DCB1TAfBgNVHSMEGDAWgBROLqPn +2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU1a9rKA2drUhsDIIq/9JoCS8UbVcw +DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB +Af8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMCVVMxGjAY +BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0 +cmVlMjANBgkqhkiG9w0BAQUFAAOBgQANN5YtrqXFWfdpK19qY+rn50d/fYdLaOU5 +dSIAqmnB5woTCXdWF0LUADF4DkPfcWBxbE36lwBuGXBfiInH/5yLRy0Y9cZbtHSg +QwTIf2a+38pR6QyBniftVBmBTuhO/PV+/kA8gKAZ6X4+vGMv69YjU9avYeS1o+XW +liQdX8l7vg== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72: + 71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc: + 19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80: + 74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a: + 29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2: + 39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a: + f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e: + e8:eb +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx +X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L +4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D5:AF:6B:28:0D:9D:AD:48:6C:0C:82:2A:FF:D2:68:09:2F:14:6D:57 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + af:f5:73:47:0b:2b:ce:c1:5c:82:7a:07:ed:cd:ce:55:02:85: + 34:07:7e:46:10:13:e0:94:7e:8c:27:9c:f5:52:89:55:5b:fc: + e9:08:32:b3:54:75:03:c0:ad:8a:b7:e3:fa:5e:73:10:90:5f: + 26:ca:6e:1c:e2:68:e4:99:4c:06:38:3b:56:25:ce:82:a5:7a: + 3f:0e:c5:a4:78:8b:19:d2:fc:a6:4f:f2:6d:d6:12:5f:69:03: + 98:b8:00:c2:0d:4f:9e:47:fd:66:3e:ac:e4:fb:55:f3:4b:bf: + 42:54:ce:46:a2:5c:fd:c4:5f:d8:61:5a:61:9b:a1:2c:af:0a: + a2:2e +-----BEGIN X509 CRL----- +MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx +MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMhcNMDEwNDE5MTQ1 +NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU1a9rKA2drUhsDIIq +/9JoCS8UbVcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAr/VzRwsrzsFc +gnoH7c3OVQKFNAd+RhAT4JR+jCec9VKJVVv86Qgys1R1A8Ctirfj+l5zEJBfJspu +HOJo5JlMBjg7ViXOgqV6Pw7FpHiLGdL8pk/ybdYSX2kDmLgAwg1Pnkf9Zj6s5PtV +80u/QlTORqJc/cRf2GFaYZuhLK8Koi4= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem new file mode 100644 index 0000000000..a9762440d7 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem @@ -0,0 +1,162 @@ +subject=/C=US/O=Test Certificates/CN=Valid DN nameConstraints EE Certificate Test18 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2 +-----BEGIN CERTIFICATE----- +MIICkTCCAfqgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh +aW50cyBETjMgc3ViQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +YjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcwNQYD +VQQDEy5WYWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz +dDE4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDB4Ppc8a/vNVYqFPhznRZF +lo/ecz5fZXYIuGCaozBBsqZu+6JFjbrAbeA6FbCKH/w1WFNPPTTSvJqSqN4Lw1yG +yeTCfJoFyUA1wbNUKONsJQgYoOLM+KIuBUpfhZKtHzLrk+NKoCz7pWo52Wy5aQ0A +B8St+URVVzDNk8Z5+mtaYwIDAQABo2swaTAfBgNVHSMEGDAWgBQLSL4ocWpIJAo8 +4krUBSri1x417zAdBgNVHQ4EFgQUzsfJblSrNLQ6e4Gq3J4kw3O7LYQwDgYDVR0P +AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUF +AAOBgQC3FQqH6qw98Em37v12rhcPtdOIRWZPs2z9dGJpRJHDBzNoWr2t5pxwnBhZ +L7Wy8uNRTy6iTNLgDPIPP4sXYlphcnG2SLe8APJUcTE80aikRwFcht0SO+lpiUhn +FTrjSWJELeehius13WbzhA4NKTjleW5zkvh3mTYww5msepvgrA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA +-----BEGIN CERTIFICATE----- +MIICyzCCAjSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT +Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDCH3OWCAvPFZXpNTKMN3DoOML+FK32+icT19l0MQXIXBqoJyw8qF2z +xcl4ahdLxfSFpf8OF3ttKbzN5fk2/Dxue6beAMs0L1r4VUilJaUhOmTMrlYXB6UI +QX2nzlu6lZbNrI0VFt8qM2C9CdbG+2ZQuJQQO0BtHXWJC9el4t68/QIDAQABo4G8 +MIG5MB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBQL +SL4ocWpIJAo84krUBSri1x417zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wPQYDVR0eAQH/BDMwMaAvMC2k +KzApMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMwDQYJ +KoZIhvcNAQEFBQADgYEAV7W8Yarxgw2gPgl0gz1Vz7IdH6ZbzLBpsB0W+gyPTd+R +toE/N42Efda3DIG5BoxqTj00uc9j2GF5LqBgKaEieenzkv5E6qbTrZ0F/FdX1c17 +DBpRvkchpd4FACNL+FhSq824LEKdBDOx669LmsH664nk6NSPtv04LjUxa+822aw= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3 +pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl +4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi +LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH +NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl +ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn +4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ +Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA +Wofw3VBcFpqgolnA +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22: + dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d: + c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25: + 85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a: + db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17: + 6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1: + 7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b: + 16:a2 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC +bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd +F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:0B:48:BE:28:71:6A:48:24:0A:3C:E2:4A:D4:05:2A:E2:D7:1E:35:EF + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + c0:0c:a7:28:80:0d:2c:71:66:4d:67:82:ec:c7:30:4f:48:29: + fe:d4:20:82:f2:5c:e6:ef:24:8b:9f:f2:b8:c5:3b:e0:86:53: + f4:b5:fc:67:db:b2:1d:45:77:8a:78:47:eb:63:bb:43:b8:14: + c0:05:ff:ca:7b:d5:1f:fa:df:e7:7a:a5:39:e7:00:ed:4a:d9: + 6d:fd:d1:78:a1:44:f0:71:f4:89:4c:52:d5:ef:99:5c:59:eb: + 80:c4:5d:ed:48:2b:5a:55:0b:d1:df:4a:a5:49:69:f1:67:a2: + aa:ce:9d:99:9b:74:0f:ec:da:60:d9:3e:14:45:a3:6c:5b:47: + fa:d0 +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE +TjMgc3ViQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBQLSL4ocWpIJAo84krUBSri1x417zAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQDADKcogA0scWZNZ4LsxzBPSCn+1CCC8lzm7ySLn/K4xTvghlP0 +tfxn27IdRXeKeEfrY7tDuBTABf/Ke9Uf+t/neqU55wDtStlt/dF4oUTwcfSJTFLV +75lcWeuAxF3tSCtaVQvR30qlSWnxZ6Kqzp2Zm3QP7Npg2T4URaNsW0f60A== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem new file mode 100644 index 0000000000..4ac860600b --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem @@ -0,0 +1,112 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+ +WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY +AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX +BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558 +WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0 +ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs +UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW +2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe +Ve3YFugTb2fMnETR7A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIIC5DCCAk2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT +EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry +YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBALhZkHcTNlH9LLnLK2xDvZYiDsOUcL9iZsUfTjpcENuDJ8rsXGriZDos +g2p5cYPr4BQ4895UOQPYJo6M7/4aUnQoc/FwnGfeBNagpCJg+nD8GQNpETK9QR06 +nSxOR4/hBD6YqE8UwAIaHejrmpeTrXankCrcei9nFiquQ0Q+rwWbAgMBAAGjgaYw +gaMwHwYDVR0jBBgwFoAUTi6j59ndi6eCO0FKw558WSNXTlMwHQYDVR0OBBYEFPG4 +BNfdQjQcDcDbjwsrIcrQPg3UMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwOAYDVR0RBDEwL4EtRE5uYW1lQ29uc3RyYWludHNUZXN0NEVF +QHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAF3XzP3FukeS +uWBMveZeEBA64M3CPXE4MchDQhtqKcYGa6SlA/t5zpGyFINeThQQrLSuijVGBGr9 +39Hwl9/maACLW3hz5xtL0881tscL2+obZhmF/lGB/e0RrLyGN3Wqql0a+BhEcj/+ +sG0iaxWcpIKdJXNFCi8/rexF7NWS+onw +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72: + 71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc: + 19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80: + 74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a: + 29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2: + 39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a: + f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e: + e8:eb +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx +X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L +4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem new file mode 100644 index 0000000000..7f9a94cce7 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem @@ -0,0 +1,115 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints DN2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIDKjCCApOgAwIBAgIBPzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtF5CubXL +7jLiEaC4u7BvRC1Z977doXE+03Y8hW6dFiuPJTcVnlMN2mSck2x6VylflhI7XVIB +PNiZZeRcEzbCJk3AmJL2NDh/20nxHhEr3jxWLmVeyLg1SXhD6WfJKwuvd61cnQkt +xvFXQEmlzIxBohRZv/YwermH858cZ4wH/9ECAwEAAaOCASgwggEkMB8GA1UdIwQY +MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBShfMTSexMLJgKOUfag +rNt28dFirTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB +MA8GA1UdEwEB/wQFMAMBAf8wgacGA1UdHgEB/wSBnDCBmaCBljBJpEcwRTELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFw +ZXJtaXR0ZWRTdWJ0cmVlMTBJpEcwRTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl +c3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMjANBgkq +hkiG9w0BAQUFAAOBgQAw7If++YRGfq6fz1Wm8RpFEbKLi3110GORteylvI+G75Hu +d6luoo/n/arIfKwWChanGI39YZQ4zYhx00qVeQRbUUuLMjkx14XQVntKAG8sI+KE +mWmt2cip5+XbIJonQDFQAnQWrhAGpw+ilvfv7v2f+9Q87cYLEoIOPHWstobcug== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN2 CA +-----BEGIN CERTIFICATE----- +MIIDOTCCAqKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT +EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry +YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBAMMSbKt/wrsfhfsOqi60ijsWABK1LY20O0SAKCNKW2LuoK3iYZRMPRMT +2Oym1z29akHaZ5ftLz/WGQ5JuabuVkg4Gx1xRloNkS0RQlIuRMJfLM2mzlXWH5ud +oXHeHmwbUiYvWFbmwrx4xZbeSaePIYctisexGIa20LJ67Pd8t6OvAgMBAAGjgfsw +gfgwHwYDVR0jBBgwFoAUoXzE0nsTCyYCjlH2oKzbdvHRYq0wHQYDVR0OBBYEFMRD +3dYx5+B/4AavhJ+9quSyY66XMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwgYwGA1UdEQSBhDCBgaR/MH0xCzAJBgNVBAYTAlVTMRowGAYD +VQQKExFUZXN0IENlcnRpZmljYXRlczEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJl +ZTIxNjA0BgNVBAMTLVZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp +Y2F0ZSBUZXN0NTANBgkqhkiG9w0BAQUFAAOBgQCfVuaBKnayPluCi5d9KyF783Oi +JpQn0SY2yAfXdRAH3cugsfzlo0rsjHyRPj+g5QW5yabg7uJbj11/tnQ/En7u56cj +mnDBuLqUFrqkJY3Md+k/bCXomEjddbEGKjV8d54oD8ngld0Oy4+fBPQbNo1apc7K +LqdooapvnR5Nm8qsWQ== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:A1:7C:C4:D2:7B:13:0B:26:02:8E:51:F6:A0:AC:DB:76:F1:D1:62:AD + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 61:8f:48:c3:1c:a7:3f:ae:b4:6b:c3:99:b1:72:4c:ea:6a:b7: + e7:93:fc:d6:ef:4b:64:a2:cd:a8:45:04:4c:b5:14:5b:60:24: + 83:f1:36:22:75:b9:96:22:2f:48:86:bd:a9:8d:f5:9b:f0:bb: + c8:f4:70:13:6d:71:a3:8b:0c:a5:ea:5f:8f:42:45:b7:e0:4d: + ee:47:1a:39:53:3a:5a:61:3a:6b:8b:39:26:ca:38:f8:b5:c7: + 8d:44:d3:47:7d:68:29:b9:4d:86:af:fc:26:11:da:02:07:63: + ff:9a:19:51:33:84:bc:a6:ee:f2:12:61:24:92:86:ae:73:41: + 1f:b6 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFKF8xNJ7EwsmAo5R9qCs23bx0WKtMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAGGPSMMcpz+utGvDmbFyTOpqt+eT/NbvS2SizahFBEy1FFtgJIPxNiJ1 +uZYiL0iGvamN9Zvwu8j0cBNtcaOLDKXqX49CRbfgTe5HGjlTOlphOmuLOSbKOPi1 +x41E00d9aCm5TYav/CYR2gIHY/+aGVEzhLym7vISYSSShq5zQR+2 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem new file mode 100644 index 0000000000..35f40caf4b --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem @@ -0,0 +1,111 @@ +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA +-----BEGIN CERTIFICATE----- +MIICqDCCAhGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT +EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry +YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDYwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBAOdvJDDcPZf9hCISpQZ3vrpBXxzoFe0eBH7NUTsfOWAh2OGCfOak1DHU +NApws4o7QUiHWATX1FGzJj9d32W9sROF6qqFJl94jJDinNYS2QeEMZ/T1W7u3+eP +HZjrIYArjSRN19lgg2VuU5WpIKOXas+cOOQlh/I61dFQjHqyf1W1AgMBAAGjazBp +MB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBTohZvb +MzEoZLMs7htkuG2eUNmvlzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg +hkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBABmQhcYL+rwYvVrnWH1LIbYHFhUX +X0kvvS6SmK7Y+Ea7uDLmhDe5F1QKYmcURJt/Gwhz0xOFOsBCo3Ab4MSIScm00WvI +3TIXXjLYF4LufXUGle7mdbWcT7SXfd0QVGWbTHDgbVc8SPHmQh3E4r2KVTacFry7 +nbzganMh05d7MTny +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3 +pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl +4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi +LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH +NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl +ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn +4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ +Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA +Wofw3VBcFpqgolnA +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22: + dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d: + c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25: + 85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a: + db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17: + 6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1: + 7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b: + 16:a2 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC +bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd +F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem new file mode 100644 index 0000000000..7b1c148861 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem @@ -0,0 +1,141 @@ +subject=/C=US/O=Test Certificates/CN=Valid DSA Parameter Inheritance EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=DSA Parameters Inherited CA +-----BEGIN CERTIFICATE----- +MIICMjCCAfGgAwIBAgIBATAJBgcqhkjOOAQDME8xCzAJBgNVBAYTAlVTMRowGAYD +VQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbRFNBIFBhcmFtZXRlcnMg +SW5oZXJpdGVkIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowaDEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYDVQQD +EzRWYWxpZCBEU0EgUGFyYW1ldGVyIEluaGVyaXRhbmNlIEVFIENlcnRpZmljYXRl +IFRlc3Q1MIGTMAkGByqGSM44BAEDgYUAAoGBAM6LNthcREHH6pqw2JQ5RbNJtGxm +vdadsOuJvn5b0NszIYMbSpJq13bSo8hLx5uVfEvkGdc0BpoYHdax/d+0xQcq1G2b +yKxnK+bYJbJhXuvvfEtQJXVoNRneAuD+UX5sAKja0T80w8kTA1/2K0vJMVwExuZb +OPhYbliV11/6bvxPo2swaTAdBgNVHQ4EFgQUAHhCMlJkgBTrJroWKe1llb8qHx8w +HwYDVR0jBBgwFoAUXSTuilUa8sbJssK/ivCySU86sxswFwYDVR0gBBAwDjAMBgpg +hkgBZQMCATABMA4GA1UdDwEB/wQEAwIGwDAJBgcqhkjOOAQDAzAAMC0CFA18iKub +KQypNt8MvheJ9svsobpgAhUAzoneZ6mJuBahNft2JyeO/YD0xes= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=DSA CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIDhjCCAu+gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo +b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBkRTQSBDQTCC +AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDf5RE+2um2bhDW6p3inTqwR71EAMdWyMxu +0DOEVkc1PfZUyOPCrbu6dfMvMwym+THsZ+PlmW38KW6qV4hyNOKOAJDgo6xkjsD2 +PB2PtMhKSDBef6qcdiYL2xNzM4OXwMWz5jf1Pv8VDdShLrox+KuH2AvMd5hCbqyT +mMK9Lns0CwIVAM8GBNj/i+sA6fZcB5Zz/ZZlOi8HAoGBAMzhfLDOkl9j7Di7RLrd +kjS2Xr5le9hxdwSd7GZ8OwTOtvNS/g+SVQLvThKrXZouL25W83Dsau2bIrioE8sM +nBbqwQqOISZEpQz5oOxi4HAxzGj1C4WkShtuefTB+TZaOG9O74RT32f9zPdZYo+c +nM0Qj1ykD5y3B+xg876vfjmYA4GEAAKBgBHyudi+QivFhL6RAhz8jDJyi6hsIdeI +ihS6MGV1wBw9gmllp6yQehQdhXvlU8Jg/LHPZ6/B8i4IMmo4x5FOO7w8CdD5cW0I +3ydJjQV02L1G0NtRpVO6h/P6XSWDT38KdeWp44mnQXdjQF8rLITSwXF4CttrVxnh +5xQMnsT2MjkOo3wwejAdBgNVHQ4EFgQUdBXVJBy9XmWIH+GLCX5/6hlITmEwHwYD +VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowFwYDVR0gBBAwDjAMBgpghkgB +ZQMCATABMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBBQUAA4GBADo7ch93LLrc7PUdW0XOP3+kP+Sywfqf2ApcmOLufmM60siw4rzA +1ssoITB2Rs3TPQKBiJzMdFKrq8tQ+8TcpXJ9M4SVfbAFB0P0vB4UC2Eg6iSnVJbB +tsZFj12gpqv5Gawo3yUTw34h3opDGSX1pz6eZUIZBFKpAX5gyIpiEBI2 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=DSA Parameters Inherited CA +issuer=/C=US/O=Test Certificates/CN=DSA CA +-----BEGIN CERTIFICATE----- +MIICFDCCAdOgAwIBAgIBAjAJBgcqhkjOOAQDMDoxCzAJBgNVBAYTAlVTMRowGAYD +VQQKExFUZXN0IENlcnRpZmljYXRlczEPMA0GA1UEAxMGRFNBIENBMB4XDTAxMDQx +OTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTzELMAkGA1UEBhMCVVMxGjAYBgNVBAoT +EVRlc3QgQ2VydGlmaWNhdGVzMSQwIgYDVQQDExtEU0EgUGFyYW1ldGVycyBJbmhl +cml0ZWQgQ0EwgZIwCQYHKoZIzjgEAQOBhAACgYBnjEfaDDaBZDn4GjcL8LvUE/1n +PUDInJLhOolUsPKXpXDQZBekp3yp6ScJZd+gpRz8BNo+3WJr8AztgVdPXSnICFkZ +DF+NiPD/jLbodQG+EApk31d7i2xW8FPOQ4i5CZkIPJCvAejZMl3tVgLPYNIBOuMK +K56RQfbHfN5smWMADqN8MHowHQYDVR0OBBYEFF0k7opVGvLGybLCv4rwsklPOrMb +MB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZSE5hMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAJBgcq +hkjOOAQDAzAAMC0CFQCoWW8xd7Yg7Dab60thCq9E7XK6KQIUbSLhvU0n9i47H9ed +1lleyyWGItg= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2: + 13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20: + 81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5: + 07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca: + ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4: + 07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f: + 7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01: + 38:8d +-----BEGIN X509 CRL----- +MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe +yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq +If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB +6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg +j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: dsaWithSHA1 + Issuer: /C=US/O=Test Certificates/CN=DSA CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:74:15:D5:24:1C:BD:5E:65:88:1F:E1:8B:09:7E:7F:EA:19:48:4E:61 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: dsaWithSHA1 + 30:2c:02:14:46:20:d2:4b:f9:cd:91:09:e9:71:6a:bf:d2:3e: + 88:5d:d0:47:ee:aa:02:14:25:ae:d3:6a:ca:3f:a4:54:41:d9: + a3:57:74:b3:48:ab:c5:9f:01:f9 +-----BEGIN X509 CRL----- +MIHYMIGZAgEBMAkGByqGSM44BAMwOjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl +c3QgQ2VydGlmaWNhdGVzMQ8wDQYDVQQDEwZEU0EgQ0EXDTAxMDQxOTE0NTcyMFoX +DTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZ +SE5hMAoGA1UdFAQDAgEBMAkGByqGSM44BAMDLwAwLAIURiDSS/nNkQnpcWq/0j6I +XdBH7qoCFCWu02rKP6RUQdmjV3SzSKvFnwH5 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: dsaWithSHA1 + Issuer: /C=US/O=Test Certificates/CN=DSA Parameters Inherited CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:5D:24:EE:8A:55:1A:F2:C6:C9:B2:C2:BF:8A:F0:B2:49:4F:3A:B3:1B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: dsaWithSHA1 + 30:2d:02:15:00:89:33:c4:9a:67:b6:d1:05:d2:fa:c6:db:09: + a9:f0:01:9c:cb:db:00:02:14:5a:f9:93:bc:2c:9d:fb:be:01: + 4b:f1:a2:fb:1d:93:dc:98:05:f4:ab +-----BEGIN X509 CRL----- +MIHuMIGuAgEBMAkGByqGSM44BAMwTzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl +c3QgQ2VydGlmaWNhdGVzMSQwIgYDVQQDExtEU0EgUGFyYW1ldGVycyBJbmhlcml0 +ZWQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFF0k7opVGvLGybLCv4rwsklPOrMbMAoGA1UdFAQDAgEBMAkGByqGSM44BAMD +MAAwLQIVAIkzxJpnttEF0vrG2wmp8AGcy9sAAhRa+ZO8LJ37vgFL8aL7HZPcmAX0 +qw== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem new file mode 100644 index 0000000000..6482e31df3 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem @@ -0,0 +1,104 @@ +subject=/C=US/O=Test Certificates/CN=Valid DSA Signatures EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=DSA CA +-----BEGIN CERTIFICATE----- +MIIDNjCCAvWgAwIBAgIBATAJBgcqhkjOOAQDMDoxCzAJBgNVBAYTAlVTMRowGAYD +VQQKExFUZXN0IENlcnRpZmljYXRlczEPMA0GA1UEAxMGRFNBIENBMB4XDTAxMDQx +OTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXTELMAkGA1UEBhMCVVMxGjAYBgNVBAoT +EVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYDVQQDEylWYWxpZCBEU0EgU2lnbmF0dXJl +cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQDk +i69AjBXXPXzuA5YSaMEgBegXyp50ZUuaVJcqeDPapcVy6jSzlGhC1Rv9d/CoQp5k +k5C2wgIxRhN6A2nMmC1WnV4jXyi/rX8P0GmVYlwaBypejHNJfv0SIo5V5VbprnIp +locIJ9d3Q/CGuAkKGxSl5gPmRXlN6fpTX8EJvX7FwwIVAIA/5PzzTOU+yw8XCipU +bNBnbA07AoGAZtQWiiCt/tEyn6V/p7PQ6nc/62yi5CnY2Lwh3Zr3zOW0d03f7Nqi +jJx1Elof/mbTEcLvhEPsqYhuTLpMPzWWx2f8mb0PmSkTkU7YAq7+a69QVqovHrUq +yO4iRyV4ayHdFD/O8BCB95YdnEG7XkSSXS7GHrjNaciPPzs+0E+iztkDgYQAAoGA +D1MorDgvPfMRYUHDPafWevf2ATLTIXEQFNXDPk3rGaKMr54IPUEK/8yiR4J6VqGj +/eyyi7c5tcqgGYWCm5ZoqLtrupCk4a1ltkQx0h4iL1NBT/qc+C/oLEMkFn4r2GT3 +ZPrweUgduQJtkDbM6zYP8jmrfSfs90dv3TPEfk3uJFejazBpMB0GA1UdDgQWBBSz +M9dRogQNRPudQPESYnGwU/ZpDTAfBgNVHSMEGDAWgBR0FdUkHL1eZYgf4YsJfn/q +GUhOYTAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDgYDVR0PAQH/BAQDAgbAMAkG +ByqGSM44BAMDMAAwLQIVAIynyNKZ1ECb+SGSaPMnJglzolkYAhRM/h+AuzCA19hw +xk52oNmdtPZA6g== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=DSA CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIDhjCCAu+gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo +b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBkRTQSBDQTCC +AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDf5RE+2um2bhDW6p3inTqwR71EAMdWyMxu +0DOEVkc1PfZUyOPCrbu6dfMvMwym+THsZ+PlmW38KW6qV4hyNOKOAJDgo6xkjsD2 +PB2PtMhKSDBef6qcdiYL2xNzM4OXwMWz5jf1Pv8VDdShLrox+KuH2AvMd5hCbqyT +mMK9Lns0CwIVAM8GBNj/i+sA6fZcB5Zz/ZZlOi8HAoGBAMzhfLDOkl9j7Di7RLrd +kjS2Xr5le9hxdwSd7GZ8OwTOtvNS/g+SVQLvThKrXZouL25W83Dsau2bIrioE8sM +nBbqwQqOISZEpQz5oOxi4HAxzGj1C4WkShtuefTB+TZaOG9O74RT32f9zPdZYo+c +nM0Qj1ykD5y3B+xg876vfjmYA4GEAAKBgBHyudi+QivFhL6RAhz8jDJyi6hsIdeI +ihS6MGV1wBw9gmllp6yQehQdhXvlU8Jg/LHPZ6/B8i4IMmo4x5FOO7w8CdD5cW0I +3ydJjQV02L1G0NtRpVO6h/P6XSWDT38KdeWp44mnQXdjQF8rLITSwXF4CttrVxnh +5xQMnsT2MjkOo3wwejAdBgNVHQ4EFgQUdBXVJBy9XmWIH+GLCX5/6hlITmEwHwYD +VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowFwYDVR0gBBAwDjAMBgpghkgB +ZQMCATABMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBBQUAA4GBADo7ch93LLrc7PUdW0XOP3+kP+Sywfqf2ApcmOLufmM60siw4rzA +1ssoITB2Rs3TPQKBiJzMdFKrq8tQ+8TcpXJ9M4SVfbAFB0P0vB4UC2Eg6iSnVJbB +tsZFj12gpqv5Gawo3yUTw34h3opDGSX1pz6eZUIZBFKpAX5gyIpiEBI2 +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2: + 13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20: + 81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5: + 07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca: + ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4: + 07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f: + 7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01: + 38:8d +-----BEGIN X509 CRL----- +MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe +yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq +If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB +6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg +j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: dsaWithSHA1 + Issuer: /C=US/O=Test Certificates/CN=DSA CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:74:15:D5:24:1C:BD:5E:65:88:1F:E1:8B:09:7E:7F:EA:19:48:4E:61 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: dsaWithSHA1 + 30:2c:02:14:46:20:d2:4b:f9:cd:91:09:e9:71:6a:bf:d2:3e: + 88:5d:d0:47:ee:aa:02:14:25:ae:d3:6a:ca:3f:a4:54:41:d9: + a3:57:74:b3:48:ab:c5:9f:01:f9 +-----BEGIN X509 CRL----- +MIHYMIGZAgEBMAkGByqGSM44BAMwOjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl +c3QgQ2VydGlmaWNhdGVzMQ8wDQYDVQQDEwZEU0EgQ0EXDTAxMDQxOTE0NTcyMFoX +DTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZ +SE5hMAoGA1UdFAQDAgEBMAkGByqGSM44BAMDLwAwLAIURiDSS/nNkQnpcWq/0j6I +XdBH7qoCFCWu02rKP6RUQdmjV3SzSKvFnwH5 +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem new file mode 100644 index 0000000000..f15bd0771a --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=GenerizedTime CRL nextUpdate CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIChTCCAe6gAwIBAgIBEDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfR2VuZXJpemVk +VGltZSBDUkwgbmV4dFVwZGF0ZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEA0XVL58x4St3rim3S8J3rxCFsMxohlbSezZsM8cVML4M8JqBA2RCpciqMXQ39 +ySW9Va2Mca/dkW/VCXATp9lG6hGPI9uvz5t42IPrYc/CdCMWnMZYPxolMOUJd8rD +fRjX+PnPtbMonefHo0LclKZkSs5hLEty2zpam33MNLS4L+0CAwEAAaN8MHowHwYD +VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFBSGFC5gYrSk +iBLjiqt4F6Lu0TAaMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl +AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAPS84jJFDI +dH5hR/XPr96LgBMhK72+PiP/6pgrKYilpao6qSJAf9vIsaWuebDcHUWFO3HcaIwl +Ku+ejli9fwEZmMcK1l4pj5vf5y4/wYBkWTvnpT65JUGdmuFic0n4c1jEPTkRZPl0 +FVsLl9iYRwWLJH9pq9gaOLZboV3w/HplDg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid GeneralizedTime CRL nextUpdate EE Certificate Test13 +issuer=/C=US/O=Test Certificates/CN=GenerizedTime CRL nextUpdate CA +-----BEGIN CERTIFICATE----- +MIICojCCAgugAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH0dlbmVyaXplZFRp +bWUgQ1JMIG5leHRVcGRhdGUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1 +NzIwWjBuMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx +QzBBBgNVBAMTOlZhbGlkIEdlbmVyYWxpemVkVGltZSBDUkwgbmV4dFVwZGF0ZSBF +RSBDZXJ0aWZpY2F0ZSBUZXN0MTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AJ/BW+Rh38aEJHLhyF2rFsHXLa//8UzBuAOpoiJSzFc4gk4FZMbUeMNc7JEG8d3C +1iCI6ksf+VPWuZsGVLU8GB1Y01lFSaXPp5jmmDeILhOIhmh7/xGJOC0bftMHU2Ub +STCDgX+yxmVEzoPNpyWc+NIOUxF4dGZcIVeFKPB6cYQlAgMBAAGjazBpMB8GA1Ud +IwQYMBaAFBSGFC5gYrSkiBLjiqt4F6Lu0TAaMB0GA1UdDgQWBBRAXKg9gLMI1s2l +71T3v0X4NAK8LzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC +ATABMA0GCSqGSIb3DQEBBQUAA4GBAJODcolMrKSSYYUM8i0NqwfexPIPQ6X+U/WU +fh7Q4VMoPii7s2hU2MHjdWM/80GnDbNLmNqWBWqymgR+lkYvyvcMSsXr7SC7ZN7T +PKpw3Hi2bnOFDJDKA/MGWsX+cehwuRKlxmwep3r23H0ctmF6bYpcVusN6NYXVHzt +jU0bM66N +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=GenerizedTime CRL nextUpdate CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Jan 1 12:01:00 2050 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:14:86:14:2E:60:62:B4:A4:88:12:E3:8A:AB:78:17:A2:EE:D1:30:1A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + ca:4b:74:4e:30:1a:c3:6c:07:22:c9:4e:5b:2a:a1:2b:9c:7a: + 82:20:53:df:a4:45:75:15:ab:eb:5a:c2:e8:f2:bf:57:f7:d0: + 2e:b1:cc:10:56:0c:be:b2:15:72:e3:b4:c8:0f:90:fd:ce:57: + 9c:1d:b6:cb:dc:4d:80:64:ae:49:4f:05:d8:96:1b:a7:ab:aa: + 22:61:65:57:63:1b:7f:9c:81:f1:e5:cf:06:b1:6c:00:a1:36: + 28:26:97:2f:ef:74:37:e1:89:7e:0f:c8:ec:df:ac:91:f2:e3: + f5:01:a5:27:87:dd:29:b9:35:d5:e1:99:91:a5:07:31:24:80: + 0c:7d +-----BEGIN X509 CRL----- +MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH0dlbmVyaXplZFRpbWUgQ1JM +IG5leHRVcGRhdGUgQ0EXDTAxMDQxOTE0NTcyMFoYDzIwNTAwMTAxMTIwMTAwWqAv +MC0wHwYDVR0jBBgwFoAUFIYULmBitKSIEuOKq3gXou7RMBowCgYDVR0UBAMCAQEw +DQYJKoZIhvcNAQEFBQADgYEAykt0TjAaw2wHIslOWyqhK5x6giBT36RFdRWr61rC +6PK/V/fQLrHMEFYMvrIVcuO0yA+Q/c5XnB22y9xNgGSuSU8F2JYbp6uqImFlV2Mb +f5yB8eXPBrFsAKE2KCaXL+90N+GJfg/I7N+skfLj9QGlJ4fdKbk11eGZkaUHMSSA +DH0= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem new file mode 100644 index 0000000000..df9cce1587 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem @@ -0,0 +1,119 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid GeneralizedTime notAfter Date EE Certificate Test8 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBCDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwIBcN +MDEwNDE5MTQ1NzIwWhgPMjA1MDAxMDExMjAxMDBaMGwxCzAJBgNVBAYTAlVTMRow +GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFBMD8GA1UEAxM4VmFsaWQgR2VuZXJh +bGl6ZWRUaW1lIG5vdEFmdGVyIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuN3xhLcTamwSrg/7HDqFvodu01X/59 +oI6coV90K3bmWeFUWcw5ZNfns6jjgQE1kexWBJIFACT3kFzmEdQ0Diht+5/uEeSO +PkOZPDfVFZRsZlKiP4F5JRag4K4+Wfrt8M1vzLcj/TRtui1jpwyXKD/Zjtsye3j8 +MayBGrcgQWbXAgMBAAGjazBpMB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1M9+a +FZTHMB0GA1UdDgQWBBSikE0CsoDg9dGVN7xsWnkXPID8kzAOBgNVHQ8BAf8EBAMC +BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBABG3 +77d7XM2ib5Bv0aVQKTDlDZr1fzLxv0CeJt/o6io7LL8Z9gC0ZdoeiB1nK+unnlu0 +GFMygOHAwKUkKMkkChIGFyYSEPrqQV5811YETya4JBE+Ou3GQ2oKNNL49+HP2yTm +aWT5eiTEg86gF52K2nPXRNaNGYHgT1+Ez2HeI4pO +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem new file mode 100644 index 0000000000..8e57181bd2 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem @@ -0,0 +1,119 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid GeneralizedTime notBefore Date EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBBTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwIBgP +MjAwMjAxMDExMjAxMDBaFw0xMTA0MTkxNDU3MjBaMG0xCzAJBgNVBAYTAlVTMRow +GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UEAxM5VmFsaWQgR2VuZXJh +bGl6ZWRUaW1lIG5vdEJlZm9yZSBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3Q0MIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC95eHxRXrYP2LBGJtgztiha9W1jRBa +tkZEgkmukmElQlc+Nz/uh5pRNpJbg7b+3Mv6XKMr0qncHxRIaap0sD3MY8CQOeWi +IHCEtT5XGFy6B6eGpqfdejjnvN4MHVdd9uBaxf0Rbo7JlxXLCT5ZrYMNbK128Toq +qhp0MV1GpfZ1DwIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPf +mhWUxzAdBgNVHQ4EFgQUeJSUUvGhyTgLeYzfK/SqlRZsvacwDgYDVR0PAQH/BAQD +AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAi +TR2cFTtIDfG39B3eWiPgzxJebkwj3E1ZcxAxzGcYHoSScb79ueJ4ERjgskZWO7ag +oNPHokDXVScVCIjeYTG540+aQNawBa6L+HhIMNIuzHw190nKXMOSqPmNk4vbYPwk +32dtRrn1hIUDujUwTkW5daFxJ25HjyUfVZCMQuwXqA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem new file mode 100644 index 0000000000..ca7dc27428 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem @@ -0,0 +1,116 @@ +subject=/C=US/O=Test Certificates/CN=indirectCRL CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD +UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV +EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t +vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD +ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki +QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA +tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc +XHLxTJCox/SL +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid IDP with indirectCRL EE Certificate Test22 +issuer=/C=US/O=Test Certificates/CN=indirectCRL CA1 +-----BEGIN CERTIFICATE----- +MIICiDCCAfGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM +IENBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwVmFsaWQg +SURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDIyMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2H58UKDg/MSuu2itx5AvPDHHk0lMX7Bu3 +X3Vok97lKf6HAIseNFrZecQGe7RtIm3ICK1WFaq9tKE3MutSXNCcZ+CrPj0H/pzt +jlFAlRN1jpTCSj3rVVAUpL9BCHMWrZ9qf8FVWgWI3YMWw7cgqC45VZxRYN0zyyGm +pz4tN6pyTwIDAQABo2swaTAfBgNVHSMEGDAWgBRswRRf2Kct4IaTGVwL8Em5JVvo +HDAdBgNVHQ4EFgQU7rkQZsqGMoKvXfmcukPIoHnHBC0wDgYDVR0PAQH/BAQDAgTw +MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBqHSrq +s+MMY0Cfl9rlm+QyuARye7sTvTM5fQkOs/K3US5mAMfA+ei6Prb+u7FqxUya+Y9s +6Q0AeDutkLkdJWPbJd7B+HsQCT/fWFvYE74YOOu5DTmtII5zVS5bildOaE/xTw2z +stQtRX9MHe2JVh7WK/CA+TghpnYDlW+IG/iXjw== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0.... +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5: + c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28: + a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2: + 6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13: + 25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e: + 9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89: + a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e: + 87:e8 +-----BEGIN X509 CRL----- +MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy +MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ +uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF +AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF +lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b +IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem new file mode 100644 index 0000000000..d069a80b26 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem @@ -0,0 +1,137 @@ +subject=/C=US/O=Test Certificates/CN=indirectCRL CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD +UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV +EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t +vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD +ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki +QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA +tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc +XHLxTJCox/SL +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=indirectCRL CA2 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD +UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE +/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW +Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80 +7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD +VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y +YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA +nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc +0meAGzOu5kHt +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid IDP with indirectCRL EE Certificate Test24 +issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2 +-----BEGIN CERTIFICATE----- +MIIC4DCCAkmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM +IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwVmFsaWQg +SURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDI0MIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfPjamOqOBJ5I2GqRFerJm5J5EGXpY0CGA +2i3yoxIxrL4B6vuDMX7x2Zh7+JRcggTd6xwFetZeJWWLahi51RWjfa3RKfwa3/wJ +yxCvJJfDAdr0zZE2NjXSKDWBdtYxpqvOo/8TCYIvrzKF6kQG44bZ6biAIC30T9vj +Kezab2UgwwIDAQABo4HCMIG/MB8GA1UdIwQYMBaAFMGvgg/V008Q8DFiPFiJuYp0 +u5wBMB0GA1UdDgQWBBTmjKLn116swFbGYjGlN4lIL3ZOzTAOBgNVHQ8BAf8EBAMC +BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMFQGA1UdHwRNMEswSaJHpEUwQzEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQD +Ew9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEAe+QvzalpHWA4qr6K +kSqLzdboAOHGA4+9IYaqUm3rczXhCZrk9cJmWTX7l3grLw4NMMGYkpvy+K/ZRTo5 +7qatlnIg1IxOuR/FQjQUZa+qvhv261Dlk3dH+QlApPxEZyjwCmu9qlXuQaLRWPVM +Q5FPPtw73O3MCtrfR0D6/mS5zoY= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0.... +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5: + c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28: + a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2: + 6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13: + 25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e: + 9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89: + a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e: + 87:e8 +-----BEGIN X509 CRL----- +MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy +MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ +uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF +AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF +lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b +IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem new file mode 100644 index 0000000000..9861f0f70b --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem @@ -0,0 +1,137 @@ +subject=/C=US/O=Test Certificates/CN=indirectCRL CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD +UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV +EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t +vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD +ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki +QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA +tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc +XHLxTJCox/SL +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=indirectCRL CA2 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD +UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE +/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW +Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80 +7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD +VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y +YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA +nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc +0meAGzOu5kHt +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid IDP with indirectCRL EE Certificate Test25 +issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2 +-----BEGIN CERTIFICATE----- +MIIC4DCCAkmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM +IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwVmFsaWQg +SURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDI1MIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDf0B2LJSDNBUNNk9cwJtpviFO4J0nIRbuc +O6UsC4jXoQrcgUkZOOcYIT82Yz33dg4bv6K2EXqzJwIfBGq6JGvHrAl3djShH1wO +qasa6FN6vCnmb2Wo1+7KpwCSlDAWAYhNTcb8tGMYGiOGd4FMhEdA/y4sRqmuJEOZ +Uw7DglXVewIDAQABo4HCMIG/MB8GA1UdIwQYMBaAFMGvgg/V008Q8DFiPFiJuYp0 +u5wBMB0GA1UdDgQWBBSQlj00h5t1ic1A+gEB0E3NRYLbqjAOBgNVHQ8BAf8EBAMC +BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMFQGA1UdHwRNMEswSaJHpEUwQzEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQD +Ew9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEAHIf/ZJSSoUe0ahpi +VXce88mnP2i2KJBuOPFVGyJHSY2wGKtm02kgghm1bSdwVzXOLwTLa223rjc+cZcD +7lYleZJEOeEnibK+8EgTf0Z/D6VnmIsQD/HHhpkmvB69NWVETkG1VtkmEHkaNDdQ +2WsP41gX0VujQE2K3UK1KDPPNsI= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0.... +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5: + c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28: + a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2: + 6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13: + 25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e: + 9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89: + a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e: + 87:e8 +-----BEGIN X509 CRL----- +MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy +MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ +uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF +AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF +lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b +IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem new file mode 100644 index 0000000000..58a9b915a7 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem @@ -0,0 +1,115 @@ +subject=/C=US/O=Test Certificates/CN=Long Serial Number CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVTG9uZyBTZXJp +YWwgTnVtYmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1mCudsqPk +irIFe3XQBPzhyyRQyreJH26B3Yg6kYq1Obd6I1j7Ber4BDVyCCAvnS6rNkzsbaJf ++sWVf27Vug0uhasZx/3XGc0DbhZNr5iYknU1LEh8Ccq1Oymq0LPolAHqaJNOaYpb +K5Fq0P0RDcBK/ENgmtdY0CJrR7MWUTttqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU3z1I++My57kmUova7PgJT7PH +36YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHJqd5P8eBN05uB3+fPCfVjO +qX7csbAx6X1LNibOoWDlB9Y6fElHQS+i8HDPmIIdC7N/9xoCW/fhzZqb6VKDQXNM +9pwf6jOJKnNQOaQISdoIvj2Jn1FoE4Bo1SGGQo6ZgCWfXPA1TE93BXTua9Oa+FZ5 +fhG3y3gMYLC6ciKePSDf +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Long Serial Number EE Certificate Test16 +issuer=/C=US/O=Test Certificates/CN=Long Serial Number CA +-----BEGIN CERTIFICATE----- +MIICnzCCAgigAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhIwDQYJKoZIhvcNAQEF +BQAwSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w +HAYDVQQDExVMb25nIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcN +MTEwNDE5MTQ1NzIwWjBiMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0 +aWZpY2F0ZXMxNzA1BgNVBAMTLlZhbGlkIExvbmcgU2VyaWFsIE51bWJlciBFRSBD +ZXJ0aWZpY2F0ZSBUZXN0MTYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKtO +3auJrAWhozm7l0Z1T0lT1bIb6AWcsrX5hHI03QNjnAsiR6TwhLzknLevcqY1FMOd +3CQ0YGisyl+jQn6u0vn8gQbPvlN+HaEM3KhBED8jqLLcnspGAS6f8oi1dpWNK0fL +NrOz4DYCp7kQVDXIBmifayg87zrHaz6X4lMhxgxJAgMBAAGjazBpMB8GA1UdIwQY +MBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMB0GA1UdDgQWBBTJunkp/mY4QxI0f3ob +s65e11IvhjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB +MA0GCSqGSIb3DQEBBQUAA4GBAENEAZeCPJoLGi9JOR7np7MvjQtU9NWutm2iMthF +MYTKIG9CmYoDbDGl689tIyEHOSJO576cpCvOoORWfvPNFqUGaDKjTeZ5r43Uq4kM +G2GcseomSZC95SvZhsH5ZrLkdJLSrOe1B4RiNQV6Dx/EgDr0t/CL0bTNhh5l72LJ +8cNi +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Long Serial Number CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:DF:3D:48:FB:E3:32:E7:B9:26:52:8B:DA:EC:F8:09:4F:B3:C7:DF:A6 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 7F0102030405060708090A0B0C0D0E0F10111213 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 7a:20:63:9e:55:8d:d1:c3:ab:3f:37:97:45:61:6c:a3:21:9f: + 83:bd:ce:63:48:7c:a8:ca:36:15:02:3b:1b:51:66:e0:23:df: + de:ea:86:72:e6:92:9a:63:c7:0e:31:30:ee:62:83:1c:3e:23: + 20:29:23:ec:aa:2e:f6:18:ba:94:45:e7:af:5e:44:0d:3c:2b: + 13:6b:8c:7c:7a:6d:a2:f7:b5:9e:ea:d6:f9:9d:4d:31:91:8f: + ea:4d:b7:ef:5f:5a:2e:63:fc:37:02:5a:db:a6:3e:de:6b:a7: + 84:83:d2:a7:5b:e2:07:85:9f:0a:03:f0:33:53:eb:a3:d1:d4: + 16:02 +-----BEGIN X509 CRL----- +MIIBeTCB4wIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJl +ciBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA1MDMCFH8BAgMEBQYH +CAkKCwwNDg8QERITFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8G +A1UdIwQYMBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAHogY55VjdHDqz83l0VhbKMhn4O9zmNIfKjKNhUCOxtRZuAj +397qhnLmkppjxw4xMO5igxw+IyApI+yqLvYYupRF569eRA08KxNrjHx6baL3tZ7q +1vmdTTGRj+pNt+9fWi5j/DcCWtumPt5rp4SD0qdb4geFnwoD8DNT66PR1BYC +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem new file mode 100644 index 0000000000..16037a0097 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem @@ -0,0 +1,115 @@ +subject=/C=US/O=Test Certificates/CN=Long Serial Number CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVTG9uZyBTZXJp +YWwgTnVtYmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1mCudsqPk +irIFe3XQBPzhyyRQyreJH26B3Yg6kYq1Obd6I1j7Ber4BDVyCCAvnS6rNkzsbaJf ++sWVf27Vug0uhasZx/3XGc0DbhZNr5iYknU1LEh8Ccq1Oymq0LPolAHqaJNOaYpb +K5Fq0P0RDcBK/ENgmtdY0CJrR7MWUTttqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU3z1I++My57kmUova7PgJT7PH +36YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHJqd5P8eBN05uB3+fPCfVjO +qX7csbAx6X1LNibOoWDlB9Y6fElHQS+i8HDPmIIdC7N/9xoCW/fhzZqb6VKDQXNM +9pwf6jOJKnNQOaQISdoIvj2Jn1FoE4Bo1SGGQo6ZgCWfXPA1TE93BXTua9Oa+FZ5 +fhG3y3gMYLC6ciKePSDf +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Long Serial Number EE Certificate Test17 +issuer=/C=US/O=Test Certificates/CN=Long Serial Number CA +-----BEGIN CERTIFICATE----- +MIICnzCCAgigAwIBAgIUfgECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEF +BQAwSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w +HAYDVQQDExVMb25nIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcN +MTEwNDE5MTQ1NzIwWjBiMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0 +aWZpY2F0ZXMxNzA1BgNVBAMTLlZhbGlkIExvbmcgU2VyaWFsIE51bWJlciBFRSBD +ZXJ0aWZpY2F0ZSBUZXN0MTcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMmE +I5A7RJ2dsFgrNGpTKPbTNkMlTeSA0APdg25ehg2jBXRX32Y18+LwdacaCcVFxWIK +z16aAT/8U/rmoP3+dPkVosnTcbJamr5D5rE2D+QWqHI+4Q0saPg91CxVTkLhxU9R +Ck1bLkVggnQngeaqCNLIAHuP8N44+V3Pytm+HddRAgMBAAGjazBpMB8GA1UdIwQY +MBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMB0GA1UdDgQWBBR7xbA1RfoohD3hr0Lj +5WUT+PO6hDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB +MA0GCSqGSIb3DQEBBQUAA4GBAGGq1mqUIqGhHvuMEEdcLDESbvJ2tSMigxNjqvGi +zWc/CpxqrWchwxA3zF1/M54g1Shi2IAxIp7lfBJbh6X8o/8Dzhc7Mff3HrrqTrC9 +NUuJEFGx13X8FRoEPgCKkn/kl8fDLfTvJt/Piww6fE8s+5iiXwqaFwGJjSgz0UqW +re5l +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Long Serial Number CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:DF:3D:48:FB:E3:32:E7:B9:26:52:8B:DA:EC:F8:09:4F:B3:C7:DF:A6 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 7F0102030405060708090A0B0C0D0E0F10111213 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 7a:20:63:9e:55:8d:d1:c3:ab:3f:37:97:45:61:6c:a3:21:9f: + 83:bd:ce:63:48:7c:a8:ca:36:15:02:3b:1b:51:66:e0:23:df: + de:ea:86:72:e6:92:9a:63:c7:0e:31:30:ee:62:83:1c:3e:23: + 20:29:23:ec:aa:2e:f6:18:ba:94:45:e7:af:5e:44:0d:3c:2b: + 13:6b:8c:7c:7a:6d:a2:f7:b5:9e:ea:d6:f9:9d:4d:31:91:8f: + ea:4d:b7:ef:5f:5a:2e:63:fc:37:02:5a:db:a6:3e:de:6b:a7: + 84:83:d2:a7:5b:e2:07:85:9f:0a:03:f0:33:53:eb:a3:d1:d4: + 16:02 +-----BEGIN X509 CRL----- +MIIBeTCB4wIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJl +ciBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA1MDMCFH8BAgMEBQYH +CAkKCwwNDg8QERITFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8G +A1UdIwQYMBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAHogY55VjdHDqz83l0VhbKMhn4O9zmNIfKjKNhUCOxtRZuAj +397qhnLmkppjxw4xMO5igxw+IyApI+yqLvYYupRF569eRA08KxNrjHx6baL3tZ7q +1vmdTTGRj+pNt+9fWi5j/DcCWtumPt5rp4SD0qdb4geFnwoD8DNT66PR1BYC +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem new file mode 100644 index 0000000000..84006ae155 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem @@ -0,0 +1,119 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Name Chaining Capitalization EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=GOOD CA +-----BEGIN CERTIFICATE----- +MIIChzCCAfCgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dPT0QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBrMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQDA+BgNVBAMTN1ZhbGlkIE5hbWUgQ2hh +aW5pbmcgQ2FwaXRhbGl6YXRpb24gRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAKKjNiRlU/b/0kN4KqqM8GCc/XOogauyq9LV +K5+grKdIS9Hyb8R/YDK9ilsjzU/nYKRdOvMfUs5NYR7H1UhBJ9GMfo5ZJE7zbV6X +COFLvi5STvmS1FIA1COnOuW0gCI37YuvoILvExZV0MlgOP+maCzYWDsffOoGujMJ +/tdFTmufAgMBAAGjazBpMB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1M9+aFZTH +MB0GA1UdDgQWBBRM7vD5b8j3gITFAx7LZDp4/fhR8DAOBgNVHQ8BAf8EBAMCBPAw +FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAFXVuDJL +2xAKqFtse2QAF5GxQIa8VuJCdOuNF/KCTNQ65dWDvBRYuc1O2O0NaeN71B7vbBaR +fLAM9acjYghtDQd22u/dErDTmKIS2IEY4Z3P1eGlLcNhpV1DsIAe6cQLgm+fY8jS +1m63U2bt0Fs4nefPvxpkWCeLXOCr7ewDM2Uc +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem new file mode 100644 index 0000000000..224a2cebb5 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=UID CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcTCCAdqgAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo +b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBlVJRCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyt5HBgA3udSw3/TzrG90sAN/8wyl +eDWkGAUc1kYzyzCyNNRMYjTspi391pcr4incsgjvOY3Xc6YT8ajMzFw0R+ur6hbl +oTYcbzdNNZGzr2w66IMDMntKTpZ2PpUH4XoCvJmNc4xIohL60RqPrGofttwpyfS+ +gxXCpVjsfywnR40CAwEAAYICBSCjfDB6MB8GA1UdIwQYMBaAFPts1C2Bnsonep4N +sDzqmryH/0nqMB0GA1UdDgQWBBTSZXzCH9kXQYjs1VhEmgfiHMx4FTAOBgNVHQ8B +Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEFBQADgYEAJZCA4IQ1YgY/8DcUafiLUKwirRsP5C7cCdMr +0POcMDPmF5wyw0VuUGqHnAFEvc3VXjHv7KPJjlq0BPN6Zv/mWpumTOEMZNM8ik5u +2NwuDmexmwkXHhK63MVV+iVsef6nWxx2Xf3ahbbLQgFnMIbLeNzXpIPzyFlQK0V/ +ABcwlzg= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid UIDs EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=UID CA +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBATANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBlVJRCBDQTAeFw0w +MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVTMRowGAYD +VQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfVmFsaWQgVUlEcyBFRSBD +ZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA61z4 +7chYRZr2FRLh+/4cPggLdSkDgQkdFCuflGzLsN21pmtZue3b7qADRSFwnmP5wQ9L +dOEPzufTiCt3wcPEHCaBCCN0Rr+8iWwww76h7HE0jjU9o7IHje6qAOhc7THvZS3s +kiVb9Nt1J1/KSPM3oltTENEyjuLaXbI9XIYY/p0CAwEAAYECBSCjazBpMB8GA1Ud +IwQYMBaAFNJlfMIf2RdBiOzVWESaB+IczHgVMB0GA1UdDgQWBBRMlbVlFGZ1ahlQ +H8QnvM3PBG+n+DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC +ATABMA0GCSqGSIb3DQEBBQUAA4GBALXKf4ViSQp8LaI9MVvNFJ5b/YG4jXBpGXXp +htEyinitf4scZy55fdtqANeG0Ph5y7633SFANNBWS+enHNQu3Nti8boG52chWIzf +/8vANjunWkn/PVQrI6jXORTFNG+Ia/baFDbpKyjIta1g79QVXdqi7xQ9Neo6r81u +uhx3rn/V +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=UID CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D2:65:7C:C2:1F:D9:17:41:88:EC:D5:58:44:9A:07:E2:1C:CC:78:15 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 69:bb:bb:27:78:93:70:70:bc:06:5b:eb:d0:3a:9e:78:3a:e3: + dc:8a:0f:8d:77:93:e1:6a:c9:83:f5:64:f8:0c:5f:27:0b:1f: + a9:83:a3:c4:f3:87:ea:24:f8:79:41:a4:44:56:1b:93:78:bd: + e5:83:d9:60:2f:2e:d0:92:1b:41:2a:90:0c:9f:5f:90:1c:07: + 88:98:b4:6b:cb:78:98:da:30:d2:37:d2:44:19:c7:d3:fc:9e: + 65:89:2e:f4:77:7d:f5:9f:4b:f7:72:3f:32:d9:90:d8:52:0a: + dc:ce:51:81:21:f5:25:59:02:11:34:8f:52:24:ad:0c:0d:69: + 2f:2d +-----BEGIN X509 CRL----- +MIIBMzCBnQIBATANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBlVJRCBDQRcNMDEwNDE5MTQ1 +NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU0mV8wh/ZF0GI7NVY +RJoH4hzMeBUwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAabu7J3iTcHC8 +Blvr0DqeeDrj3IoPjXeT4WrJg/Vk+AxfJwsfqYOjxPOH6iT4eUGkRFYbk3i95YPZ +YC8u0JIbQSqQDJ9fkBwHiJi0a8t4mNow0jfSRBnH0/yeZYku9Hd99Z9L93I/MtmQ +2FIK3M5RgSH1JVkCETSPUiStDA1pLy0= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem new file mode 100644 index 0000000000..a2b8d417c1 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem @@ -0,0 +1,119 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Name Chaining Whitespace EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICiDCCAfGgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEb +MBkGA1UEChMSVGVzdCAgQ2VydGlmaWNhdGVzMRQwEgYDVQQDEwtHb29kICAgICBD +QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE8MDoGA1UEAxMzVmFsaWQgTmFt +ZSBDaGFpbmluZyBXaGl0ZXNwYWNlIEVFIENlcnRpZmljYXRlIFRlc3QzMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnqTq65lI16x9K+4TSv4Kj5oTA79gcaQ1V +o1Pov5lyumlF8AxDNIBczzkCmRw0G5yTUG0GK47M9jfAWj3nlYjtQY324wjwcRYX +TqFCcPr4Aw4VdxQ58+hE/Dve+Q9KgH8XJ7KELJoiN9dCmYcTXnkW+ZNnPYGpAtf8 +2QXDyCwO5QIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWU +xzAdBgNVHQ4EFgQU7dgiWtJswE2iwyEUO2QMiVBSZGEwDgYDVR0PAQH/BAQDAgTw +MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBYEf4J +9G7Vag3A4nNIKYSRK1FULS5V4XEpbh7h12s4NjEulFrxn9ZKwSbElwar9CYZIOJl +sW77M3xjTub/6l2DwT+pBp8smD4WdcN8D9453M0nY3+0de6hU09COr7/AWVzbxzd +UEHnXWDZu5PRgbj14UJKrqBzQiZAbMRx5b8sAw== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem new file mode 100644 index 0000000000..771472db84 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem @@ -0,0 +1,119 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Name Chaining Whitespace EE Certificate Test4 +issuer=/C=US/O=Test Certificates /CN= Good CA +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEd +MBsGA1UEChMUVGVzdCBDZXJ0aWZpY2F0ZXMgICAxEzARBgNVBAMTCiAgIEdvb2Qg +Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBnMQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPDA6BgNVBAMTM1ZhbGlkIE5h +bWUgQ2hhaW5pbmcgV2hpdGVzcGFjZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtFVzL02aRX103n0ddypzMXb4EZ6au9/l +Cf7wLoF0u6IHixT05tw1feYoDt23vnfJKOjwqqcqnshCi0k949dyrQeTAnFQXsqp +aPj1xjdYq3ohEKTObPeGRiyinhMAEZHxTLUyIW3hmjooktV827Bg1l9wIozE3pvw +XyRbd3rAkFECAwEAAaNrMGkwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oV +lMcwHQYDVR0OBBYEFHeQkes2kV9nbiKaIemSfMP1WNMPMA4GA1UdDwEB/wQEAwIE +8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAW5OD +GSTMa2KPAQpLgH0nrncEH6jRAkyk6il7E2N0bz1KJP1itGDbzdrNTtMTs0rD9waM +K3JrQGfALXvoj0+PD+Z/AbrpO3WKKuDkKOjIPt4Yyf59K36K0ZLKk6zID6ilR6Em +0BaM9OimGTwDaij8MOU8FMuwXFgOu/wPciMU18s= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem new file mode 100644 index 0000000000..9a22bdd53d --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem @@ -0,0 +1,114 @@ +subject=/C=US/O=Test Certificates/CN=Negative Serial Number CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfzCCAeigAwIBAgIBETANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZTmVnYXRpdmUg +U2VyaWFsIE51bWJlciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw5yD +rVmP3dVETqSrKKVXvXWAnpc5K5Xh6mhHBvy/YpoERigE1MP8A/6eE3mY6OnMJVAh +QJRWniYBrIDg5zR873cTAbn1O7MwSfs3LLxEO81iAf2k4nFFxAGtQp5AUwx0cQVK +8oMVty8BEcAkazVA87HQgpycQySqDLmklHNqkncCAwEAAaN8MHowHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJCMpyNNS/fqobISh7nA +0w4zWMuCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBYz9xXPhMcniA6W0RG +0A59JbhJJpAZmnLBusWQjWYIZsVit1M1OXc/zDGAP/ik3blednL+t+wbdJc1qg9m +4bgoXS14lg+6IGMF2VWcoKkDJDIHpkVrdQc9WGNm0qqPyHGW0ggbi5VrBv1potkF +xBtl1WkY3ZTLuI71pJ15ebGZ/A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Negative Serial Number EE Certificate Test14 +issuer=/C=US/O=Test Certificates/CN=Negative Serial Number CA +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgICAP8wDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQDExlOZWdhdGl2ZSBT +ZXJpYWwgTnVtYmVyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD +VQQDEzJWYWxpZCBOZWdhdGl2ZSBTZXJpYWwgTnVtYmVyIEVFIENlcnRpZmljYXRl +IFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyaurbJH9ZU3CCKl1 +jedpYcQntOZVxoXqpoC11EXMnSgUPLtVfWuoClVqZaOYnkz2hX1aomA+hGT62UOh +f1CSywco7QnAAlWwu42zT5iJabaCruBWz/PqdvWkSWzcrMfuyybPEsil8hgaN0yl +VNXZvUwPUtfwUndR4UltFdPmJPUCAwEAAaNrMGkwHwYDVR0jBBgwFoAUkIynI01L +9+qhshKHucDTDjNYy4IwHQYDVR0OBBYEFB28YeqZDPts27Viz5LcntslD4A4MA4G +A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN +AQEFBQADgYEAJeShrxatt7S4H209vnaUvVpExfX57AGRT2t2QVz6ztEWMt+BGBQN +FUeSeU03d2ot+fwxxvrmUcG9ofkKIP69tTUgObSRfwC39UjKModur68cBjYqscl8 +d5fI2pAS/xXHK/+OoBBAmHgAiuMMbWhQn7ZCI0qJT/t4eHAjQlh5/SI= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Negative Serial Number CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:90:8C:A7:23:4D:4B:F7:EA:A1:B2:12:87:B9:C0:D3:0E:33:58:CB:82 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: -01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 7d:55:77:de:74:f8:ae:25:02:35:ad:53:74:92:6f:89:f9:ed: + b3:4c:bf:a7:70:b1:0e:20:4a:c3:03:7f:a9:99:01:5b:5a:a0: + 67:df:cd:74:08:d6:80:2d:ca:f7:c0:be:9e:68:35:d3:79:89: + 45:a7:6e:f2:75:86:e5:28:d0:00:2c:96:14:03:96:eb:75:d0: + fa:a7:78:f8:50:e7:70:6b:cc:1a:9d:8a:30:1e:c5:5d:22:a9: + ef:dd:07:48:85:87:d6:2f:15:02:d0:07:81:2c:bf:fa:c6:ce: + 49:03:44:08:37:f3:f3:79:b1:61:ab:c7:f9:21:29:3f:4f:cb: + 36:c0 +-----BEGIN X509 CRL----- +MIIBajCB1AIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU5lZ2F0aXZlIFNlcmlhbCBO +dW1iZXIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgH/Fw0w +MTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFJCMpyNN +S/fqobISh7nA0w4zWMuCMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAH1V +d950+K4lAjWtU3SSb4n57bNMv6dwsQ4gSsMDf6mZAVtaoGffzXQI1oAtyvfAvp5o +NdN5iUWnbvJ1huUo0AAslhQDlut10PqnePhQ53BrzBqdijAexV0iqe/dB0iFh9Yv +FQLQB4Esv/rGzkkDRAg38/N5sWGrx/khKT9PyzbA +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem new file mode 100644 index 0000000000..88bd982c69 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem @@ -0,0 +1,111 @@ +subject=/C=US/O=Test Certificates/OU=No issuingDistributionPoint CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIChDCCAe2gAwIBAgIBTDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFIxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUGA1UECxMeTm8gaXNzdWlu +Z0Rpc3RyaWJ1dGlvblBvaW50IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQC+7yNDGaK8AFxVWkjA1JkTRG1Ze29lXbN/99oD+Gw2q2C9yJHbDB2tcVCeM2wJ +8pbpFvzPv6TEGbmHVkvO32/pu/fhM5cGgzsZxXvEaQi6+Kb0nasof2lHEnO5T8BO +HGaef+bGmAPcnJWU3QPU6Ni7kv0b9HLPi9BNFdaUGU+65wIDAQABo3wwejAfBgNV +HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQULBOPxQ4nI9HR +Qd/fYYS5T/Ey7DEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD +AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAItv1utyf+4Z +3pR/ExgGC7oEyQ8VZYYdil+JMtcrqExHY/zVEbgu4Cq1JTu3uC2MGAYO7BD2aVGI +0g9Ij/ikkEZ2G2mW3Lqar9JL/57BgPyEwIlp9czHYCx4M0tewGXoBeQdmeHK6O+9 +YJS+QJZz/98L8lfp6mHuGoZid1McgVLT +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid No issuingDistributionPoint EE Certificate Test10 +issuer=/C=US/O=Test Certificates/OU=No issuingDistributionPoint CA +-----BEGIN CERTIFICATE----- +MIIDFTCCAn6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAsTHk5vIGlzc3VpbmdE +aXN0cmlidXRpb25Qb2ludCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaMGsxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFA +MD4GA1UEAxM3VmFsaWQgTm8gaXNzdWluZ0Rpc3RyaWJ1dGlvblBvaW50IEVFIENl +cnRpZmljYXRlIFRlc3QxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuYMU +46Qzp+krE4xNOAL0bJYv9lOdlPMvMyU1ObejWulK7jGlVjYtf+KtVV+/BCajxoDZ +LTSqx7R2RSJMaVQ41OzI3aHD5rR0M/ktYNhTotwcy0tFJQ6nwub0fTsjBLPSZZ6M +UjGg5tiHZ0c/lBKBJj7BTY61F7kTWO5M7Dgz6XkCAwEAAaOB4TCB3jAfBgNVHSME +GDAWgBQsE4/FDicj0dFB399hhLlP8TLsMTAdBgNVHQ4EFgQUpv9aWeCQYlWo0eBZ +Sr+FnrT5hmgwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATBzBgNVHR8EbDBqMGigZqBkpGIwYDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl +c3QgQ2VydGlmaWNhdGVzMScwJQYDVQQLEx5ObyBpc3N1aW5nRGlzdHJpYnV0aW9u +UG9pbnQgQ0ExDDAKBgNVBAMTA0NSTDANBgkqhkiG9w0BAQUFAAOBgQAnygifO5CB +a6drkb7+IIxC6kXu8iPf648/puVdI4z8+u6p7gNdiaLEFmOPTQ8UDz2ih5aIHHl0 +hC5DWNF5udEHFCzGgMarH2kgkM08thSsxhe0rfAAjGVbGEQWpFWDS0+CXTEYLu2S +A0fgLzVvlU+60EmmSDdOwNMTeKmElbD6fw== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=No issuingDistributionPoint CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:2C:13:8F:C5:0E:27:23:D1:D1:41:DF:DF:61:84:B9:4F:F1:32:EC:31 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0c:8e:a7:dd:16:a9:a6:c2:0d:1a:ba:ee:cc:e6:7a:59:dd:b1: + 9b:f2:70:22:7e:c4:3a:eb:9c:95:0b:63:0c:39:df:67:b8:5e: + 14:7c:b8:83:75:d8:de:35:fd:9d:bc:1f:2b:87:89:ae:82:85: + de:35:26:ab:f9:40:16:ae:6c:9e:9a:b0:b5:97:5f:c8:19:7e: + 7e:de:96:79:0b:7d:df:5c:8d:05:a5:99:fa:b5:bc:ad:f8:af: + 9d:7c:75:de:70:73:0e:ae:1e:08:e1:7b:36:8b:23:21:99:bc: + 8b:6c:2d:de:90:f3:c5:df:7f:15:c1:69:89:15:a5:b5:09:21: + 80:c4 +-----BEGIN X509 CRL----- +MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAsTHk5vIGlzc3VpbmdEaXN0cmli +dXRpb25Qb2ludCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w +HwYDVR0jBBgwFoAULBOPxQ4nI9HRQd/fYYS5T/Ey7DEwCgYDVR0UBAMCAQEwDQYJ +KoZIhvcNAQEFBQADgYEADI6n3RappsINGrruzOZ6Wd2xm/JwIn7EOuuclQtjDDnf +Z7heFHy4g3XY3jX9nbwfK4eJroKF3jUmq/lAFq5snpqwtZdfyBl+ft6WeQt931yN +BaWZ+rW8rfivnXx13nBzDq4eCOF7NosjIZm8i2wt3pDzxd9/FcFpiRWltQkhgMQ= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem new file mode 100644 index 0000000000..d149d03e72 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem @@ -0,0 +1,109 @@ +subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=Mapping 1to2 CA +-----BEGIN CERTIFICATE----- +MIICgTCCAeqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRv +MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF0xCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEyMDAGA1UEAxMpVmFsaWQg +UG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBALgTGZf83aaKeqRSCQeN8oi48i9I5mqVX9efN9WkjfAK +0nLfV0GeAH/Y/LTtj99jOSIb2O1g4ayQ2SHb1v1UzTznfAyhVci9Oo7WBv5b5MMj ++YezniLhIS7ChaLLIXfseVOQx53crjUb+/hfbyPMF4tkeKwNTVkExpxhq3Yp1MLR +AgMBAAGjazBpMB8GA1UdIwQYMBaAFDc7iqG6jad0m8Dr1jnLIQyNo1Z9MB0GA1Ud +DgQWBBR4R7AhWkyFIZrXxZjG6W4kxTE3YjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g +BBAwDjAMBgpghkgBZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBAAqwYJLUYNcvDniG +4QbRntW//ZZ/jickxsLRWl6odrI5ecwfekAm8+zhuhtPTNJE4DvDEpZQDtzyRxQF +ajMjlWFIZ0TehZVSSLGCX+DXAMgp2YxiDjIH8KsbiFT723q1y02U1RPVFiU4Oik0 ++3Cc7V4svmKHw4Dw+GWM/WuMHwJK +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Mapping 1to2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICrTCCAhagAwIBAgIBMDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPTWFwcGluZyAx +dG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXwTHRx8gVHWtSe1VX +oLPFQmGX4Y0U4v535jowfMd9254hmwW4VbZzK7rrXGOAimFxGHKwa7mkPEo80MIW +8YQC5HZs3jaXLh/xsmV1qlzwceCXooef+wu8W0pgoJ63MmY+ZJWiNK2ygRV/EVFF +x2ii8ZGDW+SKEX2WIYI7JhmcTQIDAQABo4GzMIGwMB8GA1UdIwQYMBaAFPts1C2B +nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ3O4qhuo2ndJvA69Y5yyEMjaNWfTAO +BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB +/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/ +MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAphAVDZECciXjDiCta9HU +ZubezLaRjcl0IaUmTlvuhUqkfGG2x1KhB6QTq7JGCmBrlxL93qhU+8sGW1k26/3p +c3hc60bKZ5oBG96iN05oLWWF3udbqBESMO7gn1zX14s97qLtuqQAyuERy2L2uOkk +n/emInqTFTixe284WjHR3XY= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Mapping 1to2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:37:3B:8A:A1:BA:8D:A7:74:9B:C0:EB:D6:39:CB:21:0C:8D:A3:56:7D + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 29:63:8c:57:a4:35:bb:2c:2e:a0:1e:7e:c1:e2:0e:39:2c:83: + d6:5f:29:3a:03:70:63:aa:1f:42:e8:fd:3f:64:f6:8b:ad:86: + 27:c3:a6:5d:48:9d:ef:6d:bc:be:7a:24:a9:6d:b0:4e:4d:58: + 4f:52:c8:bf:dc:70:7c:ea:8d:5e:54:12:db:5d:62:c5:63:06: + 2e:00:b4:d2:fa:51:6c:da:3f:41:04:36:14:ce:63:b5:46:e6: + 7d:10:01:db:50:07:69:82:6a:34:45:0b:38:5e:f2:d5:8b:77: + e4:ea:6a:7f:9a:18:fa:74:ed:b4:5a:ba:68:f2:68:c4:d2:55: + 17:9e +-----BEGIN X509 CRL----- +MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRvMiBDQRcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUNzuK +obqNp3SbwOvWOcshDI2jVn0wCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA +KWOMV6Q1uywuoB5+weIOOSyD1l8pOgNwY6ofQuj9P2T2i62GJ8OmXUid7228vnok +qW2wTk1YT1LIv9xwfOqNXlQS211ixWMGLgC00vpRbNo/QQQ2FM5jtUbmfRAB21AH +aYJqNEULOF7y1Yt35Opqf5oY+nTttFq6aPJoxNJVF54= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem new file mode 100644 index 0000000000..fb6f7653a8 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem @@ -0,0 +1,172 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test11 +issuer=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2 +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0Eg +UGFueVBvbGljeSBNYXBwaW5nIDF0bzIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5 +MTQ1NzIwWjBeMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0 +ZXMxMzAxBgNVBAMTKlZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRl +IFRlc3QxMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqoi/6nU3Hb2K96/H ++9K+tll1HEWk3nCTUyNxX51p/j2CU0KannQFFBA/eohAi2m9L5Yo8awWKb1S3Bya +vEGNPsdIVYLlSJG9P1epb+In0KNB8zN+UZv9Zrahi/B/3SFS1qUgTV4yLI0/V2n1 +r3YmjyOxr4h+Zqs6X90lEEh4mmsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUkdfhtaSW +CJHxonEvZtkne0qCk5owHQYDVR0OBBYEFD+Y+xstb3NLUv3ikgoUQ21QbUC7MA4G +A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJKoZIhvcN +AQEFBQADgYEAI17tZ0uZ0tu3HpgcRcjJR6m4HmsRao6CJ+ew7HfvWfVRE3x86Deq +VFDnp9mCv8VKw0ChV4tPFdkw+ceSsgThjSHvxZbghFC6YnG5Ymj9X/zjl4NCujCQ +Cw37Mi1UZYryKZ7+qODmExTxKry4nIvSUvYei8wDynu54uzjbKv7Jc8= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICtTCCAh6gAwIBAgIBFjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFu +eVBvbGljeSBNYXBwaW5nIDF0bzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ANGY6UqVJ9oB3KneANaPiYS3vFaEAo7CVhPn358boVTv2/wQv8iwT9MvDcASa4Fi +5kaob+B5k7T8qjNOtxaZJb69UDUDsAYww6r/NK5pkS1KNf7CJZW6/RQC06GsivKO +kQoudXfGEjAMhmHNuEXS4biTlRuVUXJqLPq2yLwAJPZ1AgMBAAGjga0wgaowHwYD +VR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYEFJHX4bWklgiR +8aJxL2bZJ3tKgpOaMA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUdIAAw +JgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA8GA1UdEwEB +/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQBNuXYJvgOn +wez9J/K4ZZhWpMPo/7Qso2S6BAoJh7QdTymJKxD6nDnPwetIpbQkbEtq+V30ZA+o +6v+0cntT/I7cm9JKOXMOKn35BODzS8u5UJTDwWc/l5SA0scCSRfTT9LJambCyz+m +C0/k+v5zw5VpFozVY4FoV4/KnwIhJPuDwg== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:91:D7:E1:B5:A4:96:08:91:F1:A2:71:2F:66:D9:27:7B:4A:82:93:9A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 97:e7:b7:e3:46:cf:59:49:72:d2:0e:de:0e:f6:c3:1a:ca:34: + 59:50:f1:2d:fb:11:31:f7:bb:b2:f7:dd:0e:fb:bd:6b:7a:7f: + e7:dd:02:be:6c:7b:36:1c:49:50:38:d9:85:67:97:a5:0f:84: + 49:de:8a:d5:0b:d0:36:fc:6c:4a:82:cb:83:73:ed:1e:af:31: + dc:0f:6f:eb:69:18:67:b7:fb:1e:a8:1d:a5:36:84:dd:05:72: + 52:f1:51:e1:93:6a:ff:2f:92:6b:7a:c1:67:90:0b:7f:66:0e: + f1:83:22:d9:52:5e:f7:58:5d:5c:7a:1b:69:84:91:da:b1:18: + 11:c2 +-----BEGIN X509 CRL----- +MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFueVBv +bGljeSBNYXBwaW5nIDF0bzIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg +LzAtMB8GA1UdIwQYMBaAFJHX4bWklgiR8aJxL2bZJ3tKgpOaMAoGA1UdFAQDAgEB +MA0GCSqGSIb3DQEBBQUAA4GBAJfnt+NGz1lJctIO3g72wxrKNFlQ8S37ETH3u7L3 +3Q77vWt6f+fdAr5sezYcSVA42YVnl6UPhEneitUL0Db8bEqCy4Nz7R6vMdwPb+tp +GGe3+x6oHaU2hN0FclLxUeGTav8vkmt6wWeQC39mDvGDItlSXvdYXVx6G2mEkdqx +GBHC +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem new file mode 100644 index 0000000000..2f35a62def --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem @@ -0,0 +1,118 @@ +subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICvzCCAiigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTUDEyIE1hcHBp +bmcgMXRvMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmTEwLH6u6mb6 +kvz4ulbBVFC2Ea6WdEv2uH/vNi23mER2Nl+xAbeopiy3OLEiXavvD3uvVjX0bSOH +BGk2j/ern/Urw6djfKt5V4O3NMYi6Grvfm346kdutjJuBcNlhLOE8mLXUguspocr +AoAEjrQtuS4Bkb9A5wj3OYy4jr2JhtMCAwEAAaOBwTCBvjAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUreIKE61SbSWszamYogoEaK1y +rrIwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpg +hkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEw +AzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQAD +gYEAEelnHhW6SAs3Zj4a5YMVTKDe7vCThen9bA1Awt3yFincViRt5/s2ZyzTN5fr +Xi+2m42Gm+Anb3D7rpV9IJ/PahHq4yrKSrcAzhT3IcHbuHFNwiw8Z3T+31hhjJUx +3atYpYOZZPYwuT0inFHJWRfBNA8NGBtqYlxI1C+/ucdy7ik= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test12 +issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA +-----BEGIN CERTIFICATE----- +MIIEKDCCA5GgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5n +IDF0bzMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBeMQswCQYD +VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMzAxBgNVBAMTKlZh +bGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3QxMjCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAiDGZx3j4WZj3UIYQBpID5IJr0ES7lhC5FAa2 +ErfScZEz3LrPW5r859dobtF5TBB1IGznyZmZBhwl2vmDMTOAJV827Mwn19ELd+Vx +wAtFUtNszWAw1CQdx+kH+WJka6JxXPNQGWzgn/Q+Cbrq5BStqcZTHtF1NhVX4c+/ +9RdkUesCAwEAAaOCAgswggIHMB8GA1UdIwQYMBaAFK3iChOtUm0lrM2pmKIKBGit +cq6yMB0GA1UdDgQWBBTkwpjC2Np+iZ8a8Y6b6DTyrLrvrzAOBgNVHQ8BAf8EBAMC +BPAwggGzBgNVHSAEggGqMIIBpjCB2AYKYIZIAWUDAgEwAzCByTCBxgYIKwYBBQUH +AgIwgbkagbZxNzogIFRoaXMgaXMgdGhlIHVzZXIgbm90aWNlIGZyb20gcXVhbGlm +aWVyIDcgYXNzb2NpYXRlZCB3aXRoIE5JU1QtdGVzdC1wb2xpY3ktMy4gIFRoaXMg +dXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCB3aGVuICBOSVNULXRlc3Qt +cG9saWN5LTEgaXMgaW4gdGhlIHVzZXItY29uc3RyYWluZWQtcG9saWN5LXNldDCB +yAYEVR0gADCBvzCBvAYIKwYBBQUHAgIwga8agaxxODogIFRoaXMgaXMgdGhlIHVz +ZXIgbm90aWNlIGZyb20gcXVhbGlmaWVyIDggYXNzb2NpYXRlZCB3aXRoIGFueVBv +bGljeS4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCB3aGVu +IE5JU1QtdGVzdC1wb2xpY3ktMiBpcyBpbiB0aGUgdXNlci1jb25zdHJhaW5lZC1w +b2xpY3ktc2V0MA0GCSqGSIb3DQEBBQUAA4GBACzi00c5I7zzf41Ca5Ln8KYqgDts +W6Jh0j2NzYtm2W1us5l1tx6UsE5uygoREiVScCXanYaKtiwW5QDqMZb/Uu+izmIW +QRefqnHnyJqXxKQx8UwS+yNaIjT+ph7SJNF/DQrNwYWtNBD1vKhcNe8MDKWjAr9J +P7k+rI8qg8ug3og+ +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AD:E2:0A:13:AD:52:6D:25:AC:CD:A9:98:A2:0A:04:68:AD:72:AE:B2 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 94:34:62:ba:34:51:b4:ad:dd:01:40:fe:3d:eb:bc:6c:7c:89: + cb:f0:7e:e5:38:03:50:93:5b:68:ba:d1:ca:14:39:ec:a8:9c: + 37:24:c3:0f:01:eb:14:67:8c:07:fc:37:1f:bb:45:b9:4f:5f: + 56:ad:f3:85:03:23:a8:bd:93:1c:ca:01:e8:b5:1c:c8:60:18: + 13:95:bf:5a:11:11:b2:3c:3c:27:69:bf:97:08:c0:b7:4a:7a: + 39:5e:03:2c:67:5a:11:a0:4f:6f:8d:70:4e:e2:b5:31:73:2a: + bf:5b:15:af:5b:4e:14:e0:73:5b:f1:2d:cd:bc:75:44:42:d4: + da:3b +-----BEGIN X509 CRL----- +MIIBQDCBqgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5nIDF0bzMg +Q0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaA +FK3iChOtUm0lrM2pmKIKBGitcq6yMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA +A4GBAJQ0Yro0UbSt3QFA/j3rvGx8icvwfuU4A1CTW2i60coUOeyonDckww8B6xRn +jAf8Nx+7RblPX1at84UDI6i9kxzKAei1HMhgGBOVv1oREbI8PCdpv5cIwLdKejle +AyxnWhGgT2+NcE7itTFzKr9bFa9bThTgc1vxLc28dURC1No7 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem new file mode 100644 index 0000000000..2399b4163c --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem @@ -0,0 +1,117 @@ +subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test13 +issuer=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA +-----BEGIN CERTIFICATE----- +MIICjjCCAfegAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5 +IE1hcHBpbmcgMXRvMiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MF4xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEG +A1UEAxMqVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDEz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr5cG4yqBgXjIPkt7dHP/MFNci +pUHmbTfWoxKfaC+QY/7vElma6sMegYccM49fDN8CJSa7iF0vwS05cS1euHk2PfLF +nJJamoTpf2iKxjqy6wemAmTH1cnEAtuhyArNadJXjvFmwV8bxyyaFW4GGnMj+yFe +IJoTD65IuQMOLLg+xwIDAQABo2swaTAfBgNVHSMEGDAWgBQtN9I/nlnZ5r5Xovdr +DxCCpq0D7jAdBgNVHQ4EFgQU3ZrqolFiawE0EWsHD7qUUa6V4pkwDgYDVR0PAQH/ +BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQUFAAOB +gQDgNwimYbq6g5crdMRHe8S69POQl1I4Qg6ZD511fwO2OUU/rmIbvqW5faGKHPMq +Ubun6DrzamYGfx8HCa/vn46jaRVC2tTqXgiy6aWGMHv4MJl1bxS/yR8hqdTEWjG5 +GFkA7UWgU8A3MmmIUaBCs2QK5ZqTmsYuqX2inlGtBcvTrQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIEHjCCA4egAwIBAgIBNjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbUDFhbnlQb2xp +Y3kgTWFwcGluZyAxdG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDs +qiRQp8ZU1kWOS/tvtPAlHT9dGf17useanNh/sRHafDBRsOVVlS+kMA8Ti/8uecSP +PEMznqfzcf7wvC64FNOt2P3rD/W3oZ7MShTLQF6C5mqsh8A4T+DDgdhNG5xtOAfg +buRxp+A4KybQ7YMzRHnb5Z6UEKCAOv1NmaQpQU6lFQIDAQABo4ICFzCCAhMwHwYD +VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFC030j+eWdnm +vlei92sPEIKmrQPuMA4GA1UdDwEB/wQEAwIBBjCCAXgGA1UdIASCAW8wggFrMIG5 +BgpghkgBZQMCATABMIGqMIGnBggrBgEFBQcCAjCBmhqBl3E5OiAgVGhpcyBpcyB0 +aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgOSBhc3NvY2lhdGVkIHdpdGgg +TklTVC10ZXN0LXBvbGljeS0xLiAgVGhpcyB1c2VyIG5vdGljZSBzaG91bGQgYmUg +ZGlzcGxheWVkIGZvciBWYWxpZCBQb2xpY3kgTWFwcGluZyBUZXN0MTMwgawGBFUd +IAAwgaMwgaAGCCsGAQUFBwICMIGTGoGQcTEwOiAgVGhpcyBpcyB0aGUgdXNlciBu +b3RpY2UgZnJvbSBxdWFsaWZpZXIgMTAgYXNzb2NpYXRlZCB3aXRoIGFueVBvbGlj +eS4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCBmb3IgVmFs +aWQgUG9saWN5IE1hcHBpbmcgVGVzdDE0MCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD +AgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAw +DQYJKoZIhvcNAQEFBQADgYEAqZ6Cif011+oMzp6bcMsfzt9sTBgpT4l35AbTC5sm +zp3ur8X5X2G604yKkSXe1cf0F+fZSE6zjwizb1YG0owt1eGWSxCdAlkIFRang7OG +Z93bEKBx3ysDYCKvemx0f3shGqJVVzMBo6JP6JX7Jnn385UdwdKO2dWzVhHXsP+P +9sY= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:2D:37:D2:3F:9E:59:D9:E6:BE:57:A2:F7:6B:0F:10:82:A6:AD:03:EE + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 56:52:84:5c:c6:67:e1:f5:70:94:c5:af:b8:de:1f:38:dc:b0: + 65:8a:69:80:b5:9a:f9:2f:6c:13:8e:83:5a:5b:33:01:1c:d2: + a9:c6:c7:09:92:cd:17:9f:bc:f4:30:d8:bf:8e:05:c0:98:d4: + dc:be:b5:31:80:76:30:f8:35:48:45:a5:25:2a:92:df:1d:ae: + 4c:88:5e:34:d5:ea:39:8c:f2:e4:c7:e4:c1:35:45:3b:6f:6f: + f3:81:e3:2f:43:ad:ae:e3:98:3a:7e:0e:48:51:cc:a8:15:38: + ce:38:31:9c:36:5e:a0:eb:f5:16:e9:43:a9:5f:77:a4:bc:44: + c4:0b +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5IE1hcHBp +bmcgMXRvMiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAULTfSP55Z2ea+V6L3aw8QgqatA+4wCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAVlKEXMZn4fVwlMWvuN4fONywZYppgLWa+S9sE46DWlszARzS +qcbHCZLNF5+89DDYv44FwJjU3L61MYB2MPg1SEWlJSqS3x2uTIheNNXqOYzy5Mfk +wTVFO29v84HjL0OtruOYOn4OSFHMqBU4zjgxnDZeoOv1FulDqV93pLxExAs= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem new file mode 100644 index 0000000000..10b7912099 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem @@ -0,0 +1,117 @@ +subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test14 +issuer=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA +-----BEGIN CERTIFICATE----- +MIICjjCCAfegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5 +IE1hcHBpbmcgMXRvMiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MF4xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEG +A1UEAxMqVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDE0 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw0i1MxqkhMcbORFEu5k6Y4Q0R +5QY60nT/GZQrbH5OZMueDjhFLTTPfxvN9VWue6NgkPLQ/NgPlm0+DDz0+4dyMi0F +h93v/27ZAOtBk0eTVvvsCvAyD5EBqW1PWcZHX3oWyaY9AWM2JHrZv8M/toQ4CA2V +yJOzEOf1bJBfj+SUcQIDAQABo2swaTAfBgNVHSMEGDAWgBQtN9I/nlnZ5r5Xovdr +DxCCpq0D7jAdBgNVHQ4EFgQUBBCEgvxOOcAPi/H2IhqSJnWk9mgwDgYDVR0PAQH/ +BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOB +gQAg9tR9jL/eux79Ixd+MLGGfc6YC+FUqLyNErhpSQ7FiCc1jPwAFfyuPLiyBmJS +k601bFn5fO2LKSSocHH9ezXT+x0XHajvaNlNd2w8YXKtrW5ogwty9q21c4VCuLrE +ej5cBZPdSyp4RBkdBnjfPc2vRW6x0g3EMA03aYr0Sc712w== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIEHjCCA4egAwIBAgIBNjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbUDFhbnlQb2xp +Y3kgTWFwcGluZyAxdG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDs +qiRQp8ZU1kWOS/tvtPAlHT9dGf17useanNh/sRHafDBRsOVVlS+kMA8Ti/8uecSP +PEMznqfzcf7wvC64FNOt2P3rD/W3oZ7MShTLQF6C5mqsh8A4T+DDgdhNG5xtOAfg +buRxp+A4KybQ7YMzRHnb5Z6UEKCAOv1NmaQpQU6lFQIDAQABo4ICFzCCAhMwHwYD +VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFC030j+eWdnm +vlei92sPEIKmrQPuMA4GA1UdDwEB/wQEAwIBBjCCAXgGA1UdIASCAW8wggFrMIG5 +BgpghkgBZQMCATABMIGqMIGnBggrBgEFBQcCAjCBmhqBl3E5OiAgVGhpcyBpcyB0 +aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgOSBhc3NvY2lhdGVkIHdpdGgg +TklTVC10ZXN0LXBvbGljeS0xLiAgVGhpcyB1c2VyIG5vdGljZSBzaG91bGQgYmUg +ZGlzcGxheWVkIGZvciBWYWxpZCBQb2xpY3kgTWFwcGluZyBUZXN0MTMwgawGBFUd +IAAwgaMwgaAGCCsGAQUFBwICMIGTGoGQcTEwOiAgVGhpcyBpcyB0aGUgdXNlciBu +b3RpY2UgZnJvbSBxdWFsaWZpZXIgMTAgYXNzb2NpYXRlZCB3aXRoIGFueVBvbGlj +eS4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCBmb3IgVmFs +aWQgUG9saWN5IE1hcHBpbmcgVGVzdDE0MCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD +AgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAw +DQYJKoZIhvcNAQEFBQADgYEAqZ6Cif011+oMzp6bcMsfzt9sTBgpT4l35AbTC5sm +zp3ur8X5X2G604yKkSXe1cf0F+fZSE6zjwizb1YG0owt1eGWSxCdAlkIFRang7OG +Z93bEKBx3ysDYCKvemx0f3shGqJVVzMBo6JP6JX7Jnn385UdwdKO2dWzVhHXsP+P +9sY= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:2D:37:D2:3F:9E:59:D9:E6:BE:57:A2:F7:6B:0F:10:82:A6:AD:03:EE + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 56:52:84:5c:c6:67:e1:f5:70:94:c5:af:b8:de:1f:38:dc:b0: + 65:8a:69:80:b5:9a:f9:2f:6c:13:8e:83:5a:5b:33:01:1c:d2: + a9:c6:c7:09:92:cd:17:9f:bc:f4:30:d8:bf:8e:05:c0:98:d4: + dc:be:b5:31:80:76:30:f8:35:48:45:a5:25:2a:92:df:1d:ae: + 4c:88:5e:34:d5:ea:39:8c:f2:e4:c7:e4:c1:35:45:3b:6f:6f: + f3:81:e3:2f:43:ad:ae:e3:98:3a:7e:0e:48:51:cc:a8:15:38: + ce:38:31:9c:36:5e:a0:eb:f5:16:e9:43:a9:5f:77:a4:bc:44: + c4:0b +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5IE1hcHBp +bmcgMXRvMiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAULTfSP55Z2ea+V6L3aw8QgqatA+4wCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAVlKEXMZn4fVwlMWvuN4fONywZYppgLWa+S9sE46DWlszARzS +qcbHCZLNF5+89DDYv44FwJjU3L61MYB2MPg1SEWlJSqS3x2uTIheNNXqOYzy5Mfk +wTVFO29v84HjL0OtruOYOn4OSFHMqBU4zjgxnDZeoOv1FulDqV93pLxExAs= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem new file mode 100644 index 0000000000..d5af222303 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem @@ -0,0 +1,214 @@ +subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5n +IDF0bzMgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBd +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMjAwBgNV +BAMTKVZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3QzMIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLjaVgcxBArg5ZjazYxWoHTBcfcT/5 +qsS4WoFj+0UELOPixTqQjmJofe3JKjHSI1h9yiTTiyrDVRkKB3DPYLo8zkv7HQeJ +sleZKw3rgNtSOKuMY/9E5Pex3Q77pOCXZES31n/xZ1BRfCHAkhA6QxSoePkp7Au0 +6R9jYczfn3FZwwIDAQABo2swaTAfBgNVHSMEGDAWgBT2LLG3KbWulX+w+DlBUy0u +DwTjxzAdBgNVHQ4EFgQUx21mI2aVCGSW1qLGljar1+6L7JUwDgYDVR0PAQH/BAQD +AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwCDANBgkqhkiG9w0BAQUFAAOBgQAI +oGNjmv/QvuGxJUK+dcyZqM4egLTHcIlgtNw5QURIbyQz+p0EkQqlEly1G1f6jZg7 +yi0vbf2ng8f39I50HeqyGHay1/H9Koq5m0K+a9GV2mi0huLFL96U7b64ELF0z371 +W/OSduqoyZhrzBnTSuNoiqmlAlV8Z+TXjVSp1HX3Ew== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICvzCCAiigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTUDEyIE1hcHBp +bmcgMXRvMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmTEwLH6u6mb6 +kvz4ulbBVFC2Ea6WdEv2uH/vNi23mER2Nl+xAbeopiy3OLEiXavvD3uvVjX0bSOH +BGk2j/ern/Urw6djfKt5V4O3NMYi6Grvfm346kdutjJuBcNlhLOE8mLXUguspocr +AoAEjrQtuS4Bkb9A5wj3OYy4jr2JhtMCAwEAAaOBwTCBvjAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUreIKE61SbSWszamYogoEaK1y +rrIwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpg +hkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEw +AzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQAD +gYEAEelnHhW6SAs3Zj4a5YMVTKDe7vCThen9bA1Awt3yFincViRt5/s2ZyzTN5fr +Xi+2m42Gm+Anb3D7rpV9IJ/PahHq4yrKSrcAzhT3IcHbuHFNwiw8Z3T+31hhjJUx +3atYpYOZZPYwuT0inFHJWRfBNA8NGBtqYlxI1C+/ucdy7ik= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA +issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA +-----BEGIN CERTIFICATE----- +MIICwTCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5n +IDF0bzMgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBNMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMT +GVAxMiBNYXBwaW5nIDF0bzMgc3Vic3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBAJjo4/4TekqllLI7gPzmE2OceB30SRuraEVWVdR/lmFpFTks5fKkqf96 +WjYpnJZwaqE1ZdUQxgeNsswPm4pUAhVmU9IHvqBaM+bNXFsrwBOYYhfZY3xnwcxp +IZsvkLPuEq1vLwxpn+0zTDOpDGf9zhiTrswEUoGYBwOVqRDaToYdAgMBAAGjgbMw +gbAwHwYDVR0jBBgwFoAUXcS6eHk0JsNyV9FZ9KPiVKcocdEwHQYDVR0OBBYEFPYs +sbcpta6Vf7D4OUFTLS4PBOPHMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwG +CmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNVHSEBAf8EHDAaMBgGCmCGSAFl +AwIBMAQGCmCGSAFlAwIBMAgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF +AAOBgQCass0kmtqSdWX5lffBs/tSTSvnGK38REo2IwTFLHduO4cvzAyS7ProbF/J +al8FtT9mdnl+NpwrH4KlFNu+uti47wFj9xov/kbcmp21DvZ/m8ihmStk4FG2r6Ad +0gdmVfBYem0mOu/1r/F8deNFP/Dpd8w3KFnv3Dd9wZd/Eb5hrg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA +issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA +-----BEGIN CERTIFICATE----- +MIIC1TCCAj6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5n +IDF0bzMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYD +VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAx +MiBNYXBwaW5nIDF0bzMgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AMsNrOgngQPHY/5QvmR5y8mHOJJ2T8Vjf+3/DPv5eMF+q11urxfCat4faDdtchBa +QXOWQ2TEy6tqpR7u8UJ2wnI7phld51gAcT2I8V7swo/EM1Ga1i5bWa5G10vPmZw5 +l7QwqT/D6JkHdthcaJdQrBP9zesYPEp13RFQU9mP5451AgMBAAGjgc0wgcowHwYD +VR0jBBgwFoAUreIKE61SbSWszamYogoEaK1yrrIwHQYDVR0OBBYEFF3Eunh5NCbD +clfRWfSj4lSnKHHRMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFl +AwIBMAIwDAYKYIZIAWUDAgEwBTBABgNVHSEBAf8ENjA0MBgGCmCGSAFlAwIBMAIG +CmCGSAFlAwIBMAQwGAYKYIZIAWUDAgEwBQYKYIZIAWUDAgEwBzAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHwK+aOYJpXAoXSRQ1o82pqD++jA/uvr +2eJoXbcch64CAdRNuCA7rQoRAx1nSUgjoLmHcTDrowQzodrVXVmCmYqXxB5XswG6 +z5Oj09NorxHxpAs7E/izElYwEXl5n0NMInD6S2r1SWOnRpGnCL8PYM3gW+xne8rJ +CZMIMADOWvrc +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AD:E2:0A:13:AD:52:6D:25:AC:CD:A9:98:A2:0A:04:68:AD:72:AE:B2 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 94:34:62:ba:34:51:b4:ad:dd:01:40:fe:3d:eb:bc:6c:7c:89: + cb:f0:7e:e5:38:03:50:93:5b:68:ba:d1:ca:14:39:ec:a8:9c: + 37:24:c3:0f:01:eb:14:67:8c:07:fc:37:1f:bb:45:b9:4f:5f: + 56:ad:f3:85:03:23:a8:bd:93:1c:ca:01:e8:b5:1c:c8:60:18: + 13:95:bf:5a:11:11:b2:3c:3c:27:69:bf:97:08:c0:b7:4a:7a: + 39:5e:03:2c:67:5a:11:a0:4f:6f:8d:70:4e:e2:b5:31:73:2a: + bf:5b:15:af:5b:4e:14:e0:73:5b:f1:2d:cd:bc:75:44:42:d4: + da:3b +-----BEGIN X509 CRL----- +MIIBQDCBqgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5nIDF0bzMg +Q0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaA +FK3iChOtUm0lrM2pmKIKBGitcq6yMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA +A4GBAJQ0Yro0UbSt3QFA/j3rvGx8icvwfuU4A1CTW2i60coUOeyonDckww8B6xRn +jAf8Nx+7RblPX1at84UDI6i9kxzKAei1HMhgGBOVv1oREbI8PCdpv5cIwLdKejle +AyxnWhGgT2+NcE7itTFzKr9bFa9bThTgc1vxLc28dURC1No7 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:5D:C4:BA:78:79:34:26:C3:72:57:D1:59:F4:A3:E2:54:A7:28:71:D1 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 15:bb:13:8f:22:9e:5f:ae:7d:26:76:5b:6f:8d:8b:a4:37:1d: + fa:87:83:61:23:70:ca:f2:bd:ba:ae:72:04:3e:0a:21:70:4e: + 01:97:4c:e3:16:d0:ef:d9:31:50:6f:5b:ff:51:10:40:73:82: + 0f:f2:00:90:1a:bb:f8:93:68:b9:0c:15:9d:b2:c3:5b:56:73: + 52:d3:1c:0f:75:2f:51:5b:40:3f:8b:71:42:54:33:af:55:20: + c8:ff:bf:ff:68:43:78:93:55:01:fb:7e:4d:db:a8:57:36:34: + df:a2:90:75:bb:fa:23:f3:9f:de:e4:4d:92:30:65:8c:f2:64: + e0:01 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5nIDF0bzMg +c3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFF3Eunh5NCbDclfRWfSj4lSnKHHRMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBABW7E48inl+ufSZ2W2+Ni6Q3HfqHg2EjcMryvbqucgQ+CiFwTgGXTOMW +0O/ZMVBvW/9REEBzgg/yAJAau/iTaLkMFZ2yw1tWc1LTHA91L1FbQD+LcUJUM69V +IMj/v/9oQ3iTVQH7fk3bqFc2NN+ikHW7+iPzn97kTZIwZYzyZOAB +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:F6:2C:B1:B7:29:B5:AE:95:7F:B0:F8:39:41:53:2D:2E:0F:04:E3:C7 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 6f:b3:1a:29:36:35:76:c7:62:11:6e:e9:29:e6:83:8b:5e:bf: + 25:ea:4d:71:56:16:50:25:92:68:a8:a2:e9:4d:09:a3:74:36: + e2:9b:c1:52:dd:87:0a:64:98:58:da:6a:96:e6:c4:02:90:d8: + cd:4c:10:71:4c:98:1d:bb:d4:8d:7d:74:f9:34:3f:98:f7:8a: + 5e:eb:bf:7c:8f:90:2a:7b:c4:f3:29:cc:3c:62:a3:f8:08:c2: + 0a:ae:35:92:8d:ed:c0:30:a3:f2:a1:c7:7c:a1:68:1d:b0:48: + 4d:c1:4f:50:7f:1f:af:c6:f3:a1:d0:ad:8a:1a:78:05:84:6d: + d9:7e +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5nIDF0bzMg +c3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFPYssbcpta6Vf7D4OUFTLS4PBOPHMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAG+zGik2NXbHYhFu6Snmg4tevyXqTXFWFlAlkmiooulNCaN0NuKb +wVLdhwpkmFjaapbmxAKQ2M1MEHFMmB271I19dPk0P5j3il7rv3yPkCp7xPMpzDxi +o/gIwgquNZKN7cAwo/Khx3yhaB2wSE3BT1B/H6/G86HQrYoaeAWEbdl+ +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem new file mode 100644 index 0000000000..d916bbbbbd --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem @@ -0,0 +1,163 @@ +subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcg +MXRvMjM0IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXTEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYDVQQD +EylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu7tA0m9E4vxbGx8d41Nw9YFiUAKWV/rI +5MXmpuTVeWZr5ELloOLZG/UdWxsbxKWX+FmF+RLDfJ4aAfomI+J/gPjv01gXT0PD +qXqflxdcvCR8kWU08UNs5Dbks3BtWaR+rF3Zrw/gz9cg6d/fGFn48gjtn8LeQz1w +vqAP8w3woaECAwEAAaNrMGkwHwYDVR0jBBgwFoAUrQ/vHBeBV326g+8R/4doc9Km +G5cwHQYDVR0OBBYEFJ/3EWzpeGSBUdimPN2Zptp/EZwFMA4GA1UdDwEB/wQEAwIE +8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAYwDQYJKoZIhvcNAQEFBQADgYEAmh2B +OoSik/wvehYBZuSGtFC/NOP3yi9x6PCY/pzav9YZKgJZXeEJF78A5SVPFjP5BJcI +c6ke+EApOv2lHbViBi7ll5xc+xSh1Ko77NOO4yrlFe8+ZiKz+kXizBsfbcKUYtKN +KHby2pgphWXv93Xe0fIFKYeSWqoKvL3EHjc8Gtk= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA +issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA +-----BEGIN CERTIFICATE----- +MIIC1zCCAkCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcg +MXRvMjM0IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSzELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSAwHgYDVQQDExdQ +MSBNYXBwaW5nIDF0bzIzNCBzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAuxzFRezTkAVZWZReelvBKELugXp5Eq7O4Ye839Rxl3p/kBRLWiFz+bsyeeMl +YKC2+df3mBhUm5dDtrttv+oGaGL4bquZgb6X5TNxSHDe/D+3BAyxbFn8Qfq642fP +QvmHsQYWtT+dP5NUxFpss8ElrWi0X2UEzb5ChUalSf2Vde8CAwEAAaOBzTCByjAf +BgNVHSMEGDAWgBTMp9HShu8hYwWY780byv/gRLPUkDAdBgNVHQ4EFgQUrQ/vHBeB +V326g+8R/4doc9KmG5cwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZI +AWUDAgEwAjAMBgpghkgBZQMCATAEMEAGA1UdIQEB/wQ2MDQwGAYKYIZIAWUDAgEw +AgYKYIZIAWUDAgEwBTAYBgpghkgBZQMCATAEBgpghkgBZQMCATAGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACas+sr4fsuwRW8lWjQQH9NDBg4OC +4/j/2+haNy4neNyKBSFPg7g/HTOvalwVvR2OoEiVIdh2cLH4ELt3GVucJkB9Nimr +nV4trKBPR9Cy/UTVzDvDS9NW7FEyTWtlVbTEU4um4rvU+7HkmY4JjaEUbqrdFcRf +ho4KQe/QkE0wYcU= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC5jCCAk+gAwIBAgIBMjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUDEgTWFwcGlu +ZyAxdG8yMzQgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALkWaQEgKSf0 +Z8Rv+4X37UP7SJyBJFbt6QzzxNxVnCwFX+0X5rL44rsZBya1cg8TN0BvQjpF7hKW +Ch5A0nARNvvI6cOBqQ5T2UryrVgzPb/dXebSy5e8afDUs8QqRB9dHb/m0AVC+hTd +mwlok2dgnsm+DdpTaKbgKWi/jjlr8H5BAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMyn0dKG7yFjBZjvzRvK/+BE +s9SQMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwWgYD +VR0hAQH/BFAwTjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMBgGCmCGSAFlAwIB +MAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwBDAPBgNVHRMB +Af8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAXs0UPa8a +gMe7mdH0Zuxlka5P2WW5U6NGJTaF88e0d2LNd0rKAIY54kVS6qWRSb4m3fD17BhB +HYeJt1wRTxJo/oSdKxOYY/2k1BQLH6HyqsgQsOq5V1KTBJSPsCVZxvw7i0dDtw4A +VH9jyKpEN4XcL3k1hYHJvBU1sH8g1sE6vLQ= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:CC:A7:D1:D2:86:EF:21:63:05:98:EF:CD:1B:CA:FF:E0:44:B3:D4:90 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 45:0b:74:18:70:b6:d8:66:8a:81:70:d0:a9:21:e0:0b:b5:9d: + 71:45:a7:fd:df:50:ee:d6:38:4e:90:ea:eb:a8:84:6b:79:0c: + 64:6d:0a:4d:e0:36:20:6b:ec:c6:46:8f:13:13:99:18:21:e7: + 44:60:19:de:b4:f5:ea:7e:70:4b:b7:12:b8:4a:1f:5d:9b:b3: + 1d:cf:e4:54:5a:a1:8c:6b:ad:fd:51:f3:0c:96:c8:a6:7a:83: + f2:a1:dc:3a:a9:84:f6:7f:8f:8e:3f:91:ee:ae:e3:85:9c:7f: + 44:b7:92:89:15:77:f3:b3:dc:13:fc:7e:87:0f:e0:d6:55:96: + ee:83 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcgMXRvMjM0 +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBTMp9HShu8hYwWY780byv/gRLPUkDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQBFC3QYcLbYZoqBcNCpIeALtZ1xRaf931Du1jhOkOrrqIRreQxkbQpN4DYg +a+zGRo8TE5kYIedEYBnetPXqfnBLtxK4Sh9dm7Mdz+RUWqGMa639UfMMlsimeoPy +odw6qYT2f4+OP5HuruOFnH9Et5KJFXfzs9wT/H6HD+DWVZbugw== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AD:0F:EF:1C:17:81:57:7D:BA:83:EF:11:FF:87:68:73:D2:A6:1B:97 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 33:53:2c:ad:0e:6e:e9:49:14:44:7d:de:5c:dc:4b:0e:57:35: + 35:18:f2:d9:4b:94:c6:38:1e:4e:33:a7:7e:6c:b4:b7:d2:72: + 46:03:28:4b:d5:ef:a3:9a:ca:16:33:03:ec:bf:cf:e9:8f:a4: + 4a:01:c5:e1:a6:0a:b7:4d:86:ee:08:93:ee:1b:da:ad:da:d7: + cd:6a:da:95:eb:62:1f:13:19:30:8f:f5:33:22:fa:7b:2a:c3: + 7f:b8:ca:67:24:4e:f6:4e:0f:be:aa:31:23:42:eb:0d:76:9b: + f0:64:24:95:f4:b8:62:7b:5e:14:24:fd:6f:6c:8e:82:b3:60: + a9:c0 +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcgMXRvMjM0 +IHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBStD+8cF4FXfbqD7xH/h2hz0qYblzAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQAzUyytDm7pSRREfd5c3EsOVzU1GPLZS5TGOB5OM6d+bLS30nJGAyhL +1e+jmsoWMwPsv8/pj6RKAcXhpgq3TYbuCJPuG9qt2tfNatqV62IfExkwj/UzIvp7 +KsN/uMpnJE72Tg++qjEjQusNdpvwZCSV9Lhie14UJP1vbI6Cs2CpwA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem new file mode 100644 index 0000000000..665a6357fa --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem @@ -0,0 +1,163 @@ +subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcg +MXRvMjM0IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXTEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYDVQQD +EylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAg/jjf7HVRt6r4IitgA9kVxN6rVQy1OLQ +Kelr3lLXIJbXs7XYoUx53Br5c1SDdSaaRfvhKyMl7m53baO33b+MEeB8VfWHt/on +35CKtGtyDa/IbfzrrwwJqs0rF4H/t7Ngz1b5rrKaEjy4itjNylcyAzJC1Zjer8aJ +iXyszL9uGc8CAwEAAaNrMGkwHwYDVR0jBBgwFoAUrQ/vHBeBV326g+8R/4doc9Km +G5cwHQYDVR0OBBYEFOH+LaLyiRCW05OelA2Y/97NYu1gMA4GA1UdDwEB/wQEAwIE +8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAUwDQYJKoZIhvcNAQEFBQADgYEAZStF +y/RNVE9ElY/wKLp8pdE/c4L9rucyOPSv/5zhGO4+GiiN39twvGjjMH3ziIauJpuM +rCb8q+3s22lzkD6/BSLyRNCXM7Mx5CGWDCdHqnkdFf1Ck9ddAG3hF8FkeKjlZ2MA +j1g2DpZezCE4srw5r+5mXw95piUHxvBxIXnBUJ0= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA +issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA +-----BEGIN CERTIFICATE----- +MIIC1zCCAkCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcg +MXRvMjM0IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSzELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSAwHgYDVQQDExdQ +MSBNYXBwaW5nIDF0bzIzNCBzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAuxzFRezTkAVZWZReelvBKELugXp5Eq7O4Ye839Rxl3p/kBRLWiFz+bsyeeMl +YKC2+df3mBhUm5dDtrttv+oGaGL4bquZgb6X5TNxSHDe/D+3BAyxbFn8Qfq642fP +QvmHsQYWtT+dP5NUxFpss8ElrWi0X2UEzb5ChUalSf2Vde8CAwEAAaOBzTCByjAf +BgNVHSMEGDAWgBTMp9HShu8hYwWY780byv/gRLPUkDAdBgNVHQ4EFgQUrQ/vHBeB +V326g+8R/4doc9KmG5cwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZI +AWUDAgEwAjAMBgpghkgBZQMCATAEMEAGA1UdIQEB/wQ2MDQwGAYKYIZIAWUDAgEw +AgYKYIZIAWUDAgEwBTAYBgpghkgBZQMCATAEBgpghkgBZQMCATAGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACas+sr4fsuwRW8lWjQQH9NDBg4OC +4/j/2+haNy4neNyKBSFPg7g/HTOvalwVvR2OoEiVIdh2cLH4ELt3GVucJkB9Nimr +nV4trKBPR9Cy/UTVzDvDS9NW7FEyTWtlVbTEU4um4rvU+7HkmY4JjaEUbqrdFcRf +ho4KQe/QkE0wYcU= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC5jCCAk+gAwIBAgIBMjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUDEgTWFwcGlu +ZyAxdG8yMzQgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALkWaQEgKSf0 +Z8Rv+4X37UP7SJyBJFbt6QzzxNxVnCwFX+0X5rL44rsZBya1cg8TN0BvQjpF7hKW +Ch5A0nARNvvI6cOBqQ5T2UryrVgzPb/dXebSy5e8afDUs8QqRB9dHb/m0AVC+hTd +mwlok2dgnsm+DdpTaKbgKWi/jjlr8H5BAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMyn0dKG7yFjBZjvzRvK/+BE +s9SQMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwWgYD +VR0hAQH/BFAwTjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMBgGCmCGSAFlAwIB +MAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwBDAPBgNVHRMB +Af8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAXs0UPa8a +gMe7mdH0Zuxlka5P2WW5U6NGJTaF88e0d2LNd0rKAIY54kVS6qWRSb4m3fD17BhB +HYeJt1wRTxJo/oSdKxOYY/2k1BQLH6HyqsgQsOq5V1KTBJSPsCVZxvw7i0dDtw4A +VH9jyKpEN4XcL3k1hYHJvBU1sH8g1sE6vLQ= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:CC:A7:D1:D2:86:EF:21:63:05:98:EF:CD:1B:CA:FF:E0:44:B3:D4:90 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 45:0b:74:18:70:b6:d8:66:8a:81:70:d0:a9:21:e0:0b:b5:9d: + 71:45:a7:fd:df:50:ee:d6:38:4e:90:ea:eb:a8:84:6b:79:0c: + 64:6d:0a:4d:e0:36:20:6b:ec:c6:46:8f:13:13:99:18:21:e7: + 44:60:19:de:b4:f5:ea:7e:70:4b:b7:12:b8:4a:1f:5d:9b:b3: + 1d:cf:e4:54:5a:a1:8c:6b:ad:fd:51:f3:0c:96:c8:a6:7a:83: + f2:a1:dc:3a:a9:84:f6:7f:8f:8e:3f:91:ee:ae:e3:85:9c:7f: + 44:b7:92:89:15:77:f3:b3:dc:13:fc:7e:87:0f:e0:d6:55:96: + ee:83 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcgMXRvMjM0 +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBTMp9HShu8hYwWY780byv/gRLPUkDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQBFC3QYcLbYZoqBcNCpIeALtZ1xRaf931Du1jhOkOrrqIRreQxkbQpN4DYg +a+zGRo8TE5kYIedEYBnetPXqfnBLtxK4Sh9dm7Mdz+RUWqGMa639UfMMlsimeoPy +odw6qYT2f4+OP5HuruOFnH9Et5KJFXfzs9wT/H6HD+DWVZbugw== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AD:0F:EF:1C:17:81:57:7D:BA:83:EF:11:FF:87:68:73:D2:A6:1B:97 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 33:53:2c:ad:0e:6e:e9:49:14:44:7d:de:5c:dc:4b:0e:57:35: + 35:18:f2:d9:4b:94:c6:38:1e:4e:33:a7:7e:6c:b4:b7:d2:72: + 46:03:28:4b:d5:ef:a3:9a:ca:16:33:03:ec:bf:cf:e9:8f:a4: + 4a:01:c5:e1:a6:0a:b7:4d:86:ee:08:93:ee:1b:da:ad:da:d7: + cd:6a:da:95:eb:62:1f:13:19:30:8f:f5:33:22:fa:7b:2a:c3: + 7f:b8:ca:67:24:4e:f6:4e:0f:be:aa:31:23:42:eb:0d:76:9b: + f0:64:24:95:f4:b8:62:7b:5e:14:24:fd:6f:6c:8e:82:b3:60: + a9:c0 +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcgMXRvMjM0 +IHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBStD+8cF4FXfbqD7xH/h2hz0qYblzAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQAzUyytDm7pSRREfd5c3EsOVzU1GPLZS5TGOB5OM6d+bLS30nJGAyhL +1e+jmsoWMwPsv8/pj6RKAcXhpgq3TYbuCJPuG9qt2tfNatqV62IfExkwj/UzIvp7 +KsN/uMpnJE72Tg++qjEjQusNdpvwZCSV9Lhie14UJP1vbI6Cs2CpwA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem new file mode 100644 index 0000000000..252e920ac8 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem @@ -0,0 +1,109 @@ +subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test9 +issuer=/C=US/O=Test Certificates/CN=PanyPolicy Mapping 1to2 CA +-----BEGIN CERTIFICATE----- +MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlBhbnlQb2xpY3kg +TWFwcGluZyAxdG8yIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +XTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYD +VQQDEylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2FRrJurp4yzaLVdHeMS3IAQQvUjp +lPkcXvLpEyQnWVTBYLsXJF9YdVxJJFES2XUxVFTumNnOjc2XcgCuUDwqoUYHPv8P +UWZuoQ8B2sg8HPNU6G5BHBbtXkzC7lKCDLRshPSgnKngxdmoIDSVDPkz2KBUhbFm +QZIqhVHE6UPCViUCAwEAAaNrMGkwHwYDVR0jBBgwFoAU0rpPGz5oOOaQ+MHqJa7a +kq9DNm4wHQYDVR0OBBYEFEhKmk02sJFH9yFXTXKxqodRjaFoMA4GA1UdDwEB/wQE +AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA +PrcU9aDr57y1wekJ7k+ZJuhDlemNjGY7ggrZcarGL+LsRqkufpgkLpei7Cz13buA +L/MqHFdc7H7d+GrbF4PAe2NXfcnlJJMLjS9Jw77qSb3aw9eSqYscBFhOxYWNL/Qh +5GI9hJYugYGFzLxh1Cnl0/Pc8PoBgtaZg7H2hXmlUyQ= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=PanyPolicy Mapping 1to2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICsjCCAhugAwIBAgIBNTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMaUGFueVBvbGlj +eSBNYXBwaW5nIDF0bzIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPOw +G+hWDRzfFMkg2CwlHhCBrp/3hveD/ESGWRnpEp1ATKX47bZDyerSn5/9+d2sCsja +seeR04tpsBmS+o6bUTTy9W5G6gxE/McnS7oH1WJLYNW9e57ckYArd3i85wr+Ecoq +IaTiDQmy4Ze+TBNA/7CaYTp8agquwDTl40VGqfs1AgMBAAGjga0wgaowHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFNK6Txs+aDjmkPjB +6iWu2pKvQzZuMA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUdIAAwJgYD +VR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA8GA1UdEwEB/wQF +MAMBAf8wDAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQBL624FELsxdPKY +tcreLc/Fz0uWZ7bc3BEIeVTarTWFu536wAOO2Pf4mJdJZ5WVVSYcOJb03Zso6U0G +h0iYeHFGkXBCrqeOGe1h3zL4ED/C0HYJmPtLcTrtlAwvYq8dq4ABvsqMAUgFrsf4 +JGqkgLsMrbXRCAsLpFver5xKAuQ67A== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=PanyPolicy Mapping 1to2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D2:BA:4F:1B:3E:68:38:E6:90:F8:C1:EA:25:AE:DA:92:AF:43:36:6E + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 9d:f5:f9:0e:d5:1b:b9:cc:83:35:eb:00:3d:98:52:11:89:63: + 79:17:97:0b:9a:f5:0c:35:72:44:ab:2b:97:85:0d:c1:3f:26: + 10:15:81:e4:78:88:59:2d:4d:2b:4a:8b:5a:58:e4:2c:82:76: + 0f:b0:c3:45:c6:46:34:cc:38:33:da:6b:a0:79:e2:65:2a:3a: + 54:8d:69:54:6e:77:32:c1:45:8e:63:de:09:f4:3e:9f:a5:19: + 37:25:92:40:f1:aa:57:f2:61:69:e3:3d:e4:05:85:94:ec:29: + 51:dd:85:6c:65:c3:83:7a:c4:f9:37:7e:c0:a0:0d:6c:86:2b: + 47:7b +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlBhbnlQb2xpY3kgTWFwcGlu +ZyAxdG8yIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBTSuk8bPmg45pD4weolrtqSr0M2bjAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQCd9fkO1Ru5zIM16wA9mFIRiWN5F5cLmvUMNXJEqyuXhQ3BPyYQ +FYHkeIhZLU0rSotaWOQsgnYPsMNFxkY0zDgz2mugeeJlKjpUjWlUbncywUWOY94J +9D6fpRk3JZJA8apX8mFp4z3kBYWU7ClR3YVsZcODesT5N37AoA1shitHew== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem new file mode 100644 index 0000000000..6a94017c06 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem @@ -0,0 +1,113 @@ +subject=/C=US/O=Test Certificates/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICwTCCAiqgAwIBAgIBYDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGOMQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgoJkiaJk/IsZAEZFgNn +b3YxIDAeBgoJkiaJk/IsZAEZFhB0ZXN0Y2VydGlmaWNhdGVzMREwDwYDVQQIEwhN +YXJ5bGFuZDEMMAoGA1UEBRMDMzQ1MQswCQYDVQQuEwJDQTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAmPmvvNuLBaXi3cYQQzuNFOtq2aeNq1YZodT/+7SSfjl2 +uz1wsLHI7XjOGOuWrE9N0oNBrARmSYh6WrYCJj1cd8vcj+FTymvx5DWEeqPCDmxU +EO4e+/R+utHsFmCRzrOOUEqKkiHNGoR3iyrYr5zszJRgRDwf1QiYInu0cLMsHr8C +AwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0O +BBYEFKAtjaBcqIIIYio2ok1SyOUsUH0rMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE +EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF +AAOBgQCXoXCIH5TuCf84dVOweSMfOdb5MzKTudOw55mU7VgDzMk7vzQIEx3jCeP0 +7h8byDM0i/okjN0Ugm4DzOwxx5lAjs/uGGhGRGBVCJIPQ4QemsX3L24YpqSQKoJj +K+YL+sz8pdoaqX69dDAyIcZNG2i9L/WEvmacw0AnJZ+Rd06jqw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid RFC3280 Mandatory Attribute Types EE Certificate Test7 +issuer=/C=US/O=Test Certificates/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA +-----BEGIN CERTIFICATE----- +MIIC4DCCAkmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRMwEQYKCZImiZPyLGQBGRYDZ292 +MSAwHgYKCZImiZPyLGQBGRYQdGVzdGNlcnRpZmljYXRlczERMA8GA1UECBMITWFy +eWxhbmQxDDAKBgNVBAUTAzM0NTELMAkGA1UELhMCQ0EwHhcNMDEwNDE5MTQ1NzIw +WhcNMTEwNDE5MTQ1NzIwWjBwMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD +ZXJ0aWZpY2F0ZXMxRTBDBgNVBAMTPFZhbGlkIFJGQzMyODAgTWFuZGF0b3J5IEF0 +dHJpYnV0ZSBUeXBlcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NzCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAn3sUmVtQ1OLPODq7WXtzygEZ0tKb60KjAITF+WQQwfYO +katDsSHQU19m7Uxi3JX3wKeIZOJLDR14VB8aGUsN6pNaKKFCB1B2pgQsjDZsCLDz +ckA7lYdIC40Smu+8Nb2IGgncTW1Dye6r36lxhEpAU0cqXdOKkhteDDOW42tuZlMC +AwEAAaNrMGkwHwYDVR0jBBgwFoAUoC2NoFyogghiKjaiTVLI5SxQfSswHQYDVR0O +BBYEFHv2CemcO4grJLwWGJqNhA9NXdicMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE +EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAQAimtwbz7YQ8Pm8M +Cg/LHjRpGXaJL82W85ioX8T7hsFsGlQbHp6uAq/Zkk44mG2ziuI5pJF/HnuAXPiF +xHcnCfDDpHpNh7deC53/nPf9Co375lZRWlBT233KSL14GTyiBZPipzbsUvJ+7FOp +alTeRK4fPr3lNDo9SEVo4e97i5w= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:A0:2D:8D:A0:5C:A8:82:08:62:2A:36:A2:4D:52:C8:E5:2C:50:7D:2B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 52:d1:8a:cb:32:66:cf:87:3e:a9:ea:a2:35:90:42:18:74:4f: + 9e:43:5d:6c:73:09:4e:ec:45:68:bf:3d:c3:1a:97:e5:83:66: + e0:2a:1c:84:97:8e:d2:29:2a:c6:f2:41:e8:fc:63:3c:8a:5a: + 1a:8c:40:eb:c3:12:1d:ef:5e:70:a9:af:d9:dc:89:28:03:76: + ff:b6:cb:5e:e0:82:f7:ad:32:3c:60:58:3c:fe:24:3d:9f:68: + 79:98:14:e4:0c:80:1a:f7:63:eb:5b:cd:ca:1c:69:80:93:8a: + 26:55:e3:ac:b9:05:7e:83:64:d4:3b:11:26:bf:fd:df:5f:3f: + 40:30 +-----BEGIN X509 CRL----- +MIIBiDCB8gIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRMwEQYKCZImiZPyLGQBGRYDZ292MSAwHgYK +CZImiZPyLGQBGRYQdGVzdGNlcnRpZmljYXRlczERMA8GA1UECBMITWFyeWxhbmQx +DDAKBgNVBAUTAzM0NTELMAkGA1UELhMCQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQx +OTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFKAtjaBcqIIIYio2ok1SyOUsUH0rMAoG +A1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAFLRissyZs+HPqnqojWQQhh0T55D +XWxzCU7sRWi/PcMal+WDZuAqHISXjtIpKsbyQej8YzyKWhqMQOvDEh3vXnCpr9nc +iSgDdv+2y17ggvetMjxgWDz+JD2faHmYFOQMgBr3Y+tbzcocaYCTiiZV46y5BX6D +ZNQ7ESa//d9fP0Aw +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem new file mode 100644 index 0000000000..fe5bdf3e6d --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem @@ -0,0 +1,114 @@ +subject=/C=US/O=Test Certificates/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D. +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICzTCCAjagAwIBAgIBYTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGaMQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAcTDEdhaXRoZXJz +YnVyZzENMAsGA1UEKhMESm9objEKMAgGA1UEKxMBUTETMBEGA1UEQRMKRmljdGl0 +aW91czELMAkGA1UEBBMCQ0ExDDAKBgNVBCwTA0lJSTENMAsGA1UEDBMETS5ELjCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1rYVbBlFi+aAvBEyC1OHaw1KoNLA +SbwWJQU2M2R18MJ60p/Et24lC5hPnI9+Iaqa0JSHYJ0hY4qWcweJOtNcTNjAgPe/ +jxsQPIOJeI5j0ZDI79wgvj0F7KLW5QKyDbc220ew+FMR2KptqAPxv4exgICooaiL +M8sOLdN9u/AqLosCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFK+Bn8wZLBKkY0JXV9dXGmMHX3PRMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQBT6cZaPPoR2jyTsaiykedCd4fttTGC/7nzI5s6/riF +5nxSRhoLM+h8ha+zN2df1xMZao1Ovp6RQGOPrbuPhz8qwnmYrjZ2fdvj47sj+BQY +xIO6oUyd/DYYwI/nmq3o5bLBOxZDz3qC3AiNFfcfLPiZ2m0eotP0I78nTtDGGUDc +Ew== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid RFC3280 Optional Attribute Types EE Certificate Test8 +issuer=/C=US/O=Test Certificates/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D. +-----BEGIN CERTIFICATE----- +MIIC6zCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQHEwxHYWl0aGVyc2J1 +cmcxDTALBgNVBCoTBEpvaG4xCjAIBgNVBCsTAVExEzARBgNVBEETCkZpY3RpdGlv +dXMxCzAJBgNVBAQTAkNBMQwwCgYDVQQsEwNJSUkxDTALBgNVBAwTBE0uRC4wHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBvMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBCBgNVBAMTO1ZhbGlkIFJGQzMyODAg +T3B0aW9uYWwgQXR0cmlidXRlIFR5cGVzIEVFIENlcnRpZmljYXRlIFRlc3Q4MIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBi40mcnzIqaCI8xmKk/hWOkKWbQLD +++tbFk6jZC91dhYO3PZy1cPsNYJPSz+xSdp/EQz+8TEGRabX2QloXsHxgRZGersi +xzDg2uh1LS0/k04o+YxsAwJljkd74tub9b0PRX6MzqsUQgy7SWnPvQ6qKJ1uZ8B3 +UJYb/Jr+Jb0BDQIDAQABo2swaTAfBgNVHSMEGDAWgBSvgZ/MGSwSpGNCV1fXVxpj +B19z0TAdBgNVHQ4EFgQU1AdzbqWGvXGozwcQ3FLKcM0NhdQwDgYDVR0PAQH/BAQD +AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCm +53CaFal2YrwuX9JDOKgfEISGgoAdQjs+hoh0T9fTKMeyzfuEaajj4gKD7YViPd5Z +SbbTywQKjzTDTP1PiLf7ti3TbOzHmPCT9sOcSMxn7ws9Q/KV4SvNjpYK8W6YPn6r +WSMe+VuZypOlb/vWxOgHPP5IIY/4vqVjulA0tcqP5Q== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D. + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AF:81:9F:CC:19:2C:12:A4:63:42:57:57:D7:57:1A:63:07:5F:73:D1 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 92:2d:88:30:eb:90:92:74:63:32:0b:b7:99:52:78:83:ef:a8: + 8f:33:89:b8:57:ff:06:f8:f0:41:20:77:9d:be:a9:98:10:12: + e3:80:bb:b0:48:d2:57:93:be:3b:b8:64:f6:9a:91:05:05:df: + d4:97:6a:a1:c7:29:04:d3:e6:ab:63:83:99:c1:58:87:8e:ee: + d7:85:1b:f7:d1:8d:2f:34:c4:a8:77:c3:5d:ff:15:2b:c5:14: + 47:f8:04:f4:c0:a1:3a:84:07:0c:a4:97:0f:02:f8:ca:07:52: + fe:42:29:ff:e2:9a:01:e0:ac:1f:4f:e1:15:47:6c:71:d9:da: + dc:02 +-----BEGIN X509 CRL----- +MIIBlDCB/gIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQHEwxHYWl0aGVyc2J1cmcxDTAL +BgNVBCoTBEpvaG4xCjAIBgNVBCsTAVExEzARBgNVBEETCkZpY3RpdGlvdXMxCzAJ +BgNVBAQTAkNBMQwwCgYDVQQsEwNJSUkxDTALBgNVBAwTBE0uRC4XDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFK+Bn8wZLBKkY0JX +V9dXGmMHX3PRMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAJItiDDrkJJ0 +YzILt5lSeIPvqI8zibhX/wb48EEgd52+qZgQEuOAu7BI0leTvju4ZPaakQUF39SX +aqHHKQTT5qtjg5nBWIeO7teFG/fRjS80xKh3w13/FSvFFEf4BPTAoTqEBwyklw8C ++MoHUv5CKf/imgHgrB9P4RVHbHHZ2twC +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem new file mode 100644 index 0000000000..0a271fcdc0 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICqzCCAhSgAwIBAgIBQzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0 +cmFpbnRzIFJGQzgyMiBDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOYG +d2HszTJIsVTazKriCUJ/ExxUo4U4HEZN9+/XVXsQVkZYIzWtyCTC3IFmSAyb9ZED +Gu3jmF/evXpfNXmxiURUu6W0bLEpIkZiVpPpTKqoJx2EHj+wXOfe31AD0OmKidXP +66+LVgIJLWGMr3Msbzb4T3gpKb2ynQc2/XnE3RkbAgMBAAGjgaYwgaMwHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFON/hXqOojue7rgS +HXkTqsS9LlmtMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4EVLnRlc3RjZXJ0 +aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAJjXEGmrQ1/Muud+NZwajR9x +it/32SNVvHI+/O7bopout/RnhJudrmsdqGlcSk0KXfcXI22cJOkAYe1M39znxgba +VitYYLxfsS+3O2pLpMgQMFCZuOJATfAQUlui+dVtPTaIam7jimms5Qam2K2SuZ/t +eJ2J/rIDHCOrIGktQS8H +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid RFC822 nameConstraints EE Certificate Test21 +issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1 +-----BEGIN CERTIFICATE----- +MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh +aW50cyBSRkM4MjIgQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD +VQQDEzJWYWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRl +IFRlc3QyMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmgblTsP6gle2uacP +DDJPff0VnqgTN1VtCh/uqZINqMtzbfcADz7KNpqETX64spwhD8/3m9yEVpJStgPq +o/mbcf/G2L3+zkx2t7mQLTy115q304S7KBauhK/aen56yKrHOuUv+qmOSYpqZKwi +ZbobiLq/CMbUfYx6zaM8Bd59VBsCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBTjf4V6 +jqI7nu64Eh15E6rEvS5ZrTAdBgNVHQ4EFgQUtCANQs2V6ofUY9VPDtbRD+W3O/sw +DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREE +LDAqgShUZXN0MjFFRUBtYWlsc2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0G +CSqGSIb3DQEBBQUAA4GBAB1qFEM9zKmqItkLPuorp06yLsoL0xL3X+c4ym7JP034 +2kYhJ7SoZFmFbIRB6z472KWbJc17oM9LK6GOt08QBEIHhQk1pZrueBJDrCv8WmR3 +7FHwbkNcRn8DFYiV3//yjYP+bgN142Lj3O9SpuUy/a32bsupo0ykWADqwwY1ntmi +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:E3:7F:85:7A:8E:A2:3B:9E:EE:B8:12:1D:79:13:AA:C4:BD:2E:59:AD + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + b4:77:73:f7:12:e7:d7:20:9a:bd:e1:00:a8:b1:6a:7a:65:1e: + 8e:56:c9:ca:38:33:7e:d5:37:41:c1:e7:95:a4:81:ab:9b:40: + 31:1d:aa:6c:14:f9:19:e4:3f:85:6b:24:ff:d6:bf:cb:fd:27: + a9:65:35:5c:b7:6b:82:87:b7:e1:c2:4d:34:ca:42:5c:46:66: + 45:11:d2:c0:48:0f:08:8c:b0:a7:58:66:63:9d:ae:0a:68:0a: + 5b:5b:ee:fe:12:93:77:03:90:6e:a4:8d:32:2e:56:56:cf:1f: + 85:b8:95:52:f7:73:78:5e:d0:04:66:2c:8c:ca:78:36:da:43: + 10:07 +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS +RkM4MjIgQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBTjf4V6jqI7nu64Eh15E6rEvS5ZrTAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQC0d3P3EufXIJq94QCosWp6ZR6OVsnKODN+1TdBweeVpIGrm0Ax +HapsFPkZ5D+FayT/1r/L/SepZTVct2uCh7fhwk00ykJcRmZFEdLASA8IjLCnWGZj +na4KaApbW+7+EpN3A5BupI0yLlZWzx+FuJVS93N4XtAEZiyMyng22kMQBw== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem new file mode 100644 index 0000000000..a73a4af25d --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICqjCCAhOgAwIBAgIBRDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0 +cmFpbnRzIFJGQzgyMiBDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPZ +S8+5+/2AgG2N8tsByPeKGxCC5bOrNXho0b3fSjvK452P3luNUPIf46KvIBU6UYAP +4rGMqcUdmgFD+PdXq6TMW8bWNuYRICw6c6ni5uyre5bovptoJCsmBw/IqinDoqbO +Qyoq0YDltds+lSROlTUCA/7qOBHOdwpcjhVfYJSJAgMBAAGjgaUwgaIwHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFBQbKzZmdEuTqzFV +h6QxqzZjbzXJMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoEUdGVzdGNlcnRp +ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAsOYxl05xGFDRHUO8Myp9EM/X +ahfChzUabmgo1Tqpk+TLbxcZw+GfesxOp+jCd7jtTBJKhB0HeX1vaCVUpURbWEAt +fuE35slQQr/c9dgwCw/JwBNdkFFT2z/73nDEN96rUK3GYs2OO8OJVMqdKb4iBUxH +M/bZyCy4CB3+hthr4to= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid RFC822 nameConstraints EE Certificate Test23 +issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2 +-----BEGIN CERTIFICATE----- +MIICwTCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh +aW50cyBSRkM4MjIgQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD +VQQDEzJWYWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRl +IFRlc3QyMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo+cdyq6LQoFUo5dS +h+bsp1TvEaw5776yXg8bXkMcTO+fJGshnWYoTUk7mQwcFnYm5+dQzSLHZTh9dgR5 +5m9ZSKGfmbnSINvGuU7oo9cqEwKrCRzqj/X6MUoyaxQyDW/ft2mTXpPCGrzDaF/S +52lsNu/rubHKKmmb4EaoVJaWHUMCAwEAAaOBljCBkzAfBgNVHSMEGDAWgBQUGys2 +ZnRLk6sxVYekMas2Y281yTAdBgNVHQ4EFgQUDEZstH+dSCRcJPrmvd6knN2jPfIw +DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAoBgNVHREE +ITAfgR1UZXN0MjNFRUB0ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQUF +AAOBgQB4NROaQv0DDKJDl5t44LQ0cosk4/w98WmDCkXF7RVxhFFMApnHJBOQlEPQ +CnC/fGcChW/KnYKsDnCSAPJiq4D15SYa9EVMa1rw7wCotCVbvjfJezZrheKmMj0Z +nxIJIutwJ6pOY3gjJRxCRNx18S1u0vhD93uN36wKM1cuWaA+8A== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:14:1B:2B:36:66:74:4B:93:AB:31:55:87:A4:31:AB:36:63:6F:35:C9 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 47:93:cd:d6:9b:31:b0:dd:6a:d8:c4:e2:5e:3a:73:cd:2b:69: + 5c:47:1a:75:56:6b:56:1c:a4:2f:c2:66:4c:6b:a4:9a:86:53: + fb:26:39:3e:61:d2:14:1b:85:1e:9c:f0:1e:ac:c8:c1:73:a5: + c3:29:1c:c6:12:21:08:4c:4a:5a:d6:1d:21:4e:eb:7d:16:14: + a4:a8:18:07:2e:e9:31:ef:39:ce:f8:6e:2b:d7:09:c1:ad:be: + 6a:c3:d8:46:24:95:12:ea:cf:2c:c6:84:50:bf:78:31:91:79: + 35:8c:02:47:d1:11:0d:aa:55:34:22:d6:d4:a2:ac:be:b8:07: + 60:3c +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS +RkM4MjIgQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBQUGys2ZnRLk6sxVYekMas2Y281yTAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQBHk83WmzGw3WrYxOJeOnPNK2lcRxp1VmtWHKQvwmZMa6SahlP7 +Jjk+YdIUG4UenPAerMjBc6XDKRzGEiEITEpa1h0hTut9FhSkqBgHLukx7znO+G4r +1wnBrb5qw9hGJJUS6s8sxoRQv3gxkXk1jAJH0RENqlU0ItbUoqy+uAdgPA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem new file mode 100644 index 0000000000..10308cf5ee --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICqjCCAhOgAwIBAgIBRTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0 +cmFpbnRzIFJGQzgyMiBDQTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMii +1odFMCSlNLo+1reNBLAhQ3rkRllmPUUfznMkHE+tVOXNCuGNSPuCJPQNO5495PH/ +vsBZUVltMrhOpo00ibzoFrcLwaxj5Gmb8rNV/aPwDiRX8frLslhpw+QEjxMZKP8O +bdOlItBR3dFauvxrwLz1DUUlG7aX/QoEtws/fE59AgMBAAGjgaUwgaIwHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOq3bporCYA2Z2m1 +jdo1pYY9KXgcMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoRgwFoEUdGVzdGNlcnRp +ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAcyB2R0h4mQZ671JhQ0r6cmPF +iaEHtdJL+REJT8yGWiERgT/2wh65vHtCierHK8+0aJ8Wy/nJzUAWcKeGESTPVTey +IxQg08VdFJIohXm1lvJ3hfzgHIcFPk2tXZvYSk3qYllYHt8tGCoyh4p3q4vpyTou +HcOOTD0ogzE9KbjD3Dk= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid RFC822 nameConstraints EE Certificate Test25 +issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3 +-----BEGIN CERTIFICATE----- +MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh +aW50cyBSRkM4MjIgQ0EzMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD +VQQDEzJWYWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRl +IFRlc3QyNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjlu9aIQ7cGou9j2L +/SEtM4QWvsfK7siztqNkNsuSWFgr/pOI6y6+WOa6B1E+I7zZryvHOSmqtpBzPOeU +RX19iAHjT3Rf8LeCHS75XCCtVUJJJ2+pJn8hON1vHSQGgHzD+kOPIOwj0ihYD1f9 +xUMHM6MiPsEODMVFGitWAPl6P88CAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBTqt26a +KwmANmdptY3aNaWGPSl4HDAdBgNVHQ4EFgQU/PF5qIYkniJoxi4J3d64bj3SNwUw +DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREE +LDAqgShUZXN0MjVFRUBtYWlsc2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0G +CSqGSIb3DQEBBQUAA4GBAEwywYR5b8qm30lTjdBl+YvBheITfKcGdkhFRgdAZ/qg +IfBhWHt3xf8SXXLMoEk9jhuyJ9JGSLY6psPYhDhkqswRkPhJgx5yOc2D05JI0CEU +RSr9LZE439pCWHI/qFp5e0mvQEJthMvapGETXniDUlnihFlzS0Wv7pzlG9JbHmz+ +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:EA:B7:6E:9A:2B:09:80:36:67:69:B5:8D:DA:35:A5:86:3D:29:78:1C + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8c:6d:0a:0a:c4:67:91:af:de:5d:89:9f:fc:df:e2:7a:7a:52: + 3e:4d:ec:50:b9:46:83:3a:7d:2d:9b:5d:84:8b:6d:ba:bf:4b: + 41:74:e3:3b:c1:90:73:a2:83:02:4f:e4:04:b8:b9:7a:70:7b: + 0c:bc:59:f7:db:83:93:00:87:98:53:43:a2:71:d5:2f:d0:fe: + 2f:c2:46:55:d5:64:54:01:90:72:4f:a2:37:dd:88:b8:3b:63: + 24:df:d3:ed:7e:6d:da:2f:57:9b:cc:d7:96:67:48:7e:a5:b0: + 6d:cb:c9:5e:e9:78:58:c6:be:f0:cc:b1:16:e3:4a:57:45:86: + 90:12 +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS +RkM4MjIgQ0EzFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBTqt26aKwmANmdptY3aNaWGPSl4HDAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQCMbQoKxGeRr95diZ/83+J6elI+TexQuUaDOn0tm12Ei226v0tB +dOM7wZBzooMCT+QEuLl6cHsMvFn324OTAIeYU0OicdUv0P4vwkZV1WRUAZByT6I3 +3Yi4O2Mk39Ptfm3aL1ebzNeWZ0h+pbBty8le6XhYxr7wzLEW40pXRYaQEg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem new file mode 100644 index 0000000000..4ac8a81b17 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem @@ -0,0 +1,264 @@ +subject=/C=US/O=Test Certificates/CN=Valid requireExplicitPolicy EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubsubCA +-----BEGIN CERTIFICATE----- +MIICgzCCAeygAwIBAgIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI3JlcXVpcmVFeHBs +aWNpdFBvbGljeTEwIHN1YnN1YnN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQx +OTE0NTcyMFowZDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMTkwNwYDVQQDEzBWYWxpZCByZXF1aXJlRXhwbGljaXRQb2xpY3kgRUUgQ2Vy +dGlmaWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMtxfTwK +0K+ya1KGbTjYgKKhZIQ/LGTa7Dspd7Z5tOgMptNRXcZxWTMotzRgl1ndDpQ6VREk +JM/VBmbP67g0jwIe2n0QcTFkThPANsyPkdUBXahvmC0VEeIMHnflvqjN4vfK9guc +6nG0XfBZ4/Jlx6SFvgoO6wm6XNtrMl32qwUjAgMBAAGjUjBQMB8GA1UdIwQYMBaA +FJTXd8VxKtTTGW/0USC22qwIMuOvMB0GA1UdDgQWBBRUf4tLtvX7PjlUltzRvRgg +phdo6DAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAnReGZHvu3NJz +B3B+qMmyfqUmW5eMxNjHymhuRDw3NXTmT7SNUL8O/NC76haxw/5HDE7rVuvGSPl1 +qhciDJOmTF1o09zDDjDM3tlXUvqC2Natm/Xew1+Hy4hfzY90CmlUuUGpKpzQ7SYt +mHl+zz1o+9Y1jZSK4yDs5xcPnisoUjQ= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 CA +-----BEGIN CERTIFICATE----- +MIICkTCCAfqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGnJlcXVpcmVFeHBs +aWNpdFBvbGljeTEwIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow +UTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSYwJAYD +VQQDEx1yZXF1aXJlRXhwbGljaXRQb2xpY3kxMCBzdWJDQTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAvWfbIMg2LdPn/geH8Jo29/G6XSDCQm/MPINuucCdUSjA +PBSponYKGMQNY//7KhwbVj2hQlgl8U6gw0rvIml4YaZmR3SPUXl2O0BXiiFQX0Qi +bJ7NRaPcgrg04Fl+W19wk2Q2qGBrc1rMCDSG7ZBzwqtJssJpgkb4GSnoGr9FEKEC +AwEAAaN8MHowHwYDVR0jBBgwFoAU8+kmmZYGhsTVonvsubClbjYNFUUwHQYDVR0O +BBYEFKNDYb56GPOuZdF0vMDzMPzWBjqUMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE +EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF +AAOBgQCX5vf2fqbgsOCFDqP5acUsKiSiuP31Oj/Fy1e0Y1LBph3ZtxRTkqZGIUI1 +imjbT64NLWvt2MMmfeHOlEU/fSRxevhRT+yRUmfaJuw9NBepK1oxpRtJ5tu5cr7E +WyJMT/zv3wRloA23Feldchzxg6rqsM1LybyAtXXo67sc/EUxdQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBKjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMacmVxdWlyZUV4 +cGxpY2l0UG9saWN5MTAgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyF +/T/s9w6HU3LcURfJCjhjrP4PxbYbTP/c4wcq8vtx+8gb8P6jkdDvpJms19NcshfK +DnR2b+cp6PfbAWx31AqcF2ynuU/C06PG/GQvNUhC69RziLxcHSMkThbnbN86ccr6 +d1WWb3Mxlkmtc7AhKHmORoz/Kd0b2Poi7L91o7+VAgMBAAGjgY4wgYswHwYDVR0j +BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPPpJpmWBobE1aJ7 +7LmwpW42DRVFMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEKMA0GCSqGSIb3DQEB +BQUAA4GBAC0Pv/aS8/3mmgB+R0A7UTvUGedE/M+DOOM5G8+dwZHjApQbuHYZjwQo +Yrf6759MH9wKAYOcaJTgFJWFJuwjBJuWQuiglk8tcKmufVqHgRlCsrKtz312inHV +NfxuGrViA3gp1Tr1fiXjG0gcgyT4QEnripDTLKvpHbOtMWZB6hSS +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subCA +-----BEGIN CERTIFICATE----- +MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXJlcXVpcmVFeHBs +aWNpdFBvbGljeTEwIHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFowVDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSkw +JwYDVQQDEyByZXF1aXJlRXhwbGljaXRQb2xpY3kxMCBzdWJzdWJDQTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAqwkZLQpMq2d0v1R/PA5wl+lyQlnehOszQk2U +0zfHPGI4vJ1TIZZXYpOjVyfodG1wdwO3RCHLzguwsbk12RVNTls+kF2Wu3LtLtMi +GSKx/imJiKw+ARw6sqBHmrNE9L/1C/e9rb+Su1kZ6WrtOfSAG8EpySytu9zTbGJF +1YbZT3cCAwEAAaN8MHowHwYDVR0jBBgwFoAUo0NhvnoY865l0XS8wPMw/NYGOpQw +HQYDVR0OBBYEFG1oMf35X1L5+y7aRMLPezaZ2P8pMA4GA1UdDwEB/wQEAwIBBjAX +BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQUFAAOBgQAbOLTRc1DEC+iOWixska5o4gEOfAPSHWymjRYit+VYE3JdjrP9 +2hbIGQSrLlK8QQ0+9VkNsfncjCydV7J6Q3c1rPNCvd6dlfAzy9DfnXADu/vZuxBs +pJ3B4EuSv23hMHzjoNnv/iGUnzkrLGfMPPYlB9t8jrbySU1lYX8FcD6YCw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubsubCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubCA +-----BEGIN CERTIFICATE----- +MIICnTCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIHJlcXVpcmVFeHBs +aWNpdFBvbGljeTEwIHN1YnN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0 +NTcyMFowVzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz +MSwwKgYDVQQDEyNyZXF1aXJlRXhwbGljaXRQb2xpY3kxMCBzdWJzdWJzdWJDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuj3CUHlGX/JYo4Qsdmbzns192OxE +IC1a8Yc7HhN9/IeStb9BATFCI4MyFiHofxoFG+oPzs4nRkOqmOju0VXYhfu+01j4 +LTKp2iwNleLbIe5CZ/PWasj9ixJfWeMe19fszNKvtnBmn+rCIqimOKmKPh7FIMgk +IImKUwZ2gV41wHkCAwEAAaN8MHowHwYDVR0jBBgwFoAUbWgx/flfUvn7LtpEws97 +NpnY/ykwHQYDVR0OBBYEFJTXd8VxKtTTGW/0USC22qwIMuOvMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCQJ4CoH8d7JguvuXoxhetUWQz+kj/kW1kbW/vjxhHE +Ux4rnRd8TUhpocdkzp9xRLF8BvZFw4HwwFbys4rENFq/VpPzIFqIW59j1bvSQzjN +GWZp1MtaQuhSGtzwc4dfCl/1ozQVVkcjpT7n9iZ2JMYNGKLSmmuFMMLGoViVq0vo +mw== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:F3:E9:26:99:96:06:86:C4:D5:A2:7B:EC:B9:B0:A5:6E:36:0D:15:45 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0c:82:73:e1:99:5d:9f:9c:27:57:43:f6:74:10:b4:76:e1:d6: + bf:9a:de:84:8f:9b:0e:a6:ba:9a:98:06:fa:ff:c2:a5:a4:cd: + 5f:b9:8d:4b:e1:67:e6:b3:e3:2e:5b:ea:e4:d9:9c:06:42:c0: + 96:81:40:e2:99:32:24:c2:7b:d1:47:2d:32:42:c9:7c:cd:09: + aa:c8:1b:bc:a4:d8:fe:6d:8c:52:79:d5:81:70:89:78:b1:1e: + 11:2e:13:69:45:28:55:66:43:1d:61:40:fc:1a:78:ea:23:98: + 44:66:df:15:8e:d1:d5:f9:82:7a:d2:2e:ad:36:8a:03:ff:04: + 8e:09 +-----BEGIN X509 CRL----- +MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGnJlcXVpcmVFeHBsaWNpdFBv +bGljeTEwIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV +HSMEGDAWgBTz6SaZlgaGxNWie+y5sKVuNg0VRTAKBgNVHRQEAwIBATANBgkqhkiG +9w0BAQUFAAOBgQAMgnPhmV2fnCdXQ/Z0ELR24da/mt6Ej5sOprqamAb6/8KlpM1f +uY1L4Wfms+MuW+rk2ZwGQsCWgUDimTIkwnvRRy0yQsl8zQmqyBu8pNj+bYxSedWB +cIl4sR4RLhNpRShVZkMdYUD8GnjqI5hEZt8VjtHV+YJ60i6tNooD/wSOCQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:A3:43:61:BE:7A:18:F3:AE:65:D1:74:BC:C0:F3:30:FC:D6:06:3A:94 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 1e:e5:78:df:47:b6:e0:42:9d:78:6f:f5:38:37:a6:fb:e9:8b: + 00:16:34:fe:da:ae:70:4c:b6:b2:3d:53:7c:ef:58:24:b8:87: + a5:c0:ca:7c:fd:aa:8d:ba:2e:76:fd:c0:9a:f3:b9:70:a8:43: + 13:41:22:1b:51:ff:00:20:32:ae:ab:6d:44:ec:b8:7d:4e:4b: + d5:86:83:ea:98:64:cf:0f:dc:f5:2d:52:ee:20:98:a9:49:ad: + 06:b6:39:4c:d5:1a:94:a5:22:4e:ad:b5:ad:14:64:49:e5:6e: + aa:63:9b:36:28:9f:5f:dc:c1:03:7e:7e:c2:ee:48:63:19:7a: + 04:f4 +-----BEGIN X509 CRL----- +MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXJlcXVpcmVFeHBsaWNpdFBv +bGljeTEwIHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf +BgNVHSMEGDAWgBSjQ2G+ehjzrmXRdLzA8zD81gY6lDAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQAe5XjfR7bgQp14b/U4N6b76YsAFjT+2q5wTLayPVN871gk +uIelwMp8/aqNui52/cCa87lwqEMTQSIbUf8AIDKuq21E7Lh9TkvVhoPqmGTPD9z1 +LVLuIJipSa0GtjlM1RqUpSJOrbWtFGRJ5W6qY5s2KJ9f3MEDfn7C7khjGXoE9A== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:6D:68:31:FD:F9:5F:52:F9:FB:2E:DA:44:C2:CF:7B:36:99:D8:FF:29 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 58:cb:cd:7e:81:ea:55:5b:85:7d:b1:7b:ae:0c:70:90:82:81: + aa:5f:e4:5b:99:72:8c:22:bc:2a:ae:3f:d7:0f:94:cc:02:b6: + 0f:c3:e9:ab:c2:8b:c1:68:0f:12:ca:f0:7c:1e:31:21:7d:38: + 5e:2c:0e:9f:af:89:48:e1:2a:1f:12:e6:2a:b6:59:98:dd:d0: + ba:1e:06:b1:c9:85:b8:75:f8:a9:da:e9:25:6c:e4:9c:6a:92: + 29:d7:59:fb:f1:80:c4:4c:43:f6:79:5b:60:a7:36:cc:64:22: + 5f:f7:d8:8e:ba:1c:a3:59:d2:fe:1d:8d:5c:40:8f:0d:2d:ee: + 11:4d +-----BEGIN X509 CRL----- +MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIHJlcXVpcmVFeHBsaWNpdFBv +bGljeTEwIHN1YnN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w +LTAfBgNVHSMEGDAWgBRtaDH9+V9S+fsu2kTCz3s2mdj/KTAKBgNVHRQEAwIBATAN +BgkqhkiG9w0BAQUFAAOBgQBYy81+gepVW4V9sXuuDHCQgoGqX+RbmXKMIrwqrj/X +D5TMArYPw+mrwovBaA8SyvB8HjEhfTheLA6fr4lI4SofEuYqtlmY3dC6HgaxyYW4 +dfip2uklbOScapIp11n78YDETEP2eVtgpzbMZCJf99iOuhyjWdL+HY1cQI8NLe4R +TQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:94:D7:77:C5:71:2A:D4:D3:19:6F:F4:51:20:B6:DA:AC:08:32:E3:AF + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8e:42:22:a8:c7:94:5a:d3:72:4c:98:eb:58:30:58:63:41:cf: + da:f9:9e:f5:6f:3b:4e:30:17:92:8b:a8:30:bc:cb:ac:2d:94: + b1:62:ef:b9:69:3e:30:15:01:d4:32:ff:f4:86:c5:5d:8d:41: + 46:39:52:a0:df:74:e5:35:c4:e6:08:06:58:94:ba:d1:7e:08: + e4:66:e1:65:8d:15:23:3c:e6:de:61:4e:71:5e:5d:24:03:bd: + 52:ff:85:a9:ea:7a:63:37:e5:c0:e6:78:4a:71:45:32:18:c7: + 7d:2b:90:16:bb:f9:35:cd:a2:ab:c3:8e:c9:db:6e:7e:62:94: + 6b:ad +-----BEGIN X509 CRL----- +MIIBUDCBugIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI3JlcXVpcmVFeHBsaWNpdFBv +bGljeTEwIHN1YnN1YnN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +oC8wLTAfBgNVHSMEGDAWgBSU13fFcSrU0xlv9FEgttqsCDLjrzAKBgNVHRQEAwIB +ATANBgkqhkiG9w0BAQUFAAOBgQCOQiKox5Ra03JMmOtYMFhjQc/a+Z71bztOMBeS +i6gwvMusLZSxYu+5aT4wFQHUMv/0hsVdjUFGOVKg33TlNcTmCAZYlLrRfgjkZuFl +jRUjPObeYU5xXl0kA71S/4Wp6npjN+XA5nhKcUUyGMd9K5AWu/k1zaKrw47J225+ +YpRrrQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem new file mode 100644 index 0000000000..40479f9470 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem @@ -0,0 +1,262 @@ +subject=/C=US/O=Test Certificates/CN=Valid requireExplicitPolicy EE Certificate Test2 +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubsubCA +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBs +aWNpdFBvbGljeTUgc3Vic3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5 +MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0 +ZXMxOTA3BgNVBAMTMFZhbGlkIHJlcXVpcmVFeHBsaWNpdFBvbGljeSBFRSBDZXJ0 +aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo5atW4GH +rxxchJEUckmfckvxY4c4sEEgPZIouuIcHeQAIjEjMhCqHNWrA7WiQLldqLSridIm +FWVRxn9/wlv3oMMbBlf6xFLjr24zYTePsIFWBk5ZPbMBKcl7XqfeuF4jJ/vh0lj/ +Bi9W9Imt5ZvJu0EHSkQzm+NNis/Tgd4aWRUCAwEAAaNSMFAwHwYDVR0jBBgwFoAU +PqkwZi+ntCWIhGfJrZiTFfiWzsUwHQYDVR0OBBYEFDLXXehvdjv0hNKAOrzbFme1 +lGWtMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQUFAAOBgQBmbv/fgwsL3SAO +6F4RmXOfTQTewhDfMQDEbwUJOfg7D09LIcIupI+cYY7iqjUq+gUeiAlMlL91ITlp +oiKGUliex+bhygei8kSfmwT+l09yz3EPxCfdjY1k88ni+TedHBkoK0p7Q/uFG4DP +Qk7DgGZ57nrx9maK4io59a/VTPM65A== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 CA +-----BEGIN CERTIFICATE----- +MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs +aWNpdFBvbGljeTUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV +BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTUgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBAKzDYQYB3gcpzJVllE1FhnwJXEpyKjubhg5P3MDpRW9YRYSs +W1O2TYeX633IhRRS8rsJW22Yzp4tN9M6cXqBTHB2+nwHtREHSxeSei31AnAu+2n1 +Q+XNJ9W5DLbdahLtURESEnEQSyViFMMYQjm7rxvORc/D9OIa4u+tx1ESGOGDAgMB +AAGjfDB6MB8GA1UdIwQYMBaAFNXihi3xK2gXnA9evyu4ZpmeQxu6MB0GA1UdDgQW +BBSVhouRNrt6b+KEFZDvRY4BJxZruDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +gYEAB/OvefFEki9VuKt6EwjvNLjvjT1581w8qKpdHgDrYthrMm3JIULpn5zaRqyQ +KIT8uu40HzKHagNpfdHQ1HNuEQ9qwIAQvtqmtJxqIR+kdeKXw78cN+TJzqaHuZu5 +VTidhmlVHaY/50quu7qqGiIQR4bcYrb4vY+adBBgrpcvUCM= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkjCCAfugAwIBAgIBKzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4 +cGxpY2l0UG9saWN5NSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlU17 +mwFm/6Yf08lbJU8q1FquMr1IaWlav4Qh1/UUFR3cRicBZZvQNTpxTcn1jmaSj8xK +Gm9pUmbmbJBqiDYX5p1IwR1nmsyXxnaYD3SYadHlmb2emlzu1Dg3l6eKvaNh6h3a +F0XDS/S+GtadjpVmuWdMIiWWrEVIFfGAL2VFaeUCAwEAAaOBjjCBizAfBgNVHSME +GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU1eKGLfEraBecD16/ +K7hmmZ5DG7owDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQUwDQYJKoZIhvcNAQEF +BQADgYEAjjGl1NeCLiMI9MFNgftmCe1ehHkE+Qr4TSJQfw9qZ5p0SRd2aOxq7km6 +ZwhF/E+wsS1CEwLRWaK7LqCmFx+XacoXjJi2XP5UjctH1tKyJx2YBhYrfzNkECJl +u3KBUohmTd/aICG6oVE5ErcFFE/evv7LioMT94kub91V18EDgCw= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subCA +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs +aWNpdFBvbGljeTUgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm +BgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTUgc3Vic3ViQ0EwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBANALzpI6Vb5grPqiSrzcOrNfPZ5pbbC4jjs89zo1 +RRGcMLQQt5wPHu1OKE6g2WXvikA0ompVqxKG7qeu/bTIcpm3CHowhRigOk/VJkCV +Zyv9tdLzlWoiW2elI0uJ4BXsW8oU4sTxlx1/QlJbERwv1BwL5BQD3l02LP4vueE/ +U8HpAgMBAAGjfDB6MB8GA1UdIwQYMBaAFJWGi5E2u3pv4oQVkO9FjgEnFmu4MB0G +A1UdDgQWBBQK52IWqA5PL7e4PyfIo6lfe0ZrpzAOBgNVHQ8BAf8EBAMCAQYwFwYD +VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQEFBQADgYEAmbgnzwSut1UU/jNuzF9ZK+x79DmpTDAv12ASnAPUvZJ8RTQBxYlL +C/B0gYZsqUnyaEoZAsrSYktMdA2qDedWGFB94d+LVbpHNoNvxQl+0qMTTLh+gO4V +JIrQ5hj2npLdDHKNi6a91lO83NqsyuITezJ0Nuhbvf9KuApxz069EO8= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubsubCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubCA +-----BEGIN CERTIFICATE----- +MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs +aWNpdFBvbGljeTUgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1 +NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx +KzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBvbGljeTUgc3Vic3Vic3ViQ0EwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALw7Jg17lRmWU52pn7qaLPiV7eLBCvpx +S7uekBx+WtzvAVxUF+iI8whshUqsC4XzNHTs6BvS4QRwpixRMMMWwH/67kGAEADq +lVYewPK7aMHMdDfCggIukUpy1DVR3KOc7rnVZ2tGKBbCFhAxPMXBgkketIAVJ1V4 ++3nRS/QGSxF9AgMBAAGjfDB6MB8GA1UdIwQYMBaAFArnYhaoDk8vt7g/J8ijqV97 +RmunMB0GA1UdDgQWBBQ+qTBmL6e0JYiEZ8mtmJMV+JbOxTAOBgNVHQ8BAf8EBAMC +AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQEFBQADgYEArpriBQ3ArOVFh+HujQ+8cIihYFG5ri+SairjawVwbUb4 +HatEUky9Nh9YAxGn1YGdBpintIpQU/0WljldKXxvH2yn6hMCNV5ql4hhorP2YfWL +8+S80IboVToDPKsEdzeAxs5Xeh3BY9DgJPY9RmDgJcXqb6I+1P2+3GIxGDpF/jM= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D5:E2:86:2D:F1:2B:68:17:9C:0F:5E:BF:2B:B8:66:99:9E:43:1B:BA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 32:06:95:6e:49:2d:7e:9f:9f:7d:d6:0e:3c:b0:73:4d:2a:d8: + 1d:86:f7:2f:61:f5:39:80:c7:b4:e6:3b:8c:90:1c:11:6c:0f: + fd:9b:c3:52:b9:aa:2e:bb:8e:25:b9:f6:75:b7:1a:2c:fc:45: + 81:54:f6:49:69:e2:78:ef:25:d2:cb:1b:7e:f8:7b:96:d9:37: + ba:f4:66:8f:e1:e7:56:96:ef:76:bd:4c:94:0e:fd:a8:35:16: + d1:2a:69:28:29:96:18:8b:a5:af:04:00:bc:d9:42:ff:ea:32: + 35:9b:3d:57:da:9e:a1:d5:e4:3e:e4:4f:4b:8f:5a:48:47:73: + 38:5d +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv +bGljeTUgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFNXihi3xK2gXnA9evyu4ZpmeQxu6MAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBADIGlW5JLX6fn33WDjywc00q2B2G9y9h9TmAx7TmO4yQHBFsD/2b +w1K5qi67jiW59nW3Giz8RYFU9klp4njvJdLLG374e5bZN7r0Zo/h51aW73a9TJQO +/ag1FtEqaSgplhiLpa8EALzZQv/qMjWbPVfanqHV5D7kT0uPWkhHczhd +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:95:86:8B:91:36:BB:7A:6F:E2:84:15:90:EF:45:8E:01:27:16:6B:B8 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 73:84:54:e4:77:a5:7d:03:3d:7c:d0:a6:ea:6b:70:82:11:10: + 1b:9a:85:8c:ae:3d:8a:06:a3:2b:cc:a7:77:0c:be:7a:02:bc: + 2f:13:07:ff:83:e6:f6:7a:99:1e:a1:af:12:06:c5:ce:1b:f3: + 76:77:bc:ef:ef:a2:cb:96:36:3b:fd:b0:ce:5c:ae:30:af:9f: + ba:e7:16:e8:f2:66:74:82:6e:75:91:90:b1:59:a9:9e:8b:41: + 37:42:0f:1b:a8:4e:73:31:e1:b1:53:fb:8a:3d:ee:d3:e4:77: + a8:f8:ea:ea:21:f5:c5:be:1d:b5:e3:79:27:de:c3:d5:45:b0: + 87:24 +-----BEGIN X509 CRL----- +MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv +bGljeTUgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G +A1UdIwQYMBaAFJWGi5E2u3pv4oQVkO9FjgEnFmu4MAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAHOEVOR3pX0DPXzQpuprcIIREBuahYyuPYoGoyvMp3cMvnoC +vC8TB/+D5vZ6mR6hrxIGxc4b83Z3vO/vosuWNjv9sM5crjCvn7rnFujyZnSCbnWR +kLFZqZ6LQTdCDxuoTnMx4bFT+4o97tPkd6j46uoh9cW+HbXjeSfew9VFsIck +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:0A:E7:62:16:A8:0E:4F:2F:B7:B8:3F:27:C8:A3:A9:5F:7B:46:6B:A7 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 16:15:3e:47:cd:ae:b2:4b:8b:30:d4:ee:c4:1e:2a:d5:84:bc: + ca:b1:2b:a9:d3:37:be:f6:11:d1:1f:60:04:41:72:df:ca:d5: + 0b:74:5a:e8:a7:bd:32:25:cb:e8:e4:6d:c7:be:25:c3:63:9c: + 43:66:14:4a:0e:f7:ea:e1:83:a4:bf:5e:70:7b:a3:b7:12:c9: + 36:fc:99:85:58:0e:66:d2:a0:41:6e:a8:07:2e:f7:45:36:fe: + 71:3e:c4:7a:88:e2:0b:c2:c9:dd:30:81:b9:44:48:2a:1d:07: + 5a:cc:e1:49:9a:04:a6:5b:c4:6c:2a:f0:3f:8f:3b:04:ea:5d: + ab:70 +-----BEGIN X509 CRL----- +MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv +bGljeTUgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt +MB8GA1UdIwQYMBaAFArnYhaoDk8vt7g/J8ijqV97RmunMAoGA1UdFAQDAgEBMA0G +CSqGSIb3DQEBBQUAA4GBABYVPkfNrrJLizDU7sQeKtWEvMqxK6nTN772EdEfYARB +ct/K1Qt0WuinvTIly+jkbce+JcNjnENmFEoO9+rhg6S/XnB7o7cSyTb8mYVYDmbS +oEFuqAcu90U2/nE+xHqI4gvCyd0wgblESCodB1rM4UmaBKZbxGwq8D+POwTqXatw +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3E:A9:30:66:2F:A7:B4:25:88:84:67:C9:AD:98:93:15:F8:96:CE:C5 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0a:d7:14:66:2d:1d:2e:49:9d:35:99:54:76:ee:50:80:e2:37: + c3:d5:6a:64:02:f2:b2:12:d6:97:8c:a5:75:e0:a9:9e:3b:46: + ca:ce:31:b9:53:fe:fb:99:15:9b:7b:35:68:5c:9a:60:a0:da: + a9:2d:d8:1e:b8:89:61:89:01:1b:e4:40:76:fa:b9:62:cf:fe: + 87:6c:95:9e:da:19:db:4c:bd:3e:f1:25:57:3b:d3:ab:94:7b: + de:5a:ff:55:63:fe:49:ad:3b:45:92:c3:ba:49:79:45:89:3d: + 70:75:a9:53:1f:95:d6:c2:11:46:43:76:41:c0:02:49:23:d0: + ef:bc +-----BEGIN X509 CRL----- +MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBv +bGljeTUgc3Vic3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg +LzAtMB8GA1UdIwQYMBaAFD6pMGYvp7QliIRnya2YkxX4ls7FMAoGA1UdFAQDAgEB +MA0GCSqGSIb3DQEBBQUAA4GBAArXFGYtHS5JnTWZVHbuUIDiN8PVamQC8rIS1peM +pXXgqZ47RsrOMblT/vuZFZt7NWhcmmCg2qkt2B64iWGJARvkQHb6uWLP/odslZ7a +GdtMvT7xJVc706uUe95a/1Vj/kmtO0WSw7pJeUWJPXB1qVMfldbCEUZDdkHAAkkj +0O+8 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem new file mode 100644 index 0000000000..96f230af53 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem @@ -0,0 +1,262 @@ +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 CA +-----BEGIN CERTIFICATE----- +MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs +aWNpdFBvbGljeTAgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV +BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTAgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBALoSt6pV4IRQVJ5TV99GOGi3yhBt0wvylEs6VYZL0D677yoV +AIY3CQWXG27SKUYB8SQ1XC+a1sO4M5Q25mdWLXIN+TUmlNJW4BzLGh6B63bGDSnK +FG+aVvh8ZvHloIu61d5gw3FokPmBeS0NF6XVBsbJMiLn7TdWeSFqYYTw+awhAgMB +AAGjfDB6MB8GA1UdIwQYMBaAFHdqs2T1sexRei1lhv8CGH4LSo4nMB0GA1UdDgQW +BBQHH/BwA0diipbRgYmqAFSJ+JxtKTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw +DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +gYEADvf91AyVaeC72JRsi71sKWf3f71NGoRSjxBnKh8VS/G0fIQElDmHHe01TZ3W +t2zRBZROqLoG10YCxSheQdd0gE0yoqTdcc9l3kr0ZMhgfM4mRPYNL6kma3azT78F +OqMJAUrnjjMYruGcLm7MLp3Lq2/7NjAN5q3ffuSrtwUwLHY= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkjCCAfugAwIBAgIBLTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4 +cGxpY2l0UG9saWN5MCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvEVs +LML3To+EEs99KIoLdE98+LzQkf1wQzrLhuqlF6UH8BJvupeClmchb4TFyXh3mkhT +/DsdlWlScKGl1KiqKyXIrb5x0AebEDEHylhNhUgn7O/zU7WyuGDE4SU0QNR2T/C0 +mOEbjV9WR06GcmbMCp1GUY7zmfThFrZP2Cfj2PMCAwEAAaOBjjCBizAfBgNVHSME +GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUd2qzZPWx7FF6LWWG +/wIYfgtKjicwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcNAQEF +BQADgYEAWoBbngBiHa90n2Kdb0iXazi7wmnvtPZxJ2xLA/Ubv9qPzFUwoUM/Ikm8 +6o8sI8TYNuCwwni3ZrQwCfagtNsOeUXp0O86mLIVH7jr9YS2nBtuZdXAnL3lZW5r +VHXxf0Fnmk+Nx3Frxf7tJfZVGGLCJCabwObF9o6Bgya4GP0FL20= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subCA +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs +aWNpdFBvbGljeTAgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm +BgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTAgc3Vic3ViQ0EwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAMJOPDBu3Iqmav4DjiTzIKi6FmFd6HGBsW+dDPbs +l6jZbrkDavBUtuqC5RMVJKvOyWY7GYIsUdgoSOJ2YHl38HO6nXhq3OFO8v0r0kU3 +SRPPM7vpiPYf3eMZm5Z77GT5XuGNUPSkepAfxaN1IEAqFoePT7wsGa9Zg77WcLUd +nEw3AgMBAAGjfDB6MB8GA1UdIwQYMBaAFAcf8HADR2KKltGBiaoAVIn4nG0pMB0G +A1UdDgQWBBSwQkkzaPMCKs1UIV3mYuFwzqUjQDAOBgNVHQ8BAf8EBAMCAQYwFwYD +VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQEFBQADgYEADXoLz5MBvHFKs5z47OgavmZKJQp+vIcDSOu4QUlIZgmIWcbcI7g9 +GKG0SIg5gXZhwoH3OXx3g5miGPzOi9iFtdkZXAZPX9JHsISpHfB9VcZYTfmW1T49 +ZrnCugvmdUnDLBitS9MKHkyU7zL/ACtlXB82SFbiCS1R8bEfU4Oozf4= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubsubCA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubCA +-----BEGIN CERTIFICATE----- +MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs +aWNpdFBvbGljeTAgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1 +NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx +KzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBvbGljeTAgc3Vic3Vic3ViQ0EwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANk012Iq+sazBXGTgqICIE0GnFvathib +YlOHsK/Iop6+DNGleJoAH6bqvS2ZWtkkIKE7WU3nfDUjMVp3IJyr8WDesDKvSJyg +zy3y0e+XuMv3QtyFXxESXxHmY62UaILPgE9XMgcyAhOnVU4mQe7ScJDAcUeLgjcZ +fQdBnGGCT/LVAgMBAAGjfDB6MB8GA1UdIwQYMBaAFLBCSTNo8wIqzVQhXeZi4XDO +pSNAMB0GA1UdDgQWBBRZ1+jibtd5cIJhiBzPFFLktwdJKjAOBgNVHQ8BAf8EBAMC +AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQEFBQADgYEArZnuuewqU0IgdJEU6osnzsuX6E6A4igNSK1ZYUKmhRvn +eyfrU5kHavTwnM+h7SkVB73S2w+OqHUGin2xIu92RcWzN7NV+oLWldhnYtalSyh1 +KiuKC41mAZweQv1Mrz/+5lIQDOUOtV2JXOjaA+T/JR/qFLo0MoqC+mBxk/w5eDg= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid requireExplicitPolicy EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubsubCA +-----BEGIN CERTIFICATE----- +MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBs +aWNpdFBvbGljeTAgc3Vic3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5 +MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0 +ZXMxOTA3BgNVBAMTMFZhbGlkIHJlcXVpcmVFeHBsaWNpdFBvbGljeSBFRSBDZXJ0 +aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvs6xd2Lv +4717eCUDGaJKN9HVbjqiBoJd9K18OP5hoJ/iyWNR7u1l+p4xbQNdi8iU8UV1hBrD +RI2jahY2p/rgx+REkxcyhWXFc0qP5hMqbjUD9IuMyhUrwtSut0la+L/lbKuag7Ry +pWlMe0FQUjnGev5zpdXCY4U9y2a+7jYuOOsCAwEAAaNrMGkwHwYDVR0jBBgwFoAU +Wdfo4m7XeXCCYYgczxRS5LcHSSowHQYDVR0OBBYEFEEjHrhpuHHNWtHozi2HzhxK +KgmLMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ +KoZIhvcNAQEFBQADgYEAVpfKjsWKyLdcOfar1+Ejc9eyGUzMXt7F1xXSqdnls/Z7 +RuG7jkY1lvUm1vHhVb2yP/OdC+rwwmx4cjxUAm0dNrE82qZNiRqgaaVO3llJD9zt +AD5gAi0nJqUdJ7H1b3X6Jt9VGTNlc+0ZAEHnaSID1Ym2pa1433XgPPi1/YflkwE= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:77:6A:B3:64:F5:B1:EC:51:7A:2D:65:86:FF:02:18:7E:0B:4A:8E:27 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 9d:78:0f:04:94:97:f9:ad:b6:17:8e:65:dd:6d:ec:65:bb:73: + 37:9a:1d:66:51:d7:97:b6:31:fb:62:a4:4a:21:3b:20:97:7a: + 4d:aa:ce:d2:95:f7:36:65:77:51:e8:d5:81:0a:b7:62:af:76: + 38:b7:77:72:2c:90:0b:8a:7c:31:58:cf:c6:1d:da:24:65:ef: + 06:7e:d7:21:96:a1:f2:62:dc:5d:fa:10:37:01:99:7b:14:34: + a8:cd:47:a4:cb:5e:ff:0e:b4:58:69:1f:70:f7:3b:2e:7c:77: + b4:33:82:7d:18:54:da:f3:5d:dc:5f:a1:1a:96:f6:d9:0b:ca: + 9b:a0 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv +bGljeTAgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFHdqs2T1sexRei1lhv8CGH4LSo4nMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAJ14DwSUl/mttheOZd1t7GW7czeaHWZR15e2MftipEohOyCXek2q +ztKV9zZld1Ho1YEKt2Kvdji3d3IskAuKfDFYz8Yd2iRl7wZ+1yGWofJi3F36EDcB +mXsUNKjNR6TLXv8OtFhpH3D3Oy58d7Qzgn0YVNrzXdxfoRqW9tkLypug +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:07:1F:F0:70:03:47:62:8A:96:D1:81:89:AA:00:54:89:F8:9C:6D:29 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 7d:a5:df:f8:70:c7:9c:d9:f2:4e:c9:42:63:48:cc:17:87:29: + fb:99:c0:2a:11:8b:ce:ce:45:31:58:41:32:1c:39:ff:53:bc: + dc:24:df:9a:b5:10:83:8b:a3:aa:cd:3a:23:92:a7:8d:c3:56: + 83:19:c1:ed:d8:ad:c0:56:79:fd:c0:6b:bd:e9:bb:56:e6:18: + 1d:02:28:91:77:90:15:f2:44:51:61:81:ea:1f:92:a6:89:84: + cf:36:c9:e4:f2:6e:a8:01:11:82:96:fa:94:1b:fc:d7:e6:8b: + c0:8f:bd:87:30:8c:84:eb:84:3a:e5:21:42:d1:60:82:08:82: + 45:2b +-----BEGIN X509 CRL----- +MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv +bGljeTAgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G +A1UdIwQYMBaAFAcf8HADR2KKltGBiaoAVIn4nG0pMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAH2l3/hwx5zZ8k7JQmNIzBeHKfuZwCoRi87ORTFYQTIcOf9T +vNwk35q1EIOLo6rNOiOSp43DVoMZwe3YrcBWef3Aa73pu1bmGB0CKJF3kBXyRFFh +geofkqaJhM82yeTybqgBEYKW+pQb/Nfmi8CPvYcwjITrhDrlIULRYIIIgkUr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B0:42:49:33:68:F3:02:2A:CD:54:21:5D:E6:62:E1:70:CE:A5:23:40 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 95:8d:6b:ad:bc:a7:38:7a:12:70:e4:e6:bf:06:91:0f:ac:72: + f0:da:aa:50:e1:51:a1:8c:d2:d2:00:73:2a:6f:54:04:77:ee: + 83:aa:c1:d4:32:cd:70:ca:5c:98:62:3f:a1:6c:4a:af:53:8b: + f9:0d:7c:50:17:90:f3:e3:93:4d:c1:3f:2b:59:f0:12:3a:d9: + 25:5b:15:3b:71:14:bc:29:b0:2f:b7:93:c6:93:b0:c1:fa:88: + c8:2d:ca:fd:03:c1:ec:dd:0b:95:af:8c:d5:7a:0f:41:48:ea: + 03:07:6f:57:2e:b3:b8:c6:3e:54:a7:9c:57:4f:27:f4:c3:9c: + 25:5d +-----BEGIN X509 CRL----- +MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv +bGljeTAgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt +MB8GA1UdIwQYMBaAFLBCSTNo8wIqzVQhXeZi4XDOpSNAMAoGA1UdFAQDAgEBMA0G +CSqGSIb3DQEBBQUAA4GBAJWNa628pzh6EnDk5r8GkQ+scvDaqlDhUaGM0tIAcypv +VAR37oOqwdQyzXDKXJhiP6FsSq9Ti/kNfFAXkPPjk03BPytZ8BI62SVbFTtxFLwp +sC+3k8aTsMH6iMgtyv0DwezdC5WvjNV6D0FI6gMHb1cus7jGPlSnnFdPJ/TDnCVd +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:59:D7:E8:E2:6E:D7:79:70:82:61:88:1C:CF:14:52:E4:B7:07:49:2A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + b0:23:c2:ec:e2:e9:c0:87:e9:75:d3:ee:a4:c5:3b:9c:27:c4: + ab:b2:67:74:79:f8:5b:cd:4b:20:0b:ee:19:32:8e:8b:d2:e7: + 67:5f:da:83:a7:31:09:08:0f:b8:64:2a:08:96:1c:78:db:13: + af:77:26:0f:01:3a:e1:98:d7:41:b9:e5:86:9c:b1:36:a8:92: + bf:6f:cf:62:13:33:3e:1e:79:02:e5:a6:8f:11:69:fb:1e:86: + b9:12:18:67:cf:6e:c6:1e:d8:bb:2f:a0:86:dd:66:c8:0b:71: + a5:68:fb:91:9e:f5:ca:58:80:7e:27:18:e0:4e:3a:34:45:23: + cc:c1 +-----BEGIN X509 CRL----- +MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBv +bGljeTAgc3Vic3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg +LzAtMB8GA1UdIwQYMBaAFFnX6OJu13lwgmGIHM8UUuS3B0kqMAoGA1UdFAQDAgEB +MA0GCSqGSIb3DQEBBQUAA4GBALAjwuzi6cCH6XXT7qTFO5wnxKuyZ3R5+FvNSyAL +7hkyjovS52df2oOnMQkID7hkKgiWHHjbE693Jg8BOuGY10G55YacsTaokr9vz2IT +Mz4eeQLlpo8RafsehrkSGGfPbsYe2LsvoIbdZsgLcaVo+5Ge9cpYgH4nGOBOOjRF +I8zB +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem new file mode 100644 index 0000000000..0f10912926 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=Rollover from PrintableString to UTF8String CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIClDCCAf2gAwIBAgIBYzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMuUm9sbG92ZXIg +ZnJvbSBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBDQTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAoNL+uym7FlmTUpQwimiPNXt8IR0+KjdAFbDkTqLk +zxHkpKBqAjTWzEPRqnhsBmjPfLrS8omVrcKIOBgIbOCoRU098SYWt4/2WRbHhAKF +kauf7d7NsN4WEDXJmlqiZrJLHDihW686RcpL7luSLrlXVXT1h2dWI08VpDUNrz6P +L/cCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYD +VR0OBBYEFDeXpBvbNFU1D8m0TcZ+SxfopIk8MA4GA1UdDwEB/wQEAwIBBjAXBgNV +HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQUFAAOBgQDFX488L1PqURnQTZU0RgicEAHXUj3SLP3buSF/vMC1KHZd9JPnmf2e +y1OGQ0S+B4lNX9VJEnS5f8w5bU0kcpGYQTPuFrTZvNZtN/4ZIZTLauFkEjM8sa13 +0CNwd0zMj/Dl1nQ2z8/wHLnfClEFmJHTZZ39W0jD/Lfg2hQvn43Tcg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Rollover PrintableString to UTF8String EE Cert Test10 +issuer=/C=US/O=Test Certificates/CN=Rollover from PrintableString to UTF8String CA +-----BEGIN CERTIFICATE----- +MIICsjCCAhugAwIBAgIBATANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzEa +MBgGA1UECgwRVGVzdCBDZXJ0aWZpY2F0ZXMxNzA1BgNVBAMMLlJvbGxvdmVyIGZy +b20gUHJpbnRhYmxlU3RyaW5nIHRvIFVURjhTdHJpbmcgQ0EwHhcNMDEwNDE5MTQ1 +NzIwWhcNMTEwNDE5MTQ1NzIwWjBvMQswCQYDVQQGEwJVUzEaMBgGA1UECgwRVGVz +dCBDZXJ0aWZpY2F0ZXMxRDBCBgNVBAMMO1ZhbGlkIFJvbGxvdmVyIFByaW50YWJs +ZVN0cmluZyB0byBVVEY4U3RyaW5nIEVFIENlcnQgVGVzdDEwMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQDDncK1nAho7wt1siRGXkw0eRAeI3uztOfqSwGhT1ih +XbW47ek9MiPqCRlX1RKOXve8quD7MM0ibzWjiroSxsaeM7gW91nwOZn8V+UfqmJF +CikNAA17A/y9Nk+IVx8b2VB+Kjixg9HW2ZbqJiSq4Ci9Dkz2mH9sgjI0On0OSLDq +2wIDAQABo2swaTAfBgNVHSMEGDAWgBQ3l6Qb2zRVNQ/JtE3GfksX6KSJPDAdBgNV +HQ4EFgQUdLZDDyDir0HSFv0sejwUl8S6IxwwDgYDVR0PAQH/BAQDAgTwMBcGA1Ud +IAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAcxCi0hkgCRB1w +uurTKVDyZTQ5ttLsggNpE6uqL+mGyAk/uYcGTxNM1Wx38DDqb+yJnF6CkLRwBk2c +mEtKFVYwX3s/h+RPe+MO4WBurdVGfxpE3df2wvyYS7WOnd7iRhRirmm8LMoGPLoY +w40WU1JjVs4Mg8vHt4OpmiFXlrv7nQ== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Rollover from PrintableString to UTF8String CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:37:97:A4:1B:DB:34:55:35:0F:C9:B4:4D:C6:7E:4B:17:E8:A4:89:3C + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 2a:72:92:90:cd:32:d0:c4:99:63:47:0a:9b:95:28:27:8e:04: + 1e:49:38:bc:54:a7:da:f7:2b:58:34:d8:bc:ad:3e:a4:fa:0f: + 85:84:fb:49:95:3f:7f:a0:c3:fb:94:07:2a:a9:66:44:e1:10: + 04:55:4f:dd:ba:6c:bd:f8:f9:be:0c:de:28:54:fd:cd:f4:50: + ac:4c:9e:01:e6:92:bf:11:cd:b6:69:5d:10:f3:3d:25:f9:1e: + 7f:2d:d4:04:5e:4e:9e:b4:f2:10:94:1f:30:0d:27:4d:2f:6d: + 41:4e:31:ae:20:2a:d8:90:34:32:92:d6:1c:b1:21:99:57:2e: + 63:04 +-----BEGIN X509 CRL----- +MIIBWzCBxQIBATANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzEaMBgGA1UE +CgwRVGVzdCBDZXJ0aWZpY2F0ZXMxNzA1BgNVBAMMLlJvbGxvdmVyIGZyb20gUHJp +bnRhYmxlU3RyaW5nIHRvIFVURjhTdHJpbmcgQ0EXDTAxMDQxOTE0NTcyMFoXDTEx +MDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFDeXpBvbNFU1D8m0TcZ+SxfopIk8 +MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBACpykpDNMtDEmWNHCpuVKCeO +BB5JOLxUp9r3K1g02LytPqT6D4WE+0mVP3+gw/uUByqpZkThEARVT926bL34+b4M +3ihU/c30UKxMngHmkr8RzbZpXRDzPSX5Hn8t1AReTp608hCUHzANJ00vbUFOMa4g +KtiQNDKS1hyxIZlXLmME +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem new file mode 100644 index 0000000000..32e7d402c4 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem @@ -0,0 +1,130 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIIChjCCAe+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMT +Fm5hbWVDb25zdHJhaW50cyBETjEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBAMqEGhcWtsw26V0XQSph1+hgHUlNVe4yFus4l56oS+MKdra/qys502m3Is9s +KPNUyWAzPUBCaj37+cC/lnojJTpZw0lyfOSeqDAfbcDMzp39U2ujHbqQ41fGTeIJ +haOs4hUUIapsmLZ/1iETEyHFfB9ib5oSCPAMvRtDEvNwITDvAgMBAAGjfDB6MB8G +A1UdIwQYMBaAFE4uo+fZ3YungjtBSsOefFkjV05TMB0GA1UdDgQWBBS3rAnyZ9I5 +cWLbrRE1M5H8lPPz2jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB +ZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEALE7Y6U98 +nXWJYm65/DslSMoEgBrKSB8w4Z2y+sE41dhd99EFWOwUV3UFoVk+IPgmvwpdpXcf +n1CZdWh9MvR7lZ4cBiSRoWLz8D5okZPX1HyarXNSQwJjZv91zs3/xi78DUrOfW5f +nE5txAvRjHP7PrMcb/gatjC2p9oKDpW6+ro= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test19 +issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +-----BEGIN CERTIFICATE----- +MIICqTCCAhKgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh +aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT +EXBlcm1pdHRlZFN1YnRyZWUxMTcwNQYDVQQDEy5WYWxpZCBETiBuYW1lQ29uc3Ry +YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDE5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCtryyDuHNmy8nLnEcuJZ6bwOq0A+ka/Kj0Um0Xgd1sop3boX4Rjv1q +EpvwNZoizR25z5Cw2J3wfdrtm/CtazuoF+2O9M5/g7STTtPUDAhwiR2uRWnRKpUc +SEQaxHFmfdaPAJI14E5BhrlRRHxHu6kNuENcF5lwuGUcxuL68jhsbQIDAQABo2sw +aTAfBgNVHSMEGDAWgBS3rAnyZ9I5cWLbrRE1M5H8lPPz2jAdBgNVHQ4EFgQU0BJ9 +iRt74wy57LStnAe8vRiy+8wwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBX2LLxEBd+in5MEzdLeQNWFBzY +B9CJ1quGFFe2AfYozACv7MzAiHJj1rU0ik2bjYw3r8mUIOEBuYyi+5syyK97cV8z +e2FFWRCkUkcOWt2b7AizbFVt0M9IEFnhTsM2nVCeSD+f3wO1IYBzINkqwMqmnejZ +zThT0HTy6hrX/maRAQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0 +cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+ +WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY +AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX +BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558 +WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP +BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0 +ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs +UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW +2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe +Ve3YFugTb2fMnETR7A== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72: + 71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc: + 19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80: + 74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a: + 29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2: + 39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a: + f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e: + e8:eb +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE +TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx +X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L +4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem new file mode 100644 index 0000000000..4b8f08b93b --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem @@ -0,0 +1,178 @@ +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +-----BEGIN CERTIFICATE----- +MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp +bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL +RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R +WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G +A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV +TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr +Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD +zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw +JEDyqFgkV/+0sLFjQvvcCdY9ucM= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp +bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X +Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB +Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j +BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq +d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K +Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56 +UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO +hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 +-----BEGIN CERTIFICATE----- +MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ +b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGsx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFAMD4GA1UE +AxM3VmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZp +Y2F0ZSBUZXN0NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6DBDhDh8Fq9l +WtOenCnLV5XS52CTXaNqy6/fxR6xw6bm0s2p2D0Br1TeO6qn9oxXMMohGo1XU/wk +hUbde93GnnMNVlPZqTvaGvcq5OjaE9Y7r/QE+P/dSV/mXJsmIbwbba/n4KqgF6yj +XfJ5QXz2jEVWKIAESIUdsz8i73joVw8CAwEAAaNrMGkwHwYDVR0jBBgwFoAUq8hB +ACbQ1UzmK1Zn7O+CxMLd8lUwHQYDVR0OBBYEFOlqW20Og/KffGodN27T80jZjAQu +MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI +hvcNAQEFBQADgYEAaRukvyRgU3wxzMNx2864sByNAhV3ujEGeCMnBn3DLfeM5ioo +PXYjuq2PEs6I+o55xSX1cGwCtcZHay0MGiz292T5DUrhDJoN8nhJ+yNjzsjB2kpv +zJrDwMEv5liNVCtbsVNMDCBsje+ukkmbmVVVzpRlnmVmwrWsX58V/pX4crU= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu +eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ +SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa +sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT +W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN +KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF +HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V +CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b: + 21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5: + 15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c: + fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a: + 43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c: + 88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de: + 9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6: + 38:b5 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw +zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI +/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23: + 92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59: + db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6: + c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af: + 18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b: + 88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a: + d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25: + 45:1c +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx +IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse +3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW +me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem new file mode 100644 index 0000000000..2ac5275855 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem @@ -0,0 +1,197 @@ +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +-----BEGIN CERTIFICATE----- +MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp +bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL +RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R +WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G +A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV +TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr +Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD +zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw +JEDyqFgkV/+0sLFjQvvcCdY9ucM= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp +bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X +Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB +Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j +BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq +d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K +Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56 +UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO +hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 +-----BEGIN CERTIFICATE----- +MIIChDCCAe2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ +b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UE +AxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCc2RpX4l2ip6DQkyPrZQ5fiP3xdhXT2e4QAznpwy2Z5q9TlYhF0sFw +yiFNITCwI50K+JrcR/FtOMFTiGkDJdNSD6JJ9KXmV2Ub4/oFXhmdPkkW3+LyckWV +cpDuhOBoI8E+ni0ZFTuduAa9E8yQX5PKazSSbeERNXFHIdMij7WuxwIDAQABo3Yw +dDAfBgNVHSMEGDAWgBSryEEAJtDVTOYrVmfs74LEwt3yVTAdBgNVHQ4EFgQU3Ymd +Zrnid46ozhWkgrKgpMameo8wDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgwBgYE +VR0gADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAM/wnG9l6jp+ +ViHhfrgGuXyp29iH1trRzZVkRtta2Htz5cEy+DfQ1bKtALeOj+3XycvDjFBK3XFX +Fj5Kq26Wr29hb46xdtNHFdkYvsyfD9Nmh1OvcqEkW0rmMqtr/+z3bTX+qegUtJ4Z +vjllBLFSy/60sopz/da7BfJiG3vBvoij +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test9 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 +-----BEGIN CERTIFICATE----- +MIICmDCCAgGgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ +b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGsx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFAMD4GA1UE +AxM3VmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZp +Y2F0ZSBUZXN0OTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqkkaVxrrWKva +xC65OTtGWaNoO/KVt03UN4EW/fxbAwU79QI6lYLlcnTOpmNlAU9HVGEvunAZ/RBl +AtZOKSiAGjuEZPkn37sS6SnhR1ANPyNA0KTI9uXIXDKde2sGXwNSbsiQbDko3vdV +EIfKC00+2GBB7MxARHUpZZ7kGAP4XIkCAwEAAaNrMGkwHwYDVR0jBBgwFoAU3Ymd +Zrnid46ozhWkgrKgpMameo8wHQYDVR0OBBYEFJf4i3/rlw5BfP8DOFHqMlOM+3vU +MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI +hvcNAQEFBQADgYEAg9u+FJzES1LZQVxwLZwZZ+9Q7q68jcUqdvzV1I0kFxESgspa +7a+fTUyYDbMr4qZ9zrMbJDDLkwS8a9vSwZJmfLSZYGECYAuTZFTe5p6CeQyToEfF +l+MA+CUr5ogWe2dpQQ/OmurKn/idqncuvoIpaWH7fvnpOyKcqo27Q2hUhrA= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu +eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ +SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa +sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT +W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN +KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF +HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V +CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b: + 21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5: + 15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c: + fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a: + 43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c: + 88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de: + 9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6: + 38:b5 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw +zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI +/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23: + 92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59: + db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6: + c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af: + 18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b: + 88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a: + d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25: + 45:1c +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx +IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse +3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW +me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem new file mode 100644 index 0000000000..0a0596b259 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem @@ -0,0 +1,180 @@ +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG +A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE +99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y +emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID +AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E +FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu +YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD +OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv +bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA +643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY +Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk +m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud +IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK +oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC +ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG +9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb +IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99 +pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Self-Issued inhibitPolicyMapping EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +-----BEGIN CERTIFICATE----- +MIICojCCAgugAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3 +MjBaMG8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFE +MEIGA1UEAxM7VmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdFBvbGljeU1hcHBpbmcg +RUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALAZ39MGl31J7AeGVi+NMkr2Za9Sm9LwaUKnv+U+4kjo1pvbj8KegARFAYToj7LF +KujtuYlkH9HC9PW9p0X0zlfGyLo+jYBaT28HaJodaa2AmpEz0ZxmLsEBnjVNlC/R ++vUNa51CNV85Wv2V/FVkznQSlqdRP/89SCfIL/Rd/rLRAgMBAAGjazBpMB8GA1Ud +IwQYMBaAFLamwerAUlPfhv1mSeS0Rr5jMwwVMB0GA1UdDgQWBBRFegfFmXt1cyLu +vHj7WA8p2BokYTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC +ATACMA0GCSqGSIb3DQEBBQUAA4GBAE1aoLRAB7FVyZHDy+jfyHRnvk2c/hNkhsYQ +VuxpPqQnt8pCBUl9lUAwlb9W1JoR274/B4pIYmqM869ptHJJjbbNkOBdudX6462F +v4rtoK+1egfyqLiEcmQNcGSqq7w6tBw1k9DV6t8D1BYvzh6JfN7z+BY4b8dOq5O4 +2eSGt5qS +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA +-----BEGIN CERTIFICATE----- +MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG +A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/ +EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP +uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt +iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G +A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD +VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw +AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB +AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD +6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC +WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6 +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25: + 50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2: + 09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56: + 7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7: + 2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e: + 74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86: + f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db: + f7:a4 +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw +aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y +CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC +VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee: + 4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51: + 0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9: + c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64: + ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb: + cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22: + d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9: + 45:a0 +-----BEGIN X509 CRL----- +MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w +HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ +KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw +v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh +zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem new file mode 100644 index 0000000000..8a81ff92ee --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem @@ -0,0 +1,127 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk +MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w +LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1 +RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah +b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt +BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr +NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE +6cbcSe7zaz5qdojy0B72dLHC +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +-----BEGIN CERTIFICATE----- +MIIChDCCAe2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMV +cGF0aExlbkNvbnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDDqMCqoLUxLw5wCcxhD3+5J80k2C5ESu+Co4n3V3Nu2SyzcfKET0wx5QvxYm5V +bzsntf6IudJpfXgzxHIwJ4i5v+Ycc8NYiqmCNhsW5sFRzhjQDyTWu0fEYm+tmyBv +FavwXAcp8ptUMElDMAv/bKSD+7MDC9uHZQOmVsY0ndcNUQIDAQABo3wwejAfBgNV +HSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUOK0lyEJa1w3p +SvQY5iylU6RQ9EwwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD +AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAA9NjcDXXcF4 +FXkwZWIDYtowLXCpbshsU80nGx0/7QVNApSTnUq9pe0t8qAClcYZuaXgB/uYINl5 +qozAW6KR4wFaNUv6mnm+0ppWeiTnIn5O37IycPbAKVZRhauf3p/cTkZ6RZ3MJ5Q+ +fMTJscvSXtMhU+Q3Pp5PGRXlXhs1zFNp +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Self-Issued pathLenConstraint EE Certificate Test15 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +-----BEGIN CERTIFICATE----- +MIIClzCCAgCgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMG0xCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UEAxM5 +VmFsaWQgU2VsZi1Jc3N1ZWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNh +dGUgVGVzdDE1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb61LTuxE1l5yJ +QVfNdf8EYvZcAa0KaD4FMFo6vn3YTkLfUAgn2P0/LUtJQmmXciZPTEU9iKaYsV+/ +ZtyT/p8r/UHfo81aRT9dIzwK4sGKK+9KWFi/rPiRQwG5IB3XiQYW/JGTIPgcXg5Y +dUXWrtqZVN+7ddhQD1d1ttatbEqajQIDAQABo2swaTAfBgNVHSMEGDAWgBQ4rSXI +QlrXDelK9BjmLKVTpFD0TDAdBgNVHQ4EFgQUS4ujjGGj4+FAN/SRPltJJo/KxqAw +DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG +9w0BAQUFAAOBgQBh3iDLcsaywxCRTsUrSXJ+COkZOvwrPiAugkf2KeDXYcrIckKX +n/+Q3FZeBn0qHNyvGUTLp7yei9kUto1sS0nrShwSV+dn/2zUsL6dr4F9Lfazzvsp +rIIGkJCHbcJSnMc2b3dBhKr1Oe6MWWnV7OdTVCfjQXeDciB3MTcY1TqedA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba: + cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3: + d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f: + 53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec: + b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80: + 3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91: + 55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da: + cd:a2 +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6 +rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA +Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem new file mode 100644 index 0000000000..86dae42c9b --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem @@ -0,0 +1,197 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBHDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZDGq53SMD +2pj9pTu5VRCJI+Vm8LxSBkYdxD0jc4IKrbJH1NRh5XCcfeAbJaQ46UJFGEPMa92B +GOSF60SQg5oIXBDTA/ygWIPFFbfStUt//heg1BfHUHRf14z8JL0HzXDG6xnd+2yK +FzLzKFu1zexVpeT6nFQr0rjeslXftjJO5wIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU2nOT4PBlmX3Dv7AfJg72Fi0x +NVkwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBBQUAA4GBAFm1ZyLmtGk/Ml/36K/q +S3bdDJ4PWyY0OsgJBm4jiiYU7QvQ5G7cyfPW4h8EBaPOg4HSUGJJdqQQdP89e9WS +JTFOlLoPT910pCDXbuEjILFrPh54Gv0ydO31Yc8Un/Do/qEraDgWzjNU9s/BAJKx +zeFg0ajkR1p+VLGzDM+n2aQI +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA +-----BEGIN CERTIFICATE----- +MIIChDCCAe2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMV +cGF0aExlbkNvbnN0cmFpbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDEsgspeWC5HV95asByD3T2Xp92XyIayyvxljyNsuyivQG/zdHVuW0QqDbM9+ua +rkOgDpqwN93uEtbRdQqq4u0MZ2GXR4k6ZduPsubfFKXBKdgvLBoSm1qhOdO1m7BC +GYe/0e+uiTYZGfLbJCqUuDraLY/o58qeKUHln2Ex8G4wAQIDAQABo3wwejAfBgNV +HSMEGDAWgBTac5Pg8GWZfcO/sB8mDvYWLTE1WTAdBgNVHQ4EFgQUC9dNxXZ6/vA1 +xTWKZjIu1jdIF2owDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD +AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADwD62Ebsv+1 +RcA3YIonWoTkrnKU9YGmmJf5S9ytmc6cT3phWRpY/sOl+Y0pNRvDsKJeew9ggQWD +f77Pp+ACX2HvWwSHzclox2iCkxNyX0aNAxa9xun2zKGm2j1Ncb/D2mE9CQemmn0n +1GxEkjg7psCUxl2FwuTTmRR9UquMxjg8 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA +-----BEGIN CERTIFICATE----- +MIIChzCCAfCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMY +cGF0aExlbkNvbnN0cmFpbnQxIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCp1Y+dMUczZ1H6dsRs9hr8yLDsu+xA1vSG+vHgAEPkfkhzItj+7N02gtua +ye1hSXd/x5xNHOTWUK0CDY2YnHBpqmVO3nMIYmX40BbsRl8eQiEYQS7ES+URwrbW +LHC23HLYn/R42TA1lkwp3HUa4Nu4eUEXKRMbCVfpxAE0h6brIQIDAQABo3wwejAf +BgNVHSMEGDAWgBQL103Fdnr+8DXFNYpmMi7WN0gXajAdBgNVHQ4EFgQUYXPbCWI1 +alu4YhJII+f4K948S9swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI +AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB0eGyRF +KEbsyDnKd8pB+6YhJjQBcdZl9AGLASF4jPmFj2iXuF7gr5rT3UTvquUeEJamAZc1 +L3pHiaPZnxbVJ8hTSD4eUF0YMDd+PzboODwLeBS/5AmWQ0O5qiohjgFTMUq3uvkf +RWemBcsCiI1KenbGIFTJaNEWKdPrsOrocVJw +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z +dHJhaW50MSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UE +AxMYcGF0aExlbkNvbnN0cmFpbnQxIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCvkVm0hGNZvdPCElTss6nzgzq7tC28/UHHYKozUaenLdgSaARQnZyi +w3O5hCVSCtOMmUog52Av5lbkjZxVhCTaWKfrBuPDE2FJSsz2RczG+89ho8676aQ9 +Y5tTt3/mECuV21fCVjRh3IU6O6gTGgPSOxmOyE/lMDXTYFYgsfF7kwIDAQABo3ww +ejAfBgNVHSMEGDAWgBRhc9sJYjVqW7hiEkgj5/gr3jxL2zAdBgNVHQ4EFgQUVVEA +f8ZkXgn1BiXGzZK3mreZsTgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAJNK +lQDUQElDsFY24HDYmUDNg4Vg/CkEB2M9JfI5yZYlOKJrjzECJCY219NFeL9TcyD3 +bJY36GS1ZMz/MI9ocVTU0K5ssZqV4IkBI9hXCFlb+kw5jSgO30RoxXm+Nb0nvzUC +s5kRJVI8Rdm4ONIstsOmX7w7LBMWrgCPBOZN6zkl +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Self-Issued pathLenConstraint EE Certificate Test17 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA +-----BEGIN CERTIFICATE----- +MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z +dHJhaW50MSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMG0x +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UE +AxM5VmFsaWQgU2VsZi1Jc3N1ZWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlm +aWNhdGUgVGVzdDE3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNwtcQ87sc +VaUKAcu3QxtBteOc29FtwvZtv86nDNlJ91gIoFTUq1jKdkWcExlR8lh+Ye0QfIRB +NIDkDs7+2WB/BwJLNMpaEXDh0qETy/SW3uDN0sOX2H3ik97y0xD5ayXquEXTqgIs +fNtXesmjTnBt3iitX1DkPwrjuJmQf+co7QIDAQABo2swaTAfBgNVHSMEGDAWgBRV +UQB/xmReCfUGJcbNkreat5mxODAdBgNVHQ4EFgQUOloj8eT4jSRn3dhhzDfEX13r +FrswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq +hkiG9w0BAQUFAAOBgQA8hwBcf4CCZAko0xnD1MoTNUBfjdvDcXZB+bTB3jnbDXE5 +zSid6bUVBNo+awlLpnQw3drsAgI1G9TcgFOEslX2n4nMP4FZAxsjpyDPSA7Wdj+t +xb8/kI5UhKZTjNYIL/LXpfWMvzhiMhTzha8PFxoGFM5hGYMXqh0kK/0zhThOEQ== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:DA:73:93:E0:F0:65:99:7D:C3:BF:B0:1F:26:0E:F6:16:2D:31:35:59 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + b4:8c:0a:8a:f7:34:0c:91:f2:7f:29:9a:e6:6f:dc:e6:a2:3d: + 90:31:96:5b:53:0d:2b:cd:51:e4:d9:dc:b8:f2:4a:1d:b2:e8: + 5e:93:60:85:16:53:48:ef:99:f5:13:20:34:84:95:88:1d:df: + 30:94:e4:e7:71:fa:f2:eb:f8:e4:50:6c:fb:7c:e3:b7:29:e6: + 91:b7:5e:70:f5:c0:29:ed:50:6c:4d:20:b7:79:e4:a5:63:8f: + ec:d7:1b:ac:9f:4a:4c:d9:44:3e:f3:17:fa:5a:f6:2f:b5:f2: + 51:f3:b2:82:90:c7:4a:93:8b:27:7a:a8:a1:00:a8:26:3a:eb: + ef:4d +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +MSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAU2nOT4PBlmX3Dv7AfJg72Fi0xNVkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEAtIwKivc0DJHyfyma5m/c5qI9kDGWW1MNK81R5NncuPJKHbLoXpNghRZT +SO+Z9RMgNISViB3fMJTk53H68uv45FBs+3zjtynmkbdecPXAKe1QbE0gt3nkpWOP +7NcbrJ9KTNlEPvMX+lr2L7XyUfOygpDHSpOLJ3qooQCoJjrr700= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint1 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:61:73:DB:09:62:35:6A:5B:B8:62:12:48:23:E7:F8:2B:DE:3C:4B:DB + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a7:22:08:25:d7:e6:5b:3e:63:fa:c3:8f:f2:bd:64:39:45:75: + ec:4c:5f:19:85:38:ca:9c:99:03:95:9b:4a:d1:93:62:04:28: + bd:18:a9:79:27:31:d8:41:38:7a:c8:ae:81:5a:42:25:e8:46: + 84:31:cf:e8:38:ad:f3:a4:3e:a8:4d:71:cc:37:18:89:14:5a: + 5b:7f:3e:a0:ad:6f:95:7d:34:1f:3b:6f:ff:a4:a3:58:14:d7: + c7:58:e2:d3:bf:33:3d:bd:59:f3:7b:63:fc:57:ab:62:f3:06: + 27:72:a7:9c:6d:0f:b4:37:12:0b:8a:02:3b:e0:47:3b:23:a0: + 6e:3a +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50 +MSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUYXPbCWI1alu4YhJII+f4K948S9swCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEApyIIJdfmWz5j+sOP8r1kOUV17ExfGYU4ypyZA5WbStGTYgQovRip +eScx2EE4esiugVpCJehGhDHP6Dit86Q+qE1xzDcYiRRaW38+oK1vlX00Hztv/6Sj +WBTXx1ji078zPb1Z83tj/FerYvMGJ3KnnG0PtDcSC4oCO+BHOyOgbjo= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem new file mode 100644 index 0000000000..6a4851e249 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem @@ -0,0 +1,127 @@ +subject=/C=US/O=Test Certificates/CN=Valid Self-Issued requireExplicitPolicy EE Certificate Test6 +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA +-----BEGIN CERTIFICATE----- +MIIChTCCAe6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs +aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBw +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRTBDBgNV +BAMTPFZhbGlkIFNlbGYtSXNzdWVkIHJlcXVpcmVFeHBsaWNpdFBvbGljeSBFRSBD +ZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoQSf +MbaUeJHJyhveLx+voUuSWxwNEG56mZ5evCeaSjObXqfeHXkjtfpbQd04wlsSw3CO +OP2TR4ompdtrgHYGZeSsXW6VhkWz68SG78tn8laoXw3lTMhgrYqAdk+giv71qeBZ +DYVr+mZTxBnmhrgRiiAQi8fhl9p+Bf89nbW03icCAwEAAaNSMFAwHwYDVR0jBBgw +FoAUE+aMwSsPZ0tMeh0OtsAhWiSZUIQwHQYDVR0OBBYEFIGUYNMP2TtFxnkarnPH +B1oeM5PXMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQUFAAOBgQAXMz/QAcFC +0oNUODgnlOJdP3lcECIPpmtJbhAmc3UABEXUG9ak3/kkMNENOktNt62qe1/K1c+l +uYkAMsmUn3oOGYV9Zu77IiiChOYDH6touQtxBGtVTG9Ki/gdaPWfqZdfBs0xkGRg +7mzJCvRrEXDgQZW0kR3C2LJ9B4f2yt2GlA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA +issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA +-----BEGIN CERTIFICATE----- +MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs +aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBN +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNV +BAMTGXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBALnxr9bA0oGlaihhiPR0d8F/y9ai99F6w8+DtAfGlFtJ4WU3GPih +ftUTRqZelcu+u6hZgekMwVhjUHyo6sFt5SfbCzJEmjWxI1anTrGAAcH6pG7zF2Z0 +iae8kVE7C8GOgwm+F1Y1RHkw8Wz/UbZ4QGIhzA++KPDi2du40LEGD4BZAgMBAAGj +fDB6MB8GA1UdIwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMB0GA1UdDgQWBBQT +5ozBKw9nS0x6HQ62wCFaJJlQhDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +B6X+ALEMO8yG/lXfGuoX4XPyaZrb1A8oWFk2ZNCx9QIzI6CQ0vRfO47TF20iK5wr +HN8y7yXpJGZcNTa5+697/kRziJ/zrNiL4b4BP6QRxYv+3Edq7FOb842JguqWw6nP +SfsshPhMilo3C4X3PESiI67m18AlqgJcYcmemF1R6Ng= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkjCCAfugAwIBAgIBLzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4 +cGxpY2l0UG9saWN5MiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnrdC +9sroeA9MJlV1ukIu8XNT9cUF70XCDwxMm5vKZZc2+XVNwgxe4aGse4bPdZ9okZ7y +2ZMuLyDLEBZaA7GsBzG6snQRgHkmMFS6v+pC3ep9ieqtpnrP3b1f743Y1jFp9zvX +ZDoddeI/xvYF/73KgiYdTFPLa9ARaKiwpQPMXyECAwEAAaOBjjCBizAfBgNVHSME +GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUccI8Tjs1Yvclh5+9 +owEeOOAldMgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQIwDQYJKoZIhvcNAQEF +BQADgYEADGhYvyIjl02LK5PZdbH9TrAFF66SGgdk+7nl93vr3XB9UnpvJqUfyG55 +ljoX+kKaRd7Z2O+GLTMmH+tqjMQ6bW+7RawMpFVzfhE3EdAr9/K31K6Q6lft8NuP +wgqhDrrVqYMPa3YM7n+ebATJ0DJ26evfQu5HfIL7Cs/w+CpXi2E= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:71:C2:3C:4E:3B:35:62:F7:25:87:9F:BD:A3:01:1E:38:E0:25:74:C8 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 95:0a:96:af:24:83:ca:92:a2:7b:e7:d9:50:bb:49:ec:22:19: + 7b:a3:b9:3d:5f:b4:8c:5b:76:25:27:88:6a:26:24:c1:e1:cd: + 3e:b6:ef:b4:0f:ef:85:7c:0e:95:9b:13:fa:dd:c0:bf:7c:fe: + e1:d9:fc:2a:7a:2f:fd:48:0d:11:58:69:6d:5a:e8:37:26:30: + 67:83:83:90:4c:b1:9e:6b:1b:04:d0:8d:60:42:88:13:25:91: + ae:42:24:ea:61:ba:5d:34:6a:7c:22:6b:be:cf:2c:e0:67:36: + db:28:0e:5c:be:bd:7a:75:3d:ac:cf:3c:9a:44:8e:ca:30:7a: + e9:97 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv +bGljeTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAJUKlq8kg8qSonvn2VC7SewiGXujuT1ftIxbdiUniGomJMHhzT62 +77QP74V8DpWbE/rdwL98/uHZ/Cp6L/1IDRFYaW1a6DcmMGeDg5BMsZ5rGwTQjWBC +iBMlka5CJOphul00anwia77PLOBnNtsoDly+vXp1PazPPJpEjsoweumX +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem new file mode 100644 index 0000000000..1af71df043 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem @@ -0,0 +1,134 @@ +subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICejCCAeOgAwIBAgIBZjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg +Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAzpVbQYnufknoy1tKbCSY840pKcfP2S+jFm6OFC9hzkLFn9uiYzCV +rCjczQI8lFfM/4p9rUApMIgp4IUAxCOEcgJuKPKmiuoTwPD9XxbmZ/uv+iaLXqF+ +QVcbDGouj0z6RMNz3KGtf0pbgg+/+/wIK4c0XOIM9wTSK0aJVqweAnECAwEAAaNr +MGkwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIr9 +Qil7WXhSSvdIHHG3xHGKplfbMA4GA1UdDwEB/wQEAwIBAjAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAo0h6slmGQJsCsth+yeyOMK3j +2CqJ9gEajx3fWs7x2JJ8LM4zfbFFYctGPKpXdGRBTO8Dj9lQJCr7i1IMMHTitTa/ +xpjn8E0SQgzvkB/0BnSt7DiwV0LXCdtBlLxOS2Fw9NdvbE7jsuBK2W4KDOPElhHJ +TKQ0T3TjKv8gwxTq8mw= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBZTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg +Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAtI4Yuumg8WznOojgeWHVZxG23imfdB9ntiQccDxAnvywEfQv6Vlq +HNVQ5vsVQfvfUZCad2Nbf42DHRtpmVhlxIhKBjoNu/m6xdvz/A6/kvDvrEg+7M7N +A2ZRVI0T3Z/mMaPuLHuCzKwU20TF6NonxgZXIbATrppAqRUfSY+UQCsCAwEAAaN8 +MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJtc +UbwiJzEiQJQJJf/Pg3mto4EZMA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBs +BZsxRaZk1qx3balE6qmVZd7jG6C9Gg/n+I5QfXR75ZIus+0Y6GAviBzywvJ8CDZ3 +kIOOrYolpnycedLS17Jnv4D/IDP6OwvmT6/0XvforKDQlmAk6ioJBRAwHRDYHBZg +lj8FXyMNUS313Un0l2FXJBhfJNBqb1ZqYwWcmJ2t+w== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Separate Certificate and CRL Keys EE Certificate Test19 +issuer=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1 +-----BEGIN CERTIFICATE----- +MIICqzCCAhSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENl +cnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw +NDE5MTQ1NzIwWjBxMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp +Y2F0ZXMxRjBEBgNVBAMTPVZhbGlkIFNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBD +UkwgS2V5cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAKj1Dg4L1T9e6MNcWCCvYvg+vk54WuF5s2Dxaa0lfcclqzahyLfN +KqLCp0jCJyvA23IGF2C7I+P4dvjwW9kq0XD7H0Vt7LIjyQIpVyHObshN6gciyIXz +iZjgaBqf8O+P6XhjAqsNyYSipygh3bX0Gqs/Kjb8qHbw8kdUG3Oq6xTFAgMBAAGj +azBpMB8GA1UdIwQYMBaAFJtcUbwiJzEiQJQJJf/Pg3mto4EZMB0GA1UdDgQWBBSu +h3HiE1+nBL/O/8Ce2FdoNLsWhzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAFL8c81C5Av+LkiNwZqrbjHV +HFmRSvBpcRFa0WoFd8bNntXow2oh3ygbWRWt3FucJqTq6t4tys+3aNQClu/fcUSS +IljPUyYAlgSxOTER4P9OYePEC/QtzjAGRH/5Kms56LVZa7lrOl2UpO8dkluoOADI +hXabE5IQYEEjA26WpmmH +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8A:FD:42:29:7B:59:78:52:4A:F7:48:1C:71:B7:C4:71:8A:A6:57:DB + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 05:7f:8e:79:fc:1e:57:0e:34:9e:bc:05:3c:28:df:90:bb:1f: + c7:f4:6a:a1:95:51:f1:d2:b4:1f:3a:64:41:35:b6:42:62:b7: + e7:14:1c:bf:0b:ed:6b:ca:f6:4c:c9:a7:48:ab:42:9e:04:9e: + 0a:b5:f1:86:99:0f:b1:7e:6e:dd:d6:a6:b3:b1:3f:fc:79:6a: + bf:f0:39:3f:03:ac:69:15:b5:2f:5a:17:12:64:8b:e9:46:9f: + 82:09:f2:09:91:90:b4:fd:56:a1:ab:04:79:a0:17:33:26:c6: + 49:6a:96:d9:42:8b:44:a5:ed:ad:69:82:63:78:8e:e7:96:1d: + 17:2d +-----BEGIN X509 CRL----- +MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENlcnRpZmlj +YXRlIGFuZCBDUkwgS2V5cyBDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFowIjAgAgECFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1Ud +IwQYMBaAFIr9Qil7WXhSSvdIHHG3xHGKplfbMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAAV/jnn8HlcONJ68BTwo35C7H8f0aqGVUfHStB86ZEE1tkJit+cU +HL8L7WvK9kzJp0irQp4Engq18YaZD7F+bt3WprOxP/x5ar/wOT8DrGkVtS9aFxJk +i+lGn4IJ8gmRkLT9VqGrBHmgFzMmxklqltlCi0Sl7a1pgmN4jueWHRct +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem new file mode 100644 index 0000000000..de409f5895 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem @@ -0,0 +1,118 @@ +subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp +ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co +7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF +H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh +i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3 +LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e +kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq +hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx +x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr +PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem new file mode 100644 index 0000000000..c2940bb425 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem @@ -0,0 +1,146 @@ +subject=/C=US/O=Test Certificates/CN=Two CRLs CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcTCCAdqgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMD8xCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEUMBIGA1UEAxMLVHdvIENSTHMg +Q0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANF1dMq4ulaNZm1L3KlBM9wi +a4eu7sCry3O20zzWCttHHqG1W9UYLqqivx3HTyKvc/acTndqBtaz9HcdrETCRreu +UjKFAa19JAnjF88BluoZ7A7TjdhsGfsa8gcLUZCN6ZkJJok2wENNh0xdsVhVlmnV +p9rqIgYFPbZd0tvUp44xAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts1C2Bnsonep4N +sDzqmryH/0nqMB0GA1UdDgQWBBQwyOlKAd5DJkEjjFNTjLNHFheOyjAOBgNVHQ8B +Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEFBQADgYEAW8JONjczN4V2xpuIs064NZkR/ZEqwuPDedoS +bQMZtQfK7+587JhXzGM3Hv2INUge/GRWUS6Y0Ra74Z4EU0UjKIM0PfCkokiU9cMg +APFxIwTaaIfmrFY5FOAr0tvJXX1fwvLB2EEzFoD3m3FT5dKH3fV0l07W+rAzXGXd +Mhqyx5o= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid Two CRLs EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=Two CRLs CA +-----BEGIN CERTIFICATE----- +MIICdzCCAeCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFDASBgNVBAMTC1R3byBDUkxzIENB +MB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowVzELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSwwKgYDVQQDEyNWYWxpZCBUd28g +Q1JMcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAiWTa6oG+nNhsn3jFI0IU5eab51kPtxwKr8QO22md2ezjZi0Si3bkH+nL +d969Tfp3AtKQbsaNJVgYIP+GLylF1YmawBW39kLy8yuACUb9k0OlG02sW8u9SsTJ +ifK2hvRv/2dGMe6eOR0Rpknk/8CHUgPJHyU3wSewsookv22AcdsCAwEAAaNrMGkw +HwYDVR0jBBgwFoAUMMjpSgHeQyZBI4xTU4yzRxYXjsowHQYDVR0OBBYEFBVyE7Sc +ZE9qRg0qsIBnbUWvDEhPMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAb3ltD/JZHS9eilXbrUwx4XAfOxMl +l62TnSCbUwvD3VvSBp6CSL9/GAcOIQvGvsbyaFCCtCfPwSDw+Ub4vONlBK5+8uGE +ceErncuILRQcNTwK8U3olehAt6Smh7aEcGBpdeMkSSZhoBSMe0GaIzCeDKELtG5d +3yyDUN+RlEGX0tE= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Two CRLs CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:30:C8:E9:4A:01:DE:43:26:41:23:8C:53:53:8C:B3:47:16:17:8E:CA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + af:97:f6:38:91:3b:72:79:fe:fe:8c:3e:65:dc:61:a8:72:ef: + 9f:73:2e:dc:16:db:92:3e:2a:dc:ba:32:f9:97:0c:6b:52:32: + 0c:7c:8b:89:a2:82:f2:81:6f:30:10:dd:5f:e9:ec:26:c6:35: + c1:fa:94:79:ec:4c:9a:9a:82:ab:3f:be:9d:2a:3e:af:d8:e4: + 8e:c3:c1:c5:08:81:25:c7:11:83:98:6e:42:89:5e:6f:d6:c7: + f8:d2:39:63:34:22:95:56:7f:f2:24:a1:62:18:b6:9e:ff:d4: + 0e:30:e1:b7:2c:03:90:70:81:51:bf:74:13:3c:dc:a9:28:55: + 98:d5 +-----BEGIN X509 CRL----- +MIIBODCBogIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFDASBgNVBAMTC1R3byBDUkxzIENBFw0wMTA0 +MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBQwyOlKAd5D +JkEjjFNTjLNHFheOyjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQCvl/Y4 +kTtyef7+jD5l3GGocu+fcy7cFtuSPircujL5lwxrUjIMfIuJooLygW8wEN1f6ewm +xjXB+pR57EyamoKrP76dKj6v2OSOw8HFCIElxxGDmG5CiV5v1sf40jljNCKVVn/y +JKFiGLae/9QOMOG3LAOQcIFRv3QTPNypKFWY1Q== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Bad CRL for Two CRLs CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:30:C8:E9:4A:01:DE:43:26:41:23:8C:53:53:8C:B3:47:16:17:8E:CA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 02:fb:a8:69:0a:aa:8c:4d:f2:07:f4:6a:6b:38:ae:da:15:1a: + b8:c0:8b:d2:23:96:1d:3a:fd:d4:82:0f:c5:de:56:ba:c2:59: + 8f:9e:97:67:06:1a:d1:4b:d6:24:40:98:4b:b1:c2:85:3c:be: + e3:be:28:9a:3e:56:1f:98:4c:9d:68:36:a8:eb:e6:1c:d5:52: + de:30:49:e0:76:0b:bf:be:3e:9a:b2:18:f8:de:51:f0:f4:da: + 59:48:c5:00:9f:47:21:32:29:d9:f0:1b:75:18:a6:6f:d1:3c: + 56:b1:5a:e8:6f:06:ce:ce:5a:4e:97:c2:91:cf:6d:40:63:8f: + d5:71 +-----BEGIN X509 CRL----- +MIIBaDCB0gIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF0JhZCBDUkwgZm9yIFR3byBD +UkxzIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBARcNMDEw +NDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAfBgNVHSMEGDAWgBQwyOlKAd5D +JkEjjFNTjLNHFheOyjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQAC+6hp +CqqMTfIH9GprOK7aFRq4wIvSI5YdOv3Ugg/F3la6wlmPnpdnBhrRS9YkQJhLscKF +PL7jviiaPlYfmEydaDao6+Yc1VLeMEngdgu/vj6ashj43lHw9NpZSMUAn0chMinZ +8Bt1GKZv0TxWsVrobwbOzlpOl8KRz21AY4/VcQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem new file mode 100644 index 0000000000..b7c8ae1749 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem @@ -0,0 +1,111 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICqDCCAhGgAwIBAgIBSDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0 +cmFpbnRzIFVSSTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKxL9gyE +2WbKCoEEU+RviucDsSOeDHQfoVxci7AD0RhpGDZkMaDQhM+DUHywwIo9zUpLVeGi +xQNu1+1bQ4SzVBT6k7vcf8ZxPOUI+8WQzMNO5H2/PGz3XGpfIw/RJrRH79ICwZlC +6QzvSbLJhOtJTQS9kFTECA4AeBzHEN3f0igTAgMBAAGjgaYwgaMwHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFKwdFrpLHgtf4rxhruHZ +ZFp5vkXWMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4YVLnRlc3RjZXJ0aWZp +Y2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAHbVqbpvjgN0GV8abRGms01xVNHT +PtqMarG3/zQImm9xDzqUqv81kX/8DOy9I/lo3Mvp83M9B74mEEiTTnxkYEpaSouE +fE3/VAW8dTJb35NeZcOCNWDQv3eA7bufOVO+4KjEHERlxBfEYlPEkJGSLD98SF62 +OYmmR3Cda8cKBk6p +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid URI nameConstraints EE Certificate Test34 +issuer=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA +-----BEGIN CERTIFICATE----- +MIICzzCCAjigAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh +aW50cyBVUkkxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD +Ey9WYWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz +NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6FGlp6Xjgc5M7qIkjpaJW/ie +OIVcl5Qn+CIdaNq7obRCyoLrqT/lyrQKTifbp29aWeS20Q9OnvNHYe0AoQulxnhx +tId1+3BJ657gMf8FIwZ6y7C1vKus4TE6lYhBXJZtTF5lE1znoTDmaO9u+Ix2/RY4 +lH5oTdCUCHiEdcoOBvsCAwEAAaOBqjCBpzAfBgNVHSMEGDAWgBSsHRa6Sx4LX+K8 +Ya7h2WRaeb5F1jAdBgNVHQ4EFgQUnBltKBL7MT2/JrE+lLcnIG0SKgEwDgYDVR0P +AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATA8BgNVHREENTAzhjFo +dHRwOi8vdGVzdHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdi9pbmRleC5odG1s +MA0GCSqGSIb3DQEBBQUAA4GBABEni3LRvD7bB0FXjsIor6I+OaDVBV6uWcVuwtmS +gtVMwBhrnKGi/nw+7E+wJs0Sa7INnkylGFlUzOLEFV1Sa6RYjmo61i4AE32uqzlc +lNvE/bXQh6ah0Hj/sw2u9bXRn6zgPcf+9yQRsJ+wNYuB3rP2dsxckGRMylL5bDZq +CfQz +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:AC:1D:16:BA:4B:1E:0B:5F:E2:BC:61:AE:E1:D9:64:5A:79:BE:45:D6 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 48:8d:62:fe:d7:4c:f3:06:9a:78:4d:e0:96:d6:4b:12:b3:93: + 23:96:6d:00:b6:6b:7f:35:25:e3:94:20:1b:fe:c8:cb:3d:5c: + 7b:e8:f3:cf:c3:db:96:d3:62:4e:b7:5b:93:05:11:c3:7f:41: + 94:e8:75:d2:8a:67:bf:f3:b0:81:25:22:99:a3:4c:02:9f:1c: + 87:1d:b1:20:a6:0f:b7:c8:f2:2b:e5:b2:4d:b4:e1:bc:c3:85: + b7:54:29:13:e8:7e:53:ed:d2:cc:a7:95:3f:71:32:5d:3a:09: + a1:fe:af:ba:45:14:41:1a:67:fb:8f:46:03:6a:fb:78:26:71: + 02:1b +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV +UkkxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBSsHRa6Sx4LX+K8Ya7h2WRaeb5F1jAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQBIjWL+10zzBpp4TeCW1ksSs5Mjlm0Atmt/NSXjlCAb/sjLPVx76PPP +w9uW02JOt1uTBRHDf0GU6HXSime/87CBJSKZo0wCnxyHHbEgpg+3yPIr5bJNtOG8 +w4W3VCkT6H5T7dLMp5U/cTJdOgmh/q+6RRRBGmf7j0YDavt4JnECGw== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem new file mode 100644 index 0000000000..c13af8a307 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem @@ -0,0 +1,111 @@ +subject=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICqjCCAhOgAwIBAgIBSTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0 +cmFpbnRzIFVSSTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANCu/tVS +XB6TUXM4bU2lQ7EKvQrGMy49TSnHlIwEVZ9UNvbSA/ChnCxPIKWiVWlqdqr0evlL +xdLPxQe6xHuVjkvgFleY6RjA9LqD7YFFvf8AnDD6BV0kIr3itChNI2abON8Dh6IG ++o48bCPAt9bqxCepQbrSn4mYSlcKjyn66Ev7AgMBAAGjgagwgaUwHwYDVR0jBBgw +FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIakVWPxjKAjp6e8y2yq +bdBaxg9aMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw +DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYYXaW52YWxpZGNlcnRp +ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAXeaQUlCHmmhg1rKHYxVfKaCq +S574GPbDh1QtQoNmVqFF+yGHse9s4hcYcv7VZB74kYKCFUShbBWl1VcmgPbJLDnc +MDjP1B35WdH4IGAxCBLHOiuv/1AWL9EfHUdhX2ZoFpJqNty9lFkahCZ6MARJwtS2 +fBh60OItInetzMDECnE= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid URI nameConstraints EE Certificate Test36 +issuer=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA +-----BEGIN CERTIFICATE----- +MIIC0jCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh +aW50cyBVUkkyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD +Ey9WYWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz +NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvE7GKi9cq2LoR4nDK2rqmEIH +MsJ3m6EeWMUWwoRidb2gH7E45Oumq5skRGihWVu15Lokjua+3arteyn8MbuDj+lF +KcEEP4VLE84+SFaA5KNgDJspoT7+UiBZRELwTxiTK9vPR5VQyTQnc/M9PkfC5rvV +WbctYK/HJ/r68nmGAQ8CAwEAAaOBrTCBqjAfBgNVHSMEGDAWgBSGpFVj8YygI6en +vMtsqm3QWsYPWjAdBgNVHQ4EFgQU2X6Y6CoZbpdRkA80xPGNWG1aeZ0wDgYDVR0P +AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATA/BgNVHREEODA2hjRo +dHRwOi8vdGVzdHNlcnZlci5pbnZhbGlkY2VydGlmaWNhdGVzLmdvdi9pbmRleC5o +dG1sMA0GCSqGSIb3DQEBBQUAA4GBAG2N3tYbTsRh2FgGR/eAxNmVerY5ooWKrZE/ +MkikG9U+XWgHChNL4eR92wDJVi1h5uVvSyUIF1vEFXVfVxyqG1kz1dqWcFrZHp1I +w3WD/3qKE0ilWL+AnW7LOOTbTUDevmIwcUAvl9/QiYpexJyeQhzWJ13gh5vwkfiG +coWXP3GU +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:86:A4:55:63:F1:8C:A0:23:A7:A7:BC:CB:6C:AA:6D:D0:5A:C6:0F:5A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 73:1d:ee:ad:1d:21:24:88:c7:70:27:82:cf:68:1d:fa:61:18: + da:2c:a9:9e:05:0d:b4:7e:e3:ac:49:fc:82:76:d0:6c:80:1c: + b3:b0:36:4c:44:da:e9:0e:aa:9a:df:66:1e:0a:80:f4:f0:0c: + 84:02:2f:57:47:96:e1:f7:ae:e6:be:85:9e:53:e0:97:1e:9a: + 68:7e:f2:32:8c:d7:89:1e:63:dd:3f:47:06:30:44:e3:42:ee: + 30:c2:d6:ce:3a:46:4f:6c:8c:e2:43:c3:7e:5a:51:ce:5e:73: + 7a:ed:f7:5a:04:a8:0d:f2:f0:67:af:e1:0e:b8:eb:9f:cd:2b: + 24:62 +-----BEGIN X509 CRL----- +MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV +UkkyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME +GDAWgBSGpFVj8YygI6envMtsqm3QWsYPWjAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQUFAAOBgQBzHe6tHSEkiMdwJ4LPaB36YRjaLKmeBQ20fuOsSfyCdtBsgByzsDZM +RNrpDqqa32YeCoD08AyEAi9XR5bh967mvoWeU+CXHppofvIyjNeJHmPdP0cGMETj +Qu4wwtbOOkZPbIziQ8N+WlHOXnN67fdaBKgN8vBnr+EOuOufzSskYg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem new file mode 100644 index 0000000000..f91b6dfd97 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=UTF8String Case Insensitive Match CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBZDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKDBFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAwwkVVRGOFN0cmlu +ZyBDYXNlIEluc2Vuc2l0aXZlIE1hdGNoIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCaogvEpeDhTyOkM06wjnLD1JeNedm9VZ+FpIvkkhrhGKskIHcfsNfJ +EsrLnoSQIj5ocFyxY/76uaSgJcEhTpIj695mSBtyZThgQr07wSGTByiAmO3fR3if +tMzWdzP9j19QXSUZjQCBNySjtuabFoqgR9OHEmVjly+67Al3yaZDEwIDAQABo3ww +ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUNmIV +KXylwtCEEMdeoxYn36lEE2IwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKnn +dr5r22s30krLGaZ6Ava5zeA3jRRsq/ewoyaGn39VO/MYpqRxPdqlVqLO41PCjwTY +VjndPhVSfFsQHxANRG4TUD7MBKeNsr3eclIvzCtIb8U9dwHngXeYNlih1ufYUDZ5 +z5oTq4R9mHUGu1Jz/uW9sisBRMbS+2wj+E/3yezC +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid UTF8String Case Insensitive Match EE Certificate Test11 +issuer=/C=US/O= test certificates /CN=utf8string case insensitive match CA +-----BEGIN CERTIFICATE----- +MIICrzCCAhigAwIBAgIBATANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEe +MBwGA1UECgwVICB0ZXN0IGNlcnRpZmljYXRlcyAgMS4wLAYDVQQDDCV1dGY4c3Ry +aW5nIGNhc2UgIGluc2Vuc2l0aXZlIG1hdGNoIENBMB4XDTAxMDQxOTE0NTcyMFoX +DTExMDQxOTE0NTcyMFowcTELMAkGA1UEBhMCVVMxGjAYBgNVBAoMEVRlc3QgQ2Vy +dGlmaWNhdGVzMUYwRAYDVQQDDD1WYWxpZCBVVEY4U3RyaW5nIENhc2UgSW5zZW5z +aXRpdmUgTWF0Y2ggRUUgQ2VydGlmaWNhdGUgVGVzdDExMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDsol6bNoNnlNAy2lkPsdVM02fDVB5vmtUbTN2DiXfYxICd +NtMW9orODpZLBLuhHD9L/N+amY5njVAJUpvbdU2cjFMwgn/YfQ/eDXrCDPG2FLaJ +WA0nRqHFrhBVz6MgJFtpJUz3e1Owsy3U03aq9SthFb/BBFFOtAH6mXnuBjYVTQID +AQABo2swaTAfBgNVHSMEGDAWgBQ2YhUpfKXC0IQQx16jFiffqUQTYjAdBgNVHQ4E +FgQUxMF/9KLvn9+5ABPGIN0ZEfq0S6cwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCLnWS00RFXZcbBCM15 +7+vQE5xrZp4AH8MhcC5CCS7C5F6JkHPcXT5OnCCN+d0cmCCTgolBi+AndeXwen9O +y/2uq63SVqP/H67rcyoxaGeqSxxZqbowZqboUMBLinSyMq/coqnGbiNjK+K7xXqR +borsQCmKGqvst1rn2LPNKfKRCA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=UTF8String Case Insensitive Match CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:36:62:15:29:7C:A5:C2:D0:84:10:C7:5E:A3:16:27:DF:A9:44:13:62 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 32:f5:46:0f:c0:5a:10:87:86:95:df:18:69:d7:c8:99:4c:84: + 5f:f7:1a:e8:c7:66:27:41:73:a4:72:f6:09:66:a9:f7:cd:62: + 22:87:dd:24:94:77:c1:38:e3:9c:cc:70:64:29:b7:d9:76:94: + 59:d7:26:43:86:35:63:6b:0b:81:a4:1d:d4:4f:7d:87:6a:b6: + bc:68:34:9b:ad:d0:1c:34:3b:72:7c:7f:25:b2:19:03:a1:24: + ee:ef:d3:3c:a6:21:cd:79:11:70:d4:6d:5d:c6:67:14:39:17: + e2:23:30:76:5b:f7:b5:4e:ce:ed:3e:57:2e:58:1d:cc:ec:ed: + b5:52 +-----BEGIN X509 CRL----- +MIIBUTCBuwIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE +CgwRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMMJFVURjhTdHJpbmcgQ2FzZSBJ +bnNlbnNpdGl2ZSBNYXRjaCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WqAvMC0wHwYDVR0jBBgwFoAUNmIVKXylwtCEEMdeoxYn36lEE2IwCgYDVR0UBAMC +AQEwDQYJKoZIhvcNAQEFBQADgYEAMvVGD8BaEIeGld8YadfImUyEX/ca6MdmJ0Fz +pHL2CWap981iIofdJJR3wTjjnMxwZCm32XaUWdcmQ4Y1Y2sLgaQd1E99h2q2vGg0 +m63QHDQ7cnx/JbIZA6Ek7u/TPKYhzXkRcNRtXcZnFDkX4iMwdlv3tU7O7T5XLlgd +zOzttVI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem new file mode 100644 index 0000000000..2857bd3c74 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=UTF8String CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICczCCAdygAwIBAgIBYjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEExCzAJBgNVBAYTAlVT +MRowGAYDVQQKDBFUZXN0IENlcnRpZmljYXRlczEWMBQGA1UEAwwNVVRGOFN0cmlu +ZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwNymUjXTPLYfQm1sbyf8 +QSDxshobqw4r+yna0i1Rj3o7Lu/5vt/vqIPKH2r52EYvuFWBMNKCglyCcqidFgVx +Z+hsUqJi79uj1DhGgqeSG1/gmyduba9sGud4J6rNhVuz1E/dX5gu81Gi8AgFQj/D +tC+HMSrP6GKAXVbXsnWBPGkCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6 +ng2wPOqavIf/SeowHQYDVR0OBBYEFNMoQWQMXH4Okw1WMKge9ihlAMr7MA4GA1Ud +DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw +AwEB/zANBgkqhkiG9w0BAQUFAAOBgQAYI8NaUKFwf+db04baEtgElpS8AhzYiCP9 +H+4pn+6Bp7ZK+3WMdR5HVmHkn0wx3+eRrAO+4sViEZYS7+yJfJvQVqgeVgRWZeuE +dzIXVT0OLIloElDfgpdZgkkM2Ucdg5Nn52Of3AnZagaFiaNqFRZmC+QYnKif09vj +8jaUJTJbuw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid UTF8String Encoded Names EE Certificate Test9 +issuer=/C=US/O=Test Certificates/CN=UTF8String CA +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEa +MBgGA1UECgwRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMMDVVURjhTdHJpbmcg +Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBnMQswCQYDVQQGEwJV +UzEaMBgGA1UECgwRVGVzdCBDZXJ0aWZpY2F0ZXMxPDA6BgNVBAMMM1ZhbGlkIFVU +RjhTdHJpbmcgRW5jb2RlZCBOYW1lcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoxNfkgSuZUKuoTrCTE46w8pIE47j18Ul ++ZyQJGplDws8AeUtIXBGxaYs6He2jxJXV6geeAi/DlFhUnNSK1Gavbey2DUkn8Av +3U5y2+p6S4HtU1FMypUCKcboGqHME6y3rqDQSl7YY03v3wd4PPaKPqvhZtDSG7b/ +QnejyG55zHkCAwEAAaNrMGkwHwYDVR0jBBgwFoAU0yhBZAxcfg6TDVYwqB72KGUA +yvswHQYDVR0OBBYEFFNv7Je2o4j/89zS0tw/sI8eM4dZMA4GA1UdDwEB/wQEAwIE +8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAT2NW +DkK184Mva0VGnLCXsyNVUYV9/6cBxVncmML7X/XlT3c4M7ZjSoL/J+hVyavU+1pN +SAKfgfyZE6mVa6BOYzL5sBRcvpgJPjZMAEGZ+dwfJUsh2KQvFmEXu8xSBIss4Rgh +o7OsvrTpSFiidbLgLQW6FeMEivGfw8AZZ2W9+s0= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=UTF8String CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D3:28:41:64:0C:5C:7E:0E:93:0D:56:30:A8:1E:F6:28:65:00:CA:FB + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 97:9a:cb:dd:e8:9a:f3:02:96:35:53:29:74:69:84:1f:c9:47: + f5:14:71:8a:f0:32:42:64:ae:06:9a:ec:f1:2a:e1:4a:70:d7: + 1e:11:fc:b8:f2:9b:6b:38:d6:18:37:5b:74:d7:bc:78:c7:9c: + b1:34:c1:76:87:4f:31:43:25:ce:95:52:23:cd:d0:38:c5:f0: + 26:b1:13:d1:ca:2b:f1:e1:df:e1:e7:3e:6a:3e:d9:51:60:5f: + 6a:78:b2:50:03:45:39:95:40:3d:2d:39:7b:af:97:e3:32:5f: + 14:f8:aa:70:ac:49:6d:44:1d:ac:2c:d2:fb:a4:5c:d5:f1:d7: + 23:5f +-----BEGIN X509 CRL----- +MIIBOjCBpAIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEaMBgGA1UE +CgwRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMMDVVURjhTdHJpbmcgQ0EXDTAx +MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNMoQWQM +XH4Okw1WMKge9ihlAMr7MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAJea +y93omvMCljVTKXRphB/JR/UUcYrwMkJkrgaa7PEq4Upw1x4R/Ljym2s41hg3W3TX +vHjHnLE0wXaHTzFDJc6VUiPN0DjF8CaxE9HKK/Hh3+HnPmo+2VFgX2p4slADRTmV +QD0tOXuvl+MyXxT4qnCsSW1EHaws0vukXNXx1yNf +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem new file mode 100644 index 0000000000..7d19088eda --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem @@ -0,0 +1,58 @@ +subject=/C=US/O=Test Certificates/CN=Valid Unknown Not Critical Certificate Extension EE Cert Test1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICpTCCAg6gAwIBAgIBXjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFHMEUGA1UEAxM+VmFsaWQgVW5r +bm93biBOb3QgQ3JpdGljYWwgQ2VydGlmaWNhdGUgRXh0ZW5zaW9uIEVFIENlcnQg +VGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKhu9MiazK4MZfZxFp8b +EqQNtc72SyzLI8gVU6uacEHKLpo7auSD72gD77oJKNLO0wW/lJmBZrr8N6Vb10xG +UDpyNayjEHhIQ9YGjQ0iFAzwBZdxSba417KwGoZEtWDwXDgHFcJkpdeO0cmvN/WY +T3hTDuDubTGzkT/z3o7HLBXVAgMBAAGjfTB7MB8GA1UdIwQYMBaAFPts1C2Bnson +ep4NsDzqmryH/0nqMB0GA1UdDgQWBBT2UVRewjWmpJzpb1mXbOTeaXT6qjAOBgNV +HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBAGCWCGSAFlAgEM +AgQDAgEAMA0GCSqGSIb3DQEBBQUAA4GBABs3aiPSbahf2RsQXVpA2945ngkKbfef +RWOSqb+RmLmR3zburW1DXXzu3XSEOB8Ud75OdMvg9MIeKss1EqhEp3Bp4ltMa4+V +xORBZ1hlK47mQAPiGsshFriTYp1nVfzHfByAFuwYZFLhjJnk2w/nyq5kyQ3AjfpQ +XaezK4Qnje4K +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem new file mode 100644 index 0000000000..8a9c75ecf4 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=basicConstraints Not Critical CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICgzCCAeygAwIBAgIBGTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFQxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEpMCcGA1UEAxMgYmFzaWNDb25z +dHJhaW50cyBOb3QgQ3JpdGljYWwgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBANLhA0OA9wRfp95Q7/HTBd7PlWljTlLaWClrNNQ1jWPhuQJN3ww9dy42U/na +HvOcy9yz2ANw44VJKqLn68rVvypadYoWUNUGPHgHSrhj37Dj/mNkFmw18BcEgpED +4OIp2vJW00ZLeMt7ItsFh1pxpaHZl4WDHIWKh0BAuw7VBWhpAgMBAAGjeTB3MB8G +A1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBTYuN8r/BQM +rtcTVstcPg56jM+RCDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB +ZQMCATABMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACqRpg4KhHWSs +qfP23ZQX2hAOVVT/0AqaTcnNCQVLGE4sE16rMPQMZQ4qpb1WAPZIq6gs+P43deDu +5M4evZgQVheRR7RqQm7/7ZXAiJ4uzAvJjWP5eYg23OyHqPvaK76reyPgde/gegWq +Lj/0XhyySYlWDr4i138LYLsfUDy2rWw= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid basicConstraints Not Critical EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=basicConstraints Not Critical CA +-----BEGIN CERTIFICATE----- +MIICoTCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIGJhc2ljQ29uc3Ry +YWludHMgTm90IENyaXRpY2FsIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0 +NTcyMFowbDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz +MUEwPwYDVQQDEzhWYWxpZCBiYXNpY0NvbnN0cmFpbnRzIE5vdCBDcml0aWNhbCBF +RSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +ztwCM4KjCZAusrt0pqJODe24QkEVIKHLb4UAlOxeSbZZ4Ye5BtR5NylouUsMu8Ja +XKoU+BxIWXmUrP7HSt2+D8HI33xczpxfXCUyYmY/ht58WkhRSur9n3XUBErcVOe1 +xoV/2CNceuS97TvupEAYDKkcK+Uv+gBZpuLyY2jF4ccCAwEAAaNrMGkwHwYDVR0j +BBgwFoAU2LjfK/wUDK7XE1bLXD4OeozPkQgwHQYDVR0OBBYEFAL9NE678Dg8eh16 +3hZvX02XaVPoMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB +MAEwDQYJKoZIhvcNAQEFBQADgYEAxH3RpgHseEdMz+tdowijXMxxOgAvJ+bDmb4W +VmA6BBlPljNwDeOJ5mu/qq2HaTbeYYkqxfGw/V0Nv5GoG4Ak0xnSFaVz8+dVEzDN +Avks85QOwYREyw/sxlpU7uOjlWBOwfkglUJM8UU2ZpBMlJf6sn7bEf5W9w35ZUo8 +Vlf2alk= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=basicConstraints Not Critical CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D8:B8:DF:2B:FC:14:0C:AE:D7:13:56:CB:5C:3E:0E:7A:8C:CF:91:08 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 9d:dc:8e:45:7e:1c:6d:56:eb:08:bd:04:5c:c7:9d:21:a0:ae: + 69:b7:35:a2:b5:31:34:85:f0:0a:92:7d:20:36:2e:32:dc:b9: + 8c:cb:ad:39:97:35:3a:9c:d1:68:37:f0:9a:06:ad:da:42:67: + 92:30:82:b8:52:db:c5:d5:39:d4:2f:cd:7b:ec:18:43:56:6d: + d7:2f:31:9c:59:48:fa:07:af:f9:fd:3a:b7:e0:b2:4b:0a:7c: + e9:7b:04:81:75:1f:58:a2:70:bb:30:bb:e2:14:21:0e:34:74: + ea:e3:41:e5:d0:c0:b4:7d:51:52:f6:7f:51:13:be:78:96:25: + a5:8a +-----BEGIN X509 CRL----- +MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIGJhc2ljQ29uc3RyYWludHMg +Tm90IENyaXRpY2FsIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w +LTAfBgNVHSMEGDAWgBTYuN8r/BQMrtcTVstcPg56jM+RCDAKBgNVHRQEAwIBATAN +BgkqhkiG9w0BAQUFAAOBgQCd3I5FfhxtVusIvQRcx50hoK5ptzWitTE0hfAKkn0g +Ni4y3LmMy605lzU6nNFoN/CaBq3aQmeSMIK4UtvF1TnUL8177BhDVm3XLzGcWUj6 +B6/5/Tq34LJLCnzpewSBdR9YonC7MLviFCEONHTq40Hl0MC0fVFS9n9RE754liWl +ig== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem new file mode 100644 index 0000000000..e788cc4242 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem @@ -0,0 +1,178 @@ +subject=/C=US/O=Test Certificates/OU=indirectCRL CA3 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBVjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD +UkwgQ0EzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb2axnNI56WnvGeocp +atKwDsPjuFVSHeTtyX3KVU/1U+ST/Jtv0u5WPp4iitAz/ddFiiBj4cwgr9hZYd0Y +tUyBvGAP8UjJVp55qo1hjMDYyxFRqotx6gH4F7wyfu7s08ERFrtOoT91EwbaTFwG +go0sbSeXio43GfBdAxDi3INGdwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlii8KaatWJ9nLsfCwZc63+6I6ygwDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAM8E4GsQT3eKZHuyNOUIn/7ZFw/9gFX3 +QfyYv5/Qozv19LTpdKCuIJuZAO900NFkfI4m4kjaYB8CGf9Z2P2B3ctXzgdI9uJM +KmRUnMfzzXGKx+jh+/xkwYi5kduJ2RECX0mqAcOS38OFX3ej7LQWTQ9y3oeqevcS +aUfi6VDmnLr8 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer +issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3 +-----BEGIN CERTIFICATE----- +MIIC2jCCAkOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM +IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UECxMZaW5kaXJl +Y3RDUkwgQ0EzIGNSTElzc3VlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +mHdETkTcRztCRHzlSZJg4afLgOPz/cqZQIIoA4riJ/kHT00t3kf5mRx0Gz8/GWBH +wYjUk5NlqDoDlmTby3SFHnZac7Ba/+rkiu4Jzdivp+BKAkiTKzIk9eM5KNv+rpUc +cy3XKWPbz/ox5+OEvn2NhUfVWTe/RbJx1Nq0Mvybh2cCAwEAAaOB0zCB0DAfBgNV +HSMEGDAWgBSWKLwppq1Yn2cux8LBlzrf7ojrKDAdBgNVHQ4EFgQUsQ4hS7IckqgK +M04rBolnT6FPHZ8wDgYDVR0PAQH/BAQDAgECMBcGA1UdIAQQMA4wDAYKYIZIAWUD +AgEwATBlBgNVHR8EXjBcMFqgWKBWpFQwUjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT +EVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMxDTAL +BgNVBAMTBENSTDEwDQYJKoZIhvcNAQEFBQADgYEAbIFuFqULVZjrhsyragErXnS8 +R/sgqnP5GJcPHn7p87dEkExtxEYL5N4XnDQXhWdnpc9UtAzh7qR3xnE9EvjeaU1r +lnsdkbJNO7DxTaM5EqLxiy/Rpf+b2rBprv10A0HvPloU9JvnVNHxT/2XA6hMnCsI +6gImM5yk9Sc/rTitZ6s= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test28 +issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3 +-----BEGIN CERTIFICATE----- +MIIDZTCCAs6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM +IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg +Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QyODCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAuwCMHRZqCorqgWJ/3RJzqiuHtyGbyYxGxHWcVZTbw4GSmQtI +F07KmEPqaz7I/wyMS0+u70yDrhQkfH1Esjmx7/srC+p4oBzZMa3/LiyDo0D63NjA +3JjOdLwf3YRWGE+4XcPbjHsd486hkCCXw4EF7ZfnscRWgNCe6FEzHy131MkCAwEA +AaOCAVEwggFNMB8GA1UdIwQYMBaAFJYovCmmrVifZy7HwsGXOt/uiOsoMB0GA1Ud +DgQWBBT6Yyl3V/7WremGwNkDahqsIxegJjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g +BBAwDjAMBgpghkgBZQMCATABMIHhBgNVHR8EgdkwgdYwgdOgfqB8pHoweDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlp +bmRpcmVjdENSTCBDQTMgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwg +Zm9yIGluZGlyZWN0Q1JMIENBM6JRpE8wTTELMAkGA1UEBhMCVVMxGjAYBgNVBAoT +EVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JM +SXNzdWVyMA0GCSqGSIb3DQEBBQUAA4GBAIk5myvkEmHvyOOh3ygeeWzpz2aV6o8D +ojAK/KS84CYsP7f64D8FU/H3JFrTXBNOoRiXpqrV5bzrHcmXgodQWTwOSL2KLzi9 +inTs+pRDbTw1oevK3GAjN5BedRZlgIyJr8d05Knp0YGYoItGYQTQXd22Dlzuoz2P +L5I8AvoFHSAL +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:96:28:BC:29:A6:AD:58:9F:67:2E:C7:C2:C1:97:3A:DF:EE:88:EB:28 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0Z.X.V.T0R1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA31
0...U....CRL1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 15:65:bb:88:f2:fd:8c:76:6d:92:ae:f5:06:d5:bf:c8:ba:bb: + d4:98:de:83:a5:e1:7a:e9:92:96:f7:c2:ce:0c:de:7b:81:7f: + a0:32:c8:a4:15:a6:16:e6:51:b1:b2:e5:92:62:ef:46:d3:7c: + 5f:37:56:47:5d:3c:12:94:a6:3e:18:59:6b:2c:9e:ac:f0:90: + 03:23:84:b1:cd:0f:49:ff:1a:8e:67:62:35:32:68:ed:24:a2: + 76:93:5c:b2:80:5d:bc:81:26:ab:02:c0:f4:a1:de:3a:6d:0d: + ae:02:66:fb:6e:72:49:59:fe:f1:2f:87:d2:bc:98:10:3e:33: + 3d:d5 +-----BEGIN X509 CRL----- +MIIBpzCCARACAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqggZgwgZUwHwYDVR0jBBgwFoAU +lii8KaatWJ9nLsfCwZc63+6I6ygwCgYDVR0UBAMCAQEwZgYDVR0cAQH/BFwwWqBY +oFakVDBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx +GDAWBgNVBAsTD2luZGlyZWN0Q1JMIENBMzENMAsGA1UEAxMEQ1JMMTANBgkqhkiG +9w0BAQUFAAOBgQAVZbuI8v2Mdm2SrvUG1b/IurvUmN6DpeF66ZKW98LODN57gX+g +MsikFaYW5lGxsuWSYu9G03xfN1ZHXTwSlKY+GFlrLJ6s8JADI4SxzQ9J/xqOZ2I1 +MmjtJKJ2k1yygF28gSarAsD0od46bQ2uAmb7bnJJWf7xL4fSvJgQPjM91Q== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B1:0E:21:4B:B2:1C:92:A8:0A:33:4E:2B:06:89:67:4F:A1:4F:1D:9F + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0...~.|.z0x1.0...U....US1.0...U. +..Test Certificates1"0 ..U....indirectCRL CA3 cRLIssuer1)0'..U... indirect CRL for indirectCRL CA3... +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 68:34:87:64:55:65:a9:87:47:54:c2:2d:14:48:91:1e:ee:59: + f5:ed:d9:06:6d:78:b9:ff:81:8c:5c:02:f5:08:b5:22:90:75: + 02:f2:63:62:78:25:4d:6c:2f:1f:a3:58:e2:1f:57:2b:3f:49: + 0d:0b:bd:85:02:c5:ac:ad:9d:38:0b:13:46:2c:34:f2:9b:e5: + 22:f5:55:cc:63:fb:c2:69:94:14:d7:e5:78:4f:17:4e:16:98: + 65:81:cf:9d:72:20:32:78:15:0e:22:af:22:2c:21:c5:7c:db: + 8c:31:be:ad:59:c4:81:24:e4:ec:e0:0c:40:4c:2b:95:98:dd: + 8f:f4 +-----BEGIN X509 CRL----- +MIIB3TCCAUYCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMg +Y1JMSXNzdWVyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIHEMIHBMB8G +A1UdIwQYMBaAFLEOIUuyHJKoCjNOKwaJZ0+hTx2fMAoGA1UdFAQDAgEBMIGRBgNV +HRwBAf8EgYYwgYOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg +Q2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JMSXNzdWVy +MSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBM4QB/zAN +BgkqhkiG9w0BAQUFAAOBgQBoNIdkVWWph0dUwi0USJEe7ln17dkGbXi5/4GMXAL1 +CLUikHUC8mNieCVNbC8fo1jiH1crP0kNC72FAsWsrZ04CxNGLDTym+Ui9VXMY/vC +aZQU1+V4TxdOFphlgc+dciAyeBUOIq8iLCHFfNuMMb6tWcSBJOTs4AxATCuVmN2P +9A== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem new file mode 100644 index 0000000000..4eba759d4e --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem @@ -0,0 +1,176 @@ +subject=/C=US/O=Test Certificates/OU=indirectCRL CA3 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBVjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD +UkwgQ0EzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb2axnNI56WnvGeocp +atKwDsPjuFVSHeTtyX3KVU/1U+ST/Jtv0u5WPp4iitAz/ddFiiBj4cwgr9hZYd0Y +tUyBvGAP8UjJVp55qo1hjMDYyxFRqotx6gH4F7wyfu7s08ERFrtOoT91EwbaTFwG +go0sbSeXio43GfBdAxDi3INGdwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlii8KaatWJ9nLsfCwZc63+6I6ygwDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAM8E4GsQT3eKZHuyNOUIn/7ZFw/9gFX3 +QfyYv5/Qozv19LTpdKCuIJuZAO900NFkfI4m4kjaYB8CGf9Z2P2B3ctXzgdI9uJM +KmRUnMfzzXGKx+jh+/xkwYi5kduJ2RECX0mqAcOS38OFX3ej7LQWTQ9y3oeqevcS +aUfi6VDmnLr8 +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer +issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3 +-----BEGIN CERTIFICATE----- +MIIC2jCCAkOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM +IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UECxMZaW5kaXJl +Y3RDUkwgQ0EzIGNSTElzc3VlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +mHdETkTcRztCRHzlSZJg4afLgOPz/cqZQIIoA4riJ/kHT00t3kf5mRx0Gz8/GWBH +wYjUk5NlqDoDlmTby3SFHnZac7Ba/+rkiu4Jzdivp+BKAkiTKzIk9eM5KNv+rpUc +cy3XKWPbz/ox5+OEvn2NhUfVWTe/RbJx1Nq0Mvybh2cCAwEAAaOB0zCB0DAfBgNV +HSMEGDAWgBSWKLwppq1Yn2cux8LBlzrf7ojrKDAdBgNVHQ4EFgQUsQ4hS7IckqgK +M04rBolnT6FPHZ8wDgYDVR0PAQH/BAQDAgECMBcGA1UdIAQQMA4wDAYKYIZIAWUD +AgEwATBlBgNVHR8EXjBcMFqgWKBWpFQwUjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT +EVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMxDTAL +BgNVBAMTBENSTDEwDQYJKoZIhvcNAQEFBQADgYEAbIFuFqULVZjrhsyragErXnS8 +R/sgqnP5GJcPHn7p87dEkExtxEYL5N4XnDQXhWdnpc9UtAzh7qR3xnE9EvjeaU1r +lnsdkbJNO7DxTaM5EqLxiy/Rpf+b2rBprv10A0HvPloU9JvnVNHxT/2XA6hMnCsI +6gImM5yk9Sc/rTitZ6s= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test29 +issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3 +-----BEGIN CERTIFICATE----- +MIIDEDCCAnmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM +IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg +Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QyOTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA3icTqNDmsima/TbMUuvjBhV59GC8zfX3Z3bbHAEH/kipg5Gu +rREsznRezB5sZVZG9SH3vfWMkugzVFLlYsAsp5Zjon3+ZM7t/JtZJ0pg6XzqsEfZ +/FCux1F10rMBIsaPzcLtc1At1aWoaqU4ydyam/kDzOEt7f/7WGqGY/ljZVUCAwEA +AaOB/TCB+jAfBgNVHSMEGDAWgBSWKLwppq1Yn2cux8LBlzrf7ojrKDAdBgNVHQ4E +FgQU3ZhtNWI1qdWfBti5WKsMkC0xclMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATCBjgYDVR0fBIGGMIGDMIGAoCuhKTAnBgNVBAMTIGlu +ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0EzolGkTzBNMQswCQYDVQQGEwJV +UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAsTGWluZGlyZWN0 +Q1JMIENBMyBjUkxJc3N1ZXIwDQYJKoZIhvcNAQEFBQADgYEAAJ+7QrDsVr4IL5DF +k4CE+XFTE1pd3zqHZCCUSiXp4rY5FEPlsErMT9xcEUB3CiHNFLdKRdaxMxeJ0Of4 +oJV5cnM/0QdVM0HkieFFasr9Ad5CdV7ltfgzgV3fgjDr/hsBAIfcD516l2s3oN7L +PvlIa7CLUa5f5TGAyvyKF9d1sRo= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:96:28:BC:29:A6:AD:58:9F:67:2E:C7:C2:C1:97:3A:DF:EE:88:EB:28 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0Z.X.V.T0R1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA31
0...U....CRL1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 15:65:bb:88:f2:fd:8c:76:6d:92:ae:f5:06:d5:bf:c8:ba:bb: + d4:98:de:83:a5:e1:7a:e9:92:96:f7:c2:ce:0c:de:7b:81:7f: + a0:32:c8:a4:15:a6:16:e6:51:b1:b2:e5:92:62:ef:46:d3:7c: + 5f:37:56:47:5d:3c:12:94:a6:3e:18:59:6b:2c:9e:ac:f0:90: + 03:23:84:b1:cd:0f:49:ff:1a:8e:67:62:35:32:68:ed:24:a2: + 76:93:5c:b2:80:5d:bc:81:26:ab:02:c0:f4:a1:de:3a:6d:0d: + ae:02:66:fb:6e:72:49:59:fe:f1:2f:87:d2:bc:98:10:3e:33: + 3d:d5 +-----BEGIN X509 CRL----- +MIIBpzCCARACAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqggZgwgZUwHwYDVR0jBBgwFoAU +lii8KaatWJ9nLsfCwZc63+6I6ygwCgYDVR0UBAMCAQEwZgYDVR0cAQH/BFwwWqBY +oFakVDBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx +GDAWBgNVBAsTD2luZGlyZWN0Q1JMIENBMzENMAsGA1UEAxMEQ1JMMTANBgkqhkiG +9w0BAQUFAAOBgQAVZbuI8v2Mdm2SrvUG1b/IurvUmN6DpeF66ZKW98LODN57gX+g +MsikFaYW5lGxsuWSYu9G03xfN1ZHXTwSlKY+GFlrLJ6s8JADI4SxzQ9J/xqOZ2I1 +MmjtJKJ2k1yygF28gSarAsD0od46bQ2uAmb7bnJJWf7xL4fSvJgQPjM91Q== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B1:0E:21:4B:B2:1C:92:A8:0A:33:4E:2B:06:89:67:4F:A1:4F:1D:9F + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0...~.|.z0x1.0...U....US1.0...U. +..Test Certificates1"0 ..U....indirectCRL CA3 cRLIssuer1)0'..U... indirect CRL for indirectCRL CA3... +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 68:34:87:64:55:65:a9:87:47:54:c2:2d:14:48:91:1e:ee:59: + f5:ed:d9:06:6d:78:b9:ff:81:8c:5c:02:f5:08:b5:22:90:75: + 02:f2:63:62:78:25:4d:6c:2f:1f:a3:58:e2:1f:57:2b:3f:49: + 0d:0b:bd:85:02:c5:ac:ad:9d:38:0b:13:46:2c:34:f2:9b:e5: + 22:f5:55:cc:63:fb:c2:69:94:14:d7:e5:78:4f:17:4e:16:98: + 65:81:cf:9d:72:20:32:78:15:0e:22:af:22:2c:21:c5:7c:db: + 8c:31:be:ad:59:c4:81:24:e4:ec:e0:0c:40:4c:2b:95:98:dd: + 8f:f4 +-----BEGIN X509 CRL----- +MIIB3TCCAUYCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMg +Y1JMSXNzdWVyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIHEMIHBMB8G +A1UdIwQYMBaAFLEOIUuyHJKoCjNOKwaJZ0+hTx2fMAoGA1UdFAQDAgEBMIGRBgNV +HRwBAf8EgYYwgYOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg +Q2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JMSXNzdWVy +MSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBM4QB/zAN +BgkqhkiG9w0BAQUFAAOBgQBoNIdkVWWph0dUwi0USJEe7ln17dkGbXi5/4GMXAL1 +CLUikHUC8mNieCVNbC8fo1jiH1crP0kNC72FAsWsrZ04CxNGLDTym+Ui9VXMY/vC +aZQU1+V4TxdOFphlgc+dciAyeBUOIq8iLCHFfNuMMb6tWcSBJOTs4AxATCuVmN2P +9A== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem new file mode 100644 index 0000000000..5fa8620800 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem @@ -0,0 +1,143 @@ +subject=/C=US/O=Test Certificates/OU=indirectCRL CA4 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBVzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD +UkwgQ0E0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOomKt58EC5ZhZuQ5l +1sHzwQGlV0aO6IxFJcWNzxERgALimki0sMEmrMvIg7vymvt/sQE/n4ivjA4Zmi7J +AvHlOsvgWiM6Kv2pvPkoBbRuOLQz1jrvOXIQlapQc6bsv3Cp8tIpxtNdjHEagqpc ++yL8WWtTTB89P2WOaDjUevZPSQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUrbJDVL6XeFCXxQvyNJPFyECwuScwDgYD +VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFWfQvCC6bO3TFmioOAPr4LLUDYbz8Za +z26H0RgIrFnUEmrPZF7i4/iQpq6cJmWcOb3M3wI/3IlaUmydTEOBpGGazIlk7NF6 +28v19V7KsugitbLcZJXOtaqbseyfwWgFT3LLvxV8qJqKBhNR3NUJvjdBYU6KlbeE +rZoFX9Ru0Z0G +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/OU=indirectCRL CA4 cRLIssuer +issuer=/C=US/O=Test Certificates/OU=indirectCRL CA4 +-----BEGIN CERTIFICATE----- +MIIDWTCCAsKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM +IENBNDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UECxMZaW5kaXJl +Y3RDUkwgQ0E0IGNSTElzc3VlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vVQzOttxelJEVuWmMiwdG3GTEejfYhWdQmYtsSPFQ64V3B1F/SYYykFOPCVAbkZh +PvFOhkUY0iQCBXi95lpCsWt31O2l5oIhKuzqBU6q86Ymk32qDQBvwtaHAlHRSdfn +nPsCxWlDQdl5El4WL4/bT60xL1SdwWePNDldrtN7hf8CAwEAAaOCAVEwggFNMB8G +A1UdIwQYMBaAFK2yQ1S+l3hQl8UL8jSTxchAsLknMB0GA1UdDgQWBBQF35wWai5Z +gbV2xnj1OQvb/oVaYzAOBgNVHQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgB +ZQMCATABMIHhBgNVHR8EgdkwgdYwgdOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAY +BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBD +QTQgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0 +Q1JMIENBNKJRpE8wTTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm +aWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQgY1JMSXNzdWVyMA0GCSqG +SIb3DQEBBQUAA4GBAFKBu5yoQtqwA+MA/6AboLUyFrryUbT8gm6n5zVA7H5ezmO3 +apxKCgdHPEshKAN+SgO2kto0eE/4s2MF++66pMA+r8TDDmCrOfYVwMHyPVOrBKGM +n7C+rt0ozZ32wA3d7k57IIsPT/H56TdX07oV5URZKAJ0k5iaPCBBLmF9w6BE +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test30 +issuer=/C=US/O=Test Certificates/OU=indirectCRL CA4 +-----BEGIN CERTIFICATE----- +MIIDZTCCAs6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM +IENBNDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg +Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMDCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEArCi7o+0oIpxvpPUN8G1Ys04I2kgIPVMldcU0tM/QiAGdPEXG +j/Hcn9YQZVOGFuuPKge/kZ7wheOIpI91lKkeGqegSWssN1BzgiAJupENTtDlex3I +FqatuDIln6nXgUp984F42mLPqLcXqSiAzCkJiPz24slUDhJiLWkEE0fWFrkCAwEA +AaOCAVEwggFNMB8GA1UdIwQYMBaAFK2yQ1S+l3hQl8UL8jSTxchAsLknMB0GA1Ud +DgQWBBQ4JkHeuoJrm1VjW/qWHf72m1Xm5TAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g +BBAwDjAMBgpghkgBZQMCATABMIHhBgNVHR8EgdkwgdYwgdOgfqB8pHoweDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlp +bmRpcmVjdENSTCBDQTQgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwg +Zm9yIGluZGlyZWN0Q1JMIENBNKJRpE8wTTELMAkGA1UEBhMCVVMxGjAYBgNVBAoT +EVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQgY1JM +SXNzdWVyMA0GCSqGSIb3DQEBBQUAA4GBAEGbnAJ6dpMVdHCjEMoVtyK7az1Sxcea +28kAl/5TcdMNyP/DUgoweDRVQcm7sbJ3se3M0ac/+I9ce78YpS2e+83drRFYDRTg +4DRD5RJUr6SS0F4tAwyncyaCsTn577sLWSmnkF3SKBiz6QNr83tetioIeXhAUcoI +0tg5RoGSJkFD +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA4 cRLIssuer + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:05:DF:9C:16:6A:2E:59:81:B5:76:C6:78:F5:39:0B:DB:FE:85:5A:63 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0...~.|.z0x1.0...U....US1.0...U. +..Test Certificates1"0 ..U....indirectCRL CA4 cRLIssuer1)0'..U... indirect CRL for indirectCRL CA4... +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 8f:7e:a7:21:7b:8e:70:00:d3:23:a8:d7:d5:ce:87:34:44:e0: + ad:e2:89:f6:7e:9d:5b:2a:b7:af:57:bf:95:bf:5e:6b:f9:1c: + 40:77:87:ea:eb:b1:ad:0c:e1:55:82:93:f0:bb:f6:e5:4c:33: + 69:e5:41:c1:c9:6e:ae:b4:98:38:a0:1e:38:e1:20:84:d9:2d: + 9f:2f:07:90:7e:30:7c:a1:c5:0d:c3:04:39:aa:97:b5:30:6f: + d9:e9:dd:78:d4:f9:49:01:69:93:da:e9:30:2e:ce:5b:89:cd: + 5b:c7:48:31:69:bc:06:9a:6a:cc:02:2f:bd:5b:78:b4:c4:ad: + 8b:ef +-----BEGIN X509 CRL----- +MIIB3TCCAUYCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQg +Y1JMSXNzdWVyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIHEMIHBMB8G +A1UdIwQYMBaAFAXfnBZqLlmBtXbGePU5C9v+hVpjMAoGA1UdFAQDAgEBMIGRBgNV +HRwBAf8EgYYwgYOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg +Q2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQgY1JMSXNzdWVy +MSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBNIQB/zAN +BgkqhkiG9w0BAQUFAAOBgQCPfqche45wANMjqNfVzoc0ROCt4on2fp1bKrevV7+V +v15r+RxAd4fq67GtDOFVgpPwu/blTDNp5UHByW6utJg4oB444SCE2S2fLweQfjB8 +ocUNwwQ5qpe1MG/Z6d141PlJAWmT2ukwLs5bic1bx0gxabwGmmrMAi+9W3i0xK2L +7w== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem new file mode 100644 index 0000000000..a1d4ca6ebd --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem @@ -0,0 +1,226 @@ +subject=/C=US/O=Test Certificates/OU=indirectCRL CA5 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD +UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI +iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok +km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM +6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn +6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J +7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H +sN+wLRApTQTr +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=indirectCRL CA6 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICdTCCAd6gAwIBAgIBWTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD +UkwgQ0E2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/raWoeX0Fp14qkKY +Ypdts+gzpB6uEBcK8SpAa5FzydBYcIJajJ7MbWLlH1o1nzd27E2YQQPaVuRvB9vS +4Tih5plnbOXvkaUVh/iohILhb0Q49JWe4JU2yQsphppmzXgUH7C0Zygn3N/fd8JF +MUxK0kDYmuerHsZ7DDIJsAOTpQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K +J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwhs+qhpOwTOKGqpZSQOxZqIc8H0wDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E +BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACMudfomzqT284TDQDAaT8SdUGpP0bH0 +ofTP/6WODMD3M2+AYgM5ES2McuNKWBx/iifIy42icqmtiP4EjbwjK5JKPJzSSyIF +/BL1+/TdNfvGBuDBG7qoVzqALx4QeAdCh9tjM9eZQbwVuIIUiI94VPU3hT1OcJRE +ZCkFIjgPYCPR +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test33 +issuer=/C=US/O=Test Certificates/CN=indirectCRL CA6 +-----BEGIN CERTIFICATE----- +MIIDUTCCArqgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM +IENBNjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg +Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMzCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA01gBYBQnJrrihQ7wxqFilR6zjimXk5ZbQs9BCX1n/zpBfmwn +ezaal6qZo9BPsXH+zjp8eicI+kPZSXMUd5JgwwuHYH9+gL7EvKobEJc9WBuhBU5i +GRSeBq9M0UltbXo5c6hbxl22rmTpqTaehigZ94dujqsPPl5g334rdtPU2IcCAwEA +AaOCAT0wggE5MB8GA1UdIwQYMBaAFMIbPqoaTsEzihqqWUkDsWaiHPB9MB0GA1Ud +DgQWBBR8QXrBPNUgzCMGCs9z7zs4nferRzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g +BBAwDjAMBgpghkgBZQMCATABMIHNBgNVHR8EgcUwgcIwgb+gdKBypHAwbjELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9p +bmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJl +Y3RDUkwgQ0E2okekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0 +aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JMIENBNTANBgkqhkiG9w0BAQUF +AAOBgQCTqqePZ3xWbeWlGEO5gbYfjxlqTrTOYOFZoSMlApx3fDkAo2o89IvoGN9N +hXQDCVtd7MS5g1v2bCGF9TjVKgPMGIJSFGp0QIRRsNdsxRi631JxUFvVz7yE3RgI +Qjll0EqM4nEceTJaNz6SnQhSjdcOJspkqKXUA1ga7Za2rC8SSA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0..Y...R...N.p0n1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5... +Revoked Certificates: + Serial Number: 01 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA6 + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA7 + Serial Number: 06 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 07 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 08 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA6 + Serial Number: 09 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0A + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + 2.5.29.29: critical + 0G.E0C1.0...U....US1.0...U. +..Test Certificates1.0...U....indirectCRL CA5 + Serial Number: 0B + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c: + d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c: + f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e: + 44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce: + 51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53: + 79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab: + 7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c: + c7:af +-----BEGIN X509 CRL----- +MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0 +NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V +BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU +ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX +DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB +MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD +ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG +A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV +HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm +aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1 +NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE +AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl +c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN +MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU +lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd +MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy +dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu +ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS +TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3 +pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw +FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly +ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb +uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu +TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq +xL1FzpoJ1fesDYN8YjzHrw== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem new file mode 100644 index 0000000000..abd16aaee7 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem @@ -0,0 +1,190 @@ +subject=/C=US/O=Test Certificates/CN=deltaCRL CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg +Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF +msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT +zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg +7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe +DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P +AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi +xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys +XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9 +247eEnnm +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test2 +issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1 +-----BEGIN CERTIFICATE----- +MIIDJjCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB +MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs +dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBANRKVxWvFldCkmzvNTs41NjJct7Jt2VltlefYPwBuwPuHZveA3TbXj88 +nvKICCqBLZwlhGlAyfZTqFd4gElplVEKvfn/GSNyGGnsAHfZJOqwzyvpIPx/yg61 +ALFj1gsGSesibsgaXOhUVO0N6EVpse2azO8I7qSpXf6f6b+qpSkLAgMBAAGjggEX +MIIBEzAfBgNVHSMEGDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAdBgNVHQ4EFgQU +zo7j3tkIY9+L33KkkCzx7XzdaOcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w +DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD +QTEwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU +ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0ExMA0GCSqGSIb3 +DQEBBQUAA4GBABBiIdpyc6pIhhnujMn4FXCBcoJtkC5Am8NB/cgPKyhVlUTnp62b +dbt1zoUI9KJPSlwBuJduPL/Q9hJr1vKHdcFC98iANtf3s7fzzhGF22Nel/qKtlWr +fldw2WVkIjTSeQV9gmBf3cHAV31JP5/q1rMljeZD448J9Cd46UR05jM2 +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1 + Last Update: Jan 1 12:00:00 2003 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD + + X509v3 CRL Number: + 2 + X509v3 Delta CRL Indicator: critical + 1 +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Remove From CRL + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 06 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Remove From CRL + Signature Algorithm: sha1WithRSAEncryption + 63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8: + b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85: + 29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48: + 9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71: + 58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98: + d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c: + 1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35: + 90:7a +-----BEGIN X509 CRL----- +MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz +MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw +WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB +CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g +SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B +AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k +ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7 +RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD + + X509v3 CRL Number: + 1 + 2.5.29.46: +..Test Certificates1.0...U....deltaCRL CA1 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Signature Algorithm: sha1WithRSAEncryption + 48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96: + b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4: + 73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0: + db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e: + fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e: + 06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92: + 71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d: + eb:4e +-----BEGIN X509 CRL----- +MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx +MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG +MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME +GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK +MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb +2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR +YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli +fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem new file mode 100644 index 0000000000..57390f882d --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem @@ -0,0 +1,190 @@ +subject=/C=US/O=Test Certificates/CN=deltaCRL CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg +Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF +msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT +zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg +7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe +DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P +AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi +xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys +XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9 +247eEnnm +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1 +-----BEGIN CERTIFICATE----- +MIIDJjCCAo+gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB +MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs +dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBALJoiZyA4CHBqHesCHEPO2Me3gceR6LJTUtoEOGP877OjigufADkFCsN +m6lEz1zn0JfUOvERm70QxsfYSjpbc3OiPi8v/hbsB0whYBVGe017Qluvyf6ZV2v/ +ItpeUd3v3rw3g3Z+pXGAgLTeDBl6RhbybuoORo2hbpq1hPkhrep7AgMBAAGjggEX +MIIBEzAfBgNVHSMEGDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAdBgNVHQ4EFgQU +FouAPbKkYNJGEKJU0p5tKX2BhpEwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w +DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD +QTEwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU +ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0ExMA0GCSqGSIb3 +DQEBBQUAA4GBAGu61lJXt+1uZ8FoGyPdKeHvT8YKDijsbNtC8azjbqKRIz7ETsfQ +9nax423fRWHnphLHzSUdbuIdBvWL8aDN0T9ZvNt4A+73SndqlIw7y3ULlw+r+CRs +UBmBJJSEvo8Bh+4OJCjGoZXDzdGbQ+7TYzZn+asNvDVZE5MN8o8Tcq8r +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1 + Last Update: Jan 1 12:00:00 2003 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD + + X509v3 CRL Number: + 2 + X509v3 Delta CRL Indicator: critical + 1 +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Remove From CRL + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 06 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Remove From CRL + Signature Algorithm: sha1WithRSAEncryption + 63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8: + b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85: + 29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48: + 9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71: + 58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98: + d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c: + 1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35: + 90:7a +-----BEGIN X509 CRL----- +MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz +MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw +WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB +CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g +SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B +AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k +ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7 +RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD + + X509v3 CRL Number: + 1 + 2.5.29.46: +..Test Certificates1.0...U....deltaCRL CA1 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Signature Algorithm: sha1WithRSAEncryption + 48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96: + b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4: + 73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0: + db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e: + fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e: + 06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92: + 71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d: + eb:4e +-----BEGIN X509 CRL----- +MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx +MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG +MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME +GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK +MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb +2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR +YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli +fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem new file mode 100644 index 0000000000..9b046d77ae --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem @@ -0,0 +1,190 @@ +subject=/C=US/O=Test Certificates/CN=deltaCRL CA1 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg +Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF +msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT +zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg +7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe +DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P +AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi +xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys +XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9 +247eEnnm +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1 +-----BEGIN CERTIFICATE----- +MIIDJjCCAo+gAwIBAgIBBjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB +MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs +dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBALU8oom56GYl7ggs8WAyhZeZmMxxsN6Ikht0t6Iydxic3xNbotaUS0iz +H0tYBYwzuCTMpM8RMBSrU4UlqIE/9V5PuY2dWiHDXVGRawMdE3i4UNzrMS0BlYDz +zvAw77ifKwmObOm8R1CWg2VCY9xzFWqER3YRDKQTcK5LzjtxP6PZAgMBAAGjggEX +MIIBEzAfBgNVHSMEGDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAdBgNVHQ4EFgQU +unt4uPVRHtIAndMWGuDH66dedOcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w +DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD +QTEwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU +ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0ExMA0GCSqGSIb3 +DQEBBQUAA4GBAFwV555uqsNA+ZtS8QnVH+RRp5jhYTymacP8yc7G87Hyue8xaNzA +yj4g3Rxfthlo52FFH0ZiuOKJP4YSvX4jr/BqZyrO5eMNs+ln4gMHn+RVxBdeh4xT +LgXbQGX8wnks92CCGWUW1vbXUSbpBW43SaT767qDIo7yTASQVQ4jtWHJ +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1 + Last Update: Jan 1 12:00:00 2003 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD + + X509v3 CRL Number: + 2 + X509v3 Delta CRL Indicator: critical + 1 +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Remove From CRL + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 06 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Remove From CRL + Signature Algorithm: sha1WithRSAEncryption + 63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8: + b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85: + 29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48: + 9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71: + 58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98: + d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c: + 1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35: + 90:7a +-----BEGIN X509 CRL----- +MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz +MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw +WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB +CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g +SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B +AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k +ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7 +RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD + + X509v3 CRL Number: + 1 + 2.5.29.46: +..Test Certificates1.0...U....deltaCRL CA1 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 04 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Serial Number: 05 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Certificate Hold + Signature Algorithm: sha1WithRSAEncryption + 48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96: + b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4: + 73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0: + db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e: + fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e: + 06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92: + 71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d: + eb:4e +-----BEGIN X509 CRL----- +MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx +MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG +MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME +GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK +MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb +2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR +YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli +fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem new file mode 100644 index 0000000000..2db6c9c39f --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem @@ -0,0 +1,162 @@ +subject=/C=US/O=Test Certificates/CN=deltaCRL CA2 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBXDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg +Q0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr2MUpxzH8HIqzmAylEvng +qJvVIxI4xzM8NSpC7P7T2R1dmFXK/19W+m5yqOagB9VxgxP9IYbI2VJ/FrbQSD/+ +afpuHA8++piSAs2e/1BoRagiln3PnQTLemPsmVy00eSLnsw6QRdC0MIZjme0/SHv +Z6XuWPNvicDyA/Uml2pCqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe +DbA86pq8h/9J6jAdBgNVHQ4EFgQUo5OrV2YmbXI6bLyDZaOa/I4MQwswDgYDVR0P +AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAFnKbCQCHJI6HhnaoKJkHKk3dBK/E1DNHc3a +u9yx3wYdmqwkoG5iKJjssQDLcbLfpjuF7jU9nKbk2gcmOIa5//lgCmUaok4WZSUA +u8bzMnpiZyzIjjoW78RyuntCMXbZzcs7umsOKfOlDXj4wwsev4E7m5nvP2Qv7hEX +ECR/9DaG +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test8 +issuer=/C=US/O=Test Certificates/CN=deltaCRL CA2 +-----BEGIN CERTIFICATE----- +MIIDJjCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB +MjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs +dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBANNXQWv/s3VtlajbHeAAaJZ+taow3YYnDMLz9tXUqMSOOKnoHR59ec/A +1XsEc02zK6rj6cC8db6LqebYOUJ1kpBl3t2oEH25mVFiBhgdYiLGeezrLNiAm2vF +dBdoOCER9Y5PshspgHG45kPR88sRxRuN+NtvOBQ+rS3ZagNzOydDAgMBAAGjggEX +MIIBEzAfBgNVHSMEGDAWgBSjk6tXZiZtcjpsvINlo5r8jgxDCzAdBgNVHQ4EFgQU +rDZIHgyRpXqIY0zNvpsz15jbVrcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w +DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx +GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD +QTIwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU +ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0EyMA0GCSqGSIb3 +DQEBBQUAA4GBACi9fCMcVs6WjeEeE35GgRLIbCVWQ1PbtOFwwJiaM7f/c4i1F3Kt +A2BcHex6T21Ea9eSra37uvPdAUSc0Dc3klZS96pU6v0oZtXl07daAhbR8mKRmoPq +tVcto5YqOd/STL2egFKzNVhfR5UZo1wycobU3FZtmFyr9DFIEKb/mFt0 +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2 + Last Update: Jan 1 12:00:00 2003 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B + + X509v3 CRL Number: + 3 + X509v3 Delta CRL Indicator: critical + 1 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 25:e0:e6:a0:65:11:f0:81:2b:f1:ed:47:8c:1c:a4:dd:79:26: + 78:05:22:84:96:35:60:de:7b:13:ec:70:ee:50:3d:ac:d4:9a: + 22:fe:e3:9a:77:a4:fb:bb:86:98:21:80:3e:d3:20:85:57:b2: + 0f:2e:bd:53:d4:7a:ac:96:02:3e:17:00:67:67:6d:16:01:9d: + 93:cb:fc:b6:f1:c2:23:0b:e2:de:c2:02:5a:70:05:34:35:8a: + 72:8c:cb:78:ad:62:96:86:50:5d:6c:ba:1a:bb:e5:b8:e8:5f: + b6:7c:33:8f:8b:aa:c6:b1:78:a7:e4:56:12:76:09:7a:db:ae: + f5:ff +-----BEGIN X509 CRL----- +MIIBbDCB1gIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMhcNMDMw +MTAxMTIwMDAwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaA+MDwwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa/I4M +QwswCgYDVR0UBAMCAQMwDQYDVR0bAQH/BAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA +JeDmoGUR8IEr8e1HjByk3XkmeAUihJY1YN57E+xw7lA9rNSaIv7jmnek+7uGmCGA +PtMghVeyDy69U9R6rJYCPhcAZ2dtFgGdk8v8tvHCIwvi3sICWnAFNDWKcozLeK1i +loZQXWy6GrvluOhftnwzj4uqxrF4p+RWEnYJetuu9f8= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B + + X509v3 CRL Number: + 2 + 2.5.29.46: +..Test Certificates1.0...U....deltaCRL CA2 +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 6a:af:6c:a0:70:12:90:02:5b:70:fd:d4:b6:8d:28:9a:51:5c: + fd:04:ed:47:e1:a0:5a:60:e7:41:83:23:ff:a3:e0:c6:b1:fc: + 71:db:cb:8e:a7:20:0e:f6:9a:ae:e3:fd:61:33:a6:21:69:4f: + 7f:7f:23:cc:33:47:45:23:bc:fc:a1:79:02:31:3f:8d:77:e7: + c0:9c:8d:90:ef:6a:9d:38:fe:13:b7:03:dd:ac:36:72:b5:94: + e5:7b:43:a8:7a:96:ce:16:bc:55:00:bd:cc:1b:a7:81:93:40: + f7:f6:11:bf:c6:dd:7a:ab:32:e5:be:fb:88:32:e2:06:41:9f: + 5f:d5 +-----BEGIN X509 CRL----- +MIIBtTCCAR4CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIXDTAx +MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkxNDU3MjBa +MAwwCgYDVR0VBAMKAQGggYUwgYIwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa +/I4MQwswCgYDVR0UBAMCAQIwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFD +UkwgQ0EyMA0GCSqGSIb3DQEBBQUAA4GBAGqvbKBwEpACW3D91LaNKJpRXP0E7Ufh +oFpg50GDI/+j4Max/HHby46nIA72mq7j/WEzpiFpT39/I8wzR0UjvPyheQIxP413 +58CcjZDvap04/hO3A92sNnK1lOV7Q6h6ls4WvFUAvcwbp4GTQPf2Eb/G3XqrMuW+ ++4gy4gZBn1/V +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem new file mode 100644 index 0000000000..4d1155f29e --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem @@ -0,0 +1,123 @@ +subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0 +aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue +jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V +wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+ +UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+ +uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y +eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56 +Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK +0dm+b6846EQQbmI8jNru +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test1 +issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA +-----BEGIN CERTIFICATE----- +MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv +blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs +VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN6guztNoD71JstXwHeM6i0zxnyPdZOx +ZTcQsR+TD2lCqIvhOECxI8GdbfxgHJlvh/2nKd7LKSelitE+3fWW/qKMZ/0YuVru +PaJZ++CaJDZQma26yjruW5AcBQ0L+V9VYKLoFnGDjtlJrHGbvrv4XZByL19ikrKd +nt241DXaNxsnAgMBAAGjgfMwgfAwHwYDVR0jBBgwFoAUnh8dUFdqhW8b+OZBXut6 +ujB+uvQwHQYDVR0OBBYEFGrgSYUMuxW8YuQDkUuM8pXH+fGIMA4GA1UdDwEB/wQE +AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYQGA1UdHwR9MHsweaB3oHWk +czBxMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAc +BgNVBAsTFWRpc3RyaWJ1dGlvblBvaW50MSBDQTEmMCQGA1UEAxMdQ1JMMSBvZiBk +aXN0cmlidXRpb25Qb2ludDEgQ0EwDQYJKoZIhvcNAQEFBQADgYEAaNonr89NlCOf +B4CPoPAy+I/+jv8FamQoB55nhirAu/W5oZunV0iWLyajzQxSVgMpmrKaIC0cgCwx +i6XUWy7aAkam0kQMmWzHNSrGEAvMjtYU9+jQj3ZO94LFUlSKsN6Ut1dxXNheb7ML +YFgoWyPNz0rcb+iy6fjoyxr8fpA5H9Q= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0y.w.u.s0q1.0...U....US1.0...U. +..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9: + 1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57: + 8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88: + 6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9: + 7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25: + 75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91: + 2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39: + 6a:49 +-----BEGIN X509 CRL----- +MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu +dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq +hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw +cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD +VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz +dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf +pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9 +DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2 +kS0PufUqzgxG5N2xPCOSqGfSOWpJ +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem new file mode 100644 index 0000000000..b910bfa5b8 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem @@ -0,0 +1,121 @@ +subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0 +aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue +jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V +wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+ +UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+ +uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y +eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56 +Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK +0dm+b6846EQQbmI8jNru +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test4 +issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA +-----BEGIN CERTIFICATE----- +MIICwzCCAiygAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv +blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs +VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDQwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANJIkOdZRwN8UTl55iM8yHPn50dQHIq8 +HfyujAk6Jv6J99xOf9TR0MdxFPy0pQ+sqafVe30jTmqUVekQqyzewTZvJ3Q2tRoc +POnbHancXe29FlXNO2PXHA+L7RPpFglcXQjTQTzccRCzmpv2bRO4oGEICTWg7twt +MiPAc4q4jZbfAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAUnh8dUFdqhW8b+OZBXut6 +ujB+uvQwHQYDVR0OBBYEFNbqujjf+uaNLMffRr8p+XZZJNN/MA4GA1UdDwEB/wQE +AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwNQYDVR0fBC4wLDAqoCihJjAk +BgNVBAMTHUNSTDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEB +BQUAA4GBAKzWCbFK6I9YapazUsu+6hrCf5Eafd14GQqQOhxwUQNvHdD8IxcTeQoX +7u5YapjezA6GSz14DxHIZQRtE/cAzSIjRJjDvn3rQdrlwdNXRgjFia9Jknth311/ +GXxAPrAwlxOAuTBFplNC9mG9japtT3qz2BkM/q+MdedGRWtS++30 +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0y.w.u.s0q1.0...U....US1.0...U. +..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9: + 1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57: + 8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88: + 6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9: + 7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25: + 75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91: + 2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39: + 6a:49 +-----BEGIN X509 CRL----- +MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu +dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq +hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw +cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD +VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz +dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf +pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9 +DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2 +kS0PufUqzgxG5N2xPCOSqGfSOWpJ +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem new file mode 100644 index 0000000000..ef20fec499 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem @@ -0,0 +1,118 @@ +subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0 +aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z +XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna +SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK +u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd +uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i +8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA +p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF +nhKgwK6jkVuYAf9HHtVh +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test5 +issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA +-----BEGIN CERTIFICATE----- +MIICwzCCAiygAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv +blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs +VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALIdJpgRzxOKTnCCaASeNoi7icWn2JXA +bBhMylWHT4WIl7sKHk5BkXh5iSMq81bPtotaxeZ+Ws8HGeZfJkZi3Ea/lo6bRPIp +XLWXT9bEppiXcWEsQjM1OYGfiqAsPqHLQYmx3QlNndM4/lkMpXScaPwVUH5y1dbF +oPNUrRztB7TpAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAUOjSLBeN2WFjEhwSYfX4d +jKxduU4wHQYDVR0OBBYEFPcg5CWLrv8FdA/4HseZ3PWB0ri3MA4GA1UdDwEB/wQE +AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwNQYDVR0fBC4wLDAqoCihJjAk +BgNVBAMTHUNSTDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQyIENBMA0GCSqGSIb3DQEB +BQUAA4GBABOac3w495YGcjA+gy3vEom/LJkN4/GNBM/n4qqPQSBLDfO9llCa+Ocg +MeRH/D/CyKU7r767Zx5WsPTRtu8hysZQF/B2QMg7wrt4iJxD2VLl1gDrWSgIFEYL +gmkFWj4cnUEWa3yxc+WoAYbFMCp10pGsfIpttb0KqIUYHGBSBNdX +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0*.(.&0$..U....CRL1 of distributionPoint2 CA +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f: + e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0: + 1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e: + ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06: + bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3: + fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95: + a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad: + d9:03 +-----BEGIN X509 CRL----- +MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu +dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY +xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE +AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD +gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis +MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6 +OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem new file mode 100644 index 0000000000..47a6d35e13 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem @@ -0,0 +1,120 @@ +subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0 +aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z +XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna +SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK +u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd +uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i +8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA +p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF +nhKgwK6jkVuYAf9HHtVh +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test7 +issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA +-----BEGIN CERTIFICATE----- +MIIDEzCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv +blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs +VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALJkqBgeil9P1aDGKnKT8h4pjVxykFCh +VM/tAU8+60Q16CRQ9Bt/7EPt0Qt/mRgxeP51SDX2Sw37dE2Y6aTbGufnxaQbYQIr +Xt4tEbUHKCx5cTIkR+rQh14970HAccLfsu8j21u+852qqsnXm1liCdwTw20NwfO/ +avIK1efcgtyvAgMBAAGjgfMwgfAwHwYDVR0jBBgwFoAUOjSLBeN2WFjEhwSYfX4d +jKxduU4wHQYDVR0OBBYEFJFcO0xfyRIlKoio1BzAWLtkBu01MA4GA1UdDwEB/wQE +AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYQGA1UdHwR9MHsweaB3oHWk +czBxMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAc +BgNVBAsTFWRpc3RyaWJ1dGlvblBvaW50MiBDQTEmMCQGA1UEAxMdQ1JMMSBvZiBk +aXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQADgYEAOPu/fA1dLP+t +SF2JNufkHRN+2SvhsqtuOTvh/uFByRS+H2bLFMaB2IJQwkCidQ53kf8LNb6iNRtj +hjVosG5KpEvqx70cRcUSp15fcdMDrjz2tAgiq58Eq/8DgYa+ml+CVRBx1Y6KHsyn +eeXXuCv+DmdYkhXefbSyXe2lUsCiuR0= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0*.(.&0$..U....CRL1 of distributionPoint2 CA +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f: + e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0: + 1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e: + ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06: + bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3: + fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95: + a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad: + d9:03 +-----BEGIN X509 CRL----- +MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu +dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0 +MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY +xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE +AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD +gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis +MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6 +OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem new file mode 100644 index 0000000000..eff7ceaf28 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Valid inhibitAnyPolicy EE Certificate Test2 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kwIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXzELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTQwMgYDVQQDEytW +YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8K1Na64KAEx4DG90CIYdXjn9QXftZ/JmM +hJ7HZotijcxTLAJ3Sz0718AcEoSXtaXQlkw/PDRF6WOd0BjcLM6qzWEkQTWBWyW2 +EOBRbJ8UY8XRijBsOG7ay1rZEV4bomd/6xnNG6TznXujwmBXQZDp2Voyil8OgJiv +uf+gY0BrnQIDAQABo3MwcTAfBgNVHSMEGDAWgBSdQJhgCObI/VzR2C8L6gDsGkUG +zzAdBgNVHQ4EFgQUutY+X7TkU+FzLalrhov3rioWEiYwDgYDVR0PAQH/BAQDAgTw +MB8GA1UdIAQYMBYwBgYEVR0gADAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA +A4GBAK2mBSjdik46DSR2Cn9O53Wk3uL54jZEHmH1jLi8eD7zxOU8eE23HWch+P9w +swVaUJ4SqZfrgpV4+IJ72AMPGXKnAEn633uoNXbe8KFErSzMe3p+fFI4iKt2tMdG +yPprehhYqGlG4KK5IHzgqcsfYZc989GcPE+Z679GnioPK8Mk +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICmTCCAgKgAwIBAgIBOzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu +eVBvbGljeTAgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALXCzoaXAEbX +pgMPDk3SCu2nzrt+I18MsI4lg/0oLjQAgPsD0np8LOGHMzo3UBtfJtpV0BXCc+E+ ++Ni+ehXFWfA4BXjFc3GdUdJmn7y3F9X7XSIauTE1GSYR2+bMW/IRbmjpMDzldmRs +WNb40N+jWAxw1h+YN61Pv0MD7Ef2ds0NAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJ1AmGAI5sj9XNHYLwvqAOwa +RQbPMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEAMA0GCSqG +SIb3DQEBBQUAA4GBALhhUDb9VolIM2bKpbpat4dNjGrkOmVT/HvGBl+FGwSXa7Mj +cLgZ3WygZ9gil3l7X+wL7lM9zKpXljV5WNpX+58RclQ2kK7Yk4qcY0tpPEUn8R4/ +9yg64Nferl/2gn9W79ODU3BiBFF/GiAJJ4SiwvLWl/JnPDoQuJv67IS24+Oa +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9D:40:98:60:08:E6:C8:FD:5C:D1:D8:2F:0B:EA:00:EC:1A:45:06:CF + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 60:ab:a2:8a:e3:22:04:cb:95:4a:c5:ca:68:46:70:0a:d0:31: + b0:98:cc:ad:4b:23:8c:3e:fc:b4:c7:7a:93:0d:6a:31:68:c4: + ff:30:37:7b:5c:48:01:6d:e1:85:f7:d0:9b:73:53:ca:62:36: + 00:5c:29:c8:af:a6:40:62:d5:f5:af:32:a9:4a:b6:a2:a7:0b: + cb:bb:72:2e:3e:0b:77:64:17:8d:2d:59:2f:fc:cf:2f:1f:a6: + 77:83:9a:7c:68:b0:15:f6:5a:63:67:74:b2:3a:fa:74:b8:d3: + a9:70:e6:87:04:bc:4c:79:ef:c8:b4:31:70:17:ae:f3:ef:ae: + 7a:3b +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kw +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBSdQJhgCObI/VzR2C8L6gDsGkUGzzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQBgq6KK4yIEy5VKxcpoRnAK0DGwmMytSyOMPvy0x3qTDWoxaMT/MDd7XEgB +beGF99Cbc1PKYjYAXCnIr6ZAYtX1rzKpSraipwvLu3IuPgt3ZBeNLVkv/M8vH6Z3 +g5p8aLAV9lpjZ3SyOvp0uNOpcOaHBLxMee/ItDFwF67z7656Ow== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem new file mode 100644 index 0000000000..c9e23ce0b8 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem @@ -0,0 +1,162 @@ +subject=/C=US/O=Test Certificates/CN=Valid inhibitPolicyMapping EE Certificate Test2 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA +-----BEGIN CERTIFICATE----- +MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1 +NzIwWjBjMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx +ODA2BgNVBAMTL1ZhbGlkIGluaGliaXRQb2xpY3lNYXBwaW5nIEVFIENlcnRpZmlj +YXRlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZweShwVjs1qka +nqPGQOLGlctQ3TXgy/mxMNF5iCtHOwRF1KCW1OU9KloQ3r6+OfgzcZN+flBVpI3e +jyjOMjfcTTb30YkOQneX5WBmDbG0hNh6eMeguoRuUhkdFGqXR/vCRpMZm54bw85o +6PrFmUwLluXwBGGzX7qaD0h2mpzycQIDAQABo2swaTAfBgNVHSMEGDAWgBQXeoow +BvbqXDZADa7Yn7+5vYLMUjAdBgNVHQ4EFgQUGa+XGGh0cFuvb54Rblg0NuJV0T4w +DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAzANBgkqhkiG +9w0BAQUFAAOBgQCtpBN+M2QdihGfroUS+K93c6X4n5STm0IwsSvGEpOHX2tjLKqr +WGurbAH8XvIJEsO4wlA6NOHbFEYmSYX1otlMNDKu3vQVTDEB7RJWA04YsUuS4BNA +B+scXAJEWbvQdkoGh5U+aOmX8yST+HWIbW6XgKQmA3qiO4LsJgdmEDB8xw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv +bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6 +zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0 +MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV +HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ +FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD +AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw +BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka +eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN +uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK +wGB7PyQXRRDWjA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA +-----BEGIN CERTIFICATE----- +MIIC5zCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm +BgNVBAMTH2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0EwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAMX6LszkJcSryGVxfI4egJDv3zFztB0M+jGHKEc8 +uPkbpVlPSjM2LWqUOks/C1q34lfaC6J5O+V3/DmN7GjLpJmdjBDn7k/aqGeE7XHR +Wns707M/rcEWxPP/ErMQNIsqSkvy92GtwuaG7wsY4a+KyB0YCdqikJr6oK2Cvhwf +LmC1AgMBAAGjgc0wgcowHwYDVR0jBBgwFoAUj3Ywg1+jhUuQFB4GBHs3AQUgJmYw +HQYDVR0OBBYEFBd6ijAG9upcNkANrtifv7m9gsxSMA4GA1UdDwEB/wQEAwIBBjAl +BgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBABgNVHSEBAf8E +NjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAgYKYIZI +AWUDAgEwBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3ZflJR +6b/Pwip7bO1ZIkiym+8uTzlT5nx3CF4P5Yyhje4VKVqoAOdljbZoaL5x1Zdd733W +MxbQk/QP+wziLjZJlnqX+lSxg4wUiSU6mGtDJ1rPwMsbiiVBld7iP5JhFAWoTg0b +XJ0ZSTHABPtNeMg2desSHwfh2I5WtX3hpXwE +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58: + 7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c: + b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52: + 21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75: + ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02: + 18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43: + 08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e: + c1:7e +-----BEGIN X509 CRL----- +MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G +A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB +PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy +pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+ +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:17:7A:8A:30:06:F6:EA:5C:36:40:0D:AE:D8:9F:BF:B9:BD:82:CC:52 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 01:73:17:d4:24:e8:3a:79:6d:9c:a4:96:74:fd:60:fa:65:82: + c6:0a:26:9c:64:d6:f8:c5:01:8e:ce:70:b2:a4:1a:a0:1c:41: + df:1e:a2:36:1b:4f:2d:56:6f:ef:e2:fb:e7:84:d3:aa:0c:08: + 04:44:67:57:88:8b:34:b1:74:8c:57:96:9b:e2:b7:dc:2e:d4: + a3:05:41:bb:24:fa:be:2c:a4:cf:be:0a:aa:8d:64:ff:6f:ee: + e1:24:c8:06:8e:15:fb:fd:19:fe:92:d6:55:84:ae:71:58:2c: + 6a:65:53:34:39:20:43:1a:5b:20:41:81:00:6c:5c:10:25:b0: + 3f:f3 +-----BEGIN X509 CRL----- +MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xpY3lNYXBw +aW5nMSBQMTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt +MB8GA1UdIwQYMBaAFBd6ijAG9upcNkANrtifv7m9gsxSMAoGA1UdFAQDAgEBMA0G +CSqGSIb3DQEBBQUAA4GBAAFzF9Qk6Dp5bZyklnT9YPplgsYKJpxk1vjFAY7OcLKk +GqAcQd8eojYbTy1Wb+/i++eE06oMCAREZ1eIizSxdIxXlpvit9wu1KMFQbsk+r4s +pM++CqqNZP9v7uEkyAaOFfv9Gf6S1lWErnFYLGplUzQ5IEMaWyBBgQBsXBAlsD/z +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem new file mode 100644 index 0000000000..21d384e81c --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem @@ -0,0 +1,216 @@ +subject=/C=US/O=Test Certificates/CN=Valid inhibitPolicyMapping EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA +-----BEGIN CERTIFICATE----- +MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5 +MTQ1NzIwWjBjMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0 +ZXMxODA2BgNVBAMTL1ZhbGlkIGluaGliaXRQb2xpY3lNYXBwaW5nIEVFIENlcnRp +ZmljYXRlIFRlc3Q0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMMwNGdAJ0 +vncWniYOninmdOvqbWTU+G3jPbZ4uJULmhWBvap0Hpq8RSJZ8wprenFgK2/epICj +uFtJZyEtG/3A8PZ3IHYNkWv7srclGdUlotObulycoDHBn9LXI+i/CvUNGvFJldlm +kQOxqy1Qhto5Gj7cVWa4HiEYfx+7HJPR2QIDAQABo2swaTAfBgNVHSMEGDAWgBRa +k0vvlp6uPkMWJqQYHnmLouabITAdBgNVHQ4EFgQUFgpn09iEBzTYWYmTqi0RWeEt +CfYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwBDANBgkq +hkiG9w0BAQUFAAOBgQCCP6oScMpFs5Ak3jAfJkXhwpzciLdF1Mtq/SO8auu0mZ6a +CfrKh6JL5kshzKbZFbRYqkIidQNW42Iv4et3yLhWZvSVoYkP+EAg0dMs9/Arw2C1 +pqRc5a2mgi1G182TWgEh9rMZDvYPdD+FrzZU55bLtSlt9L8o9y9vz6+dE2MrLQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv +bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6 +zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0 +MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV +HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ +FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD +AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw +BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka +eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN +uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK +wGB7PyQXRRDWjA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA +-----BEGIN CERTIFICATE----- +MIIC0zCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1 +NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx +KzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJiRgbTlXD7Tr33rE8bkM1fLhA/0RcC0 +n6UIcVb6xSELqRqVIpXK2C038i/3Ta6+eoiCdjT6kvQwsM9uMBJnB7uePzDzpkSE +G3Php6MSbnAO+6LPrGFBJ0LNo6yXvsV3HQ1Uwh8iND8Yt37obPJ05PzfU6hSnMgV +47YDMrmE5h+5AgMBAAGjgbMwgbAwHwYDVR0jBBgwFoAUF3qKMAb26lw2QA2u2J+/ +ub2CzFIwHQYDVR0OBBYEFFqTS++Wnq4+QxYmpBgeeYui5pshMA4GA1UdDwEB/wQE +AwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNV +HSEBAf8EHDAaMBgGCmCGSAFlAwIBMAMGCmCGSAFlAwIBMAUwDwYDVR0TAQH/BAUw +AwEB/zANBgkqhkiG9w0BAQUFAAOBgQCh/ZM7m2L0OxzF6RXxeVUhY5xlTjRO0HGd +0xOnDkOesSYfCI4gUflMo6/T9Ot67Vnb9mgzwWSEXB6g2R22/3DVR1ord/UgZFKe +w4llbMnwRS5e3zjqLGsLeWk2ZdyjoD2vmKiFBiX+rlHvaLk+5xYcGEfOupTVqWMO +OHuz9iinWQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA +issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA +-----BEGIN CERTIFICATE----- +MIIC5zCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp +Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm +BgNVBAMTH2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0EwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAMX6LszkJcSryGVxfI4egJDv3zFztB0M+jGHKEc8 +uPkbpVlPSjM2LWqUOks/C1q34lfaC6J5O+V3/DmN7GjLpJmdjBDn7k/aqGeE7XHR +Wns707M/rcEWxPP/ErMQNIsqSkvy92GtwuaG7wsY4a+KyB0YCdqikJr6oK2Cvhwf +LmC1AgMBAAGjgc0wgcowHwYDVR0jBBgwFoAUj3Ywg1+jhUuQFB4GBHs3AQUgJmYw +HQYDVR0OBBYEFBd6ijAG9upcNkANrtifv7m9gsxSMA4GA1UdDwEB/wQEAwIBBjAl +BgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBABgNVHSEBAf8E +NjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAgYKYIZI +AWUDAgEwBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3ZflJR +6b/Pwip7bO1ZIkiym+8uTzlT5nx3CF4P5Yyhje4VKVqoAOdljbZoaL5x1Zdd733W +MxbQk/QP+wziLjZJlnqX+lSxg4wUiSU6mGtDJ1rPwMsbiiVBld7iP5JhFAWoTg0b +XJ0ZSTHABPtNeMg2desSHwfh2I5WtX3hpXwE +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58: + 7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c: + b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52: + 21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75: + ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02: + 18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43: + 08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e: + c1:7e +-----BEGIN X509 CRL----- +MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G +A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB +PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy +pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+ +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:17:7A:8A:30:06:F6:EA:5C:36:40:0D:AE:D8:9F:BF:B9:BD:82:CC:52 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 01:73:17:d4:24:e8:3a:79:6d:9c:a4:96:74:fd:60:fa:65:82: + c6:0a:26:9c:64:d6:f8:c5:01:8e:ce:70:b2:a4:1a:a0:1c:41: + df:1e:a2:36:1b:4f:2d:56:6f:ef:e2:fb:e7:84:d3:aa:0c:08: + 04:44:67:57:88:8b:34:b1:74:8c:57:96:9b:e2:b7:dc:2e:d4: + a3:05:41:bb:24:fa:be:2c:a4:cf:be:0a:aa:8d:64:ff:6f:ee: + e1:24:c8:06:8e:15:fb:fd:19:fe:92:d6:55:84:ae:71:58:2c: + 6a:65:53:34:39:20:43:1a:5b:20:41:81:00:6c:5c:10:25:b0: + 3f:f3 +-----BEGIN X509 CRL----- +MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xpY3lNYXBw +aW5nMSBQMTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt +MB8GA1UdIwQYMBaAFBd6ijAG9upcNkANrtifv7m9gsxSMAoGA1UdFAQDAgEBMA0G +CSqGSIb3DQEBBQUAA4GBAAFzF9Qk6Dp5bZyklnT9YPplgsYKJpxk1vjFAY7OcLKk +GqAcQd8eojYbTy1Wb+/i++eE06oMCAREZ1eIizSxdIxXlpvit9wu1KMFQbsk+r4s +pM++CqqNZP9v7uEkyAaOFfv9Gf6S1lWErnFYLGplUzQ5IEMaWyBBgQBsXBAlsD/z +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:5A:93:4B:EF:96:9E:AE:3E:43:16:26:A4:18:1E:79:8B:A2:E6:9B:21 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 64:90:80:33:7a:e3:e8:e4:66:09:4e:4d:1d:ae:cb:f4:f5:b2: + ea:4d:48:24:be:04:8f:39:9e:c1:da:6c:14:fa:0a:a5:be:47: + 84:19:27:c0:3e:15:ab:18:78:71:0e:93:e7:6e:c8:05:ea:f2: + bd:c3:7b:fc:52:04:be:fc:b2:22:80:81:35:b3:ab:57:7b:23: + ca:39:66:ed:47:19:cd:1f:2c:ab:14:4a:28:5d:23:ab:24:7b: + e3:51:bb:78:79:05:20:25:ff:13:4f:c5:d1:2c:e1:67:b3:e4: + 29:35:2b:1c:5e:aa:01:17:aa:49:bb:04:66:52:a3:1a:7c:0b: + f5:57 +-----BEGIN X509 CRL----- +MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBw +aW5nMSBQMTIgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg +LzAtMB8GA1UdIwQYMBaAFFqTS++Wnq4+QxYmpBgeeYui5pshMAoGA1UdFAQDAgEB +MA0GCSqGSIb3DQEBBQUAA4GBAGSQgDN64+jkZglOTR2uy/T1supNSCS+BI85nsHa +bBT6CqW+R4QZJ8A+FasYeHEOk+duyAXq8r3De/xSBL78siKAgTWzq1d7I8o5Zu1H +Gc0fLKsUSihdI6ske+NRu3h5BSAl/xNPxdEs4Wez5Ck1KxxeqgEXqkm7BGZSoxp8 +C/VX +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem new file mode 100644 index 0000000000..3183499812 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=keyUsage Not Critical CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBHzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYa2V5VXNhZ2Ug +Tm90IENyaXRpY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYlAJy +nnvLn2glPjCkqnWzCC/bxT/ypoeW3spfvzi+AQuwM+d/bNL1ZouAnps7JPpf4VHp +ZvSGjeCgLpCvDjnUP6tG/hkQBm8CS9vaqg/65FoI/MpSMHXmVJ9CgUjOkjHp1g47 +2AYniw5lRztaH2tCN25WqZFzar+vdhQG2ZkJNQIDAQABo3kwdzAfBgNVHSMEGDAW +gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUzyqhpf1C4jO8MypNmHOz +2PtVvNgwCwYDVR0PBAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKS4oBKhFhU5vxr4Z547N5er +YrYR5JU75QnGUZjv7JYCXydlJVuvIhZptrzG/wevhz2VgNSbk/wp8Uw+ra3eqqlq +QjVFQukh0F4GKMBaiFZ1HUEGILLIpeEq0Pn70Q8EE0H1RsweW1P30qaXZE9050m4 +7h+is62/EaaT31RpTb+G +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid keyUsage Not Critical EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=keyUsage Not Critical CA +-----BEGIN CERTIFICATE----- +MIICkTCCAfqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGtleVVzYWdlIE5v +dCBDcml0aWNhbCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UE +AxMwVmFsaWQga2V5VXNhZ2UgTm90IENyaXRpY2FsIEVFIENlcnRpZmljYXRlIFRl +c3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQifnsA6fOmILXLNZeSJEf +D8ON1YDI4FjDmGqG8Ob1ITgAWPfxJcWgQXqRwzn/1NXj0faYKeVA5j6VZxSCP7Dz +D6ZCeGxjgcF1lNF2dqZh268sSsW3ZiesNQ+wG9zaF8YNWvL8iqICgMrjVqdiFbiD +X8N15gROcCA0lPuKiqlJlwIDAQABo2swaTAfBgNVHSMEGDAWgBTPKqGl/ULiM7wz +Kk2Yc7PY+1W82DAdBgNVHQ4EFgQUHw6xfNRi0j5jpx9vVSQlS+45UuUwDgYDVR0P +AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUF +AAOBgQADtx2GVXZR3dxm4aGGrvmtdkDkj/20o+75/jzMHss7prirQQdShNtqL02F +TL2y/PWCf6QbDQgcakwPDez60a7reZ02JKUtwKCa4VJf86gy3BDKKhm+msihYgCj +ZzkYwS9CoF3dRup5ySq6dvAU6gVzPRJZKOf3MIM/3Vo9hUtmVg== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=keyUsage Not Critical CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:CF:2A:A1:A5:FD:42:E2:33:BC:33:2A:4D:98:73:B3:D8:FB:55:BC:D8 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 3a:4d:11:cb:3c:14:7e:17:ec:4f:14:72:47:1e:98:fe:ba:02: + 2c:79:4d:2f:5d:e8:71:fa:35:d3:7f:26:b5:27:1b:23:c0:12: + 8d:c5:9c:f7:e1:96:71:d5:7c:6a:e4:40:ed:7d:46:28:a1:91: + 99:ab:75:2b:61:a5:c5:4b:d1:63:10:bb:95:bb:4c:ee:a0:8a: + 8e:d6:65:14:3c:86:f2:11:8b:0c:4d:6a:3d:e1:a9:e6:12:28: + 69:87:1b:eb:e4:9e:d1:45:5c:dd:2b:2f:6e:55:72:e2:69:cd: + 88:84:b1:c5:5e:86:44:10:4f:ce:ab:a4:b3:ed:c7:03:58:84: + 84:cc +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGtleVVzYWdlIE5vdCBDcml0 +aWNhbCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUzyqhpf1C4jO8MypNmHOz2PtVvNgwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAOk0RyzwUfhfsTxRyRx6Y/roCLHlNL13ocfo1038mtScbI8ASjcWc +9+GWcdV8auRA7X1GKKGRmat1K2GlxUvRYxC7lbtM7qCKjtZlFDyG8hGLDE1qPeGp +5hIoaYcb6+Se0UVc3SsvblVy4mnNiISxxV6GRBBPzquks+3HA1iEhMw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem new file mode 100644 index 0000000000..fc640e8409 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem @@ -0,0 +1,112 @@ +subject=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfDCCAeWgAwIBAgIBTjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWb25seUNvbnRh +aW5zQ0FDZXJ0cyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqP8z3Y0v +UCVXIVXCpbr+dcdoZFi0UZQPvl77hqqVORSs9FefV5mTeuoDDfhtUYa+O6Wzh2v/ +Yzv1MzPQzePG3eho/6CLs4pzqVWZDzYTG6OXubjPvYT10WykqfaWuivcn5YxbHuA +cRitNsBAvY1Nq/kPDtsPJz1t5+PDRVO64gsCAwEAAaN8MHowHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPOhB0Zne+mPWavrVYaTyKzk +VbcYMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGkMUjQFfto4SQpRJ2fAeU +qXp2dn4kt+s/ITPOIykUFaybQ6eaGRcWN4kTi7IufbSeI7lmaa4SC+bq14tfSf/w +gJSpwu58pIbPHKN0IgB+9S8eRS8wmB4HcBflmNZz/NX6wJzwJt15ZC+gek+eZGUw +Qck6L9wt5i1wMFyRwBmAHQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid onlyContainsCACerts EE Certificate Test13 +issuer=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA +-----BEGIN CERTIFICATE----- +MIICnzCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWlu +c0NBQ2VydHMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBjMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxODA2BgNVBAMT +L1ZhbGlkIG9ubHlDb250YWluc0NBQ2VydHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCleZwZx1DWjtQUI6sccnzSSv3J +scTabLlHXVLbXj57OzT/9XuVVLkRe6ZB95/CCO8YM/bYdtmJEwtT3S7J7jaSI1XM +NBi9E5Uc2y6RXOEZ4dL8LFJjZYIQNbRUgg2o5rtJ55N7Hp/uA5zJYKH9wtNBXAlj +i0eULWMWi42zHc/w1wIDAQABo3wwejAfBgNVHSMEGDAWgBTzoQdGZ3vpj1mr61WG +k8is5FW3GDAdBgNVHQ4EFgQUQrE9JN7MpRBHp0VYS792Fg2IxOMwDgYDVR0PAQH/ +BAQDAgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBBQUAA4GBAI7d4izaGul72X3r0YD8tjwHlxMMBg7/4nO6PrJd ++blNKJwn/eqMJdekiTWjl2E+PKS4nBCBSeFeoboUHLnQ/AHevzxnJiEUK7otOXim +UFRLlktEMASIbfUjiJrkwmL6JxvDXlbmhJNVlXZI6bRfAxi2XXt6o+ZO0VAFlebG +iga9 +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=onlyContainsCACerts CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:F3:A1:07:46:67:7B:E9:8F:59:AB:EB:55:86:93:C8:AC:E4:55:B7:18 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0.... +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 54:27:ac:fc:b5:7a:93:93:e7:f2:e9:63:f7:52:ad:20:08:4c: + 52:08:62:e6:f6:81:71:1d:72:f4:1d:bf:db:06:52:d6:4f:8b: + 86:68:4a:ca:01:4a:fd:b9:7e:5d:7a:df:48:67:36:9b:31:12: + dd:13:29:b2:8e:b6:ba:c4:20:31:57:4f:7e:c6:d1:3c:0b:e5: + 1c:a0:c2:15:c6:09:5b:77:ca:95:37:31:7d:a8:08:4d:ae:60: + 4f:3c:b4:ef:92:9d:f1:11:5f:a1:1b:2d:ff:e6:2e:07:88:4e: + 2c:88:54:b8:e1:be:4e:6c:22:90:0e:37:0d:b2:8d:61:21:46: + 36:29 +-----BEGIN X509 CRL----- +MIIBVDCBvgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWluc0NBQ2Vy +dHMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQDA+MB8GA1UdIwQY +MBaAFPOhB0Zne+mPWavrVYaTyKzkVbcYMAoGA1UdFAQDAgEBMA8GA1UdHAEB/wQF +MAOCAf8wDQYJKoZIhvcNAQEFBQADgYEAVCes/LV6k5Pn8ulj91KtIAhMUghi5vaB +cR1y9B2/2wZS1k+LhmhKygFK/bl+XXrfSGc2mzES3RMpso62usQgMVdPfsbRPAvl +HKDCFcYJW3fKlTcxfagITa5gTzy075Kd8RFfoRst/+YuB4hOLIhUuOG+TmwikA43 +DbKNYSFGNik= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem new file mode 100644 index 0000000000..580d919aa2 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem @@ -0,0 +1,167 @@ +subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS +ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ +024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2 +wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a +MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU +LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ +MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461 +hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr +eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN +/veMciSwQ7N4Ku7Zjw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid onlySomeReasons EE Certificate Test19 +issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4 +-----BEGIN CERTIFICATE----- +MIIDYjCCAsugAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh +c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYD +VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1Zh +bGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBANbeMMLH+IhNKpE0W5mNqU1YnGXZjAhFNF7V +hMVHkKyGO+6oluHVdrzxL4CoonF40mpNZdCyVA39nKEW2HV1KB2OQ2cjjOpS+n6l +1eds3MeBCa3z1kzPbsqkkTH+hdmkHnn7gsQNElk+mALZXM/UC+kIRlHIWSmR+FvK ++gqFZw3ZAgMBAAGjggFEMIIBQDAfBgNVHSMEGDAWgBQ/vkDx92sC+7BZwwCkWuCX +VAjpGTAdBgNVHQ4EFgQU31n0/apTtgdLpf3g030Om2i0nuswDgYDVR0PAQH/BAQD +AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB1AYDVR0fBIHMMIHJMGKgXKBa +pFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRww +GgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgQIFYDBj +oFygWqRYMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl +czEcMBoGA1UECxMTb25seVNvbWVSZWFzb25zIENBNDENMAsGA1UEAxMEQ1JMMoED +B5+AMA0GCSqGSIb3DQEBBQUAA4GBACKZfydulpOlfYkHfr+kYAFm8mWYkFty5+82 +g7UQ34pUUcNlmXy2LAvyOnFBy9LJGLpfyqbaZYLyspSseZrYTfdEYRdba4FWLwEp +iCqeyzac+D1Hr7uRFVocXyd1ZUKWhdA0gfkORdmeNO4HjY3D1+y75qjNutoqK9et +6C9d+9jH +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0b.\.Z.X0V1.0...U....US1.0...U. +..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...` +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd: + 0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1: + fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10: + 1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d: + 01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92: + 96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1: + 4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7: + 28:75 +-----BEGIN X509 CRL----- +MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg +Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7 +sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL +ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG +9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+ +wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i +5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0c.\.Z.X0V1.0...U....US1.0...U. +..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2..... +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Affiliation Changed + Signature Algorithm: sha1WithRSAEncryption + 3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18: + 19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69: + 90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58: + b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1: + 8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2: + a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2: + 4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38: + 45:4d +-----BEGIN X509 CRL----- +MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg +Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7 +sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL +ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI +hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp +kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2 +OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem new file mode 100644 index 0000000000..580d919aa2 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem @@ -0,0 +1,167 @@ +subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4 +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS +ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ +024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2 +wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a +MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU +LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ +MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461 +hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr +eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN +/veMciSwQ7N4Ku7Zjw== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid onlySomeReasons EE Certificate Test19 +issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4 +-----BEGIN CERTIFICATE----- +MIIDYjCCAsugAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh +c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYD +VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1Zh +bGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBANbeMMLH+IhNKpE0W5mNqU1YnGXZjAhFNF7V +hMVHkKyGO+6oluHVdrzxL4CoonF40mpNZdCyVA39nKEW2HV1KB2OQ2cjjOpS+n6l +1eds3MeBCa3z1kzPbsqkkTH+hdmkHnn7gsQNElk+mALZXM/UC+kIRlHIWSmR+FvK ++gqFZw3ZAgMBAAGjggFEMIIBQDAfBgNVHSMEGDAWgBQ/vkDx92sC+7BZwwCkWuCX +VAjpGTAdBgNVHQ4EFgQU31n0/apTtgdLpf3g030Om2i0nuswDgYDVR0PAQH/BAQD +AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB1AYDVR0fBIHMMIHJMGKgXKBa +pFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRww +GgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgQIFYDBj +oFygWqRYMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl +czEcMBoGA1UECxMTb25seVNvbWVSZWFzb25zIENBNDENMAsGA1UEAxMEQ1JMMoED +B5+AMA0GCSqGSIb3DQEBBQUAA4GBACKZfydulpOlfYkHfr+kYAFm8mWYkFty5+82 +g7UQ34pUUcNlmXy2LAvyOnFBy9LJGLpfyqbaZYLyspSseZrYTfdEYRdba4FWLwEp +iCqeyzac+D1Hr7uRFVocXyd1ZUKWhdA0gfkORdmeNO4HjY3D1+y75qjNutoqK9et +6C9d+9jH +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0b.\.Z.X0V1.0...U....US1.0...U. +..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...` +Revoked Certificates: + Serial Number: 02 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd: + 0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1: + fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10: + 1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d: + 01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92: + 96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1: + 4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7: + 28:75 +-----BEGIN X509 CRL----- +MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg +Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7 +sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL +ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG +9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+ +wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i +5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0c.\.Z.X0V1.0...U....US1.0...U. +..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2..... +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Affiliation Changed + Signature Algorithm: sha1WithRSAEncryption + 3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18: + 19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69: + 90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58: + b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1: + 8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2: + a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2: + 4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38: + 45:4d +-----BEGIN X509 CRL----- +MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV +BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg +Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5 +MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7 +sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL +MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL +ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI +hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp +kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2 +OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem new file mode 100644 index 0000000000..b183ea4aec --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem @@ -0,0 +1,262 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd +RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ +AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS +icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO +hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs +k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2 +9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp +Cu6s2eBv0+DeibQTg73sQuTj +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ +cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAvfifKseM6a2SLDsRFhGp/REqaFlx95O6qTUy4GtxendIFOtyadcv+Krt +MtbMq5gpTipTi88pg9PZJgu5WNbNCBTw9a4LVmuK7vW7+qc4vKAiHMx1C36i+M/u +xAyxABnaB/+3GuTXBVh2UaFyc0y742BlOGiJQec4j12Ympn+/D8CAwEAAaN/MH0w +HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEg0CFSm +7E/ZmBQh7NRjsSNv7Xk+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBBDANBgkqhkiG9w0BAQUFAAOBgQBH +GNn47Kmou/bb4DJqEWK0rYy18Luf89VyfaGcLrRx55hJopWTol/7VNHK/PcEcYZR +FvrRx3+j/FmPw7KdZhr7vswlOw+Al6Izo2NpTdI71n9v0mWk0aMnagaU1/HhVCo0 +MFmjWB6hXagaUlj7PMUGxJhJDLGVxim5OsTKsDyQsA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4 +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z +dHJhaW50NiBzdWJDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV +BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTQxMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDEkec8+m6bpWo+4WFbIZq5Ex3/ooPS1Ag0V67MSbWUopjA +ZSFFn1jMVuyJwvVJcWhm60beqAFCWAgdUw39yw1AH1ZjF80S0i7gOs1ecJOgcJlH +l12ROKtYyawcnvh97Riu5uNhddo7GNP8imgxuTm+KCMgA2Yje/3+s+kkJGrmmQID +AQABo38wfTAfBgNVHSMEGDAWgBRINAhUpuxP2ZgUIezUY7Ejb+15PjAdBgNVHQ4E +FgQUxsXdPdf7dENAydCq5aEK1oE0ihEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB +BQUAA4GBAHXkSFfYx3eChLIW3r9jR5s+WkJP7zC2MDwTim6sqK9EEdF8u7jpSM7A +injU005gD9O+daXiOhdTWtO6tHG5lU4F0pz1/gf6NabgsIZcCY5ihmO0sg9yFw2x +m9ZtI0lrFDJVVMb2TTzSg2BCk/4WrjCu8lyZKeHb3/MPXrhVI6QI +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test13 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X +-----BEGIN CERTIFICATE----- +MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z +dHJhaW50NiBzdWJzdWJzdWJDQTQxWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx +NDU3MjBaMGExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl +czE2MDQGA1UEAxMtVmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNh +dGUgVGVzdDEzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt+goZGlfBA+Us +3gYzg2H1q9xTS0jsUbdAWR+UyFhwlPTu9s29bJOQlgYCeMoZsW60iIbUbQjcq5Uz +cVH3GuHEdnVZi+2PuExwKCPfJd5AlZLlHF2/rXEitua/1jfZeCG2APIo6Fo6MyRm +DjXSMXVDa+34SxTNsxmRL5mRkAU14wIDAQABo2swaTAfBgNVHSMEGDAWgBQQleeK +lnT5PPSbBqlJ88GaP85wHzAdBgNVHQ4EFgQUKiHe+m/ll4aKUr4X5q6GcSIkJkEw +DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG +9w0BAQUFAAOBgQBg1xu2EY6shLYeKkVPx8VQMKHQwihQdDRH5Ehqsrgw5t3hALFO +PjKZ7qdAOOWJA0Y8HmswJswQ9hYMEPkUdGLcE6ssQLySaRecEK5uW5/fWrs451uq +5hyC55DEHEaJBbvzzBy4eftZcJrQv+QQTxhBH82+/LT02FkYqfjuUPIYSA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41 +-----BEGIN CERTIFICATE----- +MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z +dHJhaW50NiBzdWJzdWJDQTQxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow +KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0E0MVgwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBALlp+FnExwi/Gj0ZI91kqo4pmnqqOhGFj1B7 +BwwpwPKi9bTS4V7SoF/789+rQvetsKPMvlFqlJxAJDAucVf9IcHun+JONgiIUcLB +o1x/hhXffJx5AKaTGK3lCSkXqT2ivI8QJNTTjDgv3gvwGg97WVPlbOeZEPbwMzlx +i4oq4uHXAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMbF3T3X+3RDQMnQquWhCtaBNIoR +MB0GA1UdDgQWBBQQleeKlnT5PPSbBqlJ88GaP85wHzAOBgNVHQ8BAf8EBAMCAQYw +FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQEFBQADgYEAuzFHa2SgbDIRvfbqmMe+p2l0M4gJMEc3r2caaovmKgfuVyBl +n0JdZN2rzlYFV4jZbJ0wa89PzLIDtmptUctcO0DO/P+ofx8uAATdFhL4yMmHkK9L +XVBrdANbZSBZ+8WXKrnvsJArX0vtQax8znEaTUskMtDe6gjzZsb957dYCCU= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0: + af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0: + 11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3: + 5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58: + ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd: + 08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16: + 1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78: + fa:7a +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn +gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d +CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:48:34:08:54:A6:EC:4F:D9:98:14:21:EC:D4:63:B1:23:6F:ED:79:3E + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 7a:5e:e4:e2:af:00:5c:48:3a:c2:36:d1:97:10:66:06:b0:04: + 8c:37:8b:96:01:b2:c1:bc:b5:3a:8f:b5:44:05:db:84:2a:85: + c1:7c:96:fd:b3:6c:1d:47:69:63:e6:a2:d5:6b:29:76:e2:72: + e1:4b:6a:d4:06:22:80:cb:58:0a:39:aa:47:45:a0:84:d0:9d: + d4:e5:00:13:71:ef:bb:3b:27:b0:e5:93:cf:b2:05:87:43:8d: + bc:a5:7a:50:8f:22:43:48:df:9a:e7:cc:8c:3e:54:fd:16:85: + 3e:e9:a2:47:4f:f8:ae:94:85:32:4a:88:94:b7:c4:13:62:11: + 6c:b8 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJDQTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFEg0CFSm7E/ZmBQh7NRjsSNv7Xk+MAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAHpe5OKvAFxIOsI20ZcQZgawBIw3i5YBssG8tTqPtUQF24QqhcF8 +lv2zbB1HaWPmotVrKXbicuFLatQGIoDLWAo5qkdFoITQndTlABNx77s7J7Dlk8+y +BYdDjbylelCPIkNI35rnzIw+VP0WhT7pokdP+K6UhTJKiJS3xBNiEWy4 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:C6:C5:DD:3D:D7:FB:74:43:40:C9:D0:AA:E5:A1:0A:D6:81:34:8A:11 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0e:71:9b:f6:ad:39:6e:d8:be:f8:b2:87:85:75:4b:35:16:3c: + e7:52:48:af:e3:b1:7b:6d:1f:2e:59:59:81:af:cc:88:37:3b: + 78:f8:4d:7a:81:e6:6e:23:50:4c:80:f2:e9:d5:cf:79:ce:e8: + 9e:f8:c4:82:2b:6f:4a:ab:29:bd:5b:34:57:5f:31:5d:3b:a6: + b5:da:8f:57:4b:07:e2:5f:e3:f1:b0:8f:25:92:f2:c6:57:26: + 9a:4e:36:d9:c9:6b:37:f3:0f:7d:81:b6:2d:6c:f7:c7:76:d7: + 3e:29:67:8b:2e:01:9a:f8:90:2c:53:da:a6:c7:6c:b6:56:09: + fb:df +-----BEGIN X509 CRL----- +MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJzdWJDQTQxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf +BgNVHSMEGDAWgBTGxd091/t0Q0DJ0KrloQrWgTSKETAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQAOcZv2rTlu2L74soeFdUs1FjznUkiv47F7bR8uWVmBr8yI +Nzt4+E16geZuI1BMgPLp1c95zuie+MSCK29Kqym9WzRXXzFdO6a12o9XSwfiX+Px +sI8lkvLGVyaaTjbZyWs38w99gbYtbPfHdtc+KWeLLgGa+JAsU9qmx2y2Vgn73w== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:10:95:E7:8A:96:74:F9:3C:F4:9B:06:A9:49:F3:C1:9A:3F:CE:70:1F + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 06:af:3f:80:68:02:24:ee:c0:3f:33:5b:62:49:01:cf:ee:87: + f7:92:49:33:a2:b1:b0:6c:e7:23:7f:4a:8d:2a:1b:e9:31:fc: + 04:49:76:f2:f6:92:d2:b3:32:70:50:71:9f:12:ab:03:6c:2d: + a7:0f:81:ef:fb:01:3e:3f:09:b8:df:e8:4e:28:c9:5d:fa:a3: + ef:64:db:b9:cb:8f:66:a2:b5:ba:17:f3:05:62:5c:8c:5b:75: + f6:7e:54:aa:30:59:0d:50:c1:23:90:c9:91:06:49:1e:bf:23: + de:88:c6:7a:39:0e:6e:11:cc:44:44:40:2e:08:82:65:e8:74: + 9d:60 +-----BEGIN X509 CRL----- +MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJzdWJzdWJDQTQxWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv +MC0wHwYDVR0jBBgwFoAUEJXnipZ0+Tz0mwapSfPBmj/OcB8wCgYDVR0UBAMCAQEw +DQYJKoZIhvcNAQEFBQADgYEABq8/gGgCJO7APzNbYkkBz+6H95JJM6KxsGznI39K +jSob6TH8BEl28vaS0rMycFBxnxKrA2wtpw+B7/sBPj8JuN/oTijJXfqj72TbucuP +ZqK1uhfzBWJcjFt19n5UqjBZDVDBI5DJkQZJHr8j3ojGejkObhHMRERALgiCZeh0 +nWA= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem new file mode 100644 index 0000000000..fb615f5434 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem @@ -0,0 +1,263 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd +RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ +AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS +icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO +hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs +k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2 +9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp +Cu6s2eBv0+DeibQTg73sQuTj +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ +cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAvfifKseM6a2SLDsRFhGp/REqaFlx95O6qTUy4GtxendIFOtyadcv+Krt +MtbMq5gpTipTi88pg9PZJgu5WNbNCBTw9a4LVmuK7vW7+qc4vKAiHMx1C36i+M/u +xAyxABnaB/+3GuTXBVh2UaFyc0y742BlOGiJQec4j12Ympn+/D8CAwEAAaN/MH0w +HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEg0CFSm +7E/ZmBQh7NRjsSNv7Xk+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG +SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBBDANBgkqhkiG9w0BAQUFAAOBgQBH +GNn47Kmou/bb4DJqEWK0rYy18Luf89VyfaGcLrRx55hJopWTol/7VNHK/PcEcYZR +FvrRx3+j/FmPw7KdZhr7vswlOw+Al6Izo2NpTdI71n9v0mWk0aMnagaU1/HhVCo0 +MFmjWB6hXagaUlj7PMUGxJhJDLGVxim5OsTKsDyQsA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4 +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z +dHJhaW50NiBzdWJDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV +BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTQxMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDEkec8+m6bpWo+4WFbIZq5Ex3/ooPS1Ag0V67MSbWUopjA +ZSFFn1jMVuyJwvVJcWhm60beqAFCWAgdUw39yw1AH1ZjF80S0i7gOs1ecJOgcJlH +l12ROKtYyawcnvh97Riu5uNhddo7GNP8imgxuTm+KCMgA2Yje/3+s+kkJGrmmQID +AQABo38wfTAfBgNVHSMEGDAWgBRINAhUpuxP2ZgUIezUY7Ejb+15PjAdBgNVHQ4E +FgQUxsXdPdf7dENAydCq5aEK1oE0ihEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB +BQUAA4GBAHXkSFfYx3eChLIW3r9jR5s+WkJP7zC2MDwTim6sqK9EEdF8u7jpSM7A +injU005gD9O+daXiOhdTWtO6tHG5lU4F0pz1/gf6NabgsIZcCY5ihmO0sg9yFw2x +m9ZtI0lrFDJVVMb2TTzSg2BCk/4WrjCu8lyZKeHb3/MPXrhVI6QI +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41 +-----BEGIN CERTIFICATE----- +MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z +dHJhaW50NiBzdWJzdWJDQTQxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy +MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow +KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0E0MVgwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBALlp+FnExwi/Gj0ZI91kqo4pmnqqOhGFj1B7 +BwwpwPKi9bTS4V7SoF/789+rQvetsKPMvlFqlJxAJDAucVf9IcHun+JONgiIUcLB +o1x/hhXffJx5AKaTGK3lCSkXqT2ivI8QJNTTjDgv3gvwGg97WVPlbOeZEPbwMzlx +i4oq4uHXAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMbF3T3X+3RDQMnQquWhCtaBNIoR +MB0GA1UdDgQWBBQQleeKlnT5PPSbBqlJ88GaP85wHzAOBgNVHQ8BAf8EBAMCAQYw +FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQEFBQADgYEAuzFHa2SgbDIRvfbqmMe+p2l0M4gJMEc3r2caaovmKgfuVyBl +n0JdZN2rzlYFV4jZbJ0wa89PzLIDtmptUctcO0DO/P+ofx8uAATdFhL4yMmHkK9L +XVBrdANbZSBZ+8WXKrnvsJArX0vtQax8znEaTUskMtDe6gjzZsb957dYCCU= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test14 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X +-----BEGIN CERTIFICATE----- +MIICqDCCAhGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z +dHJhaW50NiBzdWJzdWJzdWJDQTQxWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx +NDU3MjBaMGExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl +czE2MDQGA1UEAxMtVmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNh +dGUgVGVzdDE0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTcyx/sZXkB7EZ +X9U9aJCVucbvSK3QXJ38Ej+ZM7agOIkJnMypA0BzQ43FvxbDlx67ynhH3au4nFw9 +niBIPF0hg9LKJBYQDlFhdCPd441gpnEOtT5abklFPScEoi115OUSsoA94VZwjdmz +rxb5Scji7OZYKtBZumvQ+YxbZGKi9QIDAQABo3wwejAfBgNVHSMEGDAWgBQQleeK +lnT5PPSbBqlJ88GaP85wHzAdBgNVHQ4EFgQUSa5vCfYgmh0xBcsnTTGEttOhtX0w +DgYDVR0PAQH/BAQDAgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB +Af8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABdfALk3+cW2GpEztpvr/6wgOkaJ +ev+/WwDgW5YTiVGbLZRr+5qrxz8Log4b4Y/OYyrwh+J/gmQFP34wHEm4ReZHcfyD +4k6Ji2dWxqLaocQVROOZ9n+vqSFC63nNE/ZDNnsUErkEQJdX7f7HMDZoDI0wryrp +3fLY+NJlyePm6r1M +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0: + af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0: + 11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3: + 5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58: + ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd: + 08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16: + 1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78: + fa:7a +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn +gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d +CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:48:34:08:54:A6:EC:4F:D9:98:14:21:EC:D4:63:B1:23:6F:ED:79:3E + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 7a:5e:e4:e2:af:00:5c:48:3a:c2:36:d1:97:10:66:06:b0:04: + 8c:37:8b:96:01:b2:c1:bc:b5:3a:8f:b5:44:05:db:84:2a:85: + c1:7c:96:fd:b3:6c:1d:47:69:63:e6:a2:d5:6b:29:76:e2:72: + e1:4b:6a:d4:06:22:80:cb:58:0a:39:aa:47:45:a0:84:d0:9d: + d4:e5:00:13:71:ef:bb:3b:27:b0:e5:93:cf:b2:05:87:43:8d: + bc:a5:7a:50:8f:22:43:48:df:9a:e7:cc:8c:3e:54:fd:16:85: + 3e:e9:a2:47:4f:f8:ae:94:85:32:4a:88:94:b7:c4:13:62:11: + 6c:b8 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJDQTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFEg0CFSm7E/ZmBQh7NRjsSNv7Xk+MAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBAHpe5OKvAFxIOsI20ZcQZgawBIw3i5YBssG8tTqPtUQF24QqhcF8 +lv2zbB1HaWPmotVrKXbicuFLatQGIoDLWAo5qkdFoITQndTlABNx77s7J7Dlk8+y +BYdDjbylelCPIkNI35rnzIw+VP0WhT7pokdP+K6UhTJKiJS3xBNiEWy4 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:C6:C5:DD:3D:D7:FB:74:43:40:C9:D0:AA:E5:A1:0A:D6:81:34:8A:11 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0e:71:9b:f6:ad:39:6e:d8:be:f8:b2:87:85:75:4b:35:16:3c: + e7:52:48:af:e3:b1:7b:6d:1f:2e:59:59:81:af:cc:88:37:3b: + 78:f8:4d:7a:81:e6:6e:23:50:4c:80:f2:e9:d5:cf:79:ce:e8: + 9e:f8:c4:82:2b:6f:4a:ab:29:bd:5b:34:57:5f:31:5d:3b:a6: + b5:da:8f:57:4b:07:e2:5f:e3:f1:b0:8f:25:92:f2:c6:57:26: + 9a:4e:36:d9:c9:6b:37:f3:0f:7d:81:b6:2d:6c:f7:c7:76:d7: + 3e:29:67:8b:2e:01:9a:f8:90:2c:53:da:a6:c7:6c:b6:56:09: + fb:df +-----BEGIN X509 CRL----- +MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJzdWJDQTQxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf +BgNVHSMEGDAWgBTGxd091/t0Q0DJ0KrloQrWgTSKETAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQAOcZv2rTlu2L74soeFdUs1FjznUkiv47F7bR8uWVmBr8yI +Nzt4+E16geZuI1BMgPLp1c95zuie+MSCK29Kqym9WzRXXzFdO6a12o9XSwfiX+Px +sI8lkvLGVyaaTjbZyWs38w99gbYtbPfHdtc+KWeLLgGa+JAsU9qmx2y2Vgn73w== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:10:95:E7:8A:96:74:F9:3C:F4:9B:06:A9:49:F3:C1:9A:3F:CE:70:1F + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 06:af:3f:80:68:02:24:ee:c0:3f:33:5b:62:49:01:cf:ee:87: + f7:92:49:33:a2:b1:b0:6c:e7:23:7f:4a:8d:2a:1b:e9:31:fc: + 04:49:76:f2:f6:92:d2:b3:32:70:50:71:9f:12:ab:03:6c:2d: + a7:0f:81:ef:fb:01:3e:3f:09:b8:df:e8:4e:28:c9:5d:fa:a3: + ef:64:db:b9:cb:8f:66:a2:b5:ba:17:f3:05:62:5c:8c:5b:75: + f6:7e:54:aa:30:59:0d:50:c1:23:90:c9:91:06:49:1e:bf:23: + de:88:c6:7a:39:0e:6e:11:cc:44:44:40:2e:08:82:65:e8:74: + 9d:60 +-----BEGIN X509 CRL----- +MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50 +NiBzdWJzdWJzdWJDQTQxWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv +MC0wHwYDVR0jBBgwFoAUEJXnipZ0+Tz0mwapSfPBmj/OcB8wCgYDVR0UBAMCAQEw +DQYJKoZIhvcNAQEFBQADgYEABq8/gGgCJO7APzNbYkkBz+6H95JJM6KxsGznI39K +jSob6TH8BEl28vaS0rMycFBxnxKrA2wtpw+B7/sBPj8JuN/oTijJXfqj72TbucuP +ZqK1uhfzBWJcjFt19n5UqjBZDVDBI5DJkQZJHr8j3ojGejkObhHMRERALgiCZeh0 +nWA= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem new file mode 100644 index 0000000000..d2ac20b505 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk +MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w +LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1 +RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah +b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt +BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr +NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE +6cbcSe7zaz5qdojy0B72dLHC +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs +VmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDow4Z8Uorsifrji6RyscEE5DKo3WRY +S01OJEDMgd8P75udI5umL9+vwJBIoObEUAx5I5UMDxkto9pDvHrRH72cNywar2n2 +4oat6X0JzKOaEzlx0N5E8Tp7LRkF7dcVCIZUGN0qVAJvfMtVQpcbRbLhK96jqOV1 +5uh5OetDHHufAgMBAAGjazBpMB8GA1UdIwQYMBaAFCEMtQF2dtOzKqwm/KqmT/LW +oW9LMB0GA1UdDgQWBBRscpI4Rhz3vkPw7mtg+y+hic1p2DAOBgNVHQ8BAf8EBAMC +BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBACeo +UDJXue1qGUe8Qxos7w6eQsbzHSXsmNI+t2Hyq+CARypTIgbueoWHfe1HyPsbOrEr +3U2waZZ8AQzwklkyFUiL4D5Jo/+0coA9hPwmyhF6J/Wa5nOmLex1ZGg3c7J+MVAL +1qx70Ft4WEm/EWBWCqse0wlEZXsvg5WocxF/xXKC +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba: + cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3: + d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f: + 53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec: + b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80: + 3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91: + 55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da: + cd:a2 +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6 +rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA +Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem new file mode 100644 index 0000000000..4dc31c0a1d --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv +bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk +MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w +LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1 +RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7 +bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah +b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV +HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt +BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr +NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE +6cbcSe7zaz5qdojy0B72dLHC +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test8 +issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA +-----BEGIN CERTIFICATE----- +MIICmzCCAgSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z +dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ +BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs +VmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ+d2dQ2by4x3S9c+qiAbIuZy8fID08F +m7aovaa12yHhqJ3IzwCS1+98Gu23ZZS65gN/dW1buemmT4JpkyJ5eUPiw5HuxN2n +2pvbRTUJWmEKu1CL4ZdhDaWZJrzu1Nh33imr4KOz+JmYCK+GoYPtgBbWVfCA92B7 +DSHq36MTczl/AgMBAAGjfDB6MB8GA1UdIwQYMBaAFCEMtQF2dtOzKqwm/KqmT/LW +oW9LMB0GA1UdDgQWBBQOVClwok24sW5DcWf/ad9B25zw3TAOBgNVHQ8BAf8EBAMC +AfYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQEFBQADgYEAIy48NtD42z00ZliJ+YZXUEU/rjppUQ19EdKy5ECwUPNl +/2VPgN43d5eaOB3e4YxFHG8E0PHYy8dNTZo8dlIRRUZzSswCzuJuDYpVi16vVkeO +N6+gI9xXcd4AMBcbjpyCDuJsSlV5xyIVfgocdocT6kasvJThBiOYDfH7QOWuSfw= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba: + cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3: + d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f: + 53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec: + b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80: + 3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91: + 55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da: + cd:a2 +-----BEGIN X509 CRL----- +MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50 +MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw +FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF +BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6 +rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA +Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem new file mode 100644 index 0000000000..3f2ffa9bf5 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem @@ -0,0 +1,119 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Valid pre2000 UTC notBefore Date EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIIChTCCAe6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +NTAwMTAxMTIwMTAwWhcNMTEwNDE5MTQ1NzIwWjBpMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPjA8BgNVBAMTNVZhbGlkIHByZTIwMDAg +VVRDIG5vdEJlZm9yZSBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3QzMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQC1uwQ7EgYKGk7IBOZd3vdARgrWUKCEqjpfYUEG +ZGlsC48omvxCrzR+eJj1q8TeHAsH3dAcpkbNNWCWRHblq9LbqkhpBaMquzvg541B +TNerg9dj4vjwV0/QYdbvyLVcKBv9iLE0MCJeSLcaseO2vYmNXObSXMTf74BXNR4D +k7uI9wIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAd +BgNVHQ4EFgQU9EsyhAynLAz6iwskm+iASoGKdMowDgYDVR0PAQH/BAQDAgTwMBcG +A1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCTLQM+0YBT +3vure42KCvGYSQpheOtLtv1bLa9TT4kbo18aNRVQwTOnZLtKqKa6etoxJ70rhfO5 +x2uCELzyIkUrAbjyqMYg/0nckc4HTEys4xmbHjiyWPie/lS757sA1trwNRntBn9J +pdkDmwEqALaRBRH6YH3ybrNMZh5h2CVqFw== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem new file mode 100644 index 0000000000..de409f5895 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem @@ -0,0 +1,118 @@ +subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp +ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co +7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF +H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh +i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3 +LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e +kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq +hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx +x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr +PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem new file mode 100644 index 0000000000..05c743e5b5 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem @@ -0,0 +1,159 @@ +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +-----BEGIN CERTIFICATE----- +MIICgDCCAemgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ +b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp +bmhpYml0QW55UG9saWN5MSBzdWJDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBAMvuM5rrG+hunxSZwR8TVsLND7teVaTAzIxbnJv0xpVvawDeQiN1A+CIdJH8 +TUXrgcfdU+E04StBCqDRBr1+DBMt/PuBDS/I2PcKqBuP6sfkSDr/lPYkbRBI8wZ9 +87H/ke7seqh7cSVORfqg4KupdEE3i2gxONHlTT/7XV0C5aOlAgMBAAGjdjB0MB8G +A1UdIwQYMBaAFGbbtZTHBcSzPiuRud/IqNBNKzREMB0GA1UdDgQWBBQpIHiUjoSQ +KUJLfKsOgyq+NVs8FTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAuKZUyh6gvU8Ab5pl +P79yddRQcx4G1navwUD3YSS7q2rnmqY2ucmHX8H1JsOhQUqvLL81fIqAkWPANAmQ +K4NU/ZSkkjtfTcJy5oYsVXjz0MyLKOwrt52j8MLZsUW/TIf5e57kPbORC7RQhEr+ +yMDT6AY3En8iF4h8mqMhwnQnO3U= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1 +-----BEGIN CERTIFICATE----- +MIIChjCCAe+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ +b2xpY3kxIHN1YkNBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkx +CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UE +AxMlaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA5paTjQbj3puhDjZ2oS+VWmYpkB1j3pR42xS6 +DZJFysWv18MFWj06Gcb3VAc4DowyPEHzYQuzdaTQASCQLSX9JskU/ohcioVwGiK5 +S80dAfcGLSVJsvMROXvlapFvgkhM/qqtvyL0ft/bTTMPPkQMqayQPNiS1j1NIOaj +nLReO+sCAwEAAaNrMGkwHwYDVR0jBBgwFoAUKSB4lI6EkClCS3yrDoMqvjVbPBUw +HQYDVR0OBBYEFFXoqY9k25OSv29Bm8cxsKCX5ASxMA4GA1UdDwEB/wQEAwIE8DAX +BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEARqFA8zrZ +Fv0+U+IKZbMlVa9p1ILSXSsNk+KlwRjgJRk1l3UQtw6G6NfVhKkgNvqgrj7zcfg6 +zZuuMCad33y5ysIFZ4ohuBtD19Rq5TEp+UqAqMwaewF7AajpU0h+XnLg8v1uPY0j +a6MimyCJtGwBH9LcptLn/+La3+6ap7ji+nM= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu +eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ +SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa +sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT +W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN +KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG +SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF +HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V +CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b: + 21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5: + 15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c: + fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a: + 43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c: + 88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de: + 9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6: + 38:b5 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw +zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI +/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:29:20:78:94:8E:84:90:29:42:4B:7C:AB:0E:83:2A:BE:35:5B:3C:15 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 75:3b:42:7f:44:c5:fa:ab:b2:c4:63:ac:10:89:84:e0:50:32: + 4b:96:80:48:15:1d:19:1c:b8:49:6d:42:c3:4c:b4:bd:a0:29: + e0:14:56:1a:1d:df:92:90:19:27:a0:b7:f3:1b:7a:32:32:2d: + cd:ee:29:38:d0:75:8e:8c:51:9d:02:7f:92:a6:af:08:ef:23: + 8e:bc:b2:a6:47:36:d1:9c:e6:dd:4b:05:55:1c:56:47:1a:40: + 67:4b:01:bd:b4:d0:74:12:5a:97:83:20:d5:4e:a7:d2:bb:ad: + 52:a5:ac:13:44:fc:95:1f:d9:70:fa:a2:05:fb:73:e2:9d:15: + 61:ac +-----BEGIN X509 CRL----- +MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx +IHN1YkNBMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j +BBgwFoAUKSB4lI6EkClCS3yrDoMqvjVbPBUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAdTtCf0TF+quyxGOsEImE4FAyS5aASBUdGRy4SW1Cw0y0vaAp4BRW +Gh3fkpAZJ6C38xt6MjItze4pONB1joxRnQJ/kqavCO8jjryypkc20Zzm3UsFVRxW +RxpAZ0sBvbTQdBJal4Mg1U6n0rutUqWsE0T8lR/ZcPqiBftz4p0VYaw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/public_key.spec b/lib/public_key/test/public_key.spec new file mode 100644 index 0000000000..dee9ad44ed --- /dev/null +++ b/lib/public_key/test/public_key.spec @@ -0,0 +1,2 @@ +{topcase, {dir, "../public_key_test"}}. + diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl new file mode 100644 index 0000000000..93ae6e6eda --- /dev/null +++ b/lib/public_key/test/public_key_SUITE.erl @@ -0,0 +1,260 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2009. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% +-module(public_key_SUITE). + +%% Note: This directive should only be used in test suites. +-compile(export_all). + +-include("test_server.hrl"). +-include("test_server_line.hrl"). +-include("public_key.hrl"). + +-define(TIMEOUT, 120000). % 2 min + +%% Test server callback functions +%%-------------------------------------------------------------------- +%% Function: init_per_suite(Config) -> Config +%% Config - [tuple()] +%% A list of key/value pairs, holding the test case configuration. +%% Description: Initialization before the whole suite +%% +%% Note: This function is free to add any key/value pairs to the Config +%% variable, but should NOT alter/remove any existing entries. +%%-------------------------------------------------------------------- +init_per_suite(Config) -> + crypto:start(), + Config. + +%%-------------------------------------------------------------------- +%% Function: end_per_suite(Config) -> _ +%% Config - [tuple()] +%% A list of key/value pairs, holding the test case configuration. +%% Description: Cleanup after the whole suite +%%-------------------------------------------------------------------- +end_per_suite(_Config) -> + crypto:stop(). + +%%-------------------------------------------------------------------- +%% Function: init_per_testcase(TestCase, Config) -> Config +%% Case - atom() +%% Name of the test case that is about to be run. +%% Config - [tuple()] +%% A list of key/value pairs, holding the test case configuration. +%% +%% Description: Initialization before each test case +%% +%% Note: This function is free to add any key/value pairs to the Config +%% variable, but should NOT alter/remove any existing entries. +%% Description: Initialization before each test case +%%-------------------------------------------------------------------- +init_per_testcase(_TestCase, Config0) -> + Config = lists:keydelete(watchdog, 1, Config0), + Dog = test_server:timetrap(?TIMEOUT), + [{watchdog, Dog} | Config]. + +%%-------------------------------------------------------------------- +%% Function: end_per_testcase(TestCase, Config) -> _ +%% Case - atom() +%% Name of the test case that is about to be run. +%% Config - [tuple()] +%% A list of key/value pairs, holding the test case configuration. +%% Description: Cleanup after each test case +%%-------------------------------------------------------------------- +end_per_testcase(_TestCase, Config) -> + Dog = ?config(watchdog, Config), + case Dog of + undefined -> + ok; + _ -> + test_server:timetrap_cancel(Dog) + end. + +%%-------------------------------------------------------------------- +%% Function: all(Clause) -> TestCases +%% Clause - atom() - suite | doc +%% TestCases - [Case] +%% Case - atom() +%% Name of a test case. +%% Description: Returns a list of all test cases in this test suite +%%-------------------------------------------------------------------- +all(doc) -> + ["Test the public_key rsa functionality"]; + +all(suite) -> + [app, + pem_to_der, + decode_private_key +%% encrypt_decrypt, +%% rsa_verify +%% dsa_verify_sign, +%% pkix_encode_decode, +%% pkix_verify_sign, +%% pkix_path_validation + ]. + +%% Test cases starts here. +%%-------------------------------------------------------------------- + +app(doc) -> + "Test that the public_key app file is ok"; +app(suite) -> + []; +app(Config) when list(Config) -> + ok = test_server:app_test(public_key). + +pem_to_der(doc) -> + ["Check that supported PEM files are decoded into the expected entry type"]; +pem_to_der(suite) -> + []; +pem_to_der(Config) when is_list(Config) -> + Datadir = ?config(data_dir, Config), + {ok,[{dsa_private_key, _, not_encrypted}]} = + public_key:pem_to_der(filename:join(Datadir, "dsa.pem")), + {ok,[{rsa_private_key, _, _}]} = + public_key:pem_to_der(filename:join(Datadir, "client_key.pem")), + {ok,[{rsa_private_key, _, _}]} = + public_key:pem_to_der(filename:join(Datadir, "rsa.pem")), + {ok,[{rsa_private_key, _, _}]} = + public_key:pem_to_der(filename:join(Datadir, "rsa.pem"), "abcd1234"), + {ok, Bin0} = file:read_file(filename:join(Datadir, "rsa.pem")), + {ok, [{rsa_private_key, _, _}]} = public_key:pem_to_der(Bin0, "abcd1234"), + + {ok,[{dh_params, _, _}]} = + public_key:pem_to_der(filename:join(Datadir, "dh.pem")), + {ok,[{cert, _, not_encrypted}]} = + public_key:pem_to_der(filename:join(Datadir, "client_cert.pem")), + {ok,[{cert_req, _, _}]} = + public_key:pem_to_der(filename:join(Datadir, "req.pem")), + {ok,[{cert, _, _}, {cert, _, _}]} = + public_key:pem_to_der(filename:join(Datadir, "cacerts.pem")), + + {ok, Bin1} = file:read_file(filename:join(Datadir, "cacerts.pem")), + {ok, [{cert, _, _}, {cert, _, _}]} = public_key:pem_to_der(Bin1), + + ok. +%%-------------------------------------------------------------------- +decode_private_key(doc) -> + ["Check that private keys are decode to the expected key type."]; +decode_private_key(suite) -> + []; +decode_private_key(Config) when is_list(Config) -> + Datadir = ?config(data_dir, Config), + {ok,[DsaKey = {dsa_private_key, _DsaKey, _}]} = + public_key:pem_to_der(filename:join(Datadir, "dsa.pem")), + {ok,[RsaKey = {rsa_private_key, _RsaKey,_}]} = + public_key:pem_to_der(filename:join(Datadir, "client_key.pem")), + {ok,[ProtectedRsaKey1 = {rsa_private_key, _ProtectedRsaKey1,_}]} = + public_key:pem_to_der(filename:join(Datadir, "rsa.pem"), "abcd1234"), + {ok,[ProtectedRsaKey2 = {rsa_private_key, _ProtectedRsaKey2,_}]} = + public_key:pem_to_der(filename:join(Datadir, "rsa.pem")), + + {ok, #'DSAPrivateKey'{}} = public_key:decode_private_key(DsaKey), + {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(RsaKey), + {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(ProtectedRsaKey1), + {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(ProtectedRsaKey2, "abcd1234"), + ok. +%%-------------------------------------------------------------------- +encrypt_decrypt(doc) -> + [""]; +encrypt_decrypt(suite) -> + []; +encrypt_decrypt(Config) when is_list(Config) -> + RSAPrivateKey = #'RSAPrivateKey'{publicExponent = 17, + modulus = 3233, + privateExponent = 2753, + prime1 = 61, + prime2 = 53, + version = 'two-prime'}, + Msg = <<0,123>>, + {ok, Encrypted} = public_key:encrypt(Msg, RSAPrivateKey, [{block_type, 2}]), + test_server:format("Expected 855, Encrypted ~p ~n", [Encrypted]), + ok. + + + + + + + + + +%% Datadir = ?config(data_dir, Config), +%% {ok,[{rsa_private_key, EncKey}]} = +%% public_key:pem_to_der(filename:join(Datadir, "server_key.pem")), +%% {ok, Key} = public_key:decode_private_key(EncKey, rsa), +%% RSAPublicKey = #'RSAPublicKey'{publicExponent = +%% Key#'RSAPrivateKey'.publicExponent, +%% modulus = Key#'RSAPrivateKey'.modulus}, +%% {ok, Msg} = file:read_file(filename:join(Datadir, "msg.txt")), +%% Hash = crypto:sha(Msg), +%% {ok, Encrypted} = public_key:encrypt(Hash, Key, [{block_type, 2}]), +%% test_server:format("Encrypted ~p", [Encrypted]), +%% {ok, Decrypted} = public_key:decrypt(Encrypted, +%% RSAPublicKey, [{block_type, 1}]), +%% test_server:format("Encrypted ~p", [Decrypted]), +%% true = Encrypted == Decrypted. + +%%-------------------------------------------------------------------- +rsa_verify(doc) -> + ["Cheks that we can verify an rsa signature."]; +rsa_verify(suite) -> + []; +rsa_verify(Config) when is_list(Config) -> + Datadir = ?config(data_dir, Config), + + {ok,[{cert, DerCert}]} = + public_key:pem_to_der(filename:join(Datadir, "server_cert.pem")), + + {ok, OTPCert} = public_key:pkix_decode_cert(DerCert, otp), + + {0, Signature} = OTPCert#'Certificate'.signature, + TBSCert = OTPCert#'Certificate'.tbsCertificate, + + #'TBSCertificate'{subjectPublicKeyInfo = Info} = TBSCert, + + #'SubjectPublicKeyInfo'{subjectPublicKey = RSAPublicKey} = Info, + + EncTBSCert = encoded_tbs_cert(DerCert), + Digest = crypto:sha(EncTBSCert), + + public_key:verify_signature(Digest, Signature, RSAPublicKey). + + +%% Signature is generated in the following way (in datadir): +%% openssl dgst -sha1 -binary -out rsa_signature -sign server_key.pem msg.txt +%%{ok, Signature} = file:read_file(filename:join(Datadir, "rsa_signature")), +%%{ok, Signature} = file:read_file(filename:join(Datadir, "rsa_signature")), +%% {ok, Msg} = file:read_file(filename:join(Datadir, "msg.txt")), +%% Digest = crypto:sha(Msg), +%% {ok,[{rsa_private_key, EncKey}]} = +%% public_key:pem_to_der(filename:join(Datadir, "server_key.pem")), +%% {ok, Key} = public_key:decode_private_key(EncKey, rsa), +%% RSAPublicKey = #'RSAPublicKey'{publicExponent = +%% Key#'RSAPrivateKey'.publicExponent, +%% modulus = Key#'RSAPrivateKey'.modulus}, + +encoded_tbs_cert(Cert) -> + {ok, PKIXCert} = + 'OTP-PUB-KEY':decode_TBSCert_exclusive(Cert), + {'Certificate', + {'Certificate_tbsCertificate', EncodedTBSCert}, _, _} = PKIXCert, + EncodedTBSCert. + diff --git a/lib/public_key/test/public_key_SUITE_data/cacerts.pem b/lib/public_key/test/public_key_SUITE_data/cacerts.pem new file mode 100644 index 0000000000..d56b9a8227 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/cacerts.pem @@ -0,0 +1,43 @@ +-----BEGIN CERTIFICATE----- +MIIC7jCCAlegAwIBAgIJAOaRYda/AniWMA0GCSqGSIb3DQEBBQUAMIGGMREwDwYD +VQQDEwhlcmxhbmdDQTETMBEGA1UECxMKRXJsYW5nIE9UUDEUMBIGA1UEChMLRXJp +Y3Nzb24gQUIxEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMCU0UxJTAjBgkq +hkiG9w0BCQEWFnBldGVyQGVyaXguZXJpY3Nzb24uc2UwHhcNMDgwMTA5MDgyOTI5 +WhcNMDgwMjA4MDgyOTI5WjCBhjERMA8GA1UEAxMIZXJsYW5nQ0ExEzARBgNVBAsT +CkVybGFuZyBPVFAxFDASBgNVBAoTC0VyaWNzc29uIEFCMRIwEAYDVQQHEwlTdG9j +a2hvbG0xCzAJBgNVBAYTAlNFMSUwIwYJKoZIhvcNAQkBFhZwZXRlckBlcml4LmVy +aWNzc29uLnNlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL0btNSeda6nac +HJANkZAzF34pUgKawY21B4WDLGcuwOO6mZbPh1Tw3OVVIaSVHWJRXgxWCeAeaxlp +ti+ShJEGT5wayWTMs0g03lwEoH0S2EGi4bhawCI7PVUt23CBVRJodisfNqJR+VqD +BmU3K9Ftd6erWqQo6lxHhce8+0ViiwIDAQABo2IwYDAPBgNVHRMBAf8EBTADAQH/ +MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUG9lBmAYejoT1qLXpnBMa9UrSrTowIQYD +VR0RBBowGIEWcGV0ZXJAZXJpeC5lcmljc3Nvbi5zZTANBgkqhkiG9w0BAQUFAAOB +gQCjugej2Jg/L5rqi0maYHilAjTEw22nwNzHn4JixQCU7m9HkIMv2RXa2WiCncqm +rySo5Ki9TlyMGqwMa1sA31LZBt7L8giCz9BIc4f1fPlUcqQBIu9nebwJSXufCISK +2X5kM4N0u8rR2TK7fQ1uvaekDtzx1T6zrSYyU7GrgWJfUw== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDyDCCAzGgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhjERMA8GA1UEAxMIZXJs +YW5nQ0ExEzARBgNVBAsTCkVybGFuZyBPVFAxFDASBgNVBAoTC0VyaWNzc29uIEFC +MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMSUwIwYJKoZIhvcNAQkB +FhZwZXRlckBlcml4LmVyaWNzc29uLnNlMB4XDTA4MDEwOTA4MjkyOVoXDTE3MTEx +NzA4MjkyOVowgYMxDjAMBgNVBAMTBW90cENBMRMwEQYDVQQLEwpFcmxhbmcgT1RQ +MRQwEgYDVQQKEwtFcmljc3NvbiBBQjELMAkGA1UEBhMCU0UxEjAQBgNVBAcTCVN0 +b2NraG9sbTElMCMGCSqGSIb3DQEJARYWcGV0ZXJAZXJpeC5lcmljc3Nvbi5zZTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA19NLtRF22E1WAK/1QGF1zg3e1Z6T +W0W9WAukXc8ATj3Pn4051+9ZHpq9HL++iSGrJHMGrFKbX5DtFpTvecRDPQxBSv4r +pQgFr4t9K8XBiuAeEurghGKeiysoPqosgapc7OBQQf0hIoKY6ozqJUK3brFcPwXZ +Weeji79z8TOq7SsCAwEAAaOCAUUwggFBMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P +BAQDAgEGMB0GA1UdDgQWBBQGq4A0OqS4drK9nS4o5W2R3n0BmzCBuwYDVR0jBIGz +MIGwgBQb2UGYBh6OhPWotemcExr1StKtOqGBjKSBiTCBhjERMA8GA1UEAxMIZXJs +YW5nQ0ExEzARBgNVBAsTCkVybGFuZyBPVFAxFDASBgNVBAoTC0VyaWNzc29uIEFC +MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMSUwIwYJKoZIhvcNAQkB +FhZwZXRlckBlcml4LmVyaWNzc29uLnNlggkA5pFh1r8CeJYwIQYDVR0RBBowGIEW +cGV0ZXJAZXJpeC5lcmljc3Nvbi5zZTAhBgNVHRIEGjAYgRZwZXRlckBlcml4LmVy +aWNzc29uLnNlMA0GCSqGSIb3DQEBBQUAA4GBALeYUWp8zsoZJJ1I93STYAauqvv5 +MovrPeDCzQZKTfrdCgmYGx1/wxYMa1vHbV1QRqEK/ri7He8/sF/5ckXHUqXRKD/q +vBjIIv/rGixJSueMG2bYyz3r6BU6hw0blnUwzCbvD76Dr2QIRoQsKoWsXnfN5l/D +zhyxDkq1j6Q3DCIL +-----END CERTIFICATE----- + diff --git a/lib/public_key/test/public_key_SUITE_data/client_cert.pem b/lib/public_key/test/public_key_SUITE_data/client_cert.pem new file mode 100644 index 0000000000..9017e99fce --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/client_cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDuDCCAyGgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzEOMAwGA1UEAxMFb3Rw +Q0ExEzARBgNVBAsTCkVybGFuZyBPVFAxFDASBgNVBAoTC0VyaWNzc29uIEFCMQsw +CQYDVQQGEwJTRTESMBAGA1UEBxMJU3RvY2tob2xtMSUwIwYJKoZIhvcNAQkBFhZw +ZXRlckBlcml4LmVyaWNzc29uLnNlMB4XDTA4MDEwOTA4MjkzMFoXDTE3MTExNzA4 +MjkzMFowgYQxDzANBgNVBAMTBmNsaWVudDETMBEGA1UECxMKRXJsYW5nIE9UUDEU +MBIGA1UEChMLRXJpY3Nzb24gQUIxCzAJBgNVBAYTAlNFMRIwEAYDVQQHEwlTdG9j +a2hvbG0xJTAjBgkqhkiG9w0BCQEWFnBldGVyQGVyaXguZXJpY3Nzb24uc2UwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPU4RP7c78G+P922PENNeaPWiIm3iwim +HmQbLRF+Og+tl9pL4JQOFqQKZLq3aK/FYWC2kpZqgYxkwmpaPoXpmy6bIWXcU8G2 +6PBj/flyCJ+sj02zhOXNHW656eA0GZX5ZFDlx30XapLpnxoNCKHO3SvwlSotwr5V +BuuY3NugIJBDAgMBAAGjggE3MIIBMzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAd +BgNVHQ4EFgQUGjssBUjTntYXIh7xfRt7c12j53gwgbMGA1UdIwSBqzCBqIAUBquA +NDqkuHayvZ0uKOVtkd59AZuhgYykgYkwgYYxETAPBgNVBAMTCGVybGFuZ0NBMRMw +EQYDVQQLEwpFcmxhbmcgT1RQMRQwEgYDVQQKEwtFcmljc3NvbiBBQjESMBAGA1UE +BxMJU3RvY2tob2xtMQswCQYDVQQGEwJTRTElMCMGCSqGSIb3DQEJARYWcGV0ZXJA +ZXJpeC5lcmljc3Nvbi5zZYIBATAhBgNVHREEGjAYgRZwZXRlckBlcml4LmVyaWNz +c29uLnNlMCEGA1UdEgQaMBiBFnBldGVyQGVyaXguZXJpY3Nzb24uc2UwDQYJKoZI +hvcNAQEFBQADgYEAXQtw43kPebP3h27YEcVUEpWmk46+sgDRvgCO6ZBkws3ctknM +bCpfFzA/BHjvKsIZuCN1a2DlEi1Men0oq9KEMpKyoDcRI//Qch4vN7mam6XMtA6P +FOoG6snhSOsFVz3/+hfZAZD2Yt3fZjGosQ1G8Rob/vvZDvQS8sWXMrrWDyo= +-----END CERTIFICATE----- diff --git a/lib/public_key/test/public_key_SUITE_data/client_key.pem b/lib/public_key/test/public_key_SUITE_data/client_key.pem new file mode 100644 index 0000000000..9d7e0dd5fb --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/client_key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQD1OET+3O/Bvj/dtjxDTXmj1oiJt4sIph5kGy0RfjoPrZfaS+CU +DhakCmS6t2ivxWFgtpKWaoGMZMJqWj6F6ZsumyFl3FPBtujwY/35cgifrI9Ns4Tl +zR1uuengNBmV+WRQ5cd9F2qS6Z8aDQihzt0r8JUqLcK+VQbrmNzboCCQQwIDAQAB +AoGAPQEyqPTt8JUT7mRXuaacjFXiweAXhp9NEDpyi9eLOjtFe9lElZCrsUOkq47V +TGUeRKEm9qSodfTbKPoqc8YaBJGJPhUaTAcha+7QcDdfHBvIsgxvU7ePVnlpXRp3 +CCUEMPhlnx6xBoTYP+fRU0e3+xJIPVyVCqX1jAdUMkzfRoECQQD6ux7B1QJAIWyK +SGkbDUbBilNmzCFNgIpOP6PA+bwfi5d16diTpra5AX09keQABAo/KaP1PdV8Vg0p +z4P3A7G3AkEA+l+AKG6m0kQTTBMJDqOdVPYwe+5GxunMaqmhokpEbuGsrZBl5Dvd +WpcBjR7jmenrhKZRIuA+Fz5HPo/UQJPl1QJBAKxstDkeED8j/S2XoFhPKAJ+6t39 +sUVICVTIZQeXdmzHJXCcUSkw8+WEhakqw/3SyW0oaK2FSWQJFWJUZ+8eJj8CQEh3 +xeduB5kKnS9CvzdeghZqX6QvVosSdtlUmfUYW/BgH5PpHKTP8wTaeld3XldZTpMJ +dKiMkUw2+XYROVUrubUCQD+Na1LhULlpn4ISEtIEfqpdlUhxDgO15Wg8USmsng+x +ICliVOSQtwaZjm8kwaFt0W7XnpnDxbRs37vIEbIMWak= +-----END RSA PRIVATE KEY----- diff --git a/lib/public_key/test/public_key_SUITE_data/dh.pem b/lib/public_key/test/public_key_SUITE_data/dh.pem new file mode 100644 index 0000000000..c133540b44 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/dh.pem @@ -0,0 +1,4 @@ +-----BEGIN DH PARAMETERS----- +MEYCQQD+KCcagSasA1QSo8tRXpbaLJJ1Ezt3FJFEZ3RVplp4qZwXQpSZ+Vly3xWx +q3YvALe/enMbIq8F3OUmppq3UHwTAgEC +-----END DH PARAMETERS-----
\ No newline at end of file diff --git a/lib/public_key/test/public_key_SUITE_data/dsa.pem b/lib/public_key/test/public_key_SUITE_data/dsa.pem new file mode 100644 index 0000000000..58f0a65cba --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/dsa.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQC3s+bZJWOQnRXkzKLPPfaQOouLuLgrbM4Ac63QZOnJeRVas3c1 +jBk0Isp506RrKzhEop8z9OiKfqRteVntjjkcILwsQ/1veWgojdP/jHYl6pbJm6AQ +ETM7GvkpgRDTd4Bf/rbrhABczl1NatnJhMsES8n2zNiiAVRP0woVmMNnkQIVANUe +uFb3EPdFwPEjilQ5jANHQc7pAoGBAJSzGD9KW4AZYB0FTt/2rwB5VjayKudi8ZO0 +nTyVoDLz40yvWerL/PJMbAnMnbY7zuN/Y9cqnMJOdBkHPvOpLQVls/d/x5CHZxcq +mn3n+Jplr5tlKugpUCkvgNALH2o/DMrPh1DIiPqrH3Y0W8iKcG+zF9Z7FXbCswC5 +2TTFtuwNAoGAfEIAb3mLjtFfiF/tsZb4/DGHdWSb6Ir0hFkoBUZ9ymBO70wlfZVS +QGs240kZtOMpAOpJL1Dy8oH6PUQ+JyacwZIo8fdq19/Kwm6CPrpaEhzErmMvwT2C +ZJYZ+HOk55ljLkVCiyG7MzEj2+odLKym9yoQsbsJolHzIRpkLk45y4cCFFmAnw67 ++basD1iibtNHs9Edfdkm +-----END DSA PRIVATE KEY----- diff --git a/lib/public_key/test/public_key_SUITE_data/req.pem b/lib/public_key/test/public_key_SUITE_data/req.pem new file mode 100644 index 0000000000..86d74d05a3 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/req.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBxTCCAS4CAQAwgYQxDzANBgNVBAMTBmNsaWVudDETMBEGA1UECxMKRXJsYW5n +IE9UUDEUMBIGA1UEChMLRXJpY3Nzb24gQUIxEjAQBgNVBAcTCVN0b2NraG9sbTEL +MAkGA1UEBhMCU0UxJTAjBgkqhkiG9w0BCQEWFnBldGVyQGVyaXguZXJpY3Nzb24u +c2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPU4RP7c78G+P922PENNeaPW +iIm3iwimHmQbLRF+Og+tl9pL4JQOFqQKZLq3aK/FYWC2kpZqgYxkwmpaPoXpmy6b +IWXcU8G26PBj/flyCJ+sj02zhOXNHW656eA0GZX5ZFDlx30XapLpnxoNCKHO3Svw +lSotwr5VBuuY3NugIJBDAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQATS9GOidrC +bOJ+PuSUpRnDHfZAZANZAd/9v4hW57bMMIQlCEb8CgfPvGKztNMxTH8Xc7VPDTp8 +FWKQ53R29T0IWEochHA5FjJyCVrkZjgZ0qcQUV8aCe9NTB0LW58OWOOwGYjJb8hp +dL+3RvUr4OchWxMzzF5YmjyUbt8GSpevrg== +-----END CERTIFICATE REQUEST----- diff --git a/lib/public_key/test/public_key_SUITE_data/rsa.pem b/lib/public_key/test/public_key_SUITE_data/rsa.pem new file mode 100644 index 0000000000..88f7d446f2 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/rsa.pem @@ -0,0 +1,16 @@ +Bag Attributes + friendlyName: host_key + localKeyID: 68 6F 73 74 +Key Attributes: <No Attributes> +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,6BD965F8BC70B54C + +4Gx1y5goD02Aft3DmvlV0Mr7bXd4OR1ZEwk1b2utIXLRMXfDkrK+vHbHhIbGBLOn +TIhdSxASnNhh7NmaXaTsZ+H/tZSmX+4OkeQOsRfrPj8C81pkXjuxtxhCRuaTWg/R +VABz7u/4rL2OMIPz9w/dyEWCSZnBoWpbxI20gP/k+/kZgzVbz6mkhMs5Xkf4lFwU +WnjR498pwlHmMHYwBIEMFBsIvb9JYeEQEZOjxAjUljmhYHB0pMyMBxHjlSSEIN5h +cSXT0ZxQmT+59FediRRQCDZHuy7Bc/nanUavvs5dk7en+gy2LSVKJ/K16zv6gtoV +c1MN48wQlCd+tRFVXRsPX3OliTKEwkSNlT7gdyzBaQxt610EAj2YKZVHE7i+d0Sk +4rQ9iwALjoohWhP8SjcTonZD4kOvhjlRggn1JTGlo6s= +-----END RSA PRIVATE KEY-----
\ No newline at end of file diff --git a/lib/public_key/test/public_key_SUITE_data/server_cert.pem b/lib/public_key/test/public_key_SUITE_data/server_cert.pem new file mode 100644 index 0000000000..da68c7a8ab --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/server_cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDuDCCAyGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBgzEOMAwGA1UEAxMFb3Rw +Q0ExEzARBgNVBAsTCkVybGFuZyBPVFAxFDASBgNVBAoTC0VyaWNzc29uIEFCMQsw +CQYDVQQGEwJTRTESMBAGA1UEBxMJU3RvY2tob2xtMSUwIwYJKoZIhvcNAQkBFhZw +ZXRlckBlcml4LmVyaWNzc29uLnNlMB4XDTA4MDEwOTA4MjkzMFoXDTE3MTExNzA4 +MjkzMFowgYQxDzANBgNVBAMTBnNlcnZlcjETMBEGA1UECxMKRXJsYW5nIE9UUDEU +MBIGA1UEChMLRXJpY3Nzb24gQUIxCzAJBgNVBAYTAlNFMRIwEAYDVQQHEwlTdG9j +a2hvbG0xJTAjBgkqhkiG9w0BCQEWFnBldGVyQGVyaXguZXJpY3Nzb24uc2UwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKR20HPrkDGdiavHUyWwFEQwta2dmtF2 +eQZZi9Xk68UJYbuU7CikHs2srkrwzj0OPIqbp/xOBNzJ7Kch0o4yO6vcEAiSCJ6A +B4uSM742hrYW4qXgc18K6PqTwSuKr94sn3qQuo4hF/ymCxLrnSicrNpzGOz9A0Lf +2+Vk6hV0BtdHAgMBAAGjggE3MIIBMzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAd +BgNVHQ4EFgQUi19l/qhEwHP/CUeaEjWy4GhOBRIwgbMGA1UdIwSBqzCBqIAUBquA +NDqkuHayvZ0uKOVtkd59AZuhgYykgYkwgYYxETAPBgNVBAMTCGVybGFuZ0NBMRMw +EQYDVQQLEwpFcmxhbmcgT1RQMRQwEgYDVQQKEwtFcmljc3NvbiBBQjESMBAGA1UE +BxMJU3RvY2tob2xtMQswCQYDVQQGEwJTRTElMCMGCSqGSIb3DQEJARYWcGV0ZXJA +ZXJpeC5lcmljc3Nvbi5zZYIBATAhBgNVHREEGjAYgRZwZXRlckBlcml4LmVyaWNz +c29uLnNlMCEGA1UdEgQaMBiBFnBldGVyQGVyaXguZXJpY3Nzb24uc2UwDQYJKoZI +hvcNAQEFBQADgYEAzHGutrGMSeC3Di7Z8d65SM7jZLrkkusmL+D2oPVIOGrfZbVu +yfDKU/nImm99z+lhC/N3JEEpB6PgAYSskfVdBL3LoxbUTaCn/+G3A/G8NfRVIYyA +NTBeNW6ueNpjnauLzcwpyXpu3vp1VBg8wBePtGTBIbRHRgtwwHRXAddE/Ws= +-----END CERTIFICATE----- diff --git a/lib/public_key/test/public_key_SUITE_data/server_key.pem b/lib/public_key/test/public_key_SUITE_data/server_key.pem new file mode 100644 index 0000000000..d9618da7b7 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/server_key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCkdtBz65AxnYmrx1MlsBREMLWtnZrRdnkGWYvV5OvFCWG7lOwo +pB7NrK5K8M49DjyKm6f8TgTcyeynIdKOMjur3BAIkgiegAeLkjO+Noa2FuKl4HNf +Cuj6k8Eriq/eLJ96kLqOIRf8pgsS650onKzacxjs/QNC39vlZOoVdAbXRwIDAQAB +AoGAUsSQx6XnXXDhFhgsGi1xJZg19nf4sC2lXrK2EyEwHmtISjT6XMGr1upulLx3 +rnZ5tW/8rJc/DzZ36Oy2oGVbbaVeS4UJAgv2yRYb7F+am8BACRyEl4ap6nrz5c7G +E+aSLwFG3INlHiojlhhwB6wv1I+UDRUT+FXJVHTemscUEPECQQDZ0wpra1E86heR +jgHIBxHHlv1761gFFoJv6iqASOw9+yIctx0KC3Hrc35tiBaFcu5Nqzc8AEkiui8m +fEEIDfvbAkEAwUmzIWD/6nv34l5W1U3M7atNwvLEepBoTJYf/VENL8dG5nBnVtah +vZsKPS1VTmqlMTy+THe3u/hS9AgXOOyEBQJAcPExPONnOvtx/wGvwMSRnniWtHMh +r3mtZlP3d47YF4cod9UmVHf8uIWo7ygZ7VXbZCA7wnuvcDczjXPt0DxX8wJAA6p9 +LkXjtLPTOMTnSrZmC5/zIp5uIZD5mXJDew99e4mBC7/YBeqeOLVnFU/1zT3ykiN/ +zH18y6DjGePJZPf/bQJBAJfnIL4y1rKGhliqhzokYtKURJ4eCR7qzJRkgyya+4UV +INi6+MZ+mVYkxjGRH8C6+pIUk9TFpMj+1LfHyzMRIxg= +-----END RSA PRIVATE KEY----- diff --git a/lib/public_key/vsn.mk b/lib/public_key/vsn.mk new file mode 100644 index 0000000000..64f0203915 --- /dev/null +++ b/lib/public_key/vsn.mk @@ -0,0 +1,6 @@ +PUBLIC_KEY_VSN = 0.4 + +TICKETS = OTP-8250 +#TICKETS_0.3 = OTP-8100 OTP-8142 +#TICKETS_0.2 = OTP-7860 +#TICKETS_0.1 = OTP-7637
\ No newline at end of file |