diff options
| author | Lutz Jaenicke <ljaenicke@phoenixcontact.com> | 2022-06-17 13:11:31 +0200 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2022-06-22 16:58:08 +1000 |
| commit | 386ab7f1fefdd77521e670d9593e9894e2774be0 (patch) | |
| tree | fbbd7e96ac2ed2855506c57af42971424de3776d /test/certs | |
| parent | a6a2dd9f60b3f3e93de1337ee84f9e8f33bc86a8 (diff) | |
Add test cases for verification of time stamping certificates
Test makes sure, that both time stamping certificate according to rfc3161 (no
requirements for keyUsage extension) and according to CAB forum (keyUsage
extension must be digitalSignature and be set critical) are accepted. Misuse
cases as stated in CAB forum are rejected, only exeption is a missing
"critial" flag on keyUsage.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18597)
Diffstat (limited to 'test/certs')
| -rw-r--r-- | test/certs/ee-timestampsign-CABforum-anyextkeyusage.pem | 19 | ||||
| -rw-r--r-- | test/certs/ee-timestampsign-CABforum-crlsign.pem | 19 | ||||
| -rw-r--r-- | test/certs/ee-timestampsign-CABforum-keycertsign.pem | 19 | ||||
| -rw-r--r-- | test/certs/ee-timestampsign-CABforum-noncritxku.pem | 19 | ||||
| -rw-r--r-- | test/certs/ee-timestampsign-CABforum-serverauth.pem | 19 | ||||
| -rw-r--r-- | test/certs/ee-timestampsign-CABforum.pem | 19 | ||||
| -rw-r--r-- | test/certs/ee-timestampsign-rfc3161-digsig.pem | 19 | ||||
| -rw-r--r-- | test/certs/ee-timestampsign-rfc3161-noncritxku.pem | 19 | ||||
| -rw-r--r-- | test/certs/ee-timestampsign-rfc3161.pem | 19 | ||||
| -rwxr-xr-x | test/certs/setup.sh | 11 |
10 files changed, 182 insertions, 0 deletions
diff --git a/test/certs/ee-timestampsign-CABforum-anyextkeyusage.pem b/test/certs/ee-timestampsign-CABforum-anyextkeyusage.pem new file mode 100644 index 0000000000..1ea457e36a --- /dev/null +++ b/test/certs/ee-timestampsign-CABforum-anyextkeyusage.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHjCCAgagAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjezB5MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIHgDAcBgNVHSUBAf8EEjAQBggrBgEFBQcDCAYEVR0lADAN +BgkqhkiG9w0BAQsFAAOCAQEARF7Aal4usByz7BIWnjqvTNoXQBwGOZ+5nuENUbqr +OcMrWTmA9huqOiseVG665VGE+eLvOi6wSZv+8OEWS4nxwmEFkegMDIyQufP85xN2 +XDtsZNiFk1Wwtq7B29F/kZSqL8py650CAQZhqgHCawlvAFj6Datf8OYsqRmdLvjH +DpySBOiv06rtCHR4ThEhvou9Tln6Tb6Ap+sq3/pu4Nf4q/ureqCaSQTS+ayvMuAb +Cg+75Xgvl6nOQSPLkI6YoeA1F0o/51elldCbtfTZM+74btrDnclT3Pyrkp+E63eS +FcNZWN5nxYl5VZGC9DaoO3+3b6VYQoyROBS5tW0ztf5BeA== +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-CABforum-crlsign.pem b/test/certs/ee-timestampsign-CABforum-crlsign.pem new file mode 100644 index 0000000000..cfb6465dbd --- /dev/null +++ b/test/certs/ee-timestampsign-CABforum-crlsign.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGDCCAgCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjdTBzMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIBgjAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG +9w0BAQsFAAOCAQEAKlm2VpIAqs6OEBh8+J8N+wGjn4lzB92H8nPr+UsxeVzbFJAY +ESu9CJFWW9iPjzk6tCu2qwbCQd8jmMbgwHRVekafW6Cpit3qhIE+GZ5bmM7OmRnT +ueNWtMYoh/V+rNtpZcoTvPDcxHuEmh/kKgxqTrZ/7+SlusO2ita6GfOrWgD4Xc3h +djQ1WTSEG/G8PHSnYZ7YEvBhFHAHblaN2AgawexM/mcoWQgOEcQTouMk98zdStp2 ++N+oNmRO4FbKy/vkrSQNly6P+EZKI2ZJ6f6cRB5LDdCXyPcjCC/JqL4/Ota2xnJU +4RX9/X+Uxvvfsc/6dmqy2orJ4KxSlgaHS0Ip2A== +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-CABforum-keycertsign.pem b/test/certs/ee-timestampsign-CABforum-keycertsign.pem new file mode 100644 index 0000000000..6bfc5b6728 --- /dev/null +++ b/test/certs/ee-timestampsign-CABforum-keycertsign.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGDCCAgCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjdTBzMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIChDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG +9w0BAQsFAAOCAQEAXSCrYzwK4/ZfXgURG9nxn1ZJtx/z2TdEyebe6f5YmZE14VxU +cQbLynkydPSntmn60IQWABtueFlTpqOXEfQOxDosN8Nd3L4TkgG/a8mJbuTdfho6 +3NizJzkIxUW7nWiMjrSpkr082HPX/FCbRcg/2oSCOJb5Ap9ZvHpCKtowXGRwcAMW +Yvw5pJDDntklTIWiKqTMo5poKRi4v8Sk/Dh7EwLi8l3e6BlHVx5aBh6l7REj0Stm +j/0HbIBHYLK8+hR32uwA7KoZivgaXxvl0A1DsMGuLZjH+yUd2n7yibqln/Dc2NV8 +aXefMwNqGYnAufJijTmiSdR+CkMex4RYDQgdwQ== +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-CABforum-noncritxku.pem b/test/certs/ee-timestampsign-CABforum-noncritxku.pem new file mode 100644 index 0000000000..850403d272 --- /dev/null +++ b/test/certs/ee-timestampsign-CABforum-noncritxku.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFTCCAf2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjcjBwMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCDANBgkqhkiG9w0B +AQsFAAOCAQEAjQfg65wHwxrd5jBi/Y50BVWb3uvHM/n8y/weOoWP5YXQTUbVqbNT +cxy2SrfDMK4wh5YErwgO9C0yHGBL7fXvnqBqSDnMM2lh9D7DnOQ4K02ZyZLjzkXH +3oprmYKbGSAsifGPuAUhfw8bvhbH1i+gNDxK1g0TcuQhfQ//3vUwIsp5e8ADaFIg +4qCNhvMnv/VkfEpg5hBeVOYSv2ITVhLwkvIKjxEIbfOxj2muglw3fwFhLlAUKp/t +f4i8+OHIMVCQIPpceA/cwmh7HPpLiaQ4EJBWHynb03RwZ8RqZL2tGzg/pZQsjggj +kiZlT3EwSpQjqgBPNLY9DPWMDBCnY+DPWw== +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-CABforum-serverauth.pem b/test/certs/ee-timestampsign-CABforum-serverauth.pem new file mode 100644 index 0000000000..f6fcc13e94 --- /dev/null +++ b/test/certs/ee-timestampsign-CABforum-serverauth.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIjCCAgqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfzB9MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIHgDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDCAYIKwYBBQUH +AwEwDQYJKoZIhvcNAQELBQADggEBACT1ybiBVe+mNC+DSH+8ZG0Ih96OKLiyPNL4 +fA+uCzpn4Ey2cPAnPK/7w0V77dGs7Phpc0LPBj/kVfybhZvJVJDgjnXcdbK1JxUC +zKMRMFP38cE7wyYgsAR6bZilMMsdWAvA+BERd1DoAkePEB3F0/NUj0EP6bDiWE6F +ZtvVyqQYSpmu6VkrxR9lOhUpEzHddNTz2V7QvGcI+8zValG++IluvPHbRL/lFsvV +QjmzuMW8d3+oVycC53bWO6Lj0yX/h6DwP8Tj50w2OgUnV+CmXaxbLNF2sMjM8Omp +YzVRJg2Vqu02KI6QYnwvLHNR6JjGw+OJYHF1DY+GDEEN24BOK8k= +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-CABforum.pem b/test/certs/ee-timestampsign-CABforum.pem new file mode 100644 index 0000000000..7e40e4c82a --- /dev/null +++ b/test/certs/ee-timestampsign-CABforum.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGDCCAgCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjdTBzMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG +9w0BAQsFAAOCAQEAkWshPdAJh5hdpXTqFx3o6UinpCxszJyupHjFzpOoW8FXafva +AgHDjHnbnS7t/haUHb8bDh3qYUBgJM6QvJS2O6rZd1ZRV3+dFevePUcwQXu4w6Zp +vX9GS4v/grpiqc2LKqLekuWIkyxJ0sLjDHcAPb8KTpquCWVWsX9qxPjujyxXBlTc +s9vPQU1j6utbqWPm7LAURebJCNBxHz/IgC0gp+1ln7LP97gkGz/bDQYOLeDsNXz4 +3YpIyRoSTJTnjeotfXhYL2Sak2z0KGtZS5S2BgDv0xjYMprGbJ7JbbSty1Os0I8w +Wfw9muf+O/IStl6or/QbWRde6sTr4En7BdObWg== +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-rfc3161-digsig.pem b/test/certs/ee-timestampsign-rfc3161-digsig.pem new file mode 100644 index 0000000000..50c05fe875 --- /dev/null +++ b/test/certs/ee-timestampsign-rfc3161-digsig.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFTCCAf2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjcjBwMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MAsGA1UdDwQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG9w0B +AQsFAAOCAQEAUHC/kPMTXWZHVsHbIYuqitxgvfplpvTf9FEeoo7RjzY4Zb9xymOt +EeBHfz0HMMIz6c0eV/Y0cfqEBSWf263qRTN+b1XgFaAP30JII3Okxfv7ul8kxvD2 +f22z4+h471FkeH4ZvQ6tD1mwiBcZbXm9g4fRn+WIQfhNY+JaKkespA7diG8i1hSm +/3wc0k/U155vBAmrfIGyUFZzewkt18qnOYQVEw+TPHeV5yd6yrbUQs55CafqEwFV +U9Fb781PIXAw2lKMnoID9/Mm9k5HlQgJ5+bYlRQQhfvfHVv/1WHDlwxE+1L9t1g3 +khZmeRPu1hDAMS5TFaO2lHTRvTTUexsICw== +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-rfc3161-noncritxku.pem b/test/certs/ee-timestampsign-rfc3161-noncritxku.pem new file mode 100644 index 0000000000..9a94846f18 --- /dev/null +++ b/test/certs/ee-timestampsign-rfc3161-noncritxku.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBTCCAe2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjYjBgMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBCwUAA4IBAQBrivg4yDW+ +SeLTjEPEhVmSHgJ7CTnU6wJxZKXDLGhTi3dB7yrBMMy7F0Vmbz/Pg+xxZIsOeMzt +uPi196nfbilHN+sIjn847i06KJgTuQhr13lzy3ky3UIQ5TIWWfaEkz/+mr7zcRD3 +i37GpPSTWOpbmNsZELHuowtpaHLCnaG0SGJoKLJX/DOUsRNKyAHL3eFPwF+w89dK +7YMikdPWW39gLcjCLMtI0M179a8woW1oNHAUCsIUabiRLI8GzUumyO2hPqhTXRMq +FKABr+H2uuRN+MPTZun9g/QLZBqY4sADDI3ko7OYWHwjYeDaqzNWs1T6R7d7+SsO +ws2OW3INcQC8 +-----END CERTIFICATE----- diff --git a/test/certs/ee-timestampsign-rfc3161.pem b/test/certs/ee-timestampsign-rfc3161.pem new file mode 100644 index 0000000000..3a49fe8208 --- /dev/null +++ b/test/certs/ee-timestampsign-rfc3161.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCDCCAfCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMjA2MTcxMDU4MzBaGA8yMTIyMDYxODEwNTgzMFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjZTBjMB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBCwUAA4IBAQB7UIs8 +nTM63TDe8tO+isxz5d0WWIn/DCdBPw9t2BNJ4KsgaaP6TPLeQBU4M5+fp7kNV5Re +mphQxwl/DMTvMtbqkVVrN2HOTXYoLi/SoOck7oGU+YwOhocxAZHxvZlqrUxCVZEb +kQOsosfFNE0PhPdF2UuHC8h/wmjEb1hgSAz2JlKzW2dATb8OOm+5iqzSQwGB0nKj +cGTo+K0DDYGrL9iZnGpjT6S4Nhk8opfrCgJyd/E2BB050yrhU/7QUAtBpSt3rdke +V6LiW+y6+CiH4OpEnxtuWI42Bq8KBxFgMNOhOvC2dBcmciE6oPFslOLCF17DzEPO +9YE9aULDF/HfXbMR +-----END CERTIFICATE----- diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 2a505c5895..2f4becbab7 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -174,6 +174,17 @@ openssl x509 -in ee-client.pem -trustout \ openssl x509 -in ee-client.pem -trustout \ -addreject clientAuth -out ee-clientAuth.pem +# time stamping certificates +./mkcert.sh genee -p critical,timeStamping -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum ca-key ca-cert +./mkcert.sh genee -p timeStamping -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum-noncritxku ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping,serverAuth -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum-serverauth ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping,2.5.29.37.0 -k critical,digitalSignature server.example ee-key ee-timestampsign-CABforum-anyextkeyusage ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping -k critical,digitalSignature,cRLSign server.example ee-key ee-timestampsign-CABforum-crlsign ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping -k critical,digitalSignature,keyCertSign server.example ee-key ee-timestampsign-CABforum-keycertsign ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping server.example ee-key ee-timestampsign-rfc3161 ca-key ca-cert +./mkcert.sh genee -p timeStamping server.example ee-key ee-timestampsign-rfc3161-noncritxku ca-key ca-cert +./mkcert.sh genee -p critical,timeStamping -k digitalSignature server.example ee-key ee-timestampsign-rfc3161-digsig ca-key ca-cert + # Leaf cert security level variants # MD5 issuer signature OPENSSL_SIGALG=md5 \ |