From 84adefa331c4159d432d22840663c38f155cd4c1 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Fri, 20 Nov 2009 14:54:40 +0000 Subject: The R13B03 release. --- lib/public_key/test/Makefile | 83 +++ lib/public_key/test/pkits_SUITE.erl | 604 +++++++++++++++++++++ .../pkits/certs/TrustAnchorRootCertificate.crt | Bin 0 -> 572 bytes .../smime-pem/AllCertificatesAnyPolicyTest11.pem | 108 ++++ .../smime-pem/AllCertificatesNoPoliciesTest2.pem | 107 ++++ .../AllCertificatesSamePoliciesTest10.pem | 108 ++++ .../AllCertificatesSamePoliciesTest13.pem | 110 ++++ .../smime-pem/AllCertificatesSamePolicyTest1.pem | 118 ++++ .../pkits/smime-pem/AnyPolicyTest14.pem | 108 ++++ .../pkits/smime-pem/CPSPointerQualifierTest20.pem | 120 ++++ .../pkits/smime-pem/DifferentPoliciesTest12.pem | 108 ++++ .../pkits/smime-pem/DifferentPoliciesTest3.pem | 170 ++++++ .../pkits/smime-pem/DifferentPoliciesTest4.pem | 170 ++++++ .../pkits/smime-pem/DifferentPoliciesTest5.pem | 170 ++++++ .../pkits/smime-pem/DifferentPoliciesTest7.pem | 211 +++++++ .../pkits/smime-pem/DifferentPoliciesTest8.pem | 210 +++++++ .../pkits/smime-pem/DifferentPoliciesTest9.pem | 263 +++++++++ .../smime-pem/InvalidBadCRLIssuerNameTest5.pem | 108 ++++ .../smime-pem/InvalidBadCRLSignatureTest4.pem | 108 ++++ .../InvalidBasicSelfIssuedCRLSigningKeyTest7.pem | 175 ++++++ .../InvalidBasicSelfIssuedCRLSigningKeyTest8.pem | 175 ++++++ .../InvalidBasicSelfIssuedNewWithOldTest5.pem | 175 ++++++ .../InvalidBasicSelfIssuedOldWithNewTest2.pem | 134 +++++ .../pkits/smime-pem/InvalidCASignatureTest2.pem | 108 ++++ .../pkits/smime-pem/InvalidCAnotAfterDateTest5.pem | 108 ++++ .../smime-pem/InvalidCAnotBeforeDateTest1.pem | 108 ++++ .../smime-pem/InvalidDNSnameConstraintsTest31.pem | 110 ++++ .../smime-pem/InvalidDNSnameConstraintsTest33.pem | 110 ++++ .../smime-pem/InvalidDNSnameConstraintsTest38.pem | 110 ++++ .../InvalidDNandRFC822nameConstraintsTest28.pem | 167 ++++++ .../InvalidDNandRFC822nameConstraintsTest29.pem | 167 ++++++ .../smime-pem/InvalidDNnameConstraintsTest10.pem | 113 ++++ .../smime-pem/InvalidDNnameConstraintsTest12.pem | 166 ++++++ .../smime-pem/InvalidDNnameConstraintsTest13.pem | 166 ++++++ .../smime-pem/InvalidDNnameConstraintsTest15.pem | 164 ++++++ .../smime-pem/InvalidDNnameConstraintsTest16.pem | 164 ++++++ .../smime-pem/InvalidDNnameConstraintsTest17.pem | 163 ++++++ .../smime-pem/InvalidDNnameConstraintsTest2.pem | 111 ++++ .../smime-pem/InvalidDNnameConstraintsTest3.pem | 114 ++++ .../smime-pem/InvalidDNnameConstraintsTest7.pem | 111 ++++ .../smime-pem/InvalidDNnameConstraintsTest8.pem | 112 ++++ .../smime-pem/InvalidDNnameConstraintsTest9.pem | 112 ++++ .../pkits/smime-pem/InvalidDSASignatureTest6.pem | 104 ++++ .../pkits/smime-pem/InvalidEESignatureTest3.pem | 118 ++++ .../pkits/smime-pem/InvalidEEnotAfterDateTest6.pem | 119 ++++ .../smime-pem/InvalidEEnotBeforeDateTest2.pem | 119 ++++ .../smime-pem/InvalidIDPwithindirectCRLTest23.pem | 116 ++++ .../smime-pem/InvalidIDPwithindirectCRLTest26.pem | 137 +++++ .../smime-pem/InvalidLongSerialNumberTest18.pem | 115 ++++ .../smime-pem/InvalidMappingFromanyPolicyTest7.pem | 109 ++++ .../smime-pem/InvalidMappingToanyPolicyTest8.pem | 109 ++++ .../InvalidMissingbasicConstraintsTest1.pem | 108 ++++ .../pkits/smime-pem/InvalidNameChainingEETest1.pem | 119 ++++ .../smime-pem/InvalidNameChainingOrderTest2.pem | 113 ++++ .../InvalidNegativeSerialNumberTest15.pem | 114 ++++ .../smime-pem/InvalidOldCRLnextUpdateTest11.pem | 108 ++++ .../pkits/smime-pem/InvalidPolicyMappingTest10.pem | 172 ++++++ .../pkits/smime-pem/InvalidPolicyMappingTest2.pem | 109 ++++ .../pkits/smime-pem/InvalidPolicyMappingTest4.pem | 214 ++++++++ .../InvalidRFC822nameConstraintsTest22.pem | 110 ++++ .../InvalidRFC822nameConstraintsTest24.pem | 111 ++++ .../InvalidRFC822nameConstraintsTest26.pem | 110 ++++ .../InvalidRequireExplicitPolicyTest3.pem | 262 +++++++++ .../InvalidRequireExplicitPolicyTest5.pem | 266 +++++++++ .../pkits/smime-pem/InvalidRevokedCATest2.pem | 170 ++++++ .../pkits/smime-pem/InvalidRevokedEETest3.pem | 119 ++++ .../InvalidSelfIssuedDNnameConstraintsTest20.pem | 110 ++++ .../InvalidSelfIssuedinhibitAnyPolicyTest10.pem | 178 ++++++ .../InvalidSelfIssuedinhibitAnyPolicyTest8.pem | 230 ++++++++ ...InvalidSelfIssuedinhibitPolicyMappingTest10.pem | 200 +++++++ ...InvalidSelfIssuedinhibitPolicyMappingTest11.pem | 200 +++++++ .../InvalidSelfIssuedinhibitPolicyMappingTest8.pem | 233 ++++++++ .../InvalidSelfIssuedinhibitPolicyMappingTest9.pem | 233 ++++++++ .../InvalidSelfIssuedpathLenConstraintTest16.pem | 179 ++++++ ...InvalidSelfIssuedrequireExplicitPolicyTest7.pem | 178 ++++++ ...InvalidSelfIssuedrequireExplicitPolicyTest8.pem | 197 +++++++ .../InvalidSeparateCertificateandCRLKeysTest20.pem | 134 +++++ .../InvalidSeparateCertificateandCRLKeysTest21.pem | 129 +++++ .../smime-pem/InvalidURInameConstraintsTest35.pem | 110 ++++ .../smime-pem/InvalidURInameConstraintsTest37.pem | 110 ++++ .../InvalidUnknownCRLEntryExtensionTest8.pem | 118 ++++ .../smime-pem/InvalidUnknownCRLExtensionTest10.pem | 117 ++++ .../smime-pem/InvalidUnknownCRLExtensionTest9.pem | 117 ++++ ...lidUnknownCriticalCertificateExtensionTest2.pem | 58 ++ .../pkits/smime-pem/InvalidWrongCRLTest6.pem | 108 ++++ .../pkits/smime-pem/InvalidcAFalseTest2.pem | 109 ++++ .../pkits/smime-pem/InvalidcAFalseTest3.pem | 109 ++++ .../pkits/smime-pem/InvalidcRLIssuerTest27.pem | 140 +++++ .../pkits/smime-pem/InvalidcRLIssuerTest31.pem | 226 ++++++++ .../pkits/smime-pem/InvalidcRLIssuerTest32.pem | 226 ++++++++ .../pkits/smime-pem/InvalidcRLIssuerTest34.pem | 205 +++++++ .../pkits/smime-pem/InvalidcRLIssuerTest35.pem | 207 +++++++ .../InvaliddeltaCRLIndicatorNoBaseTest1.pem | 111 ++++ .../pkits/smime-pem/InvaliddeltaCRLTest10.pem | 150 +++++ .../pkits/smime-pem/InvaliddeltaCRLTest3.pem | 190 +++++++ .../pkits/smime-pem/InvaliddeltaCRLTest4.pem | 190 +++++++ .../pkits/smime-pem/InvaliddeltaCRLTest6.pem | 190 +++++++ .../pkits/smime-pem/InvaliddeltaCRLTest9.pem | 162 ++++++ .../smime-pem/InvaliddistributionPointTest2.pem | 123 +++++ .../smime-pem/InvaliddistributionPointTest3.pem | 123 +++++ .../smime-pem/InvaliddistributionPointTest6.pem | 118 ++++ .../smime-pem/InvaliddistributionPointTest8.pem | 119 ++++ .../smime-pem/InvaliddistributionPointTest9.pem | 117 ++++ .../smime-pem/InvalidinhibitAnyPolicyTest1.pem | 108 ++++ .../smime-pem/InvalidinhibitAnyPolicyTest4.pem | 159 ++++++ .../smime-pem/InvalidinhibitAnyPolicyTest5.pem | 210 +++++++ .../smime-pem/InvalidinhibitAnyPolicyTest6.pem | 159 ++++++ .../smime-pem/InvalidinhibitPolicyMappingTest1.pem | 161 ++++++ .../smime-pem/InvalidinhibitPolicyMappingTest3.pem | 216 ++++++++ .../smime-pem/InvalidinhibitPolicyMappingTest5.pem | 264 +++++++++ .../smime-pem/InvalidinhibitPolicyMappingTest6.pem | 217 ++++++++ .../InvalidkeyUsageCriticalcRLSignFalseTest4.pem | 110 ++++ ...nvalidkeyUsageCriticalkeyCertSignFalseTest1.pem | 110 ++++ ...InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem | 110 ++++ ...lidkeyUsageNotCriticalkeyCertSignFalseTest2.pem | 110 ++++ .../InvalidonlyContainsAttributeCertsTest14.pem | 112 ++++ .../InvalidonlyContainsCACertsCRLTest12.pem | 111 ++++ .../InvalidonlyContainsUserCertsCRLTest11.pem | 112 ++++ .../smime-pem/InvalidonlySomeReasonsTest15.pem | 156 ++++++ .../smime-pem/InvalidonlySomeReasonsTest16.pem | 156 ++++++ .../smime-pem/InvalidonlySomeReasonsTest17.pem | 146 +++++ .../smime-pem/InvalidonlySomeReasonsTest20.pem | 167 ++++++ .../smime-pem/InvalidonlySomeReasonsTest21.pem | 167 ++++++ .../smime-pem/InvalidpathLenConstraintTest10.pem | 211 +++++++ .../smime-pem/InvalidpathLenConstraintTest11.pem | 262 +++++++++ .../smime-pem/InvalidpathLenConstraintTest12.pem | 263 +++++++++ .../smime-pem/InvalidpathLenConstraintTest5.pem | 159 ++++++ .../smime-pem/InvalidpathLenConstraintTest6.pem | 160 ++++++ .../smime-pem/InvalidpathLenConstraintTest9.pem | 210 +++++++ .../Invalidpre2000CRLnextUpdateTest12.pem | 108 ++++ .../Invalidpre2000UTCEEnotAfterDateTest7.pem | 119 ++++ .../pkits/smime-pem/MissingCRLTest1.pem | 76 +++ .../pkits/smime-pem/OverlappingPoliciesTest6.pem | 214 ++++++++ .../pkits/smime-pem/UserNoticeQualifierTest15.pem | 59 ++ .../pkits/smime-pem/UserNoticeQualifierTest16.pem | 124 +++++ .../pkits/smime-pem/UserNoticeQualifierTest17.pem | 121 +++++ .../pkits/smime-pem/UserNoticeQualifierTest18.pem | 115 ++++ .../pkits/smime-pem/UserNoticeQualifierTest19.pem | 64 +++ .../ValidBasicSelfIssuedCRLSigningKeyTest6.pem | 175 ++++++ .../ValidBasicSelfIssuedNewWithOldTest3.pem | 175 ++++++ .../ValidBasicSelfIssuedNewWithOldTest4.pem | 175 ++++++ .../ValidBasicSelfIssuedOldWithNewTest1.pem | 134 +++++ .../smime-pem/ValidDNSnameConstraintsTest30.pem | 110 ++++ .../smime-pem/ValidDNSnameConstraintsTest32.pem | 110 ++++ .../ValidDNandRFC822nameConstraintsTest27.pem | 167 ++++++ .../smime-pem/ValidDNnameConstraintsTest1.pem | 111 ++++ .../smime-pem/ValidDNnameConstraintsTest11.pem | 113 ++++ .../smime-pem/ValidDNnameConstraintsTest14.pem | 165 ++++++ .../smime-pem/ValidDNnameConstraintsTest18.pem | 162 ++++++ .../smime-pem/ValidDNnameConstraintsTest4.pem | 112 ++++ .../smime-pem/ValidDNnameConstraintsTest5.pem | 115 ++++ .../smime-pem/ValidDNnameConstraintsTest6.pem | 111 ++++ .../ValidDSAParameterInheritanceTest5.pem | 141 +++++ .../pkits/smime-pem/ValidDSASignaturesTest4.pem | 104 ++++ .../ValidGeneralizedTimeCRLnextUpdateTest13.pem | 110 ++++ .../ValidGeneralizedTimenotAfterDateTest8.pem | 119 ++++ .../ValidGeneralizedTimenotBeforeDateTest4.pem | 119 ++++ .../smime-pem/ValidIDPwithindirectCRLTest22.pem | 116 ++++ .../smime-pem/ValidIDPwithindirectCRLTest24.pem | 137 +++++ .../smime-pem/ValidIDPwithindirectCRLTest25.pem | 137 +++++ .../smime-pem/ValidLongSerialNumberTest16.pem | 115 ++++ .../smime-pem/ValidLongSerialNumberTest17.pem | 115 ++++ .../ValidNameChainingCapitalizationTest5.pem | 119 ++++ .../pkits/smime-pem/ValidNameChainingUIDsTest6.pem | 108 ++++ .../smime-pem/ValidNameChainingWhitespaceTest3.pem | 119 ++++ .../smime-pem/ValidNameChainingWhitespaceTest4.pem | 119 ++++ .../smime-pem/ValidNegativeSerialNumberTest14.pem | 114 ++++ .../ValidNoissuingDistributionPointTest10.pem | 111 ++++ .../pkits/smime-pem/ValidPolicyMappingTest1.pem | 109 ++++ .../pkits/smime-pem/ValidPolicyMappingTest11.pem | 172 ++++++ .../pkits/smime-pem/ValidPolicyMappingTest12.pem | 118 ++++ .../pkits/smime-pem/ValidPolicyMappingTest13.pem | 117 ++++ .../pkits/smime-pem/ValidPolicyMappingTest14.pem | 117 ++++ .../pkits/smime-pem/ValidPolicyMappingTest3.pem | 214 ++++++++ .../pkits/smime-pem/ValidPolicyMappingTest5.pem | 163 ++++++ .../pkits/smime-pem/ValidPolicyMappingTest6.pem | 163 ++++++ .../pkits/smime-pem/ValidPolicyMappingTest9.pem | 109 ++++ .../ValidRFC3280MandatoryAttributeTypesTest7.pem | 113 ++++ .../ValidRFC3280OptionalAttributeTypesTest8.pem | 114 ++++ .../smime-pem/ValidRFC822nameConstraintsTest21.pem | 110 ++++ .../smime-pem/ValidRFC822nameConstraintsTest23.pem | 110 ++++ .../smime-pem/ValidRFC822nameConstraintsTest25.pem | 110 ++++ .../smime-pem/ValidRequireExplicitPolicyTest1.pem | 264 +++++++++ .../smime-pem/ValidRequireExplicitPolicyTest2.pem | 262 +++++++++ .../smime-pem/ValidRequireExplicitPolicyTest4.pem | 262 +++++++++ ...lloverfromPrintableStringtoUTF8StringTest10.pem | 110 ++++ .../ValidSelfIssuedDNnameConstraintsTest19.pem | 130 +++++ .../ValidSelfIssuedinhibitAnyPolicyTest7.pem | 178 ++++++ .../ValidSelfIssuedinhibitAnyPolicyTest9.pem | 197 +++++++ .../ValidSelfIssuedinhibitPolicyMappingTest7.pem | 180 ++++++ .../ValidSelfIssuedpathLenConstraintTest15.pem | 127 +++++ .../ValidSelfIssuedpathLenConstraintTest17.pem | 197 +++++++ .../ValidSelfIssuedrequireExplicitPolicyTest6.pem | 127 +++++ .../ValidSeparateCertificateandCRLKeysTest19.pem | 134 +++++ .../pkits/smime-pem/ValidSignaturesTest1.pem | 118 ++++ .../pkits/smime-pem/ValidTwoCRLsTest7.pem | 146 +++++ .../smime-pem/ValidURInameConstraintsTest34.pem | 111 ++++ .../smime-pem/ValidURInameConstraintsTest36.pem | 111 ++++ .../ValidUTF8StringCaseInsensitiveMatchTest11.pem | 110 ++++ .../smime-pem/ValidUTF8StringEncodedNamesTest9.pem | 108 ++++ ...UnknownNotCriticalCertificateExtensionTest1.pem | 58 ++ .../ValidbasicConstraintsNotCriticalTest4.pem | 110 ++++ .../pkits/smime-pem/ValidcRLIssuerTest28.pem | 178 ++++++ .../pkits/smime-pem/ValidcRLIssuerTest29.pem | 176 ++++++ .../pkits/smime-pem/ValidcRLIssuerTest30.pem | 143 +++++ .../pkits/smime-pem/ValidcRLIssuerTest33.pem | 226 ++++++++ .../pkits/smime-pem/ValiddeltaCRLTest2.pem | 190 +++++++ .../pkits/smime-pem/ValiddeltaCRLTest5.pem | 190 +++++++ .../pkits/smime-pem/ValiddeltaCRLTest7.pem | 190 +++++++ .../pkits/smime-pem/ValiddeltaCRLTest8.pem | 162 ++++++ .../smime-pem/ValiddistributionPointTest1.pem | 123 +++++ .../smime-pem/ValiddistributionPointTest4.pem | 121 +++++ .../smime-pem/ValiddistributionPointTest5.pem | 118 ++++ .../smime-pem/ValiddistributionPointTest7.pem | 120 ++++ .../pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem | 108 ++++ .../smime-pem/ValidinhibitPolicyMappingTest2.pem | 162 ++++++ .../smime-pem/ValidinhibitPolicyMappingTest4.pem | 216 ++++++++ .../smime-pem/ValidkeyUsageNotCriticalTest3.pem | 108 ++++ .../ValidonlyContainsCACertsCRLTest13.pem | 112 ++++ .../pkits/smime-pem/ValidonlySomeReasonsTest18.pem | 167 ++++++ .../pkits/smime-pem/ValidonlySomeReasonsTest19.pem | 167 ++++++ .../smime-pem/ValidpathLenConstraintTest13.pem | 262 +++++++++ .../smime-pem/ValidpathLenConstraintTest14.pem | 263 +++++++++ .../smime-pem/ValidpathLenConstraintTest7.pem | 108 ++++ .../smime-pem/ValidpathLenConstraintTest8.pem | 108 ++++ .../Validpre2000UTCnotBeforeDateTest3.pem | 119 ++++ .../pkits_SUITE_data/pkits/smime-pem/certs.pem | 118 ++++ .../pkits/smime-pem/inhibitAnyPolicyTest3.pem | 159 ++++++ lib/public_key/test/public_key.spec | 2 + lib/public_key/test/public_key_SUITE.erl | 260 +++++++++ .../test/public_key_SUITE_data/cacerts.pem | 43 ++ .../test/public_key_SUITE_data/client_cert.pem | 22 + .../test/public_key_SUITE_data/client_key.pem | 15 + lib/public_key/test/public_key_SUITE_data/dh.pem | 4 + lib/public_key/test/public_key_SUITE_data/dsa.pem | 12 + lib/public_key/test/public_key_SUITE_data/req.pem | 12 + lib/public_key/test/public_key_SUITE_data/rsa.pem | 16 + .../test/public_key_SUITE_data/server_cert.pem | 22 + .../test/public_key_SUITE_data/server_key.pem | 15 + 239 files changed, 33712 insertions(+) create mode 100644 lib/public_key/test/Makefile create mode 100644 lib/public_key/test/pkits_SUITE.erl create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/certs/TrustAnchorRootCertificate.crt create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem create mode 100644 lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem create mode 100644 lib/public_key/test/public_key.spec create mode 100644 lib/public_key/test/public_key_SUITE.erl create mode 100644 lib/public_key/test/public_key_SUITE_data/cacerts.pem create mode 100644 lib/public_key/test/public_key_SUITE_data/client_cert.pem create mode 100644 lib/public_key/test/public_key_SUITE_data/client_key.pem create mode 100644 lib/public_key/test/public_key_SUITE_data/dh.pem create mode 100644 lib/public_key/test/public_key_SUITE_data/dsa.pem create mode 100644 lib/public_key/test/public_key_SUITE_data/req.pem create mode 100644 lib/public_key/test/public_key_SUITE_data/rsa.pem create mode 100644 lib/public_key/test/public_key_SUITE_data/server_cert.pem create mode 100644 lib/public_key/test/public_key_SUITE_data/server_key.pem (limited to 'lib/public_key/test') diff --git a/lib/public_key/test/Makefile b/lib/public_key/test/Makefile new file mode 100644 index 0000000000..2a4687677c --- /dev/null +++ b/lib/public_key/test/Makefile @@ -0,0 +1,83 @@ +# +# %CopyrightBegin% +# +# Copyright Ericsson AB 2008-2009. All Rights Reserved. +# +# The contents of this file are subject to the Erlang Public License, +# Version 1.1, (the "License"); you may not use this file except in +# compliance with the License. You should have received a copy of the +# Erlang Public License along with this software. If not, it can be +# retrieved online at http://www.erlang.org/. +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# %CopyrightEnd% +# + +include $(ERL_TOP)/make/target.mk +include $(ERL_TOP)/make/$(TARGET)/otp.mk + + +INCLUDES= -I. -I$(ERL_TOP)/lib/test_server/include/ -I ../include \ + +# ---------------------------------------------------- +# Target Specs +# ---------------------------------------------------- + +MODULES= \ + public_key_SUITE \ + pkits_SUITE + +ERL_FILES= $(MODULES:%=%.erl) + +HRL_FILES= + +TARGET_FILES= \ + $(MODULES:%=$(EBIN)/%.$(EMULATOR)) + +SPEC_FILES = public_key.spec + +# ---------------------------------------------------- +# Release directory specification +# ---------------------------------------------------- +RELSYSDIR = $(RELEASE_PATH)/public_key_test + +# ---------------------------------------------------- +# FLAGS +# ---------------------------------------------------- +ERL_COMPILE_FLAGS += $(INCLUDES) + +EBIN = . + +# ---------------------------------------------------- +# Targets +# ---------------------------------------------------- + +tests debug opt: $(TARGET_FILES) + + +clean: + rm -f $(TARGET_FILES) + rm -f core + +docs: + +# ---------------------------------------------------- +# Release Target +# ---------------------------------------------------- +include $(ERL_TOP)/make/otp_release_targets.mk + +release_spec: opt + +release_tests_spec: opt + $(INSTALL_DIR) $(RELSYSDIR) + $(INSTALL_DATA) $(SPEC_FILES) $(ERL_FILES) $(HRL_FILES)$(RELSYSDIR) + $(INSTALL_DATA) $(TARGET_FILES) $(RELSYSDIR) + chmod -f -R u+w $(RELSYSDIR) + @tar cf - *_SUITE_data | (cd $(RELSYSDIR); tar xf -) +release_docs_spec: + + diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl new file mode 100644 index 0000000000..5d58b39e26 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE.erl @@ -0,0 +1,604 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2009. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + + +%% Se specification here: +%% http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html + +-module(pkits_SUITE). + +-compile(export_all). + +%%-include_lib("public_key/include/public_key.hrl"). +-include("public_key.hrl"). + +-define(error(Format,Args), error(Format,Args,?FILE,?LINE)). +-define(warning(Format,Args), warning(Format,Args,?FILE,?LINE)). + +-define(CERTS, "pkits/certs"). +-define(MIME, "pkits/smime"). +-define(CONV, "pkits/smime-pem"). + +-define(NIST1, "2.16.840.1.101.3.2.1.48.1"). +-define(NIST2, "2.16.840.1.101.3.2.1.48.2"). +-define(NIST3, "2.16.840.1.101.3.2.1.48.3"). +-define(NIST4, "2.16.840.1.101.3.2.1.48.4"). +-define(NIST5, "2.16.840.1.101.3.2.1.48.5"). +-define(NIST6, "2.16.840.1.101.3.2.1.48.6"). + +%% +all(doc) -> + ["PKITS tests for RFC3280 compliance"]; +all(suite) -> + [signature_verification, + validity_periods, + verifying_name_chaining, + %% basic_certificate_revocation_tests, + verifying_paths_with_self_issued_certificates, + verifying_basic_constraints, + key_usage, +%% certificate_policies, +%% require_explicit_policy, +%% policy_mappings, +%% inhibit_policy_mapping, +%% inhibit_any_policy, + name_constraints, +%% distribution_points, +%% delta_crls, + private_certificate_extensions]. + +signature_verification(doc) -> [""]; +signature_verification(suite) -> []; +signature_verification(Config) when is_list(Config) -> + run(signature_verification()). +validity_periods(doc) -> [""]; +validity_periods(suite) -> []; +validity_periods(Config) when is_list(Config) -> + run(validity_periods()). +verifying_name_chaining(doc) -> [""]; +verifying_name_chaining(suite) -> []; +verifying_name_chaining(Config) when is_list(Config) -> + run(verifying_name_chaining()). +basic_certificate_revocation_tests(doc) -> [""]; +basic_certificate_revocation_tests(suite) -> []; +basic_certificate_revocation_tests(Config) when is_list(Config) -> + run(basic_certificate_revocation_tests()). +verifying_paths_with_self_issued_certificates(doc) -> [""]; +verifying_paths_with_self_issued_certificates(suite) -> []; +verifying_paths_with_self_issued_certificates(Config) when is_list(Config) -> + run(verifying_paths_with_self_issued_certificates()). +verifying_basic_constraints(doc) -> [""]; +verifying_basic_constraints(suite) -> []; +verifying_basic_constraints(Config) when is_list(Config) -> + run(verifying_basic_constraints()). +key_usage(doc) -> [""]; +key_usage(suite) -> []; +key_usage(Config) when is_list(Config) -> + run(key_usage()). +certificate_policies(doc) -> [""]; +certificate_policies(suite) -> []; +certificate_policies(Config) when is_list(Config) -> + run(certificate_policies()). +require_explicit_policy(doc) -> [""]; +require_explicit_policy(suite) -> []; +require_explicit_policy(Config) when is_list(Config) -> + run(require_explicit_policy()). +policy_mappings(doc) -> [""]; +policy_mappings(suite) -> []; +policy_mappings(Config) when is_list(Config) -> + run(policy_mappings()). +inhibit_policy_mapping(doc) -> [""]; +inhibit_policy_mapping(suite) -> []; +inhibit_policy_mapping(Config) when is_list(Config) -> + run(inhibit_policy_mapping()). +inhibit_any_policy(doc) -> [""]; +inhibit_any_policy(suite) -> []; +inhibit_any_policy(Config) when is_list(Config) -> + run(inhibit_any_policy()). +name_constraints(doc) -> [""]; +name_constraints(suite) -> []; +name_constraints(Config) when is_list(Config) -> + run(name_constraints()). +distribution_points(doc) -> [""]; +distribution_points(suite) -> []; +distribution_points(Config) when is_list(Config) -> + run(distribution_points()). +delta_crls(doc) -> [""]; +delta_crls(suite) -> []; +delta_crls(Config) when is_list(Config) -> + run(delta_crls()). +private_certificate_extensions(doc) -> [""]; +private_certificate_extensions(suite) -> []; +private_certificate_extensions(Config) when is_list(Config) -> + run(private_certificate_extensions()). + +run() -> + catch crypto:start(), + Tests = + [signature_verification(), + validity_periods(), + verifying_name_chaining(), + %%basic_certificate_revocation_tests(), + verifying_paths_with_self_issued_certificates(), + verifying_basic_constraints(), + key_usage(), + %%certificate_policies(), + %%require_explicit_policy(), + %%policy_mappings(), + %%inhibit_policy_mapping(), + %%inhibit_any_policy(), + name_constraints(), + %distribution_points(), + %delta_crls(), + private_certificate_extensions() + ], + run(lists:append(Tests)). + +run(Tests) -> + File = file(?CERTS,"TrustAnchorRootCertificate.crt"), + {ok, TA} = file:read_file(File), + run(Tests, TA). + +run({Chap, Test, Result}, TA) -> + CertChain = sort_chain(read_certs(Test),TA, [], false), + try public_key:pkix_path_validation(TA, CertChain, []) of + {Result, _} -> ok; + {error,Result} when Result =/= ok -> + ok; + {error,Error} when is_integer(Result) -> + ?warning(" ~p~n Got ~p expected ~p~n",[Test, Error, Result]); + {error,Error} when Result =/= ok -> + ?error(" minor ~p~n Got ~p expected ~p~n",[Test, Error, Result]); + {error, Error} -> + ?error(" ~p ~p~n Expected ~p got ~p ~n", [Chap, Test, Result, Error]), + fail; + {ok, _} when Result =/= ok -> + ?error(" ~p ~p~n Expected ~p got ~p ~n", [Chap, Test, Result, ok]), + fail + catch Type:Reason -> + Stack = erlang:get_stacktrace(), + io:format("Crash ~p:~p in ~p~n",[Type,Reason,Stack]), + io:format(" ~p ~p Expected ~p ~n", [Chap, Test, Result]), + exit(crash) + end; + +run([Test|Rest],TA) -> + run(Test,TA), + run(Rest,TA); +run([],_) -> ok. + + +read_certs(Test) -> + File = test_file(Test), + %% io:format("Read ~p ",[File]), + {ok, Ders} = public_key:pem_to_der(File), + %% io:format("Ders ~p ~n",[length(Ders)]), + [Cert || {cert,Cert,not_encrypted} <- Ders]. + +test_file(Test) -> + file(?CONV, lists:append(string:tokens(Test, " -")) ++ ".pem"). + +file(Sub,File) -> + TestDir = case get(datadir) of + undefined -> "./pkits_SUITE_data"; + Dir when is_list(Dir) -> + Dir + end, + AbsFile = filename:join([TestDir,Sub,File]), + case filelib:is_file(AbsFile) of + true -> ok; + false -> + ?error("Couldn't read data from ~p ~n",[AbsFile]) + end, + AbsFile. + +sort_chain([First|Certs], TA, Try, Found) -> + case public_key:pkix_is_issuer(First,TA) of + true -> + [First|sort_chain(Certs,First,Try,true)]; + false -> + sort_chain(Certs,TA,[First|Try],Found) + end; +sort_chain([], _, [],_) -> []; +sort_chain([], Valid, Check, true) -> + sort_chain(lists:reverse(Check), Valid, [], false); +sort_chain([], _Valid, Check, false) -> + Check. + +signature_verification() -> + %% "4.1", "Signature Verification" , + [{ "4.1.1", "Valid Signatures Test1", ok}, + { "4.1.2", "Invalid CA Signature Test2", {bad_cert,invalid_signature}}, + { "4.1.3", "Invalid EE Signature Test3", {bad_cert,invalid_signature}}, + { "4.1.4", "Valid DSA Signatures Test4", ok}, + { "4.1.5", "Valid DSA Parameter Inheritance Test5", ok}, + { "4.1.6", "Invalid DSA Signature Test6", {bad_cert,invalid_signature}}]. +validity_periods() -> + %% { "4.2", "Validity Periods" }, + [{ "4.2.1", "Invalid CA notBefore Date Test1", {bad_cert, cert_expired}}, + { "4.2.2", "Invalid EE notBefore Date Test2", {bad_cert, cert_expired}}, + { "4.2.3", "Valid pre2000 UTC notBefore Date Test3", ok}, + { "4.2.4", "Valid GeneralizedTime notBefore Date Test4", ok}, + { "4.2.5", "Invalid CA notAfter Date Test5", {bad_cert, cert_expired}}, + { "4.2.6", "Invalid EE notAfter Date Test6", {bad_cert, cert_expired}}, + { "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", {bad_cert, cert_expired}}, + { "4.2.8", "Valid GeneralizedTime notAfter Date Test8", ok}]. +verifying_name_chaining() -> + %%{ "4.3", "Verifying Name Chaining" }, + [{ "4.3.1", "Invalid Name Chaining EE Test1", {bad_cert, invalid_issuer}}, + { "4.3.2", "Invalid Name Chaining Order Test2", {bad_cert, invalid_issuer}}, + { "4.3.3", "Valid Name Chaining Whitespace Test3", ok}, + { "4.3.4", "Valid Name Chaining Whitespace Test4", ok}, + { "4.3.5", "Valid Name Chaining Capitalization Test5", ok}, + { "4.3.6", "Valid Name Chaining UIDs Test6", ok}, + { "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", ok}, + { "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", ok}, + { "4.3.9", "Valid UTF8String Encoded Names Test9", ok}, + { "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", ok}, + { "4.3.11", "Valid UTF8String Case Insensitive Match Test11", ok}]. +basic_certificate_revocation_tests() -> + %%{ "4.4", "Basic Certificate Revocation Tests" }, + [{ "4.4.1", "Missing CRL Test1", 3 }, + { "4.4.2", "Invalid Revoked CA Test2", 23 }, + { "4.4.3", "Invalid Revoked EE Test3", 23 }, + { "4.4.4", "Invalid Bad CRL Signature Test4", 8 }, + { "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 }, + { "4.4.6", "Invalid Wrong CRL Test6", 3 }, + { "4.4.7", "Valid Two CRLs Test7", ok}, + + %% The test document suggests these should return certificate revoked... + %% Subsquent discussion has concluded they should not due to unhandle + %% critical CRL extensions. + { "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 }, + { "4.4.9", "Invalid Unknown CRL Extension Test9", 36 }, + + { "4.4.10", "Invalid Unknown CRL Extension Test10", 36 }, + { "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 }, + { "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 }, + { "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", ok}, + { "4.4.14", "Valid Negative Serial Number Test14", ok}, + { "4.4.15", "Invalid Negative Serial Number Test15", 23 }, + { "4.4.16", "Valid Long Serial Number Test16", ok}, + { "4.4.17", "Valid Long Serial Number Test17", ok}, + { "4.4.18", "Invalid Long Serial Number Test18", 23 }, + { "4.4.19", "Valid Separate Certificate and CRL Keys Test19", ok}, + { "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 }, + + %% CRL path is revoked so get a CRL path validation error + { "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 }]. +verifying_paths_with_self_issued_certificates() -> + %%{ "4.5", "Verifying Paths with Self-Issued Certificates" }, + [{ "4.5.1", "Valid Basic Self-Issued Old With New Test1", ok}, + %%{ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 }, + %%{ "4.5.3", "Valid Basic Self-Issued New With Old Test3", ok}, + %%{ "4.5.4", "Valid Basic Self-Issued New With Old Test4", ok}, + { "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 }, + %%{ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", ok}, + { "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 }, + { "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", {bad_cert,invalid_key_usage} }]. +verifying_basic_constraints() -> + [%%{ "4.6", "Verifying Basic Constraints" }, + { "4.6.1", "Invalid Missing basicConstraints Test1", + {bad_cert, missing_basic_constraint} }, + { "4.6.2", "Invalid cA False Test2", {bad_cert, missing_basic_constraint}}, + { "4.6.3", "Invalid cA False Test3", {bad_cert, missing_basic_constraint}}, + { "4.6.4", "Valid basicConstraints Not Critical Test4", ok}, + { "4.6.5", "Invalid pathLenConstraint Test5", {bad_cert, max_path_length_reached}}, + { "4.6.6", "Invalid pathLenConstraint Test6", {bad_cert, max_path_length_reached}}, + { "4.6.7", "Valid pathLenConstraint Test7", ok}, + { "4.6.8", "Valid pathLenConstraint Test8", ok}, + { "4.6.9", "Invalid pathLenConstraint Test9", {bad_cert, max_path_length_reached}}, + { "4.6.10", "Invalid pathLenConstraint Test10", {bad_cert, max_path_length_reached}}, + { "4.6.11", "Invalid pathLenConstraint Test11", {bad_cert, max_path_length_reached}}, + { "4.6.12", "Invalid pathLenConstraint Test12", {bad_cert, max_path_length_reached}}, + { "4.6.13", "Valid pathLenConstraint Test13", ok}, + { "4.6.14", "Valid pathLenConstraint Test14", ok}, + { "4.6.15", "Valid Self-Issued pathLenConstraint Test15", ok}, + { "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", {bad_cert, max_path_length_reached}}, + { "4.6.17", "Valid Self-Issued pathLenConstraint Test17", ok}]. +key_usage() -> + %%{ "4.7", "Key Usage" }, + [{ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", {bad_cert,invalid_key_usage} }, + { "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", {bad_cert,invalid_key_usage} }, + { "4.7.3", "Valid keyUsage Not Critical Test3", ok} + %%,{ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 } + %%,{ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 } + ]. + +%% Certificate policy tests need special handling. They can have several +%% sub tests and we need to check the outputs are correct. + +certificate_policies() -> + %%{ "4.8", "Certificate Policies" }, + [{"4.8.1.1", "All Certificates Same Policy Test1", "-policy anyPolicy -explicit_policy", "True", ?NIST1, ?NIST1, 0}, + {"4.8.1.2", "All Certificates Same Policy Test1", "-policy ?NIST1 -explicit_policy", "True", ?NIST1, ?NIST1, 0}, + {"4.8.1.3", "All Certificates Same Policy Test1", "-policy ?NIST2 -explicit_policy", "True", ?NIST1, "", 43}, + {"4.8.1.4", "All Certificates Same Policy Test1", "-policy ?NIST1 -policy ?NIST2 -explicit_policy", "True", ?NIST1, ?NIST1, 0}, + {"4.8.2.1", "All Certificates No Policies Test2", "-policy anyPolicy", "False", "", "", 0}, + {"4.8.2.2", "All Certificates No Policies Test2", "-policy anyPolicy -explicit_policy", "True", "", "", 43}, + {"4.8.3.1", "Different Policies Test3", "-policy anyPolicy", "False", "", "", 0}, + {"4.8.3.2", "Different Policies Test3", "-policy anyPolicy -explicit_policy", "True", "", "", 43}, + {"4.8.3.3", "Different Policies Test3", "-policy ?NIST1 -policy ?NIST2 -explicit_policy", "True", "", "", 43}, + {"4.8.4", "Different Policies Test4", "-policy anyPolicy", "True", "", "", 43}, + {"4.8.5", "Different Policies Test5", "-policy anyPolicy", "True", "", "", 43}, + {"4.8.6.1", "Overlapping Policies Test6", "-policy anyPolicy", "True", ?NIST1, ?NIST1, 0}, + {"4.8.6.2", "Overlapping Policies Test6", "-policy ?NIST1", "True", ?NIST1, ?NIST1, 0}, + {"4.8.6.3", "Overlapping Policies Test6", "-policy ?NIST2", "True", ?NIST1, "", 43}, + {"4.8.7", "Different Policies Test7", "-policy anyPolicy", "True", "", "", 43}, + {"4.8.8", "Different Policies Test8", "-policy anyPolicy", "True", "", "", 43}, + {"4.8.9", "Different Policies Test9", "-policy anyPolicy", "True", "", "", 43}, + {"4.8.10.1", "All Certificates Same Policies Test10", "-policy ?NIST1", "True", "?NIST1:?NIST2", "?NIST1", 0}, + {"4.8.10.2", "All Certificates Same Policies Test10", "-policy ?NIST2", "True", "?NIST1:?NIST2", "?NIST2", 0}, + {"4.8.10.3", "All Certificates Same Policies Test10", "-policy anyPolicy", "True", "?NIST1:?NIST2", "?NIST1:?NIST2", 0}, + {"4.8.11.1", "All Certificates AnyPolicy Test11", "-policy anyPolicy", "True", "$apolicy", "$apolicy", 0}, + {"4.8.11.2", "All Certificates AnyPolicy Test11", "-policy ?NIST1", "True", "$apolicy", "?NIST1", 0}, + {"4.8.12", "Different Policies Test12", "-policy anyPolicy", "True", "", "", 43}, + {"4.8.13.1", "All Certificates Same Policies Test13", "-policy ?NIST1", "True", "?NIST1:?NIST2:?NIST3", "?NIST1", 0}, + {"4.8.13.2", "All Certificates Same Policies Test13", "-policy ?NIST2", "True", "?NIST1:?NIST2:?NIST3", "?NIST2", 0}, + {"4.8.13.3", "All Certificates Same Policies Test13", "-policy ?NIST3", "True", "?NIST1:?NIST2:?NIST3", "?NIST3", 0}, + {"4.8.14.1", "AnyPolicy Test14", "-policy ?NIST1", "True", "?NIST1", "?NIST1", 0}, + {"4.8.14.2", "AnyPolicy Test14", "-policy ?NIST2", "True", "?NIST1", "", 43}, + {"4.8.15", "User Notice Qualifier Test15", "-policy anyPolicy", "False", "?NIST1", "?NIST1", 0}, + {"4.8.16", "User Notice Qualifier Test16", "-policy anyPolicy", "False", "?NIST1", "?NIST1", 0}, + {"4.8.17", "User Notice Qualifier Test17", "-policy anyPolicy", "False", "?NIST1", "?NIST1", 0}, + {"4.8.18.1", "User Notice Qualifier Test18", "-policy ?NIST1", "True", "?NIST1:?NIST2", "?NIST1", 0}, + {"4.8.18.2", "User Notice Qualifier Test18", "-policy ?NIST2", "True", "?NIST1:?NIST2", "?NIST2", 0}, + {"4.8.19", "User Notice Qualifier Test19", "-policy anyPolicy", "False", "?NIST1", "?NIST1", 0}, + {"4.8.20", "CPS Pointer Qualifier Test20", "-policy anyPolicy -explicit_policy", "True", "?NIST1", "?NIST1", 0}]. +require_explicit_policy() -> + %%{ "4.9", "Require Explicit Policy" }, + [{"4.9.1", "Valid RequireExplicitPolicy Test1", "-policy anyPolicy", "False", "", "", 0}, + {"4.9.2", "Valid RequireExplicitPolicy Test2", "-policy anyPolicy", "False", "", "", 0}, + {"4.9.3", "Invalid RequireExplicitPolicy Test3", "-policy anyPolicy", "True", "", "", 43}, + {"4.9.4", "Valid RequireExplicitPolicy Test4", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + {"4.9.5", "Invalid RequireExplicitPolicy Test5", "-policy anyPolicy", "True", "", "", 43}, + {"4.9.6", "Valid Self-Issued requireExplicitPolicy Test6", "-policy anyPolicy", "False", "", "", 0}, + {"4.9.7", "Invalid Self-Issued requireExplicitPolicy Test7", "-policy anyPolicy", "True", "", "", 43}, + {"4.9.8", "Invalid Self-Issued requireExplicitPolicy Test8", "-policy anyPolicy", "True", "", "", 43}]. +policy_mappings() -> + %%{ "4.10", "Policy Mappings" }, + [{"4.10.1.1", "Valid Policy Mapping Test1", "-policy ?NIST1", "True", "?NIST1", "?NIST1", 0}, + {"4.10.1.2", "Valid Policy Mapping Test1", "-policy ?NIST2", "True", "?NIST1", "", 43}, + {"4.10.1.3", "Valid Policy Mapping Test1", "-policy anyPolicy -inhibit_map", "True", "", "", 43}, + {"4.10.2.1", "Invalid Policy Mapping Test2", "-policy anyPolicy", "True", "", "", 43}, + {"4.10.2.2", "Invalid Policy Mapping Test2", "-policy anyPolicy -inhibit_map", "True", "", "", 43}, + {"4.10.3.1", "Valid Policy Mapping Test3", "-policy ?NIST1", "True", "?NIST2", "", 43}, + {"4.10.3.2", "Valid Policy Mapping Test3", "-policy ?NIST2", "True", "?NIST2", "?NIST2", 0}, + {"4.10.4", "Invalid Policy Mapping Test4", "-policy anyPolicy", "True", "", "", 43}, + {"4.10.5.1", "Valid Policy Mapping Test5", "-policy ?NIST1", "True", "?NIST1", "?NIST1", 0}, + {"4.10.5.2", "Valid Policy Mapping Test5", "-policy ?NIST6", "True", "?NIST1", "", 43}, + {"4.10.6.1", "Valid Policy Mapping Test6", "-policy ?NIST1", "True", "?NIST1", "?NIST1", 0}, + {"4.10.6.2", "Valid Policy Mapping Test6", "-policy ?NIST6", "True", "?NIST1", "", 43}, + { "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 }, + { "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 }, + {"4.10.9", "Valid Policy Mapping Test9", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + {"4.10.10", "Invalid Policy Mapping Test10", "-policy anyPolicy", "True", "", "", 43}, + {"4.10.11", "Valid Policy Mapping Test11", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + + %% TODO: check notice display + {"4.10.12.1", "Valid Policy Mapping Test12", "-policy ?NIST1", "True", "?NIST1:?NIST2", "?NIST1", 0}, + + %% TODO: check notice display + {"4.10.12.2", "Valid Policy Mapping Test12", "-policy ?NIST2", "True", "?NIST1:?NIST2", "?NIST2", 0}, + {"4.10.13", "Valid Policy Mapping Test13", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + + %% TODO: check notice display + {"4.10.14", "Valid Policy Mapping Test14", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}]. + +inhibit_policy_mapping() -> + %%{ "4.11", "Inhibit Policy Mapping" }, + [{"4.11.1", "Invalid inhibitPolicyMapping Test1", "-policy anyPolicy", "True", "", "", 43}, + {"4.11.2", "Valid inhibitPolicyMapping Test2", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + {"4.11.3", "Invalid inhibitPolicyMapping Test3", "-policy anyPolicy", "True", "", "", 43}, + {"4.11.4", "Valid inhibitPolicyMapping Test4", "-policy anyPolicy", "True", "?NIST2", "?NIST2", 0}, + {"4.11.5", "Invalid inhibitPolicyMapping Test5", "-policy anyPolicy", "True", "", "", 43}, + {"4.11.6", "Invalid inhibitPolicyMapping Test6", "-policy anyPolicy", "True", "", "", 43}, + {"4.11.7", "Valid Self-Issued inhibitPolicyMapping Test7", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + {"4.11.8", "Invalid Self-Issued inhibitPolicyMapping Test8", "-policy anyPolicy", "True", "", "", 43}, + {"4.11.9", "Invalid Self-Issued inhibitPolicyMapping Test9", "-policy anyPolicy", "True", "", "", 43}, + {"4.11.10", "Invalid Self-Issued inhibitPolicyMapping Test10", "-policy anyPolicy", "True", "", "", 43}, + {"4.11.11", "Invalid Self-Issued inhibitPolicyMapping Test11", "-policy anyPolicy", "True", "", "", 43}]. +inhibit_any_policy() -> + %%{ "4.12", "Inhibit Any Policy" }, + [{"4.12.1", "Invalid inhibitAnyPolicy Test1", "-policy anyPolicy", "True", "", "", 43}, + {"4.12.2", "Valid inhibitAnyPolicy Test2", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + {"4.12.3.1", "inhibitAnyPolicy Test3", "-policy anyPolicy", "True", "?NIST1", "?NIST1", 0}, + {"4.12.3.2", "inhibitAnyPolicy Test3", "-policy anyPolicy -inhibit_any", "True", "", "", 43}, + {"4.12.4", "Invalid inhibitAnyPolicy Test4", "-policy anyPolicy", "True", "", "", 43}, + {"4.12.5", "Invalid inhibitAnyPolicy Test5", "-policy anyPolicy", "True", "", "", 43}, + {"4.12.6", "Invalid inhibitAnyPolicy Test6", "-policy anyPolicy", "True", "", "", 43}, + {"4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", ok}, + {"4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 }, + {"4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", ok}, + {"4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 }]. + +name_constraints() -> + %%{ "4.13", "Name Constraints" }, + [{ "4.13.1", "Valid DN nameConstraints Test1", ok}, + { "4.13.2", "Invalid DN nameConstraints Test2", {bad_cert, name_not_permitted}}, + { "4.13.3", "Invalid DN nameConstraints Test3", {bad_cert, name_not_permitted}}, + { "4.13.4", "Valid DN nameConstraints Test4", ok}, + { "4.13.5", "Valid DN nameConstraints Test5", ok}, + { "4.13.6", "Valid DN nameConstraints Test6", ok}, + { "4.13.7", "Invalid DN nameConstraints Test7", {bad_cert, name_not_permitted}}, + { "4.13.8", "Invalid DN nameConstraints Test8", {bad_cert, name_not_permitted}}, + { "4.13.9", "Invalid DN nameConstraints Test9", {bad_cert, name_not_permitted}}, + { "4.13.10", "Invalid DN nameConstraints Test10", {bad_cert, name_not_permitted}}, + { "4.13.11", "Valid DN nameConstraints Test11", ok}, + { "4.13.12", "Invalid DN nameConstraints Test12", {bad_cert, name_not_permitted}}, + { "4.13.13", "Invalid DN nameConstraints Test13", {bad_cert, name_not_permitted}}, + { "4.13.14", "Valid DN nameConstraints Test14", ok}, + { "4.13.15", "Invalid DN nameConstraints Test15", {bad_cert, name_not_permitted}}, + { "4.13.16", "Invalid DN nameConstraints Test16", {bad_cert, name_not_permitted}}, + { "4.13.17", "Invalid DN nameConstraints Test17", {bad_cert, name_not_permitted}}, + { "4.13.18", "Valid DN nameConstraints Test18", ok}, + { "4.13.19", "Valid Self-Issued DN nameConstraints Test19", ok}, + { "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", {bad_cert, name_not_permitted} }, + { "4.13.21", "Valid RFC822 nameConstraints Test21", ok}, + { "4.13.22", "Invalid RFC822 nameConstraints Test22", {bad_cert, name_not_permitted} }, + { "4.13.23", "Valid RFC822 nameConstraints Test23", ok}, + { "4.13.24", "Invalid RFC822 nameConstraints Test24", {bad_cert, name_not_permitted} }, + { "4.13.25", "Valid RFC822 nameConstraints Test25", ok}, + { "4.13.26", "Invalid RFC822 nameConstraints Test26", {bad_cert, name_not_permitted}}, + { "4.13.27", "Valid DN and RFC822 nameConstraints Test27", ok}, + { "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", {bad_cert, name_not_permitted} }, + { "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", {bad_cert, name_not_permitted} }, + { "4.13.30", "Valid DNS nameConstraints Test30", ok}, + { "4.13.31", "Invalid DNS nameConstraints Test31", {bad_cert, name_not_permitted} }, + { "4.13.32", "Valid DNS nameConstraints Test32", ok}, + { "4.13.33", "Invalid DNS nameConstraints Test33", {bad_cert, name_not_permitted}}, + { "4.13.34", "Valid URI nameConstraints Test34", ok}, + { "4.13.35", "Invalid URI nameConstraints Test35", {bad_cert, name_not_permitted} }, + { "4.13.36", "Valid URI nameConstraints Test36", ok}, + { "4.13.37", "Invalid URI nameConstraints Test37", {bad_cert, name_not_permitted}}, + { "4.13.38", "Invalid DNS nameConstraints Test38", {bad_cert, name_not_permitted} }]. +distribution_points() -> + %%{ "4.14", "Distribution Points" }, + [{ "4.14.1", "Valid distributionPoint Test1", ok}, + { "4.14.2", "Invalid distributionPoint Test2", 23 }, + { "4.14.3", "Invalid distributionPoint Test3", 44 }, + { "4.14.4", "Valid distributionPoint Test4", ok}, + { "4.14.5", "Valid distributionPoint Test5", ok}, + { "4.14.6", "Invalid distributionPoint Test6", 23 }, + { "4.14.7", "Valid distributionPoint Test7", ok}, + { "4.14.8", "Invalid distributionPoint Test8", 44 }, + { "4.14.9", "Invalid distributionPoint Test9", 44 }, + { "4.14.10", "Valid No issuingDistributionPoint Test10", ok}, + { "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 }, + { "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 }, + { "4.14.13", "Valid onlyContainsCACerts CRL Test13", ok}, + { "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 }, + { "4.14.15", "Invalid onlySomeReasons Test15", 23 }, + { "4.14.16", "Invalid onlySomeReasons Test16", 23 }, + { "4.14.17", "Invalid onlySomeReasons Test17", 3 }, + { "4.14.18", "Valid onlySomeReasons Test18", ok}, + { "4.14.19", "Valid onlySomeReasons Test19", ok}, + { "4.14.20", "Invalid onlySomeReasons Test20", 23 }, + { "4.14.21", "Invalid onlySomeReasons Test21", 23 }, + { "4.14.22", "Valid IDP with indirectCRL Test22", ok}, + { "4.14.23", "Invalid IDP with indirectCRL Test23", 23 }, + { "4.14.24", "Valid IDP with indirectCRL Test24", ok}, + { "4.14.25", "Valid IDP with indirectCRL Test25", ok}, + { "4.14.26", "Invalid IDP with indirectCRL Test26", 44 }, + { "4.14.27", "Invalid cRLIssuer Test27", 3 }, + { "4.14.28", "Valid cRLIssuer Test28", ok}, + { "4.14.29", "Valid cRLIssuer Test29", ok}, + + %% Although this test is valid it has a circular dependency. As a result + %% an attempt is made to reursively checks a CRL path and rejected due to + %% a CRL path validation error. PKITS notes suggest this test does not + %% need to be run due to this issue. + { "4.14.30", "Valid cRLIssuer Test30", 54 }, + { "4.14.31", "Invalid cRLIssuer Test31", 23 }, + { "4.14.32", "Invalid cRLIssuer Test32", 23 }, + { "4.14.33", "Valid cRLIssuer Test33", ok}, + { "4.14.34", "Invalid cRLIssuer Test34", 23 }, + { "4.14.35", "Invalid cRLIssuer Test35", 44 }]. +delta_crls() -> + %%{ "4.15", "Delta-CRLs" }, + [{ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 }, + { "4.15.2", "Valid delta-CRL Test2", ok}, + { "4.15.3", "Invalid delta-CRL Test3", 23 }, + { "4.15.4", "Invalid delta-CRL Test4", 23 }, + { "4.15.5", "Valid delta-CRL Test5", ok}, + { "4.15.6", "Invalid delta-CRL Test6", 23 }, + { "4.15.7", "Valid delta-CRL Test7", ok}, + { "4.15.8", "Valid delta-CRL Test8", ok}, + { "4.15.9", "Invalid delta-CRL Test9", 23 }, + { "4.15.10", "Invalid delta-CRL Test10", 12 }]. +private_certificate_extensions() -> + %%{ "4.16", "Private Certificate Extensions" }, + [{ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", ok}, + { "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", + {bad_cert,unknown_critical_extension}}]. + + +convert() -> + Tests = [signature_verification(), + validity_periods(), + verifying_name_chaining(), + basic_certificate_revocation_tests(), + verifying_paths_with_self_issued_certificates(), + verifying_basic_constraints(), + key_usage(), + certificate_policies(), + require_explicit_policy(), + policy_mappings(), + inhibit_policy_mapping(), + inhibit_any_policy(), + name_constraints(), + distribution_points(), + delta_crls(), + private_certificate_extensions()], + [convert(Test) || Test <- lists:flatten(Tests)]. + +convert({_,Test,_}) -> + convert1(Test); +convert({_,Test,_,_,_,_,_}) -> + convert1(Test). + +convert1(Test) -> + FName = lists:append(string:tokens(Test, " -")), + File = filename:join(?MIME, "Signed" ++ FName ++ ".eml"), + io:format("Convert ~p~n",[File]), + {ok, Mail} = file:read_file(File), + Base64 = skip_lines(Mail), + %%io:format("~s",[Base64]), + Tmp = base64:mime_decode(Base64), + file:write_file("pkits/smime-pem/tmp-pkcs7.der", Tmp), + Cmd = "openssl pkcs7 -inform der -in pkits/smime-pem/tmp-pkcs7.der" + " -print_certs -out pkits/smime-pem/" ++ FName ++ ".pem", + case os:cmd(Cmd) of + "" -> ok; + Err -> + io:format("~s",[Err]), + erlang:error(bad_cmd) + end. + +skip_lines(<<"\r\n\r\n", Rest/binary>>) -> Rest; +skip_lines(<<"\n\n", Rest/binary>>) -> Rest; +skip_lines(<<_:8, Rest/binary>>) -> + skip_lines(Rest). + +init_per_testcase(_Func, Config) -> + Datadir = proplists:get_value(data_dir, Config), + put(datadir, Datadir), + Config. + +fin_per_testcase(_Func, Config) -> + %% Nodes = select_nodes(all, Config, ?FILE, ?LINE), + %% rpc:multicall(Nodes, mnesia, lkill, []), + Config. + +init_per_suite(Config) -> + crypto:start(), + Config. + +end_per_suite(_Config) -> + crypto:stop(). + +error(Format, Args, File0, Line) -> + File = filename:basename(File0), + Pid = group_leader(), + Pid ! {failed, File, Line}, + io:format(Pid, "~s(~p): ERROR"++Format, [File,Line|Args]). + +warning(Format, Args, File0, Line) -> + File = filename:basename(File0), + io:format("~s(~p): Warning "++Format, [File,Line|Args]). diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/certs/TrustAnchorRootCertificate.crt b/lib/public_key/test/pkits_SUITE_data/pkits/certs/TrustAnchorRootCertificate.crt new file mode 100644 index 0000000000..21f520ee56 Binary files /dev/null and b/lib/public_key/test/pkits_SUITE_data/pkits/certs/TrustAnchorRootCertificate.crt differ diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem new file mode 100644 index 0000000000..8f00499440 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=anyPolicy CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfDCCAeWgAwIBAgIBJjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMYW55UG9saWN5 +IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGOGYJ7e91FozKo0McZ6T1 +zTYa4IXfHqChuqKgri79fgKVZZsKwOyoHWJfsLn6ClknlWE9NJATHZfQp8GfLy9k +MbdXEKgZQoyWOV2Q0s37ez+I4yuR33JZpxtpKqYQW2fKdhhOdR+DcLwgWUJ4s1Gg +KCXhxYnC4nfSho/lgR3h/QIDAQABo4GFMIGCMB8GA1UdIwQYMBaAFPts1C2Bnson +ep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAOBgNV +HQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAAMA8GA1UdEwEB/wQFMAMBAf8w +DAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQA8JxYIM/manOaFxyoO3y+p +th/jCQFiR6fDo5mhYEOjZuHDWdejSZvNtbpPfNnKmM6W/qI57hZBgVDil9P/CMSi +wYPJvKl0ofonnhhPd+uMPhJENho/NhWyc1cgruABceTtBP966dRIhejL3K7SewrT +aV+IWdHVMKREjOXtHakoKQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=All Certificates anyPolicy EE Certificate Test11 +issuer=/C=US/O=Test Certificates/CN=anyPolicy CA +-----BEGIN CERTIFICATE----- +MIICfzCCAeigAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBD +QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwQWxsIENlcnRp +ZmljYXRlcyBhbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVzdDExMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQDXI8MbFkMJTmeIdP1EpYg8qYdNkQRq1yNQYMHH +9TxFgw3L7sCGGxJS6PN4SS67CdnNZKNseFT+qAIDIbBw+p6uuAB4PWZEireOFo+s +PSdbG2Os76qFi12SpIniE64W5aSMzmccMf6RqzuqUROYH8wOzk8w6y+RI2qnkqDx +0HxJrwIDAQABo2UwYzAfBgNVHSMEGDAWgBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAd +BgNVHQ4EFgQUC8LFyye3gbbbFeNrasBg1Fq10JYwDgYDVR0PAQH/BAQDAgTwMBEG +A1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQAmASNJNMm+5XfUYE/I +IhtOmsbGvCrIWyMyhcv7gosAMSsXYU+8CzWpkjP0zS42rEphyqP8zUAWjR/BqUJV +9uwenHlpNeVflKgq0UVqYeoqc+afpvgLe+2o2Fe81Uz2tQ+LjwRQCm0/dhEVeZ4B +JutCF8LtmT3hv2RlWp5v1mmG4w== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=anyPolicy CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3E:B3:9E:A2:E4:43:85:FB:67:40:31:86:13:9B:C6:61:ED:86:D5:E2 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 2a:c3:2d:e7:f3:91:d6:67:7b:66:88:f9:22:e8:64:c9:80:a2: + 88:bb:d7:a0:84:a3:75:ab:d5:af:72:d0:fa:1f:ed:4e:42:29: + 62:23:32:25:59:4d:a3:45:c1:bc:ae:37:c8:b2:d0:79:00:96: + 84:0d:7d:a2:f0:58:d7:c4:99:64:cc:4e:8b:5f:88:f6:6f:cf: + ee:39:54:34:8c:7b:0f:e7:43:0b:26:d8:6e:c4:f8:6a:ed:80: + 9a:47:d3:38:bb:82:9b:fe:bf:6b:01:6e:c9:e7:8f:3e:cc:b1: + 4a:a3:df:86:3a:2d:ca:62:6c:dd:27:a8:51:c2:b4:3f:c5:ba: + 90:6c +-----BEGIN X509 CRL----- +MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBDQRcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUPrOeouRD +hftnQDGGE5vGYe2G1eIwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAKsMt +5/OR1md7Zoj5IuhkyYCiiLvXoISjdavVr3LQ+h/tTkIpYiMyJVlNo0XBvK43yLLQ +eQCWhA19ovBY18SZZMxOi1+I9m/P7jlUNIx7D+dDCybYbsT4au2AmkfTOLuCm/6/ +awFuyeePPsyxSqPfhjotymJs3SeoUcK0P8W6kGw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem new file mode 100644 index 0000000000..ea336fce35 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem @@ -0,0 +1,107 @@ +subject=/C=US/O=Test Certificates/CN=No Policies CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICWzCCAcSgAwIBAgIBIjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEIxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEXMBUGA1UEAxMOTm8gUG9saWNp +ZXMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWH/haSHmzYQAYFLKMA +cbwROk7OaY3N6TMLQIz4yWrwGzpy+kiIDZ2xVPnyHRHp12VlAI5u78kQKAivhpNw +ovjgrUmE86zb3/OOa341tubElI6Y9G1Y1tnzPCK+hi1vjrHAHr1Glf8VOgZ9ijpU +SjXOsw5pFlz22uc7BRI7S/K1AgMBAAGjYzBhMB8GA1UdIwQYMBaAFPts1C2Bnson +ep4NsDzqmryH/0nqMB0GA1UdDgQWBBRTwRQlfeVbPleR+JYOkJ5dxiWoujAOBgNV +HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBr +G1ayCZm1VdyAqi1JuxUTt6bQcd8iNR0vvnl49QzjKgCNRqNV69RCH0U4ZST8D57t +TVN8DJITlnH+Kbid6OWcgkb+vi5C0SPLPNym18RVzKNQtR88lJCByvNbx/CprRYl +EfsMrs6FA8loVY0rVrUpEsTjVxyDh+fb8GZ3CAJIng== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=All Certificates No Policies EE Certificate Test2 +issuer=/C=US/O=Test Certificates/CN=No Policies CA +-----BEGIN CERTIFICATE----- +MIICbzCCAdigAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDk5vIFBvbGljaWVz +IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQDEzFBbGwgQ2Vy +dGlmaWNhdGVzIE5vIFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbFHIGRAKQBl4eS/EWvFaVcb/7H30je7Yf +LmXoIYQGeWJZQfXWSsJyXyoaMhf4uLonxy8mi1Ap8vy3Fqc9b55Cm48xatNCao6D +W6YbSQu9hiSXCMxjXWnrYfi62KywO6I2y5JbT0CZ2PbQO0lFXYKPaTFDKzgf9l4x +ppvlkUQdsQIDAQABo1IwUDAfBgNVHSMEGDAWgBRTwRQlfeVbPleR+JYOkJ5dxiWo +ujAdBgNVHQ4EFgQUy5AB5Gdr2u2a+KXtJZFHFSHyopEwDgYDVR0PAQH/BAQDAgTw +MA0GCSqGSIb3DQEBBQUAA4GBAGk2l02zPeeK5Xca7UysnHmcjV08jAnZw6WqKJlS +ZK/upXnIu/i4JXjxhC/aBpFDs1foGPEPb7vPwJBq6psJ/qvrL3FxzWnmp08P4iUP +c7e9vxXYaMIQC3duKeV6SOn5VrpSPYRfchw/i70FJ+QCw9xAvNZ2X45Pzi9k9xUg +VfLw +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=No Policies CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:53:C1:14:25:7D:E5:5B:3E:57:91:F8:96:0E:90:9E:5D:C6:25:A8:BA + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 32:a4:9a:ca:5f:51:9e:91:db:fb:8a:0a:85:9b:64:c7:08:ef: + d5:17:43:34:7b:ad:53:90:4d:d1:43:10:f9:47:88:de:f3:78: + 67:2a:3a:4b:0e:5c:1a:a5:ee:19:b9:ef:f9:eb:3f:f1:39:2c: + 31:ab:e5:14:a7:90:8a:87:71:c6:78:a1:75:df:84:aa:3a:68: + 37:8a:ba:65:79:1f:31:93:8c:4e:6a:f1:1c:3b:fb:68:79:34: + 55:5b:42:55:8d:f3:2d:9f:f6:47:8d:64:6a:02:84:0b:97:aa: + 2c:c6:96:18:ed:b3:b1:a1:62:b4:73:40:83:00:1f:1e:96:ec: + d2:ff +-----BEGIN X509 CRL----- +MIIBOzCBpQIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDk5vIFBvbGljaWVzIENBFw0w +MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBRTwRQl +feVbPleR+JYOkJ5dxiWoujAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQAy +pJrKX1Gekdv7igqFm2THCO/VF0M0e61TkE3RQxD5R4je83hnKjpLDlwape4Zue/5 +6z/xOSwxq+UUp5CKh3HGeKF134SqOmg3irpleR8xk4xOavEcO/toeTRVW0JVjfMt +n/ZHjWRqAoQLl6osxpYY7bOxoWK0c0CDAB8eluzS/w== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem new file mode 100644 index 0000000000..62412e9602 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Policies P12 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg +UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO +/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9 +WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0 +CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B +nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO +BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl +AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB +BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK +btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk +biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=All Certificates Same Policies EE Certificate Test10 +issuer=/C=US/O=Test Certificates/CN=Policies P12 CA +-----BEGIN CERTIFICATE----- +MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx +MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGgxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE9MDsGA1UEAxM0QWxsIENl +cnRpZmljYXRlcyBTYW1lIFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QxMDCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmrdM0DTddXChaxuvVK1/9AmbK3pj +B7nrBT7FrZ4f+6sp0e/vN7kCNEiAaRq1BDUFjyiesHIoL7gVKw96xoYTQ1qdCGZO +04GFQtVjtBx8SZCDsvjWgaXxs2BPj3ooNV199aMCiKTeNPm1TwL2zpmGRBaV5As8 +X8eCNYjiya9c6jMCAwEAAaN5MHcwHwYDVR0jBBgwFoAUAONl6YHUhrnHHefzMzkG +XkwRpfkwHQYDVR0OBBYEFMb2N25TEoHRRp8AmP8/XLXv9HDaMA4GA1UdDwEB/wQE +AwIE8DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkq +hkiG9w0BAQUFAAOBgQBM+wZzcjByDVKWb9MADcwg0VTmgmhOhSmt3fqhHagC9q3G +ZY6+OWkM6gCdmw1JBr9JRTHPl1uo/W5dI4OVIupjsct4ObPWx1yn29VM30lyaYDR +iBhgjOp5tonCixdFbt7pMnviPwsIDKdQLQz0k8m7d/au9BVHVSlyDoqm0I0uSg== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f: + df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9: + 4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38: + 86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb: + 77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05: + 70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77: + e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11: + 1d:72 +-----BEGIN X509 CRL----- +MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl +6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA +oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor +RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN +gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem new file mode 100644 index 0000000000..888f8c117a --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem @@ -0,0 +1,110 @@ +subject=/C=US/O=Test Certificates/CN=Policies P123 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg +UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s +xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS +o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5 +ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt +gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww +DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB +ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD +gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM +jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext +cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY +kko1SxlW +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=All Certificates Same Policies EE Certificate Test13 +issuer=/C=US/O=Test Certificates/CN=Policies P123 CA +-----BEGIN CERTIFICATE----- +MIICqzCCAhSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx +MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBoMQswCQYDVQQG +EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNVBAMTNEFsbCBD +ZXJ0aWZpY2F0ZXMgU2FtZSBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTMw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ6RCve4HAIbl7RQiw7tPY3IJ0oT +KvS2jsUu4eNuzThRoKW0cWW3N+Jk1rkqgaaebVodXrb9cuDFONWRL0X2DZazb5h/ +4FX3obShqywkydsz7vBoixmRXa/oKtIa78h5zQTSDPR0sJeWIikOUJZMIJv4CNw1 +Pwvu3Y3i9CwT6m2fAgMBAAGjgYgwgYUwHwYDVR0jBBgwFoAU0L/Nm9/xkf2Ch1oQ +z5Cvi7zyxcwwHQYDVR0OBBYEFGqUba1DKQxc60sgeqLAqyOR/22bMA4GA1UdDwEB +/wQEAwIE8DAzBgNVHSAELDAqMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjAM +BgpghkgBZQMCATADMA0GCSqGSIb3DQEBBQUAA4GBAAd1diIEB4YaH7gH6DO1vptE +G2YpbuvISfPDhWjrLI/sLSJTH3l+kC/GE4FDEHJ0Rc76la5gyUbRwX1zTZKHGyxx +NhuE3i0XkrAlR6xRUJRcb1SgD7JqMzup7ZuFP9h3+txi71G33fMStCxKGa6ijUKd +LTzImFXGxbWm6SZujuyJ +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b: + 7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7: + 8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65: + 92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81: + 84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96: + 1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41: + 98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04: + ef:9d +-----BEGIN X509 CRL----- +MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/ +zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB +AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p +qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs +95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem new file mode 100644 index 0000000000..de409f5895 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem @@ -0,0 +1,118 @@ +subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp +ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co +7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF +H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh +i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3 +LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e +kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq +hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx +x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr +PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem new file mode 100644 index 0000000000..82576fb4a3 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=anyPolicy EE Certificate Test14 +issuer=/C=US/O=Test Certificates/CN=anyPolicy CA +-----BEGIN CERTIFICATE----- +MIICdDCCAd2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBD +QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfYW55UG9saWN5 +IEVFIENlcnRpZmljYXRlIFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAosJmcfDGby4vpcrZs7/LeCfqnvDfXgZakoRonLHgudPwLK839x7AtBqsAAsx +wYNmtj+gGNu9x2hjBOrEFHjxVhCZbr+V2b3NuZ0C2p+OcSZ6nKYxxmgtP9NrTYZs +MVo8uJ/d9zDXB7/Hflbl2iOtwHe4CpWlWkAcb55leIZdFx0CAwEAAaNrMGkwHwYD +VR0jBBgwFoAUPrOeouRDhftnQDGGE5vGYe2G1eIwHQYDVR0OBBYEFEAG933vDjVc +5TJ4xVFIKNj24AmHMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl +AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHS2x3KJlEZ/YeT5mje964ccV/zmiYkiy +SP02lLjIQuB7b4R8xS4TYb6lXC18dc0776mMu6BQVqECrBq71A77N5cd5Xuc/+5U +5ZMyLiowPxjhgjqMOZV6Vno6zYQh+4bdFIqNZ4Wv1l0KyhvD5KU5gBQ6uK/Gbmgx +gC2356iQiJE= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=anyPolicy CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfDCCAeWgAwIBAgIBJjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMYW55UG9saWN5 +IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGOGYJ7e91FozKo0McZ6T1 +zTYa4IXfHqChuqKgri79fgKVZZsKwOyoHWJfsLn6ClknlWE9NJATHZfQp8GfLy9k +MbdXEKgZQoyWOV2Q0s37ez+I4yuR33JZpxtpKqYQW2fKdhhOdR+DcLwgWUJ4s1Gg +KCXhxYnC4nfSho/lgR3h/QIDAQABo4GFMIGCMB8GA1UdIwQYMBaAFPts1C2Bnson +ep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAOBgNV +HQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAAMA8GA1UdEwEB/wQFMAMBAf8w +DAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQA8JxYIM/manOaFxyoO3y+p +th/jCQFiR6fDo5mhYEOjZuHDWdejSZvNtbpPfNnKmM6W/qI57hZBgVDil9P/CMSi +wYPJvKl0ofonnhhPd+uMPhJENho/NhWyc1cgruABceTtBP966dRIhejL3K7SewrT +aV+IWdHVMKREjOXtHakoKQ== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=anyPolicy CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:3E:B3:9E:A2:E4:43:85:FB:67:40:31:86:13:9B:C6:61:ED:86:D5:E2 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 2a:c3:2d:e7:f3:91:d6:67:7b:66:88:f9:22:e8:64:c9:80:a2: + 88:bb:d7:a0:84:a3:75:ab:d5:af:72:d0:fa:1f:ed:4e:42:29: + 62:23:32:25:59:4d:a3:45:c1:bc:ae:37:c8:b2:d0:79:00:96: + 84:0d:7d:a2:f0:58:d7:c4:99:64:cc:4e:8b:5f:88:f6:6f:cf: + ee:39:54:34:8c:7b:0f:e7:43:0b:26:d8:6e:c4:f8:6a:ed:80: + 9a:47:d3:38:bb:82:9b:fe:bf:6b:01:6e:c9:e7:8f:3e:cc:b1: + 4a:a3:df:86:3a:2d:ca:62:6c:dd:27:a8:51:c2:b4:3f:c5:ba: + 90:6c +-----BEGIN X509 CRL----- +MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBDQRcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUPrOeouRD +hftnQDGGE5vGYe2G1eIwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAKsMt +5/OR1md7Zoj5IuhkyYCiiLvXoISjdavVr3LQ+h/tTkIpYiMyJVlNo0XBvK43yLLQ +eQCWhA19ovBY18SZZMxOi1+I9m/P7jlUNIx7D+dDCybYbsT4au2AmkfTOLuCm/6/ +awFuyeePPsyxSqPfhjotymJs3SeoUcK0P8W6kGw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem new file mode 100644 index 0000000000..bd06526d83 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem @@ -0,0 +1,120 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=CPS Pointer Qualifier EE Certificate Test20 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICuTCCAiKgAwIBAgIBFTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK0NQUyBQb2ludGVyIFF1 +YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjAwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAMoJaBG/FNuQhA4cgeiGiLpg79tevgtM1J+7DRztxWNGR1ETJ2fT +76YKUm8p81GifGLyp0GPixlRYrORVU04fWNYnx8Zf7rkoCPeVEDinuLDtIrrENam +41t/iHh8pI2pzuA+AUUT9MOXDyVHFx+hGhjOseGtcUIJB0h641auD/XtAgMBAAGj +gagwgaUwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE +FMLcmlwicNMKSIWer8jYAJSooOpzMA4GA1UdDwEB/wQEAwIE8DBTBgNVHSAETDBK +MEgGCmCGSAFlAwIBMAEwOjA4BggrBgEFBQcCARYsaHR0cDovL2NzcmMubmlzdC5n +b3YvY3Nvci9wa2lyZWcuaHRtI3BraXRlc3QwDQYJKoZIhvcNAQEFBQADgYEAfDo9 +XQCL4ynO7TfTvX9MENaHI304AZw1YU+SP2zkPuDd4HxsI1FK04q1NbIaJ+TOVfk3 +Fke0kNKWelXWa4JcqZ8eg1RxzRsqB47a0IdMOcVwwjKNI5U9KkHRvHjCBMip0wjU +j6Qw2ktcJRAOZf2zsNks/lq7d2+7udwTCiASQ84= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem new file mode 100644 index 0000000000..4084a4851c --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test12 +issuer=/C=US/O=Test Certificates/CN=Policies P3 CA +-----BEGIN CERTIFICATE----- +MIICfzCCAeigAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDlBvbGljaWVzIFAz +IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXDELMAkGA1UEBhMC +VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTEwLwYDVQQDEyhEaWZmZXJl +bnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDEyMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCyCzdT70A8+vsLoViq8TWIYg7Eta6CLxVYgGuIT/jHnsK+ ++FbOsG9GIxdLYhdZrrlKG4cAlkpS/6K9L23KfQGiNNjQ4LaWC/geLyNeOOOrnXBk +nMhffhtlQ4PzTnEtjtr0fUr5iNZtCZpTUSQKxvZfEL8s8HUbsiPagLV9TwXO3QID +AQABo2swaTAfBgNVHSMEGDAWgBSOvWaPjlVlz1HkWabJKh5iv/elvDAdBgNVHQ4E +FgQUgYdlKg2WZsyn5n9xnCVxsVRQwz4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ +MA4wDAYKYIZIAWUDAgEwBDANBgkqhkiG9w0BAQUFAAOBgQA+sKsTmg7nH6jqpWTD +0+ku3zH37P/CeNynrYlFtFA/3QZZNSeBUtmPEgSANp/iYSgpIOeqcUR+vJZhsIXT ++0wX4SS7+hy3sHAuDmSZ7d4XXowNWmfn2MElY7INaPvTzjRY3+XIeTfMK43LglF5 +sftSt0FIy+7QSZiQwKIX35Hdig== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P3 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIIChDCCAe2gAwIBAgIBJzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEIxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEXMBUGA1UEAxMOUG9saWNpZXMg +UDMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzB4tlymiLVW8a6Ps0y +porV4ZwLRY6O21qBHaMeOvMroSc49aMMmsNM5Hq1c37ETR2NROBT065S3xFyQT58 +Q+6gu30masLdypu0ewe1f4waXVKzrOrXleRrha2wyu33duzC9XoU5rLxLJUrPXjd +F7bYw/NIHmdKb2gKdGDD5ZhlAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAU+2zULYGe +yid6ng2wPOqavIf/SeowHQYDVR0OBBYEFI69Zo+OVWXPUeRZpskqHmK/96W8MA4G +A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/ +BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAGIeHrFlfEpz +33KeWUQrArkcbXi4ONGl0zsMAelL8FjVyZJqVjBi4/z+31K608b9FleH0H4QlO1V +pADcQhn+/9ChWXCvHtSUuBsIPFO3WWIdgYTtmSAqxsEq3uwQIR3ku8NoMpgiak6B +EdVSLx709Z1oHVmuqVn1fYV/0968h9fo +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P3 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8E:BD:66:8F:8E:55:65:CF:51:E4:59:A6:C9:2A:1E:62:BF:F7:A5:BC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 70:a1:09:11:c0:05:80:09:b9:cb:96:bd:30:59:49:1e:07:57: + d3:9b:e2:f1:41:3f:f5:f1:d7:90:67:ab:db:81:2f:1f:b6:6d: + b4:e5:45:ba:94:55:25:9c:e1:11:06:71:a3:dc:ed:1f:6d:eb: + 91:33:7f:7d:1f:40:2e:1c:84:1a:c2:45:8a:26:ed:0c:a5:6f: + 1c:00:50:99:fd:7b:d1:3a:cf:a0:1a:da:0c:f0:7a:9a:4e:b5: + f1:fb:90:9b:ab:54:57:1d:55:ab:b7:c3:a6:c4:27:e9:c8:6b: + 83:28:68:cc:9e:0b:f0:99:7e:0a:f5:f2:ca:35:28:7b:78:59: + 7c:88 +-----BEGIN X509 CRL----- +MIIBOzCBpQIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDlBvbGljaWVzIFAzIENBFw0w +MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBSOvWaP +jlVlz1HkWabJKh5iv/elvDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQBw +oQkRwAWACbnLlr0wWUkeB1fTm+LxQT/18deQZ6vbgS8ftm205UW6lFUlnOERBnGj +3O0fbeuRM399H0AuHIQawkWKJu0MpW8cAFCZ/XvROs+gGtoM8HqaTrXx+5Cbq1RX +HVWrt8OmxCfpyGuDKGjMngvwmX4K9fLKNSh7eFl8iA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem new file mode 100644 index 0000000000..81624cdd69 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem @@ -0,0 +1,170 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P2 subCA +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICcjCCAdugAwIBAgIBEDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBFMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAyIHN1 +YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFuj/BeKqm7wDc+UMIp7Qh +eY7RqfB/VGqZuKUb5UNpLiXT37UrhteMqYSqBkd76l1qvhhBwRPJt9Nq2tf5slrS +NJOAnUfF0McB9RUJMGhkITa9As3KZy0u31hre09MUaacltcuJx4irpHKUEjn+qY1 +ZdZ7NNEzH9VXWN+6lARLIQIDAQABo3wwejAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7 +J0TXNTPfmhWUxzAdBgNVHQ4EFgQU5FhKqtjykfUZF2iehQcjbgo0680wDgYDVR0P +AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4GBAGilgDaBiDA1cbd6xUxAl/K5DVQ8ack+2fk1 +P8G5fTuQoQtDbWX6eA7Q/nXFXBCj2i1tmJF/q8Pzh1GU6MKQ5f7J5ibEstM1+lgb +hidM5kd85uVTxTBL7GSS94BSfXFnNOOSWbRTyhSIZRxScCjERfnSfF8yBDRIbFGO +ma6qPeAC +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test3 +issuer=/C=US/O=Test Certificates/CN=Policies P2 subCA +-----BEGIN CERTIFICATE----- +MIICgTCCAeqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAy +IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowWzELMAkGA1UE +BhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTAwLgYDVQQDEydEaWZm +ZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDMwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBANc03XT9xYcVcwSWI/zfZ5VWnTC4uy5WFMe8/BNL8QuP +5xFw/xGTjgkS/ABNJJJ+a/RWsi0Q92MSeMbVNkgD0/i94SgjALWOdsg9k4LI3iH1 +ziOZ1OWKjKsJIxgCbTls+JRu7bRi4dnVYHB96WnGFVsVp9xyoS3hUYYwpCFXYLWz +AgMBAAGjazBpMB8GA1UdIwQYMBaAFORYSqrY8pH1GRdonoUHI24KNOvNMB0GA1Ud +DgQWBBRyOnvPdzFG1aaQtBqWQiKlfmoaPjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g +BBAwDjAMBgpghkgBZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBACWQn4A03gqLgppl +ROwBGIIxHZD+wVr9BgoDJj2xwX6NaofqHfhAyVq9hDqEwylmfr0rH6m8PBAgnST0 +CnoWgQEQQ2sESHf6f/7/CTcVLlx8UQDXaTlA22nhmoJG9Y4iOdjdzhgvn/9yYySs +aTByh3KCB3TV4q9GJw6nUNAmnoOo +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P2 subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:E4:58:4A:AA:D8:F2:91:F5:19:17:68:9E:85:07:23:6E:0A:34:EB:CD + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + c3:6b:fd:b1:c9:49:fe:a7:76:33:87:24:1f:f7:df:41:31:b8: + 37:15:f2:3c:ae:8e:c7:17:a1:30:ea:a6:53:99:4a:8b:a1:7c: + ae:c1:4e:58:81:4f:65:e2:0d:eb:a0:cc:2d:f5:a2:ba:03:ee: + 1e:81:1c:64:3a:b1:9f:2b:d2:40:27:69:6f:32:95:fa:85:f7: + c8:76:8b:4b:7a:11:12:8d:7c:fa:1f:54:84:d7:ff:72:23:63: + 46:55:0a:e4:d2:38:1d:83:2c:57:bb:60:21:dc:44:0d:6a:95: + 11:ad:f0:b5:57:82:68:f4:20:37:f4:d7:46:93:cd:c4:c6:90: + fd:c1 +-----BEGIN X509 CRL----- +MIIBPjCBqAIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAyIHN1YkNB +Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBTk +WEqq2PKR9RkXaJ6FByNuCjTrzTAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOB +gQDDa/2xyUn+p3YzhyQf999BMbg3FfI8ro7HF6Ew6qZTmUqLoXyuwU5YgU9l4g3r +oMwt9aK6A+4egRxkOrGfK9JAJ2lvMpX6hffIdotLehESjXz6H1SE1/9yI2NGVQrk +0jgdgyxXu2Ah3EQNapURrfC1V4Jo9CA39NdGk83ExpD9wQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem new file mode 100644 index 0000000000..42c902dac2 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem @@ -0,0 +1,170 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=Good subCA +-----BEGIN CERTIFICATE----- +MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0Ew +HhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBbMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMDAuBgNVBAMTJ0RpZmZlcmVudCBQ +b2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAo97r9TnN6B3H+x4fSXruIfEelkjmA4Ti1Q93FP3Op0Pfk8ybf7W8 +/meQsMFMMXAVrZ+pwfLj3YvzTspivZUbJGWA4o7r2DwkVkuXr6Rv2n3OhPlCwljb +TAFxb5S3wOOJ53FHJw33R19R8d3B0CpxKxLK1oXQVOOu0t3UKizFJakCAwEAAaNr +MGkwHwYDVR0jBBgwFoAUfFxpfJ3IVbEiBSlD+8R7j+rquH0wHQYDVR0OBBYEFOIy +WsL+F3ByhN7vnBDlbJNEkZS3MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAIwDQYJKoZIhvcNAQEFBQADgYEAVoBWMI/tY2C3bNKXPdDQHwOq ++JplKCmu37pLQlMNSVP8yssW5khRqkKYi48Jz7b21NKFN3w3/0MuV2AxjEA6ROZX +MBwaIKyeHMRCRDJndHYU3CkOvex/eDDnLXvNxTXuda755S3qZUbhNKRZnLv1iDzH +KN6TmIq39yQReXlNoNo= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Good subCA +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA+MQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0EwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPPDgvwjnBtonTcZM5RPe+FqtX3glBmw +zdb+WOm6gKoAp5euYnW2UZOOjSztJyTUKsmnK3qhKgntDjO8z/ito6Pz0Uo7zoby +wftFeKr76K0iBIp0t2DJQ4khnA8KjIB7LJp5CKIT1rhPdrLhPbc/r+LcUTZrAfRt +ZcQkxbznhxZxAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz +35oVlMcwHQYDVR0OBBYEFHxcaXydyFWxIgUpQ/vEe4/q6rh9MA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAM +BgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAI8yIYi19lr+NUCxlq3CXkpZ +TAgRtU0pqH1VbEootkv0o7apbF2cC8SHB0UDiih/yqZjqw3kHtpbBaf75KHxqoQ4 +PKqoZXt3K4rjiQooU+2cyC+mxI3uegcFjQ444R10jXwv5EqNQ4joXhz5hocJA/PF +JGFA0gkGm2pMEBR567ka +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good subCA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:7C:5C:69:7C:9D:C8:55:B1:22:05:29:43:FB:C4:7B:8F:EA:EA:B8:7D + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a1:14:35:58:41:58:4a:93:ea:8a:e7:cc:c1:be:02:22:8c:9a: + 21:32:d6:a9:bf:1d:df:7d:60:8c:ba:f2:8c:01:a9:38:a4:94: + 8a:6d:69:46:e5:ac:63:48:17:e5:c9:c0:de:df:13:73:c6:ec: + 3f:b7:ed:61:a2:6c:42:d8:cf:7a:ff:3b:35:41:8a:04:c8:fe: + 85:37:b8:7d:dc:a0:05:35:ba:e0:bb:39:c8:be:2a:79:57:82: + db:f1:da:21:e0:c6:54:2b:37:2a:e1:0d:82:aa:2f:47:ab:15: + fc:30:11:dd:52:ba:93:cf:bc:46:39:a7:94:29:7d:e0:2a:5c: + d4:ce +-----BEGIN X509 CRL----- +MIIBNzCBoQIBATANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0EXDTAxMDQx +OTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHxcaXydyFWx +IgUpQ/vEe4/q6rh9MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAKEUNVhB +WEqT6ornzMG+AiKMmiEy1qm/Hd99YIy68owBqTiklIptaUblrGNIF+XJwN7fE3PG +7D+37WGibELYz3r/OzVBigTI/oU3uH3coAU1uuC7Oci+KnlXgtvx2iHgxlQrNyrh +DYKqL0erFfwwEd1SupPPvEY5p5QpfeAqXNTO +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem new file mode 100644 index 0000000000..bb476975c0 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem @@ -0,0 +1,170 @@ +subject=/C=US/O=Test Certificates/CN=Good CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0 +p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2 +IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp +Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa +vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE +AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya +cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg +3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq +rA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=Policies P2 subCA2 +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAy +IHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNV +BAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnRGlm +ZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQCwZH5VW/9MO5bUFBrHnWcQmxnLKiqHAu593o6kFZKt +zkkYkVCA/vu0Wqgk09UeJz2jQPFuJEFYl/VdkkyS3U5TMdJBBcIHMYpmVTeTJSzP +G+II79/nOVLpVRfuMtKclAU+oCCJb29oiXRaOFzZjzbXuU/NvSXZu24sVctBtFQA +DQIDAQABo2swaTAfBgNVHSMEGDAWgBRx6y8V7VGl/4VJjHwa9kumm6SUBjAdBgNV +HQ4EFgQU0BTRTBvIbX1D6I9/J/Wkp7/iGNwwDgYDVR0PAQH/BAQDAgTwMBcGA1Ud +IAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAVgTBnKECQtHJE +rSdkBjW41mPMbdbsbYgsl00518Qv4kS2bIsmMOB4V6kl48oIlmIql2dgUqb0QgvA +JFFmwyLWdyUy1Ngv1H4tT2i9htTQAG7Yhx619BHqWCfqCiue49ySUsKOefY3ZYuy +Ew2nYu2yBbFQuBajQDA+6rT6RjvF+Q== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P2 subCA2 +issuer=/C=US/O=Test Certificates/CN=Good CA +-----BEGIN CERTIFICATE----- +MIICgzCCAeygAwIBAgIBEjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBGMQswCQYDVQQGEwJVUzEaMBgG +A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAyIHN1 +YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtLTO6yKdiF3dWPmvdMIU +ljhMl5k5/mSISipm74fsNPvCJOAfdPJa7ZsmCH2mXZeXa5xOUPG9YzcqgSoj8YEa +L6h9u4t40L+OyapOZKiYykXi9hoZEzCuilIIu3km9rU0jF/hTntZ5QSdE65fM5qn +iMQnAPkod5ehi3XASsHZu9cCAwEAAaOBizCBiDAfBgNVHSMEGDAWgBS3LqaCy8LI +vKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUcesvFe1Rpf+FSYx8GvZLppuklAYwDgYD +VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8E +BTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEApvxtR+QrmkV9 +u+IYUO9+MXgIGn7U3aab9pnQfxH2Dqkx2uPGGYsw3+Md7m0+Y29god0WgGwgrmlS +9VnFhuDw0Sks4ofgjOWCrO0gK10fO2AHzYMwxcbsaqrIPS0dIkUflnnB6vUPoz1t +0/y853VkBY8fwZC5lSrXe1j/wkrITt4= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P2 subCA2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:71:EB:2F:15:ED:51:A5:FF:85:49:8C:7C:1A:F6:4B:A6:9B:A4:94:06 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 0f:c9:61:2b:d8:db:62:52:36:67:85:d2:bf:79:00:4e:44:4c: + 3b:2e:a1:0f:58:1d:06:1d:47:bb:2d:b2:3f:62:d5:9c:7d:da: + bd:34:86:5d:44:f2:ec:42:d8:cb:37:16:8d:87:d7:73:3b:d1: + 82:e3:e9:2c:d6:db:6f:f5:f3:db:d4:11:bf:bf:aa:15:10:7a: + 51:76:d6:56:e5:f6:27:00:54:54:87:14:e8:0f:5a:e1:5b:64: + 16:53:de:31:1a:69:c2:6b:a5:fe:77:8c:bc:f2:42:d6:ad:84: + 6a:f5:bb:94:16:c0:12:64:af:4a:2e:68:64:2f:f5:14:5c:b1: + c5:cf +-----BEGIN X509 CRL----- +MIIBPzCBqQIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAyIHN1YkNB +MhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU +cesvFe1Rpf+FSYx8GvZLppuklAYwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQAD +gYEAD8lhK9jbYlI2Z4XSv3kATkRMOy6hD1gdBh1Huy2yP2LVnH3avTSGXUTy7ELY +yzcWjYfXczvRguPpLNbbb/Xz29QRv7+qFRB6UXbWVuX2JwBUVIcU6A9a4VtkFlPe +MRppwmul/neMvPJC1q2EavW7lBbAEmSvSi5oZC/1FFyxxc8= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Good CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 0E + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Serial Number: 0F + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90: + 66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f: + 1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65: + 6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1: + 92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e: + b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb: + 1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85: + 92:cd +-----BEGIN X509 CRL----- +MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0 +NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD +VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf +BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq +hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE +MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1 +KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ== +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem new file mode 100644 index 0000000000..64913817fc --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem @@ -0,0 +1,211 @@ +subject=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1 +issuer=/C=US/O=Test Certificates/CN=Policies P123 subCAP12 +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAx +MjMgc3ViQ0FQMTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBPMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMT +G1BvbGljaWVzIFAxMjMgc3Vic3ViQ0FQMTJQMTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA3JEcFcmqBaOdX0aQIeLKgr184G8kZkUDCWXFVa8Rl8JEbH8nKumt +oT+D502p0fAxQ/lu67/+Wz9X+0bAwkuPsCzJ1QCXR2UIRpVr1NxN7Rpz/7c6kzfL +/DJwrly/lSBnj0R0YirNdtTRRbIo0/YEP7P2B0gorC16aSbZViLod4ECAwEAAaN8 +MHowHwYDVR0jBBgwFoAUWocIIfvckxBtmgt8x2qxaEvfVdcwHQYDVR0OBBYEFCOJ +nPgjYULoGZabFjVqvDC9XoqCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBE +8ZcL9nvf0LT9xC+cY0M+u5LPMYNxkecfdmiF5H1xmtqQ+pyLB7lUIyeSE0FWSbFS +HxkKQAkO31yPfR0lvAkmJS8uVhZf7kiMfNhK/iHQA2LE4ubMmgyfbnAidPaVhPJ/ +waAqgUmU3waTfWo4RyKCWsWN6L95KJNO3HkS5l83zg== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P123 subCAP12 +issuer=/C=US/O=Test Certificates/CN=Policies P123 CA +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx +MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYDVQQG +EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGlj +aWVzIFAxMjMgc3ViQ0FQMTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOll +J21WulD37Mn1rV21nTiHp+5zJm7d2iKVBk051MbS63EnC5jnUm0D6a5QJiQR8Ai2 +tuB17ppJED42WQtI7o8exytiya4Y4BvDOeGlVbVZSGgbk2vjlTzg+caDcAkVSzWD +YMs02A14NrbFODXEyAyJ7rsOTycvQorNHm6zUBvRAgMBAAGjgYswgYgwHwYDVR0j +BBgwFoAU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcwwHQYDVR0OBBYEFFqHCCH73JMQbZoL +fMdqsWhL31XXMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIB +MAEwDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAD9AiTI21pU5RaP49a5YdThygUEjL+Hvvoq4cbbg7dN3qbjYJBXUruTWyY+c +pSqrS3q3rUlt99O+9JFqZSX8LCVRMg0yWSlwymdeY8a5EBS099ZFB+r9v4tIndk0 +r1uaX/PyEiMNd+eT8GdxBwl+Jo+AHTvuHx0G9iRwLbS5Es0u +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1 +-----BEGIN CERTIFICATE----- +MIICnDCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAx +MjMgc3Vic3ViQ0FQMTJQMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MFsxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4G +A1UEAxMnRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq7BLYQUkQ5JoVVov7G3lnh8JAEwYq +LMbqpRCqw7cUk5pzpmQsxkZs6/Ucuz/aR9dCCaRZJ+YQ8GZSQ+igOWzOfGwugT2P +1F9uHaqW5hLEm4nKD0sCR7e+SSsZcVLDu43aKeP9M9W+eIiVgBDqqO/sIiP+H9lA +XGxBY7aZKR9PbQIDAQABo3wwejAfBgNVHSMEGDAWgBQjiZz4I2FC6BmWmxY1arww +vV6KgjAdBgNVHQ4EFgQU8kOeHdO942r3cR78izbu/QscRBMwDgYDVR0PAQH/BAQD +AgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBBQUAA4GBAB7JKK79k5557tO3m4Z6Ggwb+wna9YjHdiEEmFrP0CbG +ydKsCOn176W5roPXJfVz4LNWRaQ1VD9hJBRNk7l7hCgrbazLj9TtrU9RrklDu54/ +tyZH3BQrH0znl+dxlEgYdfzhd0XQhMP4AGAlIzZUANHCnmjRKkqikPNXO5bMpnza +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P123 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg +UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s +xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS +o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5 +ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt +gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww +DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB +ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD +gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM +jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext +cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY +kko1SxlW +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b: + 7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7: + 8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65: + 92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81: + 84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96: + 1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41: + 98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04: + ef:9d +-----BEGIN X509 CRL----- +MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/ +zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB +AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p +qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs +95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 subCAP12 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:5A:87:08:21:FB:DC:93:10:6D:9A:0B:7C:C7:6A:B1:68:4B:DF:55:D7 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 67:b8:b5:f3:01:89:95:0b:52:9b:23:ed:15:82:33:84:16:99: + d5:19:f9:2a:ba:7a:1a:fd:61:2e:32:9b:bf:50:d0:02:cc:b8: + 5e:0c:f9:8f:7d:6b:d7:ce:29:7d:cd:9a:0d:01:4a:c9:ef:38: + 13:2e:a6:46:a5:13:4a:ba:01:58:71:13:21:6a:52:1a:e5:2f: + c8:58:ba:dd:bb:b5:18:3e:a0:5b:94:3a:96:d0:47:05:fa:a4: + 84:37:c0:e4:5a:42:31:19:c3:86:cc:42:90:32:85:aa:e4:70: + 23:e2:cf:eb:fe:f3:fe:e0:83:17:bc:c4:15:07:0f:b8:c0:d9: + 57:d2 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAxMjMgc3Vi +Q0FQMTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFFqHCCH73JMQbZoLfMdqsWhL31XXMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAGe4tfMBiZULUpsj7RWCM4QWmdUZ+Sq6ehr9YS4ym79Q0ALMuF4M+Y99 +a9fOKX3Nmg0BSsnvOBMupkalE0q6AVhxEyFqUhrlL8hYut27tRg+oFuUOpbQRwX6 +pIQ3wORaQjEZw4bMQpAyharkcCPiz+v+8/7ggxe8xBUHD7jA2VfS +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:23:89:9C:F8:23:61:42:E8:19:96:9B:16:35:6A:BC:30:BD:5E:8A:82 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 38:53:72:c0:cb:e3:f9:84:7d:49:58:c4:73:96:61:3f:7d:1a: + 78:47:82:fa:be:2b:9a:55:99:d4:73:ad:49:14:9d:a3:3c:5e: + 99:66:20:f4:df:d9:c3:d3:03:61:75:0d:18:f6:c4:b8:29:0f: + e7:e3:e9:37:f3:0d:e0:74:a0:ef:8e:9f:fa:12:18:20:a2:8a: + 3a:bb:72:e6:20:4f:2a:2b:7f:22:5d:56:01:e8:fb:76:fd:62: + 44:16:83:a8:7e:53:4d:6a:4a:0c:94:10:64:85:02:07:1d:d3: + 28:57:9f:e7:57:65:99:37:99:f4:52:ae:de:5e:4f:5c:e9:08: + f2:cc +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAxMjMgc3Vi +c3ViQ0FQMTJQMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAUI4mc+CNhQugZlpsWNWq8ML1eioIwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAOFNywMvj+YR9SVjEc5ZhP30aeEeC+r4rmlWZ1HOtSRSdozxe +mWYg9N/Zw9MDYXUNGPbEuCkP5+PpN/MN4HSg746f+hIYIKKKOrty5iBPKit/Il1W +Aej7dv1iRBaDqH5TTWpKDJQQZIUCBx3TKFef51dlmTeZ9FKu3l5PXOkI8sw= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem new file mode 100644 index 0000000000..0468f302f0 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem @@ -0,0 +1,210 @@ +subject=/C=US/O=Test Certificates/CN=Policies P12 subCAP1 +issuer=/C=US/O=Test Certificates/CN=Policies P12 CA +-----BEGIN CERTIFICATE----- +MIICfTCCAeagAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx +MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYT +AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUG9saWNp +ZXMgUDEyIHN1YkNBUDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKniBOhW +3+GUH9cLSjfU8TnmUuKC8zu+bx+7Vd8N20wFU83y33ReAvzS9j5mBAT6qqLMg52i +t5h4ni8MAttxqQivCwZR6U+Mg2KMdHEAbvTp8ya69ZdGzc8StBaJ1OIIRHtRicl2 +Ek85wzHazjfWPtmnO0EaIzJImL3U24pAKDq3AgMBAAGjfDB6MB8GA1UdIwQYMBaA +FADjZemB1Ia5xx3n8zM5Bl5MEaX5MB0GA1UdDgQWBBRCiBzBeLdD2gCvvd66Q6fl +tWH/8jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYKVZU12G6lcEkxyRYlMJ +umN4xtytcDe50I4AFgMJlgCcLvupgFN+5QWwSGtdBpSrN3lDBFTUQ/ZrAL3O4nzA +HaKM6LaBCQS1//FE6qbi2UvRHfp8RoYUH4hM1nzTb7/Za0wsWTwegcz1uOZ4aLQ5 +M7QKfWfzax6EarTJ4jorUQA= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2 +issuer=/C=US/O=Test Certificates/CN=Policies P12 subCAP1 +-----BEGIN CERTIFICATE----- +MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFBvbGljaWVzIFAx +MiBzdWJDQVAxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTTELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQDExlQ +b2xpY2llcyBQMTIgc3Vic3ViQ0FQMVAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCgzy2UzpvEK8JSY1wMRMaoYi/MuP+Hkmtwerm88lsIWe07HlT55nuxjp5/ +vSPZEgCYm+wk0AU87yD2n6OkCJn+oUVbeucGoJSwuTEs7HK0YZq+RyYdzcoZ7Z4Z +EzNUC2I+vPj01u9NL0XBZLJ7g5h6Au8d3zGEkn6bEPk565LiewIDAQABo3wwejAf +BgNVHSMEGDAWgBRCiBzBeLdD2gCvvd66Q6fltWH/8jAdBgNVHQ4EFgQUZ+UNjYxs +KrtVbS3oIqoES3MriCowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI +AWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAESq+2Cg +vywkdxLqsugNl7K/+BK8s0yadUr/Q/DZKPALlPRaVW7GzKJ7aCGw1xRiMmkV5Z1Z +UjSdHXTJetXdNpCfjpVnnrAB9DjkA7RrKI1KTPxhnywtwQNTpD4gceRP6icRwaN6 +7Y/GlL6Fi1LbuHlGF94I9XchvB1mTQ0PF52O +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P12 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg +UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO +/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9 +WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0 +CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B +nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO +BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl +AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB +BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK +btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk +biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test8 +issuer=/C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2 +-----BEGIN CERTIFICATE----- +MIICmjCCAgOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVBvbGljaWVzIFAx +MiBzdWJzdWJDQVAxUDIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBb +MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMDAuBgNV +BAMTJ0RpZmZlcmVudCBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxJrMY6Ju+VhfX1vaWidfiPUdCuUMy5lF +7s2Vle2r9FOQQ8se76y2jPKssqb3XIIG+VLRlS5GMp8T4t6VgLtE+gqb4mcBuIdV +KMwJtDrYnfNFML4yyCKSvh51ionton2akkJGnJ2POvQ4z7sLXrKKCKcGTWvbVqej +BwfkNvwk9KcCAwEAAaN8MHowHwYDVR0jBBgwFoAUZ+UNjYxsKrtVbS3oIqoES3Mr +iCowHQYDVR0OBBYEFOEf7/tJiP53/PPTMiuw+1ENh3KRMA4GA1UdDwEB/wQEAwIB +9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQUFAAOBgQAkAFezJ/Jf3nv9Kuw+VwXEuX91e8e8wClFff+eY0Af+kXl +fvUJnXN2TOh1iBU8C21WkavgIS9o8grJb3hbDpS03Yodnt/0151BiCMdLQI02sFK +mHABJwiZZlLj7peF4avVV4Piw4arjXD7Z1bKYlHOZeTHF1hgS/XINAc8IUsfDQ== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f: + df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9: + 4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38: + 86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb: + 77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05: + 70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77: + e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11: + 1d:72 +-----BEGIN X509 CRL----- +MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN +MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl +6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA +oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor +RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN +gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P12 subCAP1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:42:88:1C:C1:78:B7:43:DA:00:AF:BD:DE:BA:43:A7:E5:B5:61:FF:F2 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 38:85:fb:83:ec:f4:d5:e4:42:27:68:d3:d6:5f:c9:d5:60:4a: + fc:33:39:94:ce:d9:28:71:4e:fe:aa:e6:61:05:6b:1c:42:96: + 56:40:e4:48:e6:96:65:21:17:f2:e6:8e:69:50:6f:44:8f:33: + a3:8c:28:e9:f5:85:d6:de:55:bb:03:30:02:eb:bc:49:70:3b: + bb:12:c6:f0:8c:8e:d6:5f:3f:30:aa:58:a9:6a:4e:3e:46:a1: + f6:76:e7:a8:7d:28:e8:d8:44:32:58:76:88:f0:05:5f:37:27: + 03:28:e0:b3:88:c3:75:41:50:81:c2:fe:04:22:be:ea:4a:2b: + fc:a1 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFBvbGljaWVzIFAxMiBzdWJD +QVAxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBRCiBzBeLdD2gCvvd66Q6fltWH/8jAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQA4hfuD7PTV5EInaNPWX8nVYEr8MzmUztkocU7+quZhBWscQpZWQORI5pZl +IRfy5o5pUG9EjzOjjCjp9YXW3lW7AzAC67xJcDu7EsbwjI7WXz8wqlipak4+RqH2 +dueofSjo2EQyWHaI8AVfNycDKOCziMN1QVCBwv4EIr7qSiv8oQ== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:67:E5:0D:8D:8C:6C:2A:BB:55:6D:2D:E8:22:AA:04:4B:73:2B:88:2A + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 25:a2:e2:75:db:ff:f0:10:9c:e2:59:90:7c:f9:c6:8e:63:cc: + d4:d1:19:7e:d4:97:09:0e:ea:09:59:88:13:b4:ec:07:f9:58: + 7d:fd:87:4e:85:00:16:e2:e4:54:c3:ec:fe:0e:bf:f3:ab:59: + af:49:e4:97:ba:c2:df:6e:45:e9:4f:e9:0e:4a:07:41:85:8e: + f5:7c:da:c7:21:73:33:37:ff:e1:e0:fc:ae:98:29:f6:04:2d: + d1:4b:54:a4:fb:ee:17:ae:4d:73:b9:ff:ca:6e:6d:56:c3:27: + d8:d2:b4:d5:9c:c6:3d:40:48:f9:37:8d:2f:22:bb:55:4f:84: + 07:65 +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVBvbGljaWVzIFAxMiBzdWJz +dWJDQVAxUDIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFGflDY2MbCq7VW0t6CKqBEtzK4gqMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBACWi4nXb//AQnOJZkHz5xo5jzNTRGX7UlwkO6glZiBO07Af5WH39 +h06FABbi5FTD7P4Ov/OrWa9J5Je6wt9uRelP6Q5KB0GFjvV82schczM3/+Hg/K6Y +KfYELdFLVKT77heuTXO5/8pubVbDJ9jStNWcxj1ASPk3jS8iu1VPhAdl +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem new file mode 100644 index 0000000000..4b2ed859a9 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem @@ -0,0 +1,263 @@ +subject=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2 +issuer=/C=US/O=Test Certificates/CN=Policies P123 subCAP12 +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAx +MjMgc3ViQ0FQMTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBPMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMT +G1BvbGljaWVzIFAxMjMgc3Vic3ViQ0FQMTJQMjCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA/QzSHTVMWeTWiSZ9qa++M+UWF0AfCPT9oTdaLUwN0Tnb845G4Jh5 +Ov5u75dfUmAmvRM1brlhZoYZZa3cBvQP+1YoAOosVY1qy4xX/6OE2zqM45IRhyLd +VlAJ2WJ96jOpb/HV3vodX2vjDndDMMxKRXd0WIHzbC/aZGzWYXwUvfkCAwEAAaN8 +MHowHwYDVR0jBBgwFoAUWocIIfvckxBtmgt8x2qxaEvfVdcwHQYDVR0OBBYEFIvs +OfOjrm45cGR/aCtNVJAsjgXAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG +CmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCg +uNxU4/XUIM6O0+DSr6607Epm4PaQEAnvLsgMdHGHCLXL0mwL/9sNnSXGQg08zVpa +k5RjmIGMD+UcMJ28kArNA9u3q4QNB5OXZtrhoPTGhBaBtwR3rL2ZEvQxUw67t2wV +TpBcguqwCt7IIuNbBOoN3Uilox3T4WptJ/A7+zW8oA== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P123 subCAP12 +issuer=/C=US/O=Test Certificates/CN=Policies P123 CA +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx +MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYDVQQG +EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGlj +aWVzIFAxMjMgc3ViQ0FQMTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOll +J21WulD37Mn1rV21nTiHp+5zJm7d2iKVBk051MbS63EnC5jnUm0D6a5QJiQR8Ai2 +tuB17ppJED42WQtI7o8exytiya4Y4BvDOeGlVbVZSGgbk2vjlTzg+caDcAkVSzWD +YMs02A14NrbFODXEyAyJ7rsOTycvQorNHm6zUBvRAgMBAAGjgYswgYgwHwYDVR0j +BBgwFoAU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcwwHQYDVR0OBBYEFFqHCCH73JMQbZoL +fMdqsWhL31XXMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIB +MAEwDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAD9AiTI21pU5RaP49a5YdThygUEjL+Hvvoq4cbbg7dN3qbjYJBXUruTWyY+c +pSqrS3q3rUlt99O+9JFqZSX8LCVRMg0yWSlwymdeY8a5EBS099ZFB+r9v4tIndk0 +r1uaX/PyEiMNd+eT8GdxBwl+Jo+AHTvuHx0G9iRwLbS5Es0u +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test9 +issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1 +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIFBvbGljaWVzIFAx +MjMgc3Vic3Vic3ViQ0FQMTJQMlAxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0 +NTcyMFowWzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz +MTAwLgYDVQQDEydEaWZmZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVz +dDkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKiBlSODZy8jLC4WxxNVbFCA +SbxY2A4DLV2OXhCjWmUmHQvZhiXk2p/wQCX/9VMcX7XRH9a3JLM9l6ZSEIGVT6lO +R55lGOjNfpF8x+pGe/t0yPB/6ntPn5e9ZSNhDJDoYkJHfdplTFu2AZLbaVPlysXL +AoO69sbnDPVxAjxFX2zLAgMBAAGjazBpMB8GA1UdIwQYMBaAFNMqu/C1V0GVUt3P +qLuSnOARbnO8MB0GA1UdDgQWBBQg7JO9uU0ScBZcuzznmEWH36QRTzAOBgNVHQ8B +Af8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA +A4GBAEeaZ7Bsae+J0lNKAzqJhR4MHfT/5SBBazWGVSwIbpWl02esU9RtrStOTA8d +zcMp2eLg3KDI+XRsYkxFb+fmJDckIYhGk2g3B9kW1a24k8DetYIqOXtFvleJ55dG +iROwoCaH8/bW75CMK0alSXqJCAnTq+Pbg5i0nPX0ShJlSjAf +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1 +issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2 +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAx +MjMgc3Vic3ViQ0FQMTJQMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa +MFQxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEpMCcG +A1UEAxMgUG9saWNpZXMgUDEyMyBzdWJzdWJzdWJDQVAxMlAyUDEwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAMa9AAnNzFuqJqv1OdC4F1PtY4Lqcc+JJQBnnaIi +roTN/plb6fUL5m/SFbfSZnf/qQbYUkosko2p0cdF5VrblaCvx7vB6l12at9Zskn4 +wKneBrfSJUVDEgSyWm7mY6t1Fla7OSfywUObt1NWEzq3pyWoSKTIQxpMJ3jnYERr +/wJ9AgMBAAGjfDB6MB8GA1UdIwQYMBaAFIvsOfOjrm45cGR/aCtNVJAsjgXAMB0G +A1UdDgQWBBTTKrvwtVdBlVLdz6i7kpzgEW5zvDAOBgNVHQ8BAf8EBAMCAQYwFwYD +VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQEFBQADgYEAgk/D/ABBm/yIi8Qk1ISreDz7OgEaqXoqyrQY9uq3nf/Xzlmrktxe +C7bEDiYGugly0cHFHGProTJppes2ECdcVmrpXoIHSlbP3WucAOsWcyIW9tfH+Xsk +HAts3bXwDmfI5WEndwM+p6kMKwRsMT8/q8XJ3ZCNgsu34eoKRWhBzlQ= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Policies P123 CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg +UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s +xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS +o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5 +ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt +gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww +DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB +ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD +gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM +jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext +cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY +kko1SxlW +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b: + 7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7: + 8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65: + 92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81: + 84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96: + 1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41: + 98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04: + ef:9d +-----BEGIN X509 CRL----- +MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX +DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/ +zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB +AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p +qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs +95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 subCAP12 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:5A:87:08:21:FB:DC:93:10:6D:9A:0B:7C:C7:6A:B1:68:4B:DF:55:D7 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 67:b8:b5:f3:01:89:95:0b:52:9b:23:ed:15:82:33:84:16:99: + d5:19:f9:2a:ba:7a:1a:fd:61:2e:32:9b:bf:50:d0:02:cc:b8: + 5e:0c:f9:8f:7d:6b:d7:ce:29:7d:cd:9a:0d:01:4a:c9:ef:38: + 13:2e:a6:46:a5:13:4a:ba:01:58:71:13:21:6a:52:1a:e5:2f: + c8:58:ba:dd:bb:b5:18:3e:a0:5b:94:3a:96:d0:47:05:fa:a4: + 84:37:c0:e4:5a:42:31:19:c3:86:cc:42:90:32:85:aa:e4:70: + 23:e2:cf:eb:fe:f3:fe:e0:83:17:bc:c4:15:07:0f:b8:c0:d9: + 57:d2 +-----BEGIN X509 CRL----- +MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAxMjMgc3Vi +Q0FQMTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY +MBaAFFqHCCH73JMQbZoLfMdqsWhL31XXMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB +BQUAA4GBAGe4tfMBiZULUpsj7RWCM4QWmdUZ+Sq6ehr9YS4ym79Q0ALMuF4M+Y99 +a9fOKX3Nmg0BSsnvOBMupkalE0q6AVhxEyFqUhrlL8hYut27tRg+oFuUOpbQRwX6 +pIQ3wORaQjEZw4bMQpAyharkcCPiz+v+8/7ggxe8xBUHD7jA2VfS +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:8B:EC:39:F3:A3:AE:6E:39:70:64:7F:68:2B:4D:54:90:2C:8E:05:C0 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 9a:7c:38:8c:95:0d:e2:8e:c6:fb:4c:43:f5:4f:c6:0f:4b:ec: + 2e:bb:a1:8b:67:77:3f:7f:55:8a:02:ed:2a:f0:4e:0a:7c:e8: + d8:c1:26:37:47:28:ba:e5:47:de:79:74:30:b4:a1:66:8f:bd: + 8e:7d:9a:4f:37:52:71:ad:c6:50:b1:fb:ce:eb:0b:f0:58:54: + a8:22:51:9f:d5:d3:92:06:20:35:f6:e2:4b:8e:7f:a8:12:f8: + 38:a3:51:fb:cd:92:4b:2d:40:2f:f9:b9:ff:25:4d:f0:7d:9d: + 20:00:e3:eb:94:24:fe:05:ed:e2:b3:7e:fc:fb:1b:c1:4e:cf: + 9d:30 +-----BEGIN X509 CRL----- +MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAxMjMgc3Vi +c3ViQ0FQMTJQMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD +VR0jBBgwFoAUi+w586OubjlwZH9oK01UkCyOBcAwCgYDVR0UBAMCAQEwDQYJKoZI +hvcNAQEFBQADgYEAmnw4jJUN4o7G+0xD9U/GD0vsLruhi2d3P39VigLtKvBOCnzo +2MEmN0couuVH3nl0MLShZo+9jn2aTzdSca3GULH7zusL8FhUqCJRn9XTkgYgNfbi +S45/qBL4OKNR+82SSy1AL/m5/yVN8H2dIADj65Qk/gXt4rN+/PsbwU7PnTA= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1 + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:D3:2A:BB:F0:B5:57:41:95:52:DD:CF:A8:BB:92:9C:E0:11:6E:73:BC + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 37:cf:8e:70:a0:12:c6:cf:ee:13:28:cd:1d:e3:f8:8c:6b:09: + fd:d7:31:1a:c3:2c:77:f5:13:3e:ff:6e:b7:23:0d:4d:33:3f: + a1:f4:37:4d:c2:84:0f:6d:2a:25:df:40:f8:25:96:40:7a:fb: + 59:29:4e:99:c8:8d:63:7b:23:b6:c8:eb:72:70:8e:f3:ca:5a: + 2a:36:bb:c6:9a:80:45:63:49:c9:9f:68:32:90:84:e4:a6:ca: + 22:52:d9:99:16:fa:34:93:38:ec:ba:f9:81:0d:26:b9:5b:03: + 3b:0a:ce:85:43:8e:bd:47:ca:de:50:4b:42:e8:97:91:74:12: + ac:5a +-----BEGIN X509 CRL----- +MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIFBvbGljaWVzIFAxMjMgc3Vi +c3Vic3ViQ0FQMTJQMlAxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w +LTAfBgNVHSMEGDAWgBTTKrvwtVdBlVLdz6i7kpzgEW5zvDAKBgNVHRQEAwIBATAN +BgkqhkiG9w0BAQUFAAOBgQA3z45woBLGz+4TKM0d4/iMawn91zEawyx39RM+/263 +Iw1NMz+h9DdNwoQPbSol30D4JZZAevtZKU6ZyI1jeyO2yOtycI7zyloqNrvGmoBF +Y0nJn2gykITkpsoiUtmZFvo0kzjsuvmBDSa5WwM7Cs6FQ469R8reUEtC6JeRdBKs +Wg== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem new file mode 100644 index 0000000000..f8cfbfdebc --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Bad CRL Issuer Name CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICfDCCAeWgAwIBAgIBCTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWQmFkIENSTCBJ +c3N1ZXIgTmFtZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8VTZxnGg +pV60/E3F2RBR9N0VgI/w8ZdVENnRoqcpmY276I2t0UaRM95qNori4u/6Rb6RI6Jy +BL5dPaJuS4hoVphnqLjMMF+huDF61ov49vcOtMo9Qw7NJYgeoINC4KcUrxvn5O33 +IjvyvGkMbrzczslZh1IaGrquWlS9DQDv3jECAwEAAaN8MHowHwYDVR0jBBgwFoAU ++2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMg02+C1YxZR0VCkMtLFWfhD +jOBnMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCYg+l+IX369jmWSOMWB2Gw +tuancmzEylYvy1g4di3sVNNOTRaST6hG6M0QkyVJDpr5wYwDCAu1me4CkJlaRHT9 +RZB8rW2LK9ydBJG5peFQa8QPQv9phrb4Hc7/2xjr0Eq6sUAQOBsCL09IY5pi2jxH +o4m0vETRDlhl/Lqsc3dLTQ== +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Bad CRL Issuer Name EE Certificate Test5 +issuer=/C=US/O=Test Certificates/CN=Bad CRL Issuer Name CA +-----BEGIN CERTIFICATE----- +MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFkJhZCBDUkwgSXNz +dWVyIE5hbWUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBkMQsw +CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxOTA3BgNVBAMT +MEludmFsaWQgQmFkIENSTCBJc3N1ZXIgTmFtZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0 +NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmWwjDb3FCLH56CnXApSXwVHB +KUEdYLsDL5afA0uwYq3CutM9nFTfpI4wfWoh8z8rbcyzMhNU/b90XnkcJeUlLe4R +GVC87g/Oh67ONY431E5nS0t2mU3gA5A+QJwCJ5GgkoRJy4aZS7IhIVayya97aITa +eeInMge1hpOIbhG4RWMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUyDTb4LVjFlHRUKQy +0sVZ+EOM4GcwHQYDVR0OBBYEFLIo4xfziwpQ8zkzEpaYHC7RAmffMA4GA1UdDwEB +/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQAD +gYEAYRbr0XdXa3sve8krgu8sJ/Dj90/LJexPg4kRViyO7965tP3sBCNUAIO1Q8QW +n27WeL4IjVXDSrspE/72yM2b8MNWJ4phd+PJMkQb+ioBbC8qPrNvnesSKPbqNcDR +qLz/G2oPMHBWA5zuzG1O2ecxU1MLUV3tY4QxY1oNRuMunPo= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Incorrect CRL Issuer Name + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:C8:34:DB:E0:B5:63:16:51:D1:50:A4:32:D2:C5:59:F8:43:8C:E0:67 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 2a:95:96:bc:9d:a1:bc:e9:8b:10:db:0c:3a:19:c0:f6:b3:bc: + a0:15:ef:97:6c:c5:83:6b:e6:ee:c3:8b:fa:54:c7:86:7b:ba: + e8:73:c0:9d:d6:e5:1a:90:74:4c:8c:71:bf:ce:81:e7:36:df: + 95:4a:d8:6a:71:e6:16:6a:20:ab:9b:7b:de:eb:c6:ec:2e:83: + e9:0d:61:4f:62:df:3b:5f:02:28:98:01:04:5b:d7:19:18:1a: + f9:18:63:83:62:2f:de:0b:9f:a8:5a:d4:8b:91:5b:94:cf:bf: + 44:d8:18:71:89:fd:99:14:c9:92:7a:a0:6b:ed:15:13:5d:37: + 91:fd +-----BEGIN X509 CRL----- +MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGUluY29ycmVjdCBDUkwgSXNz +dWVyIE5hbWUXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud +IwQYMBaAFMg02+C1YxZR0VCkMtLFWfhDjOBnMAoGA1UdFAQDAgEBMA0GCSqGSIb3 +DQEBBQUAA4GBACqVlrydobzpixDbDDoZwPazvKAV75dsxYNr5u7Di/pUx4Z7uuhz +wJ3W5RqQdEyMcb/Ogec235VK2Gpx5hZqIKube97rxuwug+kNYU9i3ztfAiiYAQRb +1xkYGvkYY4NiL94Ln6ha1IuRW5TPv0TYGHGJ/ZkUyZJ6oGvtFRNdN5H9 +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem new file mode 100644 index 0000000000..6fd7c1dc31 --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem @@ -0,0 +1,108 @@ +subject=/C=US/O=Test Certificates/CN=Bad CRL Signature CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICejCCAeOgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUQmFkIENSTCBT +aWduYXR1cmUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJdogWv9CPXo +9rQEcxwXXws6b/WT7R/AspFsq4aVO/l7puHNxGIQybx5jK5W55wqPtHa5PPGSpJA +YkcuKVXL1ZqZh8A+VenvazNg0XoldwJZalTN0AwR3FprLL3cXYIwu8FFFERp8l/S +YgHz8wHRlA37Ph4a7cU78oLWK0wziElzAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts +1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBT7CxX9unvmOEiZWhVgVVCXqjZs +QzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAmZ8+7Hn2elBnvNREi2gDIa3P +POFc8RHEq6ajCkhgeJoQRygSFdfenhTKGtfvet/3j6hBZRHEVI2e8x5yiyBN/ZKV +SAdRCjXTg99nJJtkkqDhifkO5uUaxfcgj2LFt9DI7/b/jZzlNSD8BXqcifbjAf1s +IIlWmY0HVZgwucYLmC8= +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Bad CRL Signature EE Certificate Test4 +issuer=/C=US/O=Test Certificates/CN=Bad CRL Signature CA +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBDUkwgU2ln +bmF0dXJlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYjELMAkG +A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcwNQYDVQQDEy5J +bnZhbGlkIEJhZCBDUkwgU2lnbmF0dXJlIEVFIENlcnRpZmljYXRlIFRlc3Q0MIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQDbS7uYXT/RjXcp9qBIMFgzo5WJJA +3/1rXCiA/BzowTDl87A4iGOmZ+LEkwpLarYI8mFzGmQAVIlJCn3KlTO4AuTWaMth +VZPgVZ5gVxVHQbqdb2VZXHVJGYB/yn+PJrghL5uy+kv9qzocq/jUrEHcnvBTQ+iI +8mutd/z8C/Qy9QIDAQABo2swaTAfBgNVHSMEGDAWgBT7CxX9unvmOEiZWhVgVVCX +qjZsQzAdBgNVHQ4EFgQUK1L621YMk2XrXnaVZG9PC/61mSYwDgYDVR0PAQH/BAQD +AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQA5 +Kis0tSW5S+c/zwTmKqh6DTRRISk2nn+KeQSUJdi6YXcuX3YIX/P4SxWNQ46dwKDl +lNNDVR3u7fiwwYf9BxICorMqY2FhrdFOoGclO1mCpRuBMhmER7hWivrftdi7ekeE +2aEHKWWnWwzU/qs6Z/6FK9waN4GviF8X+sqt/EHo+A== +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Bad CRL Signature CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:0B:15:FD:BA:7B:E6:38:48:99:5A:15:60:55:50:97:AA:36:6C:43 + + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 68:7d:ef:9b:2c:27:82:c2:3c:2f:16:6a:09:27:73:ac:90:da: + 2e:66:07:a0:f4:c2:4e:4c:3a:52:02:f7:23:dc:52:f5:3e:2e: + 94:29:22:b8:f4:f1:c7:44:85:5e:84:8a:6e:37:5c:84:16:5e: + 70:b5:f5:13:81:8e:89:09:b6:48:0e:51:9c:15:94:21:f1:21: + e6:38:14:50:a4:c3:85:4c:84:e9:eb:f6:b7:6a:a4:cc:12:02: + a5:0f:42:af:9a:1c:d9:c0:4c:98:c3:1c:12:2e:f7:84:d8:fa: + 24:4b:68:3c:20:c6:7c:60:78:d6:46:37:68:28:4f:81:c1:b7: + 32:30 +-----BEGIN X509 CRL----- +MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBDUkwgU2lnbmF0dXJl +IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW +gBT7CxX9unvmOEiZWhVgVVCXqjZsQzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF +AAOBgQBofe+bLCeCwjwvFmoJJ3OskNouZgeg9MJOTDpSAvcj3FL1Pi6UKSK49PHH +RIVehIpuN1yEFl5wtfUTgY6JCbZIDlGcFZQh8SHmOBRQpMOFTITp6/a3aqTMEgKl +D0KvmhzZwEyYwxwSLveE2PokS2g8IMZ8YHjWRjdoKE+BwbcyMA== +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem new file mode 100644 index 0000000000..a70e68731c --- /dev/null +++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem @@ -0,0 +1,175 @@ +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +issuer=/C=US/O=Test Certificates/CN=Trust Anchor +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv +cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT +MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs +Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB +qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv +wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww +ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8 +twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK +YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8 +zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV +3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg +hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test7 +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +-----BEGIN CERTIFICATE----- +MIICqzCCAhSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt +SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0 +MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj +YXRlczFHMEUGA1UEAxM+SW52YWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2ln +bmluZyBLZXkgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBANehtRiWYBhPipRRR0tIxuV4U49+DofUBRVQP5JDT79DtTbKaVOR +HWgSi30ZrKSm3WkblfZoncF9ZMN/ocoqxeUNXwBqp8/wJYbE6js5YwBGTsfi3UfP +s14vC1mU4ssE+ogwozLkXRcJGuFtJwNTZcEf43OkjdjLWiIH5DVhj9ZXAgMBAAGj +azBpMB8GA1UdIwQYMBaAFEnJ/LcDPGdtCgCTqeTWpR6SH7URMB0GA1UdDgQWBBTa +6ZIK1lgoOotgyyB2SLZbDxCDHDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM +BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAA/4ne7fgjMJuty5+P1V3QiH +TxmpO+boz9+NO3Wc2Nj23sToATQqIcc6W1G3yKbN7uQEXtHgtPcIz5diAIJ8JNQl +INBUxGlFASTWHNfnNJDgN7lwn4VjSAE7HzEKIJ3+HVTXI6+mdiCl/IYL9q02KSGi +djAHT73bFgK6ydVH8Cal +-----END CERTIFICATE----- + +subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA +-----BEGIN CERTIFICATE----- +MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa +MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt +SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0 +MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj +YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5 +IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI +9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j +gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6 +KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt +CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV +HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6 +MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh +dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm +LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS +h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy +4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr +YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ= +-----END CERTIFICATE----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Trust Anchor + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 68 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b: + 1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31: + 40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53: + 9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31: + dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7: + bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf: + 44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9: + 14:39 +-----BEGIN X509 CRL----- +MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw +NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow +DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/ +SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t +JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4 +cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr +8tP+qCAxwTN2txwZZU25FDk= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47 + + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 03 + Revocation Date: Apr 19 14:57:20 2001 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha1WithRSAEncryption + 5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8: + 1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5: + 9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad: + 05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6: + b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94: + 1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb: + 77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a: + 02:f8 +-----BEGIN X509 CRL----- +MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE +ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk +IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw +WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j +BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN +AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix +yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ +0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg= +-----END X509 CRL----- + +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA + Last Update: Apr 19 14:57:20 2001 GMT + Next Update: Apr 19 14:57:20 2011 GMT + CRL extensions: + X509v3 Authority Key Identifier: + keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11 + + X509v3 CRL Number: + 1 + 2.5.29.28: critical + 0x.v.t.r0p1.0...U....US1.0...U. +..Test Certificates1E0C..U... Config +%% Config - [tuple()] +%% A list of key/value pairs, holding the test case configuration. +%% Description: Initialization before the whole suite +%% +%% Note: This function is free to add any key/value pairs to the Config +%% variable, but should NOT alter/remove any existing entries. +%%-------------------------------------------------------------------- +init_per_suite(Config) -> + crypto:start(), + Config. + +%%-------------------------------------------------------------------- +%% Function: end_per_suite(Config) -> _ +%% Config - [tuple()] +%% A list of key/value pairs, holding the test case configuration. +%% Description: Cleanup after the whole suite +%%-------------------------------------------------------------------- +end_per_suite(_Config) -> + crypto:stop(). + +%%-------------------------------------------------------------------- +%% Function: init_per_testcase(TestCase, Config) -> Config +%% Case - atom() +%% Name of the test case that is about to be run. +%% Config - [tuple()] +%% A list of key/value pairs, holding the test case configuration. +%% +%% Description: Initialization before each test case +%% +%% Note: This function is free to add any key/value pairs to the Config +%% variable, but should NOT alter/remove any existing entries. +%% Description: Initialization before each test case +%%-------------------------------------------------------------------- +init_per_testcase(_TestCase, Config0) -> + Config = lists:keydelete(watchdog, 1, Config0), + Dog = test_server:timetrap(?TIMEOUT), + [{watchdog, Dog} | Config]. + +%%-------------------------------------------------------------------- +%% Function: end_per_testcase(TestCase, Config) -> _ +%% Case - atom() +%% Name of the test case that is about to be run. +%% Config - [tuple()] +%% A list of key/value pairs, holding the test case configuration. +%% Description: Cleanup after each test case +%%-------------------------------------------------------------------- +end_per_testcase(_TestCase, Config) -> + Dog = ?config(watchdog, Config), + case Dog of + undefined -> + ok; + _ -> + test_server:timetrap_cancel(Dog) + end. + +%%-------------------------------------------------------------------- +%% Function: all(Clause) -> TestCases +%% Clause - atom() - suite | doc +%% TestCases - [Case] +%% Case - atom() +%% Name of a test case. +%% Description: Returns a list of all test cases in this test suite +%%-------------------------------------------------------------------- +all(doc) -> + ["Test the public_key rsa functionality"]; + +all(suite) -> + [app, + pem_to_der, + decode_private_key +%% encrypt_decrypt, +%% rsa_verify +%% dsa_verify_sign, +%% pkix_encode_decode, +%% pkix_verify_sign, +%% pkix_path_validation + ]. + +%% Test cases starts here. +%%-------------------------------------------------------------------- + +app(doc) -> + "Test that the public_key app file is ok"; +app(suite) -> + []; +app(Config) when list(Config) -> + ok = test_server:app_test(public_key). + +pem_to_der(doc) -> + ["Check that supported PEM files are decoded into the expected entry type"]; +pem_to_der(suite) -> + []; +pem_to_der(Config) when is_list(Config) -> + Datadir = ?config(data_dir, Config), + {ok,[{dsa_private_key, _, not_encrypted}]} = + public_key:pem_to_der(filename:join(Datadir, "dsa.pem")), + {ok,[{rsa_private_key, _, _}]} = + public_key:pem_to_der(filename:join(Datadir, "client_key.pem")), + {ok,[{rsa_private_key, _, _}]} = + public_key:pem_to_der(filename:join(Datadir, "rsa.pem")), + {ok,[{rsa_private_key, _, _}]} = + public_key:pem_to_der(filename:join(Datadir, "rsa.pem"), "abcd1234"), + {ok, Bin0} = file:read_file(filename:join(Datadir, "rsa.pem")), + {ok, [{rsa_private_key, _, _}]} = public_key:pem_to_der(Bin0, "abcd1234"), + + {ok,[{dh_params, _, _}]} = + public_key:pem_to_der(filename:join(Datadir, "dh.pem")), + {ok,[{cert, _, not_encrypted}]} = + public_key:pem_to_der(filename:join(Datadir, "client_cert.pem")), + {ok,[{cert_req, _, _}]} = + public_key:pem_to_der(filename:join(Datadir, "req.pem")), + {ok,[{cert, _, _}, {cert, _, _}]} = + public_key:pem_to_der(filename:join(Datadir, "cacerts.pem")), + + {ok, Bin1} = file:read_file(filename:join(Datadir, "cacerts.pem")), + {ok, [{cert, _, _}, {cert, _, _}]} = public_key:pem_to_der(Bin1), + + ok. +%%-------------------------------------------------------------------- +decode_private_key(doc) -> + ["Check that private keys are decode to the expected key type."]; +decode_private_key(suite) -> + []; +decode_private_key(Config) when is_list(Config) -> + Datadir = ?config(data_dir, Config), + {ok,[DsaKey = {dsa_private_key, _DsaKey, _}]} = + public_key:pem_to_der(filename:join(Datadir, "dsa.pem")), + {ok,[RsaKey = {rsa_private_key, _RsaKey,_}]} = + public_key:pem_to_der(filename:join(Datadir, "client_key.pem")), + {ok,[ProtectedRsaKey1 = {rsa_private_key, _ProtectedRsaKey1,_}]} = + public_key:pem_to_der(filename:join(Datadir, "rsa.pem"), "abcd1234"), + {ok,[ProtectedRsaKey2 = {rsa_private_key, _ProtectedRsaKey2,_}]} = + public_key:pem_to_der(filename:join(Datadir, "rsa.pem")), + + {ok, #'DSAPrivateKey'{}} = public_key:decode_private_key(DsaKey), + {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(RsaKey), + {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(ProtectedRsaKey1), + {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(ProtectedRsaKey2, "abcd1234"), + ok. +%%-------------------------------------------------------------------- +encrypt_decrypt(doc) -> + [""]; +encrypt_decrypt(suite) -> + []; +encrypt_decrypt(Config) when is_list(Config) -> + RSAPrivateKey = #'RSAPrivateKey'{publicExponent = 17, + modulus = 3233, + privateExponent = 2753, + prime1 = 61, + prime2 = 53, + version = 'two-prime'}, + Msg = <<0,123>>, + {ok, Encrypted} = public_key:encrypt(Msg, RSAPrivateKey, [{block_type, 2}]), + test_server:format("Expected 855, Encrypted ~p ~n", [Encrypted]), + ok. + + + + + + + + + +%% Datadir = ?config(data_dir, Config), +%% {ok,[{rsa_private_key, EncKey}]} = +%% public_key:pem_to_der(filename:join(Datadir, "server_key.pem")), +%% {ok, Key} = public_key:decode_private_key(EncKey, rsa), +%% RSAPublicKey = #'RSAPublicKey'{publicExponent = +%% Key#'RSAPrivateKey'.publicExponent, +%% modulus = Key#'RSAPrivateKey'.modulus}, +%% {ok, Msg} = file:read_file(filename:join(Datadir, "msg.txt")), +%% Hash = crypto:sha(Msg), +%% {ok, Encrypted} = public_key:encrypt(Hash, Key, [{block_type, 2}]), +%% test_server:format("Encrypted ~p", [Encrypted]), +%% {ok, Decrypted} = public_key:decrypt(Encrypted, +%% RSAPublicKey, [{block_type, 1}]), +%% test_server:format("Encrypted ~p", [Decrypted]), +%% true = Encrypted == Decrypted. + +%%-------------------------------------------------------------------- +rsa_verify(doc) -> + ["Cheks that we can verify an rsa signature."]; +rsa_verify(suite) -> + []; +rsa_verify(Config) when is_list(Config) -> + Datadir = ?config(data_dir, Config), + + {ok,[{cert, DerCert}]} = + public_key:pem_to_der(filename:join(Datadir, "server_cert.pem")), + + {ok, OTPCert} = public_key:pkix_decode_cert(DerCert, otp), + + {0, Signature} = OTPCert#'Certificate'.signature, + TBSCert = OTPCert#'Certificate'.tbsCertificate, + + #'TBSCertificate'{subjectPublicKeyInfo = Info} = TBSCert, + + #'SubjectPublicKeyInfo'{subjectPublicKey = RSAPublicKey} = Info, + + EncTBSCert = encoded_tbs_cert(DerCert), + Digest = crypto:sha(EncTBSCert), + + public_key:verify_signature(Digest, Signature, RSAPublicKey). + + +%% Signature is generated in the following way (in datadir): +%% openssl dgst -sha1 -binary -out rsa_signature -sign server_key.pem msg.txt +%%{ok, Signature} = file:read_file(filename:join(Datadir, "rsa_signature")), +%%{ok, Signature} = file:read_file(filename:join(Datadir, "rsa_signature")), +%% {ok, Msg} = file:read_file(filename:join(Datadir, "msg.txt")), +%% Digest = crypto:sha(Msg), +%% {ok,[{rsa_private_key, EncKey}]} = +%% public_key:pem_to_der(filename:join(Datadir, "server_key.pem")), +%% {ok, Key} = public_key:decode_private_key(EncKey, rsa), +%% RSAPublicKey = #'RSAPublicKey'{publicExponent = +%% Key#'RSAPrivateKey'.publicExponent, +%% modulus = Key#'RSAPrivateKey'.modulus}, + +encoded_tbs_cert(Cert) -> + {ok, PKIXCert} = + 'OTP-PUB-KEY':decode_TBSCert_exclusive(Cert), + {'Certificate', + {'Certificate_tbsCertificate', EncodedTBSCert}, _, _} = PKIXCert, + EncodedTBSCert. + diff --git a/lib/public_key/test/public_key_SUITE_data/cacerts.pem b/lib/public_key/test/public_key_SUITE_data/cacerts.pem new file mode 100644 index 0000000000..d56b9a8227 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/cacerts.pem @@ -0,0 +1,43 @@ +-----BEGIN CERTIFICATE----- +MIIC7jCCAlegAwIBAgIJAOaRYda/AniWMA0GCSqGSIb3DQEBBQUAMIGGMREwDwYD +VQQDEwhlcmxhbmdDQTETMBEGA1UECxMKRXJsYW5nIE9UUDEUMBIGA1UEChMLRXJp +Y3Nzb24gQUIxEjAQBgNVBAcTCVN0b2NraG9sbTELMAkGA1UEBhMCU0UxJTAjBgkq +hkiG9w0BCQEWFnBldGVyQGVyaXguZXJpY3Nzb24uc2UwHhcNMDgwMTA5MDgyOTI5 +WhcNMDgwMjA4MDgyOTI5WjCBhjERMA8GA1UEAxMIZXJsYW5nQ0ExEzARBgNVBAsT +CkVybGFuZyBPVFAxFDASBgNVBAoTC0VyaWNzc29uIEFCMRIwEAYDVQQHEwlTdG9j +a2hvbG0xCzAJBgNVBAYTAlNFMSUwIwYJKoZIhvcNAQkBFhZwZXRlckBlcml4LmVy +aWNzc29uLnNlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL0btNSeda6nac +HJANkZAzF34pUgKawY21B4WDLGcuwOO6mZbPh1Tw3OVVIaSVHWJRXgxWCeAeaxlp +ti+ShJEGT5wayWTMs0g03lwEoH0S2EGi4bhawCI7PVUt23CBVRJodisfNqJR+VqD +BmU3K9Ftd6erWqQo6lxHhce8+0ViiwIDAQABo2IwYDAPBgNVHRMBAf8EBTADAQH/ +MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUG9lBmAYejoT1qLXpnBMa9UrSrTowIQYD +VR0RBBowGIEWcGV0ZXJAZXJpeC5lcmljc3Nvbi5zZTANBgkqhkiG9w0BAQUFAAOB +gQCjugej2Jg/L5rqi0maYHilAjTEw22nwNzHn4JixQCU7m9HkIMv2RXa2WiCncqm +rySo5Ki9TlyMGqwMa1sA31LZBt7L8giCz9BIc4f1fPlUcqQBIu9nebwJSXufCISK +2X5kM4N0u8rR2TK7fQ1uvaekDtzx1T6zrSYyU7GrgWJfUw== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDyDCCAzGgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhjERMA8GA1UEAxMIZXJs +YW5nQ0ExEzARBgNVBAsTCkVybGFuZyBPVFAxFDASBgNVBAoTC0VyaWNzc29uIEFC +MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMSUwIwYJKoZIhvcNAQkB +FhZwZXRlckBlcml4LmVyaWNzc29uLnNlMB4XDTA4MDEwOTA4MjkyOVoXDTE3MTEx +NzA4MjkyOVowgYMxDjAMBgNVBAMTBW90cENBMRMwEQYDVQQLEwpFcmxhbmcgT1RQ +MRQwEgYDVQQKEwtFcmljc3NvbiBBQjELMAkGA1UEBhMCU0UxEjAQBgNVBAcTCVN0 +b2NraG9sbTElMCMGCSqGSIb3DQEJARYWcGV0ZXJAZXJpeC5lcmljc3Nvbi5zZTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA19NLtRF22E1WAK/1QGF1zg3e1Z6T +W0W9WAukXc8ATj3Pn4051+9ZHpq9HL++iSGrJHMGrFKbX5DtFpTvecRDPQxBSv4r +pQgFr4t9K8XBiuAeEurghGKeiysoPqosgapc7OBQQf0hIoKY6ozqJUK3brFcPwXZ +Weeji79z8TOq7SsCAwEAAaOCAUUwggFBMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P +BAQDAgEGMB0GA1UdDgQWBBQGq4A0OqS4drK9nS4o5W2R3n0BmzCBuwYDVR0jBIGz +MIGwgBQb2UGYBh6OhPWotemcExr1StKtOqGBjKSBiTCBhjERMA8GA1UEAxMIZXJs +YW5nQ0ExEzARBgNVBAsTCkVybGFuZyBPVFAxFDASBgNVBAoTC0VyaWNzc29uIEFC +MRIwEAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMSUwIwYJKoZIhvcNAQkB +FhZwZXRlckBlcml4LmVyaWNzc29uLnNlggkA5pFh1r8CeJYwIQYDVR0RBBowGIEW +cGV0ZXJAZXJpeC5lcmljc3Nvbi5zZTAhBgNVHRIEGjAYgRZwZXRlckBlcml4LmVy +aWNzc29uLnNlMA0GCSqGSIb3DQEBBQUAA4GBALeYUWp8zsoZJJ1I93STYAauqvv5 +MovrPeDCzQZKTfrdCgmYGx1/wxYMa1vHbV1QRqEK/ri7He8/sF/5ckXHUqXRKD/q +vBjIIv/rGixJSueMG2bYyz3r6BU6hw0blnUwzCbvD76Dr2QIRoQsKoWsXnfN5l/D +zhyxDkq1j6Q3DCIL +-----END CERTIFICATE----- + diff --git a/lib/public_key/test/public_key_SUITE_data/client_cert.pem b/lib/public_key/test/public_key_SUITE_data/client_cert.pem new file mode 100644 index 0000000000..9017e99fce --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/client_cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDuDCCAyGgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzEOMAwGA1UEAxMFb3Rw +Q0ExEzARBgNVBAsTCkVybGFuZyBPVFAxFDASBgNVBAoTC0VyaWNzc29uIEFCMQsw +CQYDVQQGEwJTRTESMBAGA1UEBxMJU3RvY2tob2xtMSUwIwYJKoZIhvcNAQkBFhZw +ZXRlckBlcml4LmVyaWNzc29uLnNlMB4XDTA4MDEwOTA4MjkzMFoXDTE3MTExNzA4 +MjkzMFowgYQxDzANBgNVBAMTBmNsaWVudDETMBEGA1UECxMKRXJsYW5nIE9UUDEU +MBIGA1UEChMLRXJpY3Nzb24gQUIxCzAJBgNVBAYTAlNFMRIwEAYDVQQHEwlTdG9j +a2hvbG0xJTAjBgkqhkiG9w0BCQEWFnBldGVyQGVyaXguZXJpY3Nzb24uc2UwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPU4RP7c78G+P922PENNeaPWiIm3iwim +HmQbLRF+Og+tl9pL4JQOFqQKZLq3aK/FYWC2kpZqgYxkwmpaPoXpmy6bIWXcU8G2 +6PBj/flyCJ+sj02zhOXNHW656eA0GZX5ZFDlx30XapLpnxoNCKHO3SvwlSotwr5V +BuuY3NugIJBDAgMBAAGjggE3MIIBMzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAd +BgNVHQ4EFgQUGjssBUjTntYXIh7xfRt7c12j53gwgbMGA1UdIwSBqzCBqIAUBquA +NDqkuHayvZ0uKOVtkd59AZuhgYykgYkwgYYxETAPBgNVBAMTCGVybGFuZ0NBMRMw +EQYDVQQLEwpFcmxhbmcgT1RQMRQwEgYDVQQKEwtFcmljc3NvbiBBQjESMBAGA1UE +BxMJU3RvY2tob2xtMQswCQYDVQQGEwJTRTElMCMGCSqGSIb3DQEJARYWcGV0ZXJA +ZXJpeC5lcmljc3Nvbi5zZYIBATAhBgNVHREEGjAYgRZwZXRlckBlcml4LmVyaWNz +c29uLnNlMCEGA1UdEgQaMBiBFnBldGVyQGVyaXguZXJpY3Nzb24uc2UwDQYJKoZI +hvcNAQEFBQADgYEAXQtw43kPebP3h27YEcVUEpWmk46+sgDRvgCO6ZBkws3ctknM +bCpfFzA/BHjvKsIZuCN1a2DlEi1Men0oq9KEMpKyoDcRI//Qch4vN7mam6XMtA6P +FOoG6snhSOsFVz3/+hfZAZD2Yt3fZjGosQ1G8Rob/vvZDvQS8sWXMrrWDyo= +-----END CERTIFICATE----- diff --git a/lib/public_key/test/public_key_SUITE_data/client_key.pem b/lib/public_key/test/public_key_SUITE_data/client_key.pem new file mode 100644 index 0000000000..9d7e0dd5fb --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/client_key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQD1OET+3O/Bvj/dtjxDTXmj1oiJt4sIph5kGy0RfjoPrZfaS+CU +DhakCmS6t2ivxWFgtpKWaoGMZMJqWj6F6ZsumyFl3FPBtujwY/35cgifrI9Ns4Tl +zR1uuengNBmV+WRQ5cd9F2qS6Z8aDQihzt0r8JUqLcK+VQbrmNzboCCQQwIDAQAB +AoGAPQEyqPTt8JUT7mRXuaacjFXiweAXhp9NEDpyi9eLOjtFe9lElZCrsUOkq47V +TGUeRKEm9qSodfTbKPoqc8YaBJGJPhUaTAcha+7QcDdfHBvIsgxvU7ePVnlpXRp3 +CCUEMPhlnx6xBoTYP+fRU0e3+xJIPVyVCqX1jAdUMkzfRoECQQD6ux7B1QJAIWyK +SGkbDUbBilNmzCFNgIpOP6PA+bwfi5d16diTpra5AX09keQABAo/KaP1PdV8Vg0p +z4P3A7G3AkEA+l+AKG6m0kQTTBMJDqOdVPYwe+5GxunMaqmhokpEbuGsrZBl5Dvd +WpcBjR7jmenrhKZRIuA+Fz5HPo/UQJPl1QJBAKxstDkeED8j/S2XoFhPKAJ+6t39 +sUVICVTIZQeXdmzHJXCcUSkw8+WEhakqw/3SyW0oaK2FSWQJFWJUZ+8eJj8CQEh3 +xeduB5kKnS9CvzdeghZqX6QvVosSdtlUmfUYW/BgH5PpHKTP8wTaeld3XldZTpMJ +dKiMkUw2+XYROVUrubUCQD+Na1LhULlpn4ISEtIEfqpdlUhxDgO15Wg8USmsng+x +ICliVOSQtwaZjm8kwaFt0W7XnpnDxbRs37vIEbIMWak= +-----END RSA PRIVATE KEY----- diff --git a/lib/public_key/test/public_key_SUITE_data/dh.pem b/lib/public_key/test/public_key_SUITE_data/dh.pem new file mode 100644 index 0000000000..c133540b44 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/dh.pem @@ -0,0 +1,4 @@ +-----BEGIN DH PARAMETERS----- +MEYCQQD+KCcagSasA1QSo8tRXpbaLJJ1Ezt3FJFEZ3RVplp4qZwXQpSZ+Vly3xWx +q3YvALe/enMbIq8F3OUmppq3UHwTAgEC +-----END DH PARAMETERS----- \ No newline at end of file diff --git a/lib/public_key/test/public_key_SUITE_data/dsa.pem b/lib/public_key/test/public_key_SUITE_data/dsa.pem new file mode 100644 index 0000000000..58f0a65cba --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/dsa.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQC3s+bZJWOQnRXkzKLPPfaQOouLuLgrbM4Ac63QZOnJeRVas3c1 +jBk0Isp506RrKzhEop8z9OiKfqRteVntjjkcILwsQ/1veWgojdP/jHYl6pbJm6AQ +ETM7GvkpgRDTd4Bf/rbrhABczl1NatnJhMsES8n2zNiiAVRP0woVmMNnkQIVANUe +uFb3EPdFwPEjilQ5jANHQc7pAoGBAJSzGD9KW4AZYB0FTt/2rwB5VjayKudi8ZO0 +nTyVoDLz40yvWerL/PJMbAnMnbY7zuN/Y9cqnMJOdBkHPvOpLQVls/d/x5CHZxcq +mn3n+Jplr5tlKugpUCkvgNALH2o/DMrPh1DIiPqrH3Y0W8iKcG+zF9Z7FXbCswC5 +2TTFtuwNAoGAfEIAb3mLjtFfiF/tsZb4/DGHdWSb6Ir0hFkoBUZ9ymBO70wlfZVS +QGs240kZtOMpAOpJL1Dy8oH6PUQ+JyacwZIo8fdq19/Kwm6CPrpaEhzErmMvwT2C +ZJYZ+HOk55ljLkVCiyG7MzEj2+odLKym9yoQsbsJolHzIRpkLk45y4cCFFmAnw67 ++basD1iibtNHs9Edfdkm +-----END DSA PRIVATE KEY----- diff --git a/lib/public_key/test/public_key_SUITE_data/req.pem b/lib/public_key/test/public_key_SUITE_data/req.pem new file mode 100644 index 0000000000..86d74d05a3 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/req.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBxTCCAS4CAQAwgYQxDzANBgNVBAMTBmNsaWVudDETMBEGA1UECxMKRXJsYW5n +IE9UUDEUMBIGA1UEChMLRXJpY3Nzb24gQUIxEjAQBgNVBAcTCVN0b2NraG9sbTEL +MAkGA1UEBhMCU0UxJTAjBgkqhkiG9w0BCQEWFnBldGVyQGVyaXguZXJpY3Nzb24u +c2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPU4RP7c78G+P922PENNeaPW +iIm3iwimHmQbLRF+Og+tl9pL4JQOFqQKZLq3aK/FYWC2kpZqgYxkwmpaPoXpmy6b +IWXcU8G26PBj/flyCJ+sj02zhOXNHW656eA0GZX5ZFDlx30XapLpnxoNCKHO3Svw +lSotwr5VBuuY3NugIJBDAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQATS9GOidrC +bOJ+PuSUpRnDHfZAZANZAd/9v4hW57bMMIQlCEb8CgfPvGKztNMxTH8Xc7VPDTp8 +FWKQ53R29T0IWEochHA5FjJyCVrkZjgZ0qcQUV8aCe9NTB0LW58OWOOwGYjJb8hp +dL+3RvUr4OchWxMzzF5YmjyUbt8GSpevrg== +-----END CERTIFICATE REQUEST----- diff --git a/lib/public_key/test/public_key_SUITE_data/rsa.pem b/lib/public_key/test/public_key_SUITE_data/rsa.pem new file mode 100644 index 0000000000..88f7d446f2 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/rsa.pem @@ -0,0 +1,16 @@ +Bag Attributes + friendlyName: host_key + localKeyID: 68 6F 73 74 +Key Attributes: +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,6BD965F8BC70B54C + +4Gx1y5goD02Aft3DmvlV0Mr7bXd4OR1ZEwk1b2utIXLRMXfDkrK+vHbHhIbGBLOn +TIhdSxASnNhh7NmaXaTsZ+H/tZSmX+4OkeQOsRfrPj8C81pkXjuxtxhCRuaTWg/R +VABz7u/4rL2OMIPz9w/dyEWCSZnBoWpbxI20gP/k+/kZgzVbz6mkhMs5Xkf4lFwU +WnjR498pwlHmMHYwBIEMFBsIvb9JYeEQEZOjxAjUljmhYHB0pMyMBxHjlSSEIN5h +cSXT0ZxQmT+59FediRRQCDZHuy7Bc/nanUavvs5dk7en+gy2LSVKJ/K16zv6gtoV +c1MN48wQlCd+tRFVXRsPX3OliTKEwkSNlT7gdyzBaQxt610EAj2YKZVHE7i+d0Sk +4rQ9iwALjoohWhP8SjcTonZD4kOvhjlRggn1JTGlo6s= +-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/lib/public_key/test/public_key_SUITE_data/server_cert.pem b/lib/public_key/test/public_key_SUITE_data/server_cert.pem new file mode 100644 index 0000000000..da68c7a8ab --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/server_cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDuDCCAyGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBgzEOMAwGA1UEAxMFb3Rw +Q0ExEzARBgNVBAsTCkVybGFuZyBPVFAxFDASBgNVBAoTC0VyaWNzc29uIEFCMQsw +CQYDVQQGEwJTRTESMBAGA1UEBxMJU3RvY2tob2xtMSUwIwYJKoZIhvcNAQkBFhZw +ZXRlckBlcml4LmVyaWNzc29uLnNlMB4XDTA4MDEwOTA4MjkzMFoXDTE3MTExNzA4 +MjkzMFowgYQxDzANBgNVBAMTBnNlcnZlcjETMBEGA1UECxMKRXJsYW5nIE9UUDEU +MBIGA1UEChMLRXJpY3Nzb24gQUIxCzAJBgNVBAYTAlNFMRIwEAYDVQQHEwlTdG9j +a2hvbG0xJTAjBgkqhkiG9w0BCQEWFnBldGVyQGVyaXguZXJpY3Nzb24uc2UwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKR20HPrkDGdiavHUyWwFEQwta2dmtF2 +eQZZi9Xk68UJYbuU7CikHs2srkrwzj0OPIqbp/xOBNzJ7Kch0o4yO6vcEAiSCJ6A +B4uSM742hrYW4qXgc18K6PqTwSuKr94sn3qQuo4hF/ymCxLrnSicrNpzGOz9A0Lf +2+Vk6hV0BtdHAgMBAAGjggE3MIIBMzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAd +BgNVHQ4EFgQUi19l/qhEwHP/CUeaEjWy4GhOBRIwgbMGA1UdIwSBqzCBqIAUBquA +NDqkuHayvZ0uKOVtkd59AZuhgYykgYkwgYYxETAPBgNVBAMTCGVybGFuZ0NBMRMw +EQYDVQQLEwpFcmxhbmcgT1RQMRQwEgYDVQQKEwtFcmljc3NvbiBBQjESMBAGA1UE +BxMJU3RvY2tob2xtMQswCQYDVQQGEwJTRTElMCMGCSqGSIb3DQEJARYWcGV0ZXJA +ZXJpeC5lcmljc3Nvbi5zZYIBATAhBgNVHREEGjAYgRZwZXRlckBlcml4LmVyaWNz +c29uLnNlMCEGA1UdEgQaMBiBFnBldGVyQGVyaXguZXJpY3Nzb24uc2UwDQYJKoZI +hvcNAQEFBQADgYEAzHGutrGMSeC3Di7Z8d65SM7jZLrkkusmL+D2oPVIOGrfZbVu +yfDKU/nImm99z+lhC/N3JEEpB6PgAYSskfVdBL3LoxbUTaCn/+G3A/G8NfRVIYyA +NTBeNW6ueNpjnauLzcwpyXpu3vp1VBg8wBePtGTBIbRHRgtwwHRXAddE/Ws= +-----END CERTIFICATE----- diff --git a/lib/public_key/test/public_key_SUITE_data/server_key.pem b/lib/public_key/test/public_key_SUITE_data/server_key.pem new file mode 100644 index 0000000000..d9618da7b7 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/server_key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCkdtBz65AxnYmrx1MlsBREMLWtnZrRdnkGWYvV5OvFCWG7lOwo +pB7NrK5K8M49DjyKm6f8TgTcyeynIdKOMjur3BAIkgiegAeLkjO+Noa2FuKl4HNf +Cuj6k8Eriq/eLJ96kLqOIRf8pgsS650onKzacxjs/QNC39vlZOoVdAbXRwIDAQAB +AoGAUsSQx6XnXXDhFhgsGi1xJZg19nf4sC2lXrK2EyEwHmtISjT6XMGr1upulLx3 +rnZ5tW/8rJc/DzZ36Oy2oGVbbaVeS4UJAgv2yRYb7F+am8BACRyEl4ap6nrz5c7G +E+aSLwFG3INlHiojlhhwB6wv1I+UDRUT+FXJVHTemscUEPECQQDZ0wpra1E86heR +jgHIBxHHlv1761gFFoJv6iqASOw9+yIctx0KC3Hrc35tiBaFcu5Nqzc8AEkiui8m +fEEIDfvbAkEAwUmzIWD/6nv34l5W1U3M7atNwvLEepBoTJYf/VENL8dG5nBnVtah +vZsKPS1VTmqlMTy+THe3u/hS9AgXOOyEBQJAcPExPONnOvtx/wGvwMSRnniWtHMh +r3mtZlP3d47YF4cod9UmVHf8uIWo7ygZ7VXbZCA7wnuvcDczjXPt0DxX8wJAA6p9 +LkXjtLPTOMTnSrZmC5/zIp5uIZD5mXJDew99e4mBC7/YBeqeOLVnFU/1zT3ykiN/ +zH18y6DjGePJZPf/bQJBAJfnIL4y1rKGhliqhzokYtKURJ4eCR7qzJRkgyya+4UV +INi6+MZ+mVYkxjGRH8C6+pIUk9TFpMj+1LfHyzMRIxg= +-----END RSA PRIVATE KEY----- -- cgit v1.2.3