diff --git a/v2/go.mod b/v2/go.mod index 3bfed2f13..a46b43b73 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -3,7 +3,7 @@ module github.com/zmap/zlint/v2 require ( github.com/sirupsen/logrus v1.3.0 github.com/weppos/publicsuffix-go v0.4.0 - github.com/zmap/zcrypto v0.0.0-20191112190257-7f2fe6faf8cf + github.com/zmap/zcrypto v0.0.0-20200513165325-16679db567ff golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68 golang.org/x/net v0.0.0-20190620200207-3b0461eec859 golang.org/x/text v0.3.0 diff --git a/v2/go.sum b/v2/go.sum index f89f52993..97bc98488 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -19,12 +19,15 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/weppos/publicsuffix-go v0.4.0 h1:YSnfg3V65LcCFKtIGKGoBhkyKolEd0hlipcXaOjdnQw= github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is= github.com/zmap/zcrypto v0.0.0-20191112190257-7f2fe6faf8cf h1:Q9MiSA+G9DHe/TzG8pnycDn3HwpQuTygphu9M/7KYqU= github.com/zmap/zcrypto v0.0.0-20191112190257-7f2fe6faf8cf/go.mod h1:w7kd3qXHh8FNaczNjslXqvFQiv5mMWRXlL9klTUAHc8= +github.com/zmap/zcrypto v0.0.0-20200513165325-16679db567ff h1:0DDYlvtXPb8EMtQPZ2TJDcM+adqtzy77QOndkCW79JQ= +github.com/zmap/zcrypto v0.0.0-20200513165325-16679db567ff/go.mod h1:TxpejqcVKQjQaVVmMGfzx5HnmFMdIU+vLtaCyPBfGI4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793 h1:u+LnwYTOOW7Ukr/fppxEb1Nwz0AtPflrblfvUudpo+I= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -43,5 +46,7 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/v2/integration/config.json b/v2/integration/config.json index b73d0c783..bc49b4cd4 100644 --- a/v2/integration/config.json +++ b/v2/integration/config.json @@ -458,9 +458,7 @@ "e_qcstatem_qcpds_valid": {}, "e_qcstatem_qcretentionperiod_valid": {}, "e_qcstatem_qcsscd_valid": {}, - "e_qcstatem_qctype_valid": { - "ErrCount": 1 - }, + "e_qcstatem_qctype_valid": {}, "e_root_ca_extended_key_usage_present": {}, "e_root_ca_key_usage_must_be_critical": { "ErrCount": 14 @@ -642,7 +640,7 @@ "NoticeCount": 10 }, "n_subject_common_name_included": { - "NoticeCount": 45 + "NoticeCount": 44 }, "w_ct_sct_policy_count_unsatisfied": { "NoticeCount": 72 @@ -698,10 +696,9 @@ "w_name_constraint_on_registered_id": {}, "w_name_constraint_on_x400": {}, "w_qcstatem_qcpds_lang_case": { - "WarnCount": 49 + "WarnCount": 48 }, "w_qcstatem_qctype_web": { - "ErrCount": 1, "WarnCount": 25 }, "w_root_ca_basic_constraints_path_len_constraint_field_present": {}, diff --git a/v2/lints/etsi/lint_qcstatem_etsi_type_as_statem_test.go b/v2/lints/etsi/lint_qcstatem_etsi_type_as_statem_test.go index eced5c7b5..ba0e104b1 100644 --- a/v2/lints/etsi/lint_qcstatem_etsi_type_as_statem_test.go +++ b/v2/lints/etsi/lint_qcstatem_etsi_type_as_statem_test.go @@ -24,7 +24,6 @@ import ( func TestEtsiTypeAsQcStmt(t *testing.T) { m := map[string]lint.LintStatus{ "QcStmtEtsiQcTypeAsQcStmtCert10.pem": lint.Error, - "QcStmtEtsiTaggedValueCert20.pem": lint.Error, "QcStmtEtsiValidCert03.pem": lint.Pass, "QcStmtEtsiEsealValidCert02.pem": lint.Pass, "QcStmtEtsiTwoQcTypesCert15.pem": lint.Pass, diff --git a/v2/lints/etsi/lint_qcstatem_qccompliance_valid_test.go b/v2/lints/etsi/lint_qcstatem_qccompliance_valid_test.go index d61b278b5..ff9028490 100644 --- a/v2/lints/etsi/lint_qcstatem_qccompliance_valid_test.go +++ b/v2/lints/etsi/lint_qcstatem_qccompliance_valid_test.go @@ -24,7 +24,6 @@ import ( func TestEtsiQcCompliance(t *testing.T) { m := map[string]lint.LintStatus{ "QcStmtEtsiQcComplWithNonEmptyStmtInfoCert19.pem": lint.Error, - "QcStmtEtsiWrongEncodingCert01.pem": lint.Error, "QcStmtEtsiValidCert03.pem": lint.Pass, "QcStmtEtsiEsealValidCert02.pem": lint.Pass, "QcStmtEtsiTwoQcTypesCert15.pem": lint.Pass, diff --git a/v2/lints/etsi/lint_qcstatem_qctype_valid_test.go b/v2/lints/etsi/lint_qcstatem_qctype_valid_test.go index b4cc25e5c..960816ba8 100644 --- a/v2/lints/etsi/lint_qcstatem_qctype_valid_test.go +++ b/v2/lints/etsi/lint_qcstatem_qctype_valid_test.go @@ -23,8 +23,6 @@ import ( func TestEtsiQcType(t *testing.T) { m := map[string]lint.LintStatus{ - "QcStmtEtsiMissingSeqForQcTypesCert18.pem": lint.Error, - "QcStmtEtsiMissingOidCert09.pem": lint.Error, "QcStmtEtsiValidCert03.pem": lint.Pass, "QcStmtEtsiValidCert11.pem": lint.Pass, "QcStmtEtsiValidAddLangCert13.pem": lint.Pass, diff --git a/v2/testdata/QcStmtEtsiMissingOidCert09.pem b/v2/testdata/QcStmtEtsiMissingOidCert09.pem deleted file mode 100644 index de4db4046..000000000 --- a/v2/testdata/QcStmtEtsiMissingOidCert09.pem +++ /dev/null @@ -1,101 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 6e:58:90:9b:f3:bd:dd:00:5c:68:e7:9f - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN = Lint Sub-CA, OU = Test, O = MTG, C = DE - Validity - Not Before: Nov 21 03:21:30 2018 GMT - Not After : Nov 21 03:21:30 2048 GMT - Subject: CN = www.example.com, OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:a8:65:13:8e:1a:3c:01:42:e3:ed:36:e7:3c:14: - 84:97:a2:b1:ae:4c:ee:37:6d:82:2a:4d:cd:7d:6a: - b2:77:ba:68:69:c4:51:73:3e:24:21:4c:eb:8e:1d: - 13:6b:cf:ee:e9:a5:a9:dd:01:1b:54:36:46:7c:68: - 27:37:ad:00:a4:88:cc:ba:c3:8c:20:93:27:97:ac: - 22:22:12:e2:d4:90:c0:14:43:0b:14:b4:ec:b2:2e: - 69:74:bb:b0:b5:66:fd:15:93:f7:a3:21:7e:9f:af: - 01:da:c1:33:b2:a6:da:45:5d:06:97:e1:97:d2:91: - 94:ef:2b:31:80:c6:6c:fb:25:ca:c6:ee:af:c8:04: - 7f:62:0f:3c:cd:7b:b1:d2:60:e3:8d:d5:b6:ad:b9: - 86:87:ac:10:42:64:99:e0:8b:65:57:54:a7:db:61: - 87:d4:f3:f8:bd:c8:9f:ec:c9:ab:44:d5:72:42:30: - 0d:6e:6e:8f:71:12:0f:71:82:20:6d:c3:4b:59:03: - 98:71:c5:26:b1:72:56:70:31:17:55:10:20:e2:c6: - e7:d6:d1:6e:67:f0:80:de:19:db:34:32:18:c0:c6: - be:54:90:e0:f9:43:96:17:f8:02:f0:99:fc:f9:ea: - 40:cd:7d:0c:83:b7:14:7c:fc:48:77:18:cd:d7:da: - d8:7d - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:E2:0F:66:4C:20:2C:78:21:2A:8F:29:DB:F9:99:F6:00:86:C4:AF:E1 - - X509v3 Subject Key Identifier: - DB:F3:30:0B:18:1A:94:B6:3D:45:E6:CA:EC:A1:13:82:DC:10:B6:91 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Alternative Name: - DNS:www.example.com - Authority Information Access: - CA Issuers - URI:http://ca.example.com/ca.crt - OCSP - URI:http://ocsp.example.com/ocsp - - X509v3 Certificate Policies: - Policy: 1.2.3.4.5 - - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - qcStatements: - 0l0......F..0V.....F..0L0$..http://example.com/en/test.pdf..en0$..http://example.com/de/test.pdf..de0......F.. - Signature Algorithm: sha256WithRSAEncryption - 5b:31:31:f6:ea:9e:45:25:c7:e5:93:90:43:e3:9c:17:b4:46: - 48:5f:4c:53:69:a3:ba:c9:ef:77:24:ee:55:d9:f1:10:a6:6e: - 87:63:80:45:d4:e6:58:ee:06:de:64:67:b6:df:c1:a6:9c:4e: - 4e:30:22:da:0f:9d:33:45:fd:75:36:f0:2e:5c:cb:6b:b1:1d: - bd:29:ec:66:0a:ea:d8:4c:57:f0:d4:5a:7d:73:c9:e9:75:79: - 67:40:7c:c7:39:cc:e1:50:25:76:a1:72:e0:2e:a8:ee:18:85: - 90:3e:97:3f:7e:e2:1a:ec:5f:98:0a:96:99:fd:24:f2:42:ed: - f3:c0:2d:d9:ae:52:42:bb:29:61:ad:46:30:74:63:8e:77:ef: - 68:5e:cc:80:da:4b:b2:ca:25:de:85:8f:e5:37:d0:c2:20:d9: - 78:d4:d5:5d:35:fc:e0:5f:a3:0d:3b:b9:2a:60:a1:0a:34:4c: - 39:90:94:43:16:45:28:69:c4:f4:52:3d:30:ef:59:57:9a:ea: - 81:8c:1f:99:80:f0:ef:d5:75:c3:dc:1e:c5:5e:0b:2f:66:96: - 3c:b7:39:f7:e8:94:10:75:44:ce:25:96:b7:e9:b7:81:e7:f3: - 9f:2c:2c:ee:e9:2c:4c:e5:3b:52:b1:0d:88:c6:ac:de:b6:ef: - a9:d8:3f:d8 ------BEGIN CERTIFICATE----- -MIIEwTCCA6mgAwIBAgIMbliQm/O93QBcaOefMA0GCSqGSIb3DQEBCwUAMEAxFDAS -BgNVBAMMC0xpbnQgU3ViLUNBMQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcx -CzAJBgNVBAYTAkRFMB4XDTE4MTEyMTAzMjEzMFoXDTQ4MTEyMTAzMjEzMFowaTEY -MBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQK -DANNVEcxEjAQBgNVBAcMCURhcm1zdGFkdDEPMA0GA1UECAwGSGVzc2VuMQswCQYD -VQQGEwJERTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhlE44aPAFC -4+025zwUhJeisa5M7jdtgipNzX1qsne6aGnEUXM+JCFM644dE2vP7umlqd0BG1Q2 -RnxoJzetAKSIzLrDjCCTJ5esIiIS4tSQwBRDCxS07LIuaXS7sLVm/RWT96Mhfp+v -AdrBM7Km2kVdBpfhl9KRlO8rMYDGbPslysbur8gEf2IPPM17sdJg443Vtq25hoes -EEJkmeCLZVdUp9thh9Tz+L3In+zJq0TVckIwDW5uj3ESD3GCIG3DS1kDmHHFJrFy -VnAxF1UQIOLG59bRbmfwgN4Z2zQyGMDGvlSQ4PlDlhf4AvCZ/PnqQM19DIO3FHz8 -SHcYzdfa2H0CAwEAAaOCAZAwggGMMB8GA1UdIwQYMBaAFOIPZkwgLHghKo8p2/mZ -9gCGxK/hMB0GA1UdDgQWBBTb8zALGBqUtj1F5srsoROC3BC2kTAOBgNVHQ8BAf8E -BAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5jb20w -YgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2EuZXhhbXBsZS5j -b20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFtcGxlLmNvbS9v -Y3NwMBEGA1UdIAQKMAgwBgYEKgMEBTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB -BQUHAwIwegYIKwYBBQUHAQMEbjBsMAgGBgQAjkYBATBWBgYEAI5GAQUwTDAkFh5o -dHRwOi8vZXhhbXBsZS5jb20vZW4vdGVzdC5wZGYTAmVuMCQWHmh0dHA6Ly9leGFt -cGxlLmNvbS9kZS90ZXN0LnBkZhMCZGUwCAYGBACORgEGMA0GCSqGSIb3DQEBCwUA -A4IBAQBbMTH26p5FJcflk5BD45wXtEZIX0xTaaO6ye93JO5V2fEQpm6HY4BF1OZY -7gbeZGe238GmnE5OMCLaD50zRf11NvAuXMtrsR29KexmCurYTFfw1Fp9c8npdXln -QHzHOczhUCV2oXLgLqjuGIWQPpc/fuIa7F+YCpaZ/STyQu3zwC3ZrlJCuylhrUYw -dGOOd+9oXsyA2kuyyiXehY/lN9DCINl41NVdNfzgX6MNO7kqYKEKNEw5kJRDFkUo -acT0Uj0w71lXmuqBjB+ZgPDv1XXD3B7FXgsvZpY8tzn36JQQdUTOJZa36beB5/Of -LCzu6SxM5TtSsQ2Ixqzetu+p2D/Y ------END CERTIFICATE----- diff --git a/v2/testdata/QcStmtEtsiMissingSeqForQcTypesCert18.pem b/v2/testdata/QcStmtEtsiMissingSeqForQcTypesCert18.pem deleted file mode 100644 index 2b4fa714d..000000000 --- a/v2/testdata/QcStmtEtsiMissingSeqForQcTypesCert18.pem +++ /dev/null @@ -1,101 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 0e:92:ba:23:65:f0:cf:cd:2d:9b:31:f8:a3 - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN = Lint Sub-CA, OU = Test, O = MTG, C = DE - Validity - Not Before: Nov 21 03:21:33 2018 GMT - Not After : Nov 21 03:21:33 2048 GMT - Subject: CN = www.example.com, OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:9d:7e:3d:42:8d:18:fc:05:c6:65:d8:7a:45:2c: - 7a:25:a6:7c:83:cb:21:f8:d3:fd:42:41:24:81:53: - eb:59:48:d8:f8:9f:6e:ec:d0:e9:1f:b9:b9:8d:15: - 59:96:50:46:ee:27:d9:96:af:6a:4b:c1:f3:89:a2: - 93:be:51:ec:71:14:49:47:ce:9e:86:da:7c:a4:5b: - c1:cd:e3:5d:ad:56:6a:4b:4b:04:be:87:37:71:b8: - f7:e3:01:6d:4f:82:3b:d9:53:cf:2d:7a:58:0b:48: - 32:50:7f:25:c1:06:e4:d0:7f:0b:0b:cc:64:18:f3: - fb:98:71:74:c3:33:db:94:92:4a:96:b4:bc:5c:15: - 32:82:8d:af:ce:81:ed:37:f1:39:0a:26:4c:f2:4f: - 30:23:8b:73:b2:6a:6f:eb:67:8c:5b:36:73:09:04: - 19:fa:82:62:8f:0b:ae:5d:cf:11:9a:6c:13:07:43: - b2:e2:62:56:fa:ef:c6:fa:e4:5f:7a:e9:ba:f6:55: - 0e:22:d0:6c:71:7d:92:39:67:00:40:f8:49:64:41: - 41:7e:0e:b8:cf:40:cb:6d:61:2d:6d:c1:d7:b2:86: - d6:da:dd:98:ed:c7:7f:20:82:a3:03:a7:35:ef:72: - f2:96:fe:26:18:35:76:86:af:db:c6:23:26:fb:d9: - 7c:7d - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:E2:0F:66:4C:20:2C:78:21:2A:8F:29:DB:F9:99:F6:00:86:C4:AF:E1 - - X509v3 Subject Key Identifier: - 93:C7:34:F9:C0:AF:BC:EB:FE:90:C9:3E:74:4A:13:36:E0:40:AD:A2 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Alternative Name: - DNS:www.example.com - Authority Information Access: - CA Issuers - URI:http://ca.example.com/ca.crt - OCSP - URI:http://ocsp.example.com/ocsp - - X509v3 Certificate Policies: - Policy: 1.2.3.4.5 - - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - qcStatements: - 0u0......F..0V.....F..0L0$..http://example.com/en/test.pdf..en0$..http://example.com/de/test.pdf..de0......F.......F... - Signature Algorithm: sha256WithRSAEncryption - 2c:47:d5:a1:02:08:59:b5:91:6e:bb:e4:c3:24:67:cb:e9:39: - 81:31:93:8a:74:e1:ec:6c:1e:c7:d4:27:61:99:59:08:19:d8: - 21:66:9f:0c:4d:2d:2b:a0:cf:1d:02:98:f1:4c:8f:fa:29:b3: - 45:b5:76:1c:f6:de:48:f3:ac:e6:c1:6f:e7:18:f0:95:56:0a: - ab:f9:f7:28:83:ed:a6:f7:f5:04:13:16:2f:7d:51:02:4f:c5: - 71:80:b9:45:85:1e:92:28:05:75:f0:94:d9:01:c1:b4:9d:c1: - 3f:c2:42:cc:bc:71:1e:66:04:22:3b:f2:5b:7b:12:07:ee:98: - bd:20:d8:18:5b:c2:cf:6e:a5:0f:1b:74:bc:c5:d4:f4:c8:3f: - b4:44:26:b0:9e:7c:e2:cf:77:50:65:5e:38:c2:7a:8e:39:d8: - 5b:5e:73:31:71:83:29:e0:c8:f2:11:5d:83:e9:12:fb:83:d1: - ec:ae:ed:2d:f8:be:50:ff:af:fa:f1:e1:71:ba:5a:64:ce:1f: - d9:ed:8c:a0:29:ce:1b:61:3e:e7:24:29:d1:c6:a3:13:d4:b9: - c2:6c:84:66:be:32:ed:e8:b2:e3:94:47:9c:3a:b7:c1:da:f3: - ad:28:19:14:ae:dc:b7:2c:7f:a9:c1:b9:16:cd:46:a0:ea:11: - 20:64:11:eb ------BEGIN CERTIFICATE----- -MIIEzDCCA7SgAwIBAgINDpK6I2Xwz80tmzH4ozANBgkqhkiG9w0BAQsFADBAMRQw -EgYDVQQDDAtMaW50IFN1Yi1DQTENMAsGA1UECwwEVGVzdDEMMAoGA1UECgwDTVRH -MQswCQYDVQQGEwJERTAeFw0xODExMjEwMzIxMzNaFw00ODExMjEwMzIxMzNaMGkx -GDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTENMAsGA1UECwwEVGVzdDEMMAoGA1UE -CgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhlc3NlbjELMAkG -A1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdfj1CjRj8 -BcZl2HpFLHolpnyDyyH40/1CQSSBU+tZSNj4n27s0OkfubmNFVmWUEbuJ9mWr2pL -wfOJopO+UexxFElHzp6G2nykW8HN412tVmpLSwS+hzdxuPfjAW1PgjvZU88telgL -SDJQfyXBBuTQfwsLzGQY8/uYcXTDM9uUkkqWtLxcFTKCja/Oge038TkKJkzyTzAj -i3Oyam/rZ4xbNnMJBBn6gmKPC65dzxGabBMHQ7LiYlb678b65F966br2VQ4i0Gxx -fZI5ZwBA+ElkQUF+DrjPQMttYS1twdeyhtba3Zjtx38ggqMDpzXvcvKW/iYYNXaG -r9vGIyb72Xx9AgMBAAGjggGaMIIBljAfBgNVHSMEGDAWgBTiD2ZMICx4ISqPKdv5 -mfYAhsSv4TAdBgNVHQ4EFgQUk8c0+cCvvOv+kMk+dEoTNuBAraIwDgYDVR0PAQH/ -BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t -MGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDovL2NhLmV4YW1wbGUu -Y29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AuZXhhbXBsZS5jb20v -b2NzcDARBgNVHSAECjAIMAYGBCoDBAUwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMIGDBggrBgEFBQcBAwR3MHUwCAYGBACORgEBMFYGBgQAjkYBBTBMMCQW -Hmh0dHA6Ly9leGFtcGxlLmNvbS9lbi90ZXN0LnBkZhMCZW4wJBYeaHR0cDovL2V4 -YW1wbGUuY29tL2RlL3Rlc3QucGRmEwJkZTARBgYEAI5GAQYGBwQAjkYBBgMwDQYJ -KoZIhvcNAQELBQADggEBACxH1aECCFm1kW675MMkZ8vpOYExk4p04exsHsfUJ2GZ -WQgZ2CFmnwxNLSugzx0CmPFMj/ops0W1dhz23kjzrObBb+cY8JVWCqv59yiD7ab3 -9QQTFi99UQJPxXGAuUWFHpIoBXXwlNkBwbSdwT/CQsy8cR5mBCI78lt7EgfumL0g -2Bhbws9upQ8bdLzF1PTIP7REJrCefOLPd1BlXjjCeo452FteczFxgyngyPIRXYPp -EvuD0eyu7S34vlD/r/rx4XG6WmTOH9ntjKApzhthPuckKdHGoxPUucJshGa+Mu3o -suOUR5w6t8Ha860oGRSu3Lcsf6nBuRbNRqDqESBkEes= ------END CERTIFICATE----- diff --git a/v2/testdata/QcStmtEtsiTaggedValueCert20.pem b/v2/testdata/QcStmtEtsiTaggedValueCert20.pem deleted file mode 100644 index 8bca93860..000000000 --- a/v2/testdata/QcStmtEtsiTaggedValueCert20.pem +++ /dev/null @@ -1,101 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 0e:48:53:dc:1f:ac:d7:db:f0:bc:da:45:12 - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN = Lint Sub-CA, OU = Test, O = MTG, C = DE - Validity - Not Before: Nov 21 03:21:33 2018 GMT - Not After : Nov 21 03:21:33 2048 GMT - Subject: CN = www.example.com, OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:95:21:db:46:5a:0f:c7:d4:f8:20:b6:44:33:b8: - 96:2a:16:56:28:ee:b4:41:f0:3b:26:32:f8:ec:5e: - 23:80:be:b9:a2:a1:65:c8:4a:c3:07:d5:39:82:80: - 40:0b:a2:2b:aa:0e:6a:54:2a:6e:2e:56:8f:4d:e5: - cd:dd:d7:57:8d:38:c9:58:b2:ef:6c:ee:54:c1:59: - e6:a6:46:c1:fc:0d:19:31:68:cb:3f:92:c4:72:31: - 32:1f:4f:02:5e:fa:60:d5:0b:06:86:ab:be:fb:7c: - 6a:1d:18:ec:a1:73:ab:56:d2:3a:21:d2:33:19:de: - 79:21:25:e7:d7:d3:c0:c4:1c:1a:70:21:6f:5f:1a: - e0:a9:c1:72:b4:91:d8:f9:b4:ea:67:fd:39:9e:58: - 8e:3a:1e:8b:69:5a:36:6a:78:e4:36:08:fa:d5:3e: - 84:f6:f5:94:e0:33:59:bc:fc:e6:e6:38:4c:27:a0: - 47:a2:09:00:33:d7:45:b6:79:ba:40:0c:09:48:aa: - b5:be:47:10:7f:f1:78:1a:63:40:f5:f1:8d:57:7f: - f5:34:7e:42:d1:0d:05:77:9e:3e:31:0c:51:9b:9e: - fb:54:ad:a0:ca:f6:16:e7:01:ae:99:c3:59:55:32: - 24:f7:91:df:1a:00:7e:50:86:d3:e4:cf:27:8f:c8: - 40:95 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:E2:0F:66:4C:20:2C:78:21:2A:8F:29:DB:F9:99:F6:00:86:C4:AF:E1 - - X509v3 Subject Key Identifier: - 55:F9:9A:11:F8:2D:A8:F3:73:83:B7:1D:03:BB:C4:43:10:B1:2D:90 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Alternative Name: - DNS:www.example.com - Authority Information Access: - CA Issuers - URI:http://ca.example.com/ca.crt - OCSP - URI:http://ocsp.example.com/ocsp - - X509v3 Certificate Policies: - Policy: 1.2.3.4.5 - - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - qcStatements: - 0w0......F..0V.....F..0L0$..http://example.com/en/test.pdf..en0$..http://example.com/de/test.pdf..de0......F..0......F... - Signature Algorithm: sha256WithRSAEncryption - 4e:27:fe:10:d2:79:70:f4:bf:96:fd:76:f2:df:e3:7e:f1:d7: - 23:f2:36:0d:e4:56:b6:b1:80:7d:6d:1f:f3:b4:e3:9a:f9:ca: - 74:b6:6c:45:9c:49:c7:2d:3d:ba:1d:7c:99:e4:8b:f4:b6:24: - 74:50:fa:29:85:fd:e1:ca:6d:cb:7f:b1:d7:49:12:69:b1:d0: - c3:91:1f:c4:fe:53:b1:96:55:f6:23:de:0a:d9:f1:bc:d1:ab: - 8c:a5:1d:4f:ac:ab:39:05:7f:c3:9e:be:8e:31:d3:eb:0c:95: - 6b:a5:48:f0:7a:51:46:3d:04:74:a9:5a:8f:3e:dd:95:74:68: - c6:d1:a9:34:99:34:c7:ab:eb:ba:c0:d5:8a:86:7a:4c:31:ce: - a4:c6:6c:aa:8f:be:d3:cc:43:25:ec:8f:94:55:d3:a0:96:51: - 0a:c3:26:f9:6e:a6:73:f8:92:fd:ba:25:e9:a2:a6:25:74:cc: - e3:14:0f:6d:0b:ae:c4:62:36:5f:e2:03:ca:a4:be:bc:32:4a: - 65:12:4a:6b:67:d6:8b:04:48:a7:e4:02:09:be:63:89:10:49: - 3f:1c:2c:8a:99:2e:0b:dc:c8:f7:9b:15:11:a1:72:9d:97:ab: - 6c:2c:e0:13:09:d9:dd:66:77:db:23:a4:52:a5:62:cc:66:0c: - c1:04:1d:6e ------BEGIN CERTIFICATE----- -MIIEzjCCA7agAwIBAgINDkhT3B+s19vwvNpFEjANBgkqhkiG9w0BAQsFADBAMRQw -EgYDVQQDDAtMaW50IFN1Yi1DQTENMAsGA1UECwwEVGVzdDEMMAoGA1UECgwDTVRH -MQswCQYDVQQGEwJERTAeFw0xODExMjEwMzIxMzNaFw00ODExMjEwMzIxMzNaMGkx -GDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTENMAsGA1UECwwEVGVzdDEMMAoGA1UE -CgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhlc3NlbjELMAkG -A1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVIdtGWg/H -1PggtkQzuJYqFlYo7rRB8DsmMvjsXiOAvrmioWXISsMH1TmCgEALoiuqDmpUKm4u -Vo9N5c3d11eNOMlYsu9s7lTBWeamRsH8DRkxaMs/ksRyMTIfTwJe+mDVCwaGq777 -fGodGOyhc6tW0joh0jMZ3nkhJefX08DEHBpwIW9fGuCpwXK0kdj5tOpn/TmeWI46 -HotpWjZqeOQ2CPrVPoT29ZTgM1m8/ObmOEwnoEeiCQAz10W2ebpADAlIqrW+RxB/ -8XgaY0D18Y1Xf/U0fkLRDQV3nj4xDFGbnvtUraDK9hbnAa6Zw1lVMiT3kd8aAH5Q -htPkzyePyECVAgMBAAGjggGcMIIBmDAfBgNVHSMEGDAWgBTiD2ZMICx4ISqPKdv5 -mfYAhsSv4TAdBgNVHQ4EFgQUVfmaEfgtqPNzg7cdA7vEQxCxLZAwDgYDVR0PAQH/ -BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t -MGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDovL2NhLmV4YW1wbGUu -Y29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AuZXhhbXBsZS5jb20v -b2NzcDARBgNVHSAECjAIMAYGBCoDBAUwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMIGFBggrBgEFBQcBAwR5MHcwCIAGBACORgEBMFYGBgQAjkYBBTBMMCQW -Hmh0dHA6Ly9leGFtcGxlLmNvbS9lbi90ZXN0LnBkZhMCZW4wJBYeaHR0cDovL2V4 -YW1wbGUuY29tL2RlL3Rlc3QucGRmEwJkZTATBgYEAI5GAQYwCQYHBACORgEGAzAN -BgkqhkiG9w0BAQsFAAOCAQEATif+ENJ5cPS/lv128t/jfvHXI/I2DeRWtrGAfW0f -87TjmvnKdLZsRZxJxy09uh18meSL9LYkdFD6KYX94cpty3+x10kSabHQw5EfxP5T -sZZV9iPeCtnxvNGrjKUdT6yrOQV/w56+jjHT6wyVa6VI8HpRRj0EdKlajz7dlXRo -xtGpNJk0x6vrusDVioZ6TDHOpMZsqo++08xDJeyPlFXToJZRCsMm+W6mc/iS/bol -6aKmJXTM4xQPbQuuxGI2X+IDyqS+vDJKZRJKa2fWiwRIp+QCCb5jiRBJPxwsipku -C9zI95sVEaFynZerbCzgEwnZ3WZ32yOkUqVizGYMwQQdbg== ------END CERTIFICATE----- diff --git a/v2/testdata/QcStmtEtsiWrongEncodingCert01.pem b/v2/testdata/QcStmtEtsiWrongEncodingCert01.pem deleted file mode 100644 index f7259be11..000000000 --- a/v2/testdata/QcStmtEtsiWrongEncodingCert01.pem +++ /dev/null @@ -1,99 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 0b:07:02:70:d9:62:61:4f:cc:57:00:ae:11 - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN = Lint Sub-CA, OU = Test, O = MTG, C = DE - Validity - Not Before: Nov 21 03:21:28 2018 GMT - Not After : Nov 21 03:21:28 2048 GMT - Subject: CN = www.example.com, OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:80:f7:08:6a:e3:85:65:47:b6:77:10:53:65:d8: - ba:a1:44:3b:ff:2b:0c:a9:23:69:e5:3c:dc:bc:7d: - 94:18:d7:f1:33:48:fa:1d:3f:49:81:d9:bf:c4:77: - b1:5d:da:c3:b9:d0:7d:96:77:00:82:e3:76:0a:b0: - 4e:22:e6:af:64:84:a5:0f:3e:b3:9e:04:67:d5:88: - b0:76:e4:80:46:c5:2b:4f:2e:03:d3:7d:cb:d0:45: - d2:70:9b:fa:26:0a:fb:5d:79:6a:23:70:04:0f:9f: - 75:49:ae:47:f1:50:2c:4e:66:60:12:83:9e:9d:70: - 4b:1f:5e:23:35:4a:a8:19:ca:a2:f0:ef:74:b0:4e: - 6f:94:c3:50:7b:29:d5:93:8c:bb:1d:78:5f:05:2f: - a4:0a:ad:ba:aa:11:81:19:0c:9f:b8:33:9a:6f:97: - cc:31:a6:2f:c5:6b:7b:c6:6d:5b:bd:5f:77:46:41: - 73:ed:36:70:28:8d:bf:a2:fc:31:2a:bc:26:bd:46: - 36:6d:4b:77:d0:2a:e4:f0:10:84:59:17:98:ec:5a: - 64:1e:d4:58:84:45:e1:62:85:11:19:c9:0b:b2:8e: - 4d:17:ce:17:a2:e5:00:4c:9a:a4:39:23:20:eb:cc: - 2c:59:63:69:f4:5d:18:c1:e5:ac:d9:71:cc:7e:72: - f0:a5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:E2:0F:66:4C:20:2C:78:21:2A:8F:29:DB:F9:99:F6:00:86:C4:AF:E1 - - X509v3 Subject Key Identifier: - DF:19:8C:1A:30:02:E8:96:B3:E2:10:E5:A9:A1:92:69:7A:DB:9F:05 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Alternative Name: - DNS:www.example.com - Authority Information Access: - CA Issuers - URI:http://ca.example.com/ca.crt - OCSP - URI:http://ocsp.example.com/ocsp - - X509v3 Certificate Policies: - Policy: 1.2.3.4.5 - - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - qcStatements: - 0....... - Signature Algorithm: sha256WithRSAEncryption - 80:38:b7:c5:18:b9:df:c2:2d:4b:b8:fa:d5:c2:97:df:86:8f: - 2c:2b:e5:f5:f3:b8:d6:80:f3:e0:26:20:ba:08:a0:5a:55:88: - 2b:bc:ef:8b:09:24:f9:a3:65:77:6d:24:ae:7e:10:8a:b3:05: - 37:ae:0d:b2:01:71:b6:d8:34:fd:80:cc:f5:60:f1:c1:56:54: - 18:6c:c9:96:b2:e7:6b:27:3d:26:9c:64:76:66:89:f5:3a:51: - 36:9e:ed:41:0e:1a:e7:76:35:37:3f:d1:e0:21:14:92:bd:17: - 2d:23:6a:31:3b:ed:46:9a:7a:07:f2:60:9d:54:cf:e5:ad:c7: - 08:41:df:ce:45:7f:e6:63:3c:b4:6d:2e:b8:94:ce:74:f8:0c: - 88:01:e0:ce:8d:ca:80:98:3e:00:be:be:c5:ac:a0:86:7e:b5: - 1c:9c:c9:fe:a5:92:38:96:aa:5f:a4:6e:49:d9:f5:85:0b:93: - 0a:40:69:02:ef:ba:a8:6e:63:e9:95:b9:54:e9:e4:e6:4f:5e: - c3:cd:1b:b6:9a:4b:07:ad:cd:bc:48:84:07:ae:19:d5:19:98: - aa:3c:79:37:fb:d1:8c:80:63:7a:3c:3e:dc:77:3c:17:f5:0e: - 73:23:7d:eb:70:b8:f7:a8:f4:7e:cf:19:2c:63:5e:88:f5:f7: - 5a:56:58:f1 ------BEGIN CERTIFICATE----- -MIIEXDCCA0SgAwIBAgINCwcCcNliYU/MVwCuETANBgkqhkiG9w0BAQsFADBAMRQw -EgYDVQQDDAtMaW50IFN1Yi1DQTENMAsGA1UECwwEVGVzdDEMMAoGA1UECgwDTVRH -MQswCQYDVQQGEwJERTAeFw0xODExMjEwMzIxMjhaFw00ODExMjEwMzIxMjhaMGkx -GDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTENMAsGA1UECwwEVGVzdDEMMAoGA1UE -CgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhlc3NlbjELMAkG -A1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCA9whq44Vl -R7Z3EFNl2LqhRDv/KwypI2nlPNy8fZQY1/EzSPodP0mB2b/Ed7Fd2sO50H2WdwCC -43YKsE4i5q9khKUPPrOeBGfViLB25IBGxStPLgPTfcvQRdJwm/omCvtdeWojcAQP -n3VJrkfxUCxOZmASg56dcEsfXiM1SqgZyqLw73SwTm+Uw1B7KdWTjLsdeF8FL6QK -rbqqEYEZDJ+4M5pvl8wxpi/Fa3vGbVu9X3dGQXPtNnAojb+i/DEqvCa9RjZtS3fQ -KuTwEIRZF5jsWmQe1FiEReFihREZyQuyjk0Xzhei5QBMmqQ5IyDrzCxZY2n0XRjB -5azZccx+cvClAgMBAAGjggEqMIIBJjAfBgNVHSMEGDAWgBTiD2ZMICx4ISqPKdv5 -mfYAhsSv4TAdBgNVHQ4EFgQU3xmMGjAC6Jaz4hDlqaGSaXrbnwUwDgYDVR0PAQH/ -BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t -MGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDovL2NhLmV4YW1wbGUu -Y29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AuZXhhbXBsZS5jb20v -b2NzcDARBgNVHSAECjAIMAYGBCoDBAUwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMBQGCCsGAQUFBwEDBAgwBgEB/wIBBDANBgkqhkiG9w0BAQsFAAOCAQEA -gDi3xRi538ItS7j61cKX34aPLCvl9fO41oDz4CYgugigWlWIK7zviwkk+aNld20k -rn4QirMFN64NsgFxttg0/YDM9WDxwVZUGGzJlrLnayc9JpxkdmaJ9TpRNp7tQQ4a -53Y1Nz/R4CEUkr0XLSNqMTvtRpp6B/JgnVTP5a3HCEHfzkV/5mM8tG0uuJTOdPgM -iAHgzo3KgJg+AL6+xayghn61HJzJ/qWSOJaqX6RuSdn1hQuTCkBpAu+6qG5j6ZW5 -VOnk5k9ew80btppLB63NvEiEB64Z1RmYqjx5N/vRjIBjejw+3Hc8F/UOcyN963C4 -96j0fs8ZLGNeiPX3WlZY8Q== ------END CERTIFICATE-----