diff --git a/v3/lints/cabf_br/lint_subject_rdns_correct_encoding.go b/v3/lints/cabf_br/lint_subject_rdns_correct_encoding.go new file mode 100644 index 000000000..84121e2be --- /dev/null +++ b/v3/lints/cabf_br/lint_subject_rdns_correct_encoding.go @@ -0,0 +1,142 @@ +package cabf_br + +/* + * ZLint Copyright 2024 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +import ( + "fmt" + "github.com/zmap/zcrypto/encoding/asn1" + "github.com/zmap/zcrypto/x509" + "github.com/zmap/zlint/v3/lint" + "github.com/zmap/zlint/v3/util" +) + +type subjectRdnsCorrectEncoding struct{} + +func init() { + lint.RegisterCertificateLint(&lint.CertificateLint{ + LintMetadata: lint.LintMetadata{ + Name: "e_subject_rdns_correct_encoding", + Description: "CAs that include attributes in the Certificate subject field that are listed in the Tables 77 and 78 of BR 2.0.0 SHALL follow the specified encoding requirements for the attribute", + Citation: "BRs 2.0.0: 7.1.4.2, Table 77 and Table 78", + Source: lint.CABFBaselineRequirements, + EffectiveDate: util.SC62EffectiveDate, + }, + Lint: NewSubjectRdnsCorrectEncoding, + }) +} + +func NewSubjectRdnsCorrectEncoding() lint.LintInterface { + return &subjectRdnsCorrectEncoding{} +} + +func (l *subjectRdnsCorrectEncoding) CheckApplies(c *x509.Certificate) bool { + return true +} + +func (l *subjectRdnsCorrectEncoding) Execute(c *x509.Certificate) *lint.LintResult { + rdnSequence := util.RawRDNSequence{} + if rest, err := asn1.Unmarshal(c.RawSubject, &rdnSequence); err != nil || len(rest) > 0 { + return &lint.LintResult{Status: lint.Fatal} + } + + for _, attrTypeAndValueSet := range rdnSequence { + for _, attrTypeAndValue := range attrTypeAndValueSet { + oid := attrTypeAndValue.Type.String() + tag := attrTypeAndValue.Value.Tag + + if "0.9.2342.19200300.100.1.25" == oid && tag != 22 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute domainComponent in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.6" == oid && tag != 19 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute countryName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.8" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute stateOrProvinceName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.7" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute localityName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.17" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute postalCode in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.9" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute streetAddress in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.10" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute organizationName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.4" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute surname in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.42" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute givenName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.11" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute organizationalUnitName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.3" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute commonName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.15" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute businessCategory in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "1.3.6.1.4.1.311.60.2.1.3" == oid && tag != 19 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute jurisdictionCountry in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "1.3.6.1.4.1.311.60.2.1.2" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute jurisdictionStateOrProvince in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "1.3.6.1.4.1.311.60.2.1.1" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute jurisdictionLocality in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.5" == oid && tag != 19 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute serialNumber in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.97" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute organizationIdentifier in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + } + } + return &lint.LintResult{Status: lint.Pass} +} + +//Tag BMPString: 0x1e = 30 +//Tag UTF8String: 0x0c = 12 +//Tag TeletexString: 0x14 = 20 +//Tag UniversalString: 0x1c = 28 +//Tag PrintableString: 0x13 = 19 +//Tag IA5String: 0x16 = 22 + +func getEncodingName(tag int) string { + if tag == 12 { + return "UTF8String" + } + if tag == 19 { + return "PrintableString" + } + if tag == 20 { + return "TeletexString" + } + if tag == 22 { + return "IA5String" + } + if tag == 28 { + return "UniversalString" + } + if tag == 30 { + return "BMPString" + } + return "Unknown" +} diff --git a/v3/lints/cabf_br/lint_subject_rdns_correct_encoding_test.go b/v3/lints/cabf_br/lint_subject_rdns_correct_encoding_test.go new file mode 100644 index 000000000..485198d65 --- /dev/null +++ b/v3/lints/cabf_br/lint_subject_rdns_correct_encoding_test.go @@ -0,0 +1,221 @@ +/* + * ZLint Copyright 2024 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package cabf_br + +import ( + "strings" + "testing" + + "github.com/zmap/zlint/v3/lint" + "github.com/zmap/zlint/v3/test" +) + +func TestSubjectRdnsCorrectEncoding(t *testing.T) { + data := []struct { + file string + want lint.LintStatus + details string + }{ + { + "subjectDCWrongEncoding.pem", + lint.Error, + "Attribute domainComponent in subjectDN has the wrong encoding UTF8String", + }, + { + "subjectCWrongEncoding.pem", + lint.Error, + "Attribute countryName in subjectDN has the wrong encoding UTF8String", + }, + { + "subjectSTWrongEncoding.pem", + lint.Error, + "Attribute stateOrProvinceName in subjectDN has the wrong encoding TeletexString", + }, + { + "subjectLWrongEncoding.pem", + lint.Error, + "Attribute localityName in subjectDN has the wrong encoding IA5String", + }, + { + "subjectPostalCodeWrongEncoding.pem", + lint.Error, + "Attribute postalCode in subjectDN has the wrong encoding UniversalString", + }, + { + "subjectStreetWrongEncoding.pem", + lint.Error, + "Attribute streetAddress in subjectDN has the wrong encoding BMPString", + }, + { + "subjectOWrongEncoding.pem", + lint.Error, + "Attribute organizationName in subjectDN has the wrong encoding TeletexString", + }, + { + "subjectSurnameWrongEncoding.pem", + lint.Error, + "Attribute surname in subjectDN has the wrong encoding IA5String", + }, + { + "subjectGivenNameWrongEncoding.pem", + lint.Error, + "Attribute givenName in subjectDN has the wrong encoding BMPString", + }, + { + "subjectOUWrongEncoding.pem", + lint.Error, + "Attribute organizationalUnitName in subjectDN has the wrong encoding BMPString", + }, + { + "subjectCNWrongEncoding.pem", + lint.Error, + "Attribute commonName in subjectDN has the wrong encoding UniversalString", + }, + { + "subjectBusinessCategoryWrongEncoding.pem", + lint.Error, + "Attribute businessCategory in subjectDN has the wrong encoding TeletexString", + }, + { + "subjectjurCWrongEncoding.pem", + lint.Error, + "Attribute jurisdictionCountry in subjectDN has the wrong encoding BMPString", + }, + { + "subjectjurSTWrongEncoding.pem", + lint.Error, + "Attribute jurisdictionStateOrProvince in subjectDN has the wrong encoding IA5String", + }, + { + "subjectjurLWrongEncoding.pem", + lint.Error, + "Attribute jurisdictionLocality in subjectDN has the wrong encoding BMPString", + }, + { + "subjectSerialNumberWrongEncoding.pem", + lint.Error, + "Attribute serialNumber in subjectDN has the wrong encoding UniversalString", + }, + { + "subjectOrganizationIdentifierWrongEncoding.pem", + lint.Error, + "Attribute organizationIdentifier in subjectDN has the wrong encoding TeletexString", + }, + { + "subjectDCCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectCCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectSTCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectLCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectPostalCodeCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectStreetCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectOCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectSurnameCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectGivenNameCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectOUCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectCNCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectBusinessCategoryCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectjurCCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectjurSTCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectjurLCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectSerialNumberCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectOrganizationIdentifierCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectValidCountry.pem", + lint.NE, + "", + }, + } + for _, d := range data { + file := d.file + want := d.want + details := d.details + t.Run(file, func(t *testing.T) { + got := test.TestLint("e_subject_rdns_correct_encoding", file) + if got.Status != want { + t.Errorf("expected %v got %v", want, got) + } + if !strings.Contains(got.Details, details) { + t.Errorf("expected the returned details to contain '%s' but got %s", details, got.Details) + } + }) + } +} diff --git a/v3/testdata/subjectBusinessCategoryCorrectEncoding.pem b/v3/testdata/subjectBusinessCategoryCorrectEncoding.pem new file mode 100644 index 000000000..adc5f904f --- /dev/null +++ b/v3/testdata/subjectBusinessCategoryCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c9:88:c5:81:06:7a:d4:b0:6f:98:e3:12 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: businessCategory = UTF8String, businessCategory = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:80:09:37:f3:94:b7:13:94:89:bf:1b:52:75: + 1d:80:35:72:87:75:59:75:82:95:f4:38:8f:ae:53:bc:0f:dd: + dd:02:21:00:dc:c9:04:73:2f:79:fb:bf:74:15:53:ee:24:33: + eb:88:3c:db:6f:8a:58:19:54:01:8e:c8:6a:a7:90:83:0b:14 +-----BEGIN CERTIFICATE----- +MIIBcDCCARWgAwIBAgINAMmIxYEGetSwb5jjEjAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBA8MClVURjhTdHJpbmcx +GDAWBgNVBA8TD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq +4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG +CCqGSM49BAMCA0kAMEYCIQCACTfzlLcTlIm/G1J1HYA1cod1WXWClfQ4j65TvA/d +3QIhANzJBHMvefu/dBVT7iQz64g822+KWBlUAY7IaqeQgwsU +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectBusinessCategoryWrongEncoding.pem b/v3/testdata/subjectBusinessCategoryWrongEncoding.pem new file mode 100644 index 000000000..a79a4b5e0 --- /dev/null +++ b/v3/testdata/subjectBusinessCategoryWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:79:d9:f0:64:67:5a:c4:c8:15:0b:a9 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: businessCategory = TeletexString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:c1:11:e3:cc:ef:5b:30:71:bc:ef:33:94:fe: + 96:f5:ff:00:e0:a9:6b:22:85:57:9f:7e:8d:cf:0b:42:28:52: + d9:02:20:05:86:c6:76:6a:38:5f:10:52:c8:8e:7a:88:de:46: + 58:0f:45:14:9e:a3:37:9c:ea:13:ab:b9:b5:bc:ff:f3:c4 +-----BEGIN CERTIFICATE----- +MIIBVjCB/aADAgECAgxyednwZGdaxMgVC6kwCgYIKoZIzj0EAwIwLjEQMA4GA1UE +AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 +MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAYMRYwFAYDVQQPFA1UZWxldGV4U3RyaW5n +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcG +PQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUw +EwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIhAMER48zvWzBx +vO8zlP6W9f8A4KlrIoVXn36NzwtCKFLZAiAFhsZ2ajhfEFLIjnqI3kZYD0UUnqM3 +nOoTq7m1vP/zxA== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectCCorrectEncoding.pem b/v3/testdata/subjectCCorrectEncoding.pem new file mode 100644 index 000000000..3658c754c --- /dev/null +++ b/v3/testdata/subjectCCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + fc:8a:16:73:6e:d4:28:5b:52:ec:08:4c + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: C = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:c4:d4:22:13:8d:22:8f:b2:bf:e6:0a:cd:61: + d8:bd:5c:9a:07:bb:88:4a:dd:6c:55:b0:09:30:fa:53:e0:fd: + e8:02:21:00:9a:42:16:de:fb:6f:50:ba:7a:5b:14:24:b4:cd: + d7:9f:91:0f:44:2d:88:9f:5f:20:38:c5:60:a1:70:ff:ae:84 +-----BEGIN CERTIFICATE----- +MIIBWzCCAQCgAwIBAgINAPyKFnNu1ChbUuwITDAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMBoxGDAWBgNVBAYTD1ByaW50YWJsZVN0 +cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrf +VTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSj +FzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0kAMEYCIQDE1CIT +jSKPsr/mCs1h2L1cmge7iErdbFWwCTD6U+D96AIhAJpCFt77b1C6elsUJLTN15+R +D0QtiJ9fIDjFYKFw/66E +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectCNCorrectEncoding.pem b/v3/testdata/subjectCNCorrectEncoding.pem new file mode 100644 index 000000000..c4169d066 --- /dev/null +++ b/v3/testdata/subjectCNCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 01:f1:6c:4a:e1:db:54:1a:f7:fc:67:e1 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: CN = UTF8String, CN = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:18:2a:92:d5:5d:3b:ae:17:9a:f4:c0:60:bb:d5: + bb:a6:4a:ef:0e:12:51:a6:4a:18:6c:01:c0:fd:3d:4e:93:56: + 02:21:00:a8:92:ec:4d:64:d6:6c:a7:29:92:67:dc:d9:f6:6b: + 11:c8:a5:06:b0:58:4c:56:05:18:9b:f0:7e:de:fa:0c:bb +-----BEGIN CERTIFICATE----- +MIIBbjCCARSgAwIBAgIMAfFsSuHbVBr3/GfhMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UEAwwKVVRGOFN0cmluZzEY +MBYGA1UEAxMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg +/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI +KoZIzj0EAwIDSAAwRQIgGCqS1V07rhea9MBgu9W7pkrvDhJRpkoYbAHA/T1Ok1YC +IQCokuxNZNZspymSZ9zZ9msRyKUGsFhMVgUYm/B+3voMuw== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectCNWrongEncoding.pem b/v3/testdata/subjectCNWrongEncoding.pem new file mode 100644 index 000000000..fef061bdb --- /dev/null +++ b/v3/testdata/subjectCNWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a9:e8:5a:c9:48:7b:c5:64:fe:39:bf:ce + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: CN = U + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:1b:11:5a:e3:fe:73:e1:c0:16:6f:7f:24:ee:15: + 65:cf:82:35:4d:c2:0c:1d:6e:e7:d6:cb:1a:ee:7c:d1:e0:a7: + 02:21:00:bd:86:46:6f:51:a3:ad:76:89:34:59:bd:46:83:6a: + bf:42:b8:bf:f1:fe:ec:4a:02:5f:69:de:33:c7:4a:16:94 +-----BEGIN CERTIFICATE----- +MIIBTjCB9aADAgECAg0AqehayUh7xWT+Ob/OMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowDzENMAsGA1UEAxwEAAAAVTBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+ +8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQM +MAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIBsRWuP+c+HAFm9/JO4VZc+C +NU3CDB1u59bLGu580eCnAiEAvYZGb1GjrXaJNFm9RoNqv0K4v/H+7EoCX2neM8dK +FpQ= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectCWrongEncoding.pem b/v3/testdata/subjectCWrongEncoding.pem new file mode 100644 index 000000000..22a85933a --- /dev/null +++ b/v3/testdata/subjectCWrongEncoding.pem @@ -0,0 +1,40 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 50:74:cf:cd:9f:31:5a:1c:de:62:19:2d + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: C = DE + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:74:ae:46:d1:20:2a:4c:2d:cd:2a:69:3f:29:6a: + 79:24:b5:d4:1d:7c:c7:b2:bc:83:13:e6:8a:7a:1f:54:8f:92: + 02:20:01:b0:fe:9d:42:6c:f6:8f:15:d2:5d:d9:51:a3:94:5f: + a7:cf:b7:ed:b9:69:83:1c:e3:be:d1:37:55:9a:16:22 +-----BEGIN CERTIFICATE----- +MIIBSjCB8qADAgECAgxQdM/NnzFaHN5iGS0wCgYIKoZIzj0EAwIwLjEQMA4GA1UE +AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 +MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjANMQswCQYDVQQGDAJERTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1e +HyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAow +CAYGZ4EMAQIBMAoGCCqGSM49BAMCA0cAMEQCIHSuRtEgKkwtzSppPylqeSS11B18 +x7K8gxPminofVI+SAiABsP6dQmz2jxXSXdlRo5Rfp8+37blpgxzjvtE3VZoWIg== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectDCCorrectEncoding.pem b/v3/testdata/subjectDCCorrectEncoding.pem new file mode 100644 index 000000000..30bf62bf9 --- /dev/null +++ b/v3/testdata/subjectDCCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 20:73:b8:73:d2:e3:be:9f:24:56:19:f0 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: DC = IA5String + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:11:8c:da:ba:cc:77:19:93:0e:bb:e5:fd:1b:1e: + cb:07:fa:60:7d:40:fe:87:fb:83:c0:f9:73:a7:ce:cb:34:1b: + 02:20:0c:6e:cd:6f:99:97:4a:f6:64:76:23:02:09:2a:cb:24: + 9e:36:88:d6:ef:5c:11:71:f4:50:5c:de:38:67:8b:c3 +-----BEGIN CERTIFICATE----- +MIIBWTCCAQCgAwIBAgIMIHO4c9Ljvp8kVhnwMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowGzEZMBcGCgmSJomT8ixkARkWCUlBNVN0 +cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrf +VTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSj +FzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0cAMEQCIBGM2rrM +dxmTDrvl/Rseywf6YH1A/of7g8D5c6fOyzQbAiAMbs1vmZdK9mR2IwIJKssknjaI +1u9cEXH0UFzeOGeLww== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectDCWrongEncoding.pem b/v3/testdata/subjectDCWrongEncoding.pem new file mode 100644 index 000000000..4190112df --- /dev/null +++ b/v3/testdata/subjectDCWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d2:c3:3a:50:ff:62:66:a7:bf:00:f3:ee + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: DC = UTF8String + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:2f:c7:9c:0d:15:66:fb:69:df:a6:e9:d2:cf:06: + de:ed:5f:3a:e5:eb:fc:39:2e:6e:74:f3:43:48:3c:a6:8f:d5: + 02:20:41:67:95:a6:22:1a:70:11:45:89:c3:c4:b5:3b:4c:fa: + cd:dd:15:6a:c2:0e:f9:e1:e2:8f:5c:22:be:a3:31:23 +-----BEGIN CERTIFICATE----- +MIIBWzCCAQKgAwIBAgINANLDOlD/YmanvwDz7jAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMBwxGjAYBgoJkiaJk/IsZAEZDApVVEY4 +U3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9v +Kt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWAr +FKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgL8ec +DRVm+2nfpunSzwbe7V865ev8OS5udPNDSDymj9UCIEFnlaYiGnARRYnDxLU7TPrN +3RVqwg754eKPXCK+ozEj +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectGivenNameCorrectEncoding.pem b/v3/testdata/subjectGivenNameCorrectEncoding.pem new file mode 100644 index 000000000..7785c632c --- /dev/null +++ b/v3/testdata/subjectGivenNameCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 71:f7:0d:aa:3e:ce:4e:3b:9c:b5:21:d6 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: GN = UTF8String, GN = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:25:7c:64:c8:65:26:d2:63:02:bd:bd:2c:a5:40: + cf:34:a7:22:bc:e0:0b:ba:ac:cc:46:42:6e:4f:d6:bc:65:6e: + 02:21:00:aa:0a:93:85:6c:c4:d4:e5:91:6d:8d:5d:c1:75:14: + 33:ca:ad:89:28:30:06:e7:d7:ea:22:63:c9:56:18:99:93 +-----BEGIN CERTIFICATE----- +MIIBbjCCARSgAwIBAgIMcfcNqj7OTjuctSHWMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UEKgwKVVRGOFN0cmluZzEY +MBYGA1UEKhMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg +/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI +KoZIzj0EAwIDSAAwRQIgJXxkyGUm0mMCvb0spUDPNKcivOALuqzMRkJuT9a8ZW4C +IQCqCpOFbMTU5ZFtjV3BdRQzyq2JKDAG59fqImPJVhiZkw== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectGivenNameWrongEncoding.pem b/v3/testdata/subjectGivenNameWrongEncoding.pem new file mode 100644 index 000000000..6d70f6873 --- /dev/null +++ b/v3/testdata/subjectGivenNameWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 09:c7:e4:31:63:88:86:55:5f:10:1b:ae + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: GN = BMPString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:6b:96:97:b5:98:2e:18:17:e5:b1:72:ae:8a:99: + 7a:50:71:13:79:ca:f8:46:e3:a7:c2:32:f4:a9:59:a6:c3:44: + 02:21:00:84:00:fc:57:ee:56:f0:af:fe:bf:dd:4a:9b:0b:fd: + b0:d3:5c:83:26:7c:59:a8:c9:a3:b0:3d:9d:1a:8c:c0:17 +-----BEGIN CERTIFICATE----- +MIIBXDCCAQKgAwIBAgIMCcfkMWOIhlVfEBuuMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowHTEbMBkGA1UEKh4SAEIATQBQAFMAdABy +AGkAbgBnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9v +Kt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWAr +FKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIga5aX +tZguGBflsXKuipl6UHETecr4RuOnwjL0qVmmw0QCIQCEAPxX7lbwr/6/3UqbC/2w +01yDJnxZqMmjsD2dGozAFw== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectLCorrectEncoding.pem b/v3/testdata/subjectLCorrectEncoding.pem new file mode 100644 index 000000000..f09ddcfaa --- /dev/null +++ b/v3/testdata/subjectLCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + fd:43:52:4e:ca:cf:bd:a7:ca:48:a3:e2 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: L = UTF8String, L = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:de:ae:f6:4d:40:84:d4:31:25:d9:70:1f:f7: + 41:71:b9:e2:35:f5:e4:8d:34:a9:ee:b0:01:8a:b7:33:e3:5a: + cd:02:21:00:f0:a2:95:d3:72:5e:79:cd:b9:b0:bf:ad:f6:d8: + b1:0a:f9:22:00:2b:d8:0a:e1:ca:76:9c:18:ca:66:f2:a5:82 +-----BEGIN CERTIFICATE----- +MIIBcDCCARWgAwIBAgINAP1DUk7Kz72nykij4jAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBAcMClVURjhTdHJpbmcx +GDAWBgNVBAcTD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq +4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG +CCqGSM49BAMCA0kAMEYCIQDervZNQITUMSXZcB/3QXG54jX15I00qe6wAYq3M+Na +zQIhAPCildNyXnnNubC/rfbYsQr5IgAr2ArhynacGMpm8qWC +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectLWrongEncoding.pem b/v3/testdata/subjectLWrongEncoding.pem new file mode 100644 index 000000000..1bdf8524a --- /dev/null +++ b/v3/testdata/subjectLWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 99:42:56:2d:ab:36:16:3c:57:d3:4f:24 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: L = IA5String + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:de:54:87:79:ec:d5:19:62:fa:e6:10:81:3b: + ef:ab:26:21:d0:ec:67:28:59:4d:7a:fd:61:72:93:59:5c:a9: + b3:02:20:31:ca:1d:6b:38:b9:c3:8a:e5:59:f0:de:73:21:5b: + e6:0d:23:1b:7c:bc:35:fb:24:8a:78:a8:00:87:73:94:fd +-----BEGIN CERTIFICATE----- +MIIBUzCB+qADAgECAg0AmUJWLas2FjxX008kMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowFDESMBAGA1UEBxYJSUE1U3RyaW5nMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZ +lGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYD +VR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIhAN5Uh3ns1Rli+uYQ +gTvvqyYh0OxnKFlNev1hcpNZXKmzAiAxyh1rOLnDiuVZ8N5zIVvmDSMbfLw1+ySK +eKgAh3OU/Q== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectOCorrectEncoding.pem b/v3/testdata/subjectOCorrectEncoding.pem new file mode 100644 index 000000000..a75c2fd6b --- /dev/null +++ b/v3/testdata/subjectOCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + e1:12:a3:76:b6:33:ae:cb:c5:1c:89:06 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: O = UTF8String, O = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:2a:1a:d4:fd:b7:f9:21:b6:45:4b:39:2f:5e:6f: + 06:1c:67:85:2a:ce:a4:fc:9f:1f:1b:aa:36:54:8b:94:40:1e: + 02:21:00:b9:79:3f:c5:59:2b:22:d2:74:ea:f2:c7:aa:db:7d: + e3:3e:68:0a:7d:c3:1f:08:e5:b4:12:af:a9:9a:c5:5b:e1 +-----BEGIN CERTIFICATE----- +MIIBbzCCARWgAwIBAgINAOESo3a2M67LxRyJBjAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBAoMClVURjhTdHJpbmcx +GDAWBgNVBAoTD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq +4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG +CCqGSM49BAMCA0gAMEUCICoa1P23+SG2RUs5L15vBhxnhSrOpPyfHxuqNlSLlEAe +AiEAuXk/xVkrItJ06vLHqtt94z5oCn3DHwjltBKvqZrFW+E= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectOUCorrectEncoding.pem b/v3/testdata/subjectOUCorrectEncoding.pem new file mode 100644 index 000000000..e0f65ba12 --- /dev/null +++ b/v3/testdata/subjectOUCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0a:f6:d2:0f:f1:ea:32:7e:e5:aa:c4:5f + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: OU = UTF8String, OU = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:85:07:51:a7:6e:09:2d:0e:61:f2:22:d4:46: + ba:10:c8:e4:93:e8:5b:76:5d:4f:22:20:c1:92:29:81:32:f2: + 2c:02:21:00:a7:63:06:e6:ed:54:44:06:24:c5:dc:e2:a5:81: + fd:14:5a:80:a7:54:09:b4:58:31:a8:8a:54:cb:57:04:48:42 +-----BEGIN CERTIFICATE----- +MIIBbzCCARSgAwIBAgIMCvbSD/HqMn7lqsRfMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UECwwKVVRGOFN0cmluZzEY +MBYGA1UECxMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg +/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI +KoZIzj0EAwIDSQAwRgIhAIUHUaduCS0OYfIi1Ea6EMjkk+hbdl1PIiDBkimBMvIs +AiEAp2MG5u1URAYkxdzipYH9FFqAp1QJtFgxqIpUy1cESEI= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectOUWrongEncoding.pem b/v3/testdata/subjectOUWrongEncoding.pem new file mode 100644 index 000000000..405e24830 --- /dev/null +++ b/v3/testdata/subjectOUWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 8c:b6:83:1f:00:80:ae:5c:0b:cc:b9:f3 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: OU = BMPString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:3c:aa:9f:07:54:ee:be:ba:9e:2e:ee:6b:04:f2: + ab:e6:87:ec:22:60:13:bc:32:3d:d7:bf:25:21:c9:a5:20:47: + 02:21:00:e0:40:c1:e7:84:d9:67:43:09:c2:e0:64:7b:98:b1: + 99:b5:81:8d:59:f0:0c:96:8a:de:7d:63:37:d0:05:0f:7d +-----BEGIN CERTIFICATE----- +MIIBXTCCAQOgAwIBAgINAIy2gx8AgK5cC8y58zAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMB0xGzAZBgNVBAseEgBCAE0AUABTAHQA +cgBpAG4AZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmf +byrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVg +KxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIDyq +nwdU7r66ni7uawTyq+aH7CJgE7wyPde/JSHJpSBHAiEA4EDB54TZZ0MJwuBke5ix +mbWBjVnwDJaK3n1jN9AFD30= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectOWrongEncoding.pem b/v3/testdata/subjectOWrongEncoding.pem new file mode 100644 index 000000000..7867bc0bd --- /dev/null +++ b/v3/testdata/subjectOWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a8:1a:72:b9:8f:9b:71:e9:7d:43:65:6f + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: O = TeletexString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:5e:75:64:c9:ff:9c:79:b2:a3:ab:55:84:35:04: + 0d:cb:29:9d:59:b5:47:ad:f3:98:53:7a:b9:83:e8:75:5a:b2: + 02:21:00:ba:12:07:23:d2:07:f5:e7:3c:19:d8:65:e9:46:d9: + e9:ec:f0:bd:87:76:14:22:e8:87:00:fa:cf:e8:c9:ff:9c +-----BEGIN CERTIFICATE----- +MIIBVzCB/qADAgECAg0AqBpyuY+bcel9Q2VvMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowGDEWMBQGA1UEChQNVGVsZXRleFN0cmlu +ZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrfVTCX +Bj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAV +MBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIF51ZMn/nHmy +o6tVhDUEDcspnVm1R63zmFN6uYPodVqyAiEAuhIHI9IH9ec8Gdhl6UbZ6ezwvYd2 +FCLohwD6z+jJ/5w= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectOrganizationIdentifierCorrectEncoding.pem b/v3/testdata/subjectOrganizationIdentifierCorrectEncoding.pem new file mode 100644 index 000000000..6ac656de7 --- /dev/null +++ b/v3/testdata/subjectOrganizationIdentifierCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + fb:92:dd:31:92:cd:49:21:21:54:22:d6 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: organizationIdentifier = UTF8String, organizationIdentifier = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:33:3b:b9:c3:1a:90:70:96:96:08:0f:b5:0c:c4: + d8:6e:46:19:9d:e4:d0:f9:f9:b3:db:2f:09:10:b6:d5:e8:a9: + 02:20:70:b9:ec:fd:ea:9d:50:b4:bf:c7:5f:75:eb:50:bd:6e: + 36:be:8c:3a:46:6a:94:ae:61:88:75:ae:37:c2:19:da +-----BEGIN CERTIFICATE----- +MIIBbjCCARWgAwIBAgINAPuS3TGSzUkhIVQi1jAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBGEMClVURjhTdHJpbmcx +GDAWBgNVBGETD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq +4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG +CCqGSM49BAMCA0cAMEQCIDM7ucMakHCWlggPtQzE2G5GGZ3k0Pn5s9svCRC21eip +AiBwuez96p1QtL/HX3XrUL1uNr6MOkZqlK5hiHWuN8IZ2g== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectOrganizationIdentifierWrongEncoding.pem b/v3/testdata/subjectOrganizationIdentifierWrongEncoding.pem new file mode 100644 index 000000000..7d40eea4b --- /dev/null +++ b/v3/testdata/subjectOrganizationIdentifierWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 16:18:78:a4:fd:6c:de:80:46:61:3f:d1 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: organizationIdentifier = TeletexString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:70:b1:29:ff:cc:f7:94:32:13:42:c8:e2:76:0d: + 8e:8d:2b:ec:b3:3d:aa:53:98:b7:45:43:48:6d:46:33:59:9b: + 02:20:69:89:4a:2f:61:65:94:93:55:fe:9a:e7:81:67:1a:43: + c2:ad:80:9f:b3:a9:87:21:a8:e1:f1:3c:11:98:16:dd +-----BEGIN CERTIFICATE----- +MIIBVTCB/aADAgECAgwWGHik/WzegEZhP9EwCgYIKoZIzj0EAwIwLjEQMA4GA1UE +AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 +MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAYMRYwFAYDVQRhFA1UZWxldGV4U3RyaW5n +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcG +PQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUw +EwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgcLEp/8z3lDIT +Qsjidg2OjSvssz2qU5i3RUNIbUYzWZsCIGmJSi9hZZSTVf6a54FnGkPCrYCfs6mH +Iajh8TwRmBbd +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectPostalCodeCorrectEncoding.pem b/v3/testdata/subjectPostalCodeCorrectEncoding.pem new file mode 100644 index 000000000..f9d46bc57 --- /dev/null +++ b/v3/testdata/subjectPostalCodeCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:07:7d:48:75:12:1e:cb:fd:57:f8:94 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: postalCode = UTF8String, postalCode = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:65:1f:74:85:94:26:af:8a:11:40:b4:cc:26:3e: + 82:08:6e:f7:70:ec:56:bb:b7:b6:27:12:21:96:11:b9:7b:2f: + 02:21:00:c7:a8:bb:6a:7d:0d:99:fb:ec:0d:f4:54:10:94:dc: + 9d:72:dd:34:f7:4c:76:c5:60:3d:b5:eb:b1:10:10:d2:86 +-----BEGIN CERTIFICATE----- +MIIBbjCCARSgAwIBAgIMcgd9SHUSHsv9V/iUMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UEEQwKVVRGOFN0cmluZzEY +MBYGA1UEERMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg +/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI +KoZIzj0EAwIDSAAwRQIgZR90hZQmr4oRQLTMJj6CCG73cOxWu7e2JxIhlhG5ey8C +IQDHqLtqfQ2Z++wN9FQQlNydct0090x2xWA9teuxEBDShg== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectPostalCodeWrongEncoding.pem b/v3/testdata/subjectPostalCodeWrongEncoding.pem new file mode 100644 index 000000000..907bc0ad3 --- /dev/null +++ b/v3/testdata/subjectPostalCodeWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 61:e3:b0:74:8a:9b:b7:a9:95:11:ef:b2 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: postalCode = U + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:d6:70:f8:73:e1:e8:3f:92:31:e5:cf:04:12: + 93:9f:66:b6:a2:a4:3b:a1:27:8c:81:d1:c2:8c:5c:fd:4f:ea: + f5:02:20:76:bb:a2:1c:5e:b0:b0:ab:13:56:ae:3e:e4:b0:1e: + 89:b9:88:93:47:83:a6:83:70:de:1b:c9:2a:9e:79:34:e8 +-----BEGIN CERTIFICATE----- +MIIBTTCB9KADAgECAgxh47B0ipu3qZUR77IwCgYIKoZIzj0EAwIwLjEQMA4GA1UE +AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 +MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAPMQ0wCwYDVQQRHAQAAABVMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7x +fV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAww +CjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIhANZw+HPh6D+SMeXPBBKTn2a2 +oqQ7oSeMgdHCjFz9T+r1AiB2u6IcXrCwqxNWrj7ksB6JuYiTR4Omg3DeG8kqnnk0 +6A== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectSTCorrectEncoding.pem b/v3/testdata/subjectSTCorrectEncoding.pem new file mode 100644 index 000000000..581ac2413 --- /dev/null +++ b/v3/testdata/subjectSTCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7c:9f:cd:3d:05:2e:92:af:7e:a7:d2:e2 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: ST = UTF8String, ST = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:4b:65:8e:ac:28:4c:99:36:8d:73:9f:dc:86:c8: + 7a:34:93:de:d9:11:9e:0b:67:fd:fe:c4:47:d8:1f:00:c2:29: + 02:20:74:40:fe:11:7b:1d:f7:ca:0b:3f:53:88:18:b1:a3:49: + 70:62:66:93:5a:02:c4:1f:12:87:5e:c1:60:94:02:ee +-----BEGIN CERTIFICATE----- +MIIBbTCCARSgAwIBAgIMfJ/NPQUukq9+p9LiMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UECAwKVVRGOFN0cmluZzEY +MBYGA1UECBMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg +/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI +KoZIzj0EAwIDRwAwRAIgS2WOrChMmTaNc5/chsh6NJPe2RGeC2f9/sRH2B8AwikC +IHRA/hF7HffKCz9TiBixo0lwYmaTWgLEHxKHXsFglALu +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectSTWrongEncoding.pem b/v3/testdata/subjectSTWrongEncoding.pem new file mode 100644 index 000000000..13a91a6b9 --- /dev/null +++ b/v3/testdata/subjectSTWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 35:96:ec:fa:02:c8:74:f8:36:55:4a:09 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: ST = TeletexString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:2a:f5:49:91:9d:e2:3f:27:70:52:03:4c:0a:97: + 56:7b:07:8e:3d:84:97:15:2c:51:62:0b:ba:da:33:a7:c2:7f: + 02:20:50:52:02:d8:0f:64:d3:ef:20:db:0b:c2:3a:b2:d0:66: + 21:ef:c0:a2:b8:41:22:72:ce:dc:c0:9f:ff:04:71:f0 +-----BEGIN CERTIFICATE----- +MIIBVTCB/aADAgECAgw1luz6Ash0+DZVSgkwCgYIKoZIzj0EAwIwLjEQMA4GA1UE +AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 +MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAYMRYwFAYDVQQIFA1UZWxldGV4U3RyaW5n +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcG +PQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUw +EwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgKvVJkZ3iPydw +UgNMCpdWeweOPYSXFSxRYgu62jOnwn8CIFBSAtgPZNPvINsLwjqy0GYh78CiuEEi +cs7cwJ//BHHw +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectSerialNumberCorrectEncoding.pem b/v3/testdata/subjectSerialNumberCorrectEncoding.pem new file mode 100644 index 000000000..2b1ed6883 --- /dev/null +++ b/v3/testdata/subjectSerialNumberCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + e6:9f:8a:70:eb:18:3a:10:6b:41:bf:25 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: serialNumber = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:d5:60:1a:f2:ae:9f:49:ec:bc:3b:bf:21:6e: + c5:06:94:12:65:be:96:32:5a:25:36:ac:3b:74:b0:01:06:62: + 93:02:20:23:ff:8a:d3:bb:d8:f9:2f:2a:19:3c:94:bd:40:05: + d0:a6:94:17:aa:03:3b:4e:73:85:d8:9c:6b:65:1f:05:a9 +-----BEGIN CERTIFICATE----- +MIIBWjCCAQCgAwIBAgINAOafinDrGDoQa0G/JTAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMBoxGDAWBgNVBAUTD1ByaW50YWJsZVN0 +cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrf +VTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSj +FzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIQDVYBry +rp9J7Lw7vyFuxQaUEmW+ljJaJTasO3SwAQZikwIgI/+K07vY+S8qGTyUvUAF0KaU +F6oDO05zhdica2UfBak= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectSerialNumberWrongEncoding.pem b/v3/testdata/subjectSerialNumberWrongEncoding.pem new file mode 100644 index 000000000..ee9b9ee41 --- /dev/null +++ b/v3/testdata/subjectSerialNumberWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 28:84:5a:df:36:ba:eb:5b:ea:4a:c0:63 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: serialNumber = U + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:92:35:89:a2:57:f4:15:70:91:98:62:00:dd: + a7:a2:a2:72:be:eb:13:68:a9:57:7a:f5:70:76:3f:69:66:dd: + 7c:02:20:57:7a:bc:e3:79:df:95:0e:44:8e:ea:4f:a1:3b:f8: + 66:a7:1d:72:c1:d9:27:3f:0d:cb:3f:5a:4f:17:71:7a:78 +-----BEGIN CERTIFICATE----- +MIIBTTCB9KADAgECAgwohFrfNrrrW+pKwGMwCgYIKoZIzj0EAwIwLjEQMA4GA1UE +AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 +MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAPMQ0wCwYDVQQFHAQAAABVMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7x +fV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAww +CjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIhAJI1iaJX9BVwkZhiAN2noqJy +vusTaKlXevVwdj9pZt18AiBXerzjed+VDkSO6k+hO/hmpx1ywdknPw3LP1pPF3F6 +eA== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectStreetCorrectEncoding.pem b/v3/testdata/subjectStreetCorrectEncoding.pem new file mode 100644 index 000000000..f0095f781 --- /dev/null +++ b/v3/testdata/subjectStreetCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0d:dd:64:b2:6e:79:0f:6b:00:11:37:10 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: street = UTF8String, street = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:c0:7a:ce:f0:ee:9e:d0:2a:0a:bb:8b:b5:76: + df:18:fc:25:8b:b4:fa:0c:5a:e8:aa:15:21:4c:86:40:34:50: + 5e:02:20:7a:c5:9a:fc:74:10:4b:e3:4d:71:ca:30:f1:29:f0: + 92:53:85:ed:f2:52:9a:f9:23:4d:80:55:f1:a2:56:d2:82 +-----BEGIN CERTIFICATE----- +MIIBbjCCARSgAwIBAgIMDd1ksm55D2sAETcQMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UECQwKVVRGOFN0cmluZzEY +MBYGA1UECRMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg +/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI +KoZIzj0EAwIDSAAwRQIhAMB6zvDuntAqCruLtXbfGPwli7T6DFroqhUhTIZANFBe +AiB6xZr8dBBL401xyjDxKfCSU4Xt8lKa+SNNgFXxolbSgg== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectStreetWrongEncoding.pem b/v3/testdata/subjectStreetWrongEncoding.pem new file mode 100644 index 000000000..9c95715cc --- /dev/null +++ b/v3/testdata/subjectStreetWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0e:da:e1:4f:b5:2d:76:0f:f8:d4:c4:c7 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: street = BMPString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:b5:b2:dd:b6:7f:e5:b6:8c:c2:fb:59:4b:10: + 88:5b:93:73:ca:4e:74:2f:2f:44:fd:1a:13:42:fa:3f:d4:8b: + 61:02:21:00:fe:a2:e0:c5:d7:fe:66:90:be:a3:86:30:d1:45: + 87:16:4e:06:87:a8:6d:f3:82:55:41:95:0b:69:fe:9d:79:d5 +-----BEGIN CERTIFICATE----- +MIIBXTCCAQKgAwIBAgIMDtrhT7Utdg/41MTHMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowHTEbMBkGA1UECR4SAEIATQBQAFMAdABy +AGkAbgBnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9v +Kt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWAr +FKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSQAwRgIhALWy +3bZ/5baMwvtZSxCIW5Nzyk50Ly9E/RoTQvo/1IthAiEA/qLgxdf+ZpC+o4Yw0UWH +Fk4Gh6ht84JVQZULaf6dedU= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectSurnameCorrectEncoding.pem b/v3/testdata/subjectSurnameCorrectEncoding.pem new file mode 100644 index 000000000..8e9d87b72 --- /dev/null +++ b/v3/testdata/subjectSurnameCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b5:a3:07:25:a9:87:c6:6a:13:70:84:34 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: SN = UTF8String, SN = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:b4:b2:d8:d6:cb:9d:ef:a0:ce:e2:f2:42:47: + 82:da:77:4c:8e:36:5e:01:54:4d:34:b8:18:39:a1:41:41:6a: + a9:02:21:00:ef:27:77:3c:5b:b3:00:ae:c3:76:88:13:df:e8: + 37:cd:3f:16:bd:59:25:83:2a:c3:13:c0:f0:46:51:6d:bf:ea +-----BEGIN CERTIFICATE----- +MIIBcDCCARWgAwIBAgINALWjByWph8ZqE3CENDAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBAQMClVURjhTdHJpbmcx +GDAWBgNVBAQTD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq +4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG +CCqGSM49BAMCA0kAMEYCIQC0stjWy53voM7i8kJHgtp3TI42XgFUTTS4GDmhQUFq +qQIhAO8ndzxbswCuw3aIE9/oN80/Fr1ZJYMqwxPA8EZRbb/q +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectSurnameWrongEncoding.pem b/v3/testdata/subjectSurnameWrongEncoding.pem new file mode 100644 index 000000000..be598d33d --- /dev/null +++ b/v3/testdata/subjectSurnameWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 87:56:ba:6b:cb:7a:5b:1f:0e:b5:48:26 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: SN = IA5String + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:0d:57:db:b2:67:2e:65:19:ce:63:53:70:6a:47: + 3c:04:39:e7:53:87:20:60:06:96:5b:9b:29:f4:03:d7:25:ac: + 02:20:07:a1:fb:68:1b:6b:ea:a3:15:7f:e7:89:13:64:d0:5d: + 6b:3c:03:56:aa:6f:d7:57:0a:f1:00:7b:f5:ab:b3:dc +-----BEGIN CERTIFICATE----- +MIIBUjCB+qADAgECAg0Ah1a6a8t6Wx8OtUgmMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowFDESMBAGA1UEBBYJSUE1U3RyaW5nMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZ +lGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYD +VR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgDVfbsmcuZRnOY1Nw +akc8BDnnU4cgYAaWW5sp9APXJawCIAeh+2gba+qjFX/niRNk0F1rPANWqm/XVwrx +AHv1q7Pc +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectjurCCorrectEncoding.pem b/v3/testdata/subjectjurCCorrectEncoding.pem new file mode 100644 index 000000000..ec102a6f4 --- /dev/null +++ b/v3/testdata/subjectjurCCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + fe:1e:6a:61:05:21:d3:4a:fc:2a:42:57 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: jurisdictionC = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:05:98:30:fd:9e:69:1a:f2:e2:14:0e:28:a1:92: + 48:99:94:98:3b:e7:74:95:77:ed:40:28:de:10:22:e0:2b:a2: + 02:21:00:f7:d7:8d:63:83:b2:d8:4e:95:40:b6:a8:ee:57:73: + 5c:2e:e3:27:b9:3c:bb:72:cf:da:a4:97:56:e9:ca:ea:20 +-----BEGIN CERTIFICATE----- +MIIBYjCCAQigAwIBAgINAP4eamEFIdNK/CpCVzAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMCIxIDAeBgsrBgEEAYI3PAIBAxMPUHJp +bnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzR +yOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/ +QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAw +RQIgBZgw/Z5pGvLiFA4ooZJImZSYO+d0lXftQCjeECLgK6ICIQD3141jg7LYTpVA +tqjuV3NcLuMnuTy7cs/apJdW6crqIA== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectjurCWrongEncoding.pem b/v3/testdata/subjectjurCWrongEncoding.pem new file mode 100644 index 000000000..f4ab2f532 --- /dev/null +++ b/v3/testdata/subjectjurCWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1b:6f:0c:d0:d1:24:8f:e7:93:c5:16:fd + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: jurisdictionC = BMPString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:52:bb:30:1b:86:c8:fd:9b:4a:a8:f4:de:ba:56: + b5:fb:b2:26:04:95:7c:7c:b9:77:68:68:10:5a:48:90:c5:c9: + 02:21:00:c5:8f:a2:59:e3:e7:85:34:2a:84:0f:64:fe:41:87: + f0:54:26:f0:03:af:01:56:2c:d0:08:df:f5:54:8a:b1:3c +-----BEGIN CERTIFICATE----- +MIIBZDCCAQqgAwIBAgIMG28M0NEkj+eTxRb9MAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowJTEjMCEGCysGAQQBgjc8AgEDHhIAQgBN +AFAAUwB0AHIAaQBuAGcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ1ffiaiX1s +HNHI4pcJn28q31UwlwY9BlmUZpLaPvF9Xh8iPDnt8XAkXn0VKuD8b4tphly03BH+ +YT9BcR3FYCsUoxcwFTATBgNVHSAEDDAKMAgGBmeBDAECATAKBggqhkjOPQQDAgNI +ADBFAiBSuzAbhsj9m0qo9N66VrX7siYElXx8uXdoaBBaSJDFyQIhAMWPolnj54U0 +KoQPZP5Bh/BUJvADrwFWLNAI3/VUirE8 +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectjurLCorrectEncoding.pem b/v3/testdata/subjectjurLCorrectEncoding.pem new file mode 100644 index 000000000..d43eed27a --- /dev/null +++ b/v3/testdata/subjectjurLCorrectEncoding.pem @@ -0,0 +1,42 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3b:ac:e1:ff:21:e4:71:37:e5:fe:d5:a6 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: jurisdictionL = UTF8String, jurisdictionL = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:4f:48:36:68:89:4a:9d:62:86:99:99:ca:f5:72: + 8e:1b:1f:66:4e:7a:db:c8:a8:43:0a:9b:7c:59:ca:fd:0a:d1: + 02:21:00:f7:b5:73:b4:90:c5:77:f9:dc:7d:80:2f:02:17:35: + 15:49:d3:de:b5:df:65:f7:f9:69:35:3c:48:18:f5:95:50 +-----BEGIN CERTIFICATE----- +MIIBfjCCASSgAwIBAgIMO6zh/yHkcTfl/tWmMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowPzEbMBkGCysGAQQBgjc8AgEBDApVVEY4 +U3RyaW5nMSAwHgYLKwYBBAGCNzwCAQETD1ByaW50YWJsZVN0cmluZzBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+ +8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQM +MAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIE9INmiJSp1ihpmZyvVyjhsf +Zk5628ioQwqbfFnK/QrRAiEA97VztJDFd/ncfYAvAhc1FUnT3rXfZff5aTU8SBj1 +lVA= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectjurLWrongEncoding.pem b/v3/testdata/subjectjurLWrongEncoding.pem new file mode 100644 index 000000000..ad5a73f7e --- /dev/null +++ b/v3/testdata/subjectjurLWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a5:1b:98:5a:61:8e:fa:4e:1d:db:3a:ea + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: jurisdictionL = BMPString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:cf:38:54:96:6d:9f:aa:4e:54:b9:b5:17:e6: + c5:33:d8:57:7d:62:b4:f3:06:16:ec:f2:a7:bd:45:a8:dc:cb: + bf:02:20:22:3e:7a:37:19:30:58:58:4d:68:f6:66:66:94:51: + e7:60:83:46:fd:68:6b:c6:1f:35:58:b5:8f:d9:91:f1:84 +-----BEGIN CERTIFICATE----- +MIIBZTCCAQugAwIBAgINAKUbmFphjvpOHds66jAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMCUxIzAhBgsrBgEEAYI3PAIBAR4SAEIA +TQBQAFMAdAByAGkAbgBnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9 +bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR +/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwID +SAAwRQIhAM84VJZtn6pOVLm1F+bFM9hXfWK08wYW7PKnvUWo3Mu/AiAiPno3GTBY +WE1o9mZmlFHnYING/Whrxh81WLWP2ZHxhA== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectjurSTCorrectEncoding.pem b/v3/testdata/subjectjurSTCorrectEncoding.pem new file mode 100644 index 000000000..d1714a1ba --- /dev/null +++ b/v3/testdata/subjectjurSTCorrectEncoding.pem @@ -0,0 +1,42 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + bd:36:1c:fc:36:8f:3d:66:2e:02:1e:ee + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: jurisdictionST = UTF8String, jurisdictionST = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:59:42:8f:1a:d0:24:9a:9a:7c:19:09:41:c7:f1: + e8:47:82:c7:1e:8d:94:d6:d5:4c:f9:de:52:7b:c4:6f:19:d1: + 02:21:00:97:8d:85:94:70:18:86:53:38:7b:cf:9d:ba:57:63: + 24:18:13:c1:c6:f9:eb:32:4f:31:bd:38:99:00:50:e8:1b +-----BEGIN CERTIFICATE----- +MIIBfzCCASWgAwIBAgINAL02HPw2jz1mLgIe7jAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMD8xGzAZBgsrBgEEAYI3PAIBAgwKVVRG +OFN0cmluZzEgMB4GCysGAQQBgjc8AgECEw9QcmludGFibGVTdHJpbmcwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAQ1ffiaiX1sHNHI4pcJn28q31UwlwY9BlmUZpLa +PvF9Xh8iPDnt8XAkXn0VKuD8b4tphly03BH+YT9BcR3FYCsUoxcwFTATBgNVHSAE +DDAKMAgGBmeBDAECATAKBggqhkjOPQQDAgNIADBFAiBZQo8a0CSamnwZCUHH8ehH +gscejZTW1Uz53lJ7xG8Z0QIhAJeNhZRwGIZTOHvPnbpXYyQYE8HG+esyTzG9OJkA +UOgb +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectjurSTWrongEncoding.pem b/v3/testdata/subjectjurSTWrongEncoding.pem new file mode 100644 index 000000000..969c81e2a --- /dev/null +++ b/v3/testdata/subjectjurSTWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a1:68:4b:d3:9f:d5:85:6f:62:65:e5 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: jurisdictionST = IA5String + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:e0:47:84:22:ee:9d:fd:89:e5:c1:6b:5d:95: + 27:f3:23:30:44:9b:ff:c2:62:a4:eb:86:d8:01:17:73:1c:31: + a1:02:21:00:d7:85:c0:a3:8a:2b:53:07:ec:63:10:15:74:c2: + 24:0b:62:6e:6f:24:46:d9:c7:de:a3:98:10:62:8f:a8:4e:f2 +-----BEGIN CERTIFICATE----- +MIIBXDCCAQGgAwIBAgIMAKFoS9Of1YVvYmXlMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowHDEaMBgGCysGAQQBgjc8AgECFglJQTVT +dHJpbmcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ1ffiaiX1sHNHI4pcJn28q +31UwlwY9BlmUZpLaPvF9Xh8iPDnt8XAkXn0VKuD8b4tphly03BH+YT9BcR3FYCsU +oxcwFTATBgNVHSAEDDAKMAgGBmeBDAECATAKBggqhkjOPQQDAgNJADBGAiEA4EeE +Iu6d/YnlwWtdlSfzIzBEm//CYqTrhtgBF3McMaECIQDXhcCjiitTB+xjEBV0wiQL +Ym5vJEbZx96jmBBij6hO8g== +-----END CERTIFICATE-----