diff --git a/test/certs/ee-timestampsign-CABforum-anyextkeyusage.pem b/test/certs/ee-timestampsign-CABforum-anyextkeyusage.pem new file mode 100644 index 0000000000..1ea457e36a --- /dev/null +++ b/test/certs/ee-timestampsign-CABforum-anyextkeyusage.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHjCCAgagAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjezB5MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIHgDAcBgNVHSUBAf8EEjAQBggrBgEFBQcDCAYEVR0lADAN +BgkqhkiG9w0BAQsFAAOCAQEARF7Aal4usByz7BIWnjqvTNoXQBwGOZ+5nuENUbqr +OcMrWTmA9huqOiseVG665VGE+eLvOi6wSZv+8OEWS4nxwmEFkegMDIyQufP85xN2 +XDtsZNiFk1Wwtq7B29F/kZSqL8py650CAQZhqgHCawlvAFj6Datf8OYsqRmdLvjH +DpySBOiv06rtCHR4ThEhvou9Tln6Tb6Ap+sq3/pu4Nf4q/ureqCaSQTS+ayvMuAb +Cg+75Xgvl6nOQSPLkI6YoeA1F0o/51elldCbtfTZM+74btrDnclT3Pyrkp+E63eS +FcNZWN5nxYl5VZGC9DaoO3+3b6VYQoyROBS5tW0ztf5BeA== +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-CABforum-crlsign.pem b/test/certs/ee-timestampsign-CABforum-crlsign.pem new file mode 100644 index 0000000000..cfb6465dbd --- /dev/null +++ b/test/certs/ee-timestampsign-CABforum-crlsign.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGDCCAgCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjdTBzMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIBgjAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG +9w0BAQsFAAOCAQEAKlm2VpIAqs6OEBh8+J8N+wGjn4lzB92H8nPr+UsxeVzbFJAY +ESu9CJFWW9iPjzk6tCu2qwbCQd8jmMbgwHRVekafW6Cpit3qhIE+GZ5bmM7OmRnT +ueNWtMYoh/V+rNtpZcoTvPDcxHuEmh/kKgxqTrZ/7+SlusO2ita6GfOrWgD4Xc3h +djQ1WTSEG/G8PHSnYZ7YEvBhFHAHblaN2AgawexM/mcoWQgOEcQTouMk98zdStp2 ++N+oNmRO4FbKy/vkrSQNly6P+EZKI2ZJ6f6cRB5LDdCXyPcjCC/JqL4/Ota2xnJU +4RX9/X+Uxvvfsc/6dmqy2orJ4KxSlgaHS0Ip2A== +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-CABforum-keycertsign.pem b/test/certs/ee-timestampsign-CABforum-keycertsign.pem new file mode 100644 index 0000000000..6bfc5b6728 --- /dev/null +++ b/test/certs/ee-timestampsign-CABforum-keycertsign.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGDCCAgCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjdTBzMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIChDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG +9w0BAQsFAAOCAQEAXSCrYzwK4/ZfXgURG9nxn1ZJtx/z2TdEyebe6f5YmZE14VxU +cQbLynkydPSntmn60IQWABtueFlTpqOXEfQOxDosN8Nd3L4TkgG/a8mJbuTdfho6 +3NizJzkIxUW7nWiMjrSpkr082HPX/FCbRcg/2oSCOJb5Ap9ZvHpCKtowXGRwcAMW +Yvw5pJDDntklTIWiKqTMo5poKRi4v8Sk/Dh7EwLi8l3e6BlHVx5aBh6l7REj0Stm +j/0HbIBHYLK8+hR32uwA7KoZivgaXxvl0A1DsMGuLZjH+yUd2n7yibqln/Dc2NV8 +aXefMwNqGYnAufJijTmiSdR+CkMex4RYDQgdwQ== +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-CABforum-noncritxku.pem b/test/certs/ee-timestampsign-CABforum-noncritxku.pem new file mode 100644 index 0000000000..850403d272 --- /dev/null +++ b/test/certs/ee-timestampsign-CABforum-noncritxku.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFTCCAf2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjcjBwMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCDANBgkqhkiG9w0B +AQsFAAOCAQEAjQfg65wHwxrd5jBi/Y50BVWb3uvHM/n8y/weOoWP5YXQTUbVqbNT +cxy2SrfDMK4wh5YErwgO9C0yHGBL7fXvnqBqSDnMM2lh9D7DnOQ4K02ZyZLjzkXH +3oprmYKbGSAsifGPuAUhfw8bvhbH1i+gNDxK1g0TcuQhfQ//3vUwIsp5e8ADaFIg +4qCNhvMnv/VkfEpg5hBeVOYSv2ITVhLwkvIKjxEIbfOxj2muglw3fwFhLlAUKp/t +f4i8+OHIMVCQIPpceA/cwmh7HPpLiaQ4EJBWHynb03RwZ8RqZL2tGzg/pZQsjggj +kiZlT3EwSpQjqgBPNLY9DPWMDBCnY+DPWw== +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-CABforum-serverauth.pem b/test/certs/ee-timestampsign-CABforum-serverauth.pem new file mode 100644 index 0000000000..f6fcc13e94 --- /dev/null +++ b/test/certs/ee-timestampsign-CABforum-serverauth.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIjCCAgqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfzB9MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIHgDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDCAYIKwYBBQUH +AwEwDQYJKoZIhvcNAQELBQADggEBACT1ybiBVe+mNC+DSH+8ZG0Ih96OKLiyPNL4 +fA+uCzpn4Ey2cPAnPK/7w0V77dGs7Phpc0LPBj/kVfybhZvJVJDgjnXcdbK1JxUC +zKMRMFP38cE7wyYgsAR6bZilMMsdWAvA+BERd1DoAkePEB3F0/NUj0EP6bDiWE6F +ZtvVyqQYSpmu6VkrxR9lOhUpEzHddNTz2V7QvGcI+8zValG++IluvPHbRL/lFsvV +QjmzuMW8d3+oVycC53bWO6Lj0yX/h6DwP8Tj50w2OgUnV+CmXaxbLNF2sMjM8Omp +YzVRJg2Vqu02KI6QYnwvLHNR6JjGw+OJYHF1DY+GDEEN24BOK8k= +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-CABforum.pem b/test/certs/ee-timestampsign-CABforum.pem new file mode 100644 index 0000000000..7e40e4c82a --- /dev/null +++ b/test/certs/ee-timestampsign-CABforum.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGDCCAgCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjdTBzMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG +9w0BAQsFAAOCAQEAkWshPdAJh5hdpXTqFx3o6UinpCxszJyupHjFzpOoW8FXafva +AgHDjHnbnS7t/haUHb8bDh3qYUBgJM6QvJS2O6rZd1ZRV3+dFevePUcwQXu4w6Zp +vX9GS4v/grpiqc2LKqLekuWIkyxJ0sLjDHcAPb8KTpquCWVWsX9qxPjujyxXBlTc +s9vPQU1j6utbqWPm7LAURebJCNBxHz/IgC0gp+1ln7LP97gkGz/bDQYOLeDsNXz4 +3YpIyRoSTJTnjeotfXhYL2Sak2z0KGtZS5S2BgDv0xjYMprGbJ7JbbSty1Os0I8w +Wfw9muf+O/IStl6or/QbWRde6sTr4En7BdObWg== +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-rfc3161-digsig.pem b/test/certs/ee-timestampsign-rfc3161-digsig.pem new file mode 100644 index 0000000000..50c05fe875 --- /dev/null +++ b/test/certs/ee-timestampsign-rfc3161-digsig.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFTCCAf2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjcjBwMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MAsGA1UdDwQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG9w0B +AQsFAAOCAQEAUHC/kPMTXWZHVsHbIYuqitxgvfplpvTf9FEeoo7RjzY4Zb9xymOt +EeBHfz0HMMIz6c0eV/Y0cfqEBSWf263qRTN+b1XgFaAP30JII3Okxfv7ul8kxvD2 +f22z4+h471FkeH4ZvQ6tD1mwiBcZbXm9g4fRn+WIQfhNY+JaKkespA7diG8i1hSm +/3wc0k/U155vBAmrfIGyUFZzewkt18qnOYQVEw+TPHeV5yd6yrbUQs55CafqEwFV +U9Fb781PIXAw2lKMnoID9/Mm9k5HlQgJ5+bYlRQQhfvfHVv/1WHDlwxE+1L9t1g3 +khZmeRPu1hDAMS5TFaO2lHTRvTTUexsICw== +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-rfc3161-noncritxku.pem b/test/certs/ee-timestampsign-rfc3161-noncritxku.pem new file mode 100644 index 0000000000..9a94846f18 --- /dev/null +++ b/test/certs/ee-timestampsign-rfc3161-noncritxku.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBTCCAe2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjYjBgMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBCwUAA4IBAQBrivg4yDW+ +SeLTjEPEhVmSHgJ7CTnU6wJxZKXDLGhTi3dB7yrBMMy7F0Vmbz/Pg+xxZIsOeMzt +uPi196nfbilHN+sIjn847i06KJgTuQhr13lzy3ky3UIQ5TIWWfaEkz/+mr7zcRD3 +i37GpPSTWOpbmNsZELHuowtpaHLCnaG0SGJoKLJX/DOUsRNKyAHL3eFPwF+w89dK +7YMikdPWW39gLcjCLMtI0M179a8woW1oNHAUCsIUabiRLI8GzUumyO2hPqhTXRMq +FKABr+H2uuRN+MPTZun9g/QLZBqY4sADDI3ko7OYWHwjYeDaqzNWs1T6R7d7+SsO +ws2OW3INcQC8 +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-rfc3161.pem b/test/certs/ee-timestampsign-rfc3161.pem new file mode 100644 index 0000000000..3a49fe8208 --- /dev/null +++ b/test/certs/ee-timestampsign-rfc3161.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCDCCAfCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjZTBjMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBCwUAA4IBAQB7UIs8 +nTM63TDe8tO+isxz5d0WWIn/DCdBPw9t2BNJ4KsgaaP6TPLeQBU4M5+fp7kNV5Re +mphQxwl/DMTvMtbqkVVrN2HOTXYoLi/SoOck7oGU+YwOhocxAZHxvZlqrUxCVZEb +kQOsosfFNE0PhPdF2UuHC8h/wmjEb1hgSAz2JlKzW2dATb8OOm+5iqzSQwGB0nKj +cGTo+K0DDYGrL9iZnGpjT6S4Nhk8opfrCgJyd/E2BB050yrhU/7QUAtBpSt3rdke +V6LiW+y6+CiH4OpEnxtuWI42Bq8KBxFgMNOhOvC2dBcmciE6oPFslOLCF17DzEPO +9YE9aULDF/HfXbMR +-----END CERTIFICATE----- diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 2a505c5895..2f4becbab7 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -174,6 +174,17 @@ openssl x509 -in ee-client.pem -trustout \ openssl x509 -in ee-client.pem -trustout \ -addreject clientAuth -out ee-clientAuth.pem +# time stamping certificates +./mkcert.sh genee -p critical,timeStamping -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum ca-key ca-cert +./mkcert.sh genee -p timeStamping -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum-noncritxku ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping,serverAuth -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum-serverauth ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping,2.5.29.37.0 -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum-anyextkeyusage ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping -k critical,digitalSignature,cRLSign server.example ee-key ee-timestampsign-CABforum-crlsign ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping -k critical,digitalSignature,keyCertSign server.example ee-key ee-timestampsign-CABforum-keycertsign ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping server.example ee-key ee-timestampsign-rfc3161 ca-key ca-cert +./mkcert.sh genee -p timeStamping server.example ee-key ee-timestampsign-rfc3161-noncritxku ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping -k digitalSignature server.example ee-key ee-timestampsign-rfc3161-digsig ca-key ca-cert + # Leaf cert security level variants # MD5 issuer signature OPENSSL_SIGALG=md5 \ diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 700bbd849c..196f2dbc70 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -29,7 +29,7 @@ sub verify { run(app([@args])); } -plan tests => 160; +plan tests => 169; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -242,6 +242,26 @@ ok(verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)]), ok(!verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)], "-x509_strict"), "reject non-ca with pathlen:0 with strict flag"); +# EE veaiants wrt timestamp signing +ok(verify("ee-timestampsign-CABforum", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "accept timestampsign according to CAB forum"); +ok(!verify("ee-timestampsign-CABforum-noncritxku", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to CAB forum with extendedKeyUsage not critical"); +ok(!verify("ee-timestampsign-CABforum-serverauth", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to CAB forum with serverAuth"); +ok(!verify("ee-timestampsign-CABforum-anyextkeyusage", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to CAB forum with anyExtendedKeyUsage"); +ok(!verify("ee-timestampsign-CABforum-crlsign", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to CAB forum with cRLSign"); +ok(!verify("ee-timestampsign-CABforum-keycertsign", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to CAB forum with keyCertSign"); +ok(verify("ee-timestampsign-rfc3161", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "accept timestampsign according to RFC 3161"); +ok(!verify("ee-timestampsign-rfc3161-noncritxku", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "fail timestampsign according to RFC 3161 with extendedKeyUsage not critical"); +ok(verify("ee-timestampsign-rfc3161-digsig", "timestampsign", [qw(root-cert)], [qw(ca-cert)]), + "accept timestampsign according to RFC 3161 with digitalSignature"); + # Proxy certificates ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]), "fail to accept proxy cert without -allow_proxy_certs");