diff --git a/ISSUES.md b/ISSUES.md index da10b8b..de4c056 100644 --- a/ISSUES.md +++ b/ISSUES.md @@ -75,6 +75,6 @@ chain: `env_var.into_iter().chain(probe_dirs).chain(known_dirs)`. | fingerprint.rs | 100.00% | | | parser.rs | 86.12% | Error paths, Ed448, unknown OIDs | | util.rs | 98.53% | | -| verify.rs | 82.18% | Partial chain, CRL edge cases | +| verify/ (all) | 82.18% | Split into chain, checks, constraints, crl, helpers, trust_store, webpki | | main.rs | 25.62% | CLI binary; integration tests run externally | | **TOTAL** | **69.55%** | Library avg ~91%; main.rs drags total down | diff --git a/PLAN.md b/PLAN.md index 63053bd..5bb764f 100644 --- a/PLAN.md +++ b/PLAN.md @@ -5,7 +5,7 @@ improvement opportunities organized by review category. ## Current State Summary -- **240 tests passing** (217 integration + 15 pyca + 8 zlint) +- **276 tests passing** (36 unit + 217 integration + 15 pyca + 8 zlint) - **0 clippy warnings** - **Formatting clean** (cargo fmt passes) - **All test vectors working** (pyca and zlint submodules fully functional) @@ -34,7 +34,7 @@ The codebase follows Rust style conventions consistently. ### Issues Found 1. **README.md test count outdated**: States "210 integration tests" but actual - count is 217 integration tests + 15 pyca + 8 zlint = 240 total tests. + count is 36 unit + 217 integration + 15 pyca + 8 zlint = 276 total tests. 2. **docs/design.md outdated**: Lists "Full chain validation" as a non-goal, but the `verify` subcommand is fully implemented with comprehensive chain @@ -48,7 +48,7 @@ The codebase follows Rust style conventions consistently. ### Recommended Changes -- [ ] Update README.md test counts to 240 total +- [x] Update README.md test counts to 276 total - [ ] Update docs/design.md to reflect that chain verification is implemented - [ ] Update docs/design.md dependency versions - [ ] Remove or update outdated Phase references in docs @@ -57,26 +57,10 @@ The codebase follows Rust style conventions consistently. ## 3. Refactoring Opportunities -### 3.1 verify.rs Module Size (2378 lines) +### 3.1 verify module (previously single file, now split) -The verification module is the largest in the codebase. While the internal -structure is well-factored with helper functions, it could benefit from being -split into submodules: - -``` -verify/ -├── mod.rs # Public API, VerifyOptions, VerificationResult -├── trust_store.rs # TrustStore implementation -├── chain.rs # Chain building (DFS path building) -├── constraints.rs # Name Constraints checking -├── crl.rs # CRL parsing and revocation checking -├── webpki.rs # WebPKI policy validation -└── helpers.rs # extract_*, verify_*, is_* -``` - -**Impact**: Medium (maintainability improvement) -**Effort**: Low-medium -**Priority**: Low (current structure is functional) +The verification module was the largest in the codebase (2378 lines) and has +been split into submodules. See Completed Improvements below for details. ### 3.2 main.rs Batch Processing @@ -151,10 +135,11 @@ All test vectors work correctly: | Category | Tests | Status | |----------|-------|--------| +| Unit tests (lib + CLI) | 36 | ✓ All pass | | Integration tests | 217 | ✓ All pass | | pyca/cryptography | 15 | ✓ All pass | | zlint | 8 | ✓ All pass | -| **Total** | **240** | ✓ All pass | +| **Total** | **276** | ✓ All pass | ### Test Coverage @@ -240,7 +225,7 @@ The codebase uses appropriate standard libraries: 1. Test count says "210 integration tests" in project structure section 2. Test count says "155 integration tests" in xcert-lib description -3. Both should say "217 integration tests" (or "240 total tests") +3. Both should say "276 total tests" ### docs/design.md Issues @@ -282,7 +267,7 @@ resolved." The file documents closed issues appropriately. ### Documentation Updates (Completed) -1. README.md: Updated test counts to 217 integration tests, 240 total +1. README.md: Updated test counts to 276 total 2. docs/design.md: Updated to reflect chain verification is implemented 3. docs/design.md: Updated x509-parser version to 0.18 @@ -306,7 +291,7 @@ resolved." The file documents closed issues appropriately. ### Verification -- All 240 tests pass (217 integration + 15 pyca + 8 zlint) +- All 276 tests pass (36 unit + 217 integration + 15 pyca + 8 zlint) - Zero clippy warnings - Clean formatting diff --git a/README.md b/README.md index 08ee2dc..c8aa558 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,48 @@ A fast, memory-safe command-line tool for inspecting X.509 certificates. Read-only alternative to `openssl x509` with JSON output and colored terminal display. +## Quick Start + +```bash +# Build +cargo build --release + +# Generate a test certificate (or use any .pem/.der file you have) +openssl req -x509 -newkey rsa:2048 -keyout /dev/null -out test.pem \ + -days 365 -nodes -subj "/CN=example.com" + +# Inspect it +target/release/xcert show test.pem +``` + +Example output: + +``` +Certificate: + Version: 3 (0x2) + Serial: 10:00 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = California, O = Test PKI, CN = Test Intermediate CA + Validity: + Not Before: Feb 24 22:17:10 2026 GMT + Not After: Feb 24 22:17:10 2101 GMT + Subject: C = US, ST = California, L = San Francisco, O = Example Corp, CN = www.example.com + Public Key: + Algorithm: RSA (2048 bit) + Exponent: 65537 (0x10001) + Extensions: + Basic Constraints: CA=false + Key Usage: [critical] Digital Signature, Key Encipherment + Extended Key Usage: TLS Web Server Authentication + Subject Alternative Name: + DNS: www.example.com + DNS: example.com + Email: admin@example.com + Authority Information Access: + OCSP: http://ocsp.example.com + Fingerprint (SHA-256): E8:74:48:2A:8B:AA:... +``` + ## Installation ```bash @@ -35,13 +77,22 @@ xcert show /etc/ssl/certs/ --recurse ```bash xcert field subject cert.pem +# Output: C = US, ST = California, O = Example Corp, CN = www.example.com + xcert field serial cert.pem -xcert field not-after cert.pem +# Output: 10:00 + xcert field fingerprint cert.pem +# Output: E8:74:48:2A:8B:AA:E7:36:9D:5B:51:2A:60:12:34:29:... + +xcert field dns-names cert.pem +# Output: +# www.example.com +# example.com +# *.example.com + xcert field fingerprint --digest sha384 cert.pem -xcert field curve cert.pem # EC curve name (e.g. P-256) -xcert field dns-names cert.pem # DNS names from SAN -xcert field ip-addrs cert.pem # IP addresses from SAN +xcert field curve ec-cert.pem # EC curve name (e.g. P-256) xcert field san --json cert.pem xcert field public-key cert.pem @@ -79,14 +130,21 @@ Returns exit code 0 for pass, 1 for fail. ```bash xcert check expiry 30d cert.pem # Valid for 30+ days? -xcert check expiry 1w cert.pem # Valid for 1+ week? -xcert check host example.com cert.pem +# (exit code 0 = yes, 1 = no) + +xcert check host www.example.com cert.pem +# (exit code 0 = matches, 1 = no match) + xcert check email user@example.com cert.pem xcert check ip 93.184.216.34 cert.pem +# Use in scripts: +if xcert check expiry 7d cert.pem; then + echo "Certificate is valid for at least 7 more days" +fi + # Bulk: check all certs in a directory xcert check expiry 30d /etc/ssl/certs/ -xcert check expiry 30d /etc/ssl/certs/ --json xcert check expiry 7d --failures-only /etc/ssl/certs/ ``` @@ -106,6 +164,8 @@ Units: `s`, `m`/`min`, `h`/`hr`, `d`/`day`, `w`/`week`, `month`, `y`/`year`. ```bash xcert verify chain.pem +# Output: chain.pem: OK, www.example.com, 10:00 + xcert verify --hostname example.com chain.pem xcert verify --CAfile ca.pem chain.pem xcert verify --untrusted intermediates.pem leaf.pem @@ -141,7 +201,7 @@ Options: ### Convert between formats ```bash -xcert convert cert.pem cert.der # PEM to DER +xcert convert cert.pem cert.der # PEM to DER (format inferred from extension) xcert convert cert.der cert.pem # DER to PEM xcert convert cert.pem --to der # Explicit format (stdout) ``` diff --git a/docs/cli-interface.md b/docs/cli-interface.md index 099c14f..e008ae0 100644 --- a/docs/cli-interface.md +++ b/docs/cli-interface.md @@ -1,4 +1,4 @@ -# Proposed CLI Interface: `xcert` +# CLI Interface: `xcert` A simplified, intuitive command-line tool for inspecting X.509 certificates. @@ -13,6 +13,8 @@ A simplified, intuitive command-line tool for inspecting X.509 certificates. consumption. No separate flags to control dozens of output formatting sub-options. 5. **No signing** -- this tool is read-only. Certificate creation and signing are separate concerns handled by other tools. +6. **Batch mode** -- all commands accept a directory as input to process multiple + certificate files in parallel. ## Commands @@ -24,17 +26,24 @@ The primary command. Displays a human-readable summary of the certificate. xcert show [OPTIONS] [FILE] Arguments: - [FILE] Certificate file (PEM or DER). Reads from stdin if omitted. + [FILE] Certificate file (PEM or DER), or directory. Reads from stdin if omitted. Options: --der Force DER input parsing (default: auto-detect) --pem Force PEM input parsing (default: auto-detect) --json Output in JSON format --all Show all fields including signature bytes + --recurse Recurse into subdirectories (directory mode) ``` -Default output includes: version, serial, algorithm, issuer, validity, subject, -public key summary, and all extensions. This is analogous to `openssl x509 -text -noout`. +Examples: +```bash +xcert show cert.pem +xcert show --json cert.pem +xcert show --all cert.pem +xcert show /etc/ssl/certs/ # batch mode +xcert show /etc/ssl/certs/ --recurse # recursive +``` ### `xcert field` -- Extract a single field @@ -46,41 +55,44 @@ xcert field [OPTIONS] [FILE] Fields: subject Subject distinguished name issuer Issuer distinguished name - serial Serial number (hex) + serial Serial number (colon-separated hex) not-before Validity start date not-after Validity end date - fingerprint Certificate fingerprint + fingerprint Certificate fingerprint (default: SHA-256) public-key Public key in PEM format modulus RSA public key modulus (hex) + exponent RSA public exponent + curve EC named curve (e.g. P-256, P-384, P-521) emails Email addresses from subject and SAN - san Subject Alternative Names + dns-names DNS names from SAN extension + ip-addrs IP addresses from SAN extension + san All Subject Alternative Name entries ocsp-url OCSP responder URL(s) from AIA key-usage Key Usage extension value ext-key-usage Extended Key Usage extension value extensions All extensions (names and values) Options: - [FILE] Certificate file. Reads from stdin if omitted. + [FILE] Certificate file or directory. Reads from stdin if omitted. --der Force DER input parsing --pem Force PEM input parsing --digest Hash algorithm for fingerprint (sha256, sha384, sha512, sha1). Default: sha256. + --ext Filter extensions by name or OID --json Output in JSON format + --recurse Recurse into subdirectories (directory mode) ``` Examples: ```bash -# Get SHA-256 fingerprint xcert field fingerprint cert.pem - -# Get serial number xcert field serial cert.pem - -# Get SAN entries as JSON xcert field san --json cert.pem - -# Get SHA-384 fingerprint xcert field fingerprint --digest sha384 cert.pem +xcert field dns-names cert.pem +xcert field curve ec-cert.pem +xcert field extensions --ext "Basic Constraints" cert.pem +xcert field serial /etc/ssl/certs/ --json # batch ``` ### `xcert check` -- Validate certificate properties @@ -92,30 +104,38 @@ for pass, 1 for fail. Designed for use in scripts and CI pipelines. xcert check [OPTIONS] [FILE] Checks: - expiry Check if cert expires within N seconds (0 = already expired) - host Check if cert matches hostname - email Check if cert matches email address - ip
Check if cert matches IP address (v4 or v6) + expiry Check if cert expires within the given duration + host Check if cert matches hostname + email Check if cert matches email address + ip
Check if cert matches IP address (v4 or v6) + +Duration formats: + 30d, 1w, 2h30m, 1w3d, 90s, 5min, or plain seconds (e.g., 2592000) + Units: s, m/min, h/hr, d/day, w/week, month, y/year Options: - [FILE] Certificate file. Reads from stdin if omitted. + [FILE] Certificate file or directory. Reads from stdin if omitted. --der Force DER input parsing --pem Force PEM input parsing + --json Output in JSON format + --failures-only Only show failures (batch mode) + --recurse Recurse into subdirectories (directory mode) ``` Examples: ```bash -# Check if cert expires within 30 days -xcert check expiry 2592000 cert.pem - -# Check hostname match +xcert check expiry 30d cert.pem +xcert check expiry 1w cert.pem xcert check host www.example.com cert.pem - -# Check IP match xcert check ip 93.184.216.34 cert.pem +xcert check email user@example.com cert.pem -# Use in scripts -if xcert check expiry 604800 cert.pem; then +# Batch mode +xcert check expiry 30d /etc/ssl/certs/ +xcert check expiry 7d --failures-only /etc/ssl/certs/ + +# Scripting +if xcert check expiry 7d cert.pem; then echo "Certificate is valid for at least 7 more days" fi ``` @@ -125,25 +145,24 @@ fi Convert certificates between PEM and DER encodings. ``` -xcert convert [OPTIONS] [FILE] +xcert convert [OPTIONS] [FILE] [OUTPUT] -Options: +Arguments: [FILE] Input certificate file. Reads from stdin if omitted. - --to Output format: pem, der (required) - --out Output file (default: stdout) + [OUTPUT] Output file. Writes to stdout if omitted. + +Options: + --to Output format: pem, der. Inferred from output file extension + if not specified. --der Force DER input parsing --pem Force PEM input parsing ``` Examples: ```bash -# PEM to DER -xcert convert --to der cert.pem --out cert.der - -# DER to PEM -xcert convert --to pem cert.der - -# Pipe through stdin +xcert convert cert.pem cert.der # PEM to DER (format inferred) +xcert convert cert.der cert.pem # DER to PEM (format inferred) +xcert convert cert.pem --to der # Explicit format, stdout cat cert.pem | xcert convert --to der > cert.der ``` @@ -157,69 +176,71 @@ xcert verify [OPTIONS] [FILE] Arguments: [FILE] PEM file containing the certificate chain (leaf first, then - intermediates). Reads from stdin if omitted. + intermediates), or a directory of certificate files. + Reads from stdin if omitted. Options: --hostname Hostname to verify against the leaf certificate's SAN/CN --CAfile PEM file containing trusted CA certificates (default: system trust store) + --CApath Directory of trusted CA certificates in PEM format --untrusted PEM file with untrusted intermediate certificates + --purpose Required EKU: sslserver, sslclient, smimesign, + codesign, any, or a custom OID + --partial-chain Accept any chain cert as a trust anchor --no-check-time Skip validity date checks - --partial-chain Allow verification to succeed if any certificate in the - chain (not just the root) is in the trust store - --purpose Required Extended Key Usage OID for the leaf certificate + --attime Verify at a specific Unix timestamp + --verify-depth Maximum chain depth (default: 32) + --verify-email Verify email against the leaf certificate + --verify-ip Verify IP against the leaf certificate + --show-chain Show subject/issuer for each cert in the chain + --CRLfile PEM file containing CRL(s) for revocation checking + --crl-check Check CRL revocation for the leaf certificate + --crl-check-all Check CRL revocation for all certs in the chain --json Output in JSON format + --failures-only Only show failures (batch mode) + --recurse Recurse into subdirectories (directory mode) ``` Examples: ```bash -# Verify a full chain against the system trust store xcert verify chain.pem - -# Verify with hostname checking xcert verify --hostname www.example.com chain.pem - -# Use a custom CA file xcert verify --CAfile my-ca.pem chain.pem - -# Separate leaf and intermediates (like openssl verify -untrusted) xcert verify --untrusted intermediates.pem leaf.pem - -# Partial chain: trust any cert in the chain that is in the trust store xcert verify --partial-chain --CAfile trusted.pem leaf.pem - -# Skip date checks (useful for testing expired certs) xcert verify --no-check-time chain.pem - -# Check that the leaf has serverAuth EKU -xcert verify --purpose 1.3.6.1.5.5.7.3.1 chain.pem +xcert verify --purpose sslserver chain.pem +xcert verify --CRLfile revoked.crl.pem --crl-check chain.pem +xcert verify --json chain.pem +xcert verify --failures-only /etc/ssl/certs/ # batch ``` -## Comparison with `openssl x509` +## Comparison with `openssl` -| openssl x509 | xcert | Notes | +| openssl | xcert | Notes | |---|---|---| | `openssl x509 -text -noout -in cert.pem` | `xcert show cert.pem` | | | `openssl x509 -subject -noout -in cert.pem` | `xcert field subject cert.pem` | | | `openssl x509 -issuer -noout -in cert.pem` | `xcert field issuer cert.pem` | | | `openssl x509 -serial -noout -in cert.pem` | `xcert field serial cert.pem` | | -| `openssl x509 -dates -noout -in cert.pem` | `xcert field not-before cert.pem` / `xcert field not-after cert.pem` | Separate fields instead of combined | -| `openssl x509 -fingerprint -sha256 -noout -in cert.pem` | `xcert field fingerprint cert.pem` | SHA-256 is the default | +| `openssl x509 -dates -noout -in cert.pem` | `xcert field not-before` / `not-after` | Separate fields | +| `openssl x509 -fingerprint -sha256 -noout` | `xcert field fingerprint cert.pem` | SHA-256 default | | `openssl x509 -pubkey -noout -in cert.pem` | `xcert field public-key cert.pem` | | | `openssl x509 -modulus -noout -in cert.pem` | `xcert field modulus cert.pem` | | | `openssl x509 -email -noout -in cert.pem` | `xcert field emails cert.pem` | | -| `openssl x509 -ext subjectAltName -noout -in cert.pem` | `xcert field san cert.pem` | | -| `openssl x509 -ocsp_uri -noout -in cert.pem` | `xcert field ocsp-url cert.pem` | | -| `openssl x509 -checkend 3600 -noout -in cert.pem` | `xcert check expiry 3600 cert.pem` | | -| `openssl x509 -checkhost foo.com -noout -in cert.pem` | `xcert check host foo.com cert.pem` | | -| `openssl x509 -checkip 1.2.3.4 -noout -in cert.pem` | `xcert check ip 1.2.3.4 cert.pem` | | -| `openssl x509 -checkemail a@b.com -noout -in cert.pem` | `xcert check email a@b.com cert.pem` | | -| `openssl x509 -outform DER -in cert.pem -out cert.der` | `xcert convert --to der cert.pem --out cert.der` | | -| `openssl x509 -inform DER -in cert.der -outform PEM` | `xcert convert --to pem cert.der` | Auto-detects DER | +| `openssl x509 -ext subjectAltName` | `xcert field san cert.pem` | | +| `openssl x509 -ocsp_uri -noout` | `xcert field ocsp-url cert.pem` | | +| `openssl x509 -checkend 3600` | `xcert check expiry 1h cert.pem` | Duration support | +| `openssl x509 -checkhost foo.com` | `xcert check host foo.com cert.pem` | | +| `openssl x509 -checkip 1.2.3.4` | `xcert check ip 1.2.3.4 cert.pem` | | +| `openssl x509 -checkemail a@b.com` | `xcert check email a@b.com cert.pem` | | +| `openssl x509 -outform DER -in x -out y` | `xcert convert x y` | Auto-detect | | `openssl verify chain.pem` | `xcert verify chain.pem` | | | `openssl verify -CAfile ca.pem cert.pem` | `xcert verify --CAfile ca.pem cert.pem` | | | `openssl verify -untrusted int.pem leaf.pem` | `xcert verify --untrusted int.pem leaf.pem` | | | `openssl verify -partial_chain cert.pem` | `xcert verify --partial-chain cert.pem` | | +| `openssl verify -crl_check -CRLfile x` | `xcert verify --crl-check --CRLfile x` | | ## What is NOT included (by design) @@ -231,13 +252,7 @@ The following `openssl x509` features are intentionally excluded: OpenSSL-specific concept - **Name formatting options** (`-nameopt`) -- the tool uses a single consistent format. Use `--json` for machine parsing. -- **certopt** (`-certopt`) -- replaced by `--all` or `--json` - **Subject/issuer hashes** (`-subject_hash`, `-issuer_hash`) -- OpenSSL-specific directory indexing -- **OCSP ID** (`-ocspid`) -- rarely needed -- **Purpose analysis** (`-purpose`) -- complex, can be added later - **Extension injection** (`-extfile`, `-extensions`) -- part of signing -- **Bad signature** (`-badsig`) -- testing-only feature - **C source output** (`-C`) -- removed even from OpenSSL 3.0 - -These can be added as future extensions if needed. diff --git a/docs/design.md b/docs/design.md index 3e17726..14edd7e 100644 --- a/docs/design.md +++ b/docs/design.md @@ -2,48 +2,55 @@ ## 1. Overview -`xcert` is a Rust command-line tool and library for parsing and displaying X.509 -certificates. It is a read-only replacement for the display and inspection -features of `openssl x509`, with a simplified, modern CLI interface. +`xcert` is a Rust command-line tool and library for parsing, displaying, and +verifying X.509 certificates. It is a read-only replacement for the inspection +and verification features of `openssl x509` and `openssl verify`, with a +simplified, modern CLI interface. ### Goals - Parse X.509 certificates from PEM and DER formats - Display certificate information in human-readable and JSON formats - Extract individual fields for scripting - Check certificate validity (expiry, hostname, email, IP) +- Verify certificate chains against system or custom trust stores +- CRL revocation checking - Convert between PEM and DER encodings - Provide a library interface (`xcert-lib`) usable programmatically ### Non-Goals - Certificate creation, signing, or modification -- Trust store management -- Full chain validation (use `openssl verify` or webpki for that). Note: Chain verification is now implemented via the `verify` subcommand. +- Trust store management (creation or modification) - Private key handling ## 2. Architecture ``` -┌─────────────────────────────────────────────────┐ -│ xcert (CLI binary) │ -│ ┌───────────┐ ┌────────┐ ┌───────┐ ┌────────┐ │ -│ │ show cmd │ │field │ │check │ │convert │ │ -│ │ │ │cmd │ │cmd │ │cmd │ │ -│ └─────┬─────┘ └───┬────┘ └───┬───┘ └───┬────┘ │ -│ └────────────┴──────────┴─────────┘ │ -│ │ │ -│ ┌───────┴────────┐ │ -│ │ xcert-lib │ │ -│ │ (library) │ │ -│ └───────┬────────┘ │ -│ │ │ -│ ┌──────────────┼──────────────┐ │ -│ │ │ │ │ -│ ┌────┴─────┐ ┌─────┴────┐ ┌─────┴────┐ │ -│ │ Parser │ │ Display │ │ Check │ │ -│ │ module │ │ module │ │ module │ │ -│ └────┬─────┘ └──────────┘ └──────────┘ │ -│ │ │ -└───────┼──────────────────────────────────────────┘ +┌──────────────────────────────────────────────────────────────┐ +│ xcert (CLI binary) │ +│ ┌──────────┐ ┌───────┐ ┌───────┐ ┌─────────┐ ┌─────────┐ │ +│ │ show cmd │ │field │ │check │ │convert │ │ verify │ │ +│ │ │ │cmd │ │cmd │ │cmd │ │ cmd │ │ +│ └────┬─────┘ └──┬────┘ └──┬────┘ └────┬────┘ └────┬────┘ │ +│ └──────────┴─────────┴────────────┴───────────┘ │ +│ │ │ +│ ┌────────┴─────────┐ │ +│ │ xcert-lib │ │ +│ │ (library) │ │ +│ └────────┬─────────┘ │ +│ │ │ +│ ┌─────────────┬───────┼───────┬──────────────┐ │ +│ │ │ │ │ │ │ +│ ┌────┴─────┐ ┌─────┴────┐ │ ┌─────┴────┐ ┌──────┴─────┐ │ +│ │ Parser │ │ Display │ │ │ Check │ │ Verify │ │ +│ │ module │ │ module │ │ │ module │ │ module │ │ +│ └────┬─────┘ └──────────┘ │ └──────────┘ └──────┬─────┘ │ +│ │ │ │ │ +│ │ ┌─────┴──────┐ ┌───────────┤ │ +│ │ │ Fingerprint│ │ TrustStore│ │ +│ │ │ module │ │ WebPKI │ │ +│ │ └────────────┘ │ CRL │ │ +│ │ └───────────┘ │ +└───────┼─────────────────────────────────────────────────────┘ │ ┌────┴───────────────┐ │ x509-parser crate │ (external dependency) @@ -61,18 +68,38 @@ xcert-rs/ │ ├── Cargo.toml │ └── src/ │ └── main.rs -└── xcert-lib/ # Library crate - ├── Cargo.toml - ├── src/ - │ ├── lib.rs # Public API - │ ├── parser.rs # PEM/DER parsing, format detection - │ ├── display.rs # Human-readable formatting - │ ├── fields.rs # Individual field extraction - │ ├── check.rs # Validity checks (expiry, hostname, IP, email) - │ ├── convert.rs # PEM <-> DER conversion - │ └── fingerprint.rs # Digest computation - └── tests/ - └── integration.rs # Integration tests using test vectors +├── xcert-lib/ # Library crate +│ ├── Cargo.toml +│ ├── src/ +│ │ ├── lib.rs # Public API and re-exports +│ │ ├── parser.rs # PEM/DER parsing, format detection +│ │ ├── display.rs # Human-readable formatting +│ │ ├── fields.rs # CertificateInfo, Extension types, field extraction +│ │ ├── check.rs # Validity checks (expiry, hostname, IP, email) +│ │ ├── convert.rs # PEM <-> DER conversion +│ │ ├── fingerprint.rs # Digest computation (SHA-256/384/512/SHA-1) +│ │ ├── oid.rs # Centralized OID string constants +│ │ ├── util.rs # Shared utilities (hex, base64, PEM detection) +│ │ └── verify/ # Certificate chain verification +│ │ ├── mod.rs # Public verify API +│ │ ├── chain.rs # Chain building and verification orchestration +│ │ ├── checks.rs # Individual check functions (time, constraints, etc.) +│ │ ├── constraints.rs # Name Constraints validation +│ │ ├── crl.rs # CRL revocation checking +│ │ ├── helpers.rs # Verification helper functions +│ │ ├── trust_store.rs # TrustStore: system and custom CA management +│ │ └── webpki.rs # WebPKI/CABF Baseline Requirements policy checks +│ └── tests/ +│ ├── integration.rs # Integration tests using generated test certs +│ ├── pyca_cryptography.rs # Tests against pyca/cryptography vectors +│ └── zlint.rs # Tests against zlint certificate corpus +├── testdata/ # Test certificates and external vectors +│ ├── certs/ # Generated test certs (via generate.sh) +│ ├── zlint/ # Git submodule: zmap/zlint +│ ├── x509-limbo/ # Git submodule: C2SP/x509-limbo +│ └── pyca-cryptography/ # Git submodule: pyca/cryptography +├── fuzz/ # Fuzzing targets (cargo-fuzz) +└── docs/ # Documentation ``` ## 3. Dependencies @@ -81,13 +108,17 @@ xcert-rs/ | Crate | Version | Purpose | |-------|---------|---------| -| `x509-parser` | 0.18 | Core X.509 DER/PEM parsing | +| `x509-parser` | 0.18 | Core X.509 DER/PEM parsing (with `verify` feature) | | `sha2` | 0.10 | SHA-256/384/512 fingerprints | | `sha1` | 0.10 | SHA-1 fingerprints (legacy compat) | | `serde` | 1 | Serialization (with `derive` feature) | | `serde_json` | 1 | JSON output | | `thiserror` | 2 | Error types | | `hex` | 0.4 | Hex encoding for fingerprints/serial | +| `base64` | 0.22 | Base64 encoding for PEM conversion | +| `openssl-probe` | 0.2 | System trust store path detection | +| `time` | 0.3 | Date/time formatting | +| `colored` | 2 | Colored terminal output in display module | ### xcert (CLI) @@ -96,6 +127,12 @@ xcert-rs/ | `xcert-lib` | path | The library | | `clap` | 4 | CLI argument parsing (with `derive` feature) | | `anyhow` | 1 | Error handling in binary | +| `humantime` | 2 | Human-readable duration parsing (30d, 1w, etc.) | +| `rayon` | 1 | Parallel directory processing | +| `walkdir` | 2 | Recursive directory traversal | +| `colored` | 2 | Colored terminal output | +| `serde` | 1 | JSON batch output serialization | +| `serde_json` | 1 | JSON output | ## 4. Library API Design @@ -105,7 +142,7 @@ xcert-rs/ /// A parsed X.509 certificate with extracted fields. pub struct CertificateInfo { pub version: u32, - pub serial: String, // Hex string + pub serial: String, // Hex string (colon-separated) pub signature_algorithm: String, pub issuer: DistinguishedName, pub subject: DistinguishedName, @@ -114,9 +151,7 @@ pub struct CertificateInfo { pub public_key: PublicKeyInfo, pub extensions: Vec, pub signature: Vec, - - // Raw DER bytes for fingerprint computation - raw_der: Vec, + raw_der: Vec, // Raw DER for fingerprints } /// Distinguished name with ordered components. @@ -126,19 +161,12 @@ pub struct DistinguishedName { /// Public key summary. pub struct PublicKeyInfo { - pub algorithm: String, // "RSA", "EC", "Ed25519", etc. - pub key_size: Option, // Bit size (e.g., 2048 for RSA) - pub curve: Option, // e.g., "P-256" for EC keys + pub algorithm: String, // "RSA", "EC", "Ed25519", "Ed448", etc. + pub key_size: Option, // Bit size (e.g., 2048 for RSA) + pub curve: Option, // e.g., "P-256" for EC keys pub modulus: Option, // Hex string for RSA - pub pem: String, // PEM-encoded SubjectPublicKeyInfo -} - -/// A certificate extension. -pub struct Extension { - pub oid: String, - pub name: String, // Human-readable name or OID if unknown - pub critical: bool, - pub value: ExtensionValue, + pub exponent: Option, // Public exponent for RSA (e.g., 65537) + pub pem: String, // PEM-encoded SubjectPublicKeyInfo } /// Strongly-typed extension values. @@ -152,6 +180,7 @@ pub enum ExtensionValue { AuthorityInfoAccess(Vec), CrlDistributionPoints(Vec), CertificatePolicies(Vec), + NsComment(String), Raw(String), // Hex dump for unknown extensions } @@ -160,115 +189,69 @@ pub enum SanEntry { Email(String), Ip(String), Uri(String), + DirName(String), Other(String), } - -pub struct AiaEntry { - pub method: String, // "OCSP" or "CA Issuers" - pub location: String, // URI -} - -pub struct DateTime { - // Internal representation using the ASN1Time from x509-parser - // Displays as ISO 8601 by default -} ``` ### Public API Functions ```rust // --- Parsing --- - -/// Parse a certificate from PEM or DER (auto-detected). pub fn parse_cert(input: &[u8]) -> Result; - -/// Parse a certificate from PEM. pub fn parse_pem(input: &[u8]) -> Result; - -/// Parse a certificate from DER. pub fn parse_der(input: &[u8]) -> Result; -// --- Field Extraction --- -// (All available as methods on CertificateInfo) - -impl CertificateInfo { - pub fn subject_string(&self) -> String; - pub fn issuer_string(&self) -> String; - pub fn serial_hex(&self) -> &str; - pub fn not_before_string(&self) -> String; - pub fn not_after_string(&self) -> String; - pub fn fingerprint(&self, algorithm: DigestAlgorithm) -> String; - pub fn public_key_pem(&self) -> &str; - pub fn modulus_hex(&self) -> Option<&str>; - pub fn emails(&self) -> Vec<&str>; - pub fn san_entries(&self) -> Vec<&SanEntry>; - pub fn ocsp_urls(&self) -> Vec<&str>; - pub fn key_usage(&self) -> Option<&[String]>; - pub fn ext_key_usage(&self) -> Option<&[String]>; -} - -pub enum DigestAlgorithm { - Sha256, - Sha384, - Sha512, - Sha1, -} - -// --- Display --- - -/// Format certificate as human-readable text (similar to openssl x509 -text). -pub fn display_text(cert: &CertificateInfo, show_all: bool) -> String; - -/// Serialize certificate info to JSON. -pub fn to_json(cert: &CertificateInfo) -> Result; - // --- Checks --- - -/// Check if certificate expires within `seconds` from now. -/// Returns true if the certificate will still be valid. pub fn check_expiry(cert: &CertificateInfo, seconds: u64) -> bool; - -/// Check if certificate matches a hostname (checks CN and SAN DNS entries). pub fn check_host(cert: &CertificateInfo, hostname: &str) -> bool; - -/// Check if certificate matches an email address (checks subject and SAN). pub fn check_email(cert: &CertificateInfo, email: &str) -> bool; - -/// Check if certificate matches an IP address (checks SAN IP entries). pub fn check_ip(cert: &CertificateInfo, ip: &str) -> bool; // --- Conversion --- - -/// Convert DER bytes to PEM string. pub fn der_to_pem(der: &[u8]) -> String; - -/// Convert PEM string to DER bytes. pub fn pem_to_der(pem: &[u8]) -> Result, XcertError>; -``` - -### Error Types - -```rust -#[derive(Debug, thiserror::Error)] -pub enum XcertError { - #[error("Failed to parse certificate: {0}")] - ParseError(String), - - #[error("Invalid PEM format: {0}")] - PemError(String), - - #[error("Invalid DER format: {0}")] - DerError(String), - #[error("Unsupported feature: {0}")] - Unsupported(String), +// --- Display --- +pub fn display_text(cert: &CertificateInfo, show_all: bool) -> String; +pub fn to_json(cert: &CertificateInfo) -> Result; - #[error("IO error: {0}")] - Io(#[from] std::io::Error), +// --- Verification --- +pub fn verify_chain(chain_der: &[Vec], store: &TrustStore, + hostname: Option<&str>) -> Result; +pub fn verify_chain_with_options(chain_der: &[Vec], store: &TrustStore, + hostname: Option<&str>, opts: &VerifyOptions) + -> Result; +pub fn verify_with_untrusted(leaf_der: &[u8], untrusted_pem: &[u8], + store: &TrustStore, hostname: Option<&str>, + opts: &VerifyOptions) + -> Result; + +// --- Trust Store --- +pub struct TrustStore { /* ... */ } +impl TrustStore { + pub fn system() -> Result; + pub fn from_pem(pem_data: &[u8]) -> Result; + pub fn from_pem_file(path: &Path) -> Result; + pub fn add_pem_bundle(&mut self, pem_data: &[u8]) -> Result; + pub fn add_pem_directory(&mut self, dir: &Path) -> Result; +} - #[error("JSON serialization error: {0}")] - Json(#[from] serde_json::Error), +pub struct VerifyOptions { + pub check_time: bool, + pub partial_chain: bool, + pub purpose: Option, + pub at_time: Option, + pub verify_depth: Option, + pub verify_email: Option, + pub verify_ip: Option, + pub crl_ders: Vec>, + pub crl_check_leaf: bool, + pub crl_check_all: bool, + pub policy: VerifyPolicy, } + +pub enum VerifyPolicy { Default, WebPki } ``` ## 5. CLI Design @@ -284,7 +267,10 @@ to library functions: | `xcert field ` | `parse_cert()` + corresponding `CertificateInfo` method | | `xcert check ` | `parse_cert()` + `check_*()` | | `xcert convert` | `pem_to_der()` or `der_to_pem()` | -| `xcert verify` | `verify_chain()` + chain building | +| `xcert verify` | `verify_chain_with_options()` + `TrustStore` | + +All commands support directory mode (batch processing) with `--json` and +`--failures-only` options, plus `--recurse` for recursive directory traversal. ## 6. Input Format Detection @@ -295,58 +281,18 @@ Auto-detection algorithm: treat as PEM. 3. Otherwise, treat as DER. -This handles the common case (PEM files and raw DER blobs) without requiring -the user to specify the format. - ## 7. Output Formatting ### Human-readable (default) The `show` command produces output structured similarly to `openssl x509 -text` -but with cleaner formatting: - -``` -Certificate: - Version: 3 (v3) - Serial: 10:00 - Signature Algorithm: SHA-256 with RSA - Issuer: CN=Test Intermediate CA, OU=Intermediate Authority, O=Test PKI, ST=California, C=US - Validity: - Not Before: 2026-02-03T23:57:06Z - Not After: 2101-02-03T23:57:06Z - Subject: CN=www.example.com, O=Example Corp, L=San Francisco, ST=California, C=US - Public Key: - Algorithm: RSA (2048 bit) - Extensions: - Basic Constraints: CA=false - Key Usage: [critical] Digital Signature, Key Encipherment - Extended Key Usage: TLS Web Server Authentication - Subject Alternative Name: - DNS: www.example.com - DNS: example.com - DNS: *.example.com - IP: 93.184.216.34 - IP: 2606:2800:220:1:248:1893:25c8:1946 - Email: admin@example.com - Authority Information Access: - OCSP: http://ocsp.example.com - CA Issuers: http://ca.example.com/intermediate.crt - CRL Distribution Points: - http://crl.example.com/intermediate.crl - Fingerprint (SHA-256): ed:d7:70:25:... -``` - -Key differences from openssl: -- Dates in ISO 8601 format -- No hexdump of signature bytes (unless `--all`) -- No hexdump of public key modulus (unless `--all` or `field modulus`) -- Extensions are formatted more cleanly -- Fingerprint included by default +but with cleaner formatting and colored output in terminals. ### JSON The `--json` flag produces structured JSON output. All fields are present, with -extensions as typed objects. This is designed for programmatic consumption. +extensions as typed objects. Bulk operations return a `results` array with a +`summary` object. ## 8. Hostname Matching @@ -358,38 +304,16 @@ The `check host` command implements RFC 6125 hostname matching: 3. Only fall back to CN matching if no SAN DNS entries exist. 4. Case-insensitive comparison. -## 9. Implementation Plan - -### Phase 1: Core Library -1. Set up Cargo workspace with `xcert-lib` and `xcert` crates -2. Implement `parser.rs` -- PEM/DER parsing and format detection -3. Implement `fields.rs` -- CertificateInfo construction and field extraction -4. Implement `fingerprint.rs` -- digest computation -5. Implement `display.rs` -- human-readable text formatting -6. Implement `check.rs` -- expiry, hostname, email, IP checks -7. Implement `convert.rs` -- PEM/DER conversion - -### Phase 2: CLI Binary -8. Set up clap argument parsing with subcommands -9. Wire up `show` command -10. Wire up `field` command -11. Wire up `check` command -12. Wire up `convert` command - -### Phase 3: Polish -13. JSON output support -14. Error messages and edge cases -15. Documentation and examples - -### Test Strategy +## 9. Test Strategy -Tests are organized at the library level using the generated test certificates: +276 tests organized across the library: - **Unit tests** in each module for internal logic -- **Integration tests** in `xcert-lib/tests/` using the test vectors in - `testdata/certs/` and comparing against the reference outputs in - `testdata/certs/reference/` -- **CLI tests** (future) using `assert_cmd` to test the binary end-to-end +- **Integration tests** in `xcert-lib/tests/` using test vectors in + `testdata/certs/` and comparing against reference outputs +- **External test vectors** from three git submodules: zlint, x509-limbo, + pyca/cryptography +- **Fuzz targets** for parsing robustness Test categories: 1. Parsing tests -- PEM, DER, auto-detect, invalid input, chain bundles @@ -399,4 +323,5 @@ Test categories: 5. Check tests -- expiry, hostname, email, IP (positive and negative) 6. Conversion tests -- PEM->DER->PEM roundtrip 7. Key algorithm tests -- RSA, ECDSA P-256, ECDSA P-384, Ed25519 -8. Edge cases -- minimal certs, UTF-8 subjects, many extensions, expired certs +8. Verification tests -- chain validation, trust anchoring, CRL, WebPKI +9. Edge cases -- minimal certs, UTF-8 subjects, many extensions, expired certs diff --git a/testdata/certs/chain.pem b/testdata/certs/chain.pem index d938f2f..27fe298 100644 --- a/testdata/certs/chain.pem +++ b/testdata/certs/chain.pem @@ -2,73 +2,73 @@ MIIE2jCCA8KgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwdTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAoMCFRlc3QgUEtJMR8wHQYDVQQL DBZJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MR0wGwYDVQQDDBRUZXN0IEludGVybWVk -aWF0ZSBDQTAgFw0yNjAyMDQwNjMyMTZaGA8yMTAxMDIwNDA2MzIxNlowazELMAkG +aWF0ZSBDQTAgFw0yNjAyMjQyMjE3MTBaGA8yMTAxMDIyNDIyMTcxMFowazELMAkG A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFu Y2lzY28xFTATBgNVBAoMDEV4YW1wbGUgQ29ycDEYMBYGA1UEAwwPd3d3LmV4YW1w -bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYh/NgeFsjBK -A4qYLht37aShiYpXguglMZUVswhG385asuD9XlHxWW3LbKBfvgGbmBWTOUiAdC9D -1KYDF2y2baP4RHitLvc4blKuAdTQ/1lzF0Yac9QsmGrI702rA5S9qiTiU+yfRMSL -F2F486PDf0iR3s+NNbGZwTW0WagCm0+MVrIWipUaqd5XMUZHKGA/h1OTmDB1nRz8 -0RzJfE0P4aRLO0uLvk+BbNqS4QmO+EtxplQ1ho1pFzAQ71gHDtJgIxz8ZaWHHLvh -Q3uKqL4hhfmJt0tw4dlW6QMOWCjpU9+RO2irHfDCdCnOfRtzsRp4qjS7j6E2Ci4C -A13mVmm0RQIDAQABo4IBejCCAXYwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAw -EwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFGLSow3s8bOp9zWGKMQGHOwd -A6EfMB8GA1UdIwQYMBaAFFOSe9Z7WIDnrpZw6ZXoXM24UoqZMGEGA1UdEQRaMFiC +bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwD+36cpwh3u2 +u87LOpDfnXmnPMZh2nblyiT89hRjSJMdqrMQ31Z3gmJ7qTtg5POJ1jw1FEAEDoj/ +LihXGQp3df0RWO1gpjA9vkB+OGcdSA8YEkhdIVTiYs0z9L6ah/KT7TZSzmdVIDrq +/xyRfKmMjykR3bZEn7bINUkLgUBPo95XHGhTZqtyuLNIR66HsaI8eJMY90prcAIK +iXpNBACmzqGYK/ZlRLA8RCe01+AwJaZcuVE4zjtVBOEGN6TXl7TuJ5GkrkXRgM9w +emRxEX0A4S6bfGOdvp4H6HUSOKGD6RjZsgKIcOUmfERQmiGi5hrfGj2cDpPg8pNi +fZtzQ+ZOPQIDAQABo4IBejCCAXYwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAw +EwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFPi6gJ++WFYIUKltNOeburtr +99yXMB8GA1UdIwQYMBaAFHw3mtvs/qsweREy9eOiZPtctd4YMGEGA1UdEQRaMFiC D3d3dy5leGFtcGxlLmNvbYILZXhhbXBsZS5jb22CDSouZXhhbXBsZS5jb22HBF24 2CKHECYGKAACIAABAkgYkyXIGUaBEWFkbWluQGV4YW1wbGUuY29tMGcGCCsGAQUF BwEBBFswWTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZXhhbXBsZS5jb20wMgYI KwYBBQUHMAKGJmh0dHA6Ly9jYS5leGFtcGxlLmNvbS9pbnRlcm1lZGlhdGUuY3J0 MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZXhhbXBsZS5jb20vaW50ZXJt -ZWRpYXRlLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAEVYTdRk3OAmCFeMHHpgRPjjm -hqZdVXSjScDCi+Rn2I/yyUzaeSXswd6h1fNlCtyW192G3m/i9FE10uAnKeP7q3Qy -8HpSh3OwEtwRsgxK+adgYkJc2ugN5EFs0cPyO6dqpCSiWQromx528ZcfHXlmj8yw -2m4HBS1NgeExvtRzYTtu+lHwgpgUlXRa5g73b7WG4Ch9B6txrGDd9Xh9CBnU9T/W -Ob/M7u0j0e4i435P/AUnv3sbtB5JIpXlNdKm1H+35cGovcH0CYYDs+2DBINlzA2I -bivEnn10ujDgIgiUF2ZcyUxJT5pqXm6L9LvJ5wRZGpbs0sU7wjSjvhKusoBxiQ== +ZWRpYXRlLmNybDANBgkqhkiG9w0BAQsFAAOCAQEASAryKicZ5lb93QquTKffQ00I +QMm5nmuQ0Xpa04YwWrnlFE1FtoKrzPeKzgFjYmhjCKg0I/VEZDtlqTYFUUD7mpc+ +Xo1hyCUifLe+9H7cLCbfwVdFfAH5IhLMx9xo0fo/osLgiM70NMmuUSiOqaRQNr8u +TEPO/LQNi3feth9l4yL+SsMhMtBPoPdQxE0foTuS9k5iZrB+IgjFb9IEfjil2Rw7 +6fuqd2tDivQcVJWgiWmezlWsnaACHnnIZI0MSkBrOdCejnoIJuFtwz+gidRnNCc+ +J8VV/9NDZjkPi2nAbDckKtaXMMGr6LMVVOiDynQ7+K+awREKikRwydmNUvPawQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIID3TCCAsWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xETAP BgNVBAoMCFRlc3QgUEtJMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkx -FTATBgNVBAMMDFRlc3QgUm9vdCBDQTAgFw0yNjAyMDQwNjMyMTZaGA8yMTAxMDIw -NDA2MzIxNlowdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP +FTATBgNVBAMMDFRlc3QgUm9vdCBDQTAgFw0yNjAyMjQyMjE3MTBaGA8yMTAxMDIy +NDIyMTcxMFowdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP BgNVBAoMCFRlc3QgUEtJMR8wHQYDVQQLDBZJbnRlcm1lZGlhdGUgQXV0aG9yaXR5 MR0wGwYDVQQDDBRUZXN0IEludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMekG3N5sp82tGLnxrzlLvHgri/JoV3dd45Zf2mD73QM -iNnGeJcVEnmMiN82N6XlY0x07MPc5cZz3AM/LarqwDxFpq37jxptqx8pmrEB5IYV -HcOW1axTgOUwH+ALN0ISz74346X7twRaUlpp8RZTd02xPSpyzsSjfKFYSG8FVd2d -U/XjfbbOicIHocbCZymXNSSj9bZ4SJf1AnEO95TLAqVOYLh9A12gvU7fhK7Suvzb -PPOkK/2pyFjbemvuC0erbWbjH2eEoHBAnyVy0psbnxafWs4+ROGywJ3PF1K8NGcX -GvtQ0RbPXzGEr1J93oT+8GmbEPx42Q9g7FT8DkMwfw8CAwEAAaNmMGQwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFFOSe9Z7WIDn -rpZw6ZXoXM24UoqZMB8GA1UdIwQYMBaAFFAO/CuEtKtQbzPt5VLBAGMMhAnzMA0G -CSqGSIb3DQEBCwUAA4IBAQADXG+fCKZsq4Ou2ls6F8/UXJimZQo5L3zE7a+8O5Y9 -eMLWZRhk9sVFs3CWC5OJLzUWdQ0t8ASIsicMKfPikOxlJukQLYunDBovY1iOxmeD -kaX9sOJlWzZejh+n4zcBdhhc1ga9X/XMJ1AN+7lvNpgiS+rnV8HZ7XuhMlpXmLKP -A1z3CJ9ml40gwe6lYhmHQTty9i929d7qS1SP/VzE+hASHAfZmafxSMNwzE80qD1v -KgEqjarNQj15ag9jy4MPaqADncUkh5vH3lbhXU9aPQZlmMOEpb1bZCScAFARQAPu -lYe97becMTtInu2HWQ2OUtDi6SxDbdfdZSYygTkDWfT2 +BQADggEPADCCAQoCggEBAK/mLPtr7amBZtAw/V3VnjTbtu6EH1Eu65d2Uz0WCb7r +XKGQd7vqCxPfUdgHmwRANz7kgCkJIlv4o4Y96cgRIw1/XsQYeTtUB3+9t8wmKBY1 +mxXjFEA5ffCZIQ+J+BJIsHdMZjaOjyHzUX4IhuqmoQSZ06M7HVCILFLPSprla2As +kJVA+5G3651a53ME7suXdmrvRTFoOuO3N2CrODVXdYfXT1fcldaEc/rezBDKNNoX +AAQZzwwS0NXsRPH+jlVh/sIW/FOsTduenQ+HJsDQU6udFdXYuksMg/hutt4jV3Rc +NtZnoDAf+9bBE7Hq8tXX6Of5R7b6Uk1J7F4giHcqKDsCAwEAAaNmMGQwEgYDVR0T +AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHw3mtvs/qsw +eREy9eOiZPtctd4YMB8GA1UdIwQYMBaAFN1CbmrpD0ilFVBX77htRr+vZVDsMA0G +CSqGSIb3DQEBCwUAA4IBAQBLl++Ej06McMuWUSiKhitGZcVedLBqCnD3FkFCrgvi +qYdRpL4sTeDJXriPY2PTybEib6d4D/zSOVBZtgb/PFTA/ctiafIytM5RNWMas8hv +qzw9iJ85LkVAC9MwTNyrrTJTOQELnG/siImJsMw9u3uO7byEKHTnuBnWbKtQF4yQ +oFZTZHLZChh4i7rCugGTG0QJ+C4n6Bs1+gt9AuySUvQPavp7y1w9Cz18srATd3HQ +v1Xn831IK/YCS+bGmfbFfjrmhBEXXVrIU/dpwz9D4g/K2K0LMvyVb4A4bDep5ZgO +tm2tiWyx3YggiwaOAimrWXx4YVUlnGwp1kwnwWcQjj56 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIID6jCCAtKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xETAP BgNVBAoMCFRlc3QgUEtJMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkx -FTATBgNVBAMMDFRlc3QgUm9vdCBDQTAgFw0yNjAyMDQwNjMyMTVaGA8yMTAxMDIw -NDA2MzIxNVowgYQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FTATBgNVBAMMDFRlc3QgUm9vdCBDQTAgFw0yNjAyMjQyMjE3MTBaGA8yMTAxMDIy +NDIyMTcxMFowgYQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw FAYDVQQHDA1TYW4gRnJhbmNpc2NvMREwDwYDVQQKDAhUZXN0IFBLSTEeMBwGA1UE CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0Ew -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHstgXPaC0c5gMLEPAKkW -UQKhLYjn2snKLuGQYJelgV0KAJAzJ/R9IjnWIYKUTfYMyMQuEpBGUCXONe3HCxkI -fVlctccnhmuAnd9DOmISJm3axYbvCc5mjtz9tpRBzeIF59rbk38spuVFO0uU+Nln -imGN1/3U/HPQJqtDh6GM0I5F5Y3SGHD7KnqVyZVbKRcguaonTg0WKJXzLM0wrxHG -mAXKcNS7ruMHBn2lHfEUPNUTfQWq0K94IMEKJ5h1UV0SfgyqA7sL5vP+ptv23fN5 -HiptvkMYtu8NcHZ6THSGoMlNn+PHA0HHrlLcpNP5lRqMpa18d8Q+hEnetsXrgJDB +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVofaSnz6eKx2zKmVaubDr +oDJkF5KCWOt4+YbucQy5DnlzRIF+hbDcGN23YuQKI9tavDhQ2x7S+qmF43qOjL5G +8LIP6cxjy0WdAajGMzKiPCaZoYLTptWQR0HrYX3xVvZIcOxpHiKUrZXO6Do+DnOM +SHGOZ88oEMpFbJfWbI81/dieSBLl3AbkE8UZdHwvlQUwe3CNwob4I2wQV9fX7ezy +uc9wpRorZRfHRmyxuXshFZEaOGDHKA2hYNMIr4lgZn6cXNBCkBU/XlnVA82yNj2b +E09U08ieW7Cfpgebo6+phuV7D4anh/ZNbMsgIyrAmW+VVBq/cgsX7ijdZYe3F25p AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud -DgQWBBRQDvwrhLSrUG8z7eVSwQBjDIQJ8zAfBgNVHSMEGDAWgBRQDvwrhLSrUG8z -7eVSwQBjDIQJ8zANBgkqhkiG9w0BAQsFAAOCAQEAVx0HHfn4kUUL+rvG0PbwPJlq -b3MLL0fFHg9PMLDYk3aWRimnQveU/QLcah/3onG9o1Y6X/iD11KPo+92wWGbtEPH -xYkUN/MS3UvVKWWWTscrviTQoIoTOor/XGvrNh0Psp/SVp/jtpLKtmWyjQMBr0uf -WJUY2v/SEsZRjJaxAFYrN/nrSuTEAyvS8IZh88Kxjq5QibSvPCtyYxT5dH8D2a0/ -oCXXY/T/6ZbNshuFooZUlls9jETJBj2ZFU+1cnpNeCVYElHJx8n2ohaHq6sAQELf -+J3ky6FHUTfI1jTAok0croiMInH4VRD5XzUF0fGS/GP2xuRbIem5OrMYzTYZBA== +DgQWBBTdQm5q6Q9IpRVQV++4bUa/r2VQ7DAfBgNVHSMEGDAWgBTdQm5q6Q9IpRVQ +V++4bUa/r2VQ7DANBgkqhkiG9w0BAQsFAAOCAQEAPEx471HlWR8k6UDYuPt/1p7c +L+ydukRNvhmnBhCCdTqj2+foCrcIEOdkrMzhTHsmwuExdpsLIP+KcsnMwncoxsxL +t67EDqRrGh7VwtpcOrHggw52vPuqwW+PV82N7t+SAI5hDdCD027QSZq7N0yK2Cts +GevXPfHwp+Gi9Qn36vQzVKVWseZ+er7WB3IWBRQY/HpavR8oDdB9IJJjoXB9jLZt +Vn+kzjBUYMZr+drxWZnv6nBz3yBlh89X88Q64uJ0yvx+2nYLC5LG937StJRWiJPK +03wwXIiw3WuSK0D9si/tWinhD1nmhtqyYdklR5J4YkHBzii3AoQVkRdkcb52lw== -----END CERTIFICATE----- diff --git a/testdata/certs/client.key b/testdata/certs/client.key index 9e183e3..6c95c28 100644 --- a/testdata/certs/client.key +++ b/testdata/certs/client.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDF9aOhvDO7xJR1 -5E8cfZ95aZm4kElP4+ddc/eIlFwzCcaw+WjpKahDig/EGSGRp9l2VF3mZE1vsjgh -FkO6UBqjI1FX3cMJ5a/PK4MsJAJEC2Cdy/1iY1xJ4zF6lkPGLWmMXSC9MekmsRHk -iRPtG0xFhyecqJPNsjduUAL6Y7d2bWfVilH9aaYJu95KqQkqsj4WpBGSQ25BaJ0q -7ln21KUGBeNiXiQXltdzuQ9JNUQmLdzd9iZpWm/dN4CHsIV1qd0f2w7Ql94ZwpwK -YuIJump87J8FoD7UwqZ37MQJKUwCjzKRkOzxUNQT4ya0tPvooXWN+OkDNzBd+Mac -jOcR/e2/AgMBAAECggEAJksZn7A9260vwMxs50h/wGdGlrbGj7844tGLiS6V1UOn -XVWpzyzBQWtkGF16KmhrPyIb1fUCK8CwbeoWKOTU+kjbM+GQmIoHY855feDrVUlU -I8IxnkY1NI/P4vRNYPko6T+clSyh+tuW5/wCUEQPEYYPChVsHgbDBUJSCSif9Tbm -a6R18cbdXV9BUfE0tOM/wU+IxJBpmqqeerEC9k0yFwh4mMDG1gzrLoAX7ci6Wt0T -2bXvtA5wkVoAfsDrBPXR6OpT0fyz7RlP6ODb3VMldQsfw+1KgalEWQ3or4CGrVnd -cpoyKywqKQbjwkhvCIXEbuokIGZO1H13An10atYgzQKBgQDw0sMWRY0mx4lb//nK -NfofOhnVpogc3VZd0shCC8v11MMFTmiubH4LJHz9fNSke+OBOzbuBYqvS0nAykfA -M4I4Lx4Oe6uF/afAyZ0JdY3l36G+uGp4Gkxeo2WXwGntauJaHWmtO9L9MBDo9bV3 -eXCKvDYyzBrD/WtsUsBpb8oH8wKBgQDSb1mFhQ8WpIQON4fdtqLNvnTOtCA9jKe8 -M/udIwQ74mKWpl9hrjYqG9uBvfyQNJXYmyDYp2ASJ640MwbRUPWy62HdR60M1+rl -tZNG9ia/RaHFiM8vkAfNmAtFvVQ7BkhrHjU6KyajYhazXknpuX8GkkLq/VG6mY1A -cRsN8uyiBQKBgHUVk2HlqM2834yKNHDas2OxRNQ6Jh0ag54UF+b8g0pfCf4vc/ex -qcpTEC3SHjRmQ2MWXgt1SEsXqKEB98Z7hIk6ZzuVZvw7Ke8yVpY9wCKOCr6GPMVt -y8mLWZ5hH18dwzUa7cEav+b3EpGgvHx833mkLhmeYDj/odXFmeTpQ+l/AoGALbX6 -YEKTEHwUI3J0lPjDTKX+gZgnGLehCATSt0OP++IlQExLk9Bf+62pdPlsD3ccxbyM -2gMhn0/3S2d6J6XKeV8gFw0mzg9o+xUCNPvrVsktZtddChvjVgmdCT0jOt8WhA4/ -ya7t6be47qWgsKCWszq6RolYY4xPXpwzIEiQlnECgYBj7LsBABvm94K1EDwZRTh8 -NEjJA+McQOEO7eT8jI8cgybPAB94z6qp7r1W7XvkHD08YBL03/9gvdvTOjTpnBwx -iwicIdRSO18ffAmkpDibbK/4+nOhmLXqqL6D7J2ylyHfM/YXVzSFkyPVBaMxyRTi -GngfwKbLpgpoKD+qLbhptg== +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7uEQJ011lSovk +6cfdz8cQat0m0JXfREEDuHu6W4Sia9A5mUy0KaaGCDmxKs2d3/LHH0HbJpCzmkzE +OJ8HwkHIh4dbqnfGCWufkcU3ODQ91VEd/tmv1F0mL/JtYQqEHNUSS8FQLkARzOnq +/sm0zez5UEcVbZIArqDIx67Zmv59xwhjnO+a24PaICeVBDUvZXZCt7/o1HmuY5T6 +EPos+5NXedRj34w3prDPaov1pG0R1wHKfsBxxB9VFCi5eovx2oB6C7HiQwNKj9S2 +d+EaOOUpkAGq/KhW6DKuP+6lrWnqhrj4Y4atttKrBBkJD+IBtHYxE8OpjQbGLuHz +lWLu6uJXAgMBAAECggEAJGH8XeMncOBX6NAeurDwpg/wOPuocJNr/mqdIGtoc4pt +2xwJL8n6ynOBqwLew0CKb2lxfCYnWYgIZOeMexZ9ZX5PD8ckW6+rukuoa6FrDqjv +hd7FFj0UqLgWRnjObvifm2IvX3j3VfvfQnqLYY2f5lpWzKJl79fotcFt9CMEPCAn +l6c64NbU/Pu1YU1lPuVoo1pzAM/Qvk4Km56ZifP6uAWOdCKgmBiqXDhqO7OLwm0G +/IH+QYUUoo5E0QUhxmvIj1qlA6nV7rAOpmggcDryF/5KQQHS5pTi7NVklYze5SDv +SOMeCmym5mUcQ4VPrQC8X4vbj3JLG2QhTohn4VqiQQKBgQD6Y1bAxHUY3SMCsVkR +L2NZq02GVpRETa7xWYgyzd1bgqTfqji3HbMyaHvswoVJ5FFylESZd8KS5Pwn3B8x +FinhGxUEEdK/UrZDhkMgFfUpF7L0mCc8rJp6d5+/tPDHb4yWVNZqdtAz3Kf0v0ax +Ms0hLcj/JsuiRutix3JvQ5CN0QKBgQC/7VpTmPm/13KORqadcapUM7W3OmbfmT4n +XMqephIm+3t2FO3NGw3tUENXaF+ur740cjoYt5dAbFOsOx2gW/X5UR0Lmyx5fMmy +6tG9Lh4KIO5g+E8dN22naQueF6+bJOvwN2UlSwqMhnL7w+334tkdn4YKDqEYHmCL +kvg3ZIUvpwKBgQCqLOYDcgKb+YAYDm0YjvqZMSIpkaKHobyq8EzvKpet4GcqVMjj +O95U/kprqfFpPTJWC4tsOscVi2gNtz/D3uprwjpQX8S6n/6ceh4ZKpNLcH4CW38f +b7g2UCNU6idThO8qJVLtXP84oFnOsEndmUdtq26Wa8mu60CEDEYsdOFEYQKBgG0B +e7nbOo3w6clQ6zSk6B6mt+B3NRJt0NU+aH4uyESHtJleTameYgyU94pfZ2ipvBfB +gKmlLCyU2fkKIkt/r3aI0TxUR7BAZbZOlA0kcj9CcOF2ZkirwIXCrax+u2gcUjy+ +2Z2Sv00M16WSpEeT+chPYCu6H1i5eBANyxh66QIlAoGBAPj48F0TpbXDgl9FVcRm +9xkyv/GXYhMfNyWvbEImotYNSxRP6PggGpMxSy75LP23kcMXPJOSNJTwyzIHpfK6 +k7FIm0nRI+Nh4mfbvR2MCpS9NM1TVYUhPD8ThmXAmpx0XwPVuMJhI0RDDfbIrDMs +nbrZXCR2ZRmKv6EfSWr+LdLK -----END PRIVATE KEY----- diff --git a/testdata/certs/client.pem b/testdata/certs/client.pem index 32a34a1..714d905 100644 --- a/testdata/certs/client.pem +++ b/testdata/certs/client.pem @@ -2,22 +2,22 @@ MIID6zCCAtOgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwdTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAoMCFRlc3QgUEtJMR8wHQYDVQQL DBZJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MR0wGwYDVQQDDBRUZXN0IEludGVybWVk -aWF0ZSBDQTAgFw0yNjAyMDQwNjMyMTdaGA8yMTAxMDIwNDA2MzIxN1owWzELMAkG +aWF0ZSBDQTAgFw0yNjAyMjQyMjE3MTFaGA8yMTAxMDIyNDIyMTcxMVowWzELMAkG A1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRwwGgYDVQQKDBNDbGllbnQgT3Jn YW5pemF0aW9uMRswGQYDVQQDDBJjbGllbnRAZXhhbXBsZS5jb20wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF9aOhvDO7xJR15E8cfZ95aZm4kElP4+dd -c/eIlFwzCcaw+WjpKahDig/EGSGRp9l2VF3mZE1vsjghFkO6UBqjI1FX3cMJ5a/P -K4MsJAJEC2Cdy/1iY1xJ4zF6lkPGLWmMXSC9MekmsRHkiRPtG0xFhyecqJPNsjdu -UAL6Y7d2bWfVilH9aaYJu95KqQkqsj4WpBGSQ25BaJ0q7ln21KUGBeNiXiQXltdz -uQ9JNUQmLdzd9iZpWm/dN4CHsIV1qd0f2w7Ql94ZwpwKYuIJump87J8FoD7UwqZ3 -7MQJKUwCjzKRkOzxUNQT4ya0tPvooXWN+OkDNzBd+MacjOcR/e2/AgMBAAGjgZww +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7uEQJ011lSovk6cfdz8cQat0m0JXfREED +uHu6W4Sia9A5mUy0KaaGCDmxKs2d3/LHH0HbJpCzmkzEOJ8HwkHIh4dbqnfGCWuf +kcU3ODQ91VEd/tmv1F0mL/JtYQqEHNUSS8FQLkARzOnq/sm0zez5UEcVbZIArqDI +x67Zmv59xwhjnO+a24PaICeVBDUvZXZCt7/o1HmuY5T6EPos+5NXedRj34w3prDP +aov1pG0R1wHKfsBxxB9VFCi5eovx2oB6C7HiQwNKj9S2d+EaOOUpkAGq/KhW6DKu +P+6lrWnqhrj4Y4atttKrBBkJD+IBtHYxE8OpjQbGLuHzlWLu6uJXAgMBAAGjgZww gZkwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUH -AwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRie+OmON3ninoRnN6avIhoaXtDZjAfBgNV -HSMEGDAWgBRTknvWe1iA566WcOmV6FzNuFKKmTAdBgNVHREEFjAUgRJjbGllbnRA -ZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBACUIHfbS6HCfzX2p9SqLOHca -1a55+VrhHVdvssm3INM5OIyb3tV51BwzgN/8AVIMuuB5k2gD+QjC2IH7XMF1qD3h -WHOvXnKTw6LmviIqTmsDXHWJc7/X/63hSETYRI6jd83cQbqk82mAyMLVftlhtw2q -30EveQy6oJxhRpMVs2PVVpfjbMz4aQhkQFOIIwMOGLHitg5jf8O4m7D8NDdRkAcC -PbU13CGAkBcVnK8Q981R1OvJ0pkYGU86qFScys/28+ukO86xCnkKLnZpke18lr4t -e3T2Il8OY7vqTqB35MAmg3cV9FstrXZux1QGUXOF+1FB3IN7F2q/fkqjH/mXSHs= +AwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRN13BvFNVChyuHX0H80/ySV+UO/jAfBgNV +HSMEGDAWgBR8N5rb7P6rMHkRMvXjomT7XLXeGDAdBgNVHREEFjAUgRJjbGllbnRA +ZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAF3uSHuoHGBLjXZC76jHHxT2 +RE+u/C5Un38e87OnHrwjLu0oYr3vYNd0R4LEZ8XXnvslpixnpLWiW+VX4S5F6ToX +s/1AmsHUHuHIbqO6wIN0TBNOVLgVA+c0ndbh1J63Clm0QZYTkeAXV5xI2MIPq7Au +yK/nsdfG1Z6L+o9ubr8T0A88CgUG3V6izxFE0YzlWAH0GyHohBIxUao1mdVVv490 +jXI4SXZUz8jL5kLkMCdIy96GT406gvxuDd12QgBOeukw3aNjipDLPh73fygLeodX +TnQTSaXk2x9WU/3IN2oOn3jjwn+d0xKCy0sj1x4LVXBJsH9oMk9l4GByJzuhNVg= -----END CERTIFICATE----- diff --git a/testdata/certs/ec-p256.key b/testdata/certs/ec-p256.key index 2ea8eca..9a78dcf 100644 --- a/testdata/certs/ec-p256.key +++ b/testdata/certs/ec-p256.key @@ -1,5 +1,5 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgvH+MnlpSf73Ul0/5 -E9M6HU7PcPYsjB0Z5XOvRXV45AKhRANCAARHahTxIuT3QvbXsRsucg/v7SsxyL1u -uuk4wzAsgKNTXNWbsSj4MdNmAHTzJwkSkaE7//nf5Y72Wr5GLJTm5LFo +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgWKvw8VKeLWX2Q8XJ +6c1nn33HXGkgnZnjLoqyVKWtftShRANCAATu0PS80mCTmCV8KHePOfy/OByvqccV +6IUpVA+o+YpkjbV3sbCIiSJ3Dhllc9pFGap5IcyIDS8baPIlNLIXWgLa -----END PRIVATE KEY----- diff --git a/testdata/certs/ec-p256.pem b/testdata/certs/ec-p256.pem index 6fe3194..7fe9077 100644 --- a/testdata/certs/ec-p256.pem +++ b/testdata/certs/ec-p256.pem @@ -2,19 +2,19 @@ MIIDOzCCAiOgAwIBAgICIAAwDQYJKoZIhvcNAQELBQAwgYQxCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMREw DwYDVQQKDAhUZXN0IFBLSTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5 -MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0EwIBcNMjYwMjA0MDYzMjE3WhgPMjEwMTAy -MDQwNjMyMTdaMGUxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYD +MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0EwIBcNMjYwMjI0MjIxNzExWhgPMjEwMTAy +MjQyMjE3MTFaMGUxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYD VQQHDAZNdW5pY2gxFTATBgNVBAoMDEVDIFRlc3QgQ29ycDEcMBoGA1UEAwwTZWMt -dGVzdC5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEdqFPEi -5PdC9texGy5yD+/tKzHIvW666TjDMCyAo1Nc1ZuxKPgx02YAdPMnCRKRoTv/+d/l -jvZavkYslObksWijgZ0wgZowCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYD -VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBR8T5z3VUd1jKt4 -BdMTMXsW3An62zAeBgNVHREEFzAVghNlYy10ZXN0LmV4YW1wbGUuY29tMB8GA1Ud -IwQYMBaAFFAO/CuEtKtQbzPt5VLBAGMMhAnzMA0GCSqGSIb3DQEBCwUAA4IBAQB3 -VLjGJ74qxLsiLP2GTbxlTmgGO55X65bNkZ8c5g5WHL2oNWR0TGh1mtMhHzlicqz1 -wZnDczdWRdC+qggyeCb/+jQkIpfIfammj0CaWqp6Ho4rPIAdGr8zZrogMQHcBiRz -LH+6OQuScDW6xMc7/7f7CSMjlJShBrTaKRE6HHu+Skxpnjhn5nu4s+7fSDU61fji -7AAyvNUhUG90/xJ8h6iE+bmsTsIuuFVXFUm+mxo0pVh081qpk4Wjp5veY07sJXrn -AFztKYC0tLFCo9+9BJ/eqNL/DQcX4FreVnWyiFEfOFjFz9+OF4Lkb9iITxK7pVJr -J8PsVfA+CT0y2Z5XQz/5 +dGVzdC5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABO7Q9LzS +YJOYJXwod485/L84HK+pxxXohSlUD6j5imSNtXexsIiJIncOGWVz2kUZqnkhzIgN +Lxto8iU0shdaAtqjgZ0wgZowCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYD +VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSwkkKvfDQxXWEi +As5LuEgb2DK91jAeBgNVHREEFzAVghNlYy10ZXN0LmV4YW1wbGUuY29tMB8GA1Ud +IwQYMBaAFN1CbmrpD0ilFVBX77htRr+vZVDsMA0GCSqGSIb3DQEBCwUAA4IBAQBt +SXbN7qJkC8CRCzaF3+bOz6KuNvD8FmV5iNKZRQQqKZdNa3AnqRnI7NV+2zoccYz5 +dAHz/H8BiqZhaGCAiZa63rNGoIVjuGDy7/m2B2qqP3stkAgMmmcLCQRZJkv61mcJ +qFusOAh7RUL6G+kOrQVFr86q6yqmDs7lYiGMq+iQZYDyjhKPA8oVJSMGQNwQrXeu +JSpCZMPqthuPDGNX/PpLKQDe2baRsp5ZJ+Oiy0EFdrb3a+bcjYVyx27K5+S910EI +v0VaeWwp82TKA9NE2HJUJcecXq7RrkN28PdtrxY8VAI8RU8h2rx5dLydLNuM1TjW +SdyuqlY2yVW/GgcgAQB0 -----END CERTIFICATE----- diff --git a/testdata/certs/ec-p384.key b/testdata/certs/ec-p384.key index 7f096fa..2f3d474 100644 --- a/testdata/certs/ec-p384.key +++ b/testdata/certs/ec-p384.key @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDD8yZlJX3Py7yF9dV3+ -j4GDBB3R7CKmWz2LL2KpPV2saBV6JHbN4589VNgy5Etj5GChZANiAAQjLzjL6OOn -aCNKlTfpKP/EnrcRNBGo6b8WWiIEjlZwBiNFB7uilLadvdJnUbP1jqDW6vYjvcj9 -TWmH1xI+XkmwL3GtNAdT2AyrhizPD9GXQmrVgScLhsHqDIsWWh1brcg= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCL3pJLgE7Sbv920LJE +Ln36W0lgQKzBnJwEIa7yNufTIfZPKd2HEIjcxS3P2kmWYVKhZANiAAQIFzz1A7Do +vKslsfHu9HJsRlOS5U01P2E/ihUTuYIR7z04hfQV9Xx0l1ApQ519TN3o34MY8TbZ +LhwMkz1fV7NBFzQWMgowmXk5MH1TpD2K1MnfEGbt3DM4epo7YkAzFZE= -----END PRIVATE KEY----- diff --git a/testdata/certs/ec-p384.pem b/testdata/certs/ec-p384.pem index 067231f..970f4d7 100644 --- a/testdata/certs/ec-p384.pem +++ b/testdata/certs/ec-p384.pem @@ -2,18 +2,18 @@ MIIDJzCCAg+gAwIBAgICIAEwDQYJKoZIhvcNAQEMBQAwgYQxCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMREw DwYDVQQKDAhUZXN0IFBLSTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5 -MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0EwIBcNMjYwMjA0MDYzMjE3WhgPMjEwMTAy -MDQwNjMyMTdaMEAxCzAJBgNVBAYTAkpQMRUwEwYDVQQKDAxFQyBQMzg0IFRlc3Qx +MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0EwIBcNMjYwMjI0MjIxNzExWhgPMjEwMTAy +MjQyMjE3MTFaMEAxCzAJBgNVBAYTAkpQMRUwEwYDVQQKDAxFQyBQMzg0IFRlc3Qx GjAYBgNVBAMMEWVjMzg0LmV4YW1wbGUuY29tMHYwEAYHKoZIzj0CAQYFK4EEACID -YgAEIy84y+jjp2gjSpU36Sj/xJ63ETQRqOm/FloiBI5WcAYjRQe7opS2nb3SZ1Gz -9Y6g1ur2I73I/U1ph9cSPl5JsC9xrTQHU9gMq4Yszw/Rl0Jq1YEnC4bB6gyLFlod -W63Io4GRMIGOMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG -CCsGAQUFBwMBMB0GA1UdDgQWBBQEjzo2H9UASOnQWqllRw1z1uydkzAcBgNVHREE -FTATghFlYzM4NC5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBRQDvwrhLSrUG8z7eVS -wQBjDIQJ8zANBgkqhkiG9w0BAQwFAAOCAQEAQ8Bqws2iQ2zs5qkFpTGRuZbdJQq9 -gBq33PtrPDgMA14+h9qQp5vOZfHHvvOZoDK36QTcbKZbaM5qzgZaVJHuXRSi3sI4 -KWVi4YIlzKdTsZDgjDOF/GRHAFAHpaNKiTAS0PDv7PXdA4MEO9Lev78LN0F43lrw -qeq89PwEt0bn01+izB92IM0JTa/iBwrdI4TZpjKaRiIatuMqITDGuMZe6tVjDd5N -lnDIdP+Vb9NdtFfF0RIEKZlvOksIoNh21ufS0hd9RisZSaWAGz6SUvggW/Co50+e -cN2VrfaXfJGuChVC+ypq3WBXLvwEZHM/8s6uJh7fotJtk+6cm1CI4oYxMQ== +YgAECBc89QOw6LyrJbHx7vRybEZTkuVNNT9hP4oVE7mCEe89OIX0FfV8dJdQKUOd +fUzd6N+DGPE22S4cDJM9X1ezQRc0FjIKMJl5OTB9U6Q9itTJ3xBm7dwzOHqaO2JA +MxWRo4GRMIGOMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG +CCsGAQUFBwMBMB0GA1UdDgQWBBTb3lSbeMMC295mrD6HaSgIC5QLmjAcBgNVHREE +FTATghFlYzM4NC5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTdQm5q6Q9IpRVQV++4 +bUa/r2VQ7DANBgkqhkiG9w0BAQwFAAOCAQEAXFvr7eRB+UmrdQQ3bbLrAdgs82Tf +ixE7Z6ev3s+oib1iIOlt3JLr3b3lIPr1/ulsPK726byrNtOEK7yeNGtRCwec2pHo +HVy1hWFpwf4Ky8BSQVt3t2PRR7cTKK0AHoNXNdm3hb9JF6pJnLppTckvNXNMF7UL +576nBqopUQVvHdX6fpZZR8i5CPSPypz222OsBbX2YWPlE6QShlYsTyEWDYboA9It +BkksMqs+w8vCTqZxOu7CD6ZjLm0Km9yf9CxaWZr1pNCbcgIwceaex7J6NrPfKS6T +WkIiEgefyog6Aq2kgD/nGKZSIgY94WyOIDMQDC4yu3WtGZUGahSWNoP4Mg== -----END CERTIFICATE----- diff --git a/testdata/certs/ed25519.key b/testdata/certs/ed25519.key index a05afc4..bb970bc 100644 --- a/testdata/certs/ed25519.key +++ b/testdata/certs/ed25519.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEICVL/sp21ZO8cNsBtqxPaPly+UzQdvVYJqdTH06yEhxQ +MC4CAQAwBQYDK2VwBCIEIGhDoEfXv09x30GBNE4sO7h7fdpuxIFcn8l9V5Ui9bIW -----END PRIVATE KEY----- diff --git a/testdata/certs/ed25519.pem b/testdata/certs/ed25519.pem index cc18a2a..0193f6d 100644 --- a/testdata/certs/ed25519.pem +++ b/testdata/certs/ed25519.pem @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- MIIBjjCCAUCgAwIBAgICMAAwBQYDK2VwMEAxCzAJBgNVBAYTAkNIMRMwEQYDVQQK DApFZERTQSBUZXN0MRwwGgYDVQQDDBNlZDI1NTE5LmV4YW1wbGUuY29tMCAXDTI2 -MDIwNDA2MzIxN1oYDzIxMDEwMjA0MDYzMjE3WjBAMQswCQYDVQQGEwJDSDETMBEG +MDIyNDIyMTcxMVoYDzIxMDEwMjI0MjIxNzExWjBAMQswCQYDVQQGEwJDSDETMBEG A1UECgwKRWREU0EgVGVzdDEcMBoGA1UEAwwTZWQyNTUxOS5leGFtcGxlLmNvbTAq -MAUGAytlcAMhAHjwyvriAzTmW2zBX6/I+IShKS+3Jy/TFBEQfA3KdXlJo1wwWjAJ -BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUSRxYnH0YaMULF+Dy -JHQVOmsfU+IwHgYDVR0RBBcwFYITZWQyNTUxOS5leGFtcGxlLmNvbTAFBgMrZXAD -QQB2jWgdLZUkh+U9zbHl3HjUstYX807LGU/8FGfx713vBUvBNrcsrUos2qVhqwnS -7mJ6eEkvsPeMSmmf8dMfrA0P +MAUGAytlcAMhACy3Pe+6JvUtHl2jLMpA/vON7AwVOFa5OHs0D9aLTB30o1wwWjAJ +BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUtElCmJ+vWt2KxCyt +cS9nTUvf+0UwHgYDVR0RBBcwFYITZWQyNTUxOS5leGFtcGxlLmNvbTAFBgMrZXAD +QQDT4DV9gcoM4ygwExpMOGUdhWLKIjf+mpxyxweg8XNJvRst7Pg+HsbiKzi1aFLB +aUf6i/pkQZmaVcpwHiEfCu8A -----END CERTIFICATE----- diff --git a/testdata/certs/expired.key b/testdata/certs/expired.key index a1259e8..c830bb5 100644 --- a/testdata/certs/expired.key +++ b/testdata/certs/expired.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCrMqhTSgTPLhvK -VNcWz+MMHvGNdHFC9a80mj/Cz0NJDhSI+OVl1ta6ub3Br+tkKBwccQ/tcxPXOhwr -7StpiSa8/XhG+X78ThEut2eIxuO2q37hgOZaNQvJO7jj3ES6ZzVv+v84twt98txF -mUoWDK+qiNCxmfCiEbeKsQo6S9mdLI6sAGFu+YPriIVGlfc5C43Z48V4Q99/9VtM -4EMC/6B9P+AJ5sLXmSgDpOOaccfvBVsg08j4mDlQAVcZgriKABAlRsq1UWoJ85K4 -PKJeEBoTomt7VNrcgW+R0oWV/GGg9xMNQlaTsuLIXFWCPA0yYdSkbFXS6JoEamxN -H4MSqRbxAgMBAAECggEACL5PrxOwY8powr0ktqmlLWj/kJtm7qYKLc2tvivRHANb -LiGtsAIe0y69HI35Biz8Po5rSbor91aK7Zb+NbSHZQ76KRnN9mHTg9P76clKncY4 -qf8bN9xn5TFAWjbVaPW9DdW/JvmsqkddU5qmfrJk+F8zbv0I0QyTMXY+qpQih/t5 -byU6K/o5wDFYnHc5TLtbe1TmP8Ysdda03PAOVZGzAD40PLQhQtzE5FwbYFv63BiV -/YrhQnKeBlpKOTPju7FHxar1y1plF7zE52YYVFPPgIVj6ATNn66PaTQ58gW9bgfz -mJNZbaGk9oQ4SKs+TrJwGeoz9KhGeOcAp+ogFjTp1wKBgQDi22WdLNzDv1rpxgg1 -ecB/5WllXyJpSN8hsWdOASmz/EFKY0n4BMV+A4tCIBNjYBXPbPBxD7Jb1hwOVkPI -Afeo9FatgT+xek+amvvk5gycfZYHlCQzz9Iu0mo+MUTpPw32HtdS67lDgoE/pkol -bE0BHsweHHewsNdouOM0cENIVwKBgQDBMM8qIn50/L4xVWn8413Kxa3IJjFEtrX0 -Ty+OsUPD1YRFzvfPoo4skHDnbtaYAtQgj8JdAGFbxtRzr6ZOHG8V8jAahI3lpWFV -REhm02yldmhSct9M/4+mdYFqWb/+hcSNMVCyICQxkx8SdNuJGzRoHH2OqbBUbcuC -ItGWudEt9wKBgQCaL6IFzNsTVDi3UPh9WA4FH2ieFKXvxy6Y2Nmsw8+TXC0IISnC -H4QXXNNGk0R6M3E/dPyK668/CewxtmIFS4kHVWKgNIuU1dvK6fGwpscFibnx1rcw -W9ywJCU/tf7vRQL5OAcDfeGCR+4O07frbYt86nCzOogDGH6f16HdHzwrqwKBgQDA -albLxpNg/aKJDGOGBwcRwRW3NaL4p2pOrNfXLWMrF+yogt17JpKofCyXtWNy/847 -qDOT4Z8Wg9BycM4ZGmTh3NhgcQnLYo6xGFNsZsPdgTOiettBm4B98Kc3P7DkVmNP -pYCUCUNDRR87iLxnsHrf/xBnGUeQr9J0CS3rC6P2PQKBgFZvoZ2KnF7eon5Rt5Fh -yo9ltasOXrG1OQUgfr8ZldJYOgb6D4V7jtlxby6pgIJTd9hBmVSDFlU7p+VFCxSW -WTI0XLK83IkhFr8UZv0o/JSRhcMb1TAM5hO3sLWZ6ISTQUnPO3dlckoid1LCYsKC -2avz6Yt6FUp/CNpwx37ilGoP +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFATOHha8CeqwL +zR9ujpvRLsfTdmjzWNCqw5bQkFAllv+aH6WT/6PK0jC9D9XrlYa6sF3eUevlHDE5 +lKMQFXn7hTyY/+DomBR5hKGuleMi1q3TpmSzeHTk2Nx/h1a3RG42AiCTGSvK+7H5 +YAqsMGMlTFmk56rUts5JL0Zv98BwtqoXjjHkroMJJBuPNaELqD5ItTZOd/r2UXAt +mbcManvL6HwCi5J6kunbVxDXkDsS7kgyQvMBdmsOuHjfb6oq/0zat/CZRKVUgkJK +jUnmaKO9/lcFZKV/MXWYeHlsfY/CuH8sjWMJRx/hJj1w5tsSPU1tIcE5/6nHVWNi +HR+wszyZAgMBAAECggEAMc548aVptq2++4jTjob9e+hg2uSP6h4lO1cRtQ8XRDml +y5h+qykxhuCXM+ViBxqZom9efAuoIRd8lnsusq1LVry7sk7W1NdGLebLXbFFaJRw +BBeIVBt7KjRtosxbrx/c4UiuZaIygTIbL9oJOLlPB6oC6/8qIHdLNhN+smYnwBbs +OZU76CoYJBHT4/3YZdu/lqYLOZz+Q649I0TVZlJL2JFKFlOgCh7m0z93iS8V6j6g +8+sc6qf+euC9qXzpaIkbeblGOO8U/y7DcyRmr1lBWLcYQ7xPOffTSg+4KsLfMWYj +FI0G9iKXsA98Uj4yaJybUwP4CGR4Jm//mlIUFRKOBQKBgQD6E4XIzsfzBh4HxPJK +bIn1inwGJHTU2sEnKYWZRHocn9/KYnn2VUsUl2MmLZgVjVkiLJJ0eayzmXn245Sx +AgjXnVKMM+GSQa7qD70w77jCdr0mTOhK8ap7qv6OOX4D2ACHv7zCAusEcnc+Yu4n +xFYgsc7KJwjL4peNsp7ovLP8awKBgQDJq9l6ySRv7xfQrP0EViiZJDvJKSDUy+iG +q9NWW8ZAQfDT/kJ9YzUPvlEKV8szDScXXd1Zh6ptW/K+0xKQ4J2GRNja2iRcoSTp +6hIW5alVa6Y4we7ABxdfgFFrWqDV39oO9geQLmYnGlYecFZKKpU16koIspN7AvHu +7UD2Zf8sCwKBgQC/XM0VWta660VzoIvf06rGUFCTyrX0Y+lGdImdPT9MRDLWBgFa +NO6dNTNT9bPZWi6I7h6sLqevT5R7Dq+ru+jURbjzPIgyiTy2M5EMr4RsmrwnYNao +8sEInVLptqjtfA770gc5V05MOuNww/eGSsG1hxq8qp4alqxua+8aHbyFPQKBgEW3 +ovdPkckgXptFMjLNljtay1A/Z5oo47mqrOSt1VthcF/ZBiNSqIVIxbtNnnGHmnv5 +dwv8Wm5z2vcdAM4U2GASbOU7hFaBXsF+qcJAoslk7ZGxeVfpG6toML1sFy3YtQl3 +BCZT4/ygniTnsOzyy6JX3EAle9aKrhhq7IpBuHUBAoGBAN0dsKBBb8gVj7iELOFt +2S45SAsPu9oRyXEdFMtjv7DUZ8D2acxeX8Im/xdCeNjMs7CJA9kHXndaE7GE1yzD +31ZUTIXWuhMwDGE6GJKduFG0BXdEo+a8D9XDjcCduxMtlrTRd6aGArvck6Gwlvmo +WGJLGyi9+3I432pz/O+5Xv42 -----END PRIVATE KEY----- diff --git a/testdata/certs/expired.pem b/testdata/certs/expired.pem index 081c25c..67fcb74 100644 --- a/testdata/certs/expired.pem +++ b/testdata/certs/expired.pem @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- MIIDKTCCAhGgAwIBAgICUAAwDQYJKoZIhvcNAQELBQAwLTEVMBMGA1UEAwwMRXhw -aXJlZCBUZXN0MRQwEgYDVQQKDAtFeHBpcmVkIE9yZzAeFw0yNjAyMDQwNjMyMTda -Fw0yNjAyMDUwNjMyMTdaMC0xFTATBgNVBAMMDEV4cGlyZWQgVGVzdDEUMBIGA1UE -CgwLRXhwaXJlZCBPcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr -MqhTSgTPLhvKVNcWz+MMHvGNdHFC9a80mj/Cz0NJDhSI+OVl1ta6ub3Br+tkKBwc -cQ/tcxPXOhwr7StpiSa8/XhG+X78ThEut2eIxuO2q37hgOZaNQvJO7jj3ES6ZzVv -+v84twt98txFmUoWDK+qiNCxmfCiEbeKsQo6S9mdLI6sAGFu+YPriIVGlfc5C43Z -48V4Q99/9VtM4EMC/6B9P+AJ5sLXmSgDpOOaccfvBVsg08j4mDlQAVcZgriKABAl -Rsq1UWoJ85K4PKJeEBoTomt7VNrcgW+R0oWV/GGg9xMNQlaTsuLIXFWCPA0yYdSk -bFXS6JoEamxNH4MSqRbxAgMBAAGjUzBRMB0GA1UdDgQWBBQHGq0T6vfLJRdeNYtc -NR2WKQ7+LDAfBgNVHSMEGDAWgBQHGq0T6vfLJRdeNYtcNR2WKQ7+LDAPBgNVHRMB -Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAxqyAT1qFBdE+rDHaAUsy9Vuao -BXlXTfuBw+YykV9cIViQqxF4uUDxS2LtFGE5/jXdgQ0Zs/0B8EaBC2LdqqTz1nae -zgZ7bGmIaHS5NJPLxzv5mef+BNe0ppRtBwHoaHLsCfg8OhOooBolTxppFRfUOyV3 -anRv8HXY651raKmVHcFUuNWj3l89HxwajoEmcQ/LJ5jOry2AG2atSzJoLd6cRdZl -ZXBrx4gybGzx81e3ljwKy/bffBTSQ8lEBYLwqDmPIMpLAQBbzDMO959ShbIcnyco -UpIqrnOJVMSiLmTp7YVjyX8wPywPj1oXPp+9xbWTfQXM8xPhdeXv03seDAqC +aXJlZCBUZXN0MRQwEgYDVQQKDAtFeHBpcmVkIE9yZzAeFw0yNjAyMjQyMjE3MTJa +Fw0yNjAyMjUyMjE3MTJaMC0xFTATBgNVBAMMDEV4cGlyZWQgVGVzdDEUMBIGA1UE +CgwLRXhwaXJlZCBPcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF +ATOHha8CeqwLzR9ujpvRLsfTdmjzWNCqw5bQkFAllv+aH6WT/6PK0jC9D9XrlYa6 +sF3eUevlHDE5lKMQFXn7hTyY/+DomBR5hKGuleMi1q3TpmSzeHTk2Nx/h1a3RG42 +AiCTGSvK+7H5YAqsMGMlTFmk56rUts5JL0Zv98BwtqoXjjHkroMJJBuPNaELqD5I +tTZOd/r2UXAtmbcManvL6HwCi5J6kunbVxDXkDsS7kgyQvMBdmsOuHjfb6oq/0za +t/CZRKVUgkJKjUnmaKO9/lcFZKV/MXWYeHlsfY/CuH8sjWMJRx/hJj1w5tsSPU1t +IcE5/6nHVWNiHR+wszyZAgMBAAGjUzBRMB0GA1UdDgQWBBTzGZ+xFuD51TGaCMN5 +Xh9eaGOxtjAfBgNVHSMEGDAWgBTzGZ+xFuD51TGaCMN5Xh9eaGOxtjAPBgNVHRMB +Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAPhWLCWn/0wyonHL1opS5gJeuW +M8dHvYEp921cQbx0paEeobCekC9dlCah8Yp4GYIF6nk3gYKYH24W/ROUr/6kV7NE +jCtELn8ShWl5lP2kOKT6TnWsDCk5REPybN2o1fdhwMbUvD8sdJzDN4+ShZqthNzW +djkyjLRrjwXjX4Ib7KmbISqFbXowWVmtrJGED1quukQqfY5SkAxifhxrLvmiVylE +QMWFMIzHIpUM02TQ2GsJBRYhrhfW/a90Mudu7vhjV5tyAQ6+Zkx5PQOrPSfbmVjf +iizypEd6oXkwxrQwXr1hRLPVxjurgW6AWY3S16NsjQQlZELkprDb0pDgP72Y -----END CERTIFICATE----- diff --git a/testdata/certs/intermediate-ca.key b/testdata/certs/intermediate-ca.key index 54fcd40..2d7f5fb 100644 --- a/testdata/certs/intermediate-ca.key +++ b/testdata/certs/intermediate-ca.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDHpBtzebKfNrRi -58a85S7x4K4vyaFd3XeOWX9pg+90DIjZxniXFRJ5jIjfNjel5WNMdOzD3OXGc9wD -Py2q6sA8Raat+48abasfKZqxAeSGFR3DltWsU4DlMB/gCzdCEs++N+Ol+7cEWlJa -afEWU3dNsT0qcs7Eo3yhWEhvBVXdnVP14322zonCB6HGwmcplzUko/W2eEiX9QJx -DveUywKlTmC4fQNdoL1O34Su0rr82zzzpCv9qchY23pr7gtHq21m4x9nhKBwQJ8l -ctKbG58Wn1rOPkThssCdzxdSvDRnFxr7UNEWz18xhK9Sfd6E/vBpmxD8eNkPYOxU -/A5DMH8PAgMBAAECggEAEpF9aiKeDffpFC/piKUqVh3nJZOz2gaguZEybA505Y7K -5bJzgd3YX4zGKDijOV9Z+oD/ioIPrwMUqgqkxTpbUd/KjnEQ0Mz1dwsIE8GQzzXE -lG4BhqsnmGl+9XgllhQo1VDecBA26AU8lqM25LQzqvq6rSmLeLeZ/mm3JvhQkbGH -z8qmfzPx29YBFxCEGayiAOhCkaSJBf33nYN8bQL+Y89lgSDartVI2oWfEGAhRCiP -psB1KfN1p5Mx49SrlVdBAP5nMhGNV0OJJbJUm/MzMG3U8XmXErUarSRbCGuJ9GNh -JlD1o7nHL2tnEtqkg8JUfLeQ/uLhfNB3BMBxGeL5BQKBgQDl+FPJHeGw9oPx3E2N -ZGPGRwimkLGPNO92+cTnPKCnzfD/WHUgl71wdfDEOAXSdp6YReW8oSneabdxe3c+ -5KK6WOz6LKC427Jif4e9v1fqozpkztdy1Y7SuhT548/ZnojMw1sKc1cMU3O8E2FC -9ZTCv7geFQnCl6MSQn6kDArzzQKBgQDePPWPWeNqaXRRpePS8Ad+2CLGfVEva+z4 -qX5wKdLl0lAd4grKqH2SnVE2hWhb0XvhKfhP4zQlBi7fNokXmutexlZluC50iLJB -DFTyMrrRAQ2sTIepO9JlBzFyDE74vd/Si/OtiW9Bfi4+hHvStT2bokhYNKceYE8B -LzfkoFlaSwKBgQDJ9D8YIj692m7a6l3MqnmYeW8WX4Eewxz8fbG2ZB6t3oQiqbsK -aVc6uMg8ePpb7kGudcuf0GRlZq9rYELDH6PsRAWwWZq3XHAWYeqB7tQ1QS0ZtC+u -L+8iDbo4DSDN+pQmRfTgg5PRRkQfyWEjnWkLcbQt7snIcsQJWA3A4LaJjQKBgQCW -/vQZIgnSEzRlBUF14IA3PsLh+eNfRQUNLpwpuUEBxZOJujt61l/7bcfwM1RkjkCN -C+ca4FRdk4XlQziCQVAKZNfu5OUraHU0nRxaMv2bZAvWNWk3It4gpnKB+rrtZpTc -iRpXnjlpVkI1V+6Ji3sAc5KT27JwgR8svthLDmenYQKBgQC4dUYGgAnlfaI8ByAX -yjy2z4X4Agdm8GDI2ryY599rWJN3zcLB1a/wkjLjJr9+HpZ0AWkFBobRbZ/kCyK9 -of/6ys43ahhcwYaOTmb8YCL2nF8b05YNCO+yJsHXfoeeC1x3USNA8eiLUxocoeXN -JCRqqcR0P9Byxl39A+pRqyewOA== +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCv5iz7a+2pgWbQ +MP1d1Z4027buhB9RLuuXdlM9Fgm+61yhkHe76gsT31HYB5sEQDc+5IApCSJb+KOG +PenIESMNf17EGHk7VAd/vbfMJigWNZsV4xRAOX3wmSEPifgSSLB3TGY2jo8h81F+ +CIbqpqEEmdOjOx1QiCxSz0qa5WtgLJCVQPuRt+udWudzBO7Ll3Zq70UxaDrjtzdg +qzg1V3WH109X3JXWhHP63swQyjTaFwAEGc8MEtDV7ETx/o5VYf7CFvxTrE3bnp0P +hybA0FOrnRXV2LpLDIP4brbeI1d0XDbWZ6AwH/vWwROx6vLV1+jn+Ue2+lJNSexe +IIh3Kig7AgMBAAECggEATPQOxtnzaj5d/AQKvIQJyEc9U0EDMHGuCR/vj6B2GAwB +BP/emhvsx79iH3hIVcZARSgTd6By4zi2VbL9dZUluDB6haDNXOrIsxaNc+dXj0vZ +cuxa/jQIyHs9rv4lxN3/Mdn/N6wLq4c3JkPVvo+yjwA7SkTA8Ov6NCpTEcv/u11Z +9rNBTw8/qni1gYCc5amZF2wH0Hcx8/yB4MJSMrS+jJR51kzaTfhbQKUvI5ZQLssM +Pf4EfIfFIg/SWoNMNQ+zfqGqy/mtrIJhkybU9p8f9B7EIcNHkKl2TpaPHMT7l7z1 +KhAmVgZXOKSL6s+mFDIu/s7s4TqKXhVDEx7RPjNT7QKBgQDdWFrcN3s73lKU8XqW +rufsSiqn7u2NeR00DJdu9Slc9bMC22W4p95/mI67UL1IC3rptk9pf9F6A00FGL2W +8sQzshSIshDuRN0hD5z/SnHF15w8Ebo3caxBySPU9bAYO+5s0PKOH9ekDmHgXEVC +CMT21jvBtPGYyHYWCndzXV2VPQKBgQDLcFFHz2mmSepe/tPGYkNKNQIj2fIwa+ob +/wHO+5J+JmznSRh8hXqLrmmxW5NxXKwxuT//Q7BtzWULNffkRSOV0UwWaN12Zm22 +3Kx+7JSYLusKPET2173nPsWLI+Im4z5vv0rliNPn1+jxhtJUrikQlndwsZZDEt+a +lxdYMOo61wKBgQDE63NCUfXICH3N1pvqbMcWl9ElQFKFN4f8o2siIuhetJRC6W+w +/V/cgpwRF76d1uDOBgzWXgm+FCu0ahNZtLdLCpZsGocng4p7fEl/cfqQOcbcRiU2 +aGII0OqY7s9wb/kpRCdWvAt7//OhyFUxb13UADp/lfwOoeE0sLEeqKS2PQKBgQCp +QjN96YVfAtRqYN3Vil+t19iF94jW3JIU5N+eVBSXvGSTMW+b+nnwyRXKqAROJupl +HFmwiaK6WE8fOrGaTCPFPDNv2aOYJLRXldY2a6Nd0ntfMrG2Jd0sDj/Q+fPootyJ +oMAxpNuZYzu954wLRDOKR4XsTvRTrdo4Bkk36MqYVQKBgATR3+pTKwRoPdsR+eab +9NG4p59eDKqyfCDmSqaqeIyQu69/5V0EI2fF9gc6ZnSrGimOoaZ73pszYkKjD79F +RtfimhLyUaNLwYQYgX4/4L8XMW2np8oaRGZARtgunHFLslHerA8EgcDKEMgElgOQ +uHEjoTco8Er3nG5ItxwGqCwP -----END PRIVATE KEY----- diff --git a/testdata/certs/intermediate-ca.pem b/testdata/certs/intermediate-ca.pem index 0125952..450746f 100644 --- a/testdata/certs/intermediate-ca.pem +++ b/testdata/certs/intermediate-ca.pem @@ -2,22 +2,22 @@ MIID3TCCAsWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xETAP BgNVBAoMCFRlc3QgUEtJMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkx -FTATBgNVBAMMDFRlc3QgUm9vdCBDQTAgFw0yNjAyMDQwNjMyMTZaGA8yMTAxMDIw -NDA2MzIxNlowdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP +FTATBgNVBAMMDFRlc3QgUm9vdCBDQTAgFw0yNjAyMjQyMjE3MTBaGA8yMTAxMDIy +NDIyMTcxMFowdTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP BgNVBAoMCFRlc3QgUEtJMR8wHQYDVQQLDBZJbnRlcm1lZGlhdGUgQXV0aG9yaXR5 MR0wGwYDVQQDDBRUZXN0IEludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMekG3N5sp82tGLnxrzlLvHgri/JoV3dd45Zf2mD73QM -iNnGeJcVEnmMiN82N6XlY0x07MPc5cZz3AM/LarqwDxFpq37jxptqx8pmrEB5IYV -HcOW1axTgOUwH+ALN0ISz74346X7twRaUlpp8RZTd02xPSpyzsSjfKFYSG8FVd2d -U/XjfbbOicIHocbCZymXNSSj9bZ4SJf1AnEO95TLAqVOYLh9A12gvU7fhK7Suvzb -PPOkK/2pyFjbemvuC0erbWbjH2eEoHBAnyVy0psbnxafWs4+ROGywJ3PF1K8NGcX -GvtQ0RbPXzGEr1J93oT+8GmbEPx42Q9g7FT8DkMwfw8CAwEAAaNmMGQwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFFOSe9Z7WIDn -rpZw6ZXoXM24UoqZMB8GA1UdIwQYMBaAFFAO/CuEtKtQbzPt5VLBAGMMhAnzMA0G -CSqGSIb3DQEBCwUAA4IBAQADXG+fCKZsq4Ou2ls6F8/UXJimZQo5L3zE7a+8O5Y9 -eMLWZRhk9sVFs3CWC5OJLzUWdQ0t8ASIsicMKfPikOxlJukQLYunDBovY1iOxmeD -kaX9sOJlWzZejh+n4zcBdhhc1ga9X/XMJ1AN+7lvNpgiS+rnV8HZ7XuhMlpXmLKP -A1z3CJ9ml40gwe6lYhmHQTty9i929d7qS1SP/VzE+hASHAfZmafxSMNwzE80qD1v -KgEqjarNQj15ag9jy4MPaqADncUkh5vH3lbhXU9aPQZlmMOEpb1bZCScAFARQAPu -lYe97becMTtInu2HWQ2OUtDi6SxDbdfdZSYygTkDWfT2 +BQADggEPADCCAQoCggEBAK/mLPtr7amBZtAw/V3VnjTbtu6EH1Eu65d2Uz0WCb7r +XKGQd7vqCxPfUdgHmwRANz7kgCkJIlv4o4Y96cgRIw1/XsQYeTtUB3+9t8wmKBY1 +mxXjFEA5ffCZIQ+J+BJIsHdMZjaOjyHzUX4IhuqmoQSZ06M7HVCILFLPSprla2As +kJVA+5G3651a53ME7suXdmrvRTFoOuO3N2CrODVXdYfXT1fcldaEc/rezBDKNNoX +AAQZzwwS0NXsRPH+jlVh/sIW/FOsTduenQ+HJsDQU6udFdXYuksMg/hutt4jV3Rc +NtZnoDAf+9bBE7Hq8tXX6Of5R7b6Uk1J7F4giHcqKDsCAwEAAaNmMGQwEgYDVR0T +AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHw3mtvs/qsw +eREy9eOiZPtctd4YMB8GA1UdIwQYMBaAFN1CbmrpD0ilFVBX77htRr+vZVDsMA0G +CSqGSIb3DQEBCwUAA4IBAQBLl++Ej06McMuWUSiKhitGZcVedLBqCnD3FkFCrgvi +qYdRpL4sTeDJXriPY2PTybEib6d4D/zSOVBZtgb/PFTA/ctiafIytM5RNWMas8hv +qzw9iJ85LkVAC9MwTNyrrTJTOQELnG/siImJsMw9u3uO7byEKHTnuBnWbKtQF4yQ +oFZTZHLZChh4i7rCugGTG0QJ+C4n6Bs1+gt9AuySUvQPavp7y1w9Cz18srATd3HQ +v1Xn831IK/YCS+bGmfbFfjrmhBEXXVrIU/dpwz9D4g/K2K0LMvyVb4A4bDep5ZgO +tm2tiWyx3YggiwaOAimrWXx4YVUlnGwp1kwnwWcQjj56 -----END CERTIFICATE----- diff --git a/testdata/certs/many-extensions.key b/testdata/certs/many-extensions.key index dd4d55d..f89df27 100644 --- a/testdata/certs/many-extensions.key +++ b/testdata/certs/many-extensions.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCciNuvihm8T2FT -iCv48XPrvZ8+vui+OlGhwe2hPO3v97cspeGAP4s0m0e5Gzs/MWqdWtF30IyiAuSY -geAdSjb7bwzCQ6hfdwSrLG3glb5c8gAtDmMC3pZLR8NrE/vLSM77jbh8YMjzo8UB -7bG0Vbi7SHF2eO2JsJJEBOnEMmJG98mm8Xt9tO//yq0wLkrbbFveWPbqHDZP2g95 -9mafliRwqhpjx52GLPTCtmnO4r5f8Jr8bddafFZ+sPA+TTVMkXaPrDn5Tn/F/Zlr -JXxdcYSC6yVErfQbVpj8f2+vJ0iE9vEDv6ItjzYW7d6GnOYLloB+ifUU2qlD0rDf -CVDo4hrbAgMBAAECggEAJFOab/VjnZDqbEE4uzAFj9rUnvIc/zB3i0t/AyEpsrvR -FZp1Z5bXjmDO10VbjYHBVT0jSWPrjxmOxVm2kfWMJvORiW+8HlN3kOXhpfH6WIWM -xugE0ECprlS8JBhiIb4G0tgDzVGEsQ37hUQNLmWKVmQseKr9rSt99i0RtwdeSUuQ -5LMGPO/r2hZ0xwRqwQ/a0iT7ZbwmfLyLrCb9FeGIWinKlgfVNqACD9aNZI301HuV -CoN1SoQBeKrReLfEJIpLPYSUOlumpgdnHQoB51m4EmkBO91KhpiHEm7mMvZQeRXl -SG6HgTRYVwqHUNgtGwAXs7peoL5+52pOBLcfNAzgcQKBgQDKOQy8QradmCixjaAG -slswXDeiL8CADubl14Px1Ti6Y5O4XJZF+QLhAZDDne9YtdtMBLuzjkjwKn/XIjfB -b9HYgAIbOTo1pyfSGQW7uP2hxqFI3EtUi6J/4QmXfMpVymW2q++aUCh2N5A941/N -zm3zyCNF/pC+CtCWWyHDYMTYOQKBgQDGKXBJVrrpqIP06Ta55KaofKm/D7RuLi50 -k4oeQjdWBqe3QJEDA0FConOlOuA4Bmrbf1rAKy32kahrNTXOaf8YWY+HlPlkRCJc -yGJ1kKXJLqDBJFL2fAJOR9jfylTyEMrJoSdF1BQyDiT7ONFNcTvT1NDJqcDGyFjh -/hp8/+hDswKBgEjdMYeMCjzSnKcNPsHq9gyAzdL0ncoGlI/wjaxPhbczNgDR65ue -07i7VawGdj1imXfUpMVX2VQgHBwqSii638PArAGfJyg56JE9TuGLEGiAJ5EXP1Vh -UtX9AfXBky5CVU/yt8zEYS/naWPDT7vaS6fxTzRjO0geoXXrtEivz32RAoGATkR9 -uinMZ4+MlwYp/GBIRxH+BZ3RWRdad+byTaM/sfWs9p9E51i4xPXfEWrgtqAqQonZ -sT8cx1+eksGQf/ezrs1o+Fcp7aVPoS/wW5kHMh/9lGuhbQNr8blE+pcy1+0z+1Fw -bo8mbuLRTnyRhrHrvG45DP3ES39EQ/aWRbrZ5SsCgYEAi3s7p+dfJE/fJmn/ogLe -CmosyXYqCykYq86kFRWwZ9zNyPexVA48MViagbhnB2Q8u6EgT85+9i7aGGexFND/ -/GjZMgrXm3H8pCLJZOjqPxtDo+b+ki83XBWfSLJFal0ezLsBETcdboz/Y1DDAMh8 -l7LmJsC6a5VWJYVjrvvs5qo= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCdfEyS+TMtmmb1 +rhA/Oq23UATCe6ikNn4cNIOtVeTS2mhdbBA1jvT9D/rHeeu2fjp75fLIwygEUE2Q +nwXNGCV1Zp67llWjtfiqckkQ2/my1PoWWH050QGX1XS4IWgTrKTUcr0aZK9zaezT +ByXAqVCs6o2jWKI38ucT2YL3xAdA21LSrtccU8mNghp1EGQDfdNJyieUhWio2qAD +Uv7cFO/cw3PujH1RsOt6sEfbzoBMaBCYKg8UFyITrdXlx/CXul4MX1QX4xU/9BUB +tA4DHLQC07qtDDdetnXWW2s+WtbH0pkkA6MQvXNo1BCYcpQdCAp2W7lqumsXBKSh +pc193jEHAgMBAAECggEAAmYZHqi3XUU+MZBDh17e3SCI9i9qdNBIt8G08M1F6stB +PI0jfxvAhpG4KZo0rpDC5X6E1rTx0OtTLbIlICLj4ZPwH8sA47QnOZuAuSJRnBGt +WCqhpx7wjJKUaKlcAXaiNpe9EL15W5F5D8rfLcM8O9rYS20WGMHfh7kNeTC3rElZ +UCmSLPsYx9g0e18Q8WH6I7ToyZorqiki2lyhtEvlxsf0T/75R0lVOZe7erdg0biT +cJtipySxqNutTE1xpospuvKtUXaDR9G7/Kbv21IjNsuaQlcCXSL5oSwqvJyS8fSJ +6+eNDELe5N3KLG60II1hhNFLnCffJA2iawSw2yncfQKBgQDRQnWVrU8r/P3o9H6d +DKu4VZ+BG5vn54uzPsvDnRbtMtDSydFVWKzp0zheG187wJ9V0LAQjyiMhXX9Wcqx +F+/LKVRBxY21BxmKT25exJu0k82VGOQiaRI5nXH236aKClpvxhfoAianuBE8Kv/g +C3psALmkr53F/Pm5waqIh5BsXQKBgQDAqWFFnvcTIm7N2SDlbCumjpdUG+zbAYMP +4C1Vz9KDiJdy+GKCXWVi7DuK5SiKgThCAfcnx3uuHrdaF+VBt9OSTKQLl6x5cBqQ +hrylzrhwCTH5kRpLXEwX1KRxSF7FSblUnkZ+fISEdKI6+YULZlpObuu9m6/CPOZo +KoiFeaVcswKBgHm4Z78lrVzP7z3XIeLmYOh7XalyztApHlioGUxyjshwe4lw/UPg +rcvhIfOThmSyWbxIBHHNY+/BHe29kipK2x/YrXsIl7IKLDAInhGf2VZDdxzX+rON +XJ2I2KaaVzwKY6qKlpNM1QFQDy5pcKb45j/2eAW0ZViqGvSTE0gRWs+9AoGBAJpl +459w0t8RxCzRqkxSEPVM5rewHXQx1P/fD1Xq0/E3gO/RYNjK0lqhqOIZ3hCJmDVF +7/WAJ30V/qiD5+Vv1W00YG8t4Tn8/jz+zaYvcZ3PsK4pfCIS2KRsdFCYx+Jhv9Wx +dhsd3PFtqymKF/ZX011yBRiR8Ru/xIKMO5aEM2KDAoGANaowQlybS+IKo5pTb5Vj +a1MD3MVgm3YPb9J39at/MmlHgdcolYxoltv8d1fBOJbICh6dSm6VMz7U1ntuwRD/ +guTU72CBj8lbOSS1o2JV9I0cVeEXzuxW+niV/DUOzjqV0nzOoPhA+YInohforGRb +c4vBJWEc6Btpe2MGafevvsc= -----END PRIVATE KEY----- diff --git a/testdata/certs/many-extensions.pem b/testdata/certs/many-extensions.pem index e455e29..1a1aec6 100644 --- a/testdata/certs/many-extensions.pem +++ b/testdata/certs/many-extensions.pem @@ -2,21 +2,21 @@ MIIF5zCCBM+gAwIBAgICYAAwDQYJKoZIhvcNAQELBQAwgYQxCzAJBgNVBAYTAlVT MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMREw DwYDVQQKDAhUZXN0IFBLSTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5 -MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0EwIBcNMjYwMjA0MDYzMjE4WhgPMjEwMTAy -MDQwNjMyMThaMIGtMQswCQYDVQQGEwJHQjEPMA0GA1UECAwGTG9uZG9uMRcwFQYD +MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0EwIBcNMjYwMjI0MjIxNzEyWhgPMjEwMTAy +MjQyMjE3MTJaMIGtMQswCQYDVQQGEwJHQjEPMA0GA1UECAwGTG9uZG9uMRcwFQYD VQQHDA5DaXR5IG9mIExvbmRvbjEbMBkGA1UECgwSRXh0ZW5zaW9uIFRlc3QgTHRk MRQwEgYDVQQLDAtFbmdpbmVlcmluZzEfMB0GA1UEAwwWZXh0ZW5zaW9ucy5leGFt cGxlLmNvbTEgMB4GCSqGSIb3DQEJARYRY2VydHNAZXhhbXBsZS5jb20wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCciNuvihm8T2FTiCv48XPrvZ8+vui+ -OlGhwe2hPO3v97cspeGAP4s0m0e5Gzs/MWqdWtF30IyiAuSYgeAdSjb7bwzCQ6hf -dwSrLG3glb5c8gAtDmMC3pZLR8NrE/vLSM77jbh8YMjzo8UB7bG0Vbi7SHF2eO2J -sJJEBOnEMmJG98mm8Xt9tO//yq0wLkrbbFveWPbqHDZP2g959mafliRwqhpjx52G -LPTCtmnO4r5f8Jr8bddafFZ+sPA+TTVMkXaPrDn5Tn/F/ZlrJXxdcYSC6yVErfQb -Vpj8f2+vJ0iE9vEDv6ItjzYW7d6GnOYLloB+ifUU2qlD0rDfCVDo4hrbAgMBAAGj +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdfEyS+TMtmmb1rhA/Oq23UATCe6ik +Nn4cNIOtVeTS2mhdbBA1jvT9D/rHeeu2fjp75fLIwygEUE2QnwXNGCV1Zp67llWj +tfiqckkQ2/my1PoWWH050QGX1XS4IWgTrKTUcr0aZK9zaezTByXAqVCs6o2jWKI3 +8ucT2YL3xAdA21LSrtccU8mNghp1EGQDfdNJyieUhWio2qADUv7cFO/cw3PujH1R +sOt6sEfbzoBMaBCYKg8UFyITrdXlx/CXul4MX1QX4xU/9BUBtA4DHLQC07qtDDde +tnXWW2s+WtbH0pkkA6MQvXNo1BCYcpQdCAp2W7lqumsXBKShpc193jEHAgMBAAGj ggI0MIICMDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIEsDA7BgNVHSUENDAyBggr BgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgw -HQYDVR0OBBYEFCyHIyGCBIEWRxLA56+HE/VuyzUUMB8GA1UdIwQYMBaAFFAO/CuE -tKtQbzPt5VLBAGMMhAnzMIGeBgNVHREEgZYwgZOCFmV4dGVuc2lvbnMuZXhhbXBs +HQYDVR0OBBYEFKrjBKuJ9IXth7LjewArQyjT2in0MB8GA1UdIwQYMBaAFN1Cbmrp +D0ilFVBX77htRr+vZVDsMIGeBgNVHREEgZYwgZOCFmV4dGVuc2lvbnMuZXhhbXBs ZS5jb22CGCouZXh0ZW5zaW9ucy5leGFtcGxlLmNvbYIPYWx0LmV4YW1wbGUuY29t hwQKAAABhwTAqAEBhxAAAAAAAAAAAAAAAAAAAAABgRFjZXJ0c0BleGFtcGxlLmNv bYYdaHR0cHM6Ly9leGFtcGxlLmNvbS9jZXJ0LWluZm8wXwYIKwYBBQUHAQEEUzBR @@ -25,10 +25,10 @@ AoYeaHR0cDovL2NhLmV4YW1wbGUuY29tL3Jvb3QuY3J0MDAGA1UdHwQpMCcwJaAj oCGGH2h0dHA6Ly9jcmwuZXhhbXBsZS5jb20vcm9vdC5jcmwwIgYDVR0gBBswGTAI BgZngQwBAgEwDQYLKwYBBAGC3xMBAQEwPgYJYIZIAYb4QgENBDEWL1RoaXMgaXMg YSB0ZXN0IGNlcnRpZmljYXRlIHdpdGggbWFueSBleHRlbnNpb25zMA0GCSqGSIb3 -DQEBCwUAA4IBAQCfbp/pMTInxUkuAbjxMihPnwS45dayjNfkyQuy/duYf9A/MVBy -p9+IJubzxlrhKhvpRGBfe1rdGvq470x/hPKPcf05iW5xQKnDjKdC3IAby04U+bDL -3BhD+VZ7poria30gAd6b7oR58JcQn7k5BidvD9c83Z0C4z7QcyKNEp8/oBU5HNL3 -4ttvjXjrJV+BUOIdW7ME9LC63KPOpMnkt4lLnbZmgQkgohbB+zkG6+jV8UKJiU/z -RuJXgj2yPm3mBdLmIsufn53OB2HUtcIU5l7rEhqURQ+SvWZMWYLmB5KykEUAWLlR -DtGkeQToktnzESICscJTRpGT8KgRnpnKUUat +DQEBCwUAA4IBAQCEVZc549Bik7KSH/UHB7F23RksM/bgct4IJy5ZlhITDn9psOFJ +aFsJ3myJNAWgDD84pPpvus83FKx5kxu36lUvTTH3ov4hCQKCwolXjbgh/aDy5JJD +WdtSWBR5A3BaRFLYnc8JYP7B+pdGdm2mdAKvTs6RkFR9yY7Ovwt13CO5WjS+bdlA +YyLVJirKoDZxJU09qjx3vSLy2NXs3kTe8LZg7tL8fym8AYgqa1xVeY3jlV+dMo+A +xBrLSlUAqsF+Gl5vXyECdzXbyKfPhUKqR9jOb9DeQQ1W2SVZjWAQnLdUKnXYgT3T +K1Ijdt9USH+G9XHug4uFxZ/QiIt6EOdlz1O5 -----END CERTIFICATE----- diff --git a/testdata/certs/minimal.key b/testdata/certs/minimal.key index a32c345..365d091 100644 --- a/testdata/certs/minimal.key +++ b/testdata/certs/minimal.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCiC+DQ98I32v+/ -U0R3fEEIvUTDS+i/RHsNV2Hjep7cg7k2tGsHmWn6KgJJ69gtyD1cqBLRhOaIPel2 -YftQEIjX/JTv/tPAMyWQqC8Ib8lFwAXRkRaufwzP71BhnP7xvmeTStaglyGNaXf0 -5SuPprjGJGUzZ3K9m1Y065zuFCT0K+eGfmLgAXAhh13qpNDFDhCf8u+3iymm8JDY -xfv0JoS/ygDe63P+FMQJh+GztnIXJVVuyDzuLgcu3mOncwK6kUQP4/UIbCFx8KgG -ysTq7pkGZgjoEeijhmeWx+EEWDYQgtw4g7O5xF65793tTJ/K9j0WlOWMPzWQSAPr -kXU/pQDnAgMBAAECggEAAKJQsU5W3g+nKWEyvc/NFDL19TPzjC93+zfPmKuMlZQD -gjluNcdCUi5nnL637EA4wKvqilzCC9/aJCTeSZRW+5cUahtpSh9f94nupAlhpqgS -sAqEATQ2WDFd80qu94t3m2ylZXu/nW52W0Q8AGZRmehNHsiDREbxdmhnUFxOY5EK -zwL82N+DAKJwaM5lMgeBvcI5enkwFv+I+IlLieAmUq9onaIxFeNo5htc9g/aMj/4 -YfzoEGAHHQ3/6tWdyaMJcMzp8nFzkpLj2ST/29bPKikK+9zbJVF746Giqk8YRpxi -L8wRNrK6nIEOAiQaDtgJyZJTC576W2iOlKDCoeV5EQKBgQDiPPyATAr/fp2MQ4Ze -qOEL1z70Vtv23zpvq2Njh6FMSR2DLgA++VbEGc0AI8q3/UC7F35mMhdccc0kHz0Y -9iMg6lTl7f02kZYwIipOl10KfMIiEWNBA/0R4fn6ELBJyGWDfAKOfJZjxD/W/Vmv -7q9pNPoO7oV3bArcZAlyadaMGQKBgQC3XRtXPHbrtnBoJ9AlhybUdOCrhxi+gMbY -zGylhF0W0+3LhMGzTGmjt4/ikGRo2Wfkr9nU4oEAFam8NBp617ddo9mdggEV7AOe -yxuJ4juyXYGsCAuiLBmZnr7GD/3EEmb/RuBC2kJ+XSJSwep3ZvLEAyazliS6ecDN -WkQmZ5mU/wKBgA+FP41NqjN87DIDL+SukUHOsnLwwoZdKhUfHOJnG5mwKmYlcb7g -PCOX4Yhw7CdTKG2tXu6D4TZmWDxyKC7eM+q+KLTdbtGfiz4iGeTqXWeqx2au6rA7 -JdFkP1H4cx+cr9olV8eOpIKTpA2Ls+tt5HrDN6RumJlowBX+hudie2WBAoGBAKwx -0qAs1xzqmkslwFHNxwhTrj1GxFT6iEJGT21sjSMH6NNsG59ujfJCSuwgXzsbl3Zq -Me26vBxBO8HTSF6+P6O/YHiLAsv8dTXlVTo6a4dISqMsdwhX076xFkTX9Z7xDSqD -+8ysPS9/9OC03KQ+2JJ8xxZ1VI6OEiKGt2M9fTwvAoGAYVbxZDbP419yUaBqHPK2 -fq0jmkq6L81jRXBb8Qg2igysRVfq24xql1vvjSVRVBSgzrMu+KCYA1Wcx4Vtfzev -00dtLYXEkUDsi/vMZBnQUTFUMBJBrT5R3cCpReA6qBdFDlj51S0Cb5R7ODvvgkxO -O4dumQd/qo5E8TZYa+T2Fxg= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCjvjcY7fu8C60x +xGyuSVdcjWV5D8cyXHzk1/WpX7sqInxnQtwHS+N4coGicaqtTDOdXcSjC4rxQfsz +dPtsrZQnEiZ9YPDzIWZi7sMUNLJGv98zZSU5dpSVuPkjlDFRtIOimDHazbXELYJ6 +67IJI0Ub4bKxBvRmMQ6PA5qohFYdhNywcdegGs596IF7F6W4ahRa7egTF70LBQHg +e4MQFyCTTbEhu142kpOl3tFyqS8GvLg0ZaZexjfUmLg6bVcEJIiSsmH5QwmyzmNl +LhAYFE5tXCKw1pzrB1wCTK2/qrQbCMm7fi8J4yfWF+uZveIrw/zFiRJ++tqKAY5Z +bqcWFhEVAgMBAAECggEAI0hF5APHpe3YLGyYRHe+MM2w60SYlgPyz3avUwczM7GJ +n9B6y8Gw6o+12jRm4/+S8Zo2WDGRB0pB4AUZdgHy9fZFv+dnE+SDBNdQxqZSMcd/ +RzpIqpigDKD2YhG5DNN6N8tWlsCTpYlu36Cw1KI6bncUA2wttmVkrzFGHoChc6uI +VaCS7fVaMO/jYXAe9HK1g54LoIxAzENUhqYv1UM6g9jbNjclQvH1Ld2LJaVnqM8w +HCVxFA/3fZlr6Px27Wh0WY+y+BXGLQm575HnAdiRRFnm18kBp/S4uFIrg9s9omt4 +mi2rNTNmjofH13hEoha3DChm1N73JE/yTv4CNVy+IQKBgQDbgg30MtdMWjVJ0e7s +qT82H7vDEZd0kNZL3dipMiM/a1hXfKDpf7xNeuTEgc+rpX4ENQIfuGZUjj3hoYaj +/4iBjDNeaWonIUOcQ9CkWxC7rpJITZAB5j28BLwZAlF8bmoQmxTcUdryrROukJm+ +hZhIt1upDvLE2owLuyBER5fNMQKBgQC+9uH6tk6Sscn2eWisNssKyO58KAkASi0Z +89SYfOa2mSwpCElM0jBTGLxOFz6gt35V0Ij3UVexW2vu5BdGnyNS8A1kydE/jWtv +MXdC75c+uL+pUecIpEiJ4dSQwDw/nJMQ8mWLoFFzYxymjnbiaFsNXf9iU4vnsEqU +fCopbG25JQKBgD5HPfJE4nTVOz1AhMs8kaSniDwmJ5R463QG80u93+ZEbIIV6AmX +pjNNZM6kDemjQIetCnc5eD8RRFlZ3Lt26qHmx0RIIEgN1gLl8rJO7AZz1ykQaIVB +b86CgWOPFtN4+DrR5S9FQhuMI4Npn1VAzh4Dd8wVY6eaYhWJ9/OnZFhhAoGAK/2B +VxjSBtbv2FhldW513Xkl/vHWCPwNYbIaojn7h8rHMniXMhwlR68mCbMvGSTL9IbC +Vn6lfdS6i2B9wCX+pCdqXnJjQomYWxgBCilZJPi4JhAY8ZOuphygs+uktV6jPj8o +hz6aJMOLIQ8mccdqWizyHLt0Oh4RQB1ONRamPAUCgYEAlvbIbpWRnO0w4CUJ0rMM +ebf3OSX0LAdJpQ9UZNNsknnXdwljwkabxHGR8YFe1Mbj7R5HoBDxctTQmjDwlnhE +7vci9Gb/kHZ5m0oz0IBuIyQkfdTqH8yP2fjhZoWsLoSOJfSJoUYO7n9CizG+2StZ +Rx6ABs/rmxGipW/dxLtjMhs= -----END PRIVATE KEY----- diff --git a/testdata/certs/minimal.pem b/testdata/certs/minimal.pem index 4323071..cb71576 100644 --- a/testdata/certs/minimal.pem +++ b/testdata/certs/minimal.pem @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- MIIC/zCCAeegAwIBAgICQAAwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UEAwwMTWlu -aW1hbCBUZXN0MCAXDTI2MDIwNDA2MzIxN1oYDzIxMDEwMjA0MDYzMjE3WjAXMRUw +aW1hbCBUZXN0MCAXDTI2MDIyNDIyMTcxMVoYDzIxMDEwMjI0MjIxNzExWjAXMRUw EwYDVQQDDAxNaW5pbWFsIFRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCiC+DQ98I32v+/U0R3fEEIvUTDS+i/RHsNV2Hjep7cg7k2tGsHmWn6KgJJ -69gtyD1cqBLRhOaIPel2YftQEIjX/JTv/tPAMyWQqC8Ib8lFwAXRkRaufwzP71Bh -nP7xvmeTStaglyGNaXf05SuPprjGJGUzZ3K9m1Y065zuFCT0K+eGfmLgAXAhh13q -pNDFDhCf8u+3iymm8JDYxfv0JoS/ygDe63P+FMQJh+GztnIXJVVuyDzuLgcu3mOn -cwK6kUQP4/UIbCFx8KgGysTq7pkGZgjoEeijhmeWx+EEWDYQgtw4g7O5xF65793t -TJ/K9j0WlOWMPzWQSAPrkXU/pQDnAgMBAAGjUzBRMB0GA1UdDgQWBBQxZm4CWupG -IktS420x6j8+cu7C2zAfBgNVHSMEGDAWgBQxZm4CWupGIktS420x6j8+cu7C2zAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBaEc83IyDJ+ZZu2YKH -eNnp4u0jMLqj6VDccjpeIsTbkohP1bu6U+7V2pVFAMhbNQR2JIZI8t29aemsqqXY -1KZ6oMOz0NZ+ywXpQkKe2SK4gR/hZHvYj6ie3AzSiUvBv8qrpJvCA7j49E1WUJIJ -nZJjKXRFoxTdwfoJ5deN4sNnpxupqRsKO4xZnOkbF5lsZqyFhQjZK89izyff4Eja -EOUm54PhsKGwKH8c7URo7s3bYkON2BcWcWRiIbl8+6Lw3IZlycy/AShLjFYvEXeO -qKcbXRzElMezvGaxouCC+1LcP1Opkh2RrW0UxgVXBw8ebC44r38W4WE0i5nYa9kN -1Zma +AoIBAQCjvjcY7fu8C60xxGyuSVdcjWV5D8cyXHzk1/WpX7sqInxnQtwHS+N4coGi +caqtTDOdXcSjC4rxQfszdPtsrZQnEiZ9YPDzIWZi7sMUNLJGv98zZSU5dpSVuPkj +lDFRtIOimDHazbXELYJ667IJI0Ub4bKxBvRmMQ6PA5qohFYdhNywcdegGs596IF7 +F6W4ahRa7egTF70LBQHge4MQFyCTTbEhu142kpOl3tFyqS8GvLg0ZaZexjfUmLg6 +bVcEJIiSsmH5QwmyzmNlLhAYFE5tXCKw1pzrB1wCTK2/qrQbCMm7fi8J4yfWF+uZ +veIrw/zFiRJ++tqKAY5ZbqcWFhEVAgMBAAGjUzBRMB0GA1UdDgQWBBSz2fsysXp/ +8zel7nHM3IFyWOwZXzAfBgNVHSMEGDAWgBSz2fsysXp/8zel7nHM3IFyWOwZXzAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAN6dNACI3vTYjIRWpv +hfzwGC5haLpOPMPg1Q732QnsrSTBKIR3qPDgGTu1ebILVZ5IVuMW6WEZVV4UoXME +nTNrinjZ440peMvoWXpIowjAWDANOIwLw79gt3q3765ACLCcTJyla7gjAyHFfL8u +OzSHchTLmISYRpk8RuAjsLdnKjE5QkZf4nWzmoanF28NWd6jFCrFCa1oO72pfgo1 +nw1td0X+Xb7rXIQFLyxox473L/bpjwhdDUS8eljVb1vutTSUD/jhqZFZqrLsCyhi +5Ik/BmEbV/r3BDLYJZJIcu+6KACPwXy0di6gBIOGgoFs8EWlAzQJQYHiKASSvXam +uzQj -----END CERTIFICATE----- diff --git a/testdata/certs/nc-bad.key b/testdata/certs/nc-bad.key index a729e2f..f2b142b 100644 --- a/testdata/certs/nc-bad.key +++ b/testdata/certs/nc-bad.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgZxMX5h4H1kB4 -uzsu3YFg5EkJJWDFlPkEw7BzgKvgIMjTEiviXbRmLwlqNrWW9i22Bji4E/n7LylU -q7BXCZ9NrHylXKcyRwrDyuWhMyNJ4/yYoIQbyRTUhEP1EtObOImn66SlorbYHDUt -x8T1uPxRKW2CbzmOBYYWX2891c8ejrCWTxrhUWn/AMxn43qVTTEgZqVjZEuGGZUj -Nfo/oxK9WyUi/2ohsJ+2yy9HhBVOVazNmNbpGr7gJwVN7rekLyVx/nMUCNUV3WEN -i4BSYHelbdIMXLsQpSnB6F55gNc0SoLGMBOLWegRgwB7L6Tavzodx/QJoYbBEm+t -erPSPupNAgMBAAECggEAIbpayPExylsSVnCkOrAH9uw5sUsjRJiVHhvZ3Aen3Gp4 -X+2XvbMPblcgpy1W1KXyKa64OXi13Uvm6G9rlnmm/imxUgIgBBHtIQtmapV6q5xd -bmh+LuuCzkb7lSo+xYpHY8BIcC29Pcb8paI2d6bMo3JPHRivJP5jWgv6M6nkMdvg -7D/XfqDjn1ah8VPYCUMS8PNXH0ENWiEq09uNYx4cjDNONVFi98PIHRwu2EFZ4Tc4 -EZ663cZkLOGdprhF6psrblpKRcNPcyF7YkJSBCx0a2F7DbXI7jKF3dyHWfz+8HKY -7aKfkus0vycS5eyPuxEfYSk77Vg4zBAppn9xUjUAvwKBgQDLsAF1BE9Lxnt3SO30 -vLtJIeroQ+TRcK+rSxRzb0ggJXEAliVBIES0/V+dN0sTztXsq+l2wVgWlezhjZRh -skICQPk+UJAAnI0wSnk7ZIIEQYxkkKawL18UzzkiuO/IdZNAVKM+DUj+EYqIT4rt -0L6+k2qbSk1iEZY40pyL5QZ8UwKBgQDJmS90rmtcei+J756fTcLAJ8GT2j/Bgjy+ -jNc5NJZc7nesU7eJY64I27BvrbSRbmNGqORbfg4P72O7nwb1sM/670zYi+W+Kf2n -F8Tv/s/KshnM++LNFYD4OunqA2Gtqare+mV+SpWF0R9vBXfurLrIY16UlRT121/C -efy1i6Eq3wKBgQDCRgFdxtqK/6jLQTgU8d4ABuWy2u7oBH7I9jdvUniMkKmTUaH+ -1/QwXGpR3WcyYVkQ/3cR2Z9XC3CAQTWBaTAkTixsDxMKQkc4BBBVYavQu2RYls8l -xEj/5BYu1A2AOQRVm2SHzswL6FclZBiycyM7SgeoTdo462VIlTjTBYKGGQKBgE7Z -hG8tvT45aBiaST9jqbWAlz0eEuu75chdy9xLDjig6NvVDqdE/o/mZVb46PQs6dV8 -P3zti9B9wFNk+tLj6iTqrfLQnPZI9DYDnPqFfn54NJExP98Y9w2f9VebJPxIrVVz -OHkx8NObHKFO0T7f/lpcS2Tv/ne+6vBkyAu15j6fAoGAHz/C4BOlt32NKCocfNXL -f3iizDlnsteLLu4yXb9tQGfjQPtYvklCTJrFVeGx/AUUZXAbHbeWKiFwyl941dr0 -peU24Jy5/IozNeqhBu35JHoKmuJI41B6y9ivpN3TMpZX83Jqz9aZrzVLI9Wuwcr2 -3hdynbL9tG+JILssKNw2cKk= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC0e9f6yR2kI1s2 +xch26LDTMcHjBDCl80LY1iih3DzfZWhtQCKKp6BHuH0w+8f42QuxN6ZjlKt+0B8k +BT3BdPUYOkXdcbVob7BvT3VTknOt9xYgDnuWZxj1xfMkGn4h7BwMglwQQSXcM/MM +urYEEoiBg1g6d5IoTh7WO0qKqrur4iZ6rARelt0fvXEq68IDzMfqVx8rhmWjUVZ7 +v+PqFD9pYI0zqY/pdZECfOS+igPBB4Gb992CeiCY1e9Q3pSumyYC55JMLj0Q9NKK +8hTQjgIhsoTJltmS1erTx2AaAUe4rEzWns2+cPoKdufXOpK5HX8DpJS5ifHzYB4o +n8axrFkrAgMBAAECggEALXXaR4l75VmggpHb9hOTYobwctmd1VcKOerrjiWW0aBN +5uLWMH2bciVGp11sF8K33roJN6D9d3I9vclyLjXi/GjFK0uWaYlkdA0cHOJRL/sC +QC3VtGMgltt27Fud9LZvtDjrro5yVl5hdI3dBfaTGqg2Q3fVwUA4JTcHBhmOLvNY +urvFyTB/3Db98VVnLb+o6uVh6yCwilCA6P3xgdzEfGIPn5E5CpS9yNuqVhywGLar +IorMO2q0mFzZ/gMJwQGSgfFWcBm0FhwHMLUEeHz5J2YPPMcM3/6TaSigfIeVvL14 +rLhlwfvz69cZ3jCu1J3aTEWLZ5eRo5pfAD2JfNntzQKBgQD6P8+R2tykUiXvlvGg +Y3Re6DWuNFWdYXosocj7aAtqiOws5gBcsZMk9Hhd/dCDHMOnW/m2XB0lwq1XTxqH +cV0injFmHC7gHjnvOmmEr8QGg8sZ8oKgPwo6MVY01ADQmjB4yNdkqTiB376WM/bv +ZRIq6RGfLzKN9wML8Iqitvvq5wKBgQC4oZwqeuIlj902b6zMzWwSZweJsW71mlI/ +cFNYI2ZZBtgb00n0k4xokldiFl4kGzk9VfIPY1uHlkgR2TI3l1bZaak9nptbLuJZ +9qM0AoabELr8CYuwMEB5p5kRsrpfTyEfbZBJio8zLqqdQDCd8zltfRd7HAxT6LL6 +CE8tE5S7HQKBgAROpNv10GZjo5OEHZSNIaugg4wECpUy4E90WWk6WTf0M1xyeP8f +b1DrhEbZ34TiMdvnkVy6KSZFO4aNLf+2y8uUvXTsd0IUQxsC/l3ySIV0L0K7EdSA +QUTPJJS0MW9lt//cNRjecMKLf1RGgLGOI8npSQxcW5pl7f9+nGRAkgVxAoGATcnp +XgyAE4tVjIXorDEwg2BdUKotMdVfKdNNiikACipUCwUud5li4vwlTPJXn6bIqwr2 +/XzDJ5EttDdqbPmaYeeeopOcqQJL49OCV3to8xRNc7sh24243Ii8eTRwSY+xSOiE +jjeOteXHhJFy6ll7rKGzru7WUtQL9ERj9330gBECgYB5WnKfzTAH6BX0XgvKvCV4 +1TFtZovuW7nTuEyw5PouDKDjvaMLbbF/vphyJngWG24ws5/ZdVZYwr20KaUl5QlA +4sLDh8b07kJGjwZ1D/B6RnNUPqr5FYo7nqzLBniAh4QzOpXiCPfrfPUQWrrFEBoL +h/TBbP1Be46vaEvjQv8kKw== -----END PRIVATE KEY----- diff --git a/testdata/certs/nc-bad.pem b/testdata/certs/nc-bad.pem index f780dea..30f5a78 100644 --- a/testdata/certs/nc-bad.pem +++ b/testdata/certs/nc-bad.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- MIIDbDCCAlSgAwIBAgIDAIACMA0GCSqGSIb3DQEBCwUAMEAxCzAJBgNVBAYTAlVT MRwwGgYDVQQKDBNOYW1lIENvbnN0cmFpbmVkIENBMRMwEQYDVQQDDApOQyBUZXN0 -IENBMCAXDTI2MDIwNDA2MzIxOVoYDzIxMDEwMjA0MDYzMjE5WjA3MQswCQYDVQQG +IENBMCAXDTI2MDIyNDIyMTcxNFoYDzIxMDEwMjI0MjIxNzE0WjA3MQswCQYDVQQG EwJVUzERMA8GA1UECgwIQmFkIExlYWYxFTATBgNVBAMMDHd3dy5ldmlsLmNvbTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKBnExfmHgfWQHi7Oy7dgWDk -SQklYMWU+QTDsHOAq+AgyNMSK+JdtGYvCWo2tZb2LbYGOLgT+fsvKVSrsFcJn02s -fKVcpzJHCsPK5aEzI0nj/JighBvJFNSEQ/US05s4iafrpKWittgcNS3HxPW4/FEp -bYJvOY4FhhZfbz3Vzx6OsJZPGuFRaf8AzGfjepVNMSBmpWNkS4YZlSM1+j+jEr1b -JSL/aiGwn7bLL0eEFU5VrM2Y1ukavuAnBU3ut6QvJXH+cxQI1RXdYQ2LgFJgd6Vt -0gxcuxClKcHoXnmA1zRKgsYwE4tZ6BGDAHsvpNq/Oh3H9AmhhsESb616s9I+6k0C -AwEAAaN2MHQwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFK/c -kdsyb3SkxoNSYiKB7q7sKiGIMBcGA1UdEQQQMA6CDHd3dy5ldmlsLmNvbTAfBgNV -HSMEGDAWgBQ1T/zM7rVU467rmnn7m/ckkBKQ9zANBgkqhkiG9w0BAQsFAAOCAQEA -CVMllG0Y8FLQ7Sq55nrtrgqi5zZNf7CDVsWA4TaRwGwDhDBASDWlduC75PkwZ/rg -lqzrtL07pnFyuZsotxgp/0Fl/WD8P+VBhHvI+Y7ybhpHgRBn3ogWxHnTiidWBSRp -xHm4NLc/sr3eP7mmGoTUV3V1XzRCP0eDWcsA7umaWyy3IkwCcAFWi0Mm8LPsjI1o -jJn+RFLmYkLEjsUYPnsiev5cfIy/uguNvlmMxrc1wBynK1Oxd2zRDIR5g77GpWdl -DzqRk3wd0OqiQm6Gqyv8aQT3mCmivE066YisGGGB5cRZd/phqskn3m99M1jEvMEu -OqUd5UZ46n4vizxNIW3WTA== +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALR71/rJHaQjWzbFyHbosNMx +weMEMKXzQtjWKKHcPN9laG1AIoqnoEe4fTD7x/jZC7E3pmOUq37QHyQFPcF09Rg6 +Rd1xtWhvsG9PdVOSc633FiAOe5ZnGPXF8yQafiHsHAyCXBBBJdwz8wy6tgQSiIGD +WDp3kihOHtY7Soqqu6viJnqsBF6W3R+9cSrrwgPMx+pXHyuGZaNRVnu/4+oUP2lg +jTOpj+l1kQJ85L6KA8EHgZv33YJ6IJjV71DelK6bJgLnkkwuPRD00oryFNCOAiGy +hMmW2ZLV6tPHYBoBR7isTNaezb5w+gp259c6krkdfwOklLmJ8fNgHiifxrGsWSsC +AwEAAaN2MHQwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFOYy +ToD9xXDfjm9sWZrjeQVMKunEMBcGA1UdEQQQMA6CDHd3dy5ldmlsLmNvbTAfBgNV +HSMEGDAWgBQsJDQPRCCsyMvSvFfcRkBetfL5YTANBgkqhkiG9w0BAQsFAAOCAQEA +kRVNpAjnGktCPK16qeko2yyR5EhaI18d/P7kw0UoATuwtK4LvXwKQQhxIQlySAn7 +Kp8RIAknTw5N0Xpd6e2/ZgD4WezFViL6puuhQLLP3g7Jq2Sx1MFtW+vhXyfm7Y/v +i06J5V6VXlhZNEHiyKkrlR4+B/68QDpveuA6JnOxrgf/03xX2NBgvHLeH+OLSO44 +BBGk9aXSaAhDANqEwgRLDKg1iKZLwoQfhKfWTfGxIOlUKHFFF7BLVjcsRkBQgNsX +x1c//N59EiLXBTem+Hc13+L0ClgxCylgrPeCWJxzUF2+PVLFf0Z/yIUg/VrBPUkA +bzdSSYvSh4d+T2+JbsD0jQ== -----END CERTIFICATE----- diff --git a/testdata/certs/nc-ca.key b/testdata/certs/nc-ca.key index 5812f34..847c023 100644 --- a/testdata/certs/nc-ca.key +++ b/testdata/certs/nc-ca.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgwLQEPCoIKAm3 -QuJw+S6me2fCq1ZeKw2teV+AuBS35shpWnafrzy72qVjj3dZ9v/oMf70P9SB6ejg -oQ7QSPuQ51DB+C1BC0YRmrteflONK7yfOLzEa1PUNBwwy9vkFCFp8Sg6qYo/Br9F -tvDsi+2HLXZ3gWbVPxwW1qDn/ZH1zRbN0p5rPUwya3Z93qhBmTUFUY7A85gxnZQQ -bNtLoUS9Ks6v96j8eCcKge7TZyf9xhMkRfATvFtl2A7qTe4z01FTs1t8yoGSFvp1 -QETtB6PHtlg1wYhuQoXtpjCWDCxsXJPQ0wvO7PnwxaIbh1UGFoWG2HaiDdDNtaxh -iZTzlZvFAgMBAAECggEACp7wxd7bwBI1IiCPKXutM16v6lK7sBkUHEQKpUyEQepD -j4JkmARR9O9rQfq2ngENw1+aQrT862By/HRnsCdCR76gvVASXVvLU1pvyrx59LfR -DIwJHMkijsCqpCaz7ovN8Vv3lnihI6zkcky1+kr8dJPyYc7w5mH3DyM7GljMjfrW -Gd3S6CYUifH1QIkLNlYg+FYJmbYYn6jdTs9B8WA+goPT6s6oUSjlJTi2Tvdo/rVQ -KaqOUXSxuy70XlIcOqFbBOuYq/U10Ny4W1l/k447mt5lki8eXygBD/9DhcIN2PpI -xgVhpHdhdFD5y1NAHxdr8d+tek8iSzjJZXQuB4/7OQKBgQDNiPNQf9r5Q6j5gNiy -8tTysHfCJMuhtn9+Y4Kh2qFFRi6R8EsyehSXn2mH4+KlF6N4Gk6s7gw7hDj3q9uT -J4qDAAtMWIEJfKJ1tOjfdSwDAry+Pp/NyUeMCQkiBn7nrrqghqd6pF/1nL4uLs61 -Z97K617b2rabytvqZYw0874ntwKBgQDIOO8afA6vKX99qy4tJ+curOIyydEId/SG -BvvqpyUiLxKPXUKRPlOUQm1yqS24z8TJNvmChpa//fWsKDA5bDSbWNKmwghUXp3z -TlypohUlBS6MkcFToxD07TngvVZtHpXncnuFO4SCClZQycb2voaJdYpvB2Smvdma -W6zDONXAYwKBgF6rF7caTNfG7EuPp0A1TRRDZ8XKgOiJUIv8dazrMKDhxI1/qoMj -a9yylj77HeeAzdCB/X71XjkDm+GoDMjoy4mvOYT+tuCRwZqJq0FRjOYOGrVdzulQ -Ll43wzci2s0H0/ogS3/XukM84PQQpzEzGJFKfDSztqxncYezIjM5mXpdAoGBALYC -A2Do+xRBvfJIBO7pgh8M64bNrOZs3OxlNuWFUZ00e0O1vEh6BtIUXJfJsJV60WE0 -RzZfEHSw8H2x/ryEX4IECWGrqpS/egft6RAPFfeUMU95Q+u6pTRw3Zctpn4FOrGt -gRmJFBh+Ox6vfd1ZLsWQAuqRJu7oUAIgafkBFlYPAoGAW1YMZK3sM0WZycbkNziB -J2ltvBzF2qV9qjGb5F79tTsIrHoyCfDIuGyDFE23ZxHarQKGqhXB/hW6WBrjumV+ -tmuYTQ7DX8wS+GBJK4t4al2T1qUyCFhjBgYNxM4UJuCKTg5OLTizKHlq4YOERZ6C -uHDtt6vY13Ye8HEBitQIUTs= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCatERQ4zR/sidM +zO3jUkM0UtenyZ7HInIeiQ1eZHIWCsLWP7qXW3rzg05Qko3Taf0+M3tWJ/Zr7hYB +wdHeWivpMhFZ7s9pItfSb1TWCYOcfvVwL+XXfPXGpOKG/HWTgyXDnqtgXMxGkFIw +akCix2jXi385c/JDi7zp38P2Ku0mV661i7BBvHh74g31No5Oenjy0Pg5E+g6tFre +vT7J6Om/QpR2RLnaeFvGAcaE+KPn93LOdAb9jN7/JCK/ndDx/4uMSeAuoibiGX4F +LrC6886RZaZDeoSgqkJ1PREXTuOJP/i0Ka7WA8zMWQZIoHpbqZMxcq+kPkZPpRgb +n/l1Z33DAgMBAAECggEADBK2ZCOfFLoYBA/YHs3sLbirWM5MxFilVEm4z92B48N6 +OhMmIirC+R8NrQ8K321dlI2a+fnLatfdQszX7oTV+XBtVzniWN+dvS/wDHYYnc1w +pQ0v4DXBzntOrF8mY9kvyMjose/8ByO7LkkUez+ZqHyb9KVeSjQtDYlndx4ZfMzq +3MUQcJxoGYZO3dq/DVrbZUxZ07LSGnKWlUJ1cv8SS2/DtJVVxGMoXefbYTQDvMHR +SwQ44EQgmD3dwVRpKtpuAm+1ez0IJbmoEYcY+1QpLFW/+igXpJm7yKjMsDZcTKlf +cxYbj+4SMesKSJ0yzc3WoqascngkC+gX44s0E/r71QKBgQDRe8zIXCmHDmEByGQA +yirhaI/WNTA/ULfeAZUqVsW3fZj6wkbfG27TWfrpFN7m5eShfr6rrrWDu095RO9F +p1NIeQ4QgS1t+L7hwSpDW7uEouz5uQZaQcxRJqoW2vHFInNYT+1qM9KBcMXG8hWU +fMT8X8+Tt+YiYG221nByhDhHfQKBgQC9DoDA69A5LuqdzGNjV2rPBFK+2zAtSvSz +7j9xzWImPkGBqO1+j6PcaLZKBsruf2fICOGvRhTnkn3+fFmtlyALEljFfoel+nUG +K5UuqIQ4Y0z8iAw2v81hbseRDBWdyYv5/WWnto7J3oEK8vYkaajtlm7fgEyAiBLT +b6Bq0+ZePwKBgDeNwU0RQ+IRKiCy5/JdqumENUD1cgoYeepiORC1WlHC+SLnCqx4 +NffO0P+nDUXmia9aUW5uMqzwq67ZXSr3qNp7YAN4fne/k7+C3pZmaWBPZNEFBG5D +LNAIlOrivWMuM7Cj4a5cd+Lj6U9NO/PY8tSLBB2Ek39iWzY1wDReZB5xAoGAcD31 +CRS3yctl9YuMEkWrHv8FFVTStIFE6LJxLmJufCAICi+92J70/P2aBDcmMhSoC+Xh +/4qPDLE3ZmhzYZFQr+ITnCUz6cHZynEDn/Dilwu1gFRRVAvppof7qczP5J7tIN1l +hf3npkgYuuRmaFXmui/O4ZitUr3211r1lZb6tUcCgYAv6RV7ispuTn8MFNgUCIuv +a/ILU6tzvu7bYO8ar2k7mnhJMB7Wl8XqhiwnQzB/rpkeR/kAvNC6cnSzlv38zM1o +ix+Cru+A+BtbCDARZPWzMqjkXwrPXYzoHxA/V6eW27TIY45IXb0Y9+l9S+suLBj/ +I/2UKP4n6t+oWMWsNiSM3A== -----END PRIVATE KEY----- diff --git a/testdata/certs/nc-ca.pem b/testdata/certs/nc-ca.pem index 3b6bc86..79d92e5 100644 --- a/testdata/certs/nc-ca.pem +++ b/testdata/certs/nc-ca.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- MIIDhjCCAm6gAwIBAgIDAIAAMA0GCSqGSIb3DQEBCwUAMEAxCzAJBgNVBAYTAlVT MRwwGgYDVQQKDBNOYW1lIENvbnN0cmFpbmVkIENBMRMwEQYDVQQDDApOQyBUZXN0 -IENBMCAXDTI2MDIwNDA2MzIxOFoYDzIxMDEwMjA0MDYzMjE4WjBAMQswCQYDVQQG +IENBMCAXDTI2MDIyNDIyMTcxM1oYDzIxMDEwMjI0MjIxNzEzWjBAMQswCQYDVQQG EwJVUzEcMBoGA1UECgwTTmFtZSBDb25zdHJhaW5lZCBDQTETMBEGA1UEAwwKTkMg -VGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDAtAQ8Kggo -CbdC4nD5LqZ7Z8KrVl4rDa15X4C4FLfmyGladp+vPLvapWOPd1n2/+gx/vQ/1IHp -6OChDtBI+5DnUMH4LUELRhGau15+U40rvJ84vMRrU9Q0HDDL2+QUIWnxKDqpij8G -v0W28OyL7YctdneBZtU/HBbWoOf9kfXNFs3Snms9TDJrdn3eqEGZNQVRjsDzmDGd -lBBs20uhRL0qzq/3qPx4JwqB7tNnJ/3GEyRF8BO8W2XYDupN7jPTUVOzW3zKgZIW -+nVARO0Ho8e2WDXBiG5Che2mMJYMLGxck9DTC87s+fDFohuHVQYWhYbYdqIN0M21 -rGGJlPOVm8UCAwEAAaOBhjCBgzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE -AwIBBjAdBgNVHQ4EFgQUNU/8zO61VOOu65p5+5v3JJASkPcwQQYDVR0eAQH/BDcw +VGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJq0RFDjNH+y +J0zM7eNSQzRS16fJnscich6JDV5kchYKwtY/updbevODTlCSjdNp/T4ze1Yn9mvu +FgHB0d5aK+kyEVnuz2ki19JvVNYJg5x+9XAv5dd89cak4ob8dZODJcOeq2BczEaQ +UjBqQKLHaNeLfzlz8kOLvOnfw/Yq7SZXrrWLsEG8eHviDfU2jk56ePLQ+DkT6Dq0 +Wt69Psno6b9ClHZEudp4W8YBxoT4o+f3cs50Bv2M3v8kIr+d0PH/i4xJ4C6iJuIZ +fgUusLrzzpFlpkN6hKCqQnU9ERdO44k/+LQprtYDzMxZBkigelupkzFyr6Q+Rk+l +GBuf+XVnfcMCAwEAAaOBhjCBgzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAdBgNVHQ4EFgQULCQ0D0QgrMjL0rxX3EZAXrXy+WEwQQYDVR0eAQH/BDcw NaAeMA2CC2V4YW1wbGUuY29tMA2BC2V4YW1wbGUuY29toRMwEYIPYmFkLmV4YW1w -bGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCKPBlBKCRjpJ3EXw3Ep25RWZyrb/jp -JENWyePvDzg7iSxWp5zthnBNC6DndHHe+CzDaz/OzWKnttG+0lsRGMKs5xdEHXLG -2CNFa3zT4bbu1oRLQDN6N6ZLLr1XUnvq3IgCycnoTjpKjRh2Tc47fVugDv2qmwEk -pV52+8AlZVIofj/c7gnDUqBpfBWbRwzt/rBWsgLuW8/mXWlPOCAeMl1XGGJcHUNq -8ZxC54zAIhMEmgFKODDI2hNIlGlyBBLa5P4Xb3MlKBA5kf33Tx6pecYVSiw73df1 -ljuAkwgD4/eG+RgnZOKjJkPJIegIusj3oc+57Z8pzftBckOBigjNr3kE +bGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCPYfw2h61S9nL7n5ABsA009aLN1pFm +Ul0UpKhb5Hj5FUz3vUXP4KKpZsia0ssYwvhxiqESz3oV1t/QQ4Zu4NqIT/aY/Ojo +VEAG/QjcL8gFmOnBfH6DUqRmZu+/pPRlLOIPKLGNrRryMMUr2j6uYpY4cTvr6HWB +HpAPtFOP3nnrsxi2IjcpNz0LBv2MI2+YwgxZRjeyUjZlEqiaz3+r3zEfVm/+0qlk +nRoBI3dBWyw9EpQFJOmC1nqA+QHzV5oqzcvvV1wBFDusVMax7FOQj21XwnIfEF1X +2miCoZeeOe0OshBHUE3N/9PG2AvF0nZ3xbuY+iz+sV7mY7ioinBv4aBP -----END CERTIFICATE----- diff --git a/testdata/certs/nc-good.key b/testdata/certs/nc-good.key index ad15d8e..afd62d6 100644 --- a/testdata/certs/nc-good.key +++ b/testdata/certs/nc-good.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCjEeWixZC5Ppl8 -+h64YY2DfdhXlPSGdwkWDcMahRRCu8rP/RS+7sEJTl8FxpQFc3bj2zTrtN2cxS+q -0QE/d7+1hrd5fnMXGT9I3rwH0WoIHXHmNtrcuO0RbiccvL9OFceMTbxDjgPSraRD -TYNVpblzt/CsU3BzYHynygJwDcqr/bzO2JlbfeU+bkCnYMGIM9voc8kYhe6NNXQg -bI7cZRhQt4tVbERSTsRooXwh7Cm3unR9oi+/a2xrdU96nCjdKpNQsg7ZJ7Eiw/CG -8pLdkrhwSBjSKI+Ger7tH9tWpqbPhw3iJKd+RpXkfudBa7ZnSttguv8i+qXDUs1r -fEi2pPJ7AgMBAAECggEACZE94qFqVam3pFxGZP6LqJr2fhj4ZS5i2ihR1Su0XfbQ -yFFPRMnuiZSYnHtaVuYa/2LujpH+7SbN+e8nbBbsTSdnDRCxil5TMmmnlqvWMKr7 -TbFByiePr3EviCFPrOk4EeIxZtodZk4pndIdn9yRgIdakwLfFnlHq5eiDWjVKucD -atKUbo99Z3iPcXA7hzzPlnkF3eMAhqJ1ygh4uYfjUKPBZHa16V49wgt2JSJkPZET -FDofj0F4JzVRWPzU13yroT5AOGlEj3GRiCtxqLEQ3ZSI03Km2Qw07n7uylK6MZNx -I+tVbcDO4ihbmUYVpx2pKGDB8HKUJIAN4qaCkGPXRQKBgQDSAYvGKKyVrU0aqpVN -3P2n4+2UIKBX1JuhcfIyMxgNqyCwTEbBhC5eAQZp2eWALDAX5xlKZihPPRnw6FGA -FWBNOYDa16PoCQXpW5OlRsC6DVKIgi6CfBT+b1HhbOcmqQ27qPPkVL5BvdhDjc6g -MPtc5X45eW123JKCF0PmHJQDhwKBgQDGyMXfOcQbVqgdLOaDeA6Clxl3SqJoOJSV -JOxXg/2GB5ffBUcxnxaIgKTNlHmZi5EqshqZQKK3tUCLQjzhHQY9O1tuRnoUyo/l -NAI1ps7Yrwqm0muWBwDJYWYVt2iZlkKVdUjGK+ip72meA795jaVM9CjW1eHZ4Txc -oW4V7cV+bQKBgHFI5jaSEG95mgNNi9cB5E9h8/IZG4XlqcKQbh9IUqxk6PBRZUXU -4RJSqTwGj/fxXkw2nPz2WL5N7qV3HSfj4BwobesfskpkO60jemUI4sQ6lZAP8bjv -6H9MW7YoAhVn0oGt5UsBr9RU7cmbQKBHbAEzx0CH0VXyLJJCrJ0AQ5QXAoGAP3BF -jbbOufbO0fjJW/2Ni+mSy/o6mE4uROaysj9CQmrb8eWqUdC2jTuY3K7cm77pxhlu -2afCBiTHA2pRKXpsyk/OHwRI46e9gmU1q0+fxZEfMhwHD6sOejYmMRoGPLWybCYw -4mWS6+Cm8TG7ApzMuyFUgzNgz3rNG7a8/iySkYUCgYEAtsSeA9cxBDT798HFxxXG -aBt7NSP5kcIqjunVHpcL+3sdlT4t/c1Qq3vFrD8Z2k8Qd6veEfrbVBYPYb6Uns4k -guGrawQ/fuQxJWhJNG6KH8xcePjUyoTaoAqP1CuduuRj3GL5sAVZYa/wCrYnBiQZ -Qt4lgt7AyGcKjJ8E6nG9XSk= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4gBw7vwlHmvYF +t64IMHHJMwqIFrnNG377RJqa6JqHBZQZ9i6JpAUJDSIh14cVq9twc5KjuceBLcIg +4ocFmbPpPlxh0mBV/0wk3q6WDu57/Rnd+5MZogQfTTJMIBbisDMlm6ecGgtumzEH +KweoMDNAE8fdZ8fJhedjCKkX6Rwh1K8EzzXGC5Hp3sj7ymvemojq4UK3NoKBkCSw +VaBssoutf0K/c2pdWzuC2TFrAg2nA7q1IFqkwvzRjW2vs5TcVYoiCbdA6aGjOdlm +0rQ0pWs0GMKQSAPaY7RtofKkVQNLTkzc4+iZ9zGDkj51Qc+rxb5uMxMmE+QeVXU8 +mc7AXNiLAgMBAAECggEANKzm4qv1I0t7yEAb4Nyr7+yxqg8K9yNNisGYfnfAfqI6 +GXtu5/87LM1iHFVjjO1nFmD40ePdsOT2ktr5/8BVXFdgmtEsjgD4pWIqaE9VCXNG +qlkEM4JNOP6aSJ+0yP3TbH5XSTsqXmbShaBkbEFusHG1U2Io6UFgwaacWGZGkOWh +9i820Xz25jkUkJmZUgr6NGoubNN/Y5wEWBZShQhvjueLggIQt73rX0jbmdxdQVe1 +aB1VJxkbTyCOM0hPk9xvBbAMudrfwhNRILAFCV1tAAULBRBM/GR5s8k5VthHtGcC +se67FS6v9wpCMzRPDdR2ZsyH5+wuDScO4E0KTtX/YQKBgQD3o0VYiSsp4InMXqOi +MFuJl0KvwWIi0DJNPmy8BYAjA/3F6rw8W4wyOwwIYi0REwU8jqWtAuoqGVGLzL+E +O+mDodByTKBSg0U2JO1uO7k6Quh/8OVsbFA8VCdmiEO4o4U+SSWJOlPVpQj7NKcx +EsN+QDDFxtL2t9tPcBCg7I0BEQKBgQC+uwrbKYiT4k/RZcBvd8LYbIdYNecIZsuV +eE2+/gMMTi2uVnc/mr+vCFeUnkdWY68nzpPH2rR3DGf5a+Mu+/P4IiIPMyVfT6K4 +2OLF+VOl3FK84bJGCoxjNC/Cy3krgZ34veQz1t1JGgID0TarpfHX0zsx9hScxNpG +iNppxN3/2wKBgEfwz7GDz91PlNihWcpBYCZdogrrFDZm42YbT31j37DMdQntQpgK +RHVHQByjYNJIA0pvamQTp7FpP45sgerJePI7rRG3fw/ZgN7U5YETqqDpVR/t/Mh9 +wuVz0SpxRbM7FfddSqFOJ5K2aiCIUFXqTI692S1rsFfqW7T9KmeFsQTxAoGBAJY5 +tmRGw2dPcnTIwxhI6PQUD0pgMleAt8tD1WCgq3/ut7ZALm6vkVjopirNu/yESXp+ +EBHy5f96iw5+dpMUKeX/5Hm6XC5FCDK1yXALYGIcNiLFVegq+MZOXWv9XbPxxJ4d +2vclvmeMj5e4Gmp6KxFGM7K3UybjOdUih32VbRHPAoGAP2yV36OeFAilV7Dz5M0K +jwnrSgJLA8AReG69J3hO7Sd0ITWkIuJd0m2JyT7pSDsfrueDWaQ4on0QUvXCnrhH +G5Q46iVznvvn5GlJdtC/pwzs8JAkDXuc0LYvrawKeVPyBLsyATESYGVXZjVnl119 +5UxoG9lAJ4C6VNjaG5dTEvQ= -----END PRIVATE KEY----- diff --git a/testdata/certs/nc-good.pem b/testdata/certs/nc-good.pem index 04d060e..f046d3d 100644 --- a/testdata/certs/nc-good.pem +++ b/testdata/certs/nc-good.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- MIIDhzCCAm+gAwIBAgIDAIABMA0GCSqGSIb3DQEBCwUAMEAxCzAJBgNVBAYTAlVT MRwwGgYDVQQKDBNOYW1lIENvbnN0cmFpbmVkIENBMRMwEQYDVQQDDApOQyBUZXN0 -IENBMCAXDTI2MDIwNDA2MzIxOVoYDzIxMDEwMjA0MDYzMjE5WjA7MQswCQYDVQQG +IENBMCAXDTI2MDIyNDIyMTcxNFoYDzIxMDEwMjI0MjIxNzE0WjA7MQswCQYDVQQG EwJVUzESMBAGA1UECgwJR29vZCBMZWFmMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5j -b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjEeWixZC5Ppl8+h64 -YY2DfdhXlPSGdwkWDcMahRRCu8rP/RS+7sEJTl8FxpQFc3bj2zTrtN2cxS+q0QE/ -d7+1hrd5fnMXGT9I3rwH0WoIHXHmNtrcuO0RbiccvL9OFceMTbxDjgPSraRDTYNV -pblzt/CsU3BzYHynygJwDcqr/bzO2JlbfeU+bkCnYMGIM9voc8kYhe6NNXQgbI7c -ZRhQt4tVbERSTsRooXwh7Cm3unR9oi+/a2xrdU96nCjdKpNQsg7ZJ7Eiw/CG8pLd -krhwSBjSKI+Ger7tH9tWpqbPhw3iJKd+RpXkfudBa7ZnSttguv8i+qXDUs1rfEi2 -pPJ7AgMBAAGjgYwwgYkwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0O -BBYEFGWZLBG+UJKNsy+srKUzUwTRwTSaMCwGA1UdEQQlMCOCD3d3dy5leGFtcGxl -LmNvbYEQdXNlckBleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQ1T/zM7rVU467rmnn7 -m/ckkBKQ9zANBgkqhkiG9w0BAQsFAAOCAQEAfH3utMHXrXnJ4D4B89f6A3jIwroP -F9CHVgQl2k2yTYpzi8CdQc1FnevBRw0DkmTbBUqQImrBy0ZwkjPiZlSHNxY3WrKU -RKzEiI0M/SPxpzvtqzZApKFgq/qnIs3DAlQ+j30l+mq2b4QJOsjQQ8tOG3TI26de -vcx5kneZ1OvTRtaFqpPRrRxSKPO7gqqPytuqwKkjDUbcaNLVevrSFPzzanYvRp3X -e+nTXcLAIX6jbeAPuFAmqPnYPjtDHbHmKqMXfcR0yWC7ahPb0qhtHK6bPFKinsOS -K0Is1u0fgsBBrRhmWaNkvq4ul+r6EQFwDOySdJR8HYSm71kn1IGAqWvM/Q== +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4gBw7vwlHmvYFt64I +MHHJMwqIFrnNG377RJqa6JqHBZQZ9i6JpAUJDSIh14cVq9twc5KjuceBLcIg4ocF +mbPpPlxh0mBV/0wk3q6WDu57/Rnd+5MZogQfTTJMIBbisDMlm6ecGgtumzEHKweo +MDNAE8fdZ8fJhedjCKkX6Rwh1K8EzzXGC5Hp3sj7ymvemojq4UK3NoKBkCSwVaBs +soutf0K/c2pdWzuC2TFrAg2nA7q1IFqkwvzRjW2vs5TcVYoiCbdA6aGjOdlm0rQ0 +pWs0GMKQSAPaY7RtofKkVQNLTkzc4+iZ9zGDkj51Qc+rxb5uMxMmE+QeVXU8mc7A +XNiLAgMBAAGjgYwwgYkwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0O +BBYEFNattSOqx4qJZUMvBpUmDiq7qYZgMCwGA1UdEQQlMCOCD3d3dy5leGFtcGxl +LmNvbYEQdXNlckBleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQsJDQPRCCsyMvSvFfc +RkBetfL5YTANBgkqhkiG9w0BAQsFAAOCAQEAhN9GIgjuo61cU6I0b/OrfQ/ji7ml +JjZJ9R4F8Km1X5deTX9fC60F9G75CJET4Yfgd7KrsQ2R2TBVmaT3YHJW91HgwDXt +XC7gNYVFgp6Qe3guxjrJW5d0rsMViG1Pcu+aMB1mCAERNY8B+uEBGAA90yv7PYzX +z347J6nJGgYaKysO2n8ejstFAZv+tces23MVO2uUHYkVIQedNq/CknsPC+WjrvW2 +irg6p8LUWVIIKc3OseXXTrmeILQpg0X6TCC0g3wNNtQoZku4XS1TCCfHnrm4Z4Hm +8CoB19qkqhSNu/ksr2rUe3oDW9fX8TJh7TbTFzweD++jlzQGZ4YfAQ3GXg== -----END CERTIFICATE----- diff --git a/testdata/certs/reference/client-dates.txt b/testdata/certs/reference/client-dates.txt index 9f6fc52..1a11ef0 100644 --- a/testdata/certs/reference/client-dates.txt +++ b/testdata/certs/reference/client-dates.txt @@ -1,2 +1,2 @@ -notBefore=Feb 4 06:32:17 2026 GMT -notAfter=Feb 4 06:32:17 2101 GMT +notBefore=Feb 24 22:17:11 2026 GMT +notAfter=Feb 24 22:17:11 2101 GMT diff --git a/testdata/certs/reference/client-fingerprint-sha1.txt b/testdata/certs/reference/client-fingerprint-sha1.txt index a4e9e7c..c74972e 100644 --- a/testdata/certs/reference/client-fingerprint-sha1.txt +++ b/testdata/certs/reference/client-fingerprint-sha1.txt @@ -1 +1 @@ -sha1 Fingerprint=43:A0:1C:96:94:28:D1:CD:F3:7C:1C:8C:61:6D:82:7C:64:A7:2F:1F +sha1 Fingerprint=F0:06:A6:35:D5:1D:FB:60:44:A1:09:A8:CC:BA:73:83:A6:72:3F:CD diff --git a/testdata/certs/reference/client-fingerprint-sha256.txt b/testdata/certs/reference/client-fingerprint-sha256.txt index 7cd520c..da9f9f3 100644 --- a/testdata/certs/reference/client-fingerprint-sha256.txt +++ b/testdata/certs/reference/client-fingerprint-sha256.txt @@ -1 +1 @@ -sha256 Fingerprint=69:7C:C8:B8:2E:E4:90:2D:4E:41:7B:44:15:70:C9:DE:D3:22:B9:75:64:A8:5F:9A:EE:39:92:32:C4:38:74:9A +sha256 Fingerprint=7A:4D:8C:4C:D8:63:D6:A7:6B:37:EE:CB:95:1E:44:D7:4E:AE:4C:F7:1A:A9:B5:6C:C9:40:CC:86:BD:B0:4B:8F diff --git a/testdata/certs/reference/client-pubkey.txt b/testdata/certs/reference/client-pubkey.txt index a47e53c..6322120 100644 --- a/testdata/certs/reference/client-pubkey.txt +++ b/testdata/certs/reference/client-pubkey.txt @@ -1,9 +1,9 @@ -----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfWjobwzu8SUdeRPHH2f -eWmZuJBJT+PnXXP3iJRcMwnGsPlo6SmoQ4oPxBkhkafZdlRd5mRNb7I4IRZDulAa -oyNRV93DCeWvzyuDLCQCRAtgncv9YmNcSeMxepZDxi1pjF0gvTHpJrER5IkT7RtM -RYcnnKiTzbI3blAC+mO3dm1n1YpR/WmmCbveSqkJKrI+FqQRkkNuQWidKu5Z9tSl -BgXjYl4kF5bXc7kPSTVEJi3c3fYmaVpv3TeAh7CFdandH9sO0JfeGcKcCmLiCbpq -fOyfBaA+1MKmd+zECSlMAo8ykZDs8VDUE+MmtLT76KF1jfjpAzcwXfjGnIznEf3t -vwIDAQAB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7hECdNdZUqL5OnH3c/H +EGrdJtCV30RBA7h7uluEomvQOZlMtCmmhgg5sSrNnd/yxx9B2yaQs5pMxDifB8JB +yIeHW6p3xglrn5HFNzg0PdVRHf7Zr9RdJi/ybWEKhBzVEkvBUC5AEczp6v7JtM3s ++VBHFW2SAK6gyMeu2Zr+fccIY5zvmtuD2iAnlQQ1L2V2Qre/6NR5rmOU+hD6LPuT +V3nUY9+MN6awz2qL9aRtEdcByn7AccQfVRQouXqL8dqAegux4kMDSo/UtnfhGjjl +KZABqvyoVugyrj/upa1p6oa4+GOGrbbSqwQZCQ/iAbR2MRPDqY0Gxi7h85Vi7uri +VwIDAQAB -----END PUBLIC KEY----- diff --git a/testdata/certs/reference/client-text.txt b/testdata/certs/reference/client-text.txt index 30cd4c4..302aa7a 100644 --- a/testdata/certs/reference/client-text.txt +++ b/testdata/certs/reference/client-text.txt @@ -5,31 +5,31 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = California, O = Test PKI, OU = Intermediate Authority, CN = Test Intermediate CA Validity - Not Before: Feb 4 06:32:17 2026 GMT - Not After : Feb 4 06:32:17 2101 GMT + Not Before: Feb 24 22:17:11 2026 GMT + Not After : Feb 24 22:17:11 2101 GMT Subject: C = US, ST = New York, O = Client Organization, CN = client@example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c5:f5:a3:a1:bc:33:bb:c4:94:75:e4:4f:1c:7d: - 9f:79:69:99:b8:90:49:4f:e3:e7:5d:73:f7:88:94: - 5c:33:09:c6:b0:f9:68:e9:29:a8:43:8a:0f:c4:19: - 21:91:a7:d9:76:54:5d:e6:64:4d:6f:b2:38:21:16: - 43:ba:50:1a:a3:23:51:57:dd:c3:09:e5:af:cf:2b: - 83:2c:24:02:44:0b:60:9d:cb:fd:62:63:5c:49:e3: - 31:7a:96:43:c6:2d:69:8c:5d:20:bd:31:e9:26:b1: - 11:e4:89:13:ed:1b:4c:45:87:27:9c:a8:93:cd:b2: - 37:6e:50:02:fa:63:b7:76:6d:67:d5:8a:51:fd:69: - a6:09:bb:de:4a:a9:09:2a:b2:3e:16:a4:11:92:43: - 6e:41:68:9d:2a:ee:59:f6:d4:a5:06:05:e3:62:5e: - 24:17:96:d7:73:b9:0f:49:35:44:26:2d:dc:dd:f6: - 26:69:5a:6f:dd:37:80:87:b0:85:75:a9:dd:1f:db: - 0e:d0:97:de:19:c2:9c:0a:62:e2:09:ba:6a:7c:ec: - 9f:05:a0:3e:d4:c2:a6:77:ec:c4:09:29:4c:02:8f: - 32:91:90:ec:f1:50:d4:13:e3:26:b4:b4:fb:e8:a1: - 75:8d:f8:e9:03:37:30:5d:f8:c6:9c:8c:e7:11:fd: - ed:bf + 00:bb:b8:44:09:d3:5d:65:4a:8b:e4:e9:c7:dd:cf: + c7:10:6a:dd:26:d0:95:df:44:41:03:b8:7b:ba:5b: + 84:a2:6b:d0:39:99:4c:b4:29:a6:86:08:39:b1:2a: + cd:9d:df:f2:c7:1f:41:db:26:90:b3:9a:4c:c4:38: + 9f:07:c2:41:c8:87:87:5b:aa:77:c6:09:6b:9f:91: + c5:37:38:34:3d:d5:51:1d:fe:d9:af:d4:5d:26:2f: + f2:6d:61:0a:84:1c:d5:12:4b:c1:50:2e:40:11:cc: + e9:ea:fe:c9:b4:cd:ec:f9:50:47:15:6d:92:00:ae: + a0:c8:c7:ae:d9:9a:fe:7d:c7:08:63:9c:ef:9a:db: + 83:da:20:27:95:04:35:2f:65:76:42:b7:bf:e8:d4: + 79:ae:63:94:fa:10:fa:2c:fb:93:57:79:d4:63:df: + 8c:37:a6:b0:cf:6a:8b:f5:a4:6d:11:d7:01:ca:7e: + c0:71:c4:1f:55:14:28:b9:7a:8b:f1:da:80:7a:0b: + b1:e2:43:03:4a:8f:d4:b6:77:e1:1a:38:e5:29:90: + 01:aa:fc:a8:56:e8:32:ae:3f:ee:a5:ad:69:ea:86: + b8:f8:63:86:ad:b6:d2:ab:04:19:09:0f:e2:01:b4: + 76:31:13:c3:a9:8d:06:c6:2e:e1:f3:95:62:ee:ea: + e2:57 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -39,25 +39,25 @@ Certificate: X509v3 Extended Key Usage: TLS Web Client Authentication, E-mail Protection X509v3 Subject Key Identifier: - 62:7B:E3:A6:38:DD:E7:8A:7A:11:9C:DE:9A:BC:88:68:69:7B:43:66 + 4D:D7:70:6F:14:D5:42:87:2B:87:5F:41:FC:D3:FC:92:57:E5:0E:FE X509v3 Authority Key Identifier: - 53:92:7B:D6:7B:58:80:E7:AE:96:70:E9:95:E8:5C:CD:B8:52:8A:99 + 7C:37:9A:DB:EC:FE:AB:30:79:11:32:F5:E3:A2:64:FB:5C:B5:DE:18 X509v3 Subject Alternative Name: email:client@example.com Signature Algorithm: sha256WithRSAEncryption Signature Value: - 25:08:1d:f6:d2:e8:70:9f:cd:7d:a9:f5:2a:8b:38:77:1a:d5: - ae:79:f9:5a:e1:1d:57:6f:b2:c9:b7:20:d3:39:38:8c:9b:de: - d5:79:d4:1c:33:80:df:fc:01:52:0c:ba:e0:79:93:68:03:f9: - 08:c2:d8:81:fb:5c:c1:75:a8:3d:e1:58:73:af:5e:72:93:c3: - a2:e6:be:22:2a:4e:6b:03:5c:75:89:73:bf:d7:ff:ad:e1:48: - 44:d8:44:8e:a3:77:cd:dc:41:ba:a4:f3:69:80:c8:c2:d5:7e: - d9:61:b7:0d:aa:df:41:2f:79:0c:ba:a0:9c:61:46:93:15:b3: - 63:d5:56:97:e3:6c:cc:f8:69:08:64:40:53:88:23:03:0e:18: - b1:e2:b6:0e:63:7f:c3:b8:9b:b0:fc:34:37:51:90:07:02:3d: - b5:35:dc:21:80:90:17:15:9c:af:10:f7:cd:51:d4:eb:c9:d2: - 99:18:19:4f:3a:a8:54:9c:ca:cf:f6:f3:eb:a4:3b:ce:b1:0a: - 79:0a:2e:76:69:91:ed:7c:96:be:2d:7b:74:f6:22:5f:0e:63: - bb:ea:4e:a0:77:e4:c0:26:83:77:15:f4:5b:2d:ad:76:6e:c7: - 54:06:51:73:85:fb:51:41:dc:83:7b:17:6a:bf:7e:4a:a3:1f: - f9:97:48:7b + 5d:ee:48:7b:a8:1c:60:4b:8d:76:42:ef:a8:c7:1f:14:f6:44: + 4f:ae:fc:2e:54:9f:7f:1e:f3:b3:a7:1e:bc:23:2e:ed:28:62: + bd:ef:60:d7:74:47:82:c4:67:c5:d7:9e:fb:25:a6:2c:67:a4: + b5:a2:5b:e5:57:e1:2e:45:e9:3a:17:b3:fd:40:9a:c1:d4:1e: + e1:c8:6e:a3:ba:c0:83:74:4c:13:4e:54:b8:15:03:e7:34:9d: + d6:e1:d4:9e:b7:0a:59:b4:41:96:13:91:e0:17:57:9c:48:d8: + c2:0f:ab:b0:2e:c8:af:e7:b1:d7:c6:d5:9e:8b:fa:8f:6e:6e: + bf:13:d0:0f:3c:0a:05:06:dd:5e:a2:cf:11:44:d1:8c:e5:58: + 01:f4:1b:21:e8:84:12:31:51:aa:35:99:d5:55:bf:8f:74:8d: + 72:38:49:76:54:cf:c8:cb:e6:42:e4:30:27:48:cb:de:86:4f: + 8d:3a:82:fc:6e:0d:dd:76:42:00:4e:7a:e9:30:dd:a3:63:8a: + 90:cb:3e:1e:f7:7f:28:0b:7a:87:57:4e:74:13:49:a5:e4:db: + 1f:56:53:fd:c8:37:6a:0e:9f:78:e3:c2:7f:9d:d3:12:82:cb: + 4b:23:d7:1e:0b:55:70:49:b0:7f:68:32:4f:65:e0:60:72:27: + 3b:a1:35:58 diff --git a/testdata/certs/reference/ec-p256-dates.txt b/testdata/certs/reference/ec-p256-dates.txt index 9f6fc52..1a11ef0 100644 --- a/testdata/certs/reference/ec-p256-dates.txt +++ b/testdata/certs/reference/ec-p256-dates.txt @@ -1,2 +1,2 @@ -notBefore=Feb 4 06:32:17 2026 GMT -notAfter=Feb 4 06:32:17 2101 GMT +notBefore=Feb 24 22:17:11 2026 GMT +notAfter=Feb 24 22:17:11 2101 GMT diff --git a/testdata/certs/reference/ec-p256-fingerprint-sha1.txt b/testdata/certs/reference/ec-p256-fingerprint-sha1.txt index d840183..f0c4c38 100644 --- a/testdata/certs/reference/ec-p256-fingerprint-sha1.txt +++ b/testdata/certs/reference/ec-p256-fingerprint-sha1.txt @@ -1 +1 @@ -sha1 Fingerprint=01:C8:6D:19:DA:F7:C0:EE:86:28:C7:F4:3C:15:0D:2C:D0:A9:E3:E0 +sha1 Fingerprint=82:5B:49:F1:95:54:43:2E:9C:0F:DA:31:05:7C:19:D4:D7:DC:EA:18 diff --git a/testdata/certs/reference/ec-p256-fingerprint-sha256.txt b/testdata/certs/reference/ec-p256-fingerprint-sha256.txt index 879bce5..570b71f 100644 --- a/testdata/certs/reference/ec-p256-fingerprint-sha256.txt +++ b/testdata/certs/reference/ec-p256-fingerprint-sha256.txt @@ -1 +1 @@ -sha256 Fingerprint=DB:5B:49:D6:80:BF:AC:A1:30:07:D4:1A:8C:56:01:A7:C6:ED:78:94:8B:08:35:0C:C6:D8:75:B2:41:E5:41:5A +sha256 Fingerprint=95:1B:92:6F:0E:0D:FA:AB:B5:19:BA:4D:64:E7:FE:59:58:D7:83:D5:6E:1B:70:7F:9B:6A:3E:E3:1C:7F:B4:05 diff --git a/testdata/certs/reference/ec-p256-pubkey.txt b/testdata/certs/reference/ec-p256-pubkey.txt index 15e3698..32cac09 100644 --- a/testdata/certs/reference/ec-p256-pubkey.txt +++ b/testdata/certs/reference/ec-p256-pubkey.txt @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAER2oU8SLk90L217EbLnIP7+0rMci9 -brrpOMMwLICjU1zVm7Eo+DHTZgB08ycJEpGhO//53+WO9lq+RiyU5uSxaA== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7tD0vNJgk5glfCh3jzn8vzgcr6nH +FeiFKVQPqPmKZI21d7GwiIkidw4ZZXPaRRmqeSHMiA0vG2jyJTSyF1oC2g== -----END PUBLIC KEY----- diff --git a/testdata/certs/reference/ec-p256-text.txt b/testdata/certs/reference/ec-p256-text.txt index f7f1e36..65c3c73 100644 --- a/testdata/certs/reference/ec-p256-text.txt +++ b/testdata/certs/reference/ec-p256-text.txt @@ -5,18 +5,18 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = California, L = San Francisco, O = Test PKI, OU = Certificate Authority, CN = Test Root CA Validity - Not Before: Feb 4 06:32:17 2026 GMT - Not After : Feb 4 06:32:17 2101 GMT + Not Before: Feb 24 22:17:11 2026 GMT + Not After : Feb 24 22:17:11 2101 GMT Subject: C = DE, ST = Bavaria, L = Munich, O = EC Test Corp, CN = ec-test.example.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: - 04:47:6a:14:f1:22:e4:f7:42:f6:d7:b1:1b:2e:72: - 0f:ef:ed:2b:31:c8:bd:6e:ba:e9:38:c3:30:2c:80: - a3:53:5c:d5:9b:b1:28:f8:31:d3:66:00:74:f3:27: - 09:12:91:a1:3b:ff:f9:df:e5:8e:f6:5a:be:46:2c: - 94:e6:e4:b1:68 + 04:ee:d0:f4:bc:d2:60:93:98:25:7c:28:77:8f:39: + fc:bf:38:1c:af:a9:c7:15:e8:85:29:54:0f:a8:f9: + 8a:64:8d:b5:77:b1:b0:88:89:22:77:0e:19:65:73: + da:45:19:aa:79:21:cc:88:0d:2f:1b:68:f2:25:34: + b2:17:5a:02:da ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: @@ -27,25 +27,25 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Key Identifier: - 7C:4F:9C:F7:55:47:75:8C:AB:78:05:D3:13:31:7B:16:DC:09:FA:DB + B0:92:42:AF:7C:34:31:5D:61:22:02:CE:4B:B8:48:1B:D8:32:BD:D6 X509v3 Subject Alternative Name: DNS:ec-test.example.com X509v3 Authority Key Identifier: - 50:0E:FC:2B:84:B4:AB:50:6F:33:ED:E5:52:C1:00:63:0C:84:09:F3 + DD:42:6E:6A:E9:0F:48:A5:15:50:57:EF:B8:6D:46:BF:AF:65:50:EC Signature Algorithm: sha256WithRSAEncryption Signature Value: - 77:54:b8:c6:27:be:2a:c4:bb:22:2c:fd:86:4d:bc:65:4e:68: - 06:3b:9e:57:eb:96:cd:91:9f:1c:e6:0e:56:1c:bd:a8:35:64: - 74:4c:68:75:9a:d3:21:1f:39:62:72:ac:f5:c1:99:c3:73:37: - 56:45:d0:be:aa:08:32:78:26:ff:fa:34:24:22:97:c8:7d:a9: - a6:8f:40:9a:5a:aa:7a:1e:8e:2b:3c:80:1d:1a:bf:33:66:ba: - 20:31:01:dc:06:24:73:2c:7f:ba:39:0b:92:70:35:ba:c4:c7: - 3b:ff:b7:fb:09:23:23:94:94:a1:06:b4:da:29:11:3a:1c:7b: - be:4a:4c:69:9e:38:67:e6:7b:b8:b3:ee:df:48:35:3a:d5:f8: - e2:ec:00:32:bc:d5:21:50:6f:74:ff:12:7c:87:a8:84:f9:b9: - ac:4e:c2:2e:b8:55:57:15:49:be:9b:1a:34:a5:58:74:f3:5a: - a9:93:85:a3:a7:9b:de:63:4e:ec:25:7a:e7:00:5c:ed:29:80: - b4:b4:b1:42:a3:df:bd:04:9f:de:a8:d2:ff:0d:07:17:e0:5a: - de:56:75:b2:88:51:1f:38:58:c5:cf:df:8e:17:82:e4:6f:d8: - 88:4f:12:bb:a5:52:6b:27:c3:ec:55:f0:3e:09:3d:32:d9:9e: - 57:43:3f:f9 + 6d:49:76:cd:ee:a2:64:0b:c0:91:0b:36:85:df:e6:ce:cf:a2: + ae:36:f0:fc:16:65:79:88:d2:99:45:04:2a:29:97:4d:6b:70: + 27:a9:19:c8:ec:d5:7e:db:3a:1c:71:8c:f9:74:01:f3:fc:7f: + 01:8a:a6:61:68:60:80:89:96:ba:de:b3:46:a0:85:63:b8:60: + f2:ef:f9:b6:07:6a:aa:3f:7b:2d:90:08:0c:9a:67:0b:09:04: + 59:26:4b:fa:d6:67:09:a8:5b:ac:38:08:7b:45:42:fa:1b:e9: + 0e:ad:05:45:af:ce:aa:eb:2a:a6:0e:ce:e5:62:21:8c:ab:e8: + 90:65:80:f2:8e:12:8f:03:ca:15:25:23:06:40:dc:10:ad:77: + ae:25:2a:42:64:c3:ea:b6:1b:8f:0c:63:57:fc:fa:4b:29:00: + de:d9:b6:91:b2:9e:59:27:e3:a2:cb:41:05:76:b6:f7:6b:e6: + dc:8d:85:72:c7:6e:ca:e7:e4:bd:d7:41:08:bf:45:5a:79:6c: + 29:f3:64:ca:03:d3:44:d8:72:54:25:c7:9c:5e:ae:d1:ae:43: + 76:f0:f7:6d:af:16:3c:54:02:3c:45:4f:21:da:bc:79:74:bc: + 9d:2c:db:8c:d5:38:d6:49:dc:ae:aa:56:36:c9:55:bf:1a:07: + 20:01:00:74 diff --git a/testdata/certs/reference/ec-p384-dates.txt b/testdata/certs/reference/ec-p384-dates.txt index 9f6fc52..1a11ef0 100644 --- a/testdata/certs/reference/ec-p384-dates.txt +++ b/testdata/certs/reference/ec-p384-dates.txt @@ -1,2 +1,2 @@ -notBefore=Feb 4 06:32:17 2026 GMT -notAfter=Feb 4 06:32:17 2101 GMT +notBefore=Feb 24 22:17:11 2026 GMT +notAfter=Feb 24 22:17:11 2101 GMT diff --git a/testdata/certs/reference/ec-p384-fingerprint-sha1.txt b/testdata/certs/reference/ec-p384-fingerprint-sha1.txt index 8f4787e..bdd5275 100644 --- a/testdata/certs/reference/ec-p384-fingerprint-sha1.txt +++ b/testdata/certs/reference/ec-p384-fingerprint-sha1.txt @@ -1 +1 @@ -sha1 Fingerprint=3E:07:2F:89:F8:DC:FE:40:13:8B:07:D4:4E:50:CB:6D:F4:8C:C7:58 +sha1 Fingerprint=C1:C7:A7:A8:5A:5C:91:B8:EF:EB:47:06:FC:9C:40:C0:F0:85:02:34 diff --git a/testdata/certs/reference/ec-p384-fingerprint-sha256.txt b/testdata/certs/reference/ec-p384-fingerprint-sha256.txt index 422b8a6..dab2990 100644 --- a/testdata/certs/reference/ec-p384-fingerprint-sha256.txt +++ b/testdata/certs/reference/ec-p384-fingerprint-sha256.txt @@ -1 +1 @@ -sha256 Fingerprint=11:DF:09:75:8E:C0:40:9D:A1:D9:8D:78:A5:8F:A6:2D:87:6D:64:D1:A1:12:BD:D6:D3:91:D3:06:C8:EF:C6:4A +sha256 Fingerprint=08:51:55:58:32:4D:10:28:03:6D:32:13:71:04:A8:65:4F:E7:9F:D1:59:B3:40:8E:A4:BD:03:A5:94:0D:5B:17 diff --git a/testdata/certs/reference/ec-p384-pubkey.txt b/testdata/certs/reference/ec-p384-pubkey.txt index cb457c9..e7525f8 100644 --- a/testdata/certs/reference/ec-p384-pubkey.txt +++ b/testdata/certs/reference/ec-p384-pubkey.txt @@ -1,5 +1,5 @@ -----BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEIy84y+jjp2gjSpU36Sj/xJ63ETQRqOm/ -FloiBI5WcAYjRQe7opS2nb3SZ1Gz9Y6g1ur2I73I/U1ph9cSPl5JsC9xrTQHU9gM -q4Yszw/Rl0Jq1YEnC4bB6gyLFlodW63I +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAECBc89QOw6LyrJbHx7vRybEZTkuVNNT9h +P4oVE7mCEe89OIX0FfV8dJdQKUOdfUzd6N+DGPE22S4cDJM9X1ezQRc0FjIKMJl5 +OTB9U6Q9itTJ3xBm7dwzOHqaO2JAMxWR -----END PUBLIC KEY----- diff --git a/testdata/certs/reference/ec-p384-text.txt b/testdata/certs/reference/ec-p384-text.txt index e468812..3c5c3b0 100644 --- a/testdata/certs/reference/ec-p384-text.txt +++ b/testdata/certs/reference/ec-p384-text.txt @@ -5,20 +5,20 @@ Certificate: Signature Algorithm: sha384WithRSAEncryption Issuer: C = US, ST = California, L = San Francisco, O = Test PKI, OU = Certificate Authority, CN = Test Root CA Validity - Not Before: Feb 4 06:32:17 2026 GMT - Not After : Feb 4 06:32:17 2101 GMT + Not Before: Feb 24 22:17:11 2026 GMT + Not After : Feb 24 22:17:11 2101 GMT Subject: C = JP, O = EC P384 Test, CN = ec384.example.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) pub: - 04:23:2f:38:cb:e8:e3:a7:68:23:4a:95:37:e9:28: - ff:c4:9e:b7:11:34:11:a8:e9:bf:16:5a:22:04:8e: - 56:70:06:23:45:07:bb:a2:94:b6:9d:bd:d2:67:51: - b3:f5:8e:a0:d6:ea:f6:23:bd:c8:fd:4d:69:87:d7: - 12:3e:5e:49:b0:2f:71:ad:34:07:53:d8:0c:ab:86: - 2c:cf:0f:d1:97:42:6a:d5:81:27:0b:86:c1:ea:0c: - 8b:16:5a:1d:5b:ad:c8 + 04:08:17:3c:f5:03:b0:e8:bc:ab:25:b1:f1:ee:f4: + 72:6c:46:53:92:e5:4d:35:3f:61:3f:8a:15:13:b9: + 82:11:ef:3d:38:85:f4:15:f5:7c:74:97:50:29:43: + 9d:7d:4c:dd:e8:df:83:18:f1:36:d9:2e:1c:0c:93: + 3d:5f:57:b3:41:17:34:16:32:0a:30:99:79:39:30: + 7d:53:a4:3d:8a:d4:c9:df:10:66:ed:dc:33:38:7a: + 9a:3b:62:40:33:15:91 ASN1 OID: secp384r1 NIST CURVE: P-384 X509v3 extensions: @@ -29,25 +29,25 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Subject Key Identifier: - 04:8F:3A:36:1F:D5:00:48:E9:D0:5A:A9:65:47:0D:73:D6:EC:9D:93 + DB:DE:54:9B:78:C3:02:DB:DE:66:AC:3E:87:69:28:08:0B:94:0B:9A X509v3 Subject Alternative Name: DNS:ec384.example.com X509v3 Authority Key Identifier: - 50:0E:FC:2B:84:B4:AB:50:6F:33:ED:E5:52:C1:00:63:0C:84:09:F3 + DD:42:6E:6A:E9:0F:48:A5:15:50:57:EF:B8:6D:46:BF:AF:65:50:EC Signature Algorithm: sha384WithRSAEncryption Signature Value: - 43:c0:6a:c2:cd:a2:43:6c:ec:e6:a9:05:a5:31:91:b9:96:dd: - 25:0a:bd:80:1a:b7:dc:fb:6b:3c:38:0c:03:5e:3e:87:da:90: - a7:9b:ce:65:f1:c7:be:f3:99:a0:32:b7:e9:04:dc:6c:a6:5b: - 68:ce:6a:ce:06:5a:54:91:ee:5d:14:a2:de:c2:38:29:65:62: - e1:82:25:cc:a7:53:b1:90:e0:8c:33:85:fc:64:47:00:50:07: - a5:a3:4a:89:30:12:d0:f0:ef:ec:f5:dd:03:83:04:3b:d2:de: - bf:bf:0b:37:41:78:de:5a:f0:a9:ea:bc:f4:fc:04:b7:46:e7: - d3:5f:a2:cc:1f:76:20:cd:09:4d:af:e2:07:0a:dd:23:84:d9: - a6:32:9a:46:22:1a:b6:e3:2a:21:30:c6:b8:c6:5e:ea:d5:63: - 0d:de:4d:96:70:c8:74:ff:95:6f:d3:5d:b4:57:c5:d1:12:04: - 29:99:6f:3a:4b:08:a0:d8:76:d6:e7:d2:d2:17:7d:46:2b:19: - 49:a5:80:1b:3e:92:52:f8:20:5b:f0:a8:e7:4f:9e:70:dd:95: - ad:f6:97:7c:91:ae:0a:15:42:fb:2a:6a:dd:60:57:2e:fc:04: - 64:73:3f:f2:ce:ae:26:1e:df:a2:d2:6d:93:ee:9c:9b:50:88: - e2:86:31:31 + 5c:5b:eb:ed:e4:41:f9:49:ab:75:04:37:6d:b2:eb:01:d8:2c: + f3:64:df:8b:11:3b:67:a7:af:de:cf:a8:89:bd:62:20:e9:6d: + dc:92:eb:dd:bd:e5:20:fa:f5:fe:e9:6c:3c:ae:f6:e9:bc:ab: + 36:d3:84:2b:bc:9e:34:6b:51:0b:07:9c:da:91:e8:1d:5c:b5: + 85:61:69:c1:fe:0a:cb:c0:52:41:5b:77:b7:63:d1:47:b7:13: + 28:ad:00:1e:83:57:35:d9:b7:85:bf:49:17:aa:49:9c:ba:69: + 4d:c9:2f:35:73:4c:17:b5:0b:e7:be:a7:06:aa:29:51:05:6f: + 1d:d5:fa:7e:96:59:47:c8:b9:08:f4:8f:ca:9c:f6:db:63:ac: + 05:b5:f6:61:63:e5:13:a4:12:86:56:2c:4f:21:16:0d:86:e8: + 03:d2:2d:06:49:2c:32:ab:3e:c3:cb:c2:4e:a6:71:3a:ee:c2: + 0f:a6:63:2e:6d:0a:9b:dc:9f:f4:2c:5a:59:9a:f5:a4:d0:9b: + 72:02:30:71:e6:9e:c7:b2:7a:36:b3:df:29:2e:93:5a:42:22: + 12:07:9f:ca:88:3a:02:ad:a4:80:3f:e7:18:a6:52:22:06:3d: + e1:6c:8e:20:33:10:0c:2e:32:bb:75:ad:19:95:06:6a:14:96: + 36:83:f8:32 diff --git a/testdata/certs/reference/ed25519-dates.txt b/testdata/certs/reference/ed25519-dates.txt index 9f6fc52..1a11ef0 100644 --- a/testdata/certs/reference/ed25519-dates.txt +++ b/testdata/certs/reference/ed25519-dates.txt @@ -1,2 +1,2 @@ -notBefore=Feb 4 06:32:17 2026 GMT -notAfter=Feb 4 06:32:17 2101 GMT +notBefore=Feb 24 22:17:11 2026 GMT +notAfter=Feb 24 22:17:11 2101 GMT diff --git a/testdata/certs/reference/ed25519-fingerprint-sha1.txt b/testdata/certs/reference/ed25519-fingerprint-sha1.txt index fa5c854..362fe92 100644 --- a/testdata/certs/reference/ed25519-fingerprint-sha1.txt +++ b/testdata/certs/reference/ed25519-fingerprint-sha1.txt @@ -1 +1 @@ -sha1 Fingerprint=D7:2A:4F:5E:02:E9:0B:EC:39:90:E6:78:BD:C0:09:A3:52:A9:D5:36 +sha1 Fingerprint=53:B1:6A:3C:8B:26:A5:40:9E:21:4D:71:7C:E6:8E:88:AA:3B:A6:64 diff --git a/testdata/certs/reference/ed25519-fingerprint-sha256.txt b/testdata/certs/reference/ed25519-fingerprint-sha256.txt index 6219e3b..6d4152a 100644 --- a/testdata/certs/reference/ed25519-fingerprint-sha256.txt +++ b/testdata/certs/reference/ed25519-fingerprint-sha256.txt @@ -1 +1 @@ -sha256 Fingerprint=F1:E5:48:47:28:47:F5:77:53:FC:E4:02:50:BF:CF:58:76:9C:65:1A:50:E4:57:46:82:ED:36:DA:24:74:9E:BA +sha256 Fingerprint=2E:90:89:F8:AB:6D:09:A6:8B:CD:2E:5D:26:60:AD:F3:40:5D:9D:6B:27:8B:06:4F:F9:29:73:91:53:54:40:2D diff --git a/testdata/certs/reference/ed25519-pubkey.txt b/testdata/certs/reference/ed25519-pubkey.txt index 8197520..1c2df9f 100644 --- a/testdata/certs/reference/ed25519-pubkey.txt +++ b/testdata/certs/reference/ed25519-pubkey.txt @@ -1,3 +1,3 @@ -----BEGIN PUBLIC KEY----- -MCowBQYDK2VwAyEAePDK+uIDNOZbbMFfr8j4hKEpL7cnL9MUERB8Dcp1eUk= +MCowBQYDK2VwAyEALLc977om9S0eXaMsykD+843sDBU4Vrk4ezQP1otMHfQ= -----END PUBLIC KEY----- diff --git a/testdata/certs/reference/ed25519-text.txt b/testdata/certs/reference/ed25519-text.txt index 957ed29..ef6df8f 100644 --- a/testdata/certs/reference/ed25519-text.txt +++ b/testdata/certs/reference/ed25519-text.txt @@ -5,28 +5,28 @@ Certificate: Signature Algorithm: ED25519 Issuer: C = CH, O = EdDSA Test, CN = ed25519.example.com Validity - Not Before: Feb 4 06:32:17 2026 GMT - Not After : Feb 4 06:32:17 2101 GMT + Not Before: Feb 24 22:17:11 2026 GMT + Not After : Feb 24 22:17:11 2101 GMT Subject: C = CH, O = EdDSA Test, CN = ed25519.example.com Subject Public Key Info: Public Key Algorithm: ED25519 ED25519 Public-Key: pub: - 78:f0:ca:fa:e2:03:34:e6:5b:6c:c1:5f:af:c8:f8: - 84:a1:29:2f:b7:27:2f:d3:14:11:10:7c:0d:ca:75: - 79:49 + 2c:b7:3d:ef:ba:26:f5:2d:1e:5d:a3:2c:ca:40:fe: + f3:8d:ec:0c:15:38:56:b9:38:7b:34:0f:d6:8b:4c: + 1d:f4 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: critical Digital Signature X509v3 Subject Key Identifier: - 49:1C:58:9C:7D:18:68:C5:0B:17:E0:F2:24:74:15:3A:6B:1F:53:E2 + B4:49:42:98:9F:AF:5A:DD:8A:C4:2C:AD:71:2F:67:4D:4B:DF:FB:45 X509v3 Subject Alternative Name: DNS:ed25519.example.com Signature Algorithm: ED25519 Signature Value: - 76:8d:68:1d:2d:95:24:87:e5:3d:cd:b1:e5:dc:78:d4:b2:d6: - 17:f3:4e:cb:19:4f:fc:14:67:f1:ef:5d:ef:05:4b:c1:36:b7: - 2c:ad:4a:2c:da:a5:61:ab:09:d2:ee:62:7a:78:49:2f:b0:f7: - 8c:4a:69:9f:f1:d3:1f:ac:0d:0f + d3:e0:35:7d:81:ca:0c:e3:28:30:13:1a:4c:38:65:1d:85:62: + ca:22:37:fe:9a:9c:72:c7:07:a0:f1:73:49:bd:1b:2d:ec:f8: + 3e:1e:c6:e2:2b:38:b5:68:52:c1:69:47:fa:8b:fa:64:41:99: + 9a:55:ca:70:1e:21:1f:0a:ef:00 diff --git a/testdata/certs/reference/expired-dates.txt b/testdata/certs/reference/expired-dates.txt index 9e5ebd0..000952a 100644 --- a/testdata/certs/reference/expired-dates.txt +++ b/testdata/certs/reference/expired-dates.txt @@ -1,2 +1,2 @@ -notBefore=Feb 4 06:32:17 2026 GMT -notAfter=Feb 5 06:32:17 2026 GMT +notBefore=Feb 24 22:17:12 2026 GMT +notAfter=Feb 25 22:17:12 2026 GMT diff --git a/testdata/certs/reference/expired-fingerprint-sha1.txt b/testdata/certs/reference/expired-fingerprint-sha1.txt index ad6c474..41a4c88 100644 --- a/testdata/certs/reference/expired-fingerprint-sha1.txt +++ b/testdata/certs/reference/expired-fingerprint-sha1.txt @@ -1 +1 @@ -sha1 Fingerprint=3D:23:18:B3:3C:CE:FF:52:F5:72:7D:24:93:B3:09:D5:61:10:95:7E +sha1 Fingerprint=79:2D:50:B8:E3:53:6C:DE:1A:D1:63:AA:12:17:E0:A9:4B:4B:FB:1D diff --git a/testdata/certs/reference/expired-fingerprint-sha256.txt b/testdata/certs/reference/expired-fingerprint-sha256.txt index 76fc969..9450e94 100644 --- a/testdata/certs/reference/expired-fingerprint-sha256.txt +++ b/testdata/certs/reference/expired-fingerprint-sha256.txt @@ -1 +1 @@ -sha256 Fingerprint=4A:56:7F:8A:24:F4:9D:F2:E7:31:C7:54:AC:EE:EA:FB:CD:BF:5D:45:4A:A2:15:ED:C8:ED:D2:C2:16:C6:40:5D +sha256 Fingerprint=26:E3:FC:95:F9:92:6E:17:05:53:EB:C9:25:9D:27:D4:5D:42:C7:2D:C4:D6:66:D1:B4:EC:11:00:91:96:C4:CD diff --git a/testdata/certs/reference/expired-pubkey.txt b/testdata/certs/reference/expired-pubkey.txt index 3cf5172..4167218 100644 --- a/testdata/certs/reference/expired-pubkey.txt +++ b/testdata/certs/reference/expired-pubkey.txt @@ -1,9 +1,9 @@ -----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzKoU0oEzy4bylTXFs/j -DB7xjXRxQvWvNJo/ws9DSQ4UiPjlZdbWurm9wa/rZCgcHHEP7XMT1zocK+0raYkm -vP14Rvl+/E4RLrdniMbjtqt+4YDmWjULyTu449xEumc1b/r/OLcLffLcRZlKFgyv -qojQsZnwohG3irEKOkvZnSyOrABhbvmD64iFRpX3OQuN2ePFeEPff/VbTOBDAv+g -fT/gCebC15koA6TjmnHH7wVbINPI+Jg5UAFXGYK4igAQJUbKtVFqCfOSuDyiXhAa -E6Jre1Ta3IFvkdKFlfxhoPcTDUJWk7LiyFxVgjwNMmHUpGxV0uiaBGpsTR+DEqkW -8QIDAQAB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQEzh4WvAnqsC80fbo6b +0S7H03Zo81jQqsOW0JBQJZb/mh+lk/+jytIwvQ/V65WGurBd3lHr5RwxOZSjEBV5 ++4U8mP/g6JgUeYShrpXjItat06Zks3h05Njcf4dWt0RuNgIgkxkryvux+WAKrDBj +JUxZpOeq1LbOSS9Gb/fAcLaqF44x5K6DCSQbjzWhC6g+SLU2Tnf69lFwLZm3DGp7 +y+h8AouSepLp21cQ15A7Eu5IMkLzAXZrDrh432+qKv9M2rfwmUSlVIJCSo1J5mij +vf5XBWSlfzF1mHh5bH2Pwrh/LI1jCUcf4SY9cObbEj1NbSHBOf+px1VjYh0fsLM8 +mQIDAQAB -----END PUBLIC KEY----- diff --git a/testdata/certs/reference/expired-text.txt b/testdata/certs/reference/expired-text.txt index 6b4ffeb..026c75b 100644 --- a/testdata/certs/reference/expired-text.txt +++ b/testdata/certs/reference/expired-text.txt @@ -5,53 +5,53 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: CN = Expired Test, O = Expired Org Validity - Not Before: Feb 4 06:32:17 2026 GMT - Not After : Feb 5 06:32:17 2026 GMT + Not Before: Feb 24 22:17:12 2026 GMT + Not After : Feb 25 22:17:12 2026 GMT Subject: CN = Expired Test, O = Expired Org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ab:32:a8:53:4a:04:cf:2e:1b:ca:54:d7:16:cf: - e3:0c:1e:f1:8d:74:71:42:f5:af:34:9a:3f:c2:cf: - 43:49:0e:14:88:f8:e5:65:d6:d6:ba:b9:bd:c1:af: - eb:64:28:1c:1c:71:0f:ed:73:13:d7:3a:1c:2b:ed: - 2b:69:89:26:bc:fd:78:46:f9:7e:fc:4e:11:2e:b7: - 67:88:c6:e3:b6:ab:7e:e1:80:e6:5a:35:0b:c9:3b: - b8:e3:dc:44:ba:67:35:6f:fa:ff:38:b7:0b:7d:f2: - dc:45:99:4a:16:0c:af:aa:88:d0:b1:99:f0:a2:11: - b7:8a:b1:0a:3a:4b:d9:9d:2c:8e:ac:00:61:6e:f9: - 83:eb:88:85:46:95:f7:39:0b:8d:d9:e3:c5:78:43: - df:7f:f5:5b:4c:e0:43:02:ff:a0:7d:3f:e0:09:e6: - c2:d7:99:28:03:a4:e3:9a:71:c7:ef:05:5b:20:d3: - c8:f8:98:39:50:01:57:19:82:b8:8a:00:10:25:46: - ca:b5:51:6a:09:f3:92:b8:3c:a2:5e:10:1a:13:a2: - 6b:7b:54:da:dc:81:6f:91:d2:85:95:fc:61:a0:f7: - 13:0d:42:56:93:b2:e2:c8:5c:55:82:3c:0d:32:61: - d4:a4:6c:55:d2:e8:9a:04:6a:6c:4d:1f:83:12:a9: - 16:f1 + 00:c5:01:33:87:85:af:02:7a:ac:0b:cd:1f:6e:8e: + 9b:d1:2e:c7:d3:76:68:f3:58:d0:aa:c3:96:d0:90: + 50:25:96:ff:9a:1f:a5:93:ff:a3:ca:d2:30:bd:0f: + d5:eb:95:86:ba:b0:5d:de:51:eb:e5:1c:31:39:94: + a3:10:15:79:fb:85:3c:98:ff:e0:e8:98:14:79:84: + a1:ae:95:e3:22:d6:ad:d3:a6:64:b3:78:74:e4:d8: + dc:7f:87:56:b7:44:6e:36:02:20:93:19:2b:ca:fb: + b1:f9:60:0a:ac:30:63:25:4c:59:a4:e7:aa:d4:b6: + ce:49:2f:46:6f:f7:c0:70:b6:aa:17:8e:31:e4:ae: + 83:09:24:1b:8f:35:a1:0b:a8:3e:48:b5:36:4e:77: + fa:f6:51:70:2d:99:b7:0c:6a:7b:cb:e8:7c:02:8b: + 92:7a:92:e9:db:57:10:d7:90:3b:12:ee:48:32:42: + f3:01:76:6b:0e:b8:78:df:6f:aa:2a:ff:4c:da:b7: + f0:99:44:a5:54:82:42:4a:8d:49:e6:68:a3:bd:fe: + 57:05:64:a5:7f:31:75:98:78:79:6c:7d:8f:c2:b8: + 7f:2c:8d:63:09:47:1f:e1:26:3d:70:e6:db:12:3d: + 4d:6d:21:c1:39:ff:a9:c7:55:63:62:1d:1f:b0:b3: + 3c:99 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 07:1A:AD:13:EA:F7:CB:25:17:5E:35:8B:5C:35:1D:96:29:0E:FE:2C + F3:19:9F:B1:16:E0:F9:D5:31:9A:08:C3:79:5E:1F:5E:68:63:B1:B6 X509v3 Authority Key Identifier: - 07:1A:AD:13:EA:F7:CB:25:17:5E:35:8B:5C:35:1D:96:29:0E:FE:2C + F3:19:9F:B1:16:E0:F9:D5:31:9A:08:C3:79:5E:1F:5E:68:63:B1:B6 X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption Signature Value: - 31:ab:20:13:d6:a1:41:74:4f:ab:0c:76:80:52:cc:bd:56:e6: - a8:05:79:57:4d:fb:81:c3:e6:32:91:5f:5c:21:58:90:ab:11: - 78:b9:40:f1:4b:62:ed:14:61:39:fe:35:dd:81:0d:19:b3:fd: - 01:f0:46:81:0b:62:dd:aa:a4:f3:d6:76:9e:ce:06:7b:6c:69: - 88:68:74:b9:34:93:cb:c7:3b:f9:99:e7:fe:04:d7:b4:a6:94: - 6d:07:01:e8:68:72:ec:09:f8:3c:3a:13:a8:a0:1a:25:4f:1a: - 69:15:17:d4:3b:25:77:6a:74:6f:f0:75:d8:eb:9d:6b:68:a9: - 95:1d:c1:54:b8:d5:a3:de:5f:3d:1f:1c:1a:8e:81:26:71:0f: - cb:27:98:ce:af:2d:80:1b:66:ad:4b:32:68:2d:de:9c:45:d6: - 65:65:70:6b:c7:88:32:6c:6c:f1:f3:57:b7:96:3c:0a:cb:f6: - df:7c:14:d2:43:c9:44:05:82:f0:a8:39:8f:20:ca:4b:01:00: - 5b:cc:33:0e:f7:9f:52:85:b2:1c:9f:27:28:52:92:2a:ae:73: - 89:54:c4:a2:2e:64:e9:ed:85:63:c9:7f:30:3f:2c:0f:8f:5a: - 17:3e:9f:bd:c5:b5:93:7d:05:cc:f3:13:e1:75:e5:ef:d3:7b: - 1e:0c:0a:82 + 0f:85:62:c2:5a:7f:f4:c3:2a:27:1c:bd:68:a5:2e:60:25:eb: + 96:33:c7:47:bd:81:29:f7:6d:5c:41:bc:74:a5:a1:1e:a1:b0: + 9e:90:2f:5d:94:26:a1:f1:8a:78:19:82:05:ea:79:37:81:82: + 98:1f:6e:16:fd:13:94:af:fe:a4:57:b3:44:8c:2b:44:2e:7f: + 12:85:69:79:94:fd:a4:38:a4:fa:4e:75:ac:0c:29:39:44:43: + f2:6c:dd:a8:d5:f7:61:c0:c6:d4:bc:3f:2c:74:9c:c3:37:8f: + 92:85:9a:ad:84:dc:d6:76:39:32:8c:b4:6b:8f:05:e3:5f:82: + 1b:ec:a9:9b:21:2a:85:6d:7a:30:59:59:ad:ac:91:84:0f:5a: + ae:ba:44:2a:7d:8e:52:90:0c:62:7e:1c:6b:2e:f9:a2:57:29: + 44:40:c5:85:30:8c:c7:22:95:0c:d3:64:d0:d8:6b:09:05:16: + 21:ae:17:d6:fd:af:74:32:e7:6e:ee:f8:63:57:9b:72:01:0e: + be:66:4c:79:3d:03:ab:3d:27:db:99:58:df:8a:2c:f2:a4:47: + 7a:a1:79:30:c6:b4:30:5e:bd:61:44:b3:d5:c6:3b:ab:81:6e: + 80:59:8d:d2:d7:a3:6c:8d:04:25:64:42:e4:a6:b0:db:d2:90: + e0:3f:bd:98 diff --git a/testdata/certs/reference/intermediate-ca-dates.txt b/testdata/certs/reference/intermediate-ca-dates.txt index 06674a0..2b6d9d5 100644 --- a/testdata/certs/reference/intermediate-ca-dates.txt +++ b/testdata/certs/reference/intermediate-ca-dates.txt @@ -1,2 +1,2 @@ -notBefore=Feb 4 06:32:16 2026 GMT -notAfter=Feb 4 06:32:16 2101 GMT +notBefore=Feb 24 22:17:10 2026 GMT +notAfter=Feb 24 22:17:10 2101 GMT diff --git a/testdata/certs/reference/intermediate-ca-fingerprint-sha1.txt b/testdata/certs/reference/intermediate-ca-fingerprint-sha1.txt index 1e60113..3154201 100644 --- a/testdata/certs/reference/intermediate-ca-fingerprint-sha1.txt +++ b/testdata/certs/reference/intermediate-ca-fingerprint-sha1.txt @@ -1 +1 @@ -sha1 Fingerprint=8B:D8:35:9D:F6:99:FB:3D:A7:D4:1C:C1:C8:D9:43:1A:6F:C1:A6:1C +sha1 Fingerprint=EA:B9:4D:52:D7:CC:D2:D6:9C:5A:93:A1:1B:77:14:25:6C:99:71:EB diff --git a/testdata/certs/reference/intermediate-ca-fingerprint-sha256.txt b/testdata/certs/reference/intermediate-ca-fingerprint-sha256.txt index 91c235a..0ee84a7 100644 --- a/testdata/certs/reference/intermediate-ca-fingerprint-sha256.txt +++ b/testdata/certs/reference/intermediate-ca-fingerprint-sha256.txt @@ -1 +1 @@ -sha256 Fingerprint=AD:93:92:72:94:FA:14:F3:9B:42:F9:36:78:FB:79:EF:47:3C:9E:C8:C3:35:07:1F:12:D5:95:90:AF:8A:6B:FE +sha256 Fingerprint=80:8E:08:6A:6D:57:F0:A2:54:59:49:F2:CB:BB:2B:19:77:CE:CD:1B:80:03:FC:EF:EE:F7:39:19:03:D7:23:AB diff --git a/testdata/certs/reference/intermediate-ca-pubkey.txt b/testdata/certs/reference/intermediate-ca-pubkey.txt index 0f12dea..29dfa46 100644 --- a/testdata/certs/reference/intermediate-ca-pubkey.txt +++ b/testdata/certs/reference/intermediate-ca-pubkey.txt @@ -1,9 +1,9 @@ -----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6Qbc3mynza0YufGvOUu -8eCuL8mhXd13jll/aYPvdAyI2cZ4lxUSeYyI3zY3peVjTHTsw9zlxnPcAz8tqurA -PEWmrfuPGm2rHymasQHkhhUdw5bVrFOA5TAf4As3QhLPvjfjpfu3BFpSWmnxFlN3 -TbE9KnLOxKN8oVhIbwVV3Z1T9eN9ts6JwgehxsJnKZc1JKP1tnhIl/UCcQ73lMsC -pU5guH0DXaC9Tt+ErtK6/Ns886Qr/anIWNt6a+4LR6ttZuMfZ4SgcECfJXLSmxuf -Fp9azj5E4bLAnc8XUrw0Zxca+1DRFs9fMYSvUn3ehP7waZsQ/HjZD2DsVPwOQzB/ -DwIDAQAB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+Ys+2vtqYFm0DD9XdWe +NNu27oQfUS7rl3ZTPRYJvutcoZB3u+oLE99R2AebBEA3PuSAKQkiW/ijhj3pyBEj +DX9exBh5O1QHf723zCYoFjWbFeMUQDl98JkhD4n4Ekiwd0xmNo6PIfNRfgiG6qah +BJnTozsdUIgsUs9KmuVrYCyQlUD7kbfrnVrncwTuy5d2au9FMWg647c3YKs4NVd1 +h9dPV9yV1oRz+t7MEMo02hcABBnPDBLQ1exE8f6OVWH+whb8U6xN256dD4cmwNBT +q50V1di6SwyD+G623iNXdFw21megMB/71sETsery1dfo5/lHtvpSTUnsXiCIdyoo +OwIDAQAB -----END PUBLIC KEY----- diff --git a/testdata/certs/reference/intermediate-ca-text.txt b/testdata/certs/reference/intermediate-ca-text.txt index 3eeec38..400b3d1 100644 --- a/testdata/certs/reference/intermediate-ca-text.txt +++ b/testdata/certs/reference/intermediate-ca-text.txt @@ -5,31 +5,31 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = California, L = San Francisco, O = Test PKI, OU = Certificate Authority, CN = Test Root CA Validity - Not Before: Feb 4 06:32:16 2026 GMT - Not After : Feb 4 06:32:16 2101 GMT + Not Before: Feb 24 22:17:10 2026 GMT + Not After : Feb 24 22:17:10 2101 GMT Subject: C = US, ST = California, O = Test PKI, OU = Intermediate Authority, CN = Test Intermediate CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c7:a4:1b:73:79:b2:9f:36:b4:62:e7:c6:bc:e5: - 2e:f1:e0:ae:2f:c9:a1:5d:dd:77:8e:59:7f:69:83: - ef:74:0c:88:d9:c6:78:97:15:12:79:8c:88:df:36: - 37:a5:e5:63:4c:74:ec:c3:dc:e5:c6:73:dc:03:3f: - 2d:aa:ea:c0:3c:45:a6:ad:fb:8f:1a:6d:ab:1f:29: - 9a:b1:01:e4:86:15:1d:c3:96:d5:ac:53:80:e5:30: - 1f:e0:0b:37:42:12:cf:be:37:e3:a5:fb:b7:04:5a: - 52:5a:69:f1:16:53:77:4d:b1:3d:2a:72:ce:c4:a3: - 7c:a1:58:48:6f:05:55:dd:9d:53:f5:e3:7d:b6:ce: - 89:c2:07:a1:c6:c2:67:29:97:35:24:a3:f5:b6:78: - 48:97:f5:02:71:0e:f7:94:cb:02:a5:4e:60:b8:7d: - 03:5d:a0:bd:4e:df:84:ae:d2:ba:fc:db:3c:f3:a4: - 2b:fd:a9:c8:58:db:7a:6b:ee:0b:47:ab:6d:66:e3: - 1f:67:84:a0:70:40:9f:25:72:d2:9b:1b:9f:16:9f: - 5a:ce:3e:44:e1:b2:c0:9d:cf:17:52:bc:34:67:17: - 1a:fb:50:d1:16:cf:5f:31:84:af:52:7d:de:84:fe: - f0:69:9b:10:fc:78:d9:0f:60:ec:54:fc:0e:43:30: - 7f:0f + 00:af:e6:2c:fb:6b:ed:a9:81:66:d0:30:fd:5d:d5: + 9e:34:db:b6:ee:84:1f:51:2e:eb:97:76:53:3d:16: + 09:be:eb:5c:a1:90:77:bb:ea:0b:13:df:51:d8:07: + 9b:04:40:37:3e:e4:80:29:09:22:5b:f8:a3:86:3d: + e9:c8:11:23:0d:7f:5e:c4:18:79:3b:54:07:7f:bd: + b7:cc:26:28:16:35:9b:15:e3:14:40:39:7d:f0:99: + 21:0f:89:f8:12:48:b0:77:4c:66:36:8e:8f:21:f3: + 51:7e:08:86:ea:a6:a1:04:99:d3:a3:3b:1d:50:88: + 2c:52:cf:4a:9a:e5:6b:60:2c:90:95:40:fb:91:b7: + eb:9d:5a:e7:73:04:ee:cb:97:76:6a:ef:45:31:68: + 3a:e3:b7:37:60:ab:38:35:57:75:87:d7:4f:57:dc: + 95:d6:84:73:fa:de:cc:10:ca:34:da:17:00:04:19: + cf:0c:12:d0:d5:ec:44:f1:fe:8e:55:61:fe:c2:16: + fc:53:ac:4d:db:9e:9d:0f:87:26:c0:d0:53:ab:9d: + 15:d5:d8:ba:4b:0c:83:f8:6e:b6:de:23:57:74:5c: + 36:d6:67:a0:30:1f:fb:d6:c1:13:b1:ea:f2:d5:d7: + e8:e7:f9:47:b6:fa:52:4d:49:ec:5e:20:88:77:2a: + 28:3b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical @@ -37,23 +37,23 @@ Certificate: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: - 53:92:7B:D6:7B:58:80:E7:AE:96:70:E9:95:E8:5C:CD:B8:52:8A:99 + 7C:37:9A:DB:EC:FE:AB:30:79:11:32:F5:E3:A2:64:FB:5C:B5:DE:18 X509v3 Authority Key Identifier: - 50:0E:FC:2B:84:B4:AB:50:6F:33:ED:E5:52:C1:00:63:0C:84:09:F3 + DD:42:6E:6A:E9:0F:48:A5:15:50:57:EF:B8:6D:46:BF:AF:65:50:EC Signature Algorithm: sha256WithRSAEncryption Signature Value: - 03:5c:6f:9f:08:a6:6c:ab:83:ae:da:5b:3a:17:cf:d4:5c:98: - a6:65:0a:39:2f:7c:c4:ed:af:bc:3b:96:3d:78:c2:d6:65:18: - 64:f6:c5:45:b3:70:96:0b:93:89:2f:35:16:75:0d:2d:f0:04: - 88:b2:27:0c:29:f3:e2:90:ec:65:26:e9:10:2d:8b:a7:0c:1a: - 2f:63:58:8e:c6:67:83:91:a5:fd:b0:e2:65:5b:36:5e:8e:1f: - a7:e3:37:01:76:18:5c:d6:06:bd:5f:f5:cc:27:50:0d:fb:b9: - 6f:36:98:22:4b:ea:e7:57:c1:d9:ed:7b:a1:32:5a:57:98:b2: - 8f:03:5c:f7:08:9f:66:97:8d:20:c1:ee:a5:62:19:87:41:3b: - 72:f6:2f:76:f5:de:ea:4b:54:8f:fd:5c:c4:fa:10:12:1c:07: - d9:99:a7:f1:48:c3:70:cc:4f:34:a8:3d:6f:2a:01:2a:8d:aa: - cd:42:3d:79:6a:0f:63:cb:83:0f:6a:a0:03:9d:c5:24:87:9b: - c7:de:56:e1:5d:4f:5a:3d:06:65:98:c3:84:a5:bd:5b:64:24: - 9c:00:50:11:40:03:ee:95:87:bd:ed:b7:9c:31:3b:48:9e:ed: - 87:59:0d:8e:52:d0:e2:e9:2c:43:6d:d7:dd:65:26:32:81:39: - 03:59:f4:f6 + 4b:97:ef:84:8f:4e:8c:70:cb:96:51:28:8a:86:2b:46:65:c5: + 5e:74:b0:6a:0a:70:f7:16:41:42:ae:0b:e2:a9:87:51:a4:be: + 2c:4d:e0:c9:5e:b8:8f:63:63:d3:c9:b1:22:6f:a7:78:0f:fc: + d2:39:50:59:b6:06:ff:3c:54:c0:fd:cb:62:69:f2:32:b4:ce: + 51:35:63:1a:b3:c8:6f:ab:3c:3d:88:9f:39:2e:45:40:0b:d3: + 30:4c:dc:ab:ad:32:53:39:01:0b:9c:6f:ec:88:89:89:b0:cc: + 3d:bb:7b:8e:ed:bc:84:28:74:e7:b8:19:d6:6c:ab:50:17:8c: + 90:a0:56:53:64:72:d9:0a:18:78:8b:ba:c2:ba:01:93:1b:44: + 09:f8:2e:27:e8:1b:35:fa:0b:7d:02:ec:92:52:f4:0f:6a:fa: + 7b:cb:5c:3d:0b:3d:7c:b2:b0:13:77:71:d0:bf:55:e7:f3:7d: + 48:2b:f6:02:4b:e6:c6:99:f6:c5:7e:3a:e6:84:11:17:5d:5a: + c8:53:f7:69:c3:3f:43:e2:0f:ca:d8:ad:0b:32:fc:95:6f:80: + 38:6c:37:a9:e5:98:0e:b6:6d:ad:89:6c:b1:dd:88:20:8b:06: + 8e:02:29:ab:59:7c:78:61:55:25:9c:6c:29:d6:4c:27:c1:67: + 10:8e:3e:7a diff --git a/testdata/certs/reference/many-extensions-dates.txt b/testdata/certs/reference/many-extensions-dates.txt index b71c23b..90710d9 100644 --- a/testdata/certs/reference/many-extensions-dates.txt +++ b/testdata/certs/reference/many-extensions-dates.txt @@ -1,2 +1,2 @@ -notBefore=Feb 4 06:32:18 2026 GMT -notAfter=Feb 4 06:32:18 2101 GMT +notBefore=Feb 24 22:17:12 2026 GMT +notAfter=Feb 24 22:17:12 2101 GMT diff --git a/testdata/certs/reference/many-extensions-fingerprint-sha1.txt b/testdata/certs/reference/many-extensions-fingerprint-sha1.txt index 2b0be11..6ce9d62 100644 --- a/testdata/certs/reference/many-extensions-fingerprint-sha1.txt +++ b/testdata/certs/reference/many-extensions-fingerprint-sha1.txt @@ -1 +1 @@ -sha1 Fingerprint=28:2A:BF:0D:38:27:8B:A7:66:C2:34:77:B2:AE:26:EE:85:43:20:62 +sha1 Fingerprint=FB:1A:72:9E:49:8E:1D:7B:51:24:4E:62:BB:E8:0B:A5:B8:56:8C:6E diff --git a/testdata/certs/reference/many-extensions-fingerprint-sha256.txt b/testdata/certs/reference/many-extensions-fingerprint-sha256.txt index 9314304..f0080ea 100644 --- a/testdata/certs/reference/many-extensions-fingerprint-sha256.txt +++ b/testdata/certs/reference/many-extensions-fingerprint-sha256.txt @@ -1 +1 @@ -sha256 Fingerprint=21:13:06:E9:59:A7:7B:5B:1B:4F:3A:4D:DD:FE:35:E2:67:70:D2:A3:52:1F:06:81:B6:52:EE:72:F5:BD:FB:65 +sha256 Fingerprint=A7:24:05:6D:13:4C:E0:3B:E8:74:7F:5A:5B:E1:73:53:21:AB:AA:4E:A0:7C:17:60:D0:14:93:DB:5A:9B:2D:32 diff --git a/testdata/certs/reference/many-extensions-pubkey.txt b/testdata/certs/reference/many-extensions-pubkey.txt index 51acd21..bf34faf 100644 --- a/testdata/certs/reference/many-extensions-pubkey.txt +++ b/testdata/certs/reference/many-extensions-pubkey.txt @@ -1,9 +1,9 @@ -----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIjbr4oZvE9hU4gr+PFz -672fPr7ovjpRocHtoTzt7/e3LKXhgD+LNJtHuRs7PzFqnVrRd9CMogLkmIHgHUo2 -+28MwkOoX3cEqyxt4JW+XPIALQ5jAt6WS0fDaxP7y0jO+424fGDI86PFAe2xtFW4 -u0hxdnjtibCSRATpxDJiRvfJpvF7fbTv/8qtMC5K22xb3lj26hw2T9oPefZmn5Yk -cKoaY8edhiz0wrZpzuK+X/Ca/G3XWnxWfrDwPk01TJF2j6w5+U5/xf2ZayV8XXGE -guslRK30G1aY/H9vrydIhPbxA7+iLY82Fu3ehpzmC5aAfon1FNqpQ9Kw3wlQ6OIa -2wIDAQAB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXxMkvkzLZpm9a4QPzqt +t1AEwnuopDZ+HDSDrVXk0tpoXWwQNY70/Q/6x3nrtn46e+XyyMMoBFBNkJ8FzRgl +dWaeu5ZVo7X4qnJJENv5stT6Flh9OdEBl9V0uCFoE6yk1HK9GmSvc2ns0wclwKlQ +rOqNo1iiN/LnE9mC98QHQNtS0q7XHFPJjYIadRBkA33TSconlIVoqNqgA1L+3BTv +3MNz7ox9UbDrerBH286ATGgQmCoPFBciE63V5cfwl7peDF9UF+MVP/QVAbQOAxy0 +AtO6rQw3XrZ11ltrPlrWx9KZJAOjEL1zaNQQmHKUHQgKdlu5arprFwSkoaXNfd4x +BwIDAQAB -----END PUBLIC KEY----- diff --git a/testdata/certs/reference/many-extensions-text.txt b/testdata/certs/reference/many-extensions-text.txt index 124fdf8..9630d34 100644 --- a/testdata/certs/reference/many-extensions-text.txt +++ b/testdata/certs/reference/many-extensions-text.txt @@ -5,31 +5,31 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = California, L = San Francisco, O = Test PKI, OU = Certificate Authority, CN = Test Root CA Validity - Not Before: Feb 4 06:32:18 2026 GMT - Not After : Feb 4 06:32:18 2101 GMT + Not Before: Feb 24 22:17:12 2026 GMT + Not After : Feb 24 22:17:12 2101 GMT Subject: C = GB, ST = London, L = City of London, O = Extension Test Ltd, OU = Engineering, CN = extensions.example.com, emailAddress = certs@example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:9c:88:db:af:8a:19:bc:4f:61:53:88:2b:f8:f1: - 73:eb:bd:9f:3e:be:e8:be:3a:51:a1:c1:ed:a1:3c: - ed:ef:f7:b7:2c:a5:e1:80:3f:8b:34:9b:47:b9:1b: - 3b:3f:31:6a:9d:5a:d1:77:d0:8c:a2:02:e4:98:81: - e0:1d:4a:36:fb:6f:0c:c2:43:a8:5f:77:04:ab:2c: - 6d:e0:95:be:5c:f2:00:2d:0e:63:02:de:96:4b:47: - c3:6b:13:fb:cb:48:ce:fb:8d:b8:7c:60:c8:f3:a3: - c5:01:ed:b1:b4:55:b8:bb:48:71:76:78:ed:89:b0: - 92:44:04:e9:c4:32:62:46:f7:c9:a6:f1:7b:7d:b4: - ef:ff:ca:ad:30:2e:4a:db:6c:5b:de:58:f6:ea:1c: - 36:4f:da:0f:79:f6:66:9f:96:24:70:aa:1a:63:c7: - 9d:86:2c:f4:c2:b6:69:ce:e2:be:5f:f0:9a:fc:6d: - d7:5a:7c:56:7e:b0:f0:3e:4d:35:4c:91:76:8f:ac: - 39:f9:4e:7f:c5:fd:99:6b:25:7c:5d:71:84:82:eb: - 25:44:ad:f4:1b:56:98:fc:7f:6f:af:27:48:84:f6: - f1:03:bf:a2:2d:8f:36:16:ed:de:86:9c:e6:0b:96: - 80:7e:89:f5:14:da:a9:43:d2:b0:df:09:50:e8:e2: - 1a:db + 00:9d:7c:4c:92:f9:33:2d:9a:66:f5:ae:10:3f:3a: + ad:b7:50:04:c2:7b:a8:a4:36:7e:1c:34:83:ad:55: + e4:d2:da:68:5d:6c:10:35:8e:f4:fd:0f:fa:c7:79: + eb:b6:7e:3a:7b:e5:f2:c8:c3:28:04:50:4d:90:9f: + 05:cd:18:25:75:66:9e:bb:96:55:a3:b5:f8:aa:72: + 49:10:db:f9:b2:d4:fa:16:58:7d:39:d1:01:97:d5: + 74:b8:21:68:13:ac:a4:d4:72:bd:1a:64:af:73:69: + ec:d3:07:25:c0:a9:50:ac:ea:8d:a3:58:a2:37:f2: + e7:13:d9:82:f7:c4:07:40:db:52:d2:ae:d7:1c:53: + c9:8d:82:1a:75:10:64:03:7d:d3:49:ca:27:94:85: + 68:a8:da:a0:03:52:fe:dc:14:ef:dc:c3:73:ee:8c: + 7d:51:b0:eb:7a:b0:47:db:ce:80:4c:68:10:98:2a: + 0f:14:17:22:13:ad:d5:e5:c7:f0:97:ba:5e:0c:5f: + 54:17:e3:15:3f:f4:15:01:b4:0e:03:1c:b4:02:d3: + ba:ad:0c:37:5e:b6:75:d6:5b:6b:3e:5a:d6:c7:d2: + 99:24:03:a3:10:bd:73:68:d4:10:98:72:94:1d:08: + 0a:76:5b:b9:6a:ba:6b:17:04:a4:a1:a5:cd:7d:de: + 31:07 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -39,9 +39,9 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping X509v3 Subject Key Identifier: - 2C:87:23:21:82:04:81:16:47:12:C0:E7:AF:87:13:F5:6E:CB:35:14 + AA:E3:04:AB:89:F4:85:ED:87:B2:E3:7B:00:2B:43:28:D3:DA:29:F4 X509v3 Authority Key Identifier: - 50:0E:FC:2B:84:B4:AB:50:6F:33:ED:E5:52:C1:00:63:0C:84:09:F3 + DD:42:6E:6A:E9:0F:48:A5:15:50:57:EF:B8:6D:46:BF:AF:65:50:EC X509v3 Subject Alternative Name: DNS:extensions.example.com, DNS:*.extensions.example.com, DNS:alt.example.com, IP Address:10.0.0.1, IP Address:192.168.1.1, IP Address:0:0:0:0:0:0:0:1, email:certs@example.com, URI:https://example.com/cert-info Authority Information Access: @@ -57,18 +57,18 @@ Certificate: This is a test certificate with many extensions Signature Algorithm: sha256WithRSAEncryption Signature Value: - 9f:6e:9f:e9:31:32:27:c5:49:2e:01:b8:f1:32:28:4f:9f:04: - b8:e5:d6:b2:8c:d7:e4:c9:0b:b2:fd:db:98:7f:d0:3f:31:50: - 72:a7:df:88:26:e6:f3:c6:5a:e1:2a:1b:e9:44:60:5f:7b:5a: - dd:1a:fa:b8:ef:4c:7f:84:f2:8f:71:fd:39:89:6e:71:40:a9: - c3:8c:a7:42:dc:80:1b:cb:4e:14:f9:b0:cb:dc:18:43:f9:56: - 7b:a6:8a:e2:6b:7d:20:01:de:9b:ee:84:79:f0:97:10:9f:b9: - 39:06:27:6f:0f:d7:3c:dd:9d:02:e3:3e:d0:73:22:8d:12:9f: - 3f:a0:15:39:1c:d2:f7:e2:db:6f:8d:78:eb:25:5f:81:50:e2: - 1d:5b:b3:04:f4:b0:ba:dc:a3:ce:a4:c9:e4:b7:89:4b:9d:b6: - 66:81:09:20:a2:16:c1:fb:39:06:eb:e8:d5:f1:42:89:89:4f: - f3:46:e2:57:82:3d:b2:3e:6d:e6:05:d2:e6:22:cb:9f:9f:9d: - ce:07:61:d4:b5:c2:14:e6:5e:eb:12:1a:94:45:0f:92:bd:66: - 4c:59:82:e6:07:92:b2:90:45:00:58:b9:51:0e:d1:a4:79:04: - e8:92:d9:f3:11:22:02:b1:c2:53:46:91:93:f0:a8:11:9e:99: - ca:51:46:ad + 84:55:97:39:e3:d0:62:93:b2:92:1f:f5:07:07:b1:76:dd:19: + 2c:33:f6:e0:72:de:08:27:2e:59:96:12:13:0e:7f:69:b0:e1: + 49:68:5b:09:de:6c:89:34:05:a0:0c:3f:38:a4:fa:6f:ba:cf: + 37:14:ac:79:93:1b:b7:ea:55:2f:4d:31:f7:a2:fe:21:09:02: + 82:c2:89:57:8d:b8:21:fd:a0:f2:e4:92:43:59:db:52:58:14: + 79:03:70:5a:44:52:d8:9d:cf:09:60:fe:c1:fa:97:46:76:6d: + a6:74:02:af:4e:ce:91:90:54:7d:c9:8e:ce:bf:0b:75:dc:23: + b9:5a:34:be:6d:d9:40:63:22:d5:26:2a:ca:a0:36:71:25:4d: + 3d:aa:3c:77:bd:22:f2:d8:d5:ec:de:44:de:f0:b6:60:ee:d2: + fc:7f:29:bc:01:88:2a:6b:5c:55:79:8d:e3:95:5f:9d:32:8f: + 80:c4:1a:cb:4a:55:00:aa:c1:7e:1a:5e:6f:5f:21:02:77:35: + db:c8:a7:cf:85:42:aa:47:d8:ce:6f:d0:de:41:0d:56:d9:25: + 59:8d:60:10:9c:b7:54:2a:75:d8:81:3d:d3:2b:52:23:76:df: + 54:48:7f:86:f5:71:ee:83:8b:85:c5:9f:d0:88:8b:7a:10:e7: + 65:cf:53:b9 diff --git a/testdata/certs/reference/minimal-dates.txt b/testdata/certs/reference/minimal-dates.txt index 9f6fc52..1a11ef0 100644 --- a/testdata/certs/reference/minimal-dates.txt +++ b/testdata/certs/reference/minimal-dates.txt @@ -1,2 +1,2 @@ -notBefore=Feb 4 06:32:17 2026 GMT -notAfter=Feb 4 06:32:17 2101 GMT +notBefore=Feb 24 22:17:11 2026 GMT +notAfter=Feb 24 22:17:11 2101 GMT diff --git a/testdata/certs/reference/minimal-fingerprint-sha1.txt b/testdata/certs/reference/minimal-fingerprint-sha1.txt index fa770dd..c579f67 100644 --- a/testdata/certs/reference/minimal-fingerprint-sha1.txt +++ b/testdata/certs/reference/minimal-fingerprint-sha1.txt @@ -1 +1 @@ -sha1 Fingerprint=99:24:5F:4A:F3:90:40:5F:55:9F:3A:A7:31:89:80:B6:7F:AF:B3:52 +sha1 Fingerprint=72:5C:AA:C9:03:05:14:3B:5C:6C:4F:8B:36:CA:52:17:9A:13:29:F2 diff --git a/testdata/certs/reference/minimal-fingerprint-sha256.txt b/testdata/certs/reference/minimal-fingerprint-sha256.txt index 5cb7e11..ebe1234 100644 --- a/testdata/certs/reference/minimal-fingerprint-sha256.txt +++ b/testdata/certs/reference/minimal-fingerprint-sha256.txt @@ -1 +1 @@ -sha256 Fingerprint=01:64:85:16:17:AE:67:B5:8F:D0:71:9C:F1:84:95:D2:50:AE:2F:19:C4:E6:2A:CA:36:C2:3A:C3:AF:40:98:7D +sha256 Fingerprint=9F:4B:1C:86:13:65:23:E1:B0:2E:EE:88:EF:B0:96:F3:38:7B:49:9E:D8:E6:A8:62:E4:5F:DC:9E:1E:41:08:67 diff --git a/testdata/certs/reference/minimal-pubkey.txt b/testdata/certs/reference/minimal-pubkey.txt index 93fe262..e43be2e 100644 --- a/testdata/certs/reference/minimal-pubkey.txt +++ b/testdata/certs/reference/minimal-pubkey.txt @@ -1,9 +1,9 @@ -----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogvg0PfCN9r/v1NEd3xB -CL1Ew0vov0R7DVdh43qe3IO5NrRrB5lp+ioCSevYLcg9XKgS0YTmiD3pdmH7UBCI -1/yU7/7TwDMlkKgvCG/JRcAF0ZEWrn8Mz+9QYZz+8b5nk0rWoJchjWl39OUrj6a4 -xiRlM2dyvZtWNOuc7hQk9Cvnhn5i4AFwIYdd6qTQxQ4Qn/Lvt4sppvCQ2MX79CaE -v8oA3utz/hTECYfhs7ZyFyVVbsg87i4HLt5jp3MCupFED+P1CGwhcfCoBsrE6u6Z -BmYI6BHoo4ZnlsfhBFg2EILcOIOzucReue/d7UyfyvY9FpTljD81kEgD65F1P6UA -5wIDAQAB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo743GO37vAutMcRsrklX +XI1leQ/HMlx85Nf1qV+7KiJ8Z0LcB0vjeHKBonGqrUwznV3EowuK8UH7M3T7bK2U +JxImfWDw8yFmYu7DFDSyRr/fM2UlOXaUlbj5I5QxUbSDopgx2s21xC2CeuuyCSNF +G+GysQb0ZjEOjwOaqIRWHYTcsHHXoBrOfeiBexeluGoUWu3oExe9CwUB4HuDEBcg +k02xIbteNpKTpd7RcqkvBry4NGWmXsY31Ji4Om1XBCSIkrJh+UMJss5jZS4QGBRO +bVwisNac6wdcAkytv6q0GwjJu34vCeMn1hfrmb3iK8P8xYkSfvraigGOWW6nFhYR +FQIDAQAB -----END PUBLIC KEY----- diff --git a/testdata/certs/reference/minimal-text.txt b/testdata/certs/reference/minimal-text.txt index 9a60c55..8e95a60 100644 --- a/testdata/certs/reference/minimal-text.txt +++ b/testdata/certs/reference/minimal-text.txt @@ -5,53 +5,53 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: CN = Minimal Test Validity - Not Before: Feb 4 06:32:17 2026 GMT - Not After : Feb 4 06:32:17 2101 GMT + Not Before: Feb 24 22:17:11 2026 GMT + Not After : Feb 24 22:17:11 2101 GMT Subject: CN = Minimal Test Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a2:0b:e0:d0:f7:c2:37:da:ff:bf:53:44:77:7c: - 41:08:bd:44:c3:4b:e8:bf:44:7b:0d:57:61:e3:7a: - 9e:dc:83:b9:36:b4:6b:07:99:69:fa:2a:02:49:eb: - d8:2d:c8:3d:5c:a8:12:d1:84:e6:88:3d:e9:76:61: - fb:50:10:88:d7:fc:94:ef:fe:d3:c0:33:25:90:a8: - 2f:08:6f:c9:45:c0:05:d1:91:16:ae:7f:0c:cf:ef: - 50:61:9c:fe:f1:be:67:93:4a:d6:a0:97:21:8d:69: - 77:f4:e5:2b:8f:a6:b8:c6:24:65:33:67:72:bd:9b: - 56:34:eb:9c:ee:14:24:f4:2b:e7:86:7e:62:e0:01: - 70:21:87:5d:ea:a4:d0:c5:0e:10:9f:f2:ef:b7:8b: - 29:a6:f0:90:d8:c5:fb:f4:26:84:bf:ca:00:de:eb: - 73:fe:14:c4:09:87:e1:b3:b6:72:17:25:55:6e:c8: - 3c:ee:2e:07:2e:de:63:a7:73:02:ba:91:44:0f:e3: - f5:08:6c:21:71:f0:a8:06:ca:c4:ea:ee:99:06:66: - 08:e8:11:e8:a3:86:67:96:c7:e1:04:58:36:10:82: - dc:38:83:b3:b9:c4:5e:b9:ef:dd:ed:4c:9f:ca:f6: - 3d:16:94:e5:8c:3f:35:90:48:03:eb:91:75:3f:a5: - 00:e7 + 00:a3:be:37:18:ed:fb:bc:0b:ad:31:c4:6c:ae:49: + 57:5c:8d:65:79:0f:c7:32:5c:7c:e4:d7:f5:a9:5f: + bb:2a:22:7c:67:42:dc:07:4b:e3:78:72:81:a2:71: + aa:ad:4c:33:9d:5d:c4:a3:0b:8a:f1:41:fb:33:74: + fb:6c:ad:94:27:12:26:7d:60:f0:f3:21:66:62:ee: + c3:14:34:b2:46:bf:df:33:65:25:39:76:94:95:b8: + f9:23:94:31:51:b4:83:a2:98:31:da:cd:b5:c4:2d: + 82:7a:eb:b2:09:23:45:1b:e1:b2:b1:06:f4:66:31: + 0e:8f:03:9a:a8:84:56:1d:84:dc:b0:71:d7:a0:1a: + ce:7d:e8:81:7b:17:a5:b8:6a:14:5a:ed:e8:13:17: + bd:0b:05:01:e0:7b:83:10:17:20:93:4d:b1:21:bb: + 5e:36:92:93:a5:de:d1:72:a9:2f:06:bc:b8:34:65: + a6:5e:c6:37:d4:98:b8:3a:6d:57:04:24:88:92:b2: + 61:f9:43:09:b2:ce:63:65:2e:10:18:14:4e:6d:5c: + 22:b0:d6:9c:eb:07:5c:02:4c:ad:bf:aa:b4:1b:08: + c9:bb:7e:2f:09:e3:27:d6:17:eb:99:bd:e2:2b:c3: + fc:c5:89:12:7e:fa:da:8a:01:8e:59:6e:a7:16:16: + 11:15 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 31:66:6E:02:5A:EA:46:22:4B:52:E3:6D:31:EA:3F:3E:72:EE:C2:DB + B3:D9:FB:32:B1:7A:7F:F3:37:A5:EE:71:CC:DC:81:72:58:EC:19:5F X509v3 Authority Key Identifier: - 31:66:6E:02:5A:EA:46:22:4B:52:E3:6D:31:EA:3F:3E:72:EE:C2:DB + B3:D9:FB:32:B1:7A:7F:F3:37:A5:EE:71:CC:DC:81:72:58:EC:19:5F X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption Signature Value: - 5a:11:cf:37:23:20:c9:f9:96:6e:d9:82:87:78:d9:e9:e2:ed: - 23:30:ba:a3:e9:50:dc:72:3a:5e:22:c4:db:92:88:4f:d5:bb: - ba:53:ee:d5:da:95:45:00:c8:5b:35:04:76:24:86:48:f2:dd: - bd:69:e9:ac:aa:a5:d8:d4:a6:7a:a0:c3:b3:d0:d6:7e:cb:05: - e9:42:42:9e:d9:22:b8:81:1f:e1:64:7b:d8:8f:a8:9e:dc:0c: - d2:89:4b:c1:bf:ca:ab:a4:9b:c2:03:b8:f8:f4:4d:56:50:92: - 09:9d:92:63:29:74:45:a3:14:dd:c1:fa:09:e5:d7:8d:e2:c3: - 67:a7:1b:a9:a9:1b:0a:3b:8c:59:9c:e9:1b:17:99:6c:66:ac: - 85:85:08:d9:2b:cf:62:cf:27:df:e0:48:da:10:e5:26:e7:83: - e1:b0:a1:b0:28:7f:1c:ed:44:68:ee:cd:db:62:43:8d:d8:17: - 16:71:64:62:21:b9:7c:fb:a2:f0:dc:86:65:c9:cc:bf:01:28: - 4b:8c:56:2f:11:77:8e:a8:a7:1b:5d:1c:c4:94:c7:b3:bc:66: - b1:a2:e0:82:fb:52:dc:3f:53:a9:92:1d:91:ad:6d:14:c6:05: - 57:07:0f:1e:6c:2e:38:af:7f:16:e1:61:34:8b:99:d8:6b:d9: - 0d:d5:99:9a + 0d:e9:d3:40:08:8d:ef:4d:88:c8:45:6a:6f:85:fc:f0:18:2e: + 61:68:ba:4e:3c:c3:e0:d5:0e:f7:d9:09:ec:ad:24:c1:28:84: + 77:a8:f0:e0:19:3b:b5:79:b2:0b:55:9e:48:56:e3:16:e9:61: + 19:55:5e:14:a1:73:04:9d:33:6b:8a:78:d9:e3:8d:29:78:cb: + e8:59:7a:48:a3:08:c0:58:30:0d:38:8c:0b:c3:bf:60:b7:7a: + b7:ef:ae:40:08:b0:9c:4c:9c:a5:6b:b8:23:03:21:c5:7c:bf: + 2e:3b:34:87:72:14:cb:98:84:98:46:99:3c:46:e0:23:b0:b7: + 67:2a:31:39:42:46:5f:e2:75:b3:9a:86:a7:17:6f:0d:59:de: + a3:14:2a:c5:09:ad:68:3b:bd:a9:7e:0a:35:9f:0d:6d:77:45: + fe:5d:be:eb:5c:84:05:2f:2c:68:c7:8e:f7:2f:f6:e9:8f:08: + 5d:0d:44:bc:7a:58:d5:6f:5b:ee:b5:34:94:0f:f8:e1:a9:91: + 59:aa:b2:ec:0b:28:62:e4:89:3f:06:61:1b:57:fa:f7:04:32: + d8:25:92:48:72:ef:ba:28:00:8f:c1:7c:b4:76:2e:a0:04:83: + 86:82:81:6c:f0:45:a5:03:34:09:41:81:e2:28:04:92:bd:76: + a6:bb:34:23 diff --git a/testdata/certs/reference/root-ca-dates.txt b/testdata/certs/reference/root-ca-dates.txt index 929cd1e..2b6d9d5 100644 --- a/testdata/certs/reference/root-ca-dates.txt +++ b/testdata/certs/reference/root-ca-dates.txt @@ -1,2 +1,2 @@ -notBefore=Feb 4 06:32:15 2026 GMT -notAfter=Feb 4 06:32:15 2101 GMT +notBefore=Feb 24 22:17:10 2026 GMT +notAfter=Feb 24 22:17:10 2101 GMT diff --git a/testdata/certs/reference/root-ca-fingerprint-sha1.txt b/testdata/certs/reference/root-ca-fingerprint-sha1.txt index 5f62e5d..7badb98 100644 --- a/testdata/certs/reference/root-ca-fingerprint-sha1.txt +++ b/testdata/certs/reference/root-ca-fingerprint-sha1.txt @@ -1 +1 @@ -sha1 Fingerprint=00:84:0F:FC:6E:4D:1E:7E:BF:6F:B2:9A:7E:24:49:96:14:B0:D7:CC +sha1 Fingerprint=8A:38:3E:3B:B2:6F:80:07:ED:11:06:53:2D:34:1F:ED:6E:59:A4:3D diff --git a/testdata/certs/reference/root-ca-fingerprint-sha256.txt b/testdata/certs/reference/root-ca-fingerprint-sha256.txt index 6cd145b..16b4f4f 100644 --- a/testdata/certs/reference/root-ca-fingerprint-sha256.txt +++ b/testdata/certs/reference/root-ca-fingerprint-sha256.txt @@ -1 +1 @@ -sha256 Fingerprint=D8:68:33:A3:D3:AC:AF:2A:80:79:7E:1C:76:16:2F:77:42:BC:CA:F5:DD:1D:50:63:21:6B:5F:09:3F:D1:1D:EB +sha256 Fingerprint=6E:81:94:54:A8:3C:C7:24:68:84:1F:94:C3:FA:9D:4A:BC:7E:81:6D:18:C4:FA:6F:6B:2F:08:3E:2B:EC:82:87 diff --git a/testdata/certs/reference/root-ca-pubkey.txt b/testdata/certs/reference/root-ca-pubkey.txt index 2ab19fb..0fff9b6 100644 --- a/testdata/certs/reference/root-ca-pubkey.txt +++ b/testdata/certs/reference/root-ca-pubkey.txt @@ -1,9 +1,9 @@ -----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqR7LYFz2gtHOYDCxDwCp -FlECoS2I59rJyi7hkGCXpYFdCgCQMyf0fSI51iGClE32DMjELhKQRlAlzjXtxwsZ -CH1ZXLXHJ4ZrgJ3fQzpiEiZt2sWG7wnOZo7c/baUQc3iBefa25N/LKblRTtLlPjZ -Z4phjdf91Pxz0CarQ4ehjNCOReWN0hhw+yp6lcmVWykXILmqJ04NFiiV8yzNMK8R -xpgFynDUu67jBwZ9pR3xFDzVE30FqtCveCDBCieYdVFdEn4MqgO7C+bz/qbb9t3z -eR4qbb5DGLbvDXB2ekx0hqDJTZ/jxwNBx65S3KTT+ZUajKWtfHfEPoRJ3rbF64CQ -wQIDAQAB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1aH2kp8+nisdsyplWrmw +66AyZBeSgljrePmG7nEMuQ55c0SBfoWw3Bjdt2LkCiPbWrw4UNse0vqpheN6joy+ +RvCyD+nMY8tFnQGoxjMyojwmmaGC06bVkEdB62F98Vb2SHDsaR4ilK2Vzug6Pg5z +jEhxjmfPKBDKRWyX1myPNf3YnkgS5dwG5BPFGXR8L5UFMHtwjcKG+CNsEFfX1+3s +8rnPcKUaK2UXx0Zssbl7IRWRGjhgxygNoWDTCK+JYGZ+nFzQQpAVP15Z1QPNsjY9 +mxNPVNPInluwn6YHm6OvqYblew+Gp4f2TWzLICMqwJlvlVQav3ILF+4o3WWHtxdu +aQIDAQAB -----END PUBLIC KEY----- diff --git a/testdata/certs/reference/root-ca-text.txt b/testdata/certs/reference/root-ca-text.txt index cc5b3c3..0abca06 100644 --- a/testdata/certs/reference/root-ca-text.txt +++ b/testdata/certs/reference/root-ca-text.txt @@ -5,31 +5,31 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = California, L = San Francisco, O = Test PKI, OU = Certificate Authority, CN = Test Root CA Validity - Not Before: Feb 4 06:32:15 2026 GMT - Not After : Feb 4 06:32:15 2101 GMT + Not Before: Feb 24 22:17:10 2026 GMT + Not After : Feb 24 22:17:10 2101 GMT Subject: C = US, ST = California, L = San Francisco, O = Test PKI, OU = Certificate Authority, CN = Test Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a9:1e:cb:60:5c:f6:82:d1:ce:60:30:b1:0f:00: - a9:16:51:02:a1:2d:88:e7:da:c9:ca:2e:e1:90:60: - 97:a5:81:5d:0a:00:90:33:27:f4:7d:22:39:d6:21: - 82:94:4d:f6:0c:c8:c4:2e:12:90:46:50:25:ce:35: - ed:c7:0b:19:08:7d:59:5c:b5:c7:27:86:6b:80:9d: - df:43:3a:62:12:26:6d:da:c5:86:ef:09:ce:66:8e: - dc:fd:b6:94:41:cd:e2:05:e7:da:db:93:7f:2c:a6: - e5:45:3b:4b:94:f8:d9:67:8a:61:8d:d7:fd:d4:fc: - 73:d0:26:ab:43:87:a1:8c:d0:8e:45:e5:8d:d2:18: - 70:fb:2a:7a:95:c9:95:5b:29:17:20:b9:aa:27:4e: - 0d:16:28:95:f3:2c:cd:30:af:11:c6:98:05:ca:70: - d4:bb:ae:e3:07:06:7d:a5:1d:f1:14:3c:d5:13:7d: - 05:aa:d0:af:78:20:c1:0a:27:98:75:51:5d:12:7e: - 0c:aa:03:bb:0b:e6:f3:fe:a6:db:f6:dd:f3:79:1e: - 2a:6d:be:43:18:b6:ef:0d:70:76:7a:4c:74:86:a0: - c9:4d:9f:e3:c7:03:41:c7:ae:52:dc:a4:d3:f9:95: - 1a:8c:a5:ad:7c:77:c4:3e:84:49:de:b6:c5:eb:80: - 90:c1 + 00:d5:a1:f6:92:9f:3e:9e:2b:1d:b3:2a:65:5a:b9: + b0:eb:a0:32:64:17:92:82:58:eb:78:f9:86:ee:71: + 0c:b9:0e:79:73:44:81:7e:85:b0:dc:18:dd:b7:62: + e4:0a:23:db:5a:bc:38:50:db:1e:d2:fa:a9:85:e3: + 7a:8e:8c:be:46:f0:b2:0f:e9:cc:63:cb:45:9d:01: + a8:c6:33:32:a2:3c:26:99:a1:82:d3:a6:d5:90:47: + 41:eb:61:7d:f1:56:f6:48:70:ec:69:1e:22:94:ad: + 95:ce:e8:3a:3e:0e:73:8c:48:71:8e:67:cf:28:10: + ca:45:6c:97:d6:6c:8f:35:fd:d8:9e:48:12:e5:dc: + 06:e4:13:c5:19:74:7c:2f:95:05:30:7b:70:8d:c2: + 86:f8:23:6c:10:57:d7:d7:ed:ec:f2:b9:cf:70:a5: + 1a:2b:65:17:c7:46:6c:b1:b9:7b:21:15:91:1a:38: + 60:c7:28:0d:a1:60:d3:08:af:89:60:66:7e:9c:5c: + d0:42:90:15:3f:5e:59:d5:03:cd:b2:36:3d:9b:13: + 4f:54:d3:c8:9e:5b:b0:9f:a6:07:9b:a3:af:a9:86: + e5:7b:0f:86:a7:87:f6:4d:6c:cb:20:23:2a:c0:99: + 6f:95:54:1a:bf:72:0b:17:ee:28:dd:65:87:b7:17: + 6e:69 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical @@ -37,23 +37,23 @@ Certificate: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: - 50:0E:FC:2B:84:B4:AB:50:6F:33:ED:E5:52:C1:00:63:0C:84:09:F3 + DD:42:6E:6A:E9:0F:48:A5:15:50:57:EF:B8:6D:46:BF:AF:65:50:EC X509v3 Authority Key Identifier: - 50:0E:FC:2B:84:B4:AB:50:6F:33:ED:E5:52:C1:00:63:0C:84:09:F3 + DD:42:6E:6A:E9:0F:48:A5:15:50:57:EF:B8:6D:46:BF:AF:65:50:EC Signature Algorithm: sha256WithRSAEncryption Signature Value: - 57:1d:07:1d:f9:f8:91:45:0b:fa:bb:c6:d0:f6:f0:3c:99:6a: - 6f:73:0b:2f:47:c5:1e:0f:4f:30:b0:d8:93:76:96:46:29:a7: - 42:f7:94:fd:02:dc:6a:1f:f7:a2:71:bd:a3:56:3a:5f:f8:83: - d7:52:8f:a3:ef:76:c1:61:9b:b4:43:c7:c5:89:14:37:f3:12: - dd:4b:d5:29:65:96:4e:c7:2b:be:24:d0:a0:8a:13:3a:8a:ff: - 5c:6b:eb:36:1d:0f:b2:9f:d2:56:9f:e3:b6:92:ca:b6:65:b2: - 8d:03:01:af:4b:9f:58:95:18:da:ff:d2:12:c6:51:8c:96:b1: - 00:56:2b:37:f9:eb:4a:e4:c4:03:2b:d2:f0:86:61:f3:c2:b1: - 8e:ae:50:89:b4:af:3c:2b:72:63:14:f9:74:7f:03:d9:ad:3f: - a0:25:d7:63:f4:ff:e9:96:cd:b2:1b:85:a2:86:54:96:5b:3d: - 8c:44:c9:06:3d:99:15:4f:b5:72:7a:4d:78:25:58:12:51:c9: - c7:c9:f6:a2:16:87:ab:ab:00:40:42:df:f8:9d:e4:cb:a1:47: - 51:37:c8:d6:34:c0:a2:4d:1c:ae:88:8c:22:71:f8:55:10:f9: - 5f:35:05:d1:f1:92:fc:63:f6:c6:e4:5b:21:e9:b9:3a:b3:18: - cd:36:19:04 + 3c:4c:78:ef:51:e5:59:1f:24:e9:40:d8:b8:fb:7f:d6:9e:dc: + 2f:ec:9d:ba:44:4d:be:19:a7:06:10:82:75:3a:a3:db:e7:e8: + 0a:b7:08:10:e7:64:ac:cc:e1:4c:7b:26:c2:e1:31:76:9b:0b: + 20:ff:8a:72:c9:cc:c2:77:28:c6:cc:4b:b7:ae:c4:0e:a4:6b: + 1a:1e:d5:c2:da:5c:3a:b1:e0:83:0e:76:bc:fb:aa:c1:6f:8f: + 57:cd:8d:ee:df:92:00:8e:61:0d:d0:83:d3:6e:d0:49:9a:bb: + 37:4c:8a:d8:2b:6c:19:eb:d7:3d:f1:f0:a7:e1:a2:f5:09:f7: + ea:f4:33:54:a5:56:b1:e6:7e:7a:be:d6:07:72:16:05:14:18: + fc:7a:5a:bd:1f:28:0d:d0:7d:20:92:63:a1:70:7d:8c:b6:6d: + 56:7f:a4:ce:30:54:60:c6:6b:f9:da:f1:59:99:ef:ea:70:73: + df:20:65:87:cf:57:f3:c4:3a:e2:e2:74:ca:fc:7e:da:76:0b: + 0b:92:c6:f7:7e:d2:b4:94:56:88:93:ca:d3:7c:30:5c:88:b0: + dd:6b:92:2b:40:fd:b2:2f:ed:5a:29:e1:0f:59:e6:86:da:b2: + 61:d9:25:47:92:78:62:41:c1:ce:28:b7:02:84:15:91:17:64: + 71:be:76:97 diff --git a/testdata/certs/reference/server-dates.txt b/testdata/certs/reference/server-dates.txt index 06674a0..2b6d9d5 100644 --- a/testdata/certs/reference/server-dates.txt +++ b/testdata/certs/reference/server-dates.txt @@ -1,2 +1,2 @@ -notBefore=Feb 4 06:32:16 2026 GMT -notAfter=Feb 4 06:32:16 2101 GMT +notBefore=Feb 24 22:17:10 2026 GMT +notAfter=Feb 24 22:17:10 2101 GMT diff --git a/testdata/certs/reference/server-fingerprint-sha1.txt b/testdata/certs/reference/server-fingerprint-sha1.txt index 562e9eb..164f655 100644 --- a/testdata/certs/reference/server-fingerprint-sha1.txt +++ b/testdata/certs/reference/server-fingerprint-sha1.txt @@ -1 +1 @@ -sha1 Fingerprint=F3:F4:E4:C2:EB:84:12:0E:63:96:C3:D7:9C:D5:9D:2F:D4:CB:64:2C +sha1 Fingerprint=64:BB:B1:A3:A2:28:CB:AC:44:F2:35:5C:8A:CE:A2:09:AE:32:F0:B1 diff --git a/testdata/certs/reference/server-fingerprint-sha256.txt b/testdata/certs/reference/server-fingerprint-sha256.txt index 6f63691..c73f4c6 100644 --- a/testdata/certs/reference/server-fingerprint-sha256.txt +++ b/testdata/certs/reference/server-fingerprint-sha256.txt @@ -1 +1 @@ -sha256 Fingerprint=16:C3:45:C3:D5:6F:16:77:5B:34:D8:13:56:0E:FF:4C:DE:6D:EB:D7:CD:CF:51:CF:D9:60:BA:21:9A:4E:CF:34 +sha256 Fingerprint=E8:74:48:2A:8B:AA:E7:36:9D:5B:51:2A:60:12:34:29:65:43:EB:6A:51:3D:E7:B1:17:CE:48:2F:10:9D:61:92 diff --git a/testdata/certs/reference/server-modulus.txt b/testdata/certs/reference/server-modulus.txt index 4c56b3d..0fb46b3 100644 --- a/testdata/certs/reference/server-modulus.txt +++ b/testdata/certs/reference/server-modulus.txt @@ -1 +1 @@ -Modulus=A1887F360785B2304A038A982E1B77EDA4A1898A5782E825319515B30846DFCE5AB2E0FD5E51F1596DCB6CA05FBE019B981593394880742F43D4A603176CB66DA3F84478AD2EF7386E52AE01D4D0FF597317461A73D42C986AC8EF4DAB0394BDAA24E253EC9F44C48B176178F3A3C37F4891DECF8D35B199C135B459A8029B4F8C56B2168A951AA9DE5731464728603F8753939830759D1CFCD11CC97C4D0FE1A44B3B4B8BBE4F816CDA92E1098EF84B71A65435868D69173010EF58070ED260231CFC65A5871CBBE1437B8AA8BE2185F989B74B70E1D956E9030E5828E953DF913B68AB1DF0C27429CE7D1B73B11A78AA34BB8FA1360A2E02035DE65669B445 +Modulus=C03FB7E9CA70877BB6BBCECB3A90DF9D79A73CC661DA76E5CA24FCF6146348931DAAB310DF567782627BA93B60E4F389D63C351440040E88FF2E2857190A7775FD1158ED60A6303DBE407E38671D480F1812485D2154E262CD33F4BE9A87F293ED3652CE6755203AEAFF1C917CA98C8F2911DDB6449FB6C835490B81404FA3DE571C685366AB72B8B34847AE87B1A23C789318F74A6B70020A897A4D0400A6CEA1982BF66544B03C4427B4D7E03025A65CB95138CE3B5504E10637A4D797B4EE2791A4AE45D180CF707A6471117D00E12E9B7C639DBE9E07E8751238A183E918D9B2028870E5267C44509A21A2E61ADF1A3D9C0E93E0F293627D9B7343E64E3D diff --git a/testdata/certs/reference/server-pubkey.txt b/testdata/certs/reference/server-pubkey.txt index 62d2def..977ddb5 100644 --- a/testdata/certs/reference/server-pubkey.txt +++ b/testdata/certs/reference/server-pubkey.txt @@ -1,9 +1,9 @@ -----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYh/NgeFsjBKA4qYLht3 -7aShiYpXguglMZUVswhG385asuD9XlHxWW3LbKBfvgGbmBWTOUiAdC9D1KYDF2y2 -baP4RHitLvc4blKuAdTQ/1lzF0Yac9QsmGrI702rA5S9qiTiU+yfRMSLF2F486PD -f0iR3s+NNbGZwTW0WagCm0+MVrIWipUaqd5XMUZHKGA/h1OTmDB1nRz80RzJfE0P -4aRLO0uLvk+BbNqS4QmO+EtxplQ1ho1pFzAQ71gHDtJgIxz8ZaWHHLvhQ3uKqL4h -hfmJt0tw4dlW6QMOWCjpU9+RO2irHfDCdCnOfRtzsRp4qjS7j6E2Ci4CA13mVmm0 -RQIDAQAB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwD+36cpwh3u2u87LOpDf +nXmnPMZh2nblyiT89hRjSJMdqrMQ31Z3gmJ7qTtg5POJ1jw1FEAEDoj/LihXGQp3 +df0RWO1gpjA9vkB+OGcdSA8YEkhdIVTiYs0z9L6ah/KT7TZSzmdVIDrq/xyRfKmM +jykR3bZEn7bINUkLgUBPo95XHGhTZqtyuLNIR66HsaI8eJMY90prcAIKiXpNBACm +zqGYK/ZlRLA8RCe01+AwJaZcuVE4zjtVBOEGN6TXl7TuJ5GkrkXRgM9wemRxEX0A +4S6bfGOdvp4H6HUSOKGD6RjZsgKIcOUmfERQmiGi5hrfGj2cDpPg8pNifZtzQ+ZO +PQIDAQAB -----END PUBLIC KEY----- diff --git a/testdata/certs/reference/server-text.txt b/testdata/certs/reference/server-text.txt index 2165bee..3e796b1 100644 --- a/testdata/certs/reference/server-text.txt +++ b/testdata/certs/reference/server-text.txt @@ -5,31 +5,31 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = California, O = Test PKI, OU = Intermediate Authority, CN = Test Intermediate CA Validity - Not Before: Feb 4 06:32:16 2026 GMT - Not After : Feb 4 06:32:16 2101 GMT + Not Before: Feb 24 22:17:10 2026 GMT + Not After : Feb 24 22:17:10 2101 GMT Subject: C = US, ST = California, L = San Francisco, O = Example Corp, CN = www.example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a1:88:7f:36:07:85:b2:30:4a:03:8a:98:2e:1b: - 77:ed:a4:a1:89:8a:57:82:e8:25:31:95:15:b3:08: - 46:df:ce:5a:b2:e0:fd:5e:51:f1:59:6d:cb:6c:a0: - 5f:be:01:9b:98:15:93:39:48:80:74:2f:43:d4:a6: - 03:17:6c:b6:6d:a3:f8:44:78:ad:2e:f7:38:6e:52: - ae:01:d4:d0:ff:59:73:17:46:1a:73:d4:2c:98:6a: - c8:ef:4d:ab:03:94:bd:aa:24:e2:53:ec:9f:44:c4: - 8b:17:61:78:f3:a3:c3:7f:48:91:de:cf:8d:35:b1: - 99:c1:35:b4:59:a8:02:9b:4f:8c:56:b2:16:8a:95: - 1a:a9:de:57:31:46:47:28:60:3f:87:53:93:98:30: - 75:9d:1c:fc:d1:1c:c9:7c:4d:0f:e1:a4:4b:3b:4b: - 8b:be:4f:81:6c:da:92:e1:09:8e:f8:4b:71:a6:54: - 35:86:8d:69:17:30:10:ef:58:07:0e:d2:60:23:1c: - fc:65:a5:87:1c:bb:e1:43:7b:8a:a8:be:21:85:f9: - 89:b7:4b:70:e1:d9:56:e9:03:0e:58:28:e9:53:df: - 91:3b:68:ab:1d:f0:c2:74:29:ce:7d:1b:73:b1:1a: - 78:aa:34:bb:8f:a1:36:0a:2e:02:03:5d:e6:56:69: - b4:45 + 00:c0:3f:b7:e9:ca:70:87:7b:b6:bb:ce:cb:3a:90: + df:9d:79:a7:3c:c6:61:da:76:e5:ca:24:fc:f6:14: + 63:48:93:1d:aa:b3:10:df:56:77:82:62:7b:a9:3b: + 60:e4:f3:89:d6:3c:35:14:40:04:0e:88:ff:2e:28: + 57:19:0a:77:75:fd:11:58:ed:60:a6:30:3d:be:40: + 7e:38:67:1d:48:0f:18:12:48:5d:21:54:e2:62:cd: + 33:f4:be:9a:87:f2:93:ed:36:52:ce:67:55:20:3a: + ea:ff:1c:91:7c:a9:8c:8f:29:11:dd:b6:44:9f:b6: + c8:35:49:0b:81:40:4f:a3:de:57:1c:68:53:66:ab: + 72:b8:b3:48:47:ae:87:b1:a2:3c:78:93:18:f7:4a: + 6b:70:02:0a:89:7a:4d:04:00:a6:ce:a1:98:2b:f6: + 65:44:b0:3c:44:27:b4:d7:e0:30:25:a6:5c:b9:51: + 38:ce:3b:55:04:e1:06:37:a4:d7:97:b4:ee:27:91: + a4:ae:45:d1:80:cf:70:7a:64:71:11:7d:00:e1:2e: + 9b:7c:63:9d:be:9e:07:e8:75:12:38:a1:83:e9:18: + d9:b2:02:88:70:e5:26:7c:44:50:9a:21:a2:e6:1a: + df:1a:3d:9c:0e:93:e0:f2:93:62:7d:9b:73:43:e6: + 4e:3d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -39,9 +39,9 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Subject Key Identifier: - 62:D2:A3:0D:EC:F1:B3:A9:F7:35:86:28:C4:06:1C:EC:1D:03:A1:1F + F8:BA:80:9F:BE:58:56:08:50:A9:6D:34:E7:9B:BA:BB:6B:F7:DC:97 X509v3 Authority Key Identifier: - 53:92:7B:D6:7B:58:80:E7:AE:96:70:E9:95:E8:5C:CD:B8:52:8A:99 + 7C:37:9A:DB:EC:FE:AB:30:79:11:32:F5:E3:A2:64:FB:5C:B5:DE:18 X509v3 Subject Alternative Name: DNS:www.example.com, DNS:example.com, DNS:*.example.com, IP Address:93.184.216.34, IP Address:2606:2800:220:1:248:1893:25C8:1946, email:admin@example.com Authority Information Access: @@ -52,18 +52,18 @@ Certificate: URI:http://crl.example.com/intermediate.crl Signature Algorithm: sha256WithRSAEncryption Signature Value: - 11:56:13:75:19:37:38:09:82:15:e3:07:1e:98:11:3e:38:e6: - 86:a6:5d:55:74:a3:49:c0:c2:8b:e4:67:d8:8f:f2:c9:4c:da: - 79:25:ec:c1:de:a1:d5:f3:65:0a:dc:96:d7:dd:86:de:6f:e2: - f4:51:35:d2:e0:27:29:e3:fb:ab:74:32:f0:7a:52:87:73:b0: - 12:dc:11:b2:0c:4a:f9:a7:60:62:42:5c:da:e8:0d:e4:41:6c: - d1:c3:f2:3b:a7:6a:a4:24:a2:59:0a:e8:9b:1e:76:f1:97:1f: - 1d:79:66:8f:cc:b0:da:6e:07:05:2d:4d:81:e1:31:be:d4:73: - 61:3b:6e:fa:51:f0:82:98:14:95:74:5a:e6:0e:f7:6f:b5:86: - e0:28:7d:07:ab:71:ac:60:dd:f5:78:7d:08:19:d4:f5:3f:d6: - 39:bf:cc:ee:ed:23:d1:ee:22:e3:7e:4f:fc:05:27:bf:7b:1b: - b4:1e:49:22:95:e5:35:d2:a6:d4:7f:b7:e5:c1:a8:bd:c1:f4: - 09:86:03:b3:ed:83:04:83:65:cc:0d:88:6e:2b:c4:9e:7d:74: - ba:30:e0:22:08:94:17:66:5c:c9:4c:49:4f:9a:6a:5e:6e:8b: - f4:bb:c9:e7:04:59:1a:96:ec:d2:c5:3b:c2:34:a3:be:12:ae: - b2:80:71:89 + 48:0a:f2:2a:27:19:e6:56:fd:dd:0a:ae:4c:a7:df:43:4d:08: + 40:c9:b9:9e:6b:90:d1:7a:5a:d3:86:30:5a:b9:e5:14:4d:45: + b6:82:ab:cc:f7:8a:ce:01:63:62:68:63:08:a8:34:23:f5:44: + 64:3b:65:a9:36:05:51:40:fb:9a:97:3e:5e:8d:61:c8:25:22: + 7c:b7:be:f4:7e:dc:2c:26:df:c1:57:45:7c:01:f9:22:12:cc: + c7:dc:68:d1:fa:3f:a2:c2:e0:88:ce:f4:34:c9:ae:51:28:8e: + a9:a4:50:36:bf:2e:4c:43:ce:fc:b4:0d:8b:77:de:b6:1f:65: + e3:22:fe:4a:c3:21:32:d0:4f:a0:f7:50:c4:4d:1f:a1:3b:92: + f6:4e:62:66:b0:7e:22:08:c5:6f:d2:04:7e:38:a5:d9:1c:3b: + e9:fb:aa:77:6b:43:8a:f4:1c:54:95:a0:89:69:9e:ce:55:ac: + 9d:a0:02:1e:79:c8:64:8d:0c:4a:40:6b:39:d0:9e:8e:7a:08: + 26:e1:6d:c3:3f:a0:89:d4:67:34:27:3e:27:c5:55:ff:d3:43: + 66:39:0f:8b:69:c0:6c:37:24:2a:d6:97:30:c1:ab:e8:b3:15: + 54:e8:83:ca:74:3b:f8:af:9a:c1:11:0a:8a:44:70:c9:d9:8d: + 52:f3:da:c1 diff --git a/testdata/certs/reference/utf8-subject-dates.txt b/testdata/certs/reference/utf8-subject-dates.txt index b71c23b..6263c9b 100644 --- a/testdata/certs/reference/utf8-subject-dates.txt +++ b/testdata/certs/reference/utf8-subject-dates.txt @@ -1,2 +1,2 @@ -notBefore=Feb 4 06:32:18 2026 GMT -notAfter=Feb 4 06:32:18 2101 GMT +notBefore=Feb 24 22:17:13 2026 GMT +notAfter=Feb 24 22:17:13 2101 GMT diff --git a/testdata/certs/reference/utf8-subject-fingerprint-sha1.txt b/testdata/certs/reference/utf8-subject-fingerprint-sha1.txt index 84a8ad6..152e899 100644 --- a/testdata/certs/reference/utf8-subject-fingerprint-sha1.txt +++ b/testdata/certs/reference/utf8-subject-fingerprint-sha1.txt @@ -1 +1 @@ -sha1 Fingerprint=03:EA:C4:39:5F:B1:5D:AF:5A:46:10:2B:FF:01:BD:80:0A:0B:32:43 +sha1 Fingerprint=6A:F4:60:8D:86:38:5C:B6:2C:89:CD:66:EE:E0:97:D9:3E:C9:41:2B diff --git a/testdata/certs/reference/utf8-subject-fingerprint-sha256.txt b/testdata/certs/reference/utf8-subject-fingerprint-sha256.txt index cf30a0b..1ae508e 100644 --- a/testdata/certs/reference/utf8-subject-fingerprint-sha256.txt +++ b/testdata/certs/reference/utf8-subject-fingerprint-sha256.txt @@ -1 +1 @@ -sha256 Fingerprint=11:2C:32:C1:53:2D:F5:53:90:6D:E7:08:01:BF:A7:2B:52:95:C8:47:EA:1C:13:14:57:89:3B:C5:0D:29:01:6E +sha256 Fingerprint=D6:E2:B7:A3:3D:BF:5E:12:4E:8E:89:4E:AE:E3:D7:B9:12:DD:D1:7A:2E:09:D8:5A:60:5B:7B:34:B3:12:FB:E6 diff --git a/testdata/certs/reference/utf8-subject-pubkey.txt b/testdata/certs/reference/utf8-subject-pubkey.txt index fa31cb7..089bfc3 100644 --- a/testdata/certs/reference/utf8-subject-pubkey.txt +++ b/testdata/certs/reference/utf8-subject-pubkey.txt @@ -1,9 +1,9 @@ -----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3S/q3Q4ntM/Bn/Cgzzp -XvStAlJEvAWrsKQvqJ35BDzCVizx/WGf3LDl+r3494EIdEWf53vh31p1uY61WVUa -XNAn0GKL7FlRwkT7/B9FQSrB5hjUFtx12ukRTk8XJMJxuHo0lfzSV1IHgJ00v5dt -TKMFU94dlee68UK+xdIQDYOVpKGvXdCGsVN6IAm3qdC5oxqrfCMDZ0qwWKO+dOGd -EyPE89G5CxB2RYVROOsiBOb5DA54nXpYCAs4lNIuPQWmC/9iviLwXN5gwZoc1lL/ -Mn0LhkTYr5RC/Wj6zKWOE/D/AaOSnGDc7qUnC4qqQUTclT0dYlziFTjk94O4wviO -AQIDAQAB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGVJJaSh7zw6C7eFdF16 +AJvlxu4Yw7gLtqWa+JCiE9Rq2Rcpl3UzLnE7jj08rz79hUSv7gI0ULZDfEJhNrfY +KTd/71adnDN6JbzeQxOFCMvlfknPQXj87zlrg4rJQViQ+hBXvq4YGL1jW7IGRJqf +zqUSLinCQyiaQikk1f6qLeOwOPsjXeymdyi1UDyU4Ob29lLgDVa5u/mDI/g3IWYq +oGhyvF54YpQ/iGW3dy5+Y0hpds9JZnuJhGjM5nHiNfm6MghNp4w/EGdpszKmJc5H +mbXsiVtyhJ/zmmE/p1aOxtXwJkTEr0y20FS1s2y3x2bDolQWiODg2vypDI00wADW +OQIDAQAB -----END PUBLIC KEY----- diff --git a/testdata/certs/reference/utf8-subject-text.txt b/testdata/certs/reference/utf8-subject-text.txt index b7b1667..3cea2e5 100644 --- a/testdata/certs/reference/utf8-subject-text.txt +++ b/testdata/certs/reference/utf8-subject-text.txt @@ -5,46 +5,46 @@ Certificate: Signature Algorithm: sha256WithRSAEncryption Issuer: C = FR, ST = C38Ele-de-France, L = Paris, O = SociC3A9tC3A9 de Test, CN = utf8.example.com Validity - Not Before: Feb 4 06:32:18 2026 GMT - Not After : Feb 4 06:32:18 2101 GMT + Not Before: Feb 24 22:17:13 2026 GMT + Not After : Feb 24 22:17:13 2101 GMT Subject: C = FR, ST = C38Ele-de-France, L = Paris, O = SociC3A9tC3A9 de Test, CN = utf8.example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ab:74:bf:ab:74:38:9e:d3:3f:06:7f:c2:83:3c: - e9:5e:f4:ad:02:52:44:bc:05:ab:b0:a4:2f:a8:9d: - f9:04:3c:c2:56:2c:f1:fd:61:9f:dc:b0:e5:fa:bd: - f8:f7:81:08:74:45:9f:e7:7b:e1:df:5a:75:b9:8e: - b5:59:55:1a:5c:d0:27:d0:62:8b:ec:59:51:c2:44: - fb:fc:1f:45:41:2a:c1:e6:18:d4:16:dc:75:da:e9: - 11:4e:4f:17:24:c2:71:b8:7a:34:95:fc:d2:57:52: - 07:80:9d:34:bf:97:6d:4c:a3:05:53:de:1d:95:e7: - ba:f1:42:be:c5:d2:10:0d:83:95:a4:a1:af:5d:d0: - 86:b1:53:7a:20:09:b7:a9:d0:b9:a3:1a:ab:7c:23: - 03:67:4a:b0:58:a3:be:74:e1:9d:13:23:c4:f3:d1: - b9:0b:10:76:45:85:51:38:eb:22:04:e6:f9:0c:0e: - 78:9d:7a:58:08:0b:38:94:d2:2e:3d:05:a6:0b:ff: - 62:be:22:f0:5c:de:60:c1:9a:1c:d6:52:ff:32:7d: - 0b:86:44:d8:af:94:42:fd:68:fa:cc:a5:8e:13:f0: - ff:01:a3:92:9c:60:dc:ee:a5:27:0b:8a:aa:41:44: - dc:95:3d:1d:62:5c:e2:15:38:e4:f7:83:b8:c2:f8: - 8e:01 + 00:ac:65:49:25:a4:a1:ef:3c:3a:0b:b7:85:74:5d: + 7a:00:9b:e5:c6:ee:18:c3:b8:0b:b6:a5:9a:f8:90: + a2:13:d4:6a:d9:17:29:97:75:33:2e:71:3b:8e:3d: + 3c:af:3e:fd:85:44:af:ee:02:34:50:b6:43:7c:42: + 61:36:b7:d8:29:37:7f:ef:56:9d:9c:33:7a:25:bc: + de:43:13:85:08:cb:e5:7e:49:cf:41:78:fc:ef:39: + 6b:83:8a:c9:41:58:90:fa:10:57:be:ae:18:18:bd: + 63:5b:b2:06:44:9a:9f:ce:a5:12:2e:29:c2:43:28: + 9a:42:29:24:d5:fe:aa:2d:e3:b0:38:fb:23:5d:ec: + a6:77:28:b5:50:3c:94:e0:e6:f6:f6:52:e0:0d:56: + b9:bb:f9:83:23:f8:37:21:66:2a:a0:68:72:bc:5e: + 78:62:94:3f:88:65:b7:77:2e:7e:63:48:69:76:cf: + 49:66:7b:89:84:68:cc:e6:71:e2:35:f9:ba:32:08: + 4d:a7:8c:3f:10:67:69:b3:32:a6:25:ce:47:99:b5: + ec:89:5b:72:84:9f:f3:9a:61:3f:a7:56:8e:c6:d5: + f0:26:44:c4:af:4c:b6:d0:54:b5:b3:6c:b7:c7:66: + c3:a2:54:16:88:e0:e0:da:fc:a9:0c:8d:34:c0:00: + d6:39 Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption Signature Value: - 26:90:61:34:83:32:09:dd:31:27:e2:71:93:d2:8c:71:4f:ab: - fe:a0:ea:c3:63:26:7e:00:fd:47:be:9e:36:59:18:58:f4:00: - fb:6a:b0:df:ae:55:24:a8:21:35:54:11:5d:e4:e3:c8:c8:ed: - 60:84:ce:3a:17:05:3a:c2:32:87:9b:62:e2:3a:a6:bf:47:aa: - 2f:1d:42:12:60:72:6a:96:aa:75:95:01:9c:9d:3d:ea:0f:87: - c0:25:89:da:20:52:f0:f1:5a:b4:4e:f6:ed:ef:2e:dd:7c:3f: - 7c:66:44:8e:97:97:b9:bb:2e:87:08:07:5c:3a:9f:17:19:cb: - e2:1d:34:f8:9d:cb:6b:47:ec:77:e7:90:a6:54:b3:2c:27:2c: - 62:3a:65:bd:b8:15:d8:82:99:16:01:2d:24:1f:40:02:13:20: - db:e2:e5:f2:58:a2:2c:98:03:93:41:b8:f1:e6:7c:f6:f3:b0: - ff:1b:ee:ce:de:fa:34:1e:ef:28:97:6f:38:05:29:8b:46:a1: - 9f:e2:27:4f:cc:73:bf:75:56:49:cf:2e:87:34:d0:71:56:c1: - 6a:cb:59:25:13:24:61:f8:5b:1e:73:5c:4c:eb:98:08:cd:19: - 60:07:8c:36:6a:20:77:d0:24:14:82:53:e1:e1:08:4e:99:dd: - 6e:e3:42:b2 + 00:62:02:85:4b:cc:65:af:1d:a7:fd:54:02:78:ca:47:ed:e4: + 4b:73:74:eb:76:40:12:1e:7f:80:44:08:84:3a:60:1d:95:3b: + 83:e9:85:33:ee:d7:3b:95:8b:fa:2c:53:53:2f:4f:e0:89:9e: + d9:4a:cf:63:30:65:e5:95:f1:e5:d5:9a:df:20:59:7f:40:9e: + 07:95:c3:43:9d:8c:41:ec:b0:2a:9c:18:9d:d6:a1:13:63:0c: + 9e:5b:47:ed:b0:f7:ac:a1:58:b2:8a:9e:3c:eb:60:de:d7:f3: + 59:86:77:ef:eb:d8:87:19:a5:c3:8c:af:83:cf:47:6d:03:6f: + 57:af:fd:f5:3d:fd:40:3c:c5:33:60:df:99:3b:db:2d:cb:0f: + 41:ee:e5:25:b0:42:ec:a8:f7:67:d8:09:d0:dc:87:4e:a8:27: + 96:4c:2d:a0:a0:53:77:29:b1:83:0e:a9:c8:f2:30:41:3e:2d: + 67:4e:40:96:cf:36:c1:d5:26:95:3d:09:77:6a:bf:0a:0a:0b: + 0c:28:60:45:cc:39:47:8f:51:16:64:1d:0b:ec:ea:14:b4:a2: + 88:fd:64:8d:dc:f5:29:42:03:2d:73:f6:34:87:88:5d:d7:e0: + e8:ed:b8:85:e8:53:38:f8:3b:94:30:a2:25:a1:86:6f:61:31: + 8e:06:48:e3 diff --git a/testdata/certs/root-ca.der b/testdata/certs/root-ca.der index a7c98af..aa91ac5 100644 Binary files a/testdata/certs/root-ca.der and b/testdata/certs/root-ca.der differ diff --git a/testdata/certs/root-ca.key b/testdata/certs/root-ca.key index 977875b..61227b1 100644 --- a/testdata/certs/root-ca.key +++ b/testdata/certs/root-ca.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpHstgXPaC0c5g -MLEPAKkWUQKhLYjn2snKLuGQYJelgV0KAJAzJ/R9IjnWIYKUTfYMyMQuEpBGUCXO -Ne3HCxkIfVlctccnhmuAnd9DOmISJm3axYbvCc5mjtz9tpRBzeIF59rbk38spuVF -O0uU+NlnimGN1/3U/HPQJqtDh6GM0I5F5Y3SGHD7KnqVyZVbKRcguaonTg0WKJXz -LM0wrxHGmAXKcNS7ruMHBn2lHfEUPNUTfQWq0K94IMEKJ5h1UV0SfgyqA7sL5vP+ -ptv23fN5HiptvkMYtu8NcHZ6THSGoMlNn+PHA0HHrlLcpNP5lRqMpa18d8Q+hEne -tsXrgJDBAgMBAAECggEAAdduoD/e5M2HTWOWV/saPD6ZVFs4M4sduaSBSwbMO+6A -znozV8VCe6bW4aKnhvki2eCJR1WnKcbXZIuQiWNw7DdeNNzbXG4xpzrA2rzs4rT1 -qwVN2vY8v7/kPuSBMIa/BHCyAMRWRQyTsEltISQFDQQ0G/zrPAmcMrrrED8Otqdt -qggjv8VvgzpTW+IN9sJoLelz0cm+dGTtOAGd9m7dMAI0aDpAf9nYa/vDq2+pPZzZ -nuLKcSPqPHj4XTg5zNc+9sQGjxa/OVm3FdXMgN1m+GKjEASZmSdZ+DRqYjMlOL9J -GkxBKxGv+uIL4ef9XUeE7ZRkuNGdB/99NMZZRrAaGQKBgQDkfjFgaWhCGpzS67Za -jEElLR90XzC3brmh3EdODU9Y0xo82bxSQHc7eGXUmzbFp3HzukcgJf9hwRLMFFAY -S77QuyJD8DmfQxxzzSFXEPcq/0jmPug5MsABa+zQr1xy4+0MmF1wjYaSWT0i9ElZ -8GbbMhqLQmUdjcLoib+xksxySQKBgQC9etOCrz9OErMFiEux+VPbDsYd1vqsu0BH -HXUXFoWR/Bg/y2KAvYx8hp+1Y0m2bM4Gb/oYTdkx9CTt8RnnXRQqUEb+5eS4yMSa -z6yW0h2Mgmd339tVRoa8SP5Y2SRR2cPMpEVgf84wgTii8WqUta7HRw6ALuvqw8LJ -Z2uPMvIquQKBgQDjZtQtZ7pjT6kUIZLyuvN61FWhs7sAVCpbdKdifsyhUjeip/BM -y+vePAzccz0nqWY3cwSmciqgV08l3HF6PKhDhHqtsr8mSdxfQ6ASzseu+zLKM4Fa -q697urWNW3levoiFKH6WLcPokvfNeeImqKM1M8BHKGUJ7LQ2SiGF0Nu4QQKBgA7D -LQt3f+UjS9NYhR0+oavlgMX+Y9VlWWKxBthfptRy4ajGvcvt+K4TBwpoy+tsmrih -rMiL+CoOLXpkWHJQLCwHySA+5Q0Ih1jQaU/u2uKBnnIWfM4uCn1M6pQdhtjhsIGX -Itib3IKm7rSzPmyLoyxfet+9yB+oVNrANf8YJwnxAoGAKaa0z7Nzzr4JfhK03HJg -GeOFjEaM3lgouqq6YmckhkkYWMrZBNkwJcS/9mLZzDlFjnUnxA80PGQE02fjzape -9iwBnb0ReJUibRO3vyGnVyfQAKn4vYcoeqGLeJdtaPJXVdRuvDdIr5eGXtzgq9TE -EmfF4VBcuVsphqFMTdEa/0w= +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDVofaSnz6eKx2z +KmVaubDroDJkF5KCWOt4+YbucQy5DnlzRIF+hbDcGN23YuQKI9tavDhQ2x7S+qmF +43qOjL5G8LIP6cxjy0WdAajGMzKiPCaZoYLTptWQR0HrYX3xVvZIcOxpHiKUrZXO +6Do+DnOMSHGOZ88oEMpFbJfWbI81/dieSBLl3AbkE8UZdHwvlQUwe3CNwob4I2wQ +V9fX7ezyuc9wpRorZRfHRmyxuXshFZEaOGDHKA2hYNMIr4lgZn6cXNBCkBU/XlnV +A82yNj2bE09U08ieW7Cfpgebo6+phuV7D4anh/ZNbMsgIyrAmW+VVBq/cgsX7ijd +ZYe3F25pAgMBAAECggEAHLBYbY5HGXSO032xCMMBGFN2EOz9dtW8IY3Y6fJyk/N2 +qd0cSsJnYtdQBw2XtCjmj0PRiEI03H5e/6Tx02zhLKOsNeje0tP8cD5FzQAZH6JW +SLFg4U15RpvbJWH9SMi14DqR9PfgCvlYseWL1MOaDs+3uDkGn8nJcBNKPLhtbwF9 +6j3fjPPVFEayvn1WkoC1kqau8dAIYT2uEcZ7GMGYWZ45q7icgAsA1CmbI1tgDIwN +O5qZQdmb21ZwcW+t5xRg+PP0eBS7fO6fTPBwy3oYf1U7JwHWLmD4T63gB6lfgAXy +o2no0Np1qdOzxonfWdrSsVhcCSvrV3/8kbJuV8asVQKBgQD+WRivB4XiRwkI53h/ +F2USbozkG1o2ugRdkq6P5PDYplaJBXbxl3R1xrNqjULjXrmr8zO9P/aZFu6LqIpE +nozrogFv+4SSZPAE11I9lUZV8x2nj7nygsC4fT+qJNxtlWNV2INBPBXDbQN//xEI +aTjGZ1u3ScV3leYqDtQ1U6tSlwKBgQDXBSthzvAhwnvxiVT+suzXSdJYbIDbl+m6 +4T2/dpcB/v9/BlNMBEL7ynVq41I4tAQOlUtL7qlkVy94kProPI/zr0E+PnVQt0o6 +Pj8cZ6qXA0YCofaih3yj0dJgNjEwwpByIS3u8vx+yXNXGzSTu5RN9LlujkEkCDPq +ZYhGQLhm/wKBgQCJdeeEOMGf0BpO6KJTtXYXZw3X/fxclV3koHCdLfMIc6VS+lQV +L3Bucovmqx+aOEiKaK7uudHxXNZhPh40BahNdMnoFnvIjqq1QxWcWL+hlfnR5Dhv +m0DCtFYjAzbqNpFwBMqzB+EPNCxvEY/IBu37NEL6JPGGtsmks0z24Rg3UwKBgQCI +97cJx/t5Vd0EIFovIKT0Awdl4kA3Ic72h1KBKzbIQ7pXHR1kd/Z/VBl1rDaM/kbz +TzC2vuHSlCMeJyRdWW7NaN8jmj+62fcDoPEs0/B7387yEF/+alYAOMFNHlg5WkcP +HImZA9nJnePGIgNc9AllmzWf8igWns8LSgAD2Ghe2wKBgQCey8hcqhJR9hf+7nSm +Ldwf+34QYbUzkq+DA9LcH2XOdCf0fs/UKqNUJqr5LlDwpubq2LLAUkbTpXEyVSJd +CzRdV1gi1uEgohZb9jgQJ1L3rP4j+qfTXOuprr0e38GJedBtsdbD7i8EtakMm5jL +5AYcWFuemM5CBOzz9lMAHd9wsg== -----END PRIVATE KEY----- diff --git a/testdata/certs/root-ca.pem b/testdata/certs/root-ca.pem index 16d5fcb..6c04746 100644 --- a/testdata/certs/root-ca.pem +++ b/testdata/certs/root-ca.pem @@ -2,22 +2,22 @@ MIID6jCCAtKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xETAP BgNVBAoMCFRlc3QgUEtJMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkx -FTATBgNVBAMMDFRlc3QgUm9vdCBDQTAgFw0yNjAyMDQwNjMyMTVaGA8yMTAxMDIw -NDA2MzIxNVowgYQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FTATBgNVBAMMDFRlc3QgUm9vdCBDQTAgFw0yNjAyMjQyMjE3MTBaGA8yMTAxMDIy +NDIyMTcxMFowgYQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw FAYDVQQHDA1TYW4gRnJhbmNpc2NvMREwDwYDVQQKDAhUZXN0IFBLSTEeMBwGA1UE CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0Ew -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHstgXPaC0c5gMLEPAKkW -UQKhLYjn2snKLuGQYJelgV0KAJAzJ/R9IjnWIYKUTfYMyMQuEpBGUCXONe3HCxkI -fVlctccnhmuAnd9DOmISJm3axYbvCc5mjtz9tpRBzeIF59rbk38spuVFO0uU+Nln -imGN1/3U/HPQJqtDh6GM0I5F5Y3SGHD7KnqVyZVbKRcguaonTg0WKJXzLM0wrxHG -mAXKcNS7ruMHBn2lHfEUPNUTfQWq0K94IMEKJ5h1UV0SfgyqA7sL5vP+ptv23fN5 -HiptvkMYtu8NcHZ6THSGoMlNn+PHA0HHrlLcpNP5lRqMpa18d8Q+hEnetsXrgJDB +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVofaSnz6eKx2zKmVaubDr +oDJkF5KCWOt4+YbucQy5DnlzRIF+hbDcGN23YuQKI9tavDhQ2x7S+qmF43qOjL5G +8LIP6cxjy0WdAajGMzKiPCaZoYLTptWQR0HrYX3xVvZIcOxpHiKUrZXO6Do+DnOM +SHGOZ88oEMpFbJfWbI81/dieSBLl3AbkE8UZdHwvlQUwe3CNwob4I2wQV9fX7ezy +uc9wpRorZRfHRmyxuXshFZEaOGDHKA2hYNMIr4lgZn6cXNBCkBU/XlnVA82yNj2b +E09U08ieW7Cfpgebo6+phuV7D4anh/ZNbMsgIyrAmW+VVBq/cgsX7ijdZYe3F25p AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud -DgQWBBRQDvwrhLSrUG8z7eVSwQBjDIQJ8zAfBgNVHSMEGDAWgBRQDvwrhLSrUG8z -7eVSwQBjDIQJ8zANBgkqhkiG9w0BAQsFAAOCAQEAVx0HHfn4kUUL+rvG0PbwPJlq -b3MLL0fFHg9PMLDYk3aWRimnQveU/QLcah/3onG9o1Y6X/iD11KPo+92wWGbtEPH -xYkUN/MS3UvVKWWWTscrviTQoIoTOor/XGvrNh0Psp/SVp/jtpLKtmWyjQMBr0uf -WJUY2v/SEsZRjJaxAFYrN/nrSuTEAyvS8IZh88Kxjq5QibSvPCtyYxT5dH8D2a0/ -oCXXY/T/6ZbNshuFooZUlls9jETJBj2ZFU+1cnpNeCVYElHJx8n2ohaHq6sAQELf -+J3ky6FHUTfI1jTAok0croiMInH4VRD5XzUF0fGS/GP2xuRbIem5OrMYzTYZBA== +DgQWBBTdQm5q6Q9IpRVQV++4bUa/r2VQ7DAfBgNVHSMEGDAWgBTdQm5q6Q9IpRVQ +V++4bUa/r2VQ7DANBgkqhkiG9w0BAQsFAAOCAQEAPEx471HlWR8k6UDYuPt/1p7c +L+ydukRNvhmnBhCCdTqj2+foCrcIEOdkrMzhTHsmwuExdpsLIP+KcsnMwncoxsxL +t67EDqRrGh7VwtpcOrHggw52vPuqwW+PV82N7t+SAI5hDdCD027QSZq7N0yK2Cts +GevXPfHwp+Gi9Qn36vQzVKVWseZ+er7WB3IWBRQY/HpavR8oDdB9IJJjoXB9jLZt +Vn+kzjBUYMZr+drxWZnv6nBz3yBlh89X88Q64uJ0yvx+2nYLC5LG937StJRWiJPK +03wwXIiw3WuSK0D9si/tWinhD1nmhtqyYdklR5J4YkHBzii3AoQVkRdkcb52lw== -----END CERTIFICATE----- diff --git a/testdata/certs/server.der b/testdata/certs/server.der index 544aa20..6bbe0c0 100644 Binary files a/testdata/certs/server.der and b/testdata/certs/server.der differ diff --git a/testdata/certs/server.key b/testdata/certs/server.key index 9074cd8..899ccfe 100644 --- a/testdata/certs/server.key +++ b/testdata/certs/server.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQChiH82B4WyMEoD -ipguG3ftpKGJileC6CUxlRWzCEbfzlqy4P1eUfFZbctsoF++AZuYFZM5SIB0L0PU -pgMXbLZto/hEeK0u9zhuUq4B1ND/WXMXRhpz1CyYasjvTasDlL2qJOJT7J9ExIsX -YXjzo8N/SJHez401sZnBNbRZqAKbT4xWshaKlRqp3lcxRkcoYD+HU5OYMHWdHPzR -HMl8TQ/hpEs7S4u+T4Fs2pLhCY74S3GmVDWGjWkXMBDvWAcO0mAjHPxlpYccu+FD -e4qoviGF+Ym3S3Dh2VbpAw5YKOlT35E7aKsd8MJ0Kc59G3OxGniqNLuPoTYKLgID -XeZWabRFAgMBAAECggEALIptwWErnWmxTu6tbbFHTXDi1gEehksqzlQ0ioxStq24 -1rAxTQu9SBJ9UDOcktDwrWvtj5MNUHwj8QPhwFjKqMrYz1CTOGsU1V7Y+kpLYs2w -bY94Bc5QiaqQQ2QgLrmZ3suS2N9bP2QOkmDfMBdM9dD14AFNB6w0IFGFrF8mcNp7 -J6nCMI0MgJwRKft63DVoOY46GChWkm7q0j4NHZvenxIqxrS738+Q4dG5OI5/+2+v -EcP4wKSW0pz9Tk8OiB1fsYsHOOfUt1dJe8GV/xAHOT1cIJHlsYQKP+S8/VQZ4rCX -gHEtRwsZHd35um+YwfRb8r9yB2TnC3zlLNHRDXTV1QKBgQDVy9E74UD+3yukMBLi -qaQjlfcSq6yl7V4FlhLaa6hqVM6Oho4F26oOv5zp4Wx4mWBNHTYbFeSRBu8jfkbY -SzOli9qK6LCa56gPCZwkKQnHnP4TSabxisMDxDR8wVP21uWkJE82f/mcprAcHSNv -HFdB4UAJvLXGNxCYnM93kf4PbwKBgQDBa5JqzLLS8Go6OMQlgHH01H+De4g8KVQp -fZR2IbpcRLsxCrVpX/vd8/b/c6PSq7Rwdfpwcwx/ZLrt4GjRZC7GZIFm4OKnSR9t -CQav6fAEC0ju4r3AlaKo76QLAgqbNlmseiBxijKzYa6vREE9sSZ2/D8gtMZQlRTR -SVTR6eRdiwKBgHHMn37EE5iWqeAnRqYnrhrTBESH5ModYuKOU1K341lV8uyiao5r -skVPcPJ87wPyf/QMDHS2XodjrX6zBHq07LS9kIJIAVky3Z3De70zquT5h7Q0jAwd -1Ff45AdT0KGfGXUZbqCP1gmwICWWzPmjmD6U60VDkW4EeW0Catw2dYk5AoGBALqJ -qWLw2gHPtVNDTgAw+TY6/mNq7v++iBmfsF+htZ6o9rOcdUsUM89iKzNAbp2N1W6k -iYyLmGEAX7tsswpGiUnywk3a0xysy+8XRmi/wCfWTld9O62RYpd0zouDQ4FfkGpk -OgfmVXFk4tjLhfQedk9IhQVg8uXicXpKM9Bit0hzAoGAOV/lq2b/+XiLw1VbR8A0 -vDEfZ+/Z2HXKUs9ZmCROIjgdOhGEhOaeCY3WkvvbfH/CSSUzV/dp8O7TRKrIao3U -ki5SQ4QfpFKenXvDc6UCZtgw4wjRv9K5rru/Slcu+8i3KtJq7x734jPQcdhpn3Vd -HY7kVCCf3YnpVQYMm3E8gME= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAP7fpynCHe7a7 +zss6kN+deac8xmHaduXKJPz2FGNIkx2qsxDfVneCYnupO2Dk84nWPDUUQAQOiP8u +KFcZCnd1/RFY7WCmMD2+QH44Zx1IDxgSSF0hVOJizTP0vpqH8pPtNlLOZ1UgOur/ +HJF8qYyPKRHdtkSftsg1SQuBQE+j3lccaFNmq3K4s0hHroexojx4kxj3SmtwAgqJ +ek0EAKbOoZgr9mVEsDxEJ7TX4DAlply5UTjOO1UE4QY3pNeXtO4nkaSuRdGAz3B6 +ZHERfQDhLpt8Y52+ngfodRI4oYPpGNmyAohw5SZ8RFCaIaLmGt8aPZwOk+Dyk2J9 +m3ND5k49AgMBAAECggEAA/jNCe1+ya3KprKtDDa2CADdbaoDl4nhUX3WJBdjvboc +YMx2Ssb0jSMPvv1VESXe8SgpSJPSAaLe8ssukXvf3/Ysh5PP7V8Nx4J5mRy4RCbb +rnUER44DZ1sp+aJ+etSOLdZze4QzBAlzlXW3o8W0+7gzgEslu88A7+jkbfUwMAh8 +r4sHgwpgDrnCbgXOWqNhYYV0EJy1l5libNgHHADxZvvmLvxEPX4mDQGUAhn7Jy+Y +Wz8c/bzLDC1oWPl0FytZPY8blb6+bFXlg9F4UgndWh5WMO62x6kVKcgAjQCJN1hu +x5tHkvjPFrDJqxWo6YrdjFOgHHDTVIn9F3xS9MIeWQKBgQD+XYtrDFWFSPPDQD/j +Lp+Ohh/2CF9zvKGWgoSqzbryipKcrc9QW96+pwKp93bkaLobKcx/K4Otp4VOvZkZ +s1d/NceT45n7mfk3qBjt4Ao3oOUEKxMov3F9EGXoeRTFOUyzYo9MADRJLJOPWj4B +DI+VjerPtS70WBv5HVWd+XsF0wKBgQDBe/x4yehwEH3iF6XHmDyH9nOXxAqxTvw9 +6QA6+WHMewVO5OvcO+9zL435KiaBl1h9hosbynZ3KFUwaLBosWwacqs4VcOgYUsY +Wv65XCSgalHaAhy01NkyMjbODHwQw+e66VdooohkZsfA5UNNTCmFcmNahFMx7EXx ++8xd+OqBrwKBgQCRZD7QjVhEuxI6RHtAC+I/wQJ7ywVkTim+shPK3ZVCFVsAG4ko +UZrcNvIa3MwkeogGBrpQ5jp6BAr6mvzr58rXd5IAQlQ9sCD3Yyn8rdapPVoqK8Tj +wanI5pqZarwojzv8PRXTRzqbqNMfWWGfj+JyhY/18YZJPCOhHNdXWMas6QKBgQCm +OQ2C+/tb418ykRxUaD6AlENkfACvqWrdCUKwZ7UUhg/eYp8a+sbRT2aKTCL+rHZS +iPcTrhGudxEQ4K/Fkb+MzTy5zjydmVh5mRtDRZ0Vz6F4SN4+oKnkDO22gVVI1fVM +R9FXTGMe1on/9zalvqvhQI+IoSwUNKc2qBtAFGvrcwKBgCgDE4xfgKm/Sd8Guhi9 +XOHlesPtTp0FeP6v8UAUfqpB9GU9QHcmnsknsQflJ0v9z6Xe+/VNBHRAKCfdSFNp +RDaWGJkQztBCgsn4qKj/k0Nq/wSaZb3D9m0KAN8aSYwHLtZRxmCOHQwk3Gw2CYYo +WoKEE9tiqG8AXS+dfdil/CJS -----END PRIVATE KEY----- diff --git a/testdata/certs/server.pem b/testdata/certs/server.pem index 5460c30..12da64f 100644 --- a/testdata/certs/server.pem +++ b/testdata/certs/server.pem @@ -2,27 +2,27 @@ MIIE2jCCA8KgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwdTELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAoMCFRlc3QgUEtJMR8wHQYDVQQL DBZJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MR0wGwYDVQQDDBRUZXN0IEludGVybWVk -aWF0ZSBDQTAgFw0yNjAyMDQwNjMyMTZaGA8yMTAxMDIwNDA2MzIxNlowazELMAkG +aWF0ZSBDQTAgFw0yNjAyMjQyMjE3MTBaGA8yMTAxMDIyNDIyMTcxMFowazELMAkG A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFu Y2lzY28xFTATBgNVBAoMDEV4YW1wbGUgQ29ycDEYMBYGA1UEAwwPd3d3LmV4YW1w -bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYh/NgeFsjBK -A4qYLht37aShiYpXguglMZUVswhG385asuD9XlHxWW3LbKBfvgGbmBWTOUiAdC9D -1KYDF2y2baP4RHitLvc4blKuAdTQ/1lzF0Yac9QsmGrI702rA5S9qiTiU+yfRMSL -F2F486PDf0iR3s+NNbGZwTW0WagCm0+MVrIWipUaqd5XMUZHKGA/h1OTmDB1nRz8 -0RzJfE0P4aRLO0uLvk+BbNqS4QmO+EtxplQ1ho1pFzAQ71gHDtJgIxz8ZaWHHLvh -Q3uKqL4hhfmJt0tw4dlW6QMOWCjpU9+RO2irHfDCdCnOfRtzsRp4qjS7j6E2Ci4C -A13mVmm0RQIDAQABo4IBejCCAXYwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAw -EwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFGLSow3s8bOp9zWGKMQGHOwd -A6EfMB8GA1UdIwQYMBaAFFOSe9Z7WIDnrpZw6ZXoXM24UoqZMGEGA1UdEQRaMFiC +bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwD+36cpwh3u2 +u87LOpDfnXmnPMZh2nblyiT89hRjSJMdqrMQ31Z3gmJ7qTtg5POJ1jw1FEAEDoj/ +LihXGQp3df0RWO1gpjA9vkB+OGcdSA8YEkhdIVTiYs0z9L6ah/KT7TZSzmdVIDrq +/xyRfKmMjykR3bZEn7bINUkLgUBPo95XHGhTZqtyuLNIR66HsaI8eJMY90prcAIK +iXpNBACmzqGYK/ZlRLA8RCe01+AwJaZcuVE4zjtVBOEGN6TXl7TuJ5GkrkXRgM9w +emRxEX0A4S6bfGOdvp4H6HUSOKGD6RjZsgKIcOUmfERQmiGi5hrfGj2cDpPg8pNi +fZtzQ+ZOPQIDAQABo4IBejCCAXYwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAw +EwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFPi6gJ++WFYIUKltNOeburtr +99yXMB8GA1UdIwQYMBaAFHw3mtvs/qsweREy9eOiZPtctd4YMGEGA1UdEQRaMFiC D3d3dy5leGFtcGxlLmNvbYILZXhhbXBsZS5jb22CDSouZXhhbXBsZS5jb22HBF24 2CKHECYGKAACIAABAkgYkyXIGUaBEWFkbWluQGV4YW1wbGUuY29tMGcGCCsGAQUF BwEBBFswWTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZXhhbXBsZS5jb20wMgYI KwYBBQUHMAKGJmh0dHA6Ly9jYS5leGFtcGxlLmNvbS9pbnRlcm1lZGlhdGUuY3J0 MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZXhhbXBsZS5jb20vaW50ZXJt -ZWRpYXRlLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAEVYTdRk3OAmCFeMHHpgRPjjm -hqZdVXSjScDCi+Rn2I/yyUzaeSXswd6h1fNlCtyW192G3m/i9FE10uAnKeP7q3Qy -8HpSh3OwEtwRsgxK+adgYkJc2ugN5EFs0cPyO6dqpCSiWQromx528ZcfHXlmj8yw -2m4HBS1NgeExvtRzYTtu+lHwgpgUlXRa5g73b7WG4Ch9B6txrGDd9Xh9CBnU9T/W -Ob/M7u0j0e4i435P/AUnv3sbtB5JIpXlNdKm1H+35cGovcH0CYYDs+2DBINlzA2I -bivEnn10ujDgIgiUF2ZcyUxJT5pqXm6L9LvJ5wRZGpbs0sU7wjSjvhKusoBxiQ== +ZWRpYXRlLmNybDANBgkqhkiG9w0BAQsFAAOCAQEASAryKicZ5lb93QquTKffQ00I +QMm5nmuQ0Xpa04YwWrnlFE1FtoKrzPeKzgFjYmhjCKg0I/VEZDtlqTYFUUD7mpc+ +Xo1hyCUifLe+9H7cLCbfwVdFfAH5IhLMx9xo0fo/osLgiM70NMmuUSiOqaRQNr8u +TEPO/LQNi3feth9l4yL+SsMhMtBPoPdQxE0foTuS9k5iZrB+IgjFb9IEfjil2Rw7 +6fuqd2tDivQcVJWgiWmezlWsnaACHnnIZI0MSkBrOdCejnoIJuFtwz+gidRnNCc+ +J8VV/9NDZjkPi2nAbDckKtaXMMGr6LMVVOiDynQ7+K+awREKikRwydmNUvPawQ== -----END CERTIFICATE----- diff --git a/testdata/certs/test.crl.pem b/testdata/certs/test.crl.pem index c5e2b8e..581846b 100644 --- a/testdata/certs/test.crl.pem +++ b/testdata/certs/test.crl.pem @@ -2,12 +2,12 @@ MIIB8zCB3AIBATANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzETMBEGA1UE CAwKQ2FsaWZvcm5pYTERMA8GA1UECgwIVGVzdCBQS0kxHzAdBgNVBAsMFkludGVy bWVkaWF0ZSBBdXRob3JpdHkxHTAbBgNVBAMMFFRlc3QgSW50ZXJtZWRpYXRlIENB -Fw0yNjAyMDQwNjMyMTlaFw0zNjAyMDIwNjMyMTlaMCMwIQICEAAXDTI2MDIwNDA2 -MzIxOVowDDAKBgNVHRUEAwoBAaAOMAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEL -BQADggEBAFZIGewghgggq2cC2n2U3wcz74cbC5rl5qQtp4IAcRNRTYA3Uxdnda9N -kozoK708XejcSklWwjb7luzJl3PBHtMJP1CjoKP+PPKScQBWptqZ2GJLL6K0E7yG -mKh4VXl8vamBQ2hzN6doVZqcjJSVWITx+9WDzBvLMH917nBKD6qpzeP48q1mRAzg -TLUyoNjJP1HiJ9qdLVhxqpnqjXyT5oXqPkQPk4LWrHJzm9AaFoEx1WNG/eF1PhRT -aKix0hkjKD6Fue7jJ4Wyv5jPlLDpJDhkTmu7CFEGAALqKb0GQmhZRLgLHV9B8nvx -0cv4zcw0VeCoasQ3J223ZD+7EItdTac= +Fw0yNjAyMjQyMjE3MTRaFw0zNjAyMjIyMjE3MTRaMCMwIQICEAAXDTI2MDIyNDIy +MTcxNFowDDAKBgNVHRUEAwoBAaAOMAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEL +BQADggEBAHhTKdBbVjMT+x2JWVhd/6m0/bRe0bZCzZoP7KziJAYevSgxI9fzHYn9 +zzKjT33N1+WoBKDMB4hDERRdYK+VwAWCpfdSBvOue1colYbD4w+hEvEuIoFxpA2f +kDmy++QCf//nLeEklnFvrpHtImrSATxqnfwBh0JJDcdv2LhIiNx8OEfVSr9cLQi+ +dFhLPOpzqv0wXWrDwyGxxeDjZz19y7pYStiN7Q+XeHMkSO1rAy6TUfSoHXPJIdRg +LHcjWRoZa8gcAvL3tVe1yXyAoijksYs2MpQUAHKG8bvSbcBNBOgtIWyXTyemJNu5 +Krr0X/Z81/+NiptwR6SbgdlB5XasYKs= -----END X509 CRL----- diff --git a/testdata/certs/utf8-subject.key b/testdata/certs/utf8-subject.key index 071de2e..ecab2c3 100644 --- a/testdata/certs/utf8-subject.key +++ b/testdata/certs/utf8-subject.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrdL+rdDie0z8G -f8KDPOle9K0CUkS8BauwpC+onfkEPMJWLPH9YZ/csOX6vfj3gQh0RZ/ne+HfWnW5 -jrVZVRpc0CfQYovsWVHCRPv8H0VBKsHmGNQW3HXa6RFOTxckwnG4ejSV/NJXUgeA -nTS/l21MowVT3h2V57rxQr7F0hANg5Wkoa9d0IaxU3ogCbep0LmjGqt8IwNnSrBY -o7504Z0TI8Tz0bkLEHZFhVE46yIE5vkMDnidelgICziU0i49BaYL/2K+IvBc3mDB -mhzWUv8yfQuGRNivlEL9aPrMpY4T8P8Bo5KcYNzupScLiqpBRNyVPR1iXOIVOOT3 -g7jC+I4BAgMBAAECggEAApjiZWW9jNRc3kuVpfjIfTZ+H2yhG2sHkoWuLiL0eHa2 -J+mG4eR2cDiixzVU/eTPvLkoRrCm94PuiBjMEPYbz9+cVskDXxlsRmHWoldT7HyK -EuL55X3B8Ea7CyFiE525bMa3ILWDdyyoLe/TsnpH/tLyW/afoptvxsNQ0fzQXvAC -rNO7ktrO/04bYhW1zqxeYU1bcTBB9BUjpeFAtT4TkW1Gg8gNhbIN3BBX9DXE95Lk -GIg7xxQW8NwiQLjuLJYfUKP0pT65/irpXBP7j2AlFQBPaINNB8viIUfV1ZZv/ObD -HtOEKUax1Ado2BTpdHOQXdfo+qkMLO+mjGL//ke9AQKBgQDx5XS6aOLCkCjPbEKL -bHnkjJgJRx9dY986yxIMKq+Us+hs7Ky10cBiEdyRHRAArrQ7hTAMHc+pXwOyTrto -cDy4zx6O0fKGm2m2e2Ul0n8b1z/QAd76xfpyPptgzpg2Npr1A9ohOCZiBq4kyB0W -eoqRLXluA+aL2bC9Q5014VGw4QKBgQC1c+bHCI6mgnxMZsem4vmZSFjLtllJ/sET -r8MvSxbP1U/cCt3DJMrgBGqp6w+gHrp3BPJULbLM2BJC8URgtfOQqMqTyk/w15e6 -dU8J4EDZU4fouOKJHN/pElygAfqg0Zpea7umb+8nv/+NIN85TJ8i4RXMO3MXYYxI -9VKGa1vhIQKBgEDsqzXVLPe3pZx2nC27wcOcELp8wmhYg/PNyVxGoLWyy/FgXMK4 -N4Ca9q5kNIVaXrmS9+Bop/H3tJBJHXfcmA+qV7NRmlySnf8Cg5VxN/iK/2+e8PAx -7xR2xVFoYeY7JcAZdpRv861fyaHJrDT6UvLAV9U1as2ichN6cFmjzj9BAoGAZgeU -5afPJpvKrt9ANnv8Y4+Fto6DaJMiGCLFuusbGaRVcmJ9zgP7O7ngDEmLkLqWmOQk -KudDWeHJavDlRQgqu9XdivrAtqlTvNnHpsL9U/afPmHvp6+fzBuyD5rtRc52Yc9s -Ras9K/nPBZlNS5flB6TPL/bhwWzth/zB+amWkWECgYEAqBhnn7d4d1TSmngRJApI -POTCHXMYcczDWoweZCJpVgBqU+kAwB6UlrPxjboQt6fkdSy1o9n3LgZCJgJ5tRuy -Ry5EAjvTjFHBcQcLXOK4aQy5Fk2JYzKag78OkyET+LFbsPYV40McJVpLQ07MODpO -qfl56hIbJ7B4BhKIYAoiJ7c= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCsZUklpKHvPDoL +t4V0XXoAm+XG7hjDuAu2pZr4kKIT1GrZFymXdTMucTuOPTyvPv2FRK/uAjRQtkN8 +QmE2t9gpN3/vVp2cM3olvN5DE4UIy+V+Sc9BePzvOWuDislBWJD6EFe+rhgYvWNb +sgZEmp/OpRIuKcJDKJpCKSTV/qot47A4+yNd7KZ3KLVQPJTg5vb2UuANVrm7+YMj ++DchZiqgaHK8XnhilD+IZbd3Ln5jSGl2z0lme4mEaMzmceI1+boyCE2njD8QZ2mz +MqYlzkeZteyJW3KEn/OaYT+nVo7G1fAmRMSvTLbQVLWzbLfHZsOiVBaI4ODa/KkM +jTTAANY5AgMBAAECggEAEYyoAxh80Z1IbWvrvnpLkqdMH1GanMXuD1RRb89NaIZd +sCbO+ZeZM7ecL/Ek7dQUO85PuINp7vN28D3Tpp3Vd/Cp6ePf3IhS/Wd6GsrwZoJX +JOF/ozMdUH8AZl4o+al57LLgM82GL3KMHEgFolM5RHCCZseienK2LVkB4nTvvwb9 +HXPXGHcbXiVxVw1el+AaTMcI9qRhIrN6uZ5uW40WD9dCgX9Pkanz4mL+otXjHdDk +qPFGbLJ8UMmDp8Gm4r7JRERYKMQlzOnbXYxsQpAqYheF5DS3AT1zZd0woKPZ/Gv2 +kcPVerza1lhZBhk4sK1rOs/di5HEpfhrlNPIULXxOQKBgQDrBCSFa1WLlh+p0+dZ +NJiOyEOEiTqy9Qlh4Dpt5yZD6zymTw1nMd/U+zpQ2z7zC/N5bnpK5J0igZiJ5z73 +7u4tpPcr0s2Mt+qMJt1Jgy7siR141VdftCjqJ9yrxp8nuXGm+EQQ7UqhGL88IEX2 +tKACu99K6fk6AtHC40q9091OdQKBgQC7yc0Fp+kETnX76CGsq3Rel2rKBWkbA+0Z +83EK5vcHMUrxheatgBOndEoxkOwI+6kH+6vzXHp/+xaK5VzUz+5np3Z06/etQk13 +D0lgvdmz4vSVjs9ceLC5ZBFAGUI1hcRolB1lKzskMehElbtqh122lqNxN+blJtPy +GseDvS44NQKBgEh4OY7Ov01Q2Ki0yEUwu85joLZQ3sHqX59H1pynR5xwAH7EJ7zn +mz8AzUW7pdiqmcSbNai8gFvwnIoBveAUVGvMz886rNm0qOXY4inWAvU7ftQQ7WV8 +l5VE/34UvGUygQJc0hhqI7YzfFzdEtX1ctYE+uEN7yVdUzOGhTiuCTM1AoGAW3op +gojSDQP/m2/v/4IiFPYj0jeihMN727loJsxuJ7XOcSsuPPR4Homantye7p1RMQ9b +Kxiwn+l7iLvEZfLIivvby4crRt5WiBoNP7Ab/fIf/T7tKnmsdRMXCCeFxjbcf6kv +TJornC0nnUlnW7SHZSuqgLufoZ8xfe2npTgh7MUCgYEA2r77hdU5dM2TKx/+9nqK +4916InUsG0hr53EhoaL6OLqGPCHmZO2VEoaWoPnw0RhrYD90YpVJzklOjcDQF28F +ndcchE2mJx5sf7jjBXfY8XWUwMCyZs64lFR68R+/pcRVb1xyuAUJLE41Opib8InN +jqlWzZNFLVxHWdVQHUG5xRw= -----END PRIVATE KEY----- diff --git a/testdata/certs/utf8-subject.pem b/testdata/certs/utf8-subject.pem index bfc7b08..dd9c6cc 100644 --- a/testdata/certs/utf8-subject.pem +++ b/testdata/certs/utf8-subject.pem @@ -2,20 +2,20 @@ MIIDXTCCAkUCAnAAMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNVBAYTAkZSMRkwFwYD VQQIDBBDMzhFbGUtZGUtRnJhbmNlMQ4wDAYDVQQHDAVQYXJpczEeMBwGA1UECgwV U29jaUMzQTl0QzNBOSBkZSBUZXN0MRkwFwYDVQQDDBB1dGY4LmV4YW1wbGUuY29t -MCAXDTI2MDIwNDA2MzIxOFoYDzIxMDEwMjA0MDYzMjE4WjBzMQswCQYDVQQGEwJG +MCAXDTI2MDIyNDIyMTcxM1oYDzIxMDEwMjI0MjIxNzEzWjBzMQswCQYDVQQGEwJG UjEZMBcGA1UECAwQQzM4RWxlLWRlLUZyYW5jZTEOMAwGA1UEBwwFUGFyaXMxHjAc BgNVBAoMFVNvY2lDM0E5dEMzQTkgZGUgVGVzdDEZMBcGA1UEAwwQdXRmOC5leGFt -cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKt0v6t0OJ7T -PwZ/woM86V70rQJSRLwFq7CkL6id+QQ8wlYs8f1hn9yw5fq9+PeBCHRFn+d74d9a -dbmOtVlVGlzQJ9Bii+xZUcJE+/wfRUEqweYY1BbcddrpEU5PFyTCcbh6NJX80ldS -B4CdNL+XbUyjBVPeHZXnuvFCvsXSEA2DlaShr13QhrFTeiAJt6nQuaMaq3wjA2dK -sFijvnThnRMjxPPRuQsQdkWFUTjrIgTm+QwOeJ16WAgLOJTSLj0Fpgv/Yr4i8Fze -YMGaHNZS/zJ9C4ZE2K+UQv1o+syljhPw/wGjkpxg3O6lJwuKqkFE3JU9HWJc4hU4 -5PeDuML4jgECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAJpBhNIMyCd0xJ+Jxk9KM -cU+r/qDqw2MmfgD9R76eNlkYWPQA+2qw365VJKghNVQRXeTjyMjtYITOOhcFOsIy -h5ti4jqmv0eqLx1CEmByapaqdZUBnJ096g+HwCWJ2iBS8PFatE727e8u3Xw/fGZE -jpeXubsuhwgHXDqfFxnL4h00+J3La0fsd+eQplSzLCcsYjplvbgV2IKZFgEtJB9A -AhMg2+Ll8liiLJgDk0G48eZ89vOw/xvuzt76NB7vKJdvOAUpi0ahn+InT8xzv3VW -Sc8uhzTQcVbBastZJRMkYfhbHnNcTOuYCM0ZYAeMNmogd9AkFIJT4eEITpndbuNC -sg== +cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxlSSWkoe88 +Ogu3hXRdegCb5cbuGMO4C7almviQohPUatkXKZd1My5xO449PK8+/YVEr+4CNFC2 +Q3xCYTa32Ck3f+9WnZwzeiW83kMThQjL5X5Jz0F4/O85a4OKyUFYkPoQV76uGBi9 +Y1uyBkSan86lEi4pwkMomkIpJNX+qi3jsDj7I13spncotVA8lODm9vZS4A1Wubv5 +gyP4NyFmKqBocrxeeGKUP4hlt3cufmNIaXbPSWZ7iYRozOZx4jX5ujIITaeMPxBn +abMypiXOR5m17IlbcoSf85phP6dWjsbV8CZExK9MttBUtbNst8dmw6JUFojg4Nr8 +qQyNNMAA1jkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAGIChUvMZa8dp/1UAnjK +R+3kS3N063ZAEh5/gEQIhDpgHZU7g+mFM+7XO5WL+ixTUy9P4Ime2UrPYzBl5ZXx +5dWa3yBZf0CeB5XDQ52MQeywKpwYndahE2MMnltH7bD3rKFYsoqePOtg3tfzWYZ3 +7+vYhxmlw4yvg89HbQNvV6/99T39QDzFM2DfmTvbLcsPQe7lJbBC7Kj3Z9gJ0NyH +TqgnlkwtoKBTdymxgw6pyPIwQT4tZ05Als82wdUmlT0Jd2q/CgoLDChgRcw5R49R +FmQdC+zqFLSiiP1kjdz1KUIDLXP2NIeIXdfg6O24hehTOPg7lDCiJaGGb2ExjgZI +4w== -----END CERTIFICATE----- diff --git a/xcert-lib/src/convert.rs b/xcert-lib/src/convert.rs index 83769f7..a73e423 100644 --- a/xcert-lib/src/convert.rs +++ b/xcert-lib/src/convert.rs @@ -4,6 +4,14 @@ use crate::util; use crate::XcertError; /// Convert DER-encoded certificate bytes to a PEM string. +/// +/// # Examples +/// +/// ``` +/// let pem = xcert_lib::der_to_pem(&[0x30, 0x82, 0x01, 0x00]); +/// assert!(pem.starts_with("-----BEGIN CERTIFICATE-----")); +/// assert!(pem.ends_with("-----END CERTIFICATE-----\n")); +/// ``` pub fn der_to_pem(der: &[u8]) -> String { format!( "-----BEGIN CERTIFICATE-----\n{}\n-----END CERTIFICATE-----\n", @@ -12,6 +20,25 @@ pub fn der_to_pem(der: &[u8]) -> String { } /// Convert a PEM-encoded certificate to DER bytes. +/// +/// # Examples +/// +/// ``` +/// let pem = b"-----BEGIN CERTIFICATE----- +/// MIIBiTCCAS+gAwIBAgIUInw7Y00tAIhFdBFi5M1og2/KIxUwCgYIKoZIzj0EAwIw +/// GjEYMBYGA1UEAwwPZG9jLmV4YW1wbGUuY29tMB4XDTI2MDIyNDIyNTEwNFoXDTM2 +/// MDIyMjIyNTEwNFowGjEYMBYGA1UEAwwPZG9jLmV4YW1wbGUuY29tMFkwEwYHKoZI +/// zj0CAQYIKoZIzj0DAQcDQgAEnbgGc2we2bznirfCnCL0jLWhp5CGeHCCLNHy4Ov8 +/// wSTejbLzOMnMuZepxDfbe/hPws0c6ogJ/NWRicjUJadGoaNTMFEwHQYDVR0OBBYE +/// FLNAZyPx2/js7qydbcgQFkFGlK0DMB8GA1UdIwQYMBaAFLNAZyPx2/js7qydbcgQ +/// FkFGlK0DMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAOoF0Ud/ +/// 6i9fvri/Adh9jLQuVWYzoGpfYilbhnlwXGu5AiBfstNy020jTiex8ctuh+VHGJ58 +/// tf6RlyGcTwetIa12sw== +/// -----END CERTIFICATE-----"; +/// +/// let der = xcert_lib::pem_to_der(pem).unwrap(); +/// assert_eq!(der[0], 0x30); // DER SEQUENCE tag +/// ``` pub fn pem_to_der(pem: &[u8]) -> Result, XcertError> { // Skip any leading comments or metadata before the PEM block. let pem_input = match util::find_pem_start(pem) { diff --git a/xcert-lib/src/lib.rs b/xcert-lib/src/lib.rs index 3d3a9f6..1da1466 100644 --- a/xcert-lib/src/lib.rs +++ b/xcert-lib/src/lib.rs @@ -3,6 +3,43 @@ //! Provides a high-level API for extracting information from X.509 certificates //! in PEM or DER format, computing fingerprints, checking validity, and //! converting between formats. +//! +//! # Quick start +//! +//! ``` +//! use xcert_lib::{parse_cert, check_host, check_expiry, DigestAlgorithm}; +//! +//! let pem = b"-----BEGIN CERTIFICATE----- +//! MIIBiTCCAS+gAwIBAgIUInw7Y00tAIhFdBFi5M1og2/KIxUwCgYIKoZIzj0EAwIw +//! GjEYMBYGA1UEAwwPZG9jLmV4YW1wbGUuY29tMB4XDTI2MDIyNDIyNTEwNFoXDTM2 +//! MDIyMjIyNTEwNFowGjEYMBYGA1UEAwwPZG9jLmV4YW1wbGUuY29tMFkwEwYHKoZI +//! zj0CAQYIKoZIzj0DAQcDQgAEnbgGc2we2bznirfCnCL0jLWhp5CGeHCCLNHy4Ov8 +//! wSTejbLzOMnMuZepxDfbe/hPws0c6ogJ/NWRicjUJadGoaNTMFEwHQYDVR0OBBYE +//! FLNAZyPx2/js7qydbcgQFkFGlK0DMB8GA1UdIwQYMBaAFLNAZyPx2/js7qydbcgQ +//! FkFGlK0DMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAOoF0Ud/ +//! 6i9fvri/Adh9jLQuVWYzoGpfYilbhnlwXGu5AiBfstNy020jTiex8ctuh+VHGJ58 +//! tf6RlyGcTwetIa12sw== +//! -----END CERTIFICATE-----"; +//! +//! // Parse a certificate (auto-detects PEM vs DER) +//! let cert = parse_cert(pem).unwrap(); +//! assert_eq!(cert.version, 3); +//! assert!(cert.subject_string().contains("doc.example.com")); +//! +//! // Extract fields +//! assert_eq!(cert.public_key.algorithm, "EC"); +//! +//! // Compute fingerprint +//! let fp = cert.fingerprint(DigestAlgorithm::Sha256); +//! assert!(fp.contains(':')); // colon-separated hex +//! +//! // Check hostname (matches CN since no SAN DNS entries) +//! assert!(check_host(&cert, "doc.example.com")); +//! assert!(!check_host(&cert, "other.example.com")); +//! +//! // Check expiry (cert is valid for 10 years) +//! assert!(check_expiry(&cert, 86400)); // valid for at least 1 day +//! ``` mod check; mod convert; diff --git a/xcert-lib/src/oid.rs b/xcert-lib/src/oid.rs index d9ccfba..0c737b9 100644 --- a/xcert-lib/src/oid.rs +++ b/xcert-lib/src/oid.rs @@ -38,9 +38,11 @@ pub const ED448: &str = "1.3.101.113"; pub const RSA_ENCRYPTION: &str = "1.2.840.113549.1.1.1"; pub const EC_PUBLIC_KEY: &str = "1.2.840.10045.2.1"; +pub const DSA: &str = "1.2.840.10040.4.1"; // ── Named elliptic curves ──────────────────────────────────────────────── +pub const CURVE_P192: &str = "1.2.840.10045.3.1.1"; pub const CURVE_P256: &str = "1.2.840.10045.3.1.7"; pub const CURVE_P384: &str = "1.3.132.0.34"; pub const CURVE_P521: &str = "1.3.132.0.35"; @@ -52,6 +54,7 @@ pub const EXT_KEY_USAGE: &str = "2.5.29.15"; pub const EXT_SUBJECT_ALT_NAME: &str = "2.5.29.17"; pub const EXT_ISSUER_ALT_NAME: &str = "2.5.29.18"; pub const EXT_BASIC_CONSTRAINTS: &str = "2.5.29.19"; +pub const EXT_CRL_NUMBER: &str = "2.5.29.20"; pub const EXT_NAME_CONSTRAINTS: &str = "2.5.29.30"; pub const EXT_CRL_DISTRIBUTION_POINTS: &str = "2.5.29.31"; pub const EXT_CERTIFICATE_POLICIES: &str = "2.5.29.32"; diff --git a/xcert-lib/src/verify/checks.rs b/xcert-lib/src/verify/checks.rs index c60a7ab..908a887 100644 --- a/xcert-lib/src/verify/checks.rs +++ b/xcert-lib/src/verify/checks.rs @@ -229,7 +229,7 @@ pub(crate) fn check_chain_rfc5280_strict( let aki_ext = x509 .extensions() .iter() - .find(|e| e.oid.to_id_string() == "2.5.29.35"); + .find(|e| e.oid.to_id_string() == oid::EXT_AUTHORITY_KEY_ID); if !self_signed && aki_ext.is_none() { errors.push(format!( "certificate at depth {} ({}) is missing Authority Key Identifier", @@ -250,7 +250,7 @@ pub(crate) fn check_chain_rfc5280_strict( let ski_ext = x509 .extensions() .iter() - .find(|e| e.oid.to_id_string() == "2.5.29.14"); + .find(|e| e.oid.to_id_string() == oid::EXT_SUBJECT_KEY_ID); if !is_leaf && ski_ext.is_none() { errors.push(format!( "certificate at depth {} ({}) is a CA but missing Subject Key Identifier", @@ -290,7 +290,7 @@ pub(crate) fn check_chain_rfc5280_strict( let san_ext = x509 .extensions() .iter() - .find(|e| e.oid.to_id_string() == "2.5.29.17"); + .find(|e| e.oid.to_id_string() == oid::EXT_SUBJECT_ALT_NAME); match san_ext { Some(ext) if !ext.critical => { errors.push(format!( @@ -310,7 +310,7 @@ pub(crate) fn check_chain_rfc5280_strict( // RFC 5280 Section 4.2.2.1: AIA MUST be non-critical. for ext in x509.extensions() { - if ext.oid.to_id_string() == "1.3.6.1.5.5.7.1.1" && ext.critical { + if ext.oid.to_id_string() == oid::EXT_AUTHORITY_INFO_ACCESS && ext.critical { errors.push(format!( "certificate at depth {} ({}) has Authority Information Access marked critical", i, subjects[i] @@ -320,7 +320,7 @@ pub(crate) fn check_chain_rfc5280_strict( // RFC 5280 Section 4.2.1.11: Policy Constraints MUST be critical. for ext in x509.extensions() { - if ext.oid.to_id_string() == "2.5.29.36" && !ext.critical { + if ext.oid.to_id_string() == oid::EXT_POLICY_CONSTRAINTS && !ext.critical { errors.push(format!( "certificate at depth {} ({}) has Policy Constraints not marked critical", i, subjects[i] @@ -502,7 +502,7 @@ pub(crate) fn check_trusted_root( let bc_critical = root_x509 .extensions() .iter() - .find(|e| e.oid.to_id_string() == "2.5.29.19") + .find(|e| e.oid.to_id_string() == oid::EXT_BASIC_CONSTRAINTS) .is_some_and(|e| e.critical); if !bc_critical { errors.push(format!( @@ -523,7 +523,7 @@ pub(crate) fn check_trusted_root( let root_has_ski = root_x509 .extensions() .iter() - .any(|e| e.oid.to_id_string() == "2.5.29.14"); + .any(|e| e.oid.to_id_string() == oid::EXT_SUBJECT_KEY_ID); if !root_has_ski { errors.push(format!( "trusted root ({}) is missing Subject Key Identifier", @@ -703,7 +703,7 @@ pub(crate) fn check_crl_strict(options: &VerifyOptions, errors: &mut Vec let crl_number_ext = crl .extensions() .iter() - .find(|e| e.oid.to_id_string() == "2.5.29.20"); + .find(|e| e.oid.to_id_string() == oid::EXT_CRL_NUMBER); match crl_number_ext { Some(ext) if ext.critical => { errors.push("CRL has CRL Number extension marked critical".to_string()); diff --git a/xcert-lib/src/verify/webpki.rs b/xcert-lib/src/verify/webpki.rs index 7ea7d9d..33ffd49 100644 --- a/xcert-lib/src/verify/webpki.rs +++ b/xcert-lib/src/verify/webpki.rs @@ -3,6 +3,7 @@ //! Implements stricter validation rules for TLS server certificates //! as specified by the CA/Browser Forum Baseline Requirements. +use crate::oid; use x509_parser::prelude::*; /// WebPKI-specific validation checks per CABF Baseline Requirements. @@ -21,7 +22,7 @@ pub(crate) fn check_webpki_policy( let has_san = x509 .extensions() .iter() - .any(|e| e.oid.to_id_string() == "2.5.29.17"); + .any(|e| e.oid.to_id_string() == oid::EXT_SUBJECT_ALT_NAME); if !has_san { errors.push(format!( "WebPKI: leaf certificate ({}) has no SAN extension", @@ -48,7 +49,7 @@ pub(crate) fn check_webpki_policy( let eku_critical = x509 .extensions() .iter() - .find(|e| e.oid.to_id_string() == "2.5.29.37") + .find(|e| e.oid.to_id_string() == oid::EXT_EXTENDED_KEY_USAGE) .is_some_and(|e| e.critical); if eku_critical { errors.push(format!( @@ -83,7 +84,7 @@ pub(crate) fn check_webpki_policy( let san_critical = x509 .extensions() .iter() - .find(|e| e.oid.to_id_string() == "2.5.29.17") + .find(|e| e.oid.to_id_string() == oid::EXT_SUBJECT_ALT_NAME) .is_some_and(|e| e.critical); if san_critical { errors.push(format!( @@ -106,7 +107,7 @@ pub(crate) fn check_webpki_policy( for gn in &san.value.general_names { if let GeneralName::DNSName(name) = gn { if let Some(base) = name.strip_prefix("*.") { - if is_public_suffix(base) { + if is_single_label_tld(base) { errors.push(format!( "WebPKI: leaf certificate ({}) has wildcard on public suffix '{}'", subjects[i], name @@ -119,7 +120,7 @@ pub(crate) fn check_webpki_policy( // WebPKI: Malformed AIA for ext in x509.extensions() { - if ext.oid.to_id_string() == "1.3.6.1.5.5.7.1.1" + if ext.oid.to_id_string() == oid::EXT_AUTHORITY_INFO_ACCESS && x509_parser::extensions::AuthorityInfoAccess::from_der(ext.value).is_err() { errors.push(format!( @@ -133,7 +134,7 @@ pub(crate) fn check_webpki_policy( // WebPKI: NC with empty subtrees is malformed if !is_leaf { for ext in x509.extensions() { - if ext.oid.to_id_string() == "2.5.29.30" { + if ext.oid.to_id_string() == oid::EXT_NAME_CONSTRAINTS { if let Ok(Some(nc)) = x509.name_constraints() { let permitted_empty = nc .value @@ -210,39 +211,27 @@ pub(crate) fn check_weak_crypto(cert: &X509Certificate) -> Option { match algo_oid.as_str() { // DSA is forbidden in WebPKI - "1.2.840.10040.4.1" => Some("uses forbidden DSA key algorithm".into()), + oid::DSA => Some("uses forbidden DSA key algorithm".into()), // RSA - "1.2.840.113549.1.1.1" => { + oid::RSA_ENCRYPTION => { if let Ok(x509_parser::public_key::PublicKey::RSA(rsa)) = pk.parsed() { - let mod_bytes = rsa.modulus; - // Skip leading zero padding byte - let effective = mod_bytes - .get(1..) - .filter(|_| mod_bytes.first() == Some(&0)) - .unwrap_or(mod_bytes); - let key_bits = effective.len() * 8; + let key_bits = rsa_modulus_bits(rsa.modulus); if key_bits < 2048 { return Some(format!( "has weak RSA key ({} bits, minimum 2048)", key_bits )); } - if key_bits % 8 != 0 { - return Some(format!( - "has RSA key size not divisible by 8 ({} bits)", - key_bits - )); - } } None } // EC - "1.2.840.10045.2.1" => { + oid::EC_PUBLIC_KEY => { if let Some(params) = &pk.algorithm.parameters { if let Ok(oid) = params.as_oid() { let curve = oid.to_id_string(); // P-192 (secp192r1) is forbidden - if curve == "1.2.840.10045.3.1.1" { + if curve == oid::CURVE_P192 { return Some("uses forbidden P-192 elliptic curve".into()); } } @@ -253,9 +242,32 @@ pub(crate) fn check_weak_crypto(cert: &X509Certificate) -> Option { } } -/// Simple public suffix check for wildcard SAN validation. -/// Returns true if the domain is a TLD (single label with no dots). -pub(crate) fn is_public_suffix(domain: &str) -> bool { +/// Count the number of significant bits in a DER-encoded RSA modulus. +/// +/// DER INTEGER encoding may include a leading zero byte to keep the value +/// positive. This function strips all leading zero bytes and counts the +/// remaining significant bits accurately. +fn rsa_modulus_bits(modulus: &[u8]) -> usize { + // Strip all leading zero bytes + let effective = modulus + .iter() + .position(|&b| b != 0) + .and_then(|pos| modulus.get(pos..)) + .unwrap_or(&[]); + // Count: (remaining full bytes - 1) * 8 + significant bits in first byte + match effective.first() { + Some(&first) => (effective.len() - 1) * 8 + (8 - first.leading_zeros() as usize), + None => 0, + } +} + +/// Check if a domain is a single-label TLD (no dots). +/// +/// This is a lightweight heuristic for wildcard SAN validation. It catches +/// wildcards like `*.com` or `*.org` but does **not** cover multi-level +/// public suffixes such as `co.uk` or `com.au`. A full Public Suffix List +/// implementation would require an external dependency or embedded data. +pub(crate) fn is_single_label_tld(domain: &str) -> bool { !domain.contains('.') } @@ -270,11 +282,11 @@ pub(crate) fn webpki_check_root_aki( let aki_ext = root_x509 .extensions() .iter() - .find(|e| e.oid.to_id_string() == "2.5.29.35"); + .find(|e| e.oid.to_id_string() == oid::EXT_AUTHORITY_KEY_ID); let ski_ext = root_x509 .extensions() .iter() - .find(|e| e.oid.to_id_string() == "2.5.29.14"); + .find(|e| e.oid.to_id_string() == oid::EXT_SUBJECT_KEY_ID); if let Some(ext) = aki_ext { if let ParsedExtension::AuthorityKeyIdentifier(aki) = ext.parsed_extension() { diff --git a/xcert/src/main.rs b/xcert/src/main.rs index f4e2ef5..a467041 100644 --- a/xcert/src/main.rs +++ b/xcert/src/main.rs @@ -661,6 +661,20 @@ fn print_verify_result( Ok(()) } +/// Parse a digest algorithm name to the library enum. +fn parse_digest(name: &str) -> Result { + match name { + "sha256" => Ok(xcert_lib::DigestAlgorithm::Sha256), + "sha384" => Ok(xcert_lib::DigestAlgorithm::Sha384), + "sha512" => Ok(xcert_lib::DigestAlgorithm::Sha512), + "sha1" => Ok(xcert_lib::DigestAlgorithm::Sha1), + _ => anyhow::bail!( + "Unsupported digest: {}. Use sha256, sha384, sha512, or sha1.", + name + ), + } +} + /// Extract a field value from a certificate (plain string, no colors). fn extract_field_value( cert: &xcert_lib::CertificateInfo, @@ -674,13 +688,7 @@ fn extract_field_value( FieldName::NotBefore => cert.not_before_string(), FieldName::NotAfter => cert.not_after_string(), FieldName::Fingerprint => { - let alg = match digest { - "sha256" => xcert_lib::DigestAlgorithm::Sha256, - "sha384" => xcert_lib::DigestAlgorithm::Sha384, - "sha512" => xcert_lib::DigestAlgorithm::Sha512, - "sha1" => xcert_lib::DigestAlgorithm::Sha1, - _ => return Err(format!("Unsupported digest: {}", digest)), - }; + let alg = parse_digest(digest).map_err(|e| e.to_string())?; cert.fingerprint(alg) } FieldName::PublicKey => cert.public_key_pem().to_string(), @@ -966,16 +974,7 @@ fn run() -> Result<()> { FieldName::NotBefore => colors::date(&cert.not_before_string()).to_string(), FieldName::NotAfter => colors::date(&cert.not_after_string()).to_string(), FieldName::Fingerprint => { - let alg = match digest.as_str() { - "sha256" => xcert_lib::DigestAlgorithm::Sha256, - "sha384" => xcert_lib::DigestAlgorithm::Sha384, - "sha512" => xcert_lib::DigestAlgorithm::Sha512, - "sha1" => xcert_lib::DigestAlgorithm::Sha1, - _ => anyhow::bail!( - "Unsupported digest: {}. Use sha256, sha384, sha512, or sha1.", - digest - ), - }; + let alg = parse_digest(digest)?; colors::hex(&cert.fingerprint(alg)).to_string() } FieldName::PublicKey => cert.public_key_pem().to_string(),