From 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26 Mon Sep 17 00:00:00 2001 From: mtg Date: Tue, 4 Feb 2020 17:45:58 +0100 Subject: [PATCH 01/21] lint about the encoding of qcstatements for PSD2 --- .../lint_qcstatem_psd2_psd2statem_encoding.go | 54 +++ ..._qcstatem_psd2_psd2statem_encoding_test.go | 57 ++++ .../EvAltRegNumCert56JurContryNotMatching.pem | 28 ++ .../EvAltRegNumCert57NtrJurSopMissing.pem | 28 ++ testdata/QcStmtPsd2Cert01InvalidRoles.pem | 29 ++ testdata/QcStmtPsd2Cert03MissingRolesOid.pem | 29 ++ testdata/QcStmtPsd2Cert05Valid.pem | 29 ++ testdata/QcStmtPsd2Cert07MissingRoleName.pem | 29 ++ testdata/QcStmtPsd2Cert08NcaNameMissing.pem | 28 ++ .../QcStmtPsd2Cert09NcaNameZeroLength.pem | 28 ++ testdata/QcStmtPsd2Cert10RoleNameMissing.pem | 29 ++ .../QcStmtPsd2Cert11RoleNameZeroLenght.pem | 29 ++ ...QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem | 29 ++ testdata/QcStmtPsd2Cert14Valid.pem | 28 ++ .../QcStmtPsd2Cert15NcaIdInconsistent.pem | 29 ++ .../QcStmtPsd2Cert17NcaIdInconsistent.pem | 28 ++ ...QcStmtPsd2Cert22NcaNameWrongStringType.pem | 29 ++ ...tPsd2Cert23Psd2ExtNcaIdWrongStringType.pem | 29 ++ .../QcStmtPsd2Cert24RoleNameIllegalChars.pem | 29 ++ testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem | 29 ++ testdata/QcStmtPsd2Cert27RoleNameNull.pem | 29 ++ testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem | 29 ++ testdata/QcStmtPsd2Cert30Valid.pem | 29 ++ testdata/QcStmtPsd2Cert31Valid.pem | 29 ++ testdata/QcStmtPsd2Cert39Valid.pem | 29 ++ testdata/QcStmtPsd2Cert40Valid.pem | 29 ++ util/alt_reg_num_ev.go | 137 ++++++++ util/misc.go | 22 ++ util/oid.go | 56 ++-- util/qc_stmt.go | 313 +++++++++++++----- 30 files changed, 1225 insertions(+), 104 deletions(-) create mode 100644 lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go create mode 100644 lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go create mode 100644 testdata/EvAltRegNumCert56JurContryNotMatching.pem create mode 100644 testdata/EvAltRegNumCert57NtrJurSopMissing.pem create mode 100644 testdata/QcStmtPsd2Cert01InvalidRoles.pem create mode 100644 testdata/QcStmtPsd2Cert03MissingRolesOid.pem create mode 100644 testdata/QcStmtPsd2Cert05Valid.pem create mode 100644 testdata/QcStmtPsd2Cert07MissingRoleName.pem create mode 100644 testdata/QcStmtPsd2Cert08NcaNameMissing.pem create mode 100644 testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem create mode 100644 testdata/QcStmtPsd2Cert10RoleNameMissing.pem create mode 100644 testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem create mode 100644 testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem create mode 100644 testdata/QcStmtPsd2Cert14Valid.pem create mode 100644 testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem create mode 100644 testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem create mode 100644 testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem create mode 100644 testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem create mode 100644 testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem create mode 100644 testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem create mode 100644 testdata/QcStmtPsd2Cert27RoleNameNull.pem create mode 100644 testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem create mode 100644 testdata/QcStmtPsd2Cert30Valid.pem create mode 100644 testdata/QcStmtPsd2Cert31Valid.pem create mode 100644 testdata/QcStmtPsd2Cert39Valid.pem create mode 100644 testdata/QcStmtPsd2Cert40Valid.pem create mode 100644 util/alt_reg_num_ev.go create mode 100644 util/misc.go diff --git a/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go b/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go new file mode 100644 index 000000000..c8e767b0c --- /dev/null +++ b/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go @@ -0,0 +1,54 @@ +package etsi + +/* + * ZLint Copyright 2020 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +import ( + "github.com/zmap/zcrypto/x509" + "github.com/zmap/zlint/lint" + "github.com/zmap/zlint/util" +) + +type qcStatemPsd2Pd2StatemEnc struct{} + +func (l *qcStatemPsd2Pd2StatemEnc) Initialize() error { + return nil +} + +func (l *qcStatemPsd2Pd2StatemEnc) CheckApplies(c *x509.Certificate) bool { + if !util.IsExtInCert(c, util.QcStateOid) { + return false + } + _, isPresent := util.IsQcStatemPresent(c, &util.IdEtsiPsd2Statem) + return isPresent +} + +func (l *qcStatemPsd2Pd2StatemEnc) Execute(c *x509.Certificate) *lint.LintResult { + qcs := util.ParseQcStatem(util.GetExtFromCert(c, util.QcStateOid).Value, util.IdEtsiPsd2Statem) + if qcs.GetErrorInfo() != "" { + return &lint.LintResult{Status: lint.Error, Details: qcs.GetErrorInfo()} + } + return &lint.LintResult{Status: lint.Pass} +} + +func init() { + lint.RegisterLint(&lint.Lint{ + Name: "e_qcstatem_psd2_psd2statem_encoding", + Description: "This test checks that a PSD2 QcStatement has the correct encoding.", + Citation: "ETSI TS 119 495, 'Annex A (normative): ASN.1 Declaration'", + Source: lint.EtsiEsi, + EffectiveDate: util.EtsiEn319_412_5_V2_2_1_Date, + Lint: &qcStatemPsd2Pd2StatemEnc{}, + }) +} diff --git a/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go b/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go new file mode 100644 index 000000000..4f4295a42 --- /dev/null +++ b/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go @@ -0,0 +1,57 @@ +package etsi + +/* + * ZLint Copyright 2020 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +import ( + "github.com/zmap/zlint/lint" + "github.com/zmap/zlint/test" + "testing" +) + +func TestQcStatemPsd2Encoding(t *testing.T) { + m := map[string]lint.LintStatus{ + "QcStmtPsd2Cert01InvalidRoles.pem": lint.Pass, + "QcStmtPsd2Cert03MissingRolesOid.pem": lint.Error, + "QcStmtPsd2Cert05Valid.pem": lint.Pass, + "QcStmtPsd2Cert07MissingRoleName.pem": lint.Error, + "QcStmtPsd2Cert08NcaNameMissing.pem": lint.Error, + "QcStmtPsd2Cert09NcaNameZeroLength.pem": lint.Error, + "QcStmtPsd2Cert10RoleNameMissing.pem": lint.Error, + "QcStmtPsd2Cert11RoleNameZeroLenght.pem": lint.Error, + "QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem": lint.Error, + "QcStmtPsd2Cert14Valid.pem": lint.Pass, + "QcStmtPsd2Cert15NcaIdInconsistent.pem": lint.Pass, + "QcStmtPsd2Cert17NcaIdInconsistent.pem": lint.Pass, + "QcStmtPsd2Cert22NcaNameWrongStringType.pem": lint.Error, + "QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem": lint.Error, + "QcStmtPsd2Cert24RoleNameIllegalChars.pem": lint.Error, + "QcStmtPsd2Cert26RoleOidAsUtf8Str.pem": lint.Error, + "QcStmtPsd2Cert27RoleNameNull.pem": lint.Error, + "QcStmtPsd2Cert28NcaNameIa5Str.pem": lint.Error, + "QcStmtPsd2Cert30Valid.pem": lint.Pass, + "QcStmtPsd2Cert31Valid.pem": lint.Pass, + "QcStmtPsd2Cert39Valid.pem": lint.Pass, + "QcStmtPsd2Cert40Valid.pem": lint.Pass, + "EvAltRegNumCert56JurContryNotMatching.pem": lint.NA, + "EvAltRegNumCert57NtrJurSopMissing.pem": lint.NA, + } + for inputPath, expected := range m { + out := test.TestLint("e_qcstatem_psd2_psd2statem_encoding", inputPath) + + if out.Status != expected { + t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status) + } + } +} diff --git a/testdata/EvAltRegNumCert56JurContryNotMatching.pem b/testdata/EvAltRegNumCert56JurContryNotMatching.pem new file mode 100644 index 000000000..222e0aced --- /dev/null +++ b/testdata/EvAltRegNumCert56JurContryNotMatching.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIExzCCA6+gAwIBAgINAmI1p32s9ypT5AANZzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjCB +oDEMMAoGA1UECgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhl +c3NlbjELMAkGA1UEBhMCREUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9u +MRcwFQYDVQRhDA5OVFJERS0xMjM0NTY3ODERMA8GA1UEBRMIMTIzNDU2NzgxEzAR +BgsrBgEEAYI3PAIBAwwCR0IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDCDYFxtJQFvM+ZiqpiCPIuY7IeRvkrhZjDg9DOJq12j1znWwUgJSYyGcIkirpp +o+vKEKTzz7XGHvZwWJZbiFJqiEIzhbjGFkhPAUU5P+FquQa17zfbeZ5QkFdDW4vD +NQ2zQfQbwkp/GDw5LU+/K6VxB3MzAOWNNp7+j3LFclYIzIa277ri/Ztcxi2U7S1k +JHfmZ01i25QuKY7dHXrKvGj7FSyAVtPd5zqPmBgUSxHZxAEfuXrQ2a1pEQX2Dq5f +/M3Gs8tNro5FGAqowEARKNzNn3omZ1pHgJvZTPfaX20TgxqRktG5RPdya5dHdHFw +gNPWc792M1xwuG+HNz5+jnXlAgMBAAGjggFcMIIBWDAfBgNVHSMEGDAWgBQMXpz+ +ukshbAQdwlq344hfWd5MEjAdBgNVHQ4EFgQUDmuqg6myTVyFzbHSL4f3IMs2Qzsw +DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4 +YW1wbGUuY29tMGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDovL2Nh +LmV4YW1wbGUuY29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AuZXhh +bXBsZS5jb20vb2NzcDBZBgNVHSAEUjBQMAcGBWeBDAEBMEUGCisGAQQBvUcNGAEw +NzA1BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxlc2VjLmRlL3NlcnZlcnBhc3Mv +Y3BzLmh0bWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4IBAQBftKEeTH458M79Zrhf9voF8wTGIh5AEuA8JT/bN2wQDuyqeqme +/QuUX7CIu2WwsPbz8CFe2Q1SKPM5gMlTGufb/beha4zCWqM8NXb4t/hSNDkD9226 +s5FW3lT3TzbDRwl+eykrsIUDWEIYyvg6JI7gK/512QbeTn131lIkUkBnuZ9b7kN3 +cPQ0ekicrCk8FjZz3/H21m7BdvSTF0OmBUseTcrH3azKwqn2AH/RAetJmI9W7HQE +hUunPKM+dSW/NQUD9B1DMs9c8W18vOWnnr5BfzS7kyIxh/Td77wQfyGlMaBeYoq7 +uoXjjS8CsVd+Avbhpda+47g9jZQ94Hcyg96o +-----END CERTIFICATE----- diff --git a/testdata/EvAltRegNumCert57NtrJurSopMissing.pem b/testdata/EvAltRegNumCert57NtrJurSopMissing.pem new file mode 100644 index 000000000..e4a944a98 --- /dev/null +++ b/testdata/EvAltRegNumCert57NtrJurSopMissing.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyjCCA7KgAwIBAgINAlEr+EzD49s1YT1+/jANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjCB +ozEMMAoGA1UECgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhl +c3NlbjELMAkGA1UEBhMCREUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9u +MRowGAYDVQRhDBFOVFJERStIRS0xMjM0NTY3ODERMA8GA1UEBRMIMTIzNDU2Nzgx +EzARBgsrBgEEAYI3PAIBAwwCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDCDYFxtJQFvM+ZiqpiCPIuY7IeRvkrhZjDg9DOJq12j1znWwUgJSYyGcIk +irppo+vKEKTzz7XGHvZwWJZbiFJqiEIzhbjGFkhPAUU5P+FquQa17zfbeZ5QkFdD +W4vDNQ2zQfQbwkp/GDw5LU+/K6VxB3MzAOWNNp7+j3LFclYIzIa277ri/Ztcxi2U +7S1kJHfmZ01i25QuKY7dHXrKvGj7FSyAVtPd5zqPmBgUSxHZxAEfuXrQ2a1pEQX2 +Dq5f/M3Gs8tNro5FGAqowEARKNzNn3omZ1pHgJvZTPfaX20TgxqRktG5RPdya5dH +dHFwgNPWc792M1xwuG+HNz5+jnXlAgMBAAGjggFcMIIBWDAfBgNVHSMEGDAWgBQM +Xpz+ukshbAQdwlq344hfWd5MEjAdBgNVHQ4EFgQUDmuqg6myTVyFzbHSL4f3IMs2 +QzswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3 +LmV4YW1wbGUuY29tMGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDov +L2NhLmV4YW1wbGUuY29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3Au +ZXhhbXBsZS5jb20vb2NzcDBZBgNVHSAEUjBQMAcGBWeBDAEBMEUGCisGAQQBvUcN +GAEwNzA1BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxlc2VjLmRlL3NlcnZlcnBh +c3MvY3BzLmh0bWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqG +SIb3DQEBCwUAA4IBAQBmq3MNz+GEqMIqOC1IB06DEjtAFHmbqr9uhxSpUM3VuK9y +jm+upuoZCwXFmEeyRXgjKbVFi6aLcMvyhLKfqntQKP517y/baEOeAV+GHUOYg+Gl +ihXze5o/nZAokPm9/b8D0hciqbxte7UlGaTu9wWKscVpDdjsuClNhaM7QD07LbTG +biAk5cbnQNTKqW0VCCU0LgEPBpbugydWDHkv8a5h0r13jiab3U7sfiX/Zq0rDP+i +MPNIYi/a9b/lxZ+TbFbZ1Q1PSW1dmhLvnXWcCVQ6VW2XwcbNkJyVvbJF3KJXMu7S +djvSAK3WrQazO/XhXQluDOMosMZYJZH4CuLLrHxe +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert01InvalidRoles.pem b/testdata/QcStmtPsd2Cert01InvalidRoles.pem new file mode 100644 index 000000000..f0af97ff8 --- /dev/null +++ b/testdata/QcStmtPsd2Cert01InvalidRoles.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINDAL9Kp25SRT/zD2oHzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEBDAZQU1BfUEkMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBACBOt6QdjgWK2amsIFmmf9t7cnwtpigTe3BLnEmsPAPw0TBU +5G0pg1Utep7dvr0k++lMMqAHyxGZ8eUxjxXn/VUFTRisvwuk0GcDiYh7j9D/uyTH +sgD5IOvuADWcxHQ6kRyAWVqu5eLrUIy0l21SfpU1WGLiqCG14RzzljDe7jgWR4vu +KUbk4/LWavRCEXPejDJ7MvQ6Q8Jwj4tzdFZXUdwxQUJ/yp6pwNO3+qka7qi5rHD8 +8tNBPyUevV37humsLjfDzHFINs9D1BMDqZixdGAfOr/rMdw6pUlAUM0nFciYEK6z +sOJ9fnJcGTKWjJeC8XKoOPWyB0Ie0pPy21M5hxQ= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert03MissingRolesOid.pem b/testdata/QcStmtPsd2Cert03MissingRolesOid.pem new file mode 100644 index 000000000..957666e36 --- /dev/null +++ b/testdata/QcStmtPsd2Cert03MissingRolesOid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgINCtgGQhhiIWmoUdvtzDANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbYwggGyMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkQYIKwYBBQUHAQMEgYQwgYEw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSQYGBACBmCcCMD8wCjAIDAZQU1BfUEkMJ0ZlZGVyYWwgRmluYW5jaWFs +IFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZIhvcNAQELBQAD +ggEBAAxFzpMwgr+aUxhBzrpsvpZDfaARHczbaPcJmi2h6rThbUFjYbrfssZmiZDq +e5g/4yaRPlKHZFU8yofcAs7hiFQNnKCgK4WlZ9gXe0yylXks6Hn2M2lDMWIk3HmF +ZwsTjyoNbbhW2x70Ewaa2NIWcf+4zK3qGBf4wXqmlhrWsA7EEzswFEUG25qoga2f +NXfJkBKWON7S4K3Bwddull8g2Sl+gJpGlwXlSu1hAV6tBqzH3JniV9AYP3SXAyRQ +S0TalMJ6wkEz+qBxao9+M4E64Q7jgVJbGKvoCgKiTKCbvd24AQDZPgGJspz+3NQR +0DINDw9My5opjNMyB+x4K+Hxtl0= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert05Valid.pem b/testdata/QcStmtPsd2Cert05Valid.pem new file mode 100644 index 000000000..cae24dcf4 --- /dev/null +++ b/testdata/QcStmtPsd2Cert05Valid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINCqVMvI3ItM3g3XV2cDANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEBDAZQU1BfQVMMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBABmbFutzBZssZnMzUDMYf0bYgStey6CMddV4rKhhUDBqxG9s +xg+xLbXNmEHdJ6lScRK3h2mQ222vPsebLguitcisaqAMIDInYfRS657yEXmSedjy +WIVSrtCaAACYoCwOPEymnjra7WsRu2WZZ+5zk7floDx6o5QXLd73DOJrqr/r6pL9 +NPf5e7g+vlVqAGQhC6Z0s7ri5XInPBeZEMox2Au2ZF/UWNRf00MnRvnYAl2TkDSw +HcbU6L8BtzLxJlZmKw33BfTmi++QOmSPZjpELpnpUamrDmKuFlxu5/QBVz6RS/sX +5tZkQTPg6UtFlkStg9LLJEkEvdT0xMkRvczzTPM= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert07MissingRoleName.pem b/testdata/QcStmtPsd2Cert07MissingRoleName.pem new file mode 100644 index 000000000..2de38a3d8 --- /dev/null +++ b/testdata/QcStmtPsd2Cert07MissingRoleName.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8TCCA9mgAwIBAgINAn34kicX+AdEJqPEXDANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbcwggGzMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkgYIKwYBBQUHAQMEgYUwgYIw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSgYGBACBmCcCMEAwCzAJBgcEAIGYJwEEDCdGZWRlcmFsIEZpbmFuY2lh +bCBTdXBlcnZpc29yeSBBdXRob3JpdHkMCERFLWJhZmluMA0GCSqGSIb3DQEBCwUA +A4IBAQAHzTrdqGrwO0YNlzUBybkgaiaRR+iTfpe1gBHwOoL3hE6u1xowj3WozX6b +dXi+wT4jiy6ipsSCUE2sMwhBCIGRnuuJzlD6tIqJ88tAL0E13TvL2iW6IvH9pUM6 +ZMfEh7ejIXe2KRPX0lCuaiTwGXZy6B4EEt/vB5kdoqoDDLx7zDYUKyoUetN9bl75 +X5EjnpmZ1b+vgVCui261HFmwCg+ZxEFmbsmx3+CndOvFUygih9bdhIEj6Y6tlZS+ +S958XsWQwdwWnPIICt68yCxjYZfQ5fOiQa4OfoZ82uekJTr7pM63JwAk97GPt+MH +AFexiknCl6FRVuyRQHXkQkQMSfdG +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert08NcaNameMissing.pem b/testdata/QcStmtPsd2Cert08NcaNameMissing.pem new file mode 100644 index 000000000..f9dae78e9 --- /dev/null +++ b/testdata/QcStmtPsd2Cert08NcaNameMissing.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzTCCA7WgAwIBAgINBgcQn55ngMeNmOZhpzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZMwggGPMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBvBggrBgEFBQcBAwRjMGEwCAYG +BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ +AQIwKQYGBACBmCcCMB8wEzARBgcEAIGYJwEDDAZQU1BfQUkMCERFLUJBRklOMA0G +CSqGSIb3DQEBCwUAA4IBAQBNkBaX1LmQuC7jw/X6iuBwYCvMwCUMjudBa3whU0U0 +jSh8VlzcBAu4dYGglyzhEjibGtHjBR+VW3mels1PCTIe6B4BPsIwnZ3zttjEBHM+ +H/uaShVU+61Cy6xOCGUR0NVyzWThwn0qwi6po0Qqn8+sW53tfTORsXmqaCzmlnDl +LiVJIY4eJYb1iuEucQdJ3KUWduJsJFJHOO+CoJKsoan+1g2cK/3NZC+eLR/e9aC/ +s8SnyGIBf2JxXXDQUY1Nx6Gb7b39Za/Ta6Hzu7Ue1FG/YY3vOwHnESAzmNYV1XiR +QLtIJbag45xPMWzQV5afp0gXRRX4hNE+DkZ52zWBMFTs +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem b/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem new file mode 100644 index 000000000..3f4f4d268 --- /dev/null +++ b/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzzCCA7egAwIBAgINDsKzMgts5dOILcyZyzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZUwggGRMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBxBggrBgEFBQcBAwRlMGMwCAYG +BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ +AQIwKwYGBACBmCcCMCEwEzARBgcEAIGYJwECDAZQU1BfUEkMAAwIREUtQkFGSU4w +DQYJKoZIhvcNAQELBQADggEBAE+Iv9mf7sZBgnYSg739dk8uHRPpNnkkO6cxDvaq +q0CxylX66XdUoXMytvjVB1I+C2u5tmCVYcZYtv+Rm1ctA5FPsgbJNb8BkKH7wNC4 +Z64YSpdDA5hN3S1tudAKlG0JsXZUpOoevDVqqaONnBeQL9aZSF71nFDiRPWGy/Ox +CCYcQINdgRw6KU66b33Qez9oedRvv9SzAQv265H5ACZXJ+d8j0iVypGKUGxhqeQT +/6o1Eg35srYKyEtkYXBk3rOycxrz9Ux6ZhACzbi3v2MgiBVh5MdYuUn2WlBsb9tw +F7avtF38ETrRpx4q8AysD/vckODyvN6zB3PTEeJPS8o7Yr0= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert10RoleNameMissing.pem b/testdata/QcStmtPsd2Cert10RoleNameMissing.pem new file mode 100644 index 000000000..b6cf298bb --- /dev/null +++ b/testdata/QcStmtPsd2Cert10RoleNameMissing.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgINDxPCnUBqjv5Cn7YVoTANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbYwggGyMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkQYIKwYBBQUHAQMEgYQwgYEw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSQYGBACBmCcCMD8wCjAIDAZQU1BfQUkMJ0ZlZGVyYWwgRmluYW5jaWFs +IFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZIhvcNAQELBQAD +ggEBAAtdv0K46jF555M5IUa//iLMk6bXnqrlBEjbuVMAD2Rq6FvIE56ug4YQfYWI +85f07JhCnnKdw1npx9wF9avLWNggmNpXTPdF10iCXAE4vYEOtVy8xjYgMPk2swoc +VgAzDZQSPAj8nNQSEgYlpLv5o8IQPBMbP6uKjjDilVHEpIPclDlIhx7tfPtGG4/9 +Pvx2FKtnD52Zr5qQvL85IC5Qy2xIIiznLt2p5E131EssZ1zCHDqzo3mYp1YS81Jj +lowIZUtEICht7f0Ju2/RaKgdwivJ2jKHOh23DNkPWsQDbqgMZS2oQCEgikVu4f3d +6fHt4nGCpQGc6jJg2H3n2KR3O9w= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem b/testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem new file mode 100644 index 000000000..934ed5e64 --- /dev/null +++ b/testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE7DCCA9SgAwIBAgINCGnzNrzLAvsCbWMwJjANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbIwggGuMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjQYIKwYBBQUHAQMEgYAwfjAI +BgYEAI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL +7EkBAjBGBgYEAIGYJwIwPDANMAsGBwQAgZgnAQEMAAwnRmVkZXJhbCBGaW5hbmNp +YWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAJERTANBgkqhkiG9w0BAQsFAAOCAQEA +PimK2OFIHTC2lWv6+xN0lUg6cdlyZk1T7N3iBF90WogG1HjDCKnYlILcvOM581p2 +xleu1orGL/VAcJg0Te9rl9Z4ju6z1b4XsjFXSY1QBMxI8gWP2axFYlxcjRS7sMjk +m7lzQL63qGAJm76Gr1Xatcx7peqwgOMmmLN9e0WES+4z2aw2CksUgsaQ2ouzER4r +hXJtVCemhzNKcbeA+8yROD0ROenqDCNqcAGIGJ4YNSp90Wlp63baxu6u3PJgMr9S +L6sZzaimaFEPY6ggiw7PiYAKxmsybKFBXGJBPEaZ5MB4fDGKbe4nEGiEsM56IMBq +7DMKNBB67j4txmUg2xtd6w== +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem b/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem new file mode 100644 index 000000000..e723cbf4f --- /dev/null +++ b/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8TCCA9mgAwIBAgINA3NeFoI2mquIfvSjvjANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbcwggGzMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkgYIKwYBBQUHAQMEgYUwgYIw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSgYGBACBmCcCMEAwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwAMA0GCSqGSIb3DQEBCwUA +A4IBAQBakOYgnqxhHxCk7/HBK5GOhLc3Cof9e//jriIvA1jjhFO+iO+e1pVMZ9tK +7VFMBSe+v0XzN9oVuSEGdldebMhAnLBzr+ERhzljvXaCuHzh96u2MDbSeErfF4h9 +25BAoeuaglKoUCR/q1w8QMiwW3IxlbdWMeUc3HAVFSSBZtxAqfh6WE5xUaBJBWw5 +b8dixcQcDN9XsedCiZsjIzPUNldc4uQBEplqFbetVjUGyPVgpzwMyHorCyE4kadi +UXX2GNt7erIUgEme0Egmu1J3/R7lkNjXKtfpejTuxLtV6YyF+K5l2ZsWKbDUHNFI +46Tksr06JcmMw6kpWU52vEAh+n4V +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert14Valid.pem b/testdata/QcStmtPsd2Cert14Valid.pem new file mode 100644 index 000000000..98c54da2b --- /dev/null +++ b/testdata/QcStmtPsd2Cert14Valid.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIE1DCCA7ygAwIBAgIND53/U08Ff4UyfPa79TANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZowggGWMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BggrBgEFBQcBAwRqMGgwCAYG +BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ +AQIwMAYGBACBmCcCMCYwEzARBgcEAIGYJwEEDAZQU1BfSUMMBTEyMzQ1DAhERS1C +QUZJTjANBgkqhkiG9w0BAQsFAAOCAQEAHlh68mckSyslsm2Q+in8TW3yFhjZ2/6n +1D/vPzja0LUblklNwKN0Zxa3TsWkKCZh5E/CwaLps/oxNUXDf273I9EFTnaNY0wO +2bcTbwQxkeNKZ7OHcQll8swdD3vhl8koAKAvHPuGJC71orWoc4Cbz6utm2e+IU4X +U1t2PgMPH7GhN/TL/Cqz0xbIcRqkmfLI6dcmckQX+HNBenh546iT/kDY3k6g6tEH +IPHj50A1vgksji5LrLfFhiwMx0X5t/1bPYQaZMKwg8w/mr48ql0gLT48UnLPt2jg +hMklwbWsMn8tTAWqQ3CzGKtgmJO9RWWFyU/jct+Hr7kFrzPG+j4bPg== +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem b/testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem new file mode 100644 index 000000000..1952466e3 --- /dev/null +++ b/testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE6TCCA9GgAwIBAgINBXNwOIJE9ou2P9JaNzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAa8wggGrMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBigYIKwYBBQUHAQMEfjB8MAgG +BgQAjkYBATATBgYEAI5GAQYwCQYHBACORgEGAzAVBggrBgEFBQcLAjAJBgcEAIvs +SQECMEQGBgQAgZgnAjA6MBMwEQYHBACBmCcBAgwGUFNQX1BJDBtGaW5hbmNpYWwg +Q29uZHVjdCBBdXRob3JpdHkMBkdCLUZDQTANBgkqhkiG9w0BAQsFAAOCAQEAcGLh +qmW9M1HA0kJnhoIcZddPgTSmKgoIhUwPrNJ1R7RJUMkRbJLOGZAOIMz82jUY2pAv +IvtrxSZ9Kj0WeXtNnQ/39TMUogy8rxD3COJCD/n7Jr4vNYYyEeE3WLFMiS9UNJI7 +HPVfknp22f8TRYKYdm7jNqZu8IjFmMp8rBZQgatkEOc01/M2ZlOmbZp4kMcR+QFy +j1emYPjdiT/Sbn2KWFGnbsC9zfSYMr+qri0N9QiS27NJ4Uaj13qj9cvkLHYxuBBp +0SQDYNiU5b10BhonOHuHnf3g9InsIuA6lZibMNIrm+mbJa0YprZBNFesx7gSlrn0 +mA9viD0AJ4F3YeNX4A== +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem b/testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem new file mode 100644 index 000000000..1cb4a6195 --- /dev/null +++ b/testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIE2zCCA8OgAwIBAgINDR5bwZZ7Cncsu6inkDANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAaEwggGdMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB9BggrBgEFBQcBAwRxMG8wCAYG +BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ +AQIwNwYGBACBmCcCMC0wEzARBgcEAIGYJwEBDAZQU1BfQVMMDU5hdGlvbmFsIEJh +bmsMB1hYLUJBTkswDQYJKoZIhvcNAQELBQADggEBAAhb9Cz45JCQPBJU8DjR7uJi +sCMn79Q3Pu+TbnmR29blkyx/xw3ZuunwgeNXr8hb7+fKRBfXPrtPw/2DtndCIb52 +hbXM98OYoDFyjI3jHhkylce0fyEMrUTGkch63AsI99J2+WPw29hI/tRDoyoX9B6o +YFMHwyEA0En8WzohlhmJ1pBRU3AVeZOB2iIwj4P4yMSw6GzO/JiVFKqiFNRUm4Tc +7bgWDyOJhqnmK0bC5FShD8MwcncBi8YXrtrOC3hiKI4ZM2VVzEtUowMa4ovPDvW+ +lYxzWRwGCFXs8yF/YByhKD5n7Ydj9TtGvLCY89BsI3lvqda19IZwCn70xdlEkUA= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem b/testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem new file mode 100644 index 000000000..5730e39c8 --- /dev/null +++ b/testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINDCggDdySs4DXGHyRDjANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEEDAZQU1BfSUMTJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBAD7xK3mri61c067i8K6ydtJ0iB/vNYWfP+6BJSPhK2idZ/n4 +MJJTJzJqLmyUrYUjP6QlQmwxS/El81y8VpuXpE3BoOGu7+GSSvcCv7zt9e7tRYmU +TFHK1+yZ18j3g7AzGJIpCT4eKTyGQVPJnhHuZBXdgLcepuyedQ/lg/CCCgVomKmv +04JIUdIoQWVKNGne3rcbjay3g93fnDQ3sWtZEF8j6rQdExBHjZtipkG5TxeOYpg4 +ybC71MTPx3TAa6qFDWUJCqa7oggjS4ew763UR43rvnm3NPwyWvUmnHD47LjzJwBG +KlRvIJttjr6046IX4LxCA+yCo1IdMOBdcaNonF0= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem b/testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem new file mode 100644 index 000000000..8a264eafb --- /dev/null +++ b/testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINDbqKQigFQMGjP0MDWjANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwECDAZQU1BfUEkMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eRMIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBAAlJKsrS/tv3xWC+PcCYGZBLzpJTb1c0ZPrNWxlGOsv0RfTV +7ZTh+bE8G2wwfNKuNcJWbeRm+kj/FxjSMXYHsXyyeJ2mJflYD757DFNzT87o8fDh +wJL7UCTgbIx/OjOYdk0BF8FpLHcHHU/g38xiXQEHGnJx0gcOlUotues3m2j11rZD +IKsaRBYHbyt2Hm0taYCe/S+qGbXAEoTa2ViVvQs1b9XbOE1XQs3+Wfmgg7Pw9/V+ +xdvkg66JCUffw5JK/1YF+wX4ruU9/ZVYJ8izjZ8EqZwZc977LoE67EnOwP4gdk1D +uM2/4uA9EZY6ZriCaYfBAMugfwO8UWQWZhM4YWs= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem b/testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem new file mode 100644 index 000000000..53374b6f2 --- /dev/null +++ b/testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINB3QGTJaVm+8UTeHXtjANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEDEwZQU1BfQUkMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBAFOtuuVU/X9VzoMqaHedrNYEc4QQKB02cE/fKNDBINQUSUru +QwJJP8cYsBRPGu2ZzLnCJrqKQZVkVqqhoNbMbIWxuGyqJFSBKrwvTiLcbr2HmIC9 +l/Tn/cfZbCjKURt6fX6UwMghanzcpeMWZqYG2KgpIeVSfvphO1qFryjfPTuxLUy/ +MpwNV1z5un8jizOLeqP0HICoc6i17vPtQGxh1+1DyE+LEU+f44oReVjXkK2p/l3p +43caPV2L371JZlm3GxelU6h6pjKFREpwC7HPQiLUyuHxHwEzRO1Bm+yF8DcFF+lr +68rNsX6FvYmLDvgskgMnM2OcFhHn4h/w1CGI78I= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem b/testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem new file mode 100644 index 000000000..dc77f6160 --- /dev/null +++ b/testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFATCCA+mgAwIBAgINBLJlq+HgwVbgQWY4ljANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBogYIKwYBBQUHAQMEgZUwgZIw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwWgYGBACBmCcCMFAwGzAZDA8wLjQuMC4xOTQ5NS4xLjEMBlBTUF9BUwwn +RmVkZXJhbCBGaW5hbmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAhERS1CQUZJ +TjANBgkqhkiG9w0BAQsFAAOCAQEADwr7eFDj7TDp9oZvLXfQ4fOHGNkPT2IopGZA +XSWOVEQpTDZrmUbEG9VAZRWPQWrsVJBPGMKVSijGfyWOojw+Ybr/zf06udYfzU4z +foX2r2p5VcF7RaOP0I0IvUu7imVO5CGwAAgNwBWHVClxgHCG7HyPCVwfhuloEtBY +pMoYMwZIPQgjbpQv7a0l7sNyowUgvo2LEntgJ+AmYvjtiOril6cB51VjsJvIzhKG +pAUQ6wU9AMZcVrNxKBrBC/ZvBmpNwXWpqZQ0ht8ZLwAwQcFhlduqTj+RaIvKABTT +OdW8/iD8L/05ttgzUYk9hOBP0nvMp0q8YXAnZiLyjzE/b8xwdA== +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert27RoleNameNull.pem b/testdata/QcStmtPsd2Cert27RoleNameNull.pem new file mode 100644 index 000000000..aea0e3d68 --- /dev/null +++ b/testdata/QcStmtPsd2Cert27RoleNameNull.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8jCCA9qgAwIBAgINDT4Uv+ZLx36sX5lt6DANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbgwggG0MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkwYIKwYBBQUHAQMEgYYwgYMw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSwYGBACBmCcCMEEwDDAKBQAMBlBTUF9BUwwnRmVkZXJhbCBGaW5hbmNp +YWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAhERS1CQUZJTjANBgkqhkiG9w0BAQsF +AAOCAQEALJ21NMFW5+QNjpSsR9S1rWwPU1YH1BtQz492fWpY7Dyow9LyFGzmdR5u +9lvud43yXXkeKiOHNa9V5K9QJwFYlO0F4pj0owkmy1qHnsQqMJMfWjXDBY7wJQBh +ilGtKUAL8ideqJBcwS8GtOkC5uNcJ7IDW0elxbCO9aFPIwv34deM64o6QdwceqK9 +g3Cw+1ZwdL1R9b5Dy9AOuwEuljwN+MKh/uTiqA8oEpTgjwx0GsJuxaVLLcwPmw8u +iwS0g/mbdD8fphQzYW5Blrw4UaWc95rjyZ0p3ML13HXvzKbuvpORbVIu/I83YJ+7 +Ue4OIpzAHeEZCXkQnieJnLCeV7amZg== +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem b/testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem new file mode 100644 index 000000000..ebe3714ba --- /dev/null +++ b/testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINCXyBm7L1aR4HaG0t+jANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwECDAZQU1BfUEkWJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBAB+ZT87A/50XIcJbEzJpullrjxpDRm/JFXAcXP8IzYmudG1u +bAQgzmxM60jv8amdE9iFWjO58kp8skX2J7meR8BaPPFZVMQ90RX2IjnUE/aoYlmH +eM9ykwNzTJP72P4i3s5IjKY1+5l9C4YWBHL+GXhdDQDdS6/LMxYjHbaMhjkHicWR +cDMiK16diYjBKn/cb2fjM1gBkwKiHxQj7uxOYn5vCpMQTT1CbQlCDbbzzNbIUvsk +vsUKcjSOV2eXeNZ/5PDh4Z6FY/nM3wiOIPy4A7MUB987Dv/sRJIwvpXubRMVenfe +UMRDoancxKOAp96XNRNlF3pxfsspOIQSASG5Cks= +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert30Valid.pem b/testdata/QcStmtPsd2Cert30Valid.pem new file mode 100644 index 000000000..be1c0749f --- /dev/null +++ b/testdata/QcStmtPsd2Cert30Valid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE9zCCA9+gAwIBAgINAbqL8/qvSod2/+EpMzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBv +MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEeMBwGA1UEYQwVUFNEUEwt +UEZTQS0xMjM0NTY3ODkwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +wg2BcbSUBbzPmYqqYgjyLmOyHkb5K4WYw4PQziatdo9c51sFICUmMhnCJIq6aaPr +yhCk88+1xh72cFiWW4hSaohCM4W4xhZITwFFOT/harkGte8323meUJBXQ1uLwzUN +s0H0G8JKfxg8OS1PvyulcQdzMwDljTae/o9yxXJWCMyGtu+64v2bXMYtlO0tZCR3 +5mdNYtuULimO3R16yrxo+xUsgFbT3ec6j5gYFEsR2cQBH7l60NmtaREF9g6uX/zN +xrPLTa6ORRgKqMBAESjczZ96JmdaR4Cb2Uz32l9tE4MakZLRuUT3cmuXR3RxcIDT +1nO/djNccLhvhzc+fo515QIDAQABo4IBvjCCAbowHwYDVR0jBBgwFoAUDF6c/rpL +IWwEHcJat+OIX1neTBIwHQYDVR0OBBYEFA5rqoOpsk1chc2x0i+H9yDLNkM7MA4G +A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3d3dy5leGFt +cGxlLmNvbTBiBggrBgEFBQcBAQRWMFQwKAYIKwYBBQUHMAKGHGh0dHA6Ly9jYS5l +eGFtcGxlLmNvbS9jYS5jcnQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmV4YW1w +bGUuY29tL29jc3AwHwYDVR0gBBgwFjAJBgcEAIvsQAEEMAkGBwQAgZgnAwEwHQYD +VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGZBggrBgEFBQcBAwSBjDCBiTAI +BgYEAI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL +7EkBAjBRBgYEAIGYJwIwRzATMBEGBwQAgZgnAQQMBlBTUF9JQwwnRmVkZXJhbCBG +aW5hbmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAdQTC1QRlNBMA0GCSqGSIb3 +DQEBCwUAA4IBAQAO1okP2VXl7NmPbdWX9QtesVxlg5e1VDJrx1NA4gVlXPQi8thW +4JAYSmlOMb0IC3CrjcepmApCjBTJnx99Vn6NV9VbpJXdOKgOK+Kf01OPpjte7nV4 +3Q2IhWg75sJKEqMA2DrxCHQmBQ4HplRTE7EqmrM5Kn6QGUT3rjnqfFu9DYY1AeRc +NVxnqAe5TApePwsfqRsX3u2Ngv3rpF/dQgv78VYZbUMWqz2cxlXFKqEu3zWsRdd/ +kvHgNnPh399AzZrkiXzxz2A/eKJnz5ydxe5vswRZ43za4K/pLf/ftnYlbViK/xfk +2TfQdNdte0y60KireEsdNJ27KTEy5XTxast2 +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert31Valid.pem b/testdata/QcStmtPsd2Cert31Valid.pem new file mode 100644 index 000000000..b0cf61348 --- /dev/null +++ b/testdata/QcStmtPsd2Cert31Valid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE9zCCA9+gAwIBAgINB1vxbHmAgLCe5oL7DTANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBw +MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEQkUt +TkJCLTEyMzQuNTY3Ljg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb0wggG5MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmAYIKwYBBQUHAQMEgYswgYgw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUAYGBACBmCcCMEYwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwGQkUtTkJCMA0GCSqGSIb3 +DQEBCwUAA4IBAQAPDX5qjIUhlenXeIiZ8uqRiAHEIfH+WAgtG1XwuP4SRL2ndF/g +5r12SLuRXyxaWsJ4qnpv3NFrmrs3yux7FSkk0mSC+67EIdhcA765HIDCKToR9RCN +6R6ZrRJl3DKfnzAA1r82ITtpPsmhhx4l1JJNC3LmAc7owAB1SB4bUw8zymPODlir +feNGECjGFyYi9zi+QN+RS++QAzu0XZsNuT5Ud6vGRPgK/jTjYJsHPW+OSgAC7GOo +Saz0E/uGfmopaYckWTU9UYoUNPjQjTeMWFnwCw8bpo+GUqkkxkFMWkpOHzLWRRXg +5+N8a4HuBcTkai8JKMKqhJ35q+KnF2/LXyM7 +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert39Valid.pem b/testdata/QcStmtPsd2Cert39Valid.pem new file mode 100644 index 000000000..45fb5357a --- /dev/null +++ b/testdata/QcStmtPsd2Cert39Valid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE9DCCA9ygAwIBAgINBe1W3McubIstRtJQ2zANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBs +MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEbMBkGA1UEYQwSUFNETVQt +TUZTQS1BIDEyMzQ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg2B +cbSUBbzPmYqqYgjyLmOyHkb5K4WYw4PQziatdo9c51sFICUmMhnCJIq6aaPryhCk +88+1xh72cFiWW4hSaohCM4W4xhZITwFFOT/harkGte8323meUJBXQ1uLwzUNs0H0 +G8JKfxg8OS1PvyulcQdzMwDljTae/o9yxXJWCMyGtu+64v2bXMYtlO0tZCR35mdN +YtuULimO3R16yrxo+xUsgFbT3ec6j5gYFEsR2cQBH7l60NmtaREF9g6uX/zNxrPL +Ta6ORRgKqMBAESjczZ96JmdaR4Cb2Uz32l9tE4MakZLRuUT3cmuXR3RxcIDT1nO/ +djNccLhvhzc+fo515QIDAQABo4IBvjCCAbowHwYDVR0jBBgwFoAUDF6c/rpLIWwE +HcJat+OIX1neTBIwHQYDVR0OBBYEFA5rqoOpsk1chc2x0i+H9yDLNkM7MA4GA1Ud +DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3d3dy5leGFtcGxl +LmNvbTBiBggrBgEFBQcBAQRWMFQwKAYIKwYBBQUHMAKGHGh0dHA6Ly9jYS5leGFt +cGxlLmNvbS9jYS5jcnQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmV4YW1wbGUu +Y29tL29jc3AwHwYDVR0gBBgwFjAJBgcEAIvsQAEEMAkGBwQAgZgnAwEwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGZBggrBgEFBQcBAwSBjDCBiTAIBgYE +AI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL7EkB +AjBRBgYEAIGYJwIwRzATMBEGBwQAgZgnAQQMBlBTUF9JQwwnRmVkZXJhbCBGaW5h +bmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAdNVC1NRlNBMA0GCSqGSIb3DQEB +CwUAA4IBAQA4dTFubbQHH/I52KqmZH5lcPELQOXIylGxfAQxjMeWlkWsNYatZA5F +AkucP7KYtm4KOIMQR+xMreMGqmBGu0cS8HImBgjuld2N6sIgdUtUgWJjPWP2f8dX +Ymt7CMxeV4rPlk6OA3A7k5ymBO+NtK3RCiHluxf8J+vBf5OtuICF9xTkAqblbGFM +akOUy6s+gC085BbvG5gA4W8788WeQLKlPJOolzf21bWpNX+QgWugjHPAJIRdylBH +pwmR7Agg7+mGsPnDgY0955h/upg2TH41qUZw8vkw3LNw7Ij+RLl1ZL/Eni4Fo8xt +oLkacP2gWcr2k4mkJG4uKVyVAsnPIrPG +-----END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert40Valid.pem b/testdata/QcStmtPsd2Cert40Valid.pem new file mode 100644 index 000000000..c3d4984c3 --- /dev/null +++ b/testdata/QcStmtPsd2Cert40Valid.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8TCCA9mgAwIBAgINAMgGzG3kIBYA+I8FATANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBq +MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEZMBcGA1UEYQwQVkFUQkUt +MDg3Njg2NjE0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMINgXG0 +lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj68oQpPPP +tcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1DbNB9BvC +Sn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQkd+ZnTWLb +lC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8zcazy02u +jkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA09Zzv3Yz +XHC4b4c3Pn6OdeUCAwEAAaOCAb0wggG5MB8GA1UdIwQYMBaAFAxenP66SyFsBB3C +WrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAOBgNVHQ8B +Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5j +b20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2EuZXhhbXBs +ZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFtcGxlLmNv +bS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0GA1UdJQQW +MBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmAYIKwYBBQUHAQMEgYswgYgwCAYGBACO +RgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJAQIw +UAYGBACBmCcCMEYwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwgRmluYW5j +aWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwGQkUtTkJCMA0GCSqGSIb3DQEBCwUA +A4IBAQBGHMv35/nt1N94zpYI5/zlBmp8zY4s0JMLmSYRDQCfoMd1CS+7m3JKIrjB +ll5TakTZ8gpY4U5Je/woS/08Lp0bR94Cq/nbMTas0OiOqmkmV8/Kw0mEWS/q2Jol +XUaa4TbvFB0PI7UOsm7tygjfvB9t0zJy+ytDqTiO9WEGouH5dbGDl4//0gq+JUs2 +IFUJi8UntfPnjD/mSmeqOvrsRlNLOgTkhURcLDV5Ch37moni6Mn2VSH/dXStaEUI +ISLK/dcMOBK69wTUXWOLr8HZ5xFPlP+F6gBnVHXSJGvYyE06MDZ2SqWNlS90kwcr +szINuPd+/+Kvij/xKUwX0tMisQ8y +-----END CERTIFICATE----- diff --git a/util/alt_reg_num_ev.go b/util/alt_reg_num_ev.go new file mode 100644 index 000000000..20982f6a2 --- /dev/null +++ b/util/alt_reg_num_ev.go @@ -0,0 +1,137 @@ +/* + * ZLint Copyright 2020 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package util + +import ( + "encoding/asn1" + "reflect" + "regexp" + + "github.com/zmap/zcrypto/x509" +) + +type RDNSequence []RelativeDistinguishedNameSET + +type RelativeDistinguishedNameSET []AttributeTypeAndValue + +type AttributeTypeAndValue struct { + Type asn1.ObjectIdentifier + Value asn1.RawValue +} + +type parsedSubjectElement struct { + IsPresent bool + Value string + Asn1RawValue asn1.RawValue + ErrorString string +} + +type ParsedEvOrgId struct { + Rsi, Country, StateOrProvince, RegRef string +} + +type cabfOrgIdExt struct { + Rsi string `asn1:"printable"` + Country string `asn1:"printable"` + StateOrProvince string `asn1:"printable,optional,tag:0"` + RegRef string `asn1:"utf8"` +} + +func ParseCabfOrgIdExt(c *x509.Certificate) (string, ParsedEvOrgId) { + var result ParsedEvOrgId + + ext := GetExtFromCert(c, CabfExtensionOrganizationIdentifier) + var parsedExt cabfOrgIdExt + // check that we can parse the extension: + rest, err := asn1.Unmarshal(ext.Value, &parsedExt) + if len(rest) != 0 { + return "trailing bytes after extension", result + } + if err != nil { + return "could not parse extension value:" + err.Error(), result + } + errStr := CheckAsn1Reencoding(reflect.ValueOf(parsedExt).Interface(), ext.Value, "invalid string type in extension") + if errStr != "" { + return "", result + } + result.Country = parsedExt.Country + result.RegRef = parsedExt.RegRef + result.Rsi = parsedExt.Rsi + result.StateOrProvince = parsedExt.StateOrProvince + return "", result +} + +func ParseCabfOrgId(oi string, isEtsi bool) (string, ParsedEvOrgId) { + var result ParsedEvOrgId + re_ntr := regexp.MustCompile(`^(NTR)([A-Z]{2})([+]([A-Z]{2}))?-(.+)$`) + re_vat_psd := regexp.MustCompile(`^(VAT|PSD)([A-Z]{2})(())-(.+)$`) + re_lei := regexp.MustCompile(`^(LEI)(XG)(())-(.+)$`) + var sm []string + if re_ntr.MatchString(oi) { + sm = re_ntr.FindStringSubmatch(oi) + } else if re_vat_psd.MatchString(oi) { + sm = re_vat_psd.FindStringSubmatch(oi) + } else if re_lei.MatchString(oi) { + if isEtsi { + sm = re_lei.FindStringSubmatch(oi) + } else { + return "CAB/F subject:organizationIdentifier does not allow LEI", result + } + } else { + return "CAB/F subject:organizationIdentifier has an invalid format", result + } + result.Rsi = sm[1] + result.Country = sm[2] + result.StateOrProvince = sm[3] + result.RegRef = sm[5] + return "", result + +} + +func GetSubjectOrgId(rawSubject []byte) parsedSubjectElement { + return GetSubjectElement(rawSubject, CabfSubjectOrganizationIdentifier) +} +func GetSubjectElement(rawSubject []byte, soughtOid asn1.ObjectIdentifier) parsedSubjectElement { + result := parsedSubjectElement{IsPresent: false, Value: "", ErrorString: ""} + var nl RDNSequence + + rest, err := asn1.Unmarshal(rawSubject, &nl) // parse the sequence of sets, i.e. each list element in nl will be a set + if err != nil { + return parsedSubjectElement{IsPresent: false, Value: "", ErrorString: "error parsing outer SEQ of subject DN"} + } + if len(rest) != 0 { + return parsedSubjectElement{IsPresent: false, ErrorString: "rest len of outer seq != 0 in subject DN", Value: ""} + } + for _, item := range nl { + for _, typeAndValue := range item { + if typeAndValue.Type.Equal(soughtOid) { + if result.IsPresent { + AppendToStringSemicolonDelim(&result.ErrorString, "double AVA found in subject:... encountered, this is not expected") + return result + } + result.IsPresent = true + var parsedString string + _, _ = asn1.Unmarshal(typeAndValue.Value.FullBytes, &parsedString) + result.Value = parsedString + result.Asn1RawValue = typeAndValue.Value + } + } + } + return result +} + +type ParsedOrgId struct { + Rsi, Country, SubDiv, RegRef string +} diff --git a/util/misc.go b/util/misc.go new file mode 100644 index 000000000..34d273546 --- /dev/null +++ b/util/misc.go @@ -0,0 +1,22 @@ +/* + * ZLint Copyright 2020 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package util + +func AppendToStringSemicolonDelim(this *string, s string) { + if len(*this) > 0 && len(s) > 0 { + (*this) += "; " + } + (*this) += s +} diff --git a/util/oid.go b/util/oid.go index f52b2fb75..d2e0101a9 100644 --- a/util/oid.go +++ b/util/oid.go @@ -71,27 +71,41 @@ var ( SHA384OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} SHA512OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3} // other OIDs - OidRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} - OidRSASSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} - OidMD2WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} - OidMD5WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} - OidSHA1WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} - OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14} - OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} - OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} - OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} - AnyPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 32, 0} - UserNoticeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2} - CpsOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} - IdEtsiQcsQcCompliance = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1} - IdEtsiQcsQcLimitValue = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2} - IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3} - IdEtsiQcsQcSSCD = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4} - IdEtsiQcsQcEuPDS = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5} - IdEtsiQcsQcType = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6} - IdEtsiQcsQctEsign = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1} - IdEtsiQcsQctEseal = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2} - IdEtsiQcsQctWeb = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3} + OidRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} + OidRSASSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} + OidMD2WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} + OidMD5WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} + OidSHA1WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} + OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14} + OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} + OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} + OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} + AnyPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 32, 0} + UserNoticeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2} + CpsOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} + IdEtsiQcsQcCompliance = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1} + IdEtsiQcsQcLimitValue = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2} + IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3} + IdEtsiQcsQcSSCD = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4} + IdEtsiQcsQcEuPDS = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5} + IdEtsiQcsQcType = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6} + IdEtsiQcsQctEsign = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1} + IdEtsiQcsQctEseal = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2} + IdEtsiQcsQctWeb = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3} + IdEtsiPsd2Statem = asn1.ObjectIdentifier{0, 4, 0, 19495, 2} + IdEtsiPsd2RolePspAs = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 1} + IdEtsiPsd2RolePspPi = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 2} + IdEtsiPsd2RolePspAi = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 3} + IdEtsiPsd2RolePspIc = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 4} + IdEtsiQcsSemanticsIdLegal = asn1.ObjectIdentifier{0, 4, 0, 194121, 1, 2} + IdEtsiPolicyQcpNatural = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 0} + IdEtsiPolicyQcpLegal = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 1} + IdEtsiPolicyQcpNaturalQscd = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 2} + IdEtsiPolicyQcpLegalQscd = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 3} + IdEtsiPolicyQcpWeb = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 4} + IdQcsPkixQCSyntaxV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 11, 2} + CabfSubjectOrganizationIdentifier = asn1.ObjectIdentifier{2, 5, 4, 97} + CabfExtensionOrganizationIdentifier = asn1.ObjectIdentifier{2, 23, 140, 3, 1} ) const ( diff --git a/util/qc_stmt.go b/util/qc_stmt.go index 156210f50..e2f3b3ab8 100644 --- a/util/qc_stmt.go +++ b/util/qc_stmt.go @@ -19,8 +19,21 @@ import ( "encoding/asn1" "fmt" "reflect" + "unicode" + + "github.com/zmap/zcrypto/x509" ) +var EtsiQcStmtOidList = [...]*asn1.ObjectIdentifier{ + &IdEtsiQcsQcCompliance, + &IdEtsiQcsQcLimitValue, + &IdEtsiQcsQcRetentionPeriod, + &IdEtsiQcsQcSSCD, + &IdEtsiQcsQcEuPDS, + &IdEtsiQcsQcType, + &IdEtsiPsd2Statem, +} + type anyContent struct { Raw asn1.RawContent } @@ -29,10 +42,12 @@ type qcStatementWithInfoField struct { Oid asn1.ObjectIdentifier Any asn1.RawValue } + type qcStatementWithoutInfoField struct { Oid asn1.ObjectIdentifier } +// === etsi base ==> type etsiBase struct { errorInfo string isPresent bool @@ -46,6 +61,8 @@ func (this etsiBase) IsPresent() bool { return this.isPresent } +// <== etsi base === + type EtsiQcStmtIf interface { GetErrorInfo() string IsPresent() bool @@ -97,16 +114,76 @@ type EtsiQcPds struct { PdsLocations []PdsLocation } -func AppendToStringSemicolonDelim(this *string, s string) { - if len(*this) > 0 && len(s) > 0 { - (*this) += "; " +// ==== QcStatement 2 (RFC3739)types ===> + +type DecodedQcS2 struct { + etsiBase + Decoded QcStatemt2 +} +type QcStatemt2 struct { + SemanticsId asn1.ObjectIdentifier `asn1:"optional"` + NameRegAuthorities NameRegistrationAuthorities `asn1:"optional"` +} + +type NameRegistrationAuthorities []asn1.RawValue + +// <=== QcStatement 2 (RFC3739)types ==== + +// ==== PSD2 QcStatement types ===> +type Psd2RoleOfPspType int + +const ( + RoleAs Psd2RoleOfPspType = 1 + RolePi Psd2RoleOfPspType = 2 + RoleAi Psd2RoleOfPspType = 3 + RoleIc Psd2RoleOfPspType = 4 +) + +// === ASN.1 Types ==> +type Psd2RoleOfPsp struct { + RoleType asn1.ObjectIdentifier + RoleOfPspName string `asn1:"utf8"` +} + +type EtsiPsd2QcStatem struct { + Roles []Psd2RoleOfPsp + NCAName string `asn1:"utf8"` + CountryAndNCAId string `asn1:"utf8"` +} + +// <== ASN.1 Types === + +type EtsiPsd2 struct { + etsiBase + DecodedPsd2Statm EtsiPsd2QcStatem +} + +func (this EtsiPsd2) getCountryAndNcaId() (string, string) { + runes := []rune(this.DecodedPsd2Statm.CountryAndNCAId) + if len(this.DecodedPsd2Statm.CountryAndNCAId) < 4 || !unicode.IsUpper(runes[0]) || !unicode.IsUpper(runes[1]) || runes[2] != '-' { + return "", "" } - (*this) += s + return string(runes[0:2]), string(runes[3:]) +} + +func (this EtsiPsd2) GetNcaCountry() string { + co, _ := this.getCountryAndNcaId() + return co } +func (this EtsiPsd2) GetNcaId() string { + _, ncaId := this.getCountryAndNcaId() + return ncaId +} + +// <=== PSD2 QcStatement types ==== -func checkAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfComparisonFails string) string { +func CheckAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfComparisonFails string) string { + return CheckAsn1ReencodingWithParams(i, originalEncoding, appendIfComparisonFails, "") +} + +func CheckAsn1ReencodingWithParams(i interface{}, originalEncoding []byte, appendIfComparisonFails string, params string) string { result := "" - reencoded, marshErr := asn1.Marshal(i) + reencoded, marshErr := asn1.MarshalWithParams(i, params) if marshErr != nil { AppendToStringSemicolonDelim(&result, fmt.Sprintf("error reencoding ASN1 value of statementInfo field: %s", marshErr)) @@ -117,15 +194,12 @@ func checkAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfCompari return result } +type EtsiPsd2OrgId struct { + Rsi, Country, NcaId, PspId string +} + func IsAnyEtsiQcStatementPresent(extVal []byte) bool { - oidList := make([]*asn1.ObjectIdentifier, 6) - oidList[0] = &IdEtsiQcsQcCompliance - oidList[1] = &IdEtsiQcsQcLimitValue - oidList[2] = &IdEtsiQcsQcRetentionPeriod - oidList[3] = &IdEtsiQcsQcSSCD - oidList[4] = &IdEtsiQcsQcEuPDS - oidList[5] = &IdEtsiQcsQcType - for _, oid := range oidList { + for _, oid := range EtsiQcStmtOidList { r := ParseQcStatem(extVal, *oid) if r.IsPresent() { return true @@ -134,6 +208,17 @@ func IsAnyEtsiQcStatementPresent(extVal []byte) bool { return false } +func IsQcStatemPresent(c *x509.Certificate, oid *asn1.ObjectIdentifier) (string, bool) { + if !IsExtInCert(c, QcStateOid) { + return "", false + } + qcs := ParseQcStatem(GetExtFromCert(c, QcStateOid).Value, *oid) + if qcs.GetErrorInfo() != "" { + return qcs.GetErrorInfo(), qcs.IsPresent() + } + return "", qcs.IsPresent() +} + //nolint:gocyclo func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf { sl := make([]anyContent, 0) @@ -169,85 +254,147 @@ func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf { continue } if statem.Oid.Equal(IdEtsiQcsQcCompliance) { - etsiObj := Etsi421QualEuCert{etsiBase: etsiBase{isPresent: true}} - statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} - AppendToStringSemicolonDelim(&etsiObj.errorInfo, checkAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, - "invalid format of ETSI Complicance statement")) - return etsiObj + return handleIdEtsiQcsQcCompliance(statem, raw) } else if statem.Oid.Equal(IdEtsiQcsQcLimitValue) { - etsiObj := EtsiQcLimitValue{etsiBase: etsiBase{isPresent: true}} - numErr := false - alphErr := false - var numeric EtsiMonetaryValueNum - var alphabetic EtsiMonetaryValueAlph - restNum, errNum := asn1.Unmarshal(statem.Any.FullBytes, &numeric) - if len(restNum) != 0 || errNum != nil { - numErr = true - } else { - etsiObj.IsNum = true - etsiObj.Amount = numeric.Amount - etsiObj.Exponent = numeric.Exponent - etsiObj.CurrencyNum = numeric.Iso4217CurrencyCodeNum - - } - if numErr { - restAlph, errAlph := asn1.Unmarshal(statem.Any.FullBytes, &alphabetic) - if len(restAlph) != 0 || errAlph != nil { - alphErr = true - } else { - etsiObj.IsNum = false - etsiObj.Amount = alphabetic.Amount - etsiObj.Exponent = alphabetic.Exponent - etsiObj.CurrencyAlph = alphabetic.Iso4217CurrencyCodeAlph - AppendToStringSemicolonDelim(&etsiObj.errorInfo, - checkAsn1Reencoding(reflect.ValueOf(alphabetic).Interface(), - statem.Any.FullBytes, "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) - } - } - if numErr && alphErr { - etsiObj.errorInfo = "error parsing the ETSI Qc Statement statementInfo field" - } - return etsiObj - + return handleIdEtsiQcsQcLimitValue(statem) } else if statem.Oid.Equal(IdEtsiQcsQcRetentionPeriod) { - etsiObj := EtsiQcRetentionPeriod{etsiBase: etsiBase{isPresent: true}} - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.Period) - - if len(rest) != 0 || err != nil { - etsiObj.errorInfo = "error parsing the statementInfo field" - } - return etsiObj + return handleIdEtsiQcsQcRetentionPeriod(statem) } else if statem.Oid.Equal(IdEtsiQcsQcSSCD) { - etsiObj := EtsiQcSscd{etsiBase: etsiBase{isPresent: true}} - statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} - AppendToStringSemicolonDelim(&etsiObj.errorInfo, checkAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, - "invalid format of ETSI SCSD statement")) - return etsiObj + return handleIdEtsiQcsQcSSCD(statem, raw) } else if statem.Oid.Equal(IdEtsiQcsQcEuPDS) { - etsiObj := EtsiQcPds{etsiBase: etsiBase{isPresent: true}} - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.PdsLocations) - if len(rest) != 0 || err != nil { - etsiObj.errorInfo = "error parsing the statementInfo field" - } else { - AppendToStringSemicolonDelim(&etsiObj.errorInfo, - checkAsn1Reencoding(reflect.ValueOf(etsiObj.PdsLocations).Interface(), statem.Any.FullBytes, - "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) - } - return etsiObj + return handleIdEtsiQcsQcEuPDS(statem) } else if statem.Oid.Equal(IdEtsiQcsQcType) { - var qcType Etsi423QcType - qcType.isPresent = true - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcType.TypeOids) - if len(rest) != 0 || err != nil { - return etsiBase{errorInfo: "error parsing IdEtsiQcsQcType extension statementInfo field", isPresent: true} - } - return qcType + return handleIdEtsiQcsQcType(statem) + } else if statem.Oid.Equal(IdEtsiPsd2Statem) { + return handleIdEtsiPsd2Statem(statem) + } else if statem.Oid.Equal(IdQcsPkixQCSyntaxV2) { + return handleIdQcsPkixQCSyntaxV2(statem) } else { return etsiBase{errorInfo: "", isPresent: true} } - } return etsiBase{errorInfo: "", isPresent: false} +} + +func handleIdQcsPkixQCSyntaxV2(statem qcStatementWithInfoField) EtsiQcStmtIf { + var qcs2Statem DecodedQcS2 + qcs2Statem.isPresent = true + if len(statem.Any.FullBytes) == 0 { + return qcs2Statem + } + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcs2Statem.Decoded) + if err != nil { + AppendToStringSemicolonDelim(&qcs2Statem.errorInfo, "error parsing statement: "+err.Error()) + } + if len(rest) != 0 { + AppendToStringSemicolonDelim(&qcs2Statem.errorInfo, "trailing bytes after QcStatement") + } + return qcs2Statem +} + +func handleIdEtsiPsd2Statem(statem qcStatementWithInfoField) EtsiQcStmtIf { + var psd2Statem EtsiPsd2 + psd2Statem.isPresent = true + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &psd2Statem.DecodedPsd2Statm) + if len(rest) != 0 || err != nil { + return etsiBase{errorInfo: "error parsing IdEtsiPsd2Statem extension statementInfo field", isPresent: true} + } + if psd2Statem.DecodedPsd2Statm.CountryAndNCAId == "" || psd2Statem.DecodedPsd2Statm.NCAName == "" { + AppendToStringSemicolonDelim(&psd2Statem.errorInfo, "field has length 0") + } + for _, role := range psd2Statem.DecodedPsd2Statm.Roles { + if role.RoleOfPspName == "" { + AppendToStringSemicolonDelim(&psd2Statem.errorInfo, "field has length 0") + } + } + AppendToStringSemicolonDelim(&psd2Statem.errorInfo, + CheckAsn1Reencoding(reflect.ValueOf(psd2Statem.DecodedPsd2Statm).Interface(), statem.Any.FullBytes, + "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + return psd2Statem +} + +func handleIdEtsiQcsQcType(statem qcStatementWithInfoField) EtsiQcStmtIf { + var qcType Etsi423QcType + qcType.isPresent = true + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcType.TypeOids) + if len(rest) != 0 || err != nil { + return etsiBase{errorInfo: "error parsing IdEtsiQcsQcType extension statementInfo field", isPresent: true} + } + return qcType +} + +func handleIdEtsiQcsQcEuPDS(statem qcStatementWithInfoField) EtsiQcStmtIf { + etsiObj := EtsiQcPds{etsiBase: etsiBase{isPresent: true}} + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.PdsLocations) + if len(rest) != 0 || err != nil { + etsiObj.errorInfo = "error parsing the statementInfo field" + } else { + AppendToStringSemicolonDelim(&etsiObj.errorInfo, + CheckAsn1Reencoding(reflect.ValueOf(etsiObj.PdsLocations).Interface(), statem.Any.FullBytes, + "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + } + return etsiObj +} + +func handleIdEtsiQcsQcSSCD(statem qcStatementWithInfoField, raw anyContent) EtsiQcStmtIf { + etsiObj := EtsiQcSscd{etsiBase: etsiBase{isPresent: true}} + statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} + AppendToStringSemicolonDelim(&etsiObj.errorInfo, CheckAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, + "invalid format of ETSI SCSD statement")) + return etsiObj +} + +func handleIdEtsiQcsQcRetentionPeriod(statem qcStatementWithInfoField) EtsiQcStmtIf { + etsiObj := EtsiQcRetentionPeriod{etsiBase: etsiBase{isPresent: true}} + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.Period) + + if len(rest) != 0 || err != nil { + etsiObj.errorInfo = "error parsing the statementInfo field" + } + return etsiObj +} + +func handleIdEtsiQcsQcLimitValue(statem qcStatementWithInfoField) EtsiQcStmtIf { + etsiObj := EtsiQcLimitValue{etsiBase: etsiBase{isPresent: true}} + numErr := false + alphErr := false + var numeric EtsiMonetaryValueNum + var alphabetic EtsiMonetaryValueAlph + restNum, errNum := asn1.Unmarshal(statem.Any.FullBytes, &numeric) + if len(restNum) != 0 || errNum != nil { + numErr = true + } else { + etsiObj.IsNum = true + etsiObj.Amount = numeric.Amount + etsiObj.Exponent = numeric.Exponent + etsiObj.CurrencyNum = numeric.Iso4217CurrencyCodeNum + + } + if numErr { + restAlph, errAlph := asn1.Unmarshal(statem.Any.FullBytes, &alphabetic) + if len(restAlph) != 0 || errAlph != nil { + alphErr = true + } else { + etsiObj.IsNum = false + etsiObj.Amount = alphabetic.Amount + etsiObj.Exponent = alphabetic.Exponent + etsiObj.CurrencyAlph = alphabetic.Iso4217CurrencyCodeAlph + AppendToStringSemicolonDelim(&etsiObj.errorInfo, + CheckAsn1Reencoding(reflect.ValueOf(alphabetic).Interface(), + statem.Any.FullBytes, "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + } + } + if numErr && alphErr { + etsiObj.errorInfo = "error parsing the ETSI Qc Statement statementInfo field" + } + return etsiObj +} +func handleIdEtsiQcsQcCompliance(statem qcStatementWithInfoField, raw anyContent) EtsiQcStmtIf { + etsiObj := Etsi421QualEuCert{etsiBase: etsiBase{isPresent: true}} + statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} + AppendToStringSemicolonDelim(&etsiObj.errorInfo, CheckAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, + "invalid format of ETSI Complicance statement")) + return etsiObj } From 4666bb74318f221c77ca69616603d2e897d7cd3e Mon Sep 17 00:00:00 2001 From: mtg Date: Tue, 4 Feb 2020 17:58:04 +0100 Subject: [PATCH 02/21] Revert "lint about the encoding of qcstatements for PSD2" This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. --- .../lint_qcstatem_psd2_psd2statem_encoding.go | 54 --- ..._qcstatem_psd2_psd2statem_encoding_test.go | 57 ---- .../EvAltRegNumCert56JurContryNotMatching.pem | 28 -- .../EvAltRegNumCert57NtrJurSopMissing.pem | 28 -- testdata/QcStmtPsd2Cert01InvalidRoles.pem | 29 -- testdata/QcStmtPsd2Cert03MissingRolesOid.pem | 29 -- testdata/QcStmtPsd2Cert05Valid.pem | 29 -- testdata/QcStmtPsd2Cert07MissingRoleName.pem | 29 -- testdata/QcStmtPsd2Cert08NcaNameMissing.pem | 28 -- .../QcStmtPsd2Cert09NcaNameZeroLength.pem | 28 -- testdata/QcStmtPsd2Cert10RoleNameMissing.pem | 29 -- .../QcStmtPsd2Cert11RoleNameZeroLenght.pem | 29 -- ...QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem | 29 -- testdata/QcStmtPsd2Cert14Valid.pem | 28 -- .../QcStmtPsd2Cert15NcaIdInconsistent.pem | 29 -- .../QcStmtPsd2Cert17NcaIdInconsistent.pem | 28 -- ...QcStmtPsd2Cert22NcaNameWrongStringType.pem | 29 -- ...tPsd2Cert23Psd2ExtNcaIdWrongStringType.pem | 29 -- .../QcStmtPsd2Cert24RoleNameIllegalChars.pem | 29 -- testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem | 29 -- testdata/QcStmtPsd2Cert27RoleNameNull.pem | 29 -- testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem | 29 -- testdata/QcStmtPsd2Cert30Valid.pem | 29 -- testdata/QcStmtPsd2Cert31Valid.pem | 29 -- testdata/QcStmtPsd2Cert39Valid.pem | 29 -- testdata/QcStmtPsd2Cert40Valid.pem | 29 -- util/alt_reg_num_ev.go | 137 -------- util/misc.go | 22 -- util/oid.go | 56 ++-- util/qc_stmt.go | 313 +++++------------- 30 files changed, 104 insertions(+), 1225 deletions(-) delete mode 100644 lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go delete mode 100644 lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go delete mode 100644 testdata/EvAltRegNumCert56JurContryNotMatching.pem delete mode 100644 testdata/EvAltRegNumCert57NtrJurSopMissing.pem delete mode 100644 testdata/QcStmtPsd2Cert01InvalidRoles.pem delete mode 100644 testdata/QcStmtPsd2Cert03MissingRolesOid.pem delete mode 100644 testdata/QcStmtPsd2Cert05Valid.pem delete mode 100644 testdata/QcStmtPsd2Cert07MissingRoleName.pem delete mode 100644 testdata/QcStmtPsd2Cert08NcaNameMissing.pem delete mode 100644 testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem delete mode 100644 testdata/QcStmtPsd2Cert10RoleNameMissing.pem delete mode 100644 testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem delete mode 100644 testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem delete mode 100644 testdata/QcStmtPsd2Cert14Valid.pem delete mode 100644 testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem delete mode 100644 testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem delete mode 100644 testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem delete mode 100644 testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem delete mode 100644 testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem delete mode 100644 testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem delete mode 100644 testdata/QcStmtPsd2Cert27RoleNameNull.pem delete mode 100644 testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem delete mode 100644 testdata/QcStmtPsd2Cert30Valid.pem delete mode 100644 testdata/QcStmtPsd2Cert31Valid.pem delete mode 100644 testdata/QcStmtPsd2Cert39Valid.pem delete mode 100644 testdata/QcStmtPsd2Cert40Valid.pem delete mode 100644 util/alt_reg_num_ev.go delete mode 100644 util/misc.go diff --git a/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go b/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go deleted file mode 100644 index c8e767b0c..000000000 --- a/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding.go +++ /dev/null @@ -1,54 +0,0 @@ -package etsi - -/* - * ZLint Copyright 2020 Regents of the University of Michigan - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy - * of the License at http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -import ( - "github.com/zmap/zcrypto/x509" - "github.com/zmap/zlint/lint" - "github.com/zmap/zlint/util" -) - -type qcStatemPsd2Pd2StatemEnc struct{} - -func (l *qcStatemPsd2Pd2StatemEnc) Initialize() error { - return nil -} - -func (l *qcStatemPsd2Pd2StatemEnc) CheckApplies(c *x509.Certificate) bool { - if !util.IsExtInCert(c, util.QcStateOid) { - return false - } - _, isPresent := util.IsQcStatemPresent(c, &util.IdEtsiPsd2Statem) - return isPresent -} - -func (l *qcStatemPsd2Pd2StatemEnc) Execute(c *x509.Certificate) *lint.LintResult { - qcs := util.ParseQcStatem(util.GetExtFromCert(c, util.QcStateOid).Value, util.IdEtsiPsd2Statem) - if qcs.GetErrorInfo() != "" { - return &lint.LintResult{Status: lint.Error, Details: qcs.GetErrorInfo()} - } - return &lint.LintResult{Status: lint.Pass} -} - -func init() { - lint.RegisterLint(&lint.Lint{ - Name: "e_qcstatem_psd2_psd2statem_encoding", - Description: "This test checks that a PSD2 QcStatement has the correct encoding.", - Citation: "ETSI TS 119 495, 'Annex A (normative): ASN.1 Declaration'", - Source: lint.EtsiEsi, - EffectiveDate: util.EtsiEn319_412_5_V2_2_1_Date, - Lint: &qcStatemPsd2Pd2StatemEnc{}, - }) -} diff --git a/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go b/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go deleted file mode 100644 index 4f4295a42..000000000 --- a/lints/etsi/lint_qcstatem_psd2_psd2statem_encoding_test.go +++ /dev/null @@ -1,57 +0,0 @@ -package etsi - -/* - * ZLint Copyright 2020 Regents of the University of Michigan - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy - * of the License at http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -import ( - "github.com/zmap/zlint/lint" - "github.com/zmap/zlint/test" - "testing" -) - -func TestQcStatemPsd2Encoding(t *testing.T) { - m := map[string]lint.LintStatus{ - "QcStmtPsd2Cert01InvalidRoles.pem": lint.Pass, - "QcStmtPsd2Cert03MissingRolesOid.pem": lint.Error, - "QcStmtPsd2Cert05Valid.pem": lint.Pass, - "QcStmtPsd2Cert07MissingRoleName.pem": lint.Error, - "QcStmtPsd2Cert08NcaNameMissing.pem": lint.Error, - "QcStmtPsd2Cert09NcaNameZeroLength.pem": lint.Error, - "QcStmtPsd2Cert10RoleNameMissing.pem": lint.Error, - "QcStmtPsd2Cert11RoleNameZeroLenght.pem": lint.Error, - "QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem": lint.Error, - "QcStmtPsd2Cert14Valid.pem": lint.Pass, - "QcStmtPsd2Cert15NcaIdInconsistent.pem": lint.Pass, - "QcStmtPsd2Cert17NcaIdInconsistent.pem": lint.Pass, - "QcStmtPsd2Cert22NcaNameWrongStringType.pem": lint.Error, - "QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem": lint.Error, - "QcStmtPsd2Cert24RoleNameIllegalChars.pem": lint.Error, - "QcStmtPsd2Cert26RoleOidAsUtf8Str.pem": lint.Error, - "QcStmtPsd2Cert27RoleNameNull.pem": lint.Error, - "QcStmtPsd2Cert28NcaNameIa5Str.pem": lint.Error, - "QcStmtPsd2Cert30Valid.pem": lint.Pass, - "QcStmtPsd2Cert31Valid.pem": lint.Pass, - "QcStmtPsd2Cert39Valid.pem": lint.Pass, - "QcStmtPsd2Cert40Valid.pem": lint.Pass, - "EvAltRegNumCert56JurContryNotMatching.pem": lint.NA, - "EvAltRegNumCert57NtrJurSopMissing.pem": lint.NA, - } - for inputPath, expected := range m { - out := test.TestLint("e_qcstatem_psd2_psd2statem_encoding", inputPath) - - if out.Status != expected { - t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status) - } - } -} diff --git a/testdata/EvAltRegNumCert56JurContryNotMatching.pem b/testdata/EvAltRegNumCert56JurContryNotMatching.pem deleted file mode 100644 index 222e0aced..000000000 --- a/testdata/EvAltRegNumCert56JurContryNotMatching.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIExzCCA6+gAwIBAgINAmI1p32s9ypT5AANZzANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjCB -oDEMMAoGA1UECgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhl -c3NlbjELMAkGA1UEBhMCREUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9u -MRcwFQYDVQRhDA5OVFJERS0xMjM0NTY3ODERMA8GA1UEBRMIMTIzNDU2NzgxEzAR -BgsrBgEEAYI3PAIBAwwCR0IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQDCDYFxtJQFvM+ZiqpiCPIuY7IeRvkrhZjDg9DOJq12j1znWwUgJSYyGcIkirpp -o+vKEKTzz7XGHvZwWJZbiFJqiEIzhbjGFkhPAUU5P+FquQa17zfbeZ5QkFdDW4vD -NQ2zQfQbwkp/GDw5LU+/K6VxB3MzAOWNNp7+j3LFclYIzIa277ri/Ztcxi2U7S1k -JHfmZ01i25QuKY7dHXrKvGj7FSyAVtPd5zqPmBgUSxHZxAEfuXrQ2a1pEQX2Dq5f -/M3Gs8tNro5FGAqowEARKNzNn3omZ1pHgJvZTPfaX20TgxqRktG5RPdya5dHdHFw -gNPWc792M1xwuG+HNz5+jnXlAgMBAAGjggFcMIIBWDAfBgNVHSMEGDAWgBQMXpz+ -ukshbAQdwlq344hfWd5MEjAdBgNVHQ4EFgQUDmuqg6myTVyFzbHSL4f3IMs2Qzsw -DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4 -YW1wbGUuY29tMGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDovL2Nh -LmV4YW1wbGUuY29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AuZXhh -bXBsZS5jb20vb2NzcDBZBgNVHSAEUjBQMAcGBWeBDAEBMEUGCisGAQQBvUcNGAEw -NzA1BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxlc2VjLmRlL3NlcnZlcnBhc3Mv -Y3BzLmh0bWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 -DQEBCwUAA4IBAQBftKEeTH458M79Zrhf9voF8wTGIh5AEuA8JT/bN2wQDuyqeqme -/QuUX7CIu2WwsPbz8CFe2Q1SKPM5gMlTGufb/beha4zCWqM8NXb4t/hSNDkD9226 -s5FW3lT3TzbDRwl+eykrsIUDWEIYyvg6JI7gK/512QbeTn131lIkUkBnuZ9b7kN3 -cPQ0ekicrCk8FjZz3/H21m7BdvSTF0OmBUseTcrH3azKwqn2AH/RAetJmI9W7HQE -hUunPKM+dSW/NQUD9B1DMs9c8W18vOWnnr5BfzS7kyIxh/Td77wQfyGlMaBeYoq7 -uoXjjS8CsVd+Avbhpda+47g9jZQ94Hcyg96o ------END CERTIFICATE----- diff --git a/testdata/EvAltRegNumCert57NtrJurSopMissing.pem b/testdata/EvAltRegNumCert57NtrJurSopMissing.pem deleted file mode 100644 index e4a944a98..000000000 --- a/testdata/EvAltRegNumCert57NtrJurSopMissing.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEyjCCA7KgAwIBAgINAlEr+EzD49s1YT1+/jANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjCB -ozEMMAoGA1UECgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhl -c3NlbjELMAkGA1UEBhMCREUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9u -MRowGAYDVQRhDBFOVFJERStIRS0xMjM0NTY3ODERMA8GA1UEBRMIMTIzNDU2Nzgx -EzARBgsrBgEEAYI3PAIBAwwCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDCDYFxtJQFvM+ZiqpiCPIuY7IeRvkrhZjDg9DOJq12j1znWwUgJSYyGcIk -irppo+vKEKTzz7XGHvZwWJZbiFJqiEIzhbjGFkhPAUU5P+FquQa17zfbeZ5QkFdD -W4vDNQ2zQfQbwkp/GDw5LU+/K6VxB3MzAOWNNp7+j3LFclYIzIa277ri/Ztcxi2U -7S1kJHfmZ01i25QuKY7dHXrKvGj7FSyAVtPd5zqPmBgUSxHZxAEfuXrQ2a1pEQX2 -Dq5f/M3Gs8tNro5FGAqowEARKNzNn3omZ1pHgJvZTPfaX20TgxqRktG5RPdya5dH -dHFwgNPWc792M1xwuG+HNz5+jnXlAgMBAAGjggFcMIIBWDAfBgNVHSMEGDAWgBQM -Xpz+ukshbAQdwlq344hfWd5MEjAdBgNVHQ4EFgQUDmuqg6myTVyFzbHSL4f3IMs2 -QzswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3 -LmV4YW1wbGUuY29tMGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDov -L2NhLmV4YW1wbGUuY29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3Au -ZXhhbXBsZS5jb20vb2NzcDBZBgNVHSAEUjBQMAcGBWeBDAEBMEUGCisGAQQBvUcN -GAEwNzA1BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxlc2VjLmRlL3NlcnZlcnBh -c3MvY3BzLmh0bWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqG -SIb3DQEBCwUAA4IBAQBmq3MNz+GEqMIqOC1IB06DEjtAFHmbqr9uhxSpUM3VuK9y -jm+upuoZCwXFmEeyRXgjKbVFi6aLcMvyhLKfqntQKP517y/baEOeAV+GHUOYg+Gl -ihXze5o/nZAokPm9/b8D0hciqbxte7UlGaTu9wWKscVpDdjsuClNhaM7QD07LbTG -biAk5cbnQNTKqW0VCCU0LgEPBpbugydWDHkv8a5h0r13jiab3U7sfiX/Zq0rDP+i -MPNIYi/a9b/lxZ+TbFbZ1Q1PSW1dmhLvnXWcCVQ6VW2XwcbNkJyVvbJF3KJXMu7S -djvSAK3WrQazO/XhXQluDOMosMZYJZH4CuLLrHxe ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert01InvalidRoles.pem b/testdata/QcStmtPsd2Cert01InvalidRoles.pem deleted file mode 100644 index f0af97ff8..000000000 --- a/testdata/QcStmtPsd2Cert01InvalidRoles.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE+TCCA+GgAwIBAgINDAL9Kp25SRT/zD2oHzANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEBDAZQU1BfUEkMJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI -hvcNAQELBQADggEBACBOt6QdjgWK2amsIFmmf9t7cnwtpigTe3BLnEmsPAPw0TBU -5G0pg1Utep7dvr0k++lMMqAHyxGZ8eUxjxXn/VUFTRisvwuk0GcDiYh7j9D/uyTH -sgD5IOvuADWcxHQ6kRyAWVqu5eLrUIy0l21SfpU1WGLiqCG14RzzljDe7jgWR4vu -KUbk4/LWavRCEXPejDJ7MvQ6Q8Jwj4tzdFZXUdwxQUJ/yp6pwNO3+qka7qi5rHD8 -8tNBPyUevV37humsLjfDzHFINs9D1BMDqZixdGAfOr/rMdw6pUlAUM0nFciYEK6z -sOJ9fnJcGTKWjJeC8XKoOPWyB0Ie0pPy21M5hxQ= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert03MissingRolesOid.pem b/testdata/QcStmtPsd2Cert03MissingRolesOid.pem deleted file mode 100644 index 957666e36..000000000 --- a/testdata/QcStmtPsd2Cert03MissingRolesOid.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8DCCA9igAwIBAgINCtgGQhhiIWmoUdvtzDANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbYwggGyMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkQYIKwYBBQUHAQMEgYQwgYEw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwSQYGBACBmCcCMD8wCjAIDAZQU1BfUEkMJ0ZlZGVyYWwgRmluYW5jaWFs -IFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZIhvcNAQELBQAD -ggEBAAxFzpMwgr+aUxhBzrpsvpZDfaARHczbaPcJmi2h6rThbUFjYbrfssZmiZDq -e5g/4yaRPlKHZFU8yofcAs7hiFQNnKCgK4WlZ9gXe0yylXks6Hn2M2lDMWIk3HmF -ZwsTjyoNbbhW2x70Ewaa2NIWcf+4zK3qGBf4wXqmlhrWsA7EEzswFEUG25qoga2f -NXfJkBKWON7S4K3Bwddull8g2Sl+gJpGlwXlSu1hAV6tBqzH3JniV9AYP3SXAyRQ -S0TalMJ6wkEz+qBxao9+M4E64Q7jgVJbGKvoCgKiTKCbvd24AQDZPgGJspz+3NQR -0DINDw9My5opjNMyB+x4K+Hxtl0= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert05Valid.pem b/testdata/QcStmtPsd2Cert05Valid.pem deleted file mode 100644 index cae24dcf4..000000000 --- a/testdata/QcStmtPsd2Cert05Valid.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE+TCCA+GgAwIBAgINCqVMvI3ItM3g3XV2cDANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEBDAZQU1BfQVMMJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI -hvcNAQELBQADggEBABmbFutzBZssZnMzUDMYf0bYgStey6CMddV4rKhhUDBqxG9s -xg+xLbXNmEHdJ6lScRK3h2mQ222vPsebLguitcisaqAMIDInYfRS657yEXmSedjy -WIVSrtCaAACYoCwOPEymnjra7WsRu2WZZ+5zk7floDx6o5QXLd73DOJrqr/r6pL9 -NPf5e7g+vlVqAGQhC6Z0s7ri5XInPBeZEMox2Au2ZF/UWNRf00MnRvnYAl2TkDSw -HcbU6L8BtzLxJlZmKw33BfTmi++QOmSPZjpELpnpUamrDmKuFlxu5/QBVz6RS/sX -5tZkQTPg6UtFlkStg9LLJEkEvdT0xMkRvczzTPM= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert07MissingRoleName.pem b/testdata/QcStmtPsd2Cert07MissingRoleName.pem deleted file mode 100644 index 2de38a3d8..000000000 --- a/testdata/QcStmtPsd2Cert07MissingRoleName.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8TCCA9mgAwIBAgINAn34kicX+AdEJqPEXDANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbcwggGzMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkgYIKwYBBQUHAQMEgYUwgYIw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwSgYGBACBmCcCMEAwCzAJBgcEAIGYJwEEDCdGZWRlcmFsIEZpbmFuY2lh -bCBTdXBlcnZpc29yeSBBdXRob3JpdHkMCERFLWJhZmluMA0GCSqGSIb3DQEBCwUA -A4IBAQAHzTrdqGrwO0YNlzUBybkgaiaRR+iTfpe1gBHwOoL3hE6u1xowj3WozX6b -dXi+wT4jiy6ipsSCUE2sMwhBCIGRnuuJzlD6tIqJ88tAL0E13TvL2iW6IvH9pUM6 -ZMfEh7ejIXe2KRPX0lCuaiTwGXZy6B4EEt/vB5kdoqoDDLx7zDYUKyoUetN9bl75 -X5EjnpmZ1b+vgVCui261HFmwCg+ZxEFmbsmx3+CndOvFUygih9bdhIEj6Y6tlZS+ -S958XsWQwdwWnPIICt68yCxjYZfQ5fOiQa4OfoZ82uekJTr7pM63JwAk97GPt+MH -AFexiknCl6FRVuyRQHXkQkQMSfdG ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert08NcaNameMissing.pem b/testdata/QcStmtPsd2Cert08NcaNameMissing.pem deleted file mode 100644 index f9dae78e9..000000000 --- a/testdata/QcStmtPsd2Cert08NcaNameMissing.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEzTCCA7WgAwIBAgINBgcQn55ngMeNmOZhpzANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZMwggGPMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBvBggrBgEFBQcBAwRjMGEwCAYG -BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ -AQIwKQYGBACBmCcCMB8wEzARBgcEAIGYJwEDDAZQU1BfQUkMCERFLUJBRklOMA0G -CSqGSIb3DQEBCwUAA4IBAQBNkBaX1LmQuC7jw/X6iuBwYCvMwCUMjudBa3whU0U0 -jSh8VlzcBAu4dYGglyzhEjibGtHjBR+VW3mels1PCTIe6B4BPsIwnZ3zttjEBHM+ -H/uaShVU+61Cy6xOCGUR0NVyzWThwn0qwi6po0Qqn8+sW53tfTORsXmqaCzmlnDl -LiVJIY4eJYb1iuEucQdJ3KUWduJsJFJHOO+CoJKsoan+1g2cK/3NZC+eLR/e9aC/ -s8SnyGIBf2JxXXDQUY1Nx6Gb7b39Za/Ta6Hzu7Ue1FG/YY3vOwHnESAzmNYV1XiR -QLtIJbag45xPMWzQV5afp0gXRRX4hNE+DkZ52zWBMFTs ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem b/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem deleted file mode 100644 index 3f4f4d268..000000000 --- a/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEzzCCA7egAwIBAgINDsKzMgts5dOILcyZyzANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZUwggGRMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBxBggrBgEFBQcBAwRlMGMwCAYG -BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ -AQIwKwYGBACBmCcCMCEwEzARBgcEAIGYJwECDAZQU1BfUEkMAAwIREUtQkFGSU4w -DQYJKoZIhvcNAQELBQADggEBAE+Iv9mf7sZBgnYSg739dk8uHRPpNnkkO6cxDvaq -q0CxylX66XdUoXMytvjVB1I+C2u5tmCVYcZYtv+Rm1ctA5FPsgbJNb8BkKH7wNC4 -Z64YSpdDA5hN3S1tudAKlG0JsXZUpOoevDVqqaONnBeQL9aZSF71nFDiRPWGy/Ox -CCYcQINdgRw6KU66b33Qez9oedRvv9SzAQv265H5ACZXJ+d8j0iVypGKUGxhqeQT -/6o1Eg35srYKyEtkYXBk3rOycxrz9Ux6ZhACzbi3v2MgiBVh5MdYuUn2WlBsb9tw -F7avtF38ETrRpx4q8AysD/vckODyvN6zB3PTEeJPS8o7Yr0= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert10RoleNameMissing.pem b/testdata/QcStmtPsd2Cert10RoleNameMissing.pem deleted file mode 100644 index b6cf298bb..000000000 --- a/testdata/QcStmtPsd2Cert10RoleNameMissing.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8DCCA9igAwIBAgINDxPCnUBqjv5Cn7YVoTANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbYwggGyMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkQYIKwYBBQUHAQMEgYQwgYEw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwSQYGBACBmCcCMD8wCjAIDAZQU1BfQUkMJ0ZlZGVyYWwgRmluYW5jaWFs -IFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZIhvcNAQELBQAD -ggEBAAtdv0K46jF555M5IUa//iLMk6bXnqrlBEjbuVMAD2Rq6FvIE56ug4YQfYWI -85f07JhCnnKdw1npx9wF9avLWNggmNpXTPdF10iCXAE4vYEOtVy8xjYgMPk2swoc -VgAzDZQSPAj8nNQSEgYlpLv5o8IQPBMbP6uKjjDilVHEpIPclDlIhx7tfPtGG4/9 -Pvx2FKtnD52Zr5qQvL85IC5Qy2xIIiznLt2p5E131EssZ1zCHDqzo3mYp1YS81Jj -lowIZUtEICht7f0Ju2/RaKgdwivJ2jKHOh23DNkPWsQDbqgMZS2oQCEgikVu4f3d -6fHt4nGCpQGc6jJg2H3n2KR3O9w= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem b/testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem deleted file mode 100644 index 934ed5e64..000000000 --- a/testdata/QcStmtPsd2Cert11RoleNameZeroLenght.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE7DCCA9SgAwIBAgINCGnzNrzLAvsCbWMwJjANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbIwggGuMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjQYIKwYBBQUHAQMEgYAwfjAI -BgYEAI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL -7EkBAjBGBgYEAIGYJwIwPDANMAsGBwQAgZgnAQEMAAwnRmVkZXJhbCBGaW5hbmNp -YWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAJERTANBgkqhkiG9w0BAQsFAAOCAQEA -PimK2OFIHTC2lWv6+xN0lUg6cdlyZk1T7N3iBF90WogG1HjDCKnYlILcvOM581p2 -xleu1orGL/VAcJg0Te9rl9Z4ju6z1b4XsjFXSY1QBMxI8gWP2axFYlxcjRS7sMjk -m7lzQL63qGAJm76Gr1Xatcx7peqwgOMmmLN9e0WES+4z2aw2CksUgsaQ2ouzER4r -hXJtVCemhzNKcbeA+8yROD0ROenqDCNqcAGIGJ4YNSp90Wlp63baxu6u3PJgMr9S -L6sZzaimaFEPY6ggiw7PiYAKxmsybKFBXGJBPEaZ5MB4fDGKbe4nEGiEsM56IMBq -7DMKNBB67j4txmUg2xtd6w== ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem b/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem deleted file mode 100644 index e723cbf4f..000000000 --- a/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8TCCA9mgAwIBAgINA3NeFoI2mquIfvSjvjANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbcwggGzMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkgYIKwYBBQUHAQMEgYUwgYIw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwSgYGBACBmCcCMEAwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwAMA0GCSqGSIb3DQEBCwUA -A4IBAQBakOYgnqxhHxCk7/HBK5GOhLc3Cof9e//jriIvA1jjhFO+iO+e1pVMZ9tK -7VFMBSe+v0XzN9oVuSEGdldebMhAnLBzr+ERhzljvXaCuHzh96u2MDbSeErfF4h9 -25BAoeuaglKoUCR/q1w8QMiwW3IxlbdWMeUc3HAVFSSBZtxAqfh6WE5xUaBJBWw5 -b8dixcQcDN9XsedCiZsjIzPUNldc4uQBEplqFbetVjUGyPVgpzwMyHorCyE4kadi -UXX2GNt7erIUgEme0Egmu1J3/R7lkNjXKtfpejTuxLtV6YyF+K5l2ZsWKbDUHNFI -46Tksr06JcmMw6kpWU52vEAh+n4V ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert14Valid.pem b/testdata/QcStmtPsd2Cert14Valid.pem deleted file mode 100644 index 98c54da2b..000000000 --- a/testdata/QcStmtPsd2Cert14Valid.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE1DCCA7ygAwIBAgIND53/U08Ff4UyfPa79TANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZowggGWMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BggrBgEFBQcBAwRqMGgwCAYG -BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ -AQIwMAYGBACBmCcCMCYwEzARBgcEAIGYJwEEDAZQU1BfSUMMBTEyMzQ1DAhERS1C -QUZJTjANBgkqhkiG9w0BAQsFAAOCAQEAHlh68mckSyslsm2Q+in8TW3yFhjZ2/6n -1D/vPzja0LUblklNwKN0Zxa3TsWkKCZh5E/CwaLps/oxNUXDf273I9EFTnaNY0wO -2bcTbwQxkeNKZ7OHcQll8swdD3vhl8koAKAvHPuGJC71orWoc4Cbz6utm2e+IU4X -U1t2PgMPH7GhN/TL/Cqz0xbIcRqkmfLI6dcmckQX+HNBenh546iT/kDY3k6g6tEH -IPHj50A1vgksji5LrLfFhiwMx0X5t/1bPYQaZMKwg8w/mr48ql0gLT48UnLPt2jg -hMklwbWsMn8tTAWqQ3CzGKtgmJO9RWWFyU/jct+Hr7kFrzPG+j4bPg== ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem b/testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem deleted file mode 100644 index 1952466e3..000000000 --- a/testdata/QcStmtPsd2Cert15NcaIdInconsistent.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE6TCCA9GgAwIBAgINBXNwOIJE9ou2P9JaNzANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAa8wggGrMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBigYIKwYBBQUHAQMEfjB8MAgG -BgQAjkYBATATBgYEAI5GAQYwCQYHBACORgEGAzAVBggrBgEFBQcLAjAJBgcEAIvs -SQECMEQGBgQAgZgnAjA6MBMwEQYHBACBmCcBAgwGUFNQX1BJDBtGaW5hbmNpYWwg -Q29uZHVjdCBBdXRob3JpdHkMBkdCLUZDQTANBgkqhkiG9w0BAQsFAAOCAQEAcGLh -qmW9M1HA0kJnhoIcZddPgTSmKgoIhUwPrNJ1R7RJUMkRbJLOGZAOIMz82jUY2pAv -IvtrxSZ9Kj0WeXtNnQ/39TMUogy8rxD3COJCD/n7Jr4vNYYyEeE3WLFMiS9UNJI7 -HPVfknp22f8TRYKYdm7jNqZu8IjFmMp8rBZQgatkEOc01/M2ZlOmbZp4kMcR+QFy -j1emYPjdiT/Sbn2KWFGnbsC9zfSYMr+qri0N9QiS27NJ4Uaj13qj9cvkLHYxuBBp -0SQDYNiU5b10BhonOHuHnf3g9InsIuA6lZibMNIrm+mbJa0YprZBNFesx7gSlrn0 -mA9viD0AJ4F3YeNX4A== ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem b/testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem deleted file mode 100644 index 1cb4a6195..000000000 --- a/testdata/QcStmtPsd2Cert17NcaIdInconsistent.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE2zCCA8OgAwIBAgINDR5bwZZ7Cncsu6inkDANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAaEwggGdMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB9BggrBgEFBQcBAwRxMG8wCAYG -BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ -AQIwNwYGBACBmCcCMC0wEzARBgcEAIGYJwEBDAZQU1BfQVMMDU5hdGlvbmFsIEJh -bmsMB1hYLUJBTkswDQYJKoZIhvcNAQELBQADggEBAAhb9Cz45JCQPBJU8DjR7uJi -sCMn79Q3Pu+TbnmR29blkyx/xw3ZuunwgeNXr8hb7+fKRBfXPrtPw/2DtndCIb52 -hbXM98OYoDFyjI3jHhkylce0fyEMrUTGkch63AsI99J2+WPw29hI/tRDoyoX9B6o -YFMHwyEA0En8WzohlhmJ1pBRU3AVeZOB2iIwj4P4yMSw6GzO/JiVFKqiFNRUm4Tc -7bgWDyOJhqnmK0bC5FShD8MwcncBi8YXrtrOC3hiKI4ZM2VVzEtUowMa4ovPDvW+ -lYxzWRwGCFXs8yF/YByhKD5n7Ydj9TtGvLCY89BsI3lvqda19IZwCn70xdlEkUA= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem b/testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem deleted file mode 100644 index 5730e39c8..000000000 --- a/testdata/QcStmtPsd2Cert22NcaNameWrongStringType.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE+TCCA+GgAwIBAgINDCggDdySs4DXGHyRDjANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEEDAZQU1BfSUMTJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI -hvcNAQELBQADggEBAD7xK3mri61c067i8K6ydtJ0iB/vNYWfP+6BJSPhK2idZ/n4 -MJJTJzJqLmyUrYUjP6QlQmwxS/El81y8VpuXpE3BoOGu7+GSSvcCv7zt9e7tRYmU -TFHK1+yZ18j3g7AzGJIpCT4eKTyGQVPJnhHuZBXdgLcepuyedQ/lg/CCCgVomKmv -04JIUdIoQWVKNGne3rcbjay3g93fnDQ3sWtZEF8j6rQdExBHjZtipkG5TxeOYpg4 -ybC71MTPx3TAa6qFDWUJCqa7oggjS4ew763UR43rvnm3NPwyWvUmnHD47LjzJwBG -KlRvIJttjr6046IX4LxCA+yCo1IdMOBdcaNonF0= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem b/testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem deleted file mode 100644 index 8a264eafb..000000000 --- a/testdata/QcStmtPsd2Cert23Psd2ExtNcaIdWrongStringType.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE+TCCA+GgAwIBAgINDbqKQigFQMGjP0MDWjANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwECDAZQU1BfUEkMJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eRMIREUtQkFGSU4wDQYJKoZI -hvcNAQELBQADggEBAAlJKsrS/tv3xWC+PcCYGZBLzpJTb1c0ZPrNWxlGOsv0RfTV -7ZTh+bE8G2wwfNKuNcJWbeRm+kj/FxjSMXYHsXyyeJ2mJflYD757DFNzT87o8fDh -wJL7UCTgbIx/OjOYdk0BF8FpLHcHHU/g38xiXQEHGnJx0gcOlUotues3m2j11rZD -IKsaRBYHbyt2Hm0taYCe/S+qGbXAEoTa2ViVvQs1b9XbOE1XQs3+Wfmgg7Pw9/V+ -xdvkg66JCUffw5JK/1YF+wX4ruU9/ZVYJ8izjZ8EqZwZc977LoE67EnOwP4gdk1D -uM2/4uA9EZY6ZriCaYfBAMugfwO8UWQWZhM4YWs= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem b/testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem deleted file mode 100644 index 53374b6f2..000000000 --- a/testdata/QcStmtPsd2Cert24RoleNameIllegalChars.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE+TCCA+GgAwIBAgINB3QGTJaVm+8UTeHXtjANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEDEwZQU1BfQUkMJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI -hvcNAQELBQADggEBAFOtuuVU/X9VzoMqaHedrNYEc4QQKB02cE/fKNDBINQUSUru -QwJJP8cYsBRPGu2ZzLnCJrqKQZVkVqqhoNbMbIWxuGyqJFSBKrwvTiLcbr2HmIC9 -l/Tn/cfZbCjKURt6fX6UwMghanzcpeMWZqYG2KgpIeVSfvphO1qFryjfPTuxLUy/ -MpwNV1z5un8jizOLeqP0HICoc6i17vPtQGxh1+1DyE+LEU+f44oReVjXkK2p/l3p -43caPV2L371JZlm3GxelU6h6pjKFREpwC7HPQiLUyuHxHwEzRO1Bm+yF8DcFF+lr -68rNsX6FvYmLDvgskgMnM2OcFhHn4h/w1CGI78I= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem b/testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem deleted file mode 100644 index dc77f6160..000000000 --- a/testdata/QcStmtPsd2Cert26RoleOidAsUtf8Str.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFATCCA+mgAwIBAgINBLJlq+HgwVbgQWY4ljANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBogYIKwYBBQUHAQMEgZUwgZIw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwWgYGBACBmCcCMFAwGzAZDA8wLjQuMC4xOTQ5NS4xLjEMBlBTUF9BUwwn -RmVkZXJhbCBGaW5hbmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAhERS1CQUZJ -TjANBgkqhkiG9w0BAQsFAAOCAQEADwr7eFDj7TDp9oZvLXfQ4fOHGNkPT2IopGZA -XSWOVEQpTDZrmUbEG9VAZRWPQWrsVJBPGMKVSijGfyWOojw+Ybr/zf06udYfzU4z -foX2r2p5VcF7RaOP0I0IvUu7imVO5CGwAAgNwBWHVClxgHCG7HyPCVwfhuloEtBY -pMoYMwZIPQgjbpQv7a0l7sNyowUgvo2LEntgJ+AmYvjtiOril6cB51VjsJvIzhKG -pAUQ6wU9AMZcVrNxKBrBC/ZvBmpNwXWpqZQ0ht8ZLwAwQcFhlduqTj+RaIvKABTT -OdW8/iD8L/05ttgzUYk9hOBP0nvMp0q8YXAnZiLyjzE/b8xwdA== ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert27RoleNameNull.pem b/testdata/QcStmtPsd2Cert27RoleNameNull.pem deleted file mode 100644 index aea0e3d68..000000000 --- a/testdata/QcStmtPsd2Cert27RoleNameNull.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8jCCA9qgAwIBAgINDT4Uv+ZLx36sX5lt6DANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbgwggG0MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkwYIKwYBBQUHAQMEgYYwgYMw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwSwYGBACBmCcCMEEwDDAKBQAMBlBTUF9BUwwnRmVkZXJhbCBGaW5hbmNp -YWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAhERS1CQUZJTjANBgkqhkiG9w0BAQsF -AAOCAQEALJ21NMFW5+QNjpSsR9S1rWwPU1YH1BtQz492fWpY7Dyow9LyFGzmdR5u -9lvud43yXXkeKiOHNa9V5K9QJwFYlO0F4pj0owkmy1qHnsQqMJMfWjXDBY7wJQBh -ilGtKUAL8ideqJBcwS8GtOkC5uNcJ7IDW0elxbCO9aFPIwv34deM64o6QdwceqK9 -g3Cw+1ZwdL1R9b5Dy9AOuwEuljwN+MKh/uTiqA8oEpTgjwx0GsJuxaVLLcwPmw8u -iwS0g/mbdD8fphQzYW5Blrw4UaWc95rjyZ0p3ML13HXvzKbuvpORbVIu/I83YJ+7 -Ue4OIpzAHeEZCXkQnieJnLCeV7amZg== ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem b/testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem deleted file mode 100644 index ebe3714ba..000000000 --- a/testdata/QcStmtPsd2Cert28NcaNameIa5Str.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE+TCCA+GgAwIBAgINCXyBm7L1aR4HaG0t+jANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw -MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt -QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwECDAZQU1BfUEkWJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI -hvcNAQELBQADggEBAB+ZT87A/50XIcJbEzJpullrjxpDRm/JFXAcXP8IzYmudG1u -bAQgzmxM60jv8amdE9iFWjO58kp8skX2J7meR8BaPPFZVMQ90RX2IjnUE/aoYlmH -eM9ykwNzTJP72P4i3s5IjKY1+5l9C4YWBHL+GXhdDQDdS6/LMxYjHbaMhjkHicWR -cDMiK16diYjBKn/cb2fjM1gBkwKiHxQj7uxOYn5vCpMQTT1CbQlCDbbzzNbIUvsk -vsUKcjSOV2eXeNZ/5PDh4Z6FY/nM3wiOIPy4A7MUB987Dv/sRJIwvpXubRMVenfe -UMRDoancxKOAp96XNRNlF3pxfsspOIQSASG5Cks= ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert30Valid.pem b/testdata/QcStmtPsd2Cert30Valid.pem deleted file mode 100644 index be1c0749f..000000000 --- a/testdata/QcStmtPsd2Cert30Valid.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE9zCCA9+gAwIBAgINAbqL8/qvSod2/+EpMzANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBv -MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEeMBwGA1UEYQwVUFNEUEwt -UEZTQS0xMjM0NTY3ODkwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -wg2BcbSUBbzPmYqqYgjyLmOyHkb5K4WYw4PQziatdo9c51sFICUmMhnCJIq6aaPr -yhCk88+1xh72cFiWW4hSaohCM4W4xhZITwFFOT/harkGte8323meUJBXQ1uLwzUN -s0H0G8JKfxg8OS1PvyulcQdzMwDljTae/o9yxXJWCMyGtu+64v2bXMYtlO0tZCR3 -5mdNYtuULimO3R16yrxo+xUsgFbT3ec6j5gYFEsR2cQBH7l60NmtaREF9g6uX/zN -xrPLTa6ORRgKqMBAESjczZ96JmdaR4Cb2Uz32l9tE4MakZLRuUT3cmuXR3RxcIDT -1nO/djNccLhvhzc+fo515QIDAQABo4IBvjCCAbowHwYDVR0jBBgwFoAUDF6c/rpL -IWwEHcJat+OIX1neTBIwHQYDVR0OBBYEFA5rqoOpsk1chc2x0i+H9yDLNkM7MA4G -A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3d3dy5leGFt -cGxlLmNvbTBiBggrBgEFBQcBAQRWMFQwKAYIKwYBBQUHMAKGHGh0dHA6Ly9jYS5l -eGFtcGxlLmNvbS9jYS5jcnQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmV4YW1w -bGUuY29tL29jc3AwHwYDVR0gBBgwFjAJBgcEAIvsQAEEMAkGBwQAgZgnAwEwHQYD -VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGZBggrBgEFBQcBAwSBjDCBiTAI -BgYEAI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL -7EkBAjBRBgYEAIGYJwIwRzATMBEGBwQAgZgnAQQMBlBTUF9JQwwnRmVkZXJhbCBG -aW5hbmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAdQTC1QRlNBMA0GCSqGSIb3 -DQEBCwUAA4IBAQAO1okP2VXl7NmPbdWX9QtesVxlg5e1VDJrx1NA4gVlXPQi8thW -4JAYSmlOMb0IC3CrjcepmApCjBTJnx99Vn6NV9VbpJXdOKgOK+Kf01OPpjte7nV4 -3Q2IhWg75sJKEqMA2DrxCHQmBQ4HplRTE7EqmrM5Kn6QGUT3rjnqfFu9DYY1AeRc -NVxnqAe5TApePwsfqRsX3u2Ngv3rpF/dQgv78VYZbUMWqz2cxlXFKqEu3zWsRdd/ -kvHgNnPh399AzZrkiXzxz2A/eKJnz5ydxe5vswRZ43za4K/pLf/ftnYlbViK/xfk -2TfQdNdte0y60KireEsdNJ27KTEy5XTxast2 ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert31Valid.pem b/testdata/QcStmtPsd2Cert31Valid.pem deleted file mode 100644 index b0cf61348..000000000 --- a/testdata/QcStmtPsd2Cert31Valid.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE9zCCA9+gAwIBAgINB1vxbHmAgLCe5oL7DTANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBw -MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEQkUt -TkJCLTEyMzQuNTY3Ljg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj -68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 -DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk -d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 -zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA -09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb0wggG5MB8GA1UdIwQYMBaAFAxenP66 -SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO -BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh -bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu -ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt -cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmAYIKwYBBQUHAQMEgYswgYgw -CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA -i+xJAQIwUAYGBACBmCcCMEYwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwg -RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwGQkUtTkJCMA0GCSqGSIb3 -DQEBCwUAA4IBAQAPDX5qjIUhlenXeIiZ8uqRiAHEIfH+WAgtG1XwuP4SRL2ndF/g -5r12SLuRXyxaWsJ4qnpv3NFrmrs3yux7FSkk0mSC+67EIdhcA765HIDCKToR9RCN -6R6ZrRJl3DKfnzAA1r82ITtpPsmhhx4l1JJNC3LmAc7owAB1SB4bUw8zymPODlir -feNGECjGFyYi9zi+QN+RS++QAzu0XZsNuT5Ud6vGRPgK/jTjYJsHPW+OSgAC7GOo -Saz0E/uGfmopaYckWTU9UYoUNPjQjTeMWFnwCw8bpo+GUqkkxkFMWkpOHzLWRRXg -5+N8a4HuBcTkai8JKMKqhJ35q+KnF2/LXyM7 ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert39Valid.pem b/testdata/QcStmtPsd2Cert39Valid.pem deleted file mode 100644 index 45fb5357a..000000000 --- a/testdata/QcStmtPsd2Cert39Valid.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE9DCCA9ygAwIBAgINBe1W3McubIstRtJQ2zANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBs -MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEbMBkGA1UEYQwSUFNETVQt -TUZTQS1BIDEyMzQ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg2B -cbSUBbzPmYqqYgjyLmOyHkb5K4WYw4PQziatdo9c51sFICUmMhnCJIq6aaPryhCk -88+1xh72cFiWW4hSaohCM4W4xhZITwFFOT/harkGte8323meUJBXQ1uLwzUNs0H0 -G8JKfxg8OS1PvyulcQdzMwDljTae/o9yxXJWCMyGtu+64v2bXMYtlO0tZCR35mdN -YtuULimO3R16yrxo+xUsgFbT3ec6j5gYFEsR2cQBH7l60NmtaREF9g6uX/zNxrPL -Ta6ORRgKqMBAESjczZ96JmdaR4Cb2Uz32l9tE4MakZLRuUT3cmuXR3RxcIDT1nO/ -djNccLhvhzc+fo515QIDAQABo4IBvjCCAbowHwYDVR0jBBgwFoAUDF6c/rpLIWwE -HcJat+OIX1neTBIwHQYDVR0OBBYEFA5rqoOpsk1chc2x0i+H9yDLNkM7MA4GA1Ud -DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3d3dy5leGFtcGxl -LmNvbTBiBggrBgEFBQcBAQRWMFQwKAYIKwYBBQUHMAKGHGh0dHA6Ly9jYS5leGFt -cGxlLmNvbS9jYS5jcnQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmV4YW1wbGUu -Y29tL29jc3AwHwYDVR0gBBgwFjAJBgcEAIvsQAEEMAkGBwQAgZgnAwEwHQYDVR0l -BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGZBggrBgEFBQcBAwSBjDCBiTAIBgYE -AI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL7EkB -AjBRBgYEAIGYJwIwRzATMBEGBwQAgZgnAQQMBlBTUF9JQwwnRmVkZXJhbCBGaW5h -bmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAdNVC1NRlNBMA0GCSqGSIb3DQEB -CwUAA4IBAQA4dTFubbQHH/I52KqmZH5lcPELQOXIylGxfAQxjMeWlkWsNYatZA5F -AkucP7KYtm4KOIMQR+xMreMGqmBGu0cS8HImBgjuld2N6sIgdUtUgWJjPWP2f8dX -Ymt7CMxeV4rPlk6OA3A7k5ymBO+NtK3RCiHluxf8J+vBf5OtuICF9xTkAqblbGFM -akOUy6s+gC085BbvG5gA4W8788WeQLKlPJOolzf21bWpNX+QgWugjHPAJIRdylBH -pwmR7Agg7+mGsPnDgY0955h/upg2TH41qUZw8vkw3LNw7Ij+RLl1ZL/Eni4Fo8xt -oLkacP2gWcr2k4mkJG4uKVyVAsnPIrPG ------END CERTIFICATE----- diff --git a/testdata/QcStmtPsd2Cert40Valid.pem b/testdata/QcStmtPsd2Cert40Valid.pem deleted file mode 100644 index c3d4984c3..000000000 --- a/testdata/QcStmtPsd2Cert40Valid.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8TCCA9mgAwIBAgINAMgGzG3kIBYA+I8FATANBgkqhkiG9w0BAQsFADBBMRUw -EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U -RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAwWhcNMjAxMTAxMDgwMzAwWjBq -MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk -dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEZMBcGA1UEYQwQVkFUQkUt -MDg3Njg2NjE0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMINgXG0 -lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj68oQpPPP -tcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1DbNB9BvC -Sn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQkd+ZnTWLb -lC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8zcazy02u -jkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA09Zzv3Yz -XHC4b4c3Pn6OdeUCAwEAAaOCAb0wggG5MB8GA1UdIwQYMBaAFAxenP66SyFsBB3C -WrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAOBgNVHQ8B -Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5j -b20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2EuZXhhbXBs -ZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFtcGxlLmNv -bS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0GA1UdJQQW -MBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmAYIKwYBBQUHAQMEgYswgYgwCAYGBACO -RgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJAQIw -UAYGBACBmCcCMEYwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwgRmluYW5j -aWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwGQkUtTkJCMA0GCSqGSIb3DQEBCwUA -A4IBAQBGHMv35/nt1N94zpYI5/zlBmp8zY4s0JMLmSYRDQCfoMd1CS+7m3JKIrjB -ll5TakTZ8gpY4U5Je/woS/08Lp0bR94Cq/nbMTas0OiOqmkmV8/Kw0mEWS/q2Jol -XUaa4TbvFB0PI7UOsm7tygjfvB9t0zJy+ytDqTiO9WEGouH5dbGDl4//0gq+JUs2 -IFUJi8UntfPnjD/mSmeqOvrsRlNLOgTkhURcLDV5Ch37moni6Mn2VSH/dXStaEUI -ISLK/dcMOBK69wTUXWOLr8HZ5xFPlP+F6gBnVHXSJGvYyE06MDZ2SqWNlS90kwcr -szINuPd+/+Kvij/xKUwX0tMisQ8y ------END CERTIFICATE----- diff --git a/util/alt_reg_num_ev.go b/util/alt_reg_num_ev.go deleted file mode 100644 index 20982f6a2..000000000 --- a/util/alt_reg_num_ev.go +++ /dev/null @@ -1,137 +0,0 @@ -/* - * ZLint Copyright 2020 Regents of the University of Michigan - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy - * of the License at http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -package util - -import ( - "encoding/asn1" - "reflect" - "regexp" - - "github.com/zmap/zcrypto/x509" -) - -type RDNSequence []RelativeDistinguishedNameSET - -type RelativeDistinguishedNameSET []AttributeTypeAndValue - -type AttributeTypeAndValue struct { - Type asn1.ObjectIdentifier - Value asn1.RawValue -} - -type parsedSubjectElement struct { - IsPresent bool - Value string - Asn1RawValue asn1.RawValue - ErrorString string -} - -type ParsedEvOrgId struct { - Rsi, Country, StateOrProvince, RegRef string -} - -type cabfOrgIdExt struct { - Rsi string `asn1:"printable"` - Country string `asn1:"printable"` - StateOrProvince string `asn1:"printable,optional,tag:0"` - RegRef string `asn1:"utf8"` -} - -func ParseCabfOrgIdExt(c *x509.Certificate) (string, ParsedEvOrgId) { - var result ParsedEvOrgId - - ext := GetExtFromCert(c, CabfExtensionOrganizationIdentifier) - var parsedExt cabfOrgIdExt - // check that we can parse the extension: - rest, err := asn1.Unmarshal(ext.Value, &parsedExt) - if len(rest) != 0 { - return "trailing bytes after extension", result - } - if err != nil { - return "could not parse extension value:" + err.Error(), result - } - errStr := CheckAsn1Reencoding(reflect.ValueOf(parsedExt).Interface(), ext.Value, "invalid string type in extension") - if errStr != "" { - return "", result - } - result.Country = parsedExt.Country - result.RegRef = parsedExt.RegRef - result.Rsi = parsedExt.Rsi - result.StateOrProvince = parsedExt.StateOrProvince - return "", result -} - -func ParseCabfOrgId(oi string, isEtsi bool) (string, ParsedEvOrgId) { - var result ParsedEvOrgId - re_ntr := regexp.MustCompile(`^(NTR)([A-Z]{2})([+]([A-Z]{2}))?-(.+)$`) - re_vat_psd := regexp.MustCompile(`^(VAT|PSD)([A-Z]{2})(())-(.+)$`) - re_lei := regexp.MustCompile(`^(LEI)(XG)(())-(.+)$`) - var sm []string - if re_ntr.MatchString(oi) { - sm = re_ntr.FindStringSubmatch(oi) - } else if re_vat_psd.MatchString(oi) { - sm = re_vat_psd.FindStringSubmatch(oi) - } else if re_lei.MatchString(oi) { - if isEtsi { - sm = re_lei.FindStringSubmatch(oi) - } else { - return "CAB/F subject:organizationIdentifier does not allow LEI", result - } - } else { - return "CAB/F subject:organizationIdentifier has an invalid format", result - } - result.Rsi = sm[1] - result.Country = sm[2] - result.StateOrProvince = sm[3] - result.RegRef = sm[5] - return "", result - -} - -func GetSubjectOrgId(rawSubject []byte) parsedSubjectElement { - return GetSubjectElement(rawSubject, CabfSubjectOrganizationIdentifier) -} -func GetSubjectElement(rawSubject []byte, soughtOid asn1.ObjectIdentifier) parsedSubjectElement { - result := parsedSubjectElement{IsPresent: false, Value: "", ErrorString: ""} - var nl RDNSequence - - rest, err := asn1.Unmarshal(rawSubject, &nl) // parse the sequence of sets, i.e. each list element in nl will be a set - if err != nil { - return parsedSubjectElement{IsPresent: false, Value: "", ErrorString: "error parsing outer SEQ of subject DN"} - } - if len(rest) != 0 { - return parsedSubjectElement{IsPresent: false, ErrorString: "rest len of outer seq != 0 in subject DN", Value: ""} - } - for _, item := range nl { - for _, typeAndValue := range item { - if typeAndValue.Type.Equal(soughtOid) { - if result.IsPresent { - AppendToStringSemicolonDelim(&result.ErrorString, "double AVA found in subject:... encountered, this is not expected") - return result - } - result.IsPresent = true - var parsedString string - _, _ = asn1.Unmarshal(typeAndValue.Value.FullBytes, &parsedString) - result.Value = parsedString - result.Asn1RawValue = typeAndValue.Value - } - } - } - return result -} - -type ParsedOrgId struct { - Rsi, Country, SubDiv, RegRef string -} diff --git a/util/misc.go b/util/misc.go deleted file mode 100644 index 34d273546..000000000 --- a/util/misc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* - * ZLint Copyright 2020 Regents of the University of Michigan - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy - * of the License at http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -package util - -func AppendToStringSemicolonDelim(this *string, s string) { - if len(*this) > 0 && len(s) > 0 { - (*this) += "; " - } - (*this) += s -} diff --git a/util/oid.go b/util/oid.go index d2e0101a9..f52b2fb75 100644 --- a/util/oid.go +++ b/util/oid.go @@ -71,41 +71,27 @@ var ( SHA384OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} SHA512OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3} // other OIDs - OidRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} - OidRSASSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} - OidMD2WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} - OidMD5WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} - OidSHA1WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} - OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14} - OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} - OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} - OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} - AnyPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 32, 0} - UserNoticeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2} - CpsOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} - IdEtsiQcsQcCompliance = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1} - IdEtsiQcsQcLimitValue = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2} - IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3} - IdEtsiQcsQcSSCD = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4} - IdEtsiQcsQcEuPDS = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5} - IdEtsiQcsQcType = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6} - IdEtsiQcsQctEsign = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1} - IdEtsiQcsQctEseal = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2} - IdEtsiQcsQctWeb = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3} - IdEtsiPsd2Statem = asn1.ObjectIdentifier{0, 4, 0, 19495, 2} - IdEtsiPsd2RolePspAs = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 1} - IdEtsiPsd2RolePspPi = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 2} - IdEtsiPsd2RolePspAi = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 3} - IdEtsiPsd2RolePspIc = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 4} - IdEtsiQcsSemanticsIdLegal = asn1.ObjectIdentifier{0, 4, 0, 194121, 1, 2} - IdEtsiPolicyQcpNatural = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 0} - IdEtsiPolicyQcpLegal = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 1} - IdEtsiPolicyQcpNaturalQscd = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 2} - IdEtsiPolicyQcpLegalQscd = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 3} - IdEtsiPolicyQcpWeb = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 4} - IdQcsPkixQCSyntaxV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 11, 2} - CabfSubjectOrganizationIdentifier = asn1.ObjectIdentifier{2, 5, 4, 97} - CabfExtensionOrganizationIdentifier = asn1.ObjectIdentifier{2, 23, 140, 3, 1} + OidRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} + OidRSASSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} + OidMD2WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} + OidMD5WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} + OidSHA1WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} + OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14} + OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} + OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} + OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} + AnyPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 32, 0} + UserNoticeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2} + CpsOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} + IdEtsiQcsQcCompliance = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1} + IdEtsiQcsQcLimitValue = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2} + IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3} + IdEtsiQcsQcSSCD = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4} + IdEtsiQcsQcEuPDS = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5} + IdEtsiQcsQcType = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6} + IdEtsiQcsQctEsign = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1} + IdEtsiQcsQctEseal = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2} + IdEtsiQcsQctWeb = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3} ) const ( diff --git a/util/qc_stmt.go b/util/qc_stmt.go index e2f3b3ab8..156210f50 100644 --- a/util/qc_stmt.go +++ b/util/qc_stmt.go @@ -19,21 +19,8 @@ import ( "encoding/asn1" "fmt" "reflect" - "unicode" - - "github.com/zmap/zcrypto/x509" ) -var EtsiQcStmtOidList = [...]*asn1.ObjectIdentifier{ - &IdEtsiQcsQcCompliance, - &IdEtsiQcsQcLimitValue, - &IdEtsiQcsQcRetentionPeriod, - &IdEtsiQcsQcSSCD, - &IdEtsiQcsQcEuPDS, - &IdEtsiQcsQcType, - &IdEtsiPsd2Statem, -} - type anyContent struct { Raw asn1.RawContent } @@ -42,12 +29,10 @@ type qcStatementWithInfoField struct { Oid asn1.ObjectIdentifier Any asn1.RawValue } - type qcStatementWithoutInfoField struct { Oid asn1.ObjectIdentifier } -// === etsi base ==> type etsiBase struct { errorInfo string isPresent bool @@ -61,8 +46,6 @@ func (this etsiBase) IsPresent() bool { return this.isPresent } -// <== etsi base === - type EtsiQcStmtIf interface { GetErrorInfo() string IsPresent() bool @@ -114,76 +97,16 @@ type EtsiQcPds struct { PdsLocations []PdsLocation } -// ==== QcStatement 2 (RFC3739)types ===> - -type DecodedQcS2 struct { - etsiBase - Decoded QcStatemt2 -} -type QcStatemt2 struct { - SemanticsId asn1.ObjectIdentifier `asn1:"optional"` - NameRegAuthorities NameRegistrationAuthorities `asn1:"optional"` -} - -type NameRegistrationAuthorities []asn1.RawValue - -// <=== QcStatement 2 (RFC3739)types ==== - -// ==== PSD2 QcStatement types ===> -type Psd2RoleOfPspType int - -const ( - RoleAs Psd2RoleOfPspType = 1 - RolePi Psd2RoleOfPspType = 2 - RoleAi Psd2RoleOfPspType = 3 - RoleIc Psd2RoleOfPspType = 4 -) - -// === ASN.1 Types ==> -type Psd2RoleOfPsp struct { - RoleType asn1.ObjectIdentifier - RoleOfPspName string `asn1:"utf8"` -} - -type EtsiPsd2QcStatem struct { - Roles []Psd2RoleOfPsp - NCAName string `asn1:"utf8"` - CountryAndNCAId string `asn1:"utf8"` -} - -// <== ASN.1 Types === - -type EtsiPsd2 struct { - etsiBase - DecodedPsd2Statm EtsiPsd2QcStatem -} - -func (this EtsiPsd2) getCountryAndNcaId() (string, string) { - runes := []rune(this.DecodedPsd2Statm.CountryAndNCAId) - if len(this.DecodedPsd2Statm.CountryAndNCAId) < 4 || !unicode.IsUpper(runes[0]) || !unicode.IsUpper(runes[1]) || runes[2] != '-' { - return "", "" +func AppendToStringSemicolonDelim(this *string, s string) { + if len(*this) > 0 && len(s) > 0 { + (*this) += "; " } - return string(runes[0:2]), string(runes[3:]) -} - -func (this EtsiPsd2) GetNcaCountry() string { - co, _ := this.getCountryAndNcaId() - return co + (*this) += s } -func (this EtsiPsd2) GetNcaId() string { - _, ncaId := this.getCountryAndNcaId() - return ncaId -} - -// <=== PSD2 QcStatement types ==== -func CheckAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfComparisonFails string) string { - return CheckAsn1ReencodingWithParams(i, originalEncoding, appendIfComparisonFails, "") -} - -func CheckAsn1ReencodingWithParams(i interface{}, originalEncoding []byte, appendIfComparisonFails string, params string) string { +func checkAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfComparisonFails string) string { result := "" - reencoded, marshErr := asn1.MarshalWithParams(i, params) + reencoded, marshErr := asn1.Marshal(i) if marshErr != nil { AppendToStringSemicolonDelim(&result, fmt.Sprintf("error reencoding ASN1 value of statementInfo field: %s", marshErr)) @@ -194,12 +117,15 @@ func CheckAsn1ReencodingWithParams(i interface{}, originalEncoding []byte, appen return result } -type EtsiPsd2OrgId struct { - Rsi, Country, NcaId, PspId string -} - func IsAnyEtsiQcStatementPresent(extVal []byte) bool { - for _, oid := range EtsiQcStmtOidList { + oidList := make([]*asn1.ObjectIdentifier, 6) + oidList[0] = &IdEtsiQcsQcCompliance + oidList[1] = &IdEtsiQcsQcLimitValue + oidList[2] = &IdEtsiQcsQcRetentionPeriod + oidList[3] = &IdEtsiQcsQcSSCD + oidList[4] = &IdEtsiQcsQcEuPDS + oidList[5] = &IdEtsiQcsQcType + for _, oid := range oidList { r := ParseQcStatem(extVal, *oid) if r.IsPresent() { return true @@ -208,17 +134,6 @@ func IsAnyEtsiQcStatementPresent(extVal []byte) bool { return false } -func IsQcStatemPresent(c *x509.Certificate, oid *asn1.ObjectIdentifier) (string, bool) { - if !IsExtInCert(c, QcStateOid) { - return "", false - } - qcs := ParseQcStatem(GetExtFromCert(c, QcStateOid).Value, *oid) - if qcs.GetErrorInfo() != "" { - return qcs.GetErrorInfo(), qcs.IsPresent() - } - return "", qcs.IsPresent() -} - //nolint:gocyclo func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf { sl := make([]anyContent, 0) @@ -254,147 +169,85 @@ func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf { continue } if statem.Oid.Equal(IdEtsiQcsQcCompliance) { - return handleIdEtsiQcsQcCompliance(statem, raw) + etsiObj := Etsi421QualEuCert{etsiBase: etsiBase{isPresent: true}} + statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} + AppendToStringSemicolonDelim(&etsiObj.errorInfo, checkAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, + "invalid format of ETSI Complicance statement")) + return etsiObj } else if statem.Oid.Equal(IdEtsiQcsQcLimitValue) { - return handleIdEtsiQcsQcLimitValue(statem) + etsiObj := EtsiQcLimitValue{etsiBase: etsiBase{isPresent: true}} + numErr := false + alphErr := false + var numeric EtsiMonetaryValueNum + var alphabetic EtsiMonetaryValueAlph + restNum, errNum := asn1.Unmarshal(statem.Any.FullBytes, &numeric) + if len(restNum) != 0 || errNum != nil { + numErr = true + } else { + etsiObj.IsNum = true + etsiObj.Amount = numeric.Amount + etsiObj.Exponent = numeric.Exponent + etsiObj.CurrencyNum = numeric.Iso4217CurrencyCodeNum + + } + if numErr { + restAlph, errAlph := asn1.Unmarshal(statem.Any.FullBytes, &alphabetic) + if len(restAlph) != 0 || errAlph != nil { + alphErr = true + } else { + etsiObj.IsNum = false + etsiObj.Amount = alphabetic.Amount + etsiObj.Exponent = alphabetic.Exponent + etsiObj.CurrencyAlph = alphabetic.Iso4217CurrencyCodeAlph + AppendToStringSemicolonDelim(&etsiObj.errorInfo, + checkAsn1Reencoding(reflect.ValueOf(alphabetic).Interface(), + statem.Any.FullBytes, "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + } + } + if numErr && alphErr { + etsiObj.errorInfo = "error parsing the ETSI Qc Statement statementInfo field" + } + return etsiObj + } else if statem.Oid.Equal(IdEtsiQcsQcRetentionPeriod) { - return handleIdEtsiQcsQcRetentionPeriod(statem) + etsiObj := EtsiQcRetentionPeriod{etsiBase: etsiBase{isPresent: true}} + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.Period) + + if len(rest) != 0 || err != nil { + etsiObj.errorInfo = "error parsing the statementInfo field" + } + return etsiObj } else if statem.Oid.Equal(IdEtsiQcsQcSSCD) { - return handleIdEtsiQcsQcSSCD(statem, raw) + etsiObj := EtsiQcSscd{etsiBase: etsiBase{isPresent: true}} + statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} + AppendToStringSemicolonDelim(&etsiObj.errorInfo, checkAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, + "invalid format of ETSI SCSD statement")) + return etsiObj } else if statem.Oid.Equal(IdEtsiQcsQcEuPDS) { - return handleIdEtsiQcsQcEuPDS(statem) + etsiObj := EtsiQcPds{etsiBase: etsiBase{isPresent: true}} + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.PdsLocations) + if len(rest) != 0 || err != nil { + etsiObj.errorInfo = "error parsing the statementInfo field" + } else { + AppendToStringSemicolonDelim(&etsiObj.errorInfo, + checkAsn1Reencoding(reflect.ValueOf(etsiObj.PdsLocations).Interface(), statem.Any.FullBytes, + "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + } + return etsiObj } else if statem.Oid.Equal(IdEtsiQcsQcType) { - return handleIdEtsiQcsQcType(statem) - } else if statem.Oid.Equal(IdEtsiPsd2Statem) { - return handleIdEtsiPsd2Statem(statem) - } else if statem.Oid.Equal(IdQcsPkixQCSyntaxV2) { - return handleIdQcsPkixQCSyntaxV2(statem) + var qcType Etsi423QcType + qcType.isPresent = true + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcType.TypeOids) + if len(rest) != 0 || err != nil { + return etsiBase{errorInfo: "error parsing IdEtsiQcsQcType extension statementInfo field", isPresent: true} + } + return qcType } else { return etsiBase{errorInfo: "", isPresent: true} } - } - - return etsiBase{errorInfo: "", isPresent: false} -} - -func handleIdQcsPkixQCSyntaxV2(statem qcStatementWithInfoField) EtsiQcStmtIf { - var qcs2Statem DecodedQcS2 - qcs2Statem.isPresent = true - if len(statem.Any.FullBytes) == 0 { - return qcs2Statem - } - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcs2Statem.Decoded) - if err != nil { - AppendToStringSemicolonDelim(&qcs2Statem.errorInfo, "error parsing statement: "+err.Error()) - } - if len(rest) != 0 { - AppendToStringSemicolonDelim(&qcs2Statem.errorInfo, "trailing bytes after QcStatement") - } - return qcs2Statem -} -func handleIdEtsiPsd2Statem(statem qcStatementWithInfoField) EtsiQcStmtIf { - var psd2Statem EtsiPsd2 - psd2Statem.isPresent = true - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &psd2Statem.DecodedPsd2Statm) - if len(rest) != 0 || err != nil { - return etsiBase{errorInfo: "error parsing IdEtsiPsd2Statem extension statementInfo field", isPresent: true} } - if psd2Statem.DecodedPsd2Statm.CountryAndNCAId == "" || psd2Statem.DecodedPsd2Statm.NCAName == "" { - AppendToStringSemicolonDelim(&psd2Statem.errorInfo, "field has length 0") - } - for _, role := range psd2Statem.DecodedPsd2Statm.Roles { - if role.RoleOfPspName == "" { - AppendToStringSemicolonDelim(&psd2Statem.errorInfo, "field has length 0") - } - } - AppendToStringSemicolonDelim(&psd2Statem.errorInfo, - CheckAsn1Reencoding(reflect.ValueOf(psd2Statem.DecodedPsd2Statm).Interface(), statem.Any.FullBytes, - "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) - return psd2Statem -} -func handleIdEtsiQcsQcType(statem qcStatementWithInfoField) EtsiQcStmtIf { - var qcType Etsi423QcType - qcType.isPresent = true - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcType.TypeOids) - if len(rest) != 0 || err != nil { - return etsiBase{errorInfo: "error parsing IdEtsiQcsQcType extension statementInfo field", isPresent: true} - } - return qcType -} - -func handleIdEtsiQcsQcEuPDS(statem qcStatementWithInfoField) EtsiQcStmtIf { - etsiObj := EtsiQcPds{etsiBase: etsiBase{isPresent: true}} - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.PdsLocations) - if len(rest) != 0 || err != nil { - etsiObj.errorInfo = "error parsing the statementInfo field" - } else { - AppendToStringSemicolonDelim(&etsiObj.errorInfo, - CheckAsn1Reencoding(reflect.ValueOf(etsiObj.PdsLocations).Interface(), statem.Any.FullBytes, - "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) - } - return etsiObj -} - -func handleIdEtsiQcsQcSSCD(statem qcStatementWithInfoField, raw anyContent) EtsiQcStmtIf { - etsiObj := EtsiQcSscd{etsiBase: etsiBase{isPresent: true}} - statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} - AppendToStringSemicolonDelim(&etsiObj.errorInfo, CheckAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, - "invalid format of ETSI SCSD statement")) - return etsiObj -} - -func handleIdEtsiQcsQcRetentionPeriod(statem qcStatementWithInfoField) EtsiQcStmtIf { - etsiObj := EtsiQcRetentionPeriod{etsiBase: etsiBase{isPresent: true}} - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.Period) - - if len(rest) != 0 || err != nil { - etsiObj.errorInfo = "error parsing the statementInfo field" - } - return etsiObj -} - -func handleIdEtsiQcsQcLimitValue(statem qcStatementWithInfoField) EtsiQcStmtIf { - etsiObj := EtsiQcLimitValue{etsiBase: etsiBase{isPresent: true}} - numErr := false - alphErr := false - var numeric EtsiMonetaryValueNum - var alphabetic EtsiMonetaryValueAlph - restNum, errNum := asn1.Unmarshal(statem.Any.FullBytes, &numeric) - if len(restNum) != 0 || errNum != nil { - numErr = true - } else { - etsiObj.IsNum = true - etsiObj.Amount = numeric.Amount - etsiObj.Exponent = numeric.Exponent - etsiObj.CurrencyNum = numeric.Iso4217CurrencyCodeNum - - } - if numErr { - restAlph, errAlph := asn1.Unmarshal(statem.Any.FullBytes, &alphabetic) - if len(restAlph) != 0 || errAlph != nil { - alphErr = true - } else { - etsiObj.IsNum = false - etsiObj.Amount = alphabetic.Amount - etsiObj.Exponent = alphabetic.Exponent - etsiObj.CurrencyAlph = alphabetic.Iso4217CurrencyCodeAlph - AppendToStringSemicolonDelim(&etsiObj.errorInfo, - CheckAsn1Reencoding(reflect.ValueOf(alphabetic).Interface(), - statem.Any.FullBytes, "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) - } - } - if numErr && alphErr { - etsiObj.errorInfo = "error parsing the ETSI Qc Statement statementInfo field" - } - return etsiObj -} + return etsiBase{errorInfo: "", isPresent: false} -func handleIdEtsiQcsQcCompliance(statem qcStatementWithInfoField, raw anyContent) EtsiQcStmtIf { - etsiObj := Etsi421QualEuCert{etsiBase: etsiBase{isPresent: true}} - statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} - AppendToStringSemicolonDelim(&etsiObj.errorInfo, CheckAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, - "invalid format of ETSI Complicance statement")) - return etsiObj } From e56e2a09361056ae4f3d9ed9e03624bfbe2fb0cb Mon Sep 17 00:00:00 2001 From: GitHub Date: Thu, 21 Oct 2021 07:26:00 +0000 Subject: [PATCH 03/21] util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC --- v3/util/gtld_map.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v3/util/gtld_map.go b/v3/util/gtld_map.go index 9b952c603..942f4b988 100644 --- a/v3/util/gtld_map.go +++ b/v3/util/gtld_map.go @@ -5161,7 +5161,7 @@ var tldMap = map[string]GTLDPeriod{ "qvc": { GTLD: "qvc", DelegationDate: "2016-08-04", - RemovalDate: "", + RemovalDate: "2021-10-07", }, "racing": { GTLD: "racing", From 92e659c5aefeeea3afd8a32cc768b112a9355218 Mon Sep 17 00:00:00 2001 From: mtgag Date: Thu, 27 Apr 2023 08:55:54 +0200 Subject: [PATCH 04/21] always check and perform the operation in the execution --- .../rfc/lint_cert_unique_identifier_version_not_2_or_3.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/v3/lints/rfc/lint_cert_unique_identifier_version_not_2_or_3.go b/v3/lints/rfc/lint_cert_unique_identifier_version_not_2_or_3.go index f6c982b7c..9aba2ba08 100644 --- a/v3/lints/rfc/lint_cert_unique_identifier_version_not_2_or_3.go +++ b/v3/lints/rfc/lint_cert_unique_identifier_version_not_2_or_3.go @@ -52,11 +52,11 @@ func NewCertUniqueIdVersion() lint.LintInterface { } func (l *certUniqueIdVersion) CheckApplies(c *x509.Certificate) bool { - return c.IssuerUniqueId.Bytes != nil || c.SubjectUniqueId.Bytes != nil + return true } func (l *certUniqueIdVersion) Execute(c *x509.Certificate) *lint.LintResult { - if (c.Version) != 2 && (c.Version) != 3 { + if (c.IssuerUniqueId.Bytes != nil || c.SubjectUniqueId.Bytes != nil) && (c.Version) != 2 && (c.Version) != 3 { return &lint.LintResult{Status: lint.Error} } else { return &lint.LintResult{Status: lint.Pass} From 1652cfa597d7c4c37991484d35e4a6da57a06580 Mon Sep 17 00:00:00 2001 From: mtgag Date: Wed, 5 Jul 2023 07:03:20 +0200 Subject: [PATCH 05/21] synchronised with project --- h | 531 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 531 insertions(+) create mode 100644 h diff --git a/h b/h new file mode 100644 index 000000000..5d88c51e5 --- /dev/null +++ b/h @@ -0,0 +1,531 @@ +commit 92902fc7d9ae7ad9f221235c74b992be6f101812 (HEAD -> master, origin/master, origin/HEAD) +Merge: 526f9be 8c46bdf +Author: mtgag +Date: Sat Jul 1 09:28:04 2023 +0200 + + Merge https://github.com/zmap/zlint + +commit 8c46bdf0e6c8f3ccab7d3101cbf56eea9b7a856a +Author: Aaron Gable +Date: Fri Jun 30 12:56:49 2023 -0700 + + Fix typo in LintRevocationListEx comment (#730) + +commit 7ef1f8451ba9894bb27645321618de2bf9a158be +Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> +Date: Sun Jun 25 16:11:22 2023 -0700 + + util: gtld_map autopull updates for 2023-06-14T22:18:50 UTC (#727) + + Co-authored-by: GitHub + Co-authored-by: Christopher Henderson + +commit 5e0219d2a818f0d8c71f20191d79e010890c2269 +Author: MTG <36234449+mtgag@users.noreply.github.com> +Date: Mon Jun 26 01:02:29 2023 +0200 + + Bc critical (#722) + + * lint about the encoding of qcstatements for PSD2 + + * Revert "lint about the encoding of qcstatements for PSD2" + + This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. + + * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC + + * always check and perform the operation in the execution + + * returning fatal rather than na + + * Update v3/lints/rfc/lint_basic_constraints_not_critical.go + + Error instead of fatal + + Co-authored-by: Christopher Henderson + + * adding error description. + + --------- + + Co-authored-by: mtg + Co-authored-by: GitHub + Co-authored-by: Christopher Henderson + +commit 3746088f87cde72a751b8f8a68c9b0a9e9a6a8b0 +Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> +Date: Sun Jun 11 12:21:00 2023 -0700 + + util: gtld_map autopull updates for 2023-06-06T18:20:14 UTC (#698) + + Co-authored-by: GitHub + Co-authored-by: Zakir Durumeric + +commit 9b18bdcd8fedb5013bda10ba13de27e3bf4ed908 +Author: MTG <36234449+mtgag@users.noreply.github.com> +Date: Sun Jun 11 21:13:48 2023 +0200 + + Ca field empty description (#723) + + * lint about the encoding of qcstatements for PSD2 + + * Revert "lint about the encoding of qcstatements for PSD2" + + This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. + + * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC + + * always check and perform the operation in the execution + + * simply must not have a non-empty distinguished name should suffice. The field is always present, the lints tests if the Sequence is empty. + + --------- + + Co-authored-by: mtg + Co-authored-by: GitHub + Co-authored-by: Christopher Henderson + +commit 59a91a2b1b7562e80894103cf8f8e03319b82a92 +Author: MTG <36234449+mtgag@users.noreply.github.com> +Date: Sun Jun 11 21:02:42 2023 +0200 + + Max length check applies (#724) + + * lint about the encoding of qcstatements for PSD2 + + * Revert "lint about the encoding of qcstatements for PSD2" + + This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. + + * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC + + * always check and perform the operation in the execution + + * max length check only if component is present. + + --------- + + Co-authored-by: mtg + Co-authored-by: GitHub + Co-authored-by: Christopher Henderson + +commit 526f9be2c26b63477a2d03d8a6a2736e2fe89b72 +Merge: b52111b 45e8dff +Author: mtgag +Date: Fri Jun 9 06:52:40 2023 +0200 + + Merge https://github.com/zmap/zlint + +commit 45e8dff6fe0d2a6989366a3dbd44713c360afc8f +Author: mwahaj +Date: Sun Jun 4 23:13:06 2023 +0500 + + Update README.md (#719) + + Added PKI Insights which also used zlint for X.509 Certificate verification against the PKI and Industry standards + + Co-authored-by: Christopher Henderson + +commit af903824a31385208566fa640cc13036a0e4d8e4 +Author: Christopher Henderson +Date: Sun Jun 4 11:02:45 2023 -0700 + + Enable accepting a PEM encoded CRL via the command line interface (#721) + + * dispatching CRLs to the CRL linting infra + + * fixing typo in README + +commit 1d8591cffbd9513c7302ef8187297e7463358291 +Author: toddgaunt-gs <107932811+toddgaunt-gs@users.noreply.github.com> +Date: Mon May 29 12:05:30 2023 -0400 + + Remove references in comments to Initialize() method of lints (#718) + + Some comments still refer to lints having an Initialize method. This + appears to no longer be the case but a warning in the comments for + RegisterLint, RegisterCertificateLint, and RegisterRevocationListLint + was still referencing lints having such a method. + +commit b52111baec7700cadeafd21ca74e448cec162483 +Merge: 351a379 2438596 +Author: mtgag +Date: Tue May 16 08:44:04 2023 +0200 + + Merge https://github.com/zmap/zlint + +commit 24385962110d84a33e403ae611169297e8d205c1 +Author: MTG <36234449+mtgag@users.noreply.github.com> +Date: Sun May 14 20:16:08 2023 +0200 + + Always perform e_cert_unique_identifier_version_not_2_or_3 (#711) + + * lint about the encoding of qcstatements for PSD2 + + * Revert "lint about the encoding of qcstatements for PSD2" + + This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. + + * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC + + * always check and perform the operation in the execution + + --------- + + Co-authored-by: mtg + Co-authored-by: GitHub + Co-authored-by: Christopher Henderson + +commit 351a37987e16c681f69725836a73dc888179d2be +Merge: 92e659c a5c869f +Author: Christopher Henderson +Date: Sun May 14 11:06:52 2023 -0700 + + Merge branch 'master' into master + +commit a5c869f807cbfce8a689aeba5682eb8f326845ea +Author: Christopher Henderson +Date: Sat May 13 09:23:45 2023 -0700 + + Update copyright text to 2023 (#716) + + * Updating copyright headers to 2023 + +commit 92e659c5aefeeea3afd8a32cc768b112a9355218 +Author: mtgag +Date: Thu Apr 27 08:55:54 2023 +0200 + + always check and perform the operation in the execution + +commit 30b096ee5b613af5eff751d9c5b878e8d07f529e +Merge: 8600050 997ad51 +Author: mtgag +Date: Wed Apr 19 08:41:37 2023 +0200 + + Merge https://github.com/zmap/zlint + +commit 997ad5143216f4a3f461545f277be7e20bdcb557 +Author: Amir Omidi +Date: Sun Mar 26 14:02:27 2023 -0400 + + Add CRL linting infrastructure (#699) + + * Add the skeleton around linting CRLs + + * Change the entrypoint of zlint + + * Add tests for the new skeleton + + * Address reviews + + * starting my own suggestions to work coopertaively on he change + + * Take out generics from the registration struct (#3) + + * Update to use Zcrypto instead of stdlib crypto for RevocationList (#4) + + * Take out generics from the registration struct (#3) + + * updating to use zcrypto + + * pointing zcrypto back to master + + * go tidy up + + --------- + + Co-authored-by: Amir Omidi + + * Tidy go mod + + * Update zcrypto + + * go mod tidy one more time + + * Bypass lint for Registry + + * Add NextUpdate CRL lint (#5) + + --------- + + Co-authored-by: christopher-henderson + +commit 64ae4e500e020b535a475a6c99007f77b917e1e9 +Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> +Date: Sun Mar 12 13:06:18 2023 -0700 + + build(deps): bump golang.org/x/net in /v3/cmd/genTestCerts (#704) + + Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220412020605-290c469a71a5 to 0.7.0. + - [Release notes](https://github.com/golang/net/releases) + - [Commits](https://github.com/golang/net/commits/v0.7.0) + + --- + updated-dependencies: + - dependency-name: golang.org/x/net + dependency-type: indirect + ... + + Signed-off-by: dependabot[bot] + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> + Co-authored-by: Christopher Henderson + +commit 68901ea435cd9be1c5f37765ed178120c3f570f9 +Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> +Date: Sun Mar 12 12:58:25 2023 -0700 + + build(deps): bump golang.org/x/net in /v3 (#702) + + Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220412020605-290c469a71a5 to 0.7.0. + - [Release notes](https://github.com/golang/net/releases) + - [Commits](https://github.com/golang/net/commits/v0.7.0) + + --- + updated-dependencies: + - dependency-name: golang.org/x/net + dependency-type: direct:production + ... + + Signed-off-by: dependabot[bot] + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> + Co-authored-by: Christopher Henderson + +commit 5ed8e34fe97edb3fedd7f1fb5cbc48a1444ea195 +Author: Christopher Henderson +Date: Sun Mar 12 12:48:34 2023 -0700 + + asserting human readable strings is error prone (#707) + +commit c7740fad1793b30df07212f9297066363efb19ce +Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> +Date: Sun Mar 12 12:32:52 2023 -0700 + + build(deps): bump golang.org/x/text in /v3/cmd/genTestCerts (#701) + + Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8. + - [Release notes](https://github.com/golang/text/releases) + - [Commits](https://github.com/golang/text/compare/v0.3.7...v0.3.8) + + --- + updated-dependencies: + - dependency-name: golang.org/x/text + dependency-type: indirect + ... + + Signed-off-by: dependabot[bot] + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> + Co-authored-by: Christopher Henderson + +commit a476724019152fa17e7ebb3c0bba6b896aecf89d +Author: Christopher Henderson +Date: Sun Mar 12 10:55:47 2023 -0700 + + Upgrading golangci-lint to v1.51.2 (#705) + +commit 46f7185e35ed0a7af55db60004a66ac4f15520fa +Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> +Date: Sun Mar 5 09:18:23 2023 -0800 + + build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 in /v3 (#700) + + Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8. + - [Release notes](https://github.com/golang/text/releases) + - [Commits](https://github.com/golang/text/compare/v0.3.7...v0.3.8) + + --- + updated-dependencies: + - dependency-name: golang.org/x/text + dependency-type: direct:production + ... + + Signed-off-by: dependabot[bot] + Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> + +commit 8a9f61eb9d9b2ee4b14519573ee2f0d09474c316 +Author: Christopher Henderson +Date: Thu Nov 3 09:18:18 2022 -0700 + + test.ReadTestCert breaks for downstream consumers dependent on the previous relative certificate path building behavior (#695) + + * util: gtld_map autopull updates for 2022-10-06T19:22:06 UTC + + * Trigger GHA + + * revert change + + * fixing our own tests + + Co-authored-by: GitHub + +commit 6292ca4c07afed0c9e4f43470126901161fd0c2c +Author: Christopher Henderson +Date: Sun Oct 16 11:41:20 2022 -0700 + + Adding support for linting profiles (#595) + + * adding support for linting profiles + + * at least tests running + + * Update v3/lint/profile.go + + Absolutely + + Co-authored-by: Daniel McCarney + + * Update v3/newProfile.sh + + * adding godoc to AllProfiles + + * util: gtld_map autopull updates for 2022-10-06T19:22:06 UTC + + * Trigger GHA + + * fixing linter + + Co-authored-by: Daniel McCarney + Co-authored-by: GitHub + +commit c6273337f37bce57a42c61f61566465ba81a8f4d +Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> +Date: Sun Oct 16 10:20:03 2022 -0700 + + util: gtld_map autopull updates for 2022-10-10T19:22:35 UTC (#694) + + Co-authored-by: GitHub + +commit 13fcc6ff15096c615205e0073681d571227522f9 +Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> +Date: Sun Oct 9 07:06:19 2022 -0700 + + util: gtld_map autopull updates for 2022-10-06T19:22:06 UTC (#693) + + Co-authored-by: GitHub + +commit 137e46e0ca400af8c38465773a9d9ef8dc044b62 +Author: Christopher Henderson +Date: Sun Sep 18 11:18:06 2022 -0700 + + Lint to check for invalid KU lengths (#686) + + * lint for incorrecty KU length + + * better code comment + + * correcting linter + + * fixing lint to check for combinations with nine possible flags + + * fixing comments + + * using cryptobyte + + * accounting for jumbo sized KUs + +commit 1209017ea441820ff41f4ef6b05e946ed53efcda +Author: Rob <3725956+robplee@users.noreply.github.com> +Date: Sun Sep 18 19:08:44 2022 +0100 + + Prevent OU lint from applying to CA certificates. Add unit test to confirm change of behaviour (#691) + +commit 44e12c12ca43a4af86f0dc2da4a71493ac9f8345 +Author: Christopher Henderson +Date: Sun Aug 28 07:33:00 2022 -0700 + + Add lint to check for incorrect 'unused' bit encoding in KeyUsages (#684) + + * Add lint to check for incorrect 'unused' bit encoding + + * using real life test data as a failure case + +commit 3f5e40d69c7dd1ed2049051f00dba88e97794ef0 +Author: Christopher Henderson +Date: Sun Jul 31 11:02:44 2022 -0700 + + Lint for RSA close prime Fermat factorization susceptibility (#674) + + * lint for close prime factorization with a default round setting of 100 + +commit e5ee614b989dca0615c7fdb9cb6d621f281c5a20 +Author: Christopher Henderson +Date: Sat Jul 23 11:55:36 2022 -0700 + + Support for Configurable Lints (#648) + + * Support for configurable lints + +commit ed9a20f851f487d6d280b72dc9db232779fc11e3 +Author: Christopher Henderson +Date: Sun Jul 17 13:06:32 2022 -0700 + + Added lint to check for superfluous zero byte on KU (#682) + +commit d8b86f771ea068173826b2088f0c502c17eaaa8d +Author: MTG <36234449+mtgag@users.noreply.github.com> +Date: Sun Jun 19 19:58:35 2022 +0200 + + Lints for allowable key usages as per RFC 8813 Section 3 and RFC 3279 Section 2.3.1 (#678) + + * lint about the encoding of qcstatements for PSD2 + + * Revert "lint about the encoding of qcstatements for PSD2" + + This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. + + * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC + + * added lints that adress issues about correct key usage values for a certain public key type + + * adjustments in config.json + + * adjustments after code review + + * adjustments after code review + + * warnings are turned to errors + + * fixed error count + + Co-authored-by: mtg + Co-authored-by: GitHub + +commit c7955ed482857439faa68dfdfb67b94a1510bce1 +Author: MTG <36234449+mtgag@users.noreply.github.com> +Date: Mon Jun 13 16:19:30 2022 +0200 + + Sunset subject:organizationalUnitName (Section 7.1.4.2.2.i, CAB-Forum BR) (#643) + + * lint about the encoding of qcstatements for PSD2 + + * Revert "lint about the encoding of qcstatements for PSD2" + + This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. + + * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC + + * added lint for presence of OU in subject + + * Update v3/lints/cabf_br/lint_subject_contains_organizational_unit_name.go + + Co-authored-by: Ryan Sleevi + + * separated lints to adress two requirements + + * separated lints to adress two requirements + + * reverted change proposed by IDE + + * aligning to #644 + + * Update v3/util/time.go + + * Update v3/util/time.go + + * Update v3/util/time.go + + * addressed requested changes, removing lint that is implemented in 675 + + Co-authored-by: mtg + Co-authored-by: GitHub + Co-authored-by: Ryan Sleevi + Co-authored-by: Christopher Henderson From d4f2f9f20715c9d7f4c617254749917cce4834be Mon Sep 17 00:00:00 2001 From: mtgag Date: Wed, 30 Aug 2023 09:58:56 +0200 Subject: [PATCH 06/21] synchronised with project --- v3/integration/small.config.json | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/v3/integration/small.config.json b/v3/integration/small.config.json index f8b92f1dd..06a861a68 100644 --- a/v3/integration/small.config.json +++ b/v3/integration/small.config.json @@ -322,6 +322,12 @@ "e_rsa_allowed_ku_ee": { "ErrCount": 11 }, + "e_no_underscores_before_1_6_2": { + "ErrCount": 13 + }, + "e_incorrect_ku_encoding": { + "ErrCount": 239 + }, "n_ca_digital_signature_not_set": { "NoticeCount": 29 }, @@ -423,6 +429,9 @@ "w_subject_dn_trailing_whitespace": { "WarnCount": 4 }, - "w_tls_server_cert_valid_time_longer_than_397_days": {} + "w_tls_server_cert_valid_time_longer_than_397_days": {}, + "w_rfc_dnsname_underscore_in_trd": { + "WarnCount": 13 + } } } \ No newline at end of file From 24085437aa4e9a39b1f3ac86350774d68432055a Mon Sep 17 00:00:00 2001 From: mtgag Date: Thu, 14 Dec 2023 07:02:35 +0100 Subject: [PATCH 07/21] synchronised with project --- h | 531 -------------------------------------------------------------- 1 file changed, 531 deletions(-) delete mode 100644 h diff --git a/h b/h deleted file mode 100644 index 5d88c51e5..000000000 --- a/h +++ /dev/null @@ -1,531 +0,0 @@ -commit 92902fc7d9ae7ad9f221235c74b992be6f101812 (HEAD -> master, origin/master, origin/HEAD) -Merge: 526f9be 8c46bdf -Author: mtgag -Date: Sat Jul 1 09:28:04 2023 +0200 - - Merge https://github.com/zmap/zlint - -commit 8c46bdf0e6c8f3ccab7d3101cbf56eea9b7a856a -Author: Aaron Gable -Date: Fri Jun 30 12:56:49 2023 -0700 - - Fix typo in LintRevocationListEx comment (#730) - -commit 7ef1f8451ba9894bb27645321618de2bf9a158be -Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> -Date: Sun Jun 25 16:11:22 2023 -0700 - - util: gtld_map autopull updates for 2023-06-14T22:18:50 UTC (#727) - - Co-authored-by: GitHub - Co-authored-by: Christopher Henderson - -commit 5e0219d2a818f0d8c71f20191d79e010890c2269 -Author: MTG <36234449+mtgag@users.noreply.github.com> -Date: Mon Jun 26 01:02:29 2023 +0200 - - Bc critical (#722) - - * lint about the encoding of qcstatements for PSD2 - - * Revert "lint about the encoding of qcstatements for PSD2" - - This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. - - * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC - - * always check and perform the operation in the execution - - * returning fatal rather than na - - * Update v3/lints/rfc/lint_basic_constraints_not_critical.go - - Error instead of fatal - - Co-authored-by: Christopher Henderson - - * adding error description. - - --------- - - Co-authored-by: mtg - Co-authored-by: GitHub - Co-authored-by: Christopher Henderson - -commit 3746088f87cde72a751b8f8a68c9b0a9e9a6a8b0 -Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> -Date: Sun Jun 11 12:21:00 2023 -0700 - - util: gtld_map autopull updates for 2023-06-06T18:20:14 UTC (#698) - - Co-authored-by: GitHub - Co-authored-by: Zakir Durumeric - -commit 9b18bdcd8fedb5013bda10ba13de27e3bf4ed908 -Author: MTG <36234449+mtgag@users.noreply.github.com> -Date: Sun Jun 11 21:13:48 2023 +0200 - - Ca field empty description (#723) - - * lint about the encoding of qcstatements for PSD2 - - * Revert "lint about the encoding of qcstatements for PSD2" - - This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. - - * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC - - * always check and perform the operation in the execution - - * simply must not have a non-empty distinguished name should suffice. The field is always present, the lints tests if the Sequence is empty. - - --------- - - Co-authored-by: mtg - Co-authored-by: GitHub - Co-authored-by: Christopher Henderson - -commit 59a91a2b1b7562e80894103cf8f8e03319b82a92 -Author: MTG <36234449+mtgag@users.noreply.github.com> -Date: Sun Jun 11 21:02:42 2023 +0200 - - Max length check applies (#724) - - * lint about the encoding of qcstatements for PSD2 - - * Revert "lint about the encoding of qcstatements for PSD2" - - This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. - - * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC - - * always check and perform the operation in the execution - - * max length check only if component is present. - - --------- - - Co-authored-by: mtg - Co-authored-by: GitHub - Co-authored-by: Christopher Henderson - -commit 526f9be2c26b63477a2d03d8a6a2736e2fe89b72 -Merge: b52111b 45e8dff -Author: mtgag -Date: Fri Jun 9 06:52:40 2023 +0200 - - Merge https://github.com/zmap/zlint - -commit 45e8dff6fe0d2a6989366a3dbd44713c360afc8f -Author: mwahaj -Date: Sun Jun 4 23:13:06 2023 +0500 - - Update README.md (#719) - - Added PKI Insights which also used zlint for X.509 Certificate verification against the PKI and Industry standards - - Co-authored-by: Christopher Henderson - -commit af903824a31385208566fa640cc13036a0e4d8e4 -Author: Christopher Henderson -Date: Sun Jun 4 11:02:45 2023 -0700 - - Enable accepting a PEM encoded CRL via the command line interface (#721) - - * dispatching CRLs to the CRL linting infra - - * fixing typo in README - -commit 1d8591cffbd9513c7302ef8187297e7463358291 -Author: toddgaunt-gs <107932811+toddgaunt-gs@users.noreply.github.com> -Date: Mon May 29 12:05:30 2023 -0400 - - Remove references in comments to Initialize() method of lints (#718) - - Some comments still refer to lints having an Initialize method. This - appears to no longer be the case but a warning in the comments for - RegisterLint, RegisterCertificateLint, and RegisterRevocationListLint - was still referencing lints having such a method. - -commit b52111baec7700cadeafd21ca74e448cec162483 -Merge: 351a379 2438596 -Author: mtgag -Date: Tue May 16 08:44:04 2023 +0200 - - Merge https://github.com/zmap/zlint - -commit 24385962110d84a33e403ae611169297e8d205c1 -Author: MTG <36234449+mtgag@users.noreply.github.com> -Date: Sun May 14 20:16:08 2023 +0200 - - Always perform e_cert_unique_identifier_version_not_2_or_3 (#711) - - * lint about the encoding of qcstatements for PSD2 - - * Revert "lint about the encoding of qcstatements for PSD2" - - This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. - - * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC - - * always check and perform the operation in the execution - - --------- - - Co-authored-by: mtg - Co-authored-by: GitHub - Co-authored-by: Christopher Henderson - -commit 351a37987e16c681f69725836a73dc888179d2be -Merge: 92e659c a5c869f -Author: Christopher Henderson -Date: Sun May 14 11:06:52 2023 -0700 - - Merge branch 'master' into master - -commit a5c869f807cbfce8a689aeba5682eb8f326845ea -Author: Christopher Henderson -Date: Sat May 13 09:23:45 2023 -0700 - - Update copyright text to 2023 (#716) - - * Updating copyright headers to 2023 - -commit 92e659c5aefeeea3afd8a32cc768b112a9355218 -Author: mtgag -Date: Thu Apr 27 08:55:54 2023 +0200 - - always check and perform the operation in the execution - -commit 30b096ee5b613af5eff751d9c5b878e8d07f529e -Merge: 8600050 997ad51 -Author: mtgag -Date: Wed Apr 19 08:41:37 2023 +0200 - - Merge https://github.com/zmap/zlint - -commit 997ad5143216f4a3f461545f277be7e20bdcb557 -Author: Amir Omidi -Date: Sun Mar 26 14:02:27 2023 -0400 - - Add CRL linting infrastructure (#699) - - * Add the skeleton around linting CRLs - - * Change the entrypoint of zlint - - * Add tests for the new skeleton - - * Address reviews - - * starting my own suggestions to work coopertaively on he change - - * Take out generics from the registration struct (#3) - - * Update to use Zcrypto instead of stdlib crypto for RevocationList (#4) - - * Take out generics from the registration struct (#3) - - * updating to use zcrypto - - * pointing zcrypto back to master - - * go tidy up - - --------- - - Co-authored-by: Amir Omidi - - * Tidy go mod - - * Update zcrypto - - * go mod tidy one more time - - * Bypass lint for Registry - - * Add NextUpdate CRL lint (#5) - - --------- - - Co-authored-by: christopher-henderson - -commit 64ae4e500e020b535a475a6c99007f77b917e1e9 -Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> -Date: Sun Mar 12 13:06:18 2023 -0700 - - build(deps): bump golang.org/x/net in /v3/cmd/genTestCerts (#704) - - Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220412020605-290c469a71a5 to 0.7.0. - - [Release notes](https://github.com/golang/net/releases) - - [Commits](https://github.com/golang/net/commits/v0.7.0) - - --- - updated-dependencies: - - dependency-name: golang.org/x/net - dependency-type: indirect - ... - - Signed-off-by: dependabot[bot] - Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> - Co-authored-by: Christopher Henderson - -commit 68901ea435cd9be1c5f37765ed178120c3f570f9 -Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> -Date: Sun Mar 12 12:58:25 2023 -0700 - - build(deps): bump golang.org/x/net in /v3 (#702) - - Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220412020605-290c469a71a5 to 0.7.0. - - [Release notes](https://github.com/golang/net/releases) - - [Commits](https://github.com/golang/net/commits/v0.7.0) - - --- - updated-dependencies: - - dependency-name: golang.org/x/net - dependency-type: direct:production - ... - - Signed-off-by: dependabot[bot] - Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> - Co-authored-by: Christopher Henderson - -commit 5ed8e34fe97edb3fedd7f1fb5cbc48a1444ea195 -Author: Christopher Henderson -Date: Sun Mar 12 12:48:34 2023 -0700 - - asserting human readable strings is error prone (#707) - -commit c7740fad1793b30df07212f9297066363efb19ce -Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> -Date: Sun Mar 12 12:32:52 2023 -0700 - - build(deps): bump golang.org/x/text in /v3/cmd/genTestCerts (#701) - - Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8. - - [Release notes](https://github.com/golang/text/releases) - - [Commits](https://github.com/golang/text/compare/v0.3.7...v0.3.8) - - --- - updated-dependencies: - - dependency-name: golang.org/x/text - dependency-type: indirect - ... - - Signed-off-by: dependabot[bot] - Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> - Co-authored-by: Christopher Henderson - -commit a476724019152fa17e7ebb3c0bba6b896aecf89d -Author: Christopher Henderson -Date: Sun Mar 12 10:55:47 2023 -0700 - - Upgrading golangci-lint to v1.51.2 (#705) - -commit 46f7185e35ed0a7af55db60004a66ac4f15520fa -Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> -Date: Sun Mar 5 09:18:23 2023 -0800 - - build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 in /v3 (#700) - - Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8. - - [Release notes](https://github.com/golang/text/releases) - - [Commits](https://github.com/golang/text/compare/v0.3.7...v0.3.8) - - --- - updated-dependencies: - - dependency-name: golang.org/x/text - dependency-type: direct:production - ... - - Signed-off-by: dependabot[bot] - Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> - -commit 8a9f61eb9d9b2ee4b14519573ee2f0d09474c316 -Author: Christopher Henderson -Date: Thu Nov 3 09:18:18 2022 -0700 - - test.ReadTestCert breaks for downstream consumers dependent on the previous relative certificate path building behavior (#695) - - * util: gtld_map autopull updates for 2022-10-06T19:22:06 UTC - - * Trigger GHA - - * revert change - - * fixing our own tests - - Co-authored-by: GitHub - -commit 6292ca4c07afed0c9e4f43470126901161fd0c2c -Author: Christopher Henderson -Date: Sun Oct 16 11:41:20 2022 -0700 - - Adding support for linting profiles (#595) - - * adding support for linting profiles - - * at least tests running - - * Update v3/lint/profile.go - - Absolutely - - Co-authored-by: Daniel McCarney - - * Update v3/newProfile.sh - - * adding godoc to AllProfiles - - * util: gtld_map autopull updates for 2022-10-06T19:22:06 UTC - - * Trigger GHA - - * fixing linter - - Co-authored-by: Daniel McCarney - Co-authored-by: GitHub - -commit c6273337f37bce57a42c61f61566465ba81a8f4d -Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> -Date: Sun Oct 16 10:20:03 2022 -0700 - - util: gtld_map autopull updates for 2022-10-10T19:22:35 UTC (#694) - - Co-authored-by: GitHub - -commit 13fcc6ff15096c615205e0073681d571227522f9 -Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> -Date: Sun Oct 9 07:06:19 2022 -0700 - - util: gtld_map autopull updates for 2022-10-06T19:22:06 UTC (#693) - - Co-authored-by: GitHub - -commit 137e46e0ca400af8c38465773a9d9ef8dc044b62 -Author: Christopher Henderson -Date: Sun Sep 18 11:18:06 2022 -0700 - - Lint to check for invalid KU lengths (#686) - - * lint for incorrecty KU length - - * better code comment - - * correcting linter - - * fixing lint to check for combinations with nine possible flags - - * fixing comments - - * using cryptobyte - - * accounting for jumbo sized KUs - -commit 1209017ea441820ff41f4ef6b05e946ed53efcda -Author: Rob <3725956+robplee@users.noreply.github.com> -Date: Sun Sep 18 19:08:44 2022 +0100 - - Prevent OU lint from applying to CA certificates. Add unit test to confirm change of behaviour (#691) - -commit 44e12c12ca43a4af86f0dc2da4a71493ac9f8345 -Author: Christopher Henderson -Date: Sun Aug 28 07:33:00 2022 -0700 - - Add lint to check for incorrect 'unused' bit encoding in KeyUsages (#684) - - * Add lint to check for incorrect 'unused' bit encoding - - * using real life test data as a failure case - -commit 3f5e40d69c7dd1ed2049051f00dba88e97794ef0 -Author: Christopher Henderson -Date: Sun Jul 31 11:02:44 2022 -0700 - - Lint for RSA close prime Fermat factorization susceptibility (#674) - - * lint for close prime factorization with a default round setting of 100 - -commit e5ee614b989dca0615c7fdb9cb6d621f281c5a20 -Author: Christopher Henderson -Date: Sat Jul 23 11:55:36 2022 -0700 - - Support for Configurable Lints (#648) - - * Support for configurable lints - -commit ed9a20f851f487d6d280b72dc9db232779fc11e3 -Author: Christopher Henderson -Date: Sun Jul 17 13:06:32 2022 -0700 - - Added lint to check for superfluous zero byte on KU (#682) - -commit d8b86f771ea068173826b2088f0c502c17eaaa8d -Author: MTG <36234449+mtgag@users.noreply.github.com> -Date: Sun Jun 19 19:58:35 2022 +0200 - - Lints for allowable key usages as per RFC 8813 Section 3 and RFC 3279 Section 2.3.1 (#678) - - * lint about the encoding of qcstatements for PSD2 - - * Revert "lint about the encoding of qcstatements for PSD2" - - This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. - - * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC - - * added lints that adress issues about correct key usage values for a certain public key type - - * adjustments in config.json - - * adjustments after code review - - * adjustments after code review - - * warnings are turned to errors - - * fixed error count - - Co-authored-by: mtg - Co-authored-by: GitHub - -commit c7955ed482857439faa68dfdfb67b94a1510bce1 -Author: MTG <36234449+mtgag@users.noreply.github.com> -Date: Mon Jun 13 16:19:30 2022 +0200 - - Sunset subject:organizationalUnitName (Section 7.1.4.2.2.i, CAB-Forum BR) (#643) - - * lint about the encoding of qcstatements for PSD2 - - * Revert "lint about the encoding of qcstatements for PSD2" - - This reverts commit 6c2367080d148f4b8c01f96a4c80e3ac55d1ef26. - - * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC - - * added lint for presence of OU in subject - - * Update v3/lints/cabf_br/lint_subject_contains_organizational_unit_name.go - - Co-authored-by: Ryan Sleevi - - * separated lints to adress two requirements - - * separated lints to adress two requirements - - * reverted change proposed by IDE - - * aligning to #644 - - * Update v3/util/time.go - - * Update v3/util/time.go - - * Update v3/util/time.go - - * addressed requested changes, removing lint that is implemented in 675 - - Co-authored-by: mtg - Co-authored-by: GitHub - Co-authored-by: Ryan Sleevi - Co-authored-by: Christopher Henderson From e77fae15e50dcbfc6c214557cac40c94ddd465c1 Mon Sep 17 00:00:00 2001 From: mtgag Date: Wed, 24 Jan 2024 07:11:55 +0100 Subject: [PATCH 08/21] synchronised with project --- v3/go.sum | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/v3/go.sum b/v3/go.sum index babeff48b..31a34073f 100644 --- a/v3/go.sum +++ b/v3/go.sum @@ -65,6 +65,7 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -83,6 +84,7 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -90,6 +92,7 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -97,6 +100,7 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From 53b911ef750ff906e9749252b599e8253fa84594 Mon Sep 17 00:00:00 2001 From: mtgag Date: Tue, 5 Mar 2024 11:05:05 +0100 Subject: [PATCH 09/21] fixed merge error --- v3/integration/small.config.json | 3 --- 1 file changed, 3 deletions(-) diff --git a/v3/integration/small.config.json b/v3/integration/small.config.json index 73785fd40..621242602 100644 --- a/v3/integration/small.config.json +++ b/v3/integration/small.config.json @@ -430,12 +430,9 @@ "w_tls_server_cert_valid_time_longer_than_397_days": {}, "w_rfc_dnsname_underscore_in_trd": { "WarnCount": 13 -<<<<<<< HEAD -======= }, "w_sub_cert_aia_contains_internal_names": { "WarnCount": 7 ->>>>>>> 45de88040a22e2db4d962de9ec3847dcac59be92 } } } \ No newline at end of file From bad73ee2d5669394cde3053d300f285a91f75fd6 Mon Sep 17 00:00:00 2001 From: mtgag Date: Fri, 5 Apr 2024 07:40:36 +0200 Subject: [PATCH 10/21] synchronised with project --- .../lint_subject_rdns_correct_encoding.go | 142 +++++++++++ ...lint_subject_rdns_correct_encoding_test.go | 221 ++++++++++++++++++ ...subjectBusinessCategoryCorrectEncoding.pem | 41 ++++ .../subjectBusinessCategoryWrongEncoding.pem | 41 ++++ v3/testdata/subjectCCorrectEncoding.pem | 41 ++++ v3/testdata/subjectCNCorrectEncoding.pem | 41 ++++ v3/testdata/subjectCNWrongEncoding.pem | 41 ++++ v3/testdata/subjectCWrongEncoding.pem | 40 ++++ v3/testdata/subjectDCCorrectEncoding.pem | 41 ++++ v3/testdata/subjectDCWrongEncoding.pem | 41 ++++ .../subjectGivenNameCorrectEncoding.pem | 41 ++++ v3/testdata/subjectGivenNameWrongEncoding.pem | 41 ++++ v3/testdata/subjectLCorrectEncoding.pem | 41 ++++ v3/testdata/subjectLWrongEncoding.pem | 41 ++++ v3/testdata/subjectOCorrectEncoding.pem | 41 ++++ v3/testdata/subjectOUCorrectEncoding.pem | 41 ++++ v3/testdata/subjectOUWrongEncoding.pem | 41 ++++ v3/testdata/subjectOWrongEncoding.pem | 41 ++++ ...tOrganizationIdentifierCorrectEncoding.pem | 41 ++++ ...ectOrganizationIdentifierWrongEncoding.pem | 41 ++++ .../subjectPostalCodeCorrectEncoding.pem | 41 ++++ .../subjectPostalCodeWrongEncoding.pem | 41 ++++ v3/testdata/subjectSTCorrectEncoding.pem | 41 ++++ v3/testdata/subjectSTWrongEncoding.pem | 41 ++++ .../subjectSerialNumberCorrectEncoding.pem | 41 ++++ .../subjectSerialNumberWrongEncoding.pem | 41 ++++ v3/testdata/subjectStreetCorrectEncoding.pem | 41 ++++ v3/testdata/subjectStreetWrongEncoding.pem | 41 ++++ v3/testdata/subjectSurnameCorrectEncoding.pem | 41 ++++ v3/testdata/subjectSurnameWrongEncoding.pem | 41 ++++ v3/testdata/subjectjurCCorrectEncoding.pem | 41 ++++ v3/testdata/subjectjurCWrongEncoding.pem | 41 ++++ v3/testdata/subjectjurLCorrectEncoding.pem | 42 ++++ v3/testdata/subjectjurLWrongEncoding.pem | 41 ++++ v3/testdata/subjectjurSTCorrectEncoding.pem | 42 ++++ v3/testdata/subjectjurSTWrongEncoding.pem | 41 ++++ 36 files changed, 1758 insertions(+) create mode 100644 v3/lints/cabf_br/lint_subject_rdns_correct_encoding.go create mode 100644 v3/lints/cabf_br/lint_subject_rdns_correct_encoding_test.go create mode 100644 v3/testdata/subjectBusinessCategoryCorrectEncoding.pem create mode 100644 v3/testdata/subjectBusinessCategoryWrongEncoding.pem create mode 100644 v3/testdata/subjectCCorrectEncoding.pem create mode 100644 v3/testdata/subjectCNCorrectEncoding.pem create mode 100644 v3/testdata/subjectCNWrongEncoding.pem create mode 100644 v3/testdata/subjectCWrongEncoding.pem create mode 100644 v3/testdata/subjectDCCorrectEncoding.pem create mode 100644 v3/testdata/subjectDCWrongEncoding.pem create mode 100644 v3/testdata/subjectGivenNameCorrectEncoding.pem create mode 100644 v3/testdata/subjectGivenNameWrongEncoding.pem create mode 100644 v3/testdata/subjectLCorrectEncoding.pem create mode 100644 v3/testdata/subjectLWrongEncoding.pem create mode 100644 v3/testdata/subjectOCorrectEncoding.pem create mode 100644 v3/testdata/subjectOUCorrectEncoding.pem create mode 100644 v3/testdata/subjectOUWrongEncoding.pem create mode 100644 v3/testdata/subjectOWrongEncoding.pem create mode 100644 v3/testdata/subjectOrganizationIdentifierCorrectEncoding.pem create mode 100644 v3/testdata/subjectOrganizationIdentifierWrongEncoding.pem create mode 100644 v3/testdata/subjectPostalCodeCorrectEncoding.pem create mode 100644 v3/testdata/subjectPostalCodeWrongEncoding.pem create mode 100644 v3/testdata/subjectSTCorrectEncoding.pem create mode 100644 v3/testdata/subjectSTWrongEncoding.pem create mode 100644 v3/testdata/subjectSerialNumberCorrectEncoding.pem create mode 100644 v3/testdata/subjectSerialNumberWrongEncoding.pem create mode 100644 v3/testdata/subjectStreetCorrectEncoding.pem create mode 100644 v3/testdata/subjectStreetWrongEncoding.pem create mode 100644 v3/testdata/subjectSurnameCorrectEncoding.pem create mode 100644 v3/testdata/subjectSurnameWrongEncoding.pem create mode 100644 v3/testdata/subjectjurCCorrectEncoding.pem create mode 100644 v3/testdata/subjectjurCWrongEncoding.pem create mode 100644 v3/testdata/subjectjurLCorrectEncoding.pem create mode 100644 v3/testdata/subjectjurLWrongEncoding.pem create mode 100644 v3/testdata/subjectjurSTCorrectEncoding.pem create mode 100644 v3/testdata/subjectjurSTWrongEncoding.pem diff --git a/v3/lints/cabf_br/lint_subject_rdns_correct_encoding.go b/v3/lints/cabf_br/lint_subject_rdns_correct_encoding.go new file mode 100644 index 000000000..84121e2be --- /dev/null +++ b/v3/lints/cabf_br/lint_subject_rdns_correct_encoding.go @@ -0,0 +1,142 @@ +package cabf_br + +/* + * ZLint Copyright 2024 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +import ( + "fmt" + "github.com/zmap/zcrypto/encoding/asn1" + "github.com/zmap/zcrypto/x509" + "github.com/zmap/zlint/v3/lint" + "github.com/zmap/zlint/v3/util" +) + +type subjectRdnsCorrectEncoding struct{} + +func init() { + lint.RegisterCertificateLint(&lint.CertificateLint{ + LintMetadata: lint.LintMetadata{ + Name: "e_subject_rdns_correct_encoding", + Description: "CAs that include attributes in the Certificate subject field that are listed in the Tables 77 and 78 of BR 2.0.0 SHALL follow the specified encoding requirements for the attribute", + Citation: "BRs 2.0.0: 7.1.4.2, Table 77 and Table 78", + Source: lint.CABFBaselineRequirements, + EffectiveDate: util.SC62EffectiveDate, + }, + Lint: NewSubjectRdnsCorrectEncoding, + }) +} + +func NewSubjectRdnsCorrectEncoding() lint.LintInterface { + return &subjectRdnsCorrectEncoding{} +} + +func (l *subjectRdnsCorrectEncoding) CheckApplies(c *x509.Certificate) bool { + return true +} + +func (l *subjectRdnsCorrectEncoding) Execute(c *x509.Certificate) *lint.LintResult { + rdnSequence := util.RawRDNSequence{} + if rest, err := asn1.Unmarshal(c.RawSubject, &rdnSequence); err != nil || len(rest) > 0 { + return &lint.LintResult{Status: lint.Fatal} + } + + for _, attrTypeAndValueSet := range rdnSequence { + for _, attrTypeAndValue := range attrTypeAndValueSet { + oid := attrTypeAndValue.Type.String() + tag := attrTypeAndValue.Value.Tag + + if "0.9.2342.19200300.100.1.25" == oid && tag != 22 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute domainComponent in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.6" == oid && tag != 19 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute countryName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.8" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute stateOrProvinceName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.7" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute localityName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.17" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute postalCode in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.9" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute streetAddress in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.10" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute organizationName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.4" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute surname in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.42" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute givenName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.11" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute organizationalUnitName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.3" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute commonName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.15" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute businessCategory in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "1.3.6.1.4.1.311.60.2.1.3" == oid && tag != 19 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute jurisdictionCountry in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "1.3.6.1.4.1.311.60.2.1.2" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute jurisdictionStateOrProvince in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "1.3.6.1.4.1.311.60.2.1.1" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute jurisdictionLocality in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.5" == oid && tag != 19 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute serialNumber in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + if "2.5.4.97" == oid && tag != 19 && tag != 12 { + return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute organizationIdentifier in subjectDN has the wrong encoding %s.", getEncodingName(tag))} + } + } + } + return &lint.LintResult{Status: lint.Pass} +} + +//Tag BMPString: 0x1e = 30 +//Tag UTF8String: 0x0c = 12 +//Tag TeletexString: 0x14 = 20 +//Tag UniversalString: 0x1c = 28 +//Tag PrintableString: 0x13 = 19 +//Tag IA5String: 0x16 = 22 + +func getEncodingName(tag int) string { + if tag == 12 { + return "UTF8String" + } + if tag == 19 { + return "PrintableString" + } + if tag == 20 { + return "TeletexString" + } + if tag == 22 { + return "IA5String" + } + if tag == 28 { + return "UniversalString" + } + if tag == 30 { + return "BMPString" + } + return "Unknown" +} diff --git a/v3/lints/cabf_br/lint_subject_rdns_correct_encoding_test.go b/v3/lints/cabf_br/lint_subject_rdns_correct_encoding_test.go new file mode 100644 index 000000000..485198d65 --- /dev/null +++ b/v3/lints/cabf_br/lint_subject_rdns_correct_encoding_test.go @@ -0,0 +1,221 @@ +/* + * ZLint Copyright 2024 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +package cabf_br + +import ( + "strings" + "testing" + + "github.com/zmap/zlint/v3/lint" + "github.com/zmap/zlint/v3/test" +) + +func TestSubjectRdnsCorrectEncoding(t *testing.T) { + data := []struct { + file string + want lint.LintStatus + details string + }{ + { + "subjectDCWrongEncoding.pem", + lint.Error, + "Attribute domainComponent in subjectDN has the wrong encoding UTF8String", + }, + { + "subjectCWrongEncoding.pem", + lint.Error, + "Attribute countryName in subjectDN has the wrong encoding UTF8String", + }, + { + "subjectSTWrongEncoding.pem", + lint.Error, + "Attribute stateOrProvinceName in subjectDN has the wrong encoding TeletexString", + }, + { + "subjectLWrongEncoding.pem", + lint.Error, + "Attribute localityName in subjectDN has the wrong encoding IA5String", + }, + { + "subjectPostalCodeWrongEncoding.pem", + lint.Error, + "Attribute postalCode in subjectDN has the wrong encoding UniversalString", + }, + { + "subjectStreetWrongEncoding.pem", + lint.Error, + "Attribute streetAddress in subjectDN has the wrong encoding BMPString", + }, + { + "subjectOWrongEncoding.pem", + lint.Error, + "Attribute organizationName in subjectDN has the wrong encoding TeletexString", + }, + { + "subjectSurnameWrongEncoding.pem", + lint.Error, + "Attribute surname in subjectDN has the wrong encoding IA5String", + }, + { + "subjectGivenNameWrongEncoding.pem", + lint.Error, + "Attribute givenName in subjectDN has the wrong encoding BMPString", + }, + { + "subjectOUWrongEncoding.pem", + lint.Error, + "Attribute organizationalUnitName in subjectDN has the wrong encoding BMPString", + }, + { + "subjectCNWrongEncoding.pem", + lint.Error, + "Attribute commonName in subjectDN has the wrong encoding UniversalString", + }, + { + "subjectBusinessCategoryWrongEncoding.pem", + lint.Error, + "Attribute businessCategory in subjectDN has the wrong encoding TeletexString", + }, + { + "subjectjurCWrongEncoding.pem", + lint.Error, + "Attribute jurisdictionCountry in subjectDN has the wrong encoding BMPString", + }, + { + "subjectjurSTWrongEncoding.pem", + lint.Error, + "Attribute jurisdictionStateOrProvince in subjectDN has the wrong encoding IA5String", + }, + { + "subjectjurLWrongEncoding.pem", + lint.Error, + "Attribute jurisdictionLocality in subjectDN has the wrong encoding BMPString", + }, + { + "subjectSerialNumberWrongEncoding.pem", + lint.Error, + "Attribute serialNumber in subjectDN has the wrong encoding UniversalString", + }, + { + "subjectOrganizationIdentifierWrongEncoding.pem", + lint.Error, + "Attribute organizationIdentifier in subjectDN has the wrong encoding TeletexString", + }, + { + "subjectDCCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectCCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectSTCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectLCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectPostalCodeCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectStreetCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectOCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectSurnameCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectGivenNameCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectOUCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectCNCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectBusinessCategoryCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectjurCCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectjurSTCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectjurLCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectSerialNumberCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectOrganizationIdentifierCorrectEncoding.pem", + lint.Pass, + "", + }, + { + "subjectValidCountry.pem", + lint.NE, + "", + }, + } + for _, d := range data { + file := d.file + want := d.want + details := d.details + t.Run(file, func(t *testing.T) { + got := test.TestLint("e_subject_rdns_correct_encoding", file) + if got.Status != want { + t.Errorf("expected %v got %v", want, got) + } + if !strings.Contains(got.Details, details) { + t.Errorf("expected the returned details to contain '%s' but got %s", details, got.Details) + } + }) + } +} diff --git a/v3/testdata/subjectBusinessCategoryCorrectEncoding.pem b/v3/testdata/subjectBusinessCategoryCorrectEncoding.pem new file mode 100644 index 000000000..adc5f904f --- /dev/null +++ b/v3/testdata/subjectBusinessCategoryCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c9:88:c5:81:06:7a:d4:b0:6f:98:e3:12 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: businessCategory = UTF8String, businessCategory = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:80:09:37:f3:94:b7:13:94:89:bf:1b:52:75: + 1d:80:35:72:87:75:59:75:82:95:f4:38:8f:ae:53:bc:0f:dd: + dd:02:21:00:dc:c9:04:73:2f:79:fb:bf:74:15:53:ee:24:33: + eb:88:3c:db:6f:8a:58:19:54:01:8e:c8:6a:a7:90:83:0b:14 +-----BEGIN CERTIFICATE----- +MIIBcDCCARWgAwIBAgINAMmIxYEGetSwb5jjEjAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBA8MClVURjhTdHJpbmcx +GDAWBgNVBA8TD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq +4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG +CCqGSM49BAMCA0kAMEYCIQCACTfzlLcTlIm/G1J1HYA1cod1WXWClfQ4j65TvA/d +3QIhANzJBHMvefu/dBVT7iQz64g822+KWBlUAY7IaqeQgwsU +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectBusinessCategoryWrongEncoding.pem b/v3/testdata/subjectBusinessCategoryWrongEncoding.pem new file mode 100644 index 000000000..a79a4b5e0 --- /dev/null +++ b/v3/testdata/subjectBusinessCategoryWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:79:d9:f0:64:67:5a:c4:c8:15:0b:a9 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: businessCategory = TeletexString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:c1:11:e3:cc:ef:5b:30:71:bc:ef:33:94:fe: + 96:f5:ff:00:e0:a9:6b:22:85:57:9f:7e:8d:cf:0b:42:28:52: + d9:02:20:05:86:c6:76:6a:38:5f:10:52:c8:8e:7a:88:de:46: + 58:0f:45:14:9e:a3:37:9c:ea:13:ab:b9:b5:bc:ff:f3:c4 +-----BEGIN CERTIFICATE----- +MIIBVjCB/aADAgECAgxyednwZGdaxMgVC6kwCgYIKoZIzj0EAwIwLjEQMA4GA1UE +AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 +MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAYMRYwFAYDVQQPFA1UZWxldGV4U3RyaW5n +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcG +PQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUw +EwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIhAMER48zvWzBx +vO8zlP6W9f8A4KlrIoVXn36NzwtCKFLZAiAFhsZ2ajhfEFLIjnqI3kZYD0UUnqM3 +nOoTq7m1vP/zxA== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectCCorrectEncoding.pem b/v3/testdata/subjectCCorrectEncoding.pem new file mode 100644 index 000000000..3658c754c --- /dev/null +++ b/v3/testdata/subjectCCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + fc:8a:16:73:6e:d4:28:5b:52:ec:08:4c + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: C = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:c4:d4:22:13:8d:22:8f:b2:bf:e6:0a:cd:61: + d8:bd:5c:9a:07:bb:88:4a:dd:6c:55:b0:09:30:fa:53:e0:fd: + e8:02:21:00:9a:42:16:de:fb:6f:50:ba:7a:5b:14:24:b4:cd: + d7:9f:91:0f:44:2d:88:9f:5f:20:38:c5:60:a1:70:ff:ae:84 +-----BEGIN CERTIFICATE----- +MIIBWzCCAQCgAwIBAgINAPyKFnNu1ChbUuwITDAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMBoxGDAWBgNVBAYTD1ByaW50YWJsZVN0 +cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrf +VTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSj +FzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0kAMEYCIQDE1CIT +jSKPsr/mCs1h2L1cmge7iErdbFWwCTD6U+D96AIhAJpCFt77b1C6elsUJLTN15+R +D0QtiJ9fIDjFYKFw/66E +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectCNCorrectEncoding.pem b/v3/testdata/subjectCNCorrectEncoding.pem new file mode 100644 index 000000000..c4169d066 --- /dev/null +++ b/v3/testdata/subjectCNCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 01:f1:6c:4a:e1:db:54:1a:f7:fc:67:e1 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: CN = UTF8String, CN = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:18:2a:92:d5:5d:3b:ae:17:9a:f4:c0:60:bb:d5: + bb:a6:4a:ef:0e:12:51:a6:4a:18:6c:01:c0:fd:3d:4e:93:56: + 02:21:00:a8:92:ec:4d:64:d6:6c:a7:29:92:67:dc:d9:f6:6b: + 11:c8:a5:06:b0:58:4c:56:05:18:9b:f0:7e:de:fa:0c:bb +-----BEGIN CERTIFICATE----- +MIIBbjCCARSgAwIBAgIMAfFsSuHbVBr3/GfhMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UEAwwKVVRGOFN0cmluZzEY +MBYGA1UEAxMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg +/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI +KoZIzj0EAwIDSAAwRQIgGCqS1V07rhea9MBgu9W7pkrvDhJRpkoYbAHA/T1Ok1YC +IQCokuxNZNZspymSZ9zZ9msRyKUGsFhMVgUYm/B+3voMuw== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectCNWrongEncoding.pem b/v3/testdata/subjectCNWrongEncoding.pem new file mode 100644 index 000000000..fef061bdb --- /dev/null +++ b/v3/testdata/subjectCNWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a9:e8:5a:c9:48:7b:c5:64:fe:39:bf:ce + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: CN = U + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:1b:11:5a:e3:fe:73:e1:c0:16:6f:7f:24:ee:15: + 65:cf:82:35:4d:c2:0c:1d:6e:e7:d6:cb:1a:ee:7c:d1:e0:a7: + 02:21:00:bd:86:46:6f:51:a3:ad:76:89:34:59:bd:46:83:6a: + bf:42:b8:bf:f1:fe:ec:4a:02:5f:69:de:33:c7:4a:16:94 +-----BEGIN CERTIFICATE----- +MIIBTjCB9aADAgECAg0AqehayUh7xWT+Ob/OMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowDzENMAsGA1UEAxwEAAAAVTBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+ +8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQM +MAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIBsRWuP+c+HAFm9/JO4VZc+C +NU3CDB1u59bLGu580eCnAiEAvYZGb1GjrXaJNFm9RoNqv0K4v/H+7EoCX2neM8dK +FpQ= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectCWrongEncoding.pem b/v3/testdata/subjectCWrongEncoding.pem new file mode 100644 index 000000000..22a85933a --- /dev/null +++ b/v3/testdata/subjectCWrongEncoding.pem @@ -0,0 +1,40 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 50:74:cf:cd:9f:31:5a:1c:de:62:19:2d + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: C = DE + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:74:ae:46:d1:20:2a:4c:2d:cd:2a:69:3f:29:6a: + 79:24:b5:d4:1d:7c:c7:b2:bc:83:13:e6:8a:7a:1f:54:8f:92: + 02:20:01:b0:fe:9d:42:6c:f6:8f:15:d2:5d:d9:51:a3:94:5f: + a7:cf:b7:ed:b9:69:83:1c:e3:be:d1:37:55:9a:16:22 +-----BEGIN CERTIFICATE----- +MIIBSjCB8qADAgECAgxQdM/NnzFaHN5iGS0wCgYIKoZIzj0EAwIwLjEQMA4GA1UE +AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 +MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjANMQswCQYDVQQGDAJERTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1e +HyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAow +CAYGZ4EMAQIBMAoGCCqGSM49BAMCA0cAMEQCIHSuRtEgKkwtzSppPylqeSS11B18 +x7K8gxPminofVI+SAiABsP6dQmz2jxXSXdlRo5Rfp8+37blpgxzjvtE3VZoWIg== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectDCCorrectEncoding.pem b/v3/testdata/subjectDCCorrectEncoding.pem new file mode 100644 index 000000000..30bf62bf9 --- /dev/null +++ b/v3/testdata/subjectDCCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 20:73:b8:73:d2:e3:be:9f:24:56:19:f0 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: DC = IA5String + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:11:8c:da:ba:cc:77:19:93:0e:bb:e5:fd:1b:1e: + cb:07:fa:60:7d:40:fe:87:fb:83:c0:f9:73:a7:ce:cb:34:1b: + 02:20:0c:6e:cd:6f:99:97:4a:f6:64:76:23:02:09:2a:cb:24: + 9e:36:88:d6:ef:5c:11:71:f4:50:5c:de:38:67:8b:c3 +-----BEGIN CERTIFICATE----- +MIIBWTCCAQCgAwIBAgIMIHO4c9Ljvp8kVhnwMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowGzEZMBcGCgmSJomT8ixkARkWCUlBNVN0 +cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrf +VTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSj +FzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0cAMEQCIBGM2rrM +dxmTDrvl/Rseywf6YH1A/of7g8D5c6fOyzQbAiAMbs1vmZdK9mR2IwIJKssknjaI +1u9cEXH0UFzeOGeLww== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectDCWrongEncoding.pem b/v3/testdata/subjectDCWrongEncoding.pem new file mode 100644 index 000000000..4190112df --- /dev/null +++ b/v3/testdata/subjectDCWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d2:c3:3a:50:ff:62:66:a7:bf:00:f3:ee + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: DC = UTF8String + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:2f:c7:9c:0d:15:66:fb:69:df:a6:e9:d2:cf:06: + de:ed:5f:3a:e5:eb:fc:39:2e:6e:74:f3:43:48:3c:a6:8f:d5: + 02:20:41:67:95:a6:22:1a:70:11:45:89:c3:c4:b5:3b:4c:fa: + cd:dd:15:6a:c2:0e:f9:e1:e2:8f:5c:22:be:a3:31:23 +-----BEGIN CERTIFICATE----- +MIIBWzCCAQKgAwIBAgINANLDOlD/YmanvwDz7jAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMBwxGjAYBgoJkiaJk/IsZAEZDApVVEY4 +U3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9v +Kt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWAr +FKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgL8ec +DRVm+2nfpunSzwbe7V865ev8OS5udPNDSDymj9UCIEFnlaYiGnARRYnDxLU7TPrN +3RVqwg754eKPXCK+ozEj +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectGivenNameCorrectEncoding.pem b/v3/testdata/subjectGivenNameCorrectEncoding.pem new file mode 100644 index 000000000..7785c632c --- /dev/null +++ b/v3/testdata/subjectGivenNameCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 71:f7:0d:aa:3e:ce:4e:3b:9c:b5:21:d6 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: GN = UTF8String, GN = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:25:7c:64:c8:65:26:d2:63:02:bd:bd:2c:a5:40: + cf:34:a7:22:bc:e0:0b:ba:ac:cc:46:42:6e:4f:d6:bc:65:6e: + 02:21:00:aa:0a:93:85:6c:c4:d4:e5:91:6d:8d:5d:c1:75:14: + 33:ca:ad:89:28:30:06:e7:d7:ea:22:63:c9:56:18:99:93 +-----BEGIN CERTIFICATE----- +MIIBbjCCARSgAwIBAgIMcfcNqj7OTjuctSHWMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UEKgwKVVRGOFN0cmluZzEY +MBYGA1UEKhMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg +/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI +KoZIzj0EAwIDSAAwRQIgJXxkyGUm0mMCvb0spUDPNKcivOALuqzMRkJuT9a8ZW4C +IQCqCpOFbMTU5ZFtjV3BdRQzyq2JKDAG59fqImPJVhiZkw== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectGivenNameWrongEncoding.pem b/v3/testdata/subjectGivenNameWrongEncoding.pem new file mode 100644 index 000000000..6d70f6873 --- /dev/null +++ b/v3/testdata/subjectGivenNameWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 09:c7:e4:31:63:88:86:55:5f:10:1b:ae + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: GN = BMPString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:6b:96:97:b5:98:2e:18:17:e5:b1:72:ae:8a:99: + 7a:50:71:13:79:ca:f8:46:e3:a7:c2:32:f4:a9:59:a6:c3:44: + 02:21:00:84:00:fc:57:ee:56:f0:af:fe:bf:dd:4a:9b:0b:fd: + b0:d3:5c:83:26:7c:59:a8:c9:a3:b0:3d:9d:1a:8c:c0:17 +-----BEGIN CERTIFICATE----- +MIIBXDCCAQKgAwIBAgIMCcfkMWOIhlVfEBuuMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowHTEbMBkGA1UEKh4SAEIATQBQAFMAdABy +AGkAbgBnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9v +Kt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWAr +FKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIga5aX +tZguGBflsXKuipl6UHETecr4RuOnwjL0qVmmw0QCIQCEAPxX7lbwr/6/3UqbC/2w +01yDJnxZqMmjsD2dGozAFw== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectLCorrectEncoding.pem b/v3/testdata/subjectLCorrectEncoding.pem new file mode 100644 index 000000000..f09ddcfaa --- /dev/null +++ b/v3/testdata/subjectLCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + fd:43:52:4e:ca:cf:bd:a7:ca:48:a3:e2 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: L = UTF8String, L = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:de:ae:f6:4d:40:84:d4:31:25:d9:70:1f:f7: + 41:71:b9:e2:35:f5:e4:8d:34:a9:ee:b0:01:8a:b7:33:e3:5a: + cd:02:21:00:f0:a2:95:d3:72:5e:79:cd:b9:b0:bf:ad:f6:d8: + b1:0a:f9:22:00:2b:d8:0a:e1:ca:76:9c:18:ca:66:f2:a5:82 +-----BEGIN CERTIFICATE----- +MIIBcDCCARWgAwIBAgINAP1DUk7Kz72nykij4jAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBAcMClVURjhTdHJpbmcx +GDAWBgNVBAcTD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq +4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG +CCqGSM49BAMCA0kAMEYCIQDervZNQITUMSXZcB/3QXG54jX15I00qe6wAYq3M+Na +zQIhAPCildNyXnnNubC/rfbYsQr5IgAr2ArhynacGMpm8qWC +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectLWrongEncoding.pem b/v3/testdata/subjectLWrongEncoding.pem new file mode 100644 index 000000000..1bdf8524a --- /dev/null +++ b/v3/testdata/subjectLWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 99:42:56:2d:ab:36:16:3c:57:d3:4f:24 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: L = IA5String + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:de:54:87:79:ec:d5:19:62:fa:e6:10:81:3b: + ef:ab:26:21:d0:ec:67:28:59:4d:7a:fd:61:72:93:59:5c:a9: + b3:02:20:31:ca:1d:6b:38:b9:c3:8a:e5:59:f0:de:73:21:5b: + e6:0d:23:1b:7c:bc:35:fb:24:8a:78:a8:00:87:73:94:fd +-----BEGIN CERTIFICATE----- +MIIBUzCB+qADAgECAg0AmUJWLas2FjxX008kMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowFDESMBAGA1UEBxYJSUE1U3RyaW5nMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZ +lGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYD +VR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIhAN5Uh3ns1Rli+uYQ +gTvvqyYh0OxnKFlNev1hcpNZXKmzAiAxyh1rOLnDiuVZ8N5zIVvmDSMbfLw1+ySK +eKgAh3OU/Q== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectOCorrectEncoding.pem b/v3/testdata/subjectOCorrectEncoding.pem new file mode 100644 index 000000000..a75c2fd6b --- /dev/null +++ b/v3/testdata/subjectOCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + e1:12:a3:76:b6:33:ae:cb:c5:1c:89:06 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: O = UTF8String, O = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:2a:1a:d4:fd:b7:f9:21:b6:45:4b:39:2f:5e:6f: + 06:1c:67:85:2a:ce:a4:fc:9f:1f:1b:aa:36:54:8b:94:40:1e: + 02:21:00:b9:79:3f:c5:59:2b:22:d2:74:ea:f2:c7:aa:db:7d: + e3:3e:68:0a:7d:c3:1f:08:e5:b4:12:af:a9:9a:c5:5b:e1 +-----BEGIN CERTIFICATE----- +MIIBbzCCARWgAwIBAgINAOESo3a2M67LxRyJBjAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBAoMClVURjhTdHJpbmcx +GDAWBgNVBAoTD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq +4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG +CCqGSM49BAMCA0gAMEUCICoa1P23+SG2RUs5L15vBhxnhSrOpPyfHxuqNlSLlEAe +AiEAuXk/xVkrItJ06vLHqtt94z5oCn3DHwjltBKvqZrFW+E= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectOUCorrectEncoding.pem b/v3/testdata/subjectOUCorrectEncoding.pem new file mode 100644 index 000000000..e0f65ba12 --- /dev/null +++ b/v3/testdata/subjectOUCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0a:f6:d2:0f:f1:ea:32:7e:e5:aa:c4:5f + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: OU = UTF8String, OU = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:85:07:51:a7:6e:09:2d:0e:61:f2:22:d4:46: + ba:10:c8:e4:93:e8:5b:76:5d:4f:22:20:c1:92:29:81:32:f2: + 2c:02:21:00:a7:63:06:e6:ed:54:44:06:24:c5:dc:e2:a5:81: + fd:14:5a:80:a7:54:09:b4:58:31:a8:8a:54:cb:57:04:48:42 +-----BEGIN CERTIFICATE----- +MIIBbzCCARSgAwIBAgIMCvbSD/HqMn7lqsRfMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UECwwKVVRGOFN0cmluZzEY +MBYGA1UECxMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg +/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI +KoZIzj0EAwIDSQAwRgIhAIUHUaduCS0OYfIi1Ea6EMjkk+hbdl1PIiDBkimBMvIs +AiEAp2MG5u1URAYkxdzipYH9FFqAp1QJtFgxqIpUy1cESEI= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectOUWrongEncoding.pem b/v3/testdata/subjectOUWrongEncoding.pem new file mode 100644 index 000000000..405e24830 --- /dev/null +++ b/v3/testdata/subjectOUWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 8c:b6:83:1f:00:80:ae:5c:0b:cc:b9:f3 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: OU = BMPString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:3c:aa:9f:07:54:ee:be:ba:9e:2e:ee:6b:04:f2: + ab:e6:87:ec:22:60:13:bc:32:3d:d7:bf:25:21:c9:a5:20:47: + 02:21:00:e0:40:c1:e7:84:d9:67:43:09:c2:e0:64:7b:98:b1: + 99:b5:81:8d:59:f0:0c:96:8a:de:7d:63:37:d0:05:0f:7d +-----BEGIN CERTIFICATE----- +MIIBXTCCAQOgAwIBAgINAIy2gx8AgK5cC8y58zAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMB0xGzAZBgNVBAseEgBCAE0AUABTAHQA +cgBpAG4AZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmf +byrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVg +KxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIDyq +nwdU7r66ni7uawTyq+aH7CJgE7wyPde/JSHJpSBHAiEA4EDB54TZZ0MJwuBke5ix +mbWBjVnwDJaK3n1jN9AFD30= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectOWrongEncoding.pem b/v3/testdata/subjectOWrongEncoding.pem new file mode 100644 index 000000000..7867bc0bd --- /dev/null +++ b/v3/testdata/subjectOWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a8:1a:72:b9:8f:9b:71:e9:7d:43:65:6f + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: O = TeletexString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:5e:75:64:c9:ff:9c:79:b2:a3:ab:55:84:35:04: + 0d:cb:29:9d:59:b5:47:ad:f3:98:53:7a:b9:83:e8:75:5a:b2: + 02:21:00:ba:12:07:23:d2:07:f5:e7:3c:19:d8:65:e9:46:d9: + e9:ec:f0:bd:87:76:14:22:e8:87:00:fa:cf:e8:c9:ff:9c +-----BEGIN CERTIFICATE----- +MIIBVzCB/qADAgECAg0AqBpyuY+bcel9Q2VvMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowGDEWMBQGA1UEChQNVGVsZXRleFN0cmlu +ZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrfVTCX +Bj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAV +MBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIF51ZMn/nHmy +o6tVhDUEDcspnVm1R63zmFN6uYPodVqyAiEAuhIHI9IH9ec8Gdhl6UbZ6ezwvYd2 +FCLohwD6z+jJ/5w= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectOrganizationIdentifierCorrectEncoding.pem b/v3/testdata/subjectOrganizationIdentifierCorrectEncoding.pem new file mode 100644 index 000000000..6ac656de7 --- /dev/null +++ b/v3/testdata/subjectOrganizationIdentifierCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + fb:92:dd:31:92:cd:49:21:21:54:22:d6 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: organizationIdentifier = UTF8String, organizationIdentifier = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:33:3b:b9:c3:1a:90:70:96:96:08:0f:b5:0c:c4: + d8:6e:46:19:9d:e4:d0:f9:f9:b3:db:2f:09:10:b6:d5:e8:a9: + 02:20:70:b9:ec:fd:ea:9d:50:b4:bf:c7:5f:75:eb:50:bd:6e: + 36:be:8c:3a:46:6a:94:ae:61:88:75:ae:37:c2:19:da +-----BEGIN CERTIFICATE----- +MIIBbjCCARWgAwIBAgINAPuS3TGSzUkhIVQi1jAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBGEMClVURjhTdHJpbmcx +GDAWBgNVBGETD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq +4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG +CCqGSM49BAMCA0cAMEQCIDM7ucMakHCWlggPtQzE2G5GGZ3k0Pn5s9svCRC21eip +AiBwuez96p1QtL/HX3XrUL1uNr6MOkZqlK5hiHWuN8IZ2g== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectOrganizationIdentifierWrongEncoding.pem b/v3/testdata/subjectOrganizationIdentifierWrongEncoding.pem new file mode 100644 index 000000000..7d40eea4b --- /dev/null +++ b/v3/testdata/subjectOrganizationIdentifierWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 16:18:78:a4:fd:6c:de:80:46:61:3f:d1 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: organizationIdentifier = TeletexString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:70:b1:29:ff:cc:f7:94:32:13:42:c8:e2:76:0d: + 8e:8d:2b:ec:b3:3d:aa:53:98:b7:45:43:48:6d:46:33:59:9b: + 02:20:69:89:4a:2f:61:65:94:93:55:fe:9a:e7:81:67:1a:43: + c2:ad:80:9f:b3:a9:87:21:a8:e1:f1:3c:11:98:16:dd +-----BEGIN CERTIFICATE----- +MIIBVTCB/aADAgECAgwWGHik/WzegEZhP9EwCgYIKoZIzj0EAwIwLjEQMA4GA1UE +AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 +MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAYMRYwFAYDVQRhFA1UZWxldGV4U3RyaW5n +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcG +PQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUw +EwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgcLEp/8z3lDIT +Qsjidg2OjSvssz2qU5i3RUNIbUYzWZsCIGmJSi9hZZSTVf6a54FnGkPCrYCfs6mH +Iajh8TwRmBbd +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectPostalCodeCorrectEncoding.pem b/v3/testdata/subjectPostalCodeCorrectEncoding.pem new file mode 100644 index 000000000..f9d46bc57 --- /dev/null +++ b/v3/testdata/subjectPostalCodeCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:07:7d:48:75:12:1e:cb:fd:57:f8:94 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: postalCode = UTF8String, postalCode = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:65:1f:74:85:94:26:af:8a:11:40:b4:cc:26:3e: + 82:08:6e:f7:70:ec:56:bb:b7:b6:27:12:21:96:11:b9:7b:2f: + 02:21:00:c7:a8:bb:6a:7d:0d:99:fb:ec:0d:f4:54:10:94:dc: + 9d:72:dd:34:f7:4c:76:c5:60:3d:b5:eb:b1:10:10:d2:86 +-----BEGIN CERTIFICATE----- +MIIBbjCCARSgAwIBAgIMcgd9SHUSHsv9V/iUMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UEEQwKVVRGOFN0cmluZzEY +MBYGA1UEERMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg +/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI +KoZIzj0EAwIDSAAwRQIgZR90hZQmr4oRQLTMJj6CCG73cOxWu7e2JxIhlhG5ey8C +IQDHqLtqfQ2Z++wN9FQQlNydct0090x2xWA9teuxEBDShg== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectPostalCodeWrongEncoding.pem b/v3/testdata/subjectPostalCodeWrongEncoding.pem new file mode 100644 index 000000000..907bc0ad3 --- /dev/null +++ b/v3/testdata/subjectPostalCodeWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 61:e3:b0:74:8a:9b:b7:a9:95:11:ef:b2 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: postalCode = U + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:d6:70:f8:73:e1:e8:3f:92:31:e5:cf:04:12: + 93:9f:66:b6:a2:a4:3b:a1:27:8c:81:d1:c2:8c:5c:fd:4f:ea: + f5:02:20:76:bb:a2:1c:5e:b0:b0:ab:13:56:ae:3e:e4:b0:1e: + 89:b9:88:93:47:83:a6:83:70:de:1b:c9:2a:9e:79:34:e8 +-----BEGIN CERTIFICATE----- +MIIBTTCB9KADAgECAgxh47B0ipu3qZUR77IwCgYIKoZIzj0EAwIwLjEQMA4GA1UE +AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 +MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAPMQ0wCwYDVQQRHAQAAABVMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7x +fV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAww +CjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIhANZw+HPh6D+SMeXPBBKTn2a2 +oqQ7oSeMgdHCjFz9T+r1AiB2u6IcXrCwqxNWrj7ksB6JuYiTR4Omg3DeG8kqnnk0 +6A== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectSTCorrectEncoding.pem b/v3/testdata/subjectSTCorrectEncoding.pem new file mode 100644 index 000000000..581ac2413 --- /dev/null +++ b/v3/testdata/subjectSTCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7c:9f:cd:3d:05:2e:92:af:7e:a7:d2:e2 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: ST = UTF8String, ST = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:4b:65:8e:ac:28:4c:99:36:8d:73:9f:dc:86:c8: + 7a:34:93:de:d9:11:9e:0b:67:fd:fe:c4:47:d8:1f:00:c2:29: + 02:20:74:40:fe:11:7b:1d:f7:ca:0b:3f:53:88:18:b1:a3:49: + 70:62:66:93:5a:02:c4:1f:12:87:5e:c1:60:94:02:ee +-----BEGIN CERTIFICATE----- +MIIBbTCCARSgAwIBAgIMfJ/NPQUukq9+p9LiMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UECAwKVVRGOFN0cmluZzEY +MBYGA1UECBMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg +/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI +KoZIzj0EAwIDRwAwRAIgS2WOrChMmTaNc5/chsh6NJPe2RGeC2f9/sRH2B8AwikC +IHRA/hF7HffKCz9TiBixo0lwYmaTWgLEHxKHXsFglALu +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectSTWrongEncoding.pem b/v3/testdata/subjectSTWrongEncoding.pem new file mode 100644 index 000000000..13a91a6b9 --- /dev/null +++ b/v3/testdata/subjectSTWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 35:96:ec:fa:02:c8:74:f8:36:55:4a:09 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: ST = TeletexString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:2a:f5:49:91:9d:e2:3f:27:70:52:03:4c:0a:97: + 56:7b:07:8e:3d:84:97:15:2c:51:62:0b:ba:da:33:a7:c2:7f: + 02:20:50:52:02:d8:0f:64:d3:ef:20:db:0b:c2:3a:b2:d0:66: + 21:ef:c0:a2:b8:41:22:72:ce:dc:c0:9f:ff:04:71:f0 +-----BEGIN CERTIFICATE----- +MIIBVTCB/aADAgECAgw1luz6Ash0+DZVSgkwCgYIKoZIzj0EAwIwLjEQMA4GA1UE +AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 +MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAYMRYwFAYDVQQIFA1UZWxldGV4U3RyaW5n +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcG +PQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUw +EwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgKvVJkZ3iPydw +UgNMCpdWeweOPYSXFSxRYgu62jOnwn8CIFBSAtgPZNPvINsLwjqy0GYh78CiuEEi +cs7cwJ//BHHw +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectSerialNumberCorrectEncoding.pem b/v3/testdata/subjectSerialNumberCorrectEncoding.pem new file mode 100644 index 000000000..2b1ed6883 --- /dev/null +++ b/v3/testdata/subjectSerialNumberCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + e6:9f:8a:70:eb:18:3a:10:6b:41:bf:25 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: serialNumber = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:d5:60:1a:f2:ae:9f:49:ec:bc:3b:bf:21:6e: + c5:06:94:12:65:be:96:32:5a:25:36:ac:3b:74:b0:01:06:62: + 93:02:20:23:ff:8a:d3:bb:d8:f9:2f:2a:19:3c:94:bd:40:05: + d0:a6:94:17:aa:03:3b:4e:73:85:d8:9c:6b:65:1f:05:a9 +-----BEGIN CERTIFICATE----- +MIIBWjCCAQCgAwIBAgINAOafinDrGDoQa0G/JTAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMBoxGDAWBgNVBAUTD1ByaW50YWJsZVN0 +cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrf +VTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSj +FzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIQDVYBry +rp9J7Lw7vyFuxQaUEmW+ljJaJTasO3SwAQZikwIgI/+K07vY+S8qGTyUvUAF0KaU +F6oDO05zhdica2UfBak= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectSerialNumberWrongEncoding.pem b/v3/testdata/subjectSerialNumberWrongEncoding.pem new file mode 100644 index 000000000..ee9b9ee41 --- /dev/null +++ b/v3/testdata/subjectSerialNumberWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 28:84:5a:df:36:ba:eb:5b:ea:4a:c0:63 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: serialNumber = U + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:92:35:89:a2:57:f4:15:70:91:98:62:00:dd: + a7:a2:a2:72:be:eb:13:68:a9:57:7a:f5:70:76:3f:69:66:dd: + 7c:02:20:57:7a:bc:e3:79:df:95:0e:44:8e:ea:4f:a1:3b:f8: + 66:a7:1d:72:c1:d9:27:3f:0d:cb:3f:5a:4f:17:71:7a:78 +-----BEGIN CERTIFICATE----- +MIIBTTCB9KADAgECAgwohFrfNrrrW+pKwGMwCgYIKoZIzj0EAwIwLjEQMA4GA1UE +AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 +MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAPMQ0wCwYDVQQFHAQAAABVMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7x +fV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAww +CjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIhAJI1iaJX9BVwkZhiAN2noqJy +vusTaKlXevVwdj9pZt18AiBXerzjed+VDkSO6k+hO/hmpx1ywdknPw3LP1pPF3F6 +eA== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectStreetCorrectEncoding.pem b/v3/testdata/subjectStreetCorrectEncoding.pem new file mode 100644 index 000000000..f0095f781 --- /dev/null +++ b/v3/testdata/subjectStreetCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0d:dd:64:b2:6e:79:0f:6b:00:11:37:10 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: street = UTF8String, street = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:c0:7a:ce:f0:ee:9e:d0:2a:0a:bb:8b:b5:76: + df:18:fc:25:8b:b4:fa:0c:5a:e8:aa:15:21:4c:86:40:34:50: + 5e:02:20:7a:c5:9a:fc:74:10:4b:e3:4d:71:ca:30:f1:29:f0: + 92:53:85:ed:f2:52:9a:f9:23:4d:80:55:f1:a2:56:d2:82 +-----BEGIN CERTIFICATE----- +MIIBbjCCARSgAwIBAgIMDd1ksm55D2sAETcQMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UECQwKVVRGOFN0cmluZzEY +MBYGA1UECRMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg +/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI +KoZIzj0EAwIDSAAwRQIhAMB6zvDuntAqCruLtXbfGPwli7T6DFroqhUhTIZANFBe +AiB6xZr8dBBL401xyjDxKfCSU4Xt8lKa+SNNgFXxolbSgg== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectStreetWrongEncoding.pem b/v3/testdata/subjectStreetWrongEncoding.pem new file mode 100644 index 000000000..9c95715cc --- /dev/null +++ b/v3/testdata/subjectStreetWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0e:da:e1:4f:b5:2d:76:0f:f8:d4:c4:c7 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: street = BMPString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:b5:b2:dd:b6:7f:e5:b6:8c:c2:fb:59:4b:10: + 88:5b:93:73:ca:4e:74:2f:2f:44:fd:1a:13:42:fa:3f:d4:8b: + 61:02:21:00:fe:a2:e0:c5:d7:fe:66:90:be:a3:86:30:d1:45: + 87:16:4e:06:87:a8:6d:f3:82:55:41:95:0b:69:fe:9d:79:d5 +-----BEGIN CERTIFICATE----- +MIIBXTCCAQKgAwIBAgIMDtrhT7Utdg/41MTHMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowHTEbMBkGA1UECR4SAEIATQBQAFMAdABy +AGkAbgBnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9v +Kt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWAr +FKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSQAwRgIhALWy +3bZ/5baMwvtZSxCIW5Nzyk50Ly9E/RoTQvo/1IthAiEA/qLgxdf+ZpC+o4Yw0UWH +Fk4Gh6ht84JVQZULaf6dedU= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectSurnameCorrectEncoding.pem b/v3/testdata/subjectSurnameCorrectEncoding.pem new file mode 100644 index 000000000..8e9d87b72 --- /dev/null +++ b/v3/testdata/subjectSurnameCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b5:a3:07:25:a9:87:c6:6a:13:70:84:34 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: SN = UTF8String, SN = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:b4:b2:d8:d6:cb:9d:ef:a0:ce:e2:f2:42:47: + 82:da:77:4c:8e:36:5e:01:54:4d:34:b8:18:39:a1:41:41:6a: + a9:02:21:00:ef:27:77:3c:5b:b3:00:ae:c3:76:88:13:df:e8: + 37:cd:3f:16:bd:59:25:83:2a:c3:13:c0:f0:46:51:6d:bf:ea +-----BEGIN CERTIFICATE----- +MIIBcDCCARWgAwIBAgINALWjByWph8ZqE3CENDAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBAQMClVURjhTdHJpbmcx +GDAWBgNVBAQTD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq +4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG +CCqGSM49BAMCA0kAMEYCIQC0stjWy53voM7i8kJHgtp3TI42XgFUTTS4GDmhQUFq +qQIhAO8ndzxbswCuw3aIE9/oN80/Fr1ZJYMqwxPA8EZRbb/q +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectSurnameWrongEncoding.pem b/v3/testdata/subjectSurnameWrongEncoding.pem new file mode 100644 index 000000000..be598d33d --- /dev/null +++ b/v3/testdata/subjectSurnameWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 87:56:ba:6b:cb:7a:5b:1f:0e:b5:48:26 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: SN = IA5String + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:0d:57:db:b2:67:2e:65:19:ce:63:53:70:6a:47: + 3c:04:39:e7:53:87:20:60:06:96:5b:9b:29:f4:03:d7:25:ac: + 02:20:07:a1:fb:68:1b:6b:ea:a3:15:7f:e7:89:13:64:d0:5d: + 6b:3c:03:56:aa:6f:d7:57:0a:f1:00:7b:f5:ab:b3:dc +-----BEGIN CERTIFICATE----- +MIIBUjCB+qADAgECAg0Ah1a6a8t6Wx8OtUgmMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowFDESMBAGA1UEBBYJSUE1U3RyaW5nMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZ +lGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYD +VR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgDVfbsmcuZRnOY1Nw +akc8BDnnU4cgYAaWW5sp9APXJawCIAeh+2gba+qjFX/niRNk0F1rPANWqm/XVwrx +AHv1q7Pc +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectjurCCorrectEncoding.pem b/v3/testdata/subjectjurCCorrectEncoding.pem new file mode 100644 index 000000000..ec102a6f4 --- /dev/null +++ b/v3/testdata/subjectjurCCorrectEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + fe:1e:6a:61:05:21:d3:4a:fc:2a:42:57 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: jurisdictionC = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:05:98:30:fd:9e:69:1a:f2:e2:14:0e:28:a1:92: + 48:99:94:98:3b:e7:74:95:77:ed:40:28:de:10:22:e0:2b:a2: + 02:21:00:f7:d7:8d:63:83:b2:d8:4e:95:40:b6:a8:ee:57:73: + 5c:2e:e3:27:b9:3c:bb:72:cf:da:a4:97:56:e9:ca:ea:20 +-----BEGIN CERTIFICATE----- +MIIBYjCCAQigAwIBAgINAP4eamEFIdNK/CpCVzAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMCIxIDAeBgsrBgEEAYI3PAIBAxMPUHJp +bnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzR +yOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/ +QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAw +RQIgBZgw/Z5pGvLiFA4ooZJImZSYO+d0lXftQCjeECLgK6ICIQD3141jg7LYTpVA +tqjuV3NcLuMnuTy7cs/apJdW6crqIA== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectjurCWrongEncoding.pem b/v3/testdata/subjectjurCWrongEncoding.pem new file mode 100644 index 000000000..f4ab2f532 --- /dev/null +++ b/v3/testdata/subjectjurCWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1b:6f:0c:d0:d1:24:8f:e7:93:c5:16:fd + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: jurisdictionC = BMPString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:52:bb:30:1b:86:c8:fd:9b:4a:a8:f4:de:ba:56: + b5:fb:b2:26:04:95:7c:7c:b9:77:68:68:10:5a:48:90:c5:c9: + 02:21:00:c5:8f:a2:59:e3:e7:85:34:2a:84:0f:64:fe:41:87: + f0:54:26:f0:03:af:01:56:2c:d0:08:df:f5:54:8a:b1:3c +-----BEGIN CERTIFICATE----- +MIIBZDCCAQqgAwIBAgIMG28M0NEkj+eTxRb9MAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowJTEjMCEGCysGAQQBgjc8AgEDHhIAQgBN +AFAAUwB0AHIAaQBuAGcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ1ffiaiX1s +HNHI4pcJn28q31UwlwY9BlmUZpLaPvF9Xh8iPDnt8XAkXn0VKuD8b4tphly03BH+ +YT9BcR3FYCsUoxcwFTATBgNVHSAEDDAKMAgGBmeBDAECATAKBggqhkjOPQQDAgNI +ADBFAiBSuzAbhsj9m0qo9N66VrX7siYElXx8uXdoaBBaSJDFyQIhAMWPolnj54U0 +KoQPZP5Bh/BUJvADrwFWLNAI3/VUirE8 +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectjurLCorrectEncoding.pem b/v3/testdata/subjectjurLCorrectEncoding.pem new file mode 100644 index 000000000..d43eed27a --- /dev/null +++ b/v3/testdata/subjectjurLCorrectEncoding.pem @@ -0,0 +1,42 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3b:ac:e1:ff:21:e4:71:37:e5:fe:d5:a6 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: jurisdictionL = UTF8String, jurisdictionL = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:4f:48:36:68:89:4a:9d:62:86:99:99:ca:f5:72: + 8e:1b:1f:66:4e:7a:db:c8:a8:43:0a:9b:7c:59:ca:fd:0a:d1: + 02:21:00:f7:b5:73:b4:90:c5:77:f9:dc:7d:80:2f:02:17:35: + 15:49:d3:de:b5:df:65:f7:f9:69:35:3c:48:18:f5:95:50 +-----BEGIN CERTIFICATE----- +MIIBfjCCASSgAwIBAgIMO6zh/yHkcTfl/tWmMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowPzEbMBkGCysGAQQBgjc8AgEBDApVVEY4 +U3RyaW5nMSAwHgYLKwYBBAGCNzwCAQETD1ByaW50YWJsZVN0cmluZzBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+ +8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQM +MAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIE9INmiJSp1ihpmZyvVyjhsf +Zk5628ioQwqbfFnK/QrRAiEA97VztJDFd/ncfYAvAhc1FUnT3rXfZff5aTU8SBj1 +lVA= +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectjurLWrongEncoding.pem b/v3/testdata/subjectjurLWrongEncoding.pem new file mode 100644 index 000000000..ad5a73f7e --- /dev/null +++ b/v3/testdata/subjectjurLWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a5:1b:98:5a:61:8e:fa:4e:1d:db:3a:ea + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: jurisdictionL = BMPString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:cf:38:54:96:6d:9f:aa:4e:54:b9:b5:17:e6: + c5:33:d8:57:7d:62:b4:f3:06:16:ec:f2:a7:bd:45:a8:dc:cb: + bf:02:20:22:3e:7a:37:19:30:58:58:4d:68:f6:66:66:94:51: + e7:60:83:46:fd:68:6b:c6:1f:35:58:b5:8f:d9:91:f1:84 +-----BEGIN CERTIFICATE----- +MIIBZTCCAQugAwIBAgINAKUbmFphjvpOHds66jAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMCUxIzAhBgsrBgEEAYI3PAIBAR4SAEIA +TQBQAFMAdAByAGkAbgBnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9 +bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR +/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwID +SAAwRQIhAM84VJZtn6pOVLm1F+bFM9hXfWK08wYW7PKnvUWo3Mu/AiAiPno3GTBY +WE1o9mZmlFHnYING/Whrxh81WLWP2ZHxhA== +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectjurSTCorrectEncoding.pem b/v3/testdata/subjectjurSTCorrectEncoding.pem new file mode 100644 index 000000000..d1714a1ba --- /dev/null +++ b/v3/testdata/subjectjurSTCorrectEncoding.pem @@ -0,0 +1,42 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + bd:36:1c:fc:36:8f:3d:66:2e:02:1e:ee + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: jurisdictionST = UTF8String, jurisdictionST = PrintableString + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:59:42:8f:1a:d0:24:9a:9a:7c:19:09:41:c7:f1: + e8:47:82:c7:1e:8d:94:d6:d5:4c:f9:de:52:7b:c4:6f:19:d1: + 02:21:00:97:8d:85:94:70:18:86:53:38:7b:cf:9d:ba:57:63: + 24:18:13:c1:c6:f9:eb:32:4f:31:bd:38:99:00:50:e8:1b +-----BEGIN CERTIFICATE----- +MIIBfzCCASWgAwIBAgINAL02HPw2jz1mLgIe7jAKBggqhkjOPQQDAjAuMRAwDgYD +VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 +MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMD8xGzAZBgsrBgEEAYI3PAIBAgwKVVRG +OFN0cmluZzEgMB4GCysGAQQBgjc8AgECEw9QcmludGFibGVTdHJpbmcwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAQ1ffiaiX1sHNHI4pcJn28q31UwlwY9BlmUZpLa +PvF9Xh8iPDnt8XAkXn0VKuD8b4tphly03BH+YT9BcR3FYCsUoxcwFTATBgNVHSAE +DDAKMAgGBmeBDAECATAKBggqhkjOPQQDAgNIADBFAiBZQo8a0CSamnwZCUHH8ehH +gscejZTW1Uz53lJ7xG8Z0QIhAJeNhZRwGIZTOHvPnbpXYyQYE8HG+esyTzG9OJkA +UOgb +-----END CERTIFICATE----- diff --git a/v3/testdata/subjectjurSTWrongEncoding.pem b/v3/testdata/subjectjurSTWrongEncoding.pem new file mode 100644 index 000000000..969c81e2a --- /dev/null +++ b/v3/testdata/subjectjurSTWrongEncoding.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a1:68:4b:d3:9f:d5:85:6f:62:65:e5 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN = Lint CA, O = Lint, C = DE + Validity + Not Before: Sep 15 00:00:00 2023 GMT + Not After : Sep 15 00:00:00 2024 GMT + Subject: jurisdictionST = IA5String + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: + 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: + f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: + e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: + 1d:c5:60:2b:14 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:e0:47:84:22:ee:9d:fd:89:e5:c1:6b:5d:95: + 27:f3:23:30:44:9b:ff:c2:62:a4:eb:86:d8:01:17:73:1c:31: + a1:02:21:00:d7:85:c0:a3:8a:2b:53:07:ec:63:10:15:74:c2: + 24:0b:62:6e:6f:24:46:d9:c7:de:a3:98:10:62:8f:a8:4e:f2 +-----BEGIN CERTIFICATE----- +MIIBXDCCAQGgAwIBAgIMAKFoS9Of1YVvYmXlMAoGCCqGSM49BAMCMC4xEDAOBgNV +BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx +NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowHDEaMBgGCysGAQQBgjc8AgECFglJQTVT +dHJpbmcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ1ffiaiX1sHNHI4pcJn28q +31UwlwY9BlmUZpLaPvF9Xh8iPDnt8XAkXn0VKuD8b4tphly03BH+YT9BcR3FYCsU +oxcwFTATBgNVHSAEDDAKMAgGBmeBDAECATAKBggqhkjOPQQDAgNJADBGAiEA4EeE +Iu6d/YnlwWtdlSfzIzBEm//CYqTrhtgBF3McMaECIQDXhcCjiitTB+xjEBV0wiQL +Ym5vJEbZx96jmBBij6hO8g== +-----END CERTIFICATE----- From 2cd7d087f4a812d4ef3640560edf1d07cce2ea56 Mon Sep 17 00:00:00 2001 From: mtgag Date: Tue, 9 Apr 2024 11:40:00 +0200 Subject: [PATCH 11/21] synchronised with project --- v3/lints/cabf_smime_br/mailbox_address_from_san_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/v3/lints/cabf_smime_br/mailbox_address_from_san_test.go b/v3/lints/cabf_smime_br/mailbox_address_from_san_test.go index 3d3d23542..fe030488e 100644 --- a/v3/lints/cabf_smime_br/mailbox_address_from_san_test.go +++ b/v3/lints/cabf_smime_br/mailbox_address_from_san_test.go @@ -42,13 +42,13 @@ func TestMailboxAddressFromSANLint(t *testing.T) { ExpectedResult: lint.Pass, }, { - Name: "pass - only contains one san:emailAddress value", + Name: "NA - only contains one san:emailAddress value", InputFilename: "WithOnlySANEmail.pem", ExpectedResult: lint.Pass, }, { - Name: "pass - only contains one san:otherName value", + Name: "NA - only contains one san:otherName value", InputFilename: "WithOnlySANOtherName.pem", ExpectedResult: lint.Pass, @@ -94,7 +94,7 @@ func TestMailboxAddressFromSANLint(t *testing.T) { ExpectedDetails: "all certificate mailbox addresses must be present in san:emailAddresses or san:otherNames in addition to any other field they may appear", }, { - Name: "pass - subject:commonName is personal name, san:emailAddress contains an email", + Name: "NA - subject:commonName is personal name, san:emailAddress contains an email", InputFilename: "sponsorValidatedMultipurposePersonalNameInCN.pem", ExpectedResult: lint.Pass, From 63cf8e862a490ebd8769ffbc516d882449d67741 Mon Sep 17 00:00:00 2001 From: mtgag Date: Tue, 9 Apr 2024 11:44:43 +0200 Subject: [PATCH 12/21] Revert "synchronised with project" This reverts commit bad73ee2d5669394cde3053d300f285a91f75fd6. --- .../lint_subject_rdns_correct_encoding.go | 142 ----------- ...lint_subject_rdns_correct_encoding_test.go | 221 ------------------ ...subjectBusinessCategoryCorrectEncoding.pem | 41 ---- .../subjectBusinessCategoryWrongEncoding.pem | 41 ---- v3/testdata/subjectCCorrectEncoding.pem | 41 ---- v3/testdata/subjectCNCorrectEncoding.pem | 41 ---- v3/testdata/subjectCNWrongEncoding.pem | 41 ---- v3/testdata/subjectCWrongEncoding.pem | 40 ---- v3/testdata/subjectDCCorrectEncoding.pem | 41 ---- v3/testdata/subjectDCWrongEncoding.pem | 41 ---- .../subjectGivenNameCorrectEncoding.pem | 41 ---- v3/testdata/subjectGivenNameWrongEncoding.pem | 41 ---- v3/testdata/subjectLCorrectEncoding.pem | 41 ---- v3/testdata/subjectLWrongEncoding.pem | 41 ---- v3/testdata/subjectOCorrectEncoding.pem | 41 ---- v3/testdata/subjectOUCorrectEncoding.pem | 41 ---- v3/testdata/subjectOUWrongEncoding.pem | 41 ---- v3/testdata/subjectOWrongEncoding.pem | 41 ---- ...tOrganizationIdentifierCorrectEncoding.pem | 41 ---- ...ectOrganizationIdentifierWrongEncoding.pem | 41 ---- .../subjectPostalCodeCorrectEncoding.pem | 41 ---- .../subjectPostalCodeWrongEncoding.pem | 41 ---- v3/testdata/subjectSTCorrectEncoding.pem | 41 ---- v3/testdata/subjectSTWrongEncoding.pem | 41 ---- .../subjectSerialNumberCorrectEncoding.pem | 41 ---- .../subjectSerialNumberWrongEncoding.pem | 41 ---- v3/testdata/subjectStreetCorrectEncoding.pem | 41 ---- v3/testdata/subjectStreetWrongEncoding.pem | 41 ---- v3/testdata/subjectSurnameCorrectEncoding.pem | 41 ---- v3/testdata/subjectSurnameWrongEncoding.pem | 41 ---- v3/testdata/subjectjurCCorrectEncoding.pem | 41 ---- v3/testdata/subjectjurCWrongEncoding.pem | 41 ---- v3/testdata/subjectjurLCorrectEncoding.pem | 42 ---- v3/testdata/subjectjurLWrongEncoding.pem | 41 ---- v3/testdata/subjectjurSTCorrectEncoding.pem | 42 ---- v3/testdata/subjectjurSTWrongEncoding.pem | 41 ---- 36 files changed, 1758 deletions(-) delete mode 100644 v3/lints/cabf_br/lint_subject_rdns_correct_encoding.go delete mode 100644 v3/lints/cabf_br/lint_subject_rdns_correct_encoding_test.go delete mode 100644 v3/testdata/subjectBusinessCategoryCorrectEncoding.pem delete mode 100644 v3/testdata/subjectBusinessCategoryWrongEncoding.pem delete mode 100644 v3/testdata/subjectCCorrectEncoding.pem delete mode 100644 v3/testdata/subjectCNCorrectEncoding.pem delete mode 100644 v3/testdata/subjectCNWrongEncoding.pem delete mode 100644 v3/testdata/subjectCWrongEncoding.pem delete mode 100644 v3/testdata/subjectDCCorrectEncoding.pem delete mode 100644 v3/testdata/subjectDCWrongEncoding.pem delete mode 100644 v3/testdata/subjectGivenNameCorrectEncoding.pem delete mode 100644 v3/testdata/subjectGivenNameWrongEncoding.pem delete mode 100644 v3/testdata/subjectLCorrectEncoding.pem delete mode 100644 v3/testdata/subjectLWrongEncoding.pem delete mode 100644 v3/testdata/subjectOCorrectEncoding.pem delete mode 100644 v3/testdata/subjectOUCorrectEncoding.pem delete mode 100644 v3/testdata/subjectOUWrongEncoding.pem delete mode 100644 v3/testdata/subjectOWrongEncoding.pem delete mode 100644 v3/testdata/subjectOrganizationIdentifierCorrectEncoding.pem delete mode 100644 v3/testdata/subjectOrganizationIdentifierWrongEncoding.pem delete mode 100644 v3/testdata/subjectPostalCodeCorrectEncoding.pem delete mode 100644 v3/testdata/subjectPostalCodeWrongEncoding.pem delete mode 100644 v3/testdata/subjectSTCorrectEncoding.pem delete mode 100644 v3/testdata/subjectSTWrongEncoding.pem delete mode 100644 v3/testdata/subjectSerialNumberCorrectEncoding.pem delete mode 100644 v3/testdata/subjectSerialNumberWrongEncoding.pem delete mode 100644 v3/testdata/subjectStreetCorrectEncoding.pem delete mode 100644 v3/testdata/subjectStreetWrongEncoding.pem delete mode 100644 v3/testdata/subjectSurnameCorrectEncoding.pem delete mode 100644 v3/testdata/subjectSurnameWrongEncoding.pem delete mode 100644 v3/testdata/subjectjurCCorrectEncoding.pem delete mode 100644 v3/testdata/subjectjurCWrongEncoding.pem delete mode 100644 v3/testdata/subjectjurLCorrectEncoding.pem delete mode 100644 v3/testdata/subjectjurLWrongEncoding.pem delete mode 100644 v3/testdata/subjectjurSTCorrectEncoding.pem delete mode 100644 v3/testdata/subjectjurSTWrongEncoding.pem diff --git a/v3/lints/cabf_br/lint_subject_rdns_correct_encoding.go b/v3/lints/cabf_br/lint_subject_rdns_correct_encoding.go deleted file mode 100644 index 84121e2be..000000000 --- a/v3/lints/cabf_br/lint_subject_rdns_correct_encoding.go +++ /dev/null @@ -1,142 +0,0 @@ -package cabf_br - -/* - * ZLint Copyright 2024 Regents of the University of Michigan - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy - * of the License at http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -import ( - "fmt" - "github.com/zmap/zcrypto/encoding/asn1" - "github.com/zmap/zcrypto/x509" - "github.com/zmap/zlint/v3/lint" - "github.com/zmap/zlint/v3/util" -) - -type subjectRdnsCorrectEncoding struct{} - -func init() { - lint.RegisterCertificateLint(&lint.CertificateLint{ - LintMetadata: lint.LintMetadata{ - Name: "e_subject_rdns_correct_encoding", - Description: "CAs that include attributes in the Certificate subject field that are listed in the Tables 77 and 78 of BR 2.0.0 SHALL follow the specified encoding requirements for the attribute", - Citation: "BRs 2.0.0: 7.1.4.2, Table 77 and Table 78", - Source: lint.CABFBaselineRequirements, - EffectiveDate: util.SC62EffectiveDate, - }, - Lint: NewSubjectRdnsCorrectEncoding, - }) -} - -func NewSubjectRdnsCorrectEncoding() lint.LintInterface { - return &subjectRdnsCorrectEncoding{} -} - -func (l *subjectRdnsCorrectEncoding) CheckApplies(c *x509.Certificate) bool { - return true -} - -func (l *subjectRdnsCorrectEncoding) Execute(c *x509.Certificate) *lint.LintResult { - rdnSequence := util.RawRDNSequence{} - if rest, err := asn1.Unmarshal(c.RawSubject, &rdnSequence); err != nil || len(rest) > 0 { - return &lint.LintResult{Status: lint.Fatal} - } - - for _, attrTypeAndValueSet := range rdnSequence { - for _, attrTypeAndValue := range attrTypeAndValueSet { - oid := attrTypeAndValue.Type.String() - tag := attrTypeAndValue.Value.Tag - - if "0.9.2342.19200300.100.1.25" == oid && tag != 22 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute domainComponent in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.6" == oid && tag != 19 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute countryName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.8" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute stateOrProvinceName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.7" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute localityName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.17" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute postalCode in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.9" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute streetAddress in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.10" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute organizationName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.4" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute surname in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.42" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute givenName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.11" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute organizationalUnitName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.3" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute commonName in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.15" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute businessCategory in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "1.3.6.1.4.1.311.60.2.1.3" == oid && tag != 19 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute jurisdictionCountry in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "1.3.6.1.4.1.311.60.2.1.2" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute jurisdictionStateOrProvince in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "1.3.6.1.4.1.311.60.2.1.1" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute jurisdictionLocality in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.5" == oid && tag != 19 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute serialNumber in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - if "2.5.4.97" == oid && tag != 19 && tag != 12 { - return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("Attribute organizationIdentifier in subjectDN has the wrong encoding %s.", getEncodingName(tag))} - } - } - } - return &lint.LintResult{Status: lint.Pass} -} - -//Tag BMPString: 0x1e = 30 -//Tag UTF8String: 0x0c = 12 -//Tag TeletexString: 0x14 = 20 -//Tag UniversalString: 0x1c = 28 -//Tag PrintableString: 0x13 = 19 -//Tag IA5String: 0x16 = 22 - -func getEncodingName(tag int) string { - if tag == 12 { - return "UTF8String" - } - if tag == 19 { - return "PrintableString" - } - if tag == 20 { - return "TeletexString" - } - if tag == 22 { - return "IA5String" - } - if tag == 28 { - return "UniversalString" - } - if tag == 30 { - return "BMPString" - } - return "Unknown" -} diff --git a/v3/lints/cabf_br/lint_subject_rdns_correct_encoding_test.go b/v3/lints/cabf_br/lint_subject_rdns_correct_encoding_test.go deleted file mode 100644 index 485198d65..000000000 --- a/v3/lints/cabf_br/lint_subject_rdns_correct_encoding_test.go +++ /dev/null @@ -1,221 +0,0 @@ -/* - * ZLint Copyright 2024 Regents of the University of Michigan - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy - * of the License at http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -package cabf_br - -import ( - "strings" - "testing" - - "github.com/zmap/zlint/v3/lint" - "github.com/zmap/zlint/v3/test" -) - -func TestSubjectRdnsCorrectEncoding(t *testing.T) { - data := []struct { - file string - want lint.LintStatus - details string - }{ - { - "subjectDCWrongEncoding.pem", - lint.Error, - "Attribute domainComponent in subjectDN has the wrong encoding UTF8String", - }, - { - "subjectCWrongEncoding.pem", - lint.Error, - "Attribute countryName in subjectDN has the wrong encoding UTF8String", - }, - { - "subjectSTWrongEncoding.pem", - lint.Error, - "Attribute stateOrProvinceName in subjectDN has the wrong encoding TeletexString", - }, - { - "subjectLWrongEncoding.pem", - lint.Error, - "Attribute localityName in subjectDN has the wrong encoding IA5String", - }, - { - "subjectPostalCodeWrongEncoding.pem", - lint.Error, - "Attribute postalCode in subjectDN has the wrong encoding UniversalString", - }, - { - "subjectStreetWrongEncoding.pem", - lint.Error, - "Attribute streetAddress in subjectDN has the wrong encoding BMPString", - }, - { - "subjectOWrongEncoding.pem", - lint.Error, - "Attribute organizationName in subjectDN has the wrong encoding TeletexString", - }, - { - "subjectSurnameWrongEncoding.pem", - lint.Error, - "Attribute surname in subjectDN has the wrong encoding IA5String", - }, - { - "subjectGivenNameWrongEncoding.pem", - lint.Error, - "Attribute givenName in subjectDN has the wrong encoding BMPString", - }, - { - "subjectOUWrongEncoding.pem", - lint.Error, - "Attribute organizationalUnitName in subjectDN has the wrong encoding BMPString", - }, - { - "subjectCNWrongEncoding.pem", - lint.Error, - "Attribute commonName in subjectDN has the wrong encoding UniversalString", - }, - { - "subjectBusinessCategoryWrongEncoding.pem", - lint.Error, - "Attribute businessCategory in subjectDN has the wrong encoding TeletexString", - }, - { - "subjectjurCWrongEncoding.pem", - lint.Error, - "Attribute jurisdictionCountry in subjectDN has the wrong encoding BMPString", - }, - { - "subjectjurSTWrongEncoding.pem", - lint.Error, - "Attribute jurisdictionStateOrProvince in subjectDN has the wrong encoding IA5String", - }, - { - "subjectjurLWrongEncoding.pem", - lint.Error, - "Attribute jurisdictionLocality in subjectDN has the wrong encoding BMPString", - }, - { - "subjectSerialNumberWrongEncoding.pem", - lint.Error, - "Attribute serialNumber in subjectDN has the wrong encoding UniversalString", - }, - { - "subjectOrganizationIdentifierWrongEncoding.pem", - lint.Error, - "Attribute organizationIdentifier in subjectDN has the wrong encoding TeletexString", - }, - { - "subjectDCCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectCCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectSTCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectLCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectPostalCodeCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectStreetCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectOCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectSurnameCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectGivenNameCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectOUCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectCNCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectBusinessCategoryCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectjurCCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectjurSTCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectjurLCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectSerialNumberCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectOrganizationIdentifierCorrectEncoding.pem", - lint.Pass, - "", - }, - { - "subjectValidCountry.pem", - lint.NE, - "", - }, - } - for _, d := range data { - file := d.file - want := d.want - details := d.details - t.Run(file, func(t *testing.T) { - got := test.TestLint("e_subject_rdns_correct_encoding", file) - if got.Status != want { - t.Errorf("expected %v got %v", want, got) - } - if !strings.Contains(got.Details, details) { - t.Errorf("expected the returned details to contain '%s' but got %s", details, got.Details) - } - }) - } -} diff --git a/v3/testdata/subjectBusinessCategoryCorrectEncoding.pem b/v3/testdata/subjectBusinessCategoryCorrectEncoding.pem deleted file mode 100644 index adc5f904f..000000000 --- a/v3/testdata/subjectBusinessCategoryCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - c9:88:c5:81:06:7a:d4:b0:6f:98:e3:12 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: businessCategory = UTF8String, businessCategory = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:80:09:37:f3:94:b7:13:94:89:bf:1b:52:75: - 1d:80:35:72:87:75:59:75:82:95:f4:38:8f:ae:53:bc:0f:dd: - dd:02:21:00:dc:c9:04:73:2f:79:fb:bf:74:15:53:ee:24:33: - eb:88:3c:db:6f:8a:58:19:54:01:8e:c8:6a:a7:90:83:0b:14 ------BEGIN CERTIFICATE----- -MIIBcDCCARWgAwIBAgINAMmIxYEGetSwb5jjEjAKBggqhkjOPQQDAjAuMRAwDgYD -VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 -MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBA8MClVURjhTdHJpbmcx -GDAWBgNVBA8TD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq -4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG -CCqGSM49BAMCA0kAMEYCIQCACTfzlLcTlIm/G1J1HYA1cod1WXWClfQ4j65TvA/d -3QIhANzJBHMvefu/dBVT7iQz64g822+KWBlUAY7IaqeQgwsU ------END CERTIFICATE----- diff --git a/v3/testdata/subjectBusinessCategoryWrongEncoding.pem b/v3/testdata/subjectBusinessCategoryWrongEncoding.pem deleted file mode 100644 index a79a4b5e0..000000000 --- a/v3/testdata/subjectBusinessCategoryWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 72:79:d9:f0:64:67:5a:c4:c8:15:0b:a9 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: businessCategory = TeletexString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:21:00:c1:11:e3:cc:ef:5b:30:71:bc:ef:33:94:fe: - 96:f5:ff:00:e0:a9:6b:22:85:57:9f:7e:8d:cf:0b:42:28:52: - d9:02:20:05:86:c6:76:6a:38:5f:10:52:c8:8e:7a:88:de:46: - 58:0f:45:14:9e:a3:37:9c:ea:13:ab:b9:b5:bc:ff:f3:c4 ------BEGIN CERTIFICATE----- -MIIBVjCB/aADAgECAgxyednwZGdaxMgVC6kwCgYIKoZIzj0EAwIwLjEQMA4GA1UE -AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 -MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAYMRYwFAYDVQQPFA1UZWxldGV4U3RyaW5n -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcG -PQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUw -EwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIhAMER48zvWzBx -vO8zlP6W9f8A4KlrIoVXn36NzwtCKFLZAiAFhsZ2ajhfEFLIjnqI3kZYD0UUnqM3 -nOoTq7m1vP/zxA== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectCCorrectEncoding.pem b/v3/testdata/subjectCCorrectEncoding.pem deleted file mode 100644 index 3658c754c..000000000 --- a/v3/testdata/subjectCCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - fc:8a:16:73:6e:d4:28:5b:52:ec:08:4c - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: C = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:c4:d4:22:13:8d:22:8f:b2:bf:e6:0a:cd:61: - d8:bd:5c:9a:07:bb:88:4a:dd:6c:55:b0:09:30:fa:53:e0:fd: - e8:02:21:00:9a:42:16:de:fb:6f:50:ba:7a:5b:14:24:b4:cd: - d7:9f:91:0f:44:2d:88:9f:5f:20:38:c5:60:a1:70:ff:ae:84 ------BEGIN CERTIFICATE----- -MIIBWzCCAQCgAwIBAgINAPyKFnNu1ChbUuwITDAKBggqhkjOPQQDAjAuMRAwDgYD -VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 -MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMBoxGDAWBgNVBAYTD1ByaW50YWJsZVN0 -cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrf -VTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSj -FzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0kAMEYCIQDE1CIT -jSKPsr/mCs1h2L1cmge7iErdbFWwCTD6U+D96AIhAJpCFt77b1C6elsUJLTN15+R -D0QtiJ9fIDjFYKFw/66E ------END CERTIFICATE----- diff --git a/v3/testdata/subjectCNCorrectEncoding.pem b/v3/testdata/subjectCNCorrectEncoding.pem deleted file mode 100644 index c4169d066..000000000 --- a/v3/testdata/subjectCNCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 01:f1:6c:4a:e1:db:54:1a:f7:fc:67:e1 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: CN = UTF8String, CN = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:18:2a:92:d5:5d:3b:ae:17:9a:f4:c0:60:bb:d5: - bb:a6:4a:ef:0e:12:51:a6:4a:18:6c:01:c0:fd:3d:4e:93:56: - 02:21:00:a8:92:ec:4d:64:d6:6c:a7:29:92:67:dc:d9:f6:6b: - 11:c8:a5:06:b0:58:4c:56:05:18:9b:f0:7e:de:fa:0c:bb ------BEGIN CERTIFICATE----- -MIIBbjCCARSgAwIBAgIMAfFsSuHbVBr3/GfhMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UEAwwKVVRGOFN0cmluZzEY -MBYGA1UEAxMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD -QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg -/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI -KoZIzj0EAwIDSAAwRQIgGCqS1V07rhea9MBgu9W7pkrvDhJRpkoYbAHA/T1Ok1YC -IQCokuxNZNZspymSZ9zZ9msRyKUGsFhMVgUYm/B+3voMuw== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectCNWrongEncoding.pem b/v3/testdata/subjectCNWrongEncoding.pem deleted file mode 100644 index fef061bdb..000000000 --- a/v3/testdata/subjectCNWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - a9:e8:5a:c9:48:7b:c5:64:fe:39:bf:ce - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: CN = U - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:1b:11:5a:e3:fe:73:e1:c0:16:6f:7f:24:ee:15: - 65:cf:82:35:4d:c2:0c:1d:6e:e7:d6:cb:1a:ee:7c:d1:e0:a7: - 02:21:00:bd:86:46:6f:51:a3:ad:76:89:34:59:bd:46:83:6a: - bf:42:b8:bf:f1:fe:ec:4a:02:5f:69:de:33:c7:4a:16:94 ------BEGIN CERTIFICATE----- -MIIBTjCB9aADAgECAg0AqehayUh7xWT+Ob/OMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowDzENMAsGA1UEAxwEAAAAVTBZMBMGByqG -SM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+ -8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQM -MAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIBsRWuP+c+HAFm9/JO4VZc+C -NU3CDB1u59bLGu580eCnAiEAvYZGb1GjrXaJNFm9RoNqv0K4v/H+7EoCX2neM8dK -FpQ= ------END CERTIFICATE----- diff --git a/v3/testdata/subjectCWrongEncoding.pem b/v3/testdata/subjectCWrongEncoding.pem deleted file mode 100644 index 22a85933a..000000000 --- a/v3/testdata/subjectCWrongEncoding.pem +++ /dev/null @@ -1,40 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 50:74:cf:cd:9f:31:5a:1c:de:62:19:2d - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: C = DE - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:74:ae:46:d1:20:2a:4c:2d:cd:2a:69:3f:29:6a: - 79:24:b5:d4:1d:7c:c7:b2:bc:83:13:e6:8a:7a:1f:54:8f:92: - 02:20:01:b0:fe:9d:42:6c:f6:8f:15:d2:5d:d9:51:a3:94:5f: - a7:cf:b7:ed:b9:69:83:1c:e3:be:d1:37:55:9a:16:22 ------BEGIN CERTIFICATE----- -MIIBSjCB8qADAgECAgxQdM/NnzFaHN5iGS0wCgYIKoZIzj0EAwIwLjEQMA4GA1UE -AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 -MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjANMQswCQYDVQQGDAJERTBZMBMGByqGSM49 -AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1e -HyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAow -CAYGZ4EMAQIBMAoGCCqGSM49BAMCA0cAMEQCIHSuRtEgKkwtzSppPylqeSS11B18 -x7K8gxPminofVI+SAiABsP6dQmz2jxXSXdlRo5Rfp8+37blpgxzjvtE3VZoWIg== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectDCCorrectEncoding.pem b/v3/testdata/subjectDCCorrectEncoding.pem deleted file mode 100644 index 30bf62bf9..000000000 --- a/v3/testdata/subjectDCCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 20:73:b8:73:d2:e3:be:9f:24:56:19:f0 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: DC = IA5String - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:11:8c:da:ba:cc:77:19:93:0e:bb:e5:fd:1b:1e: - cb:07:fa:60:7d:40:fe:87:fb:83:c0:f9:73:a7:ce:cb:34:1b: - 02:20:0c:6e:cd:6f:99:97:4a:f6:64:76:23:02:09:2a:cb:24: - 9e:36:88:d6:ef:5c:11:71:f4:50:5c:de:38:67:8b:c3 ------BEGIN CERTIFICATE----- -MIIBWTCCAQCgAwIBAgIMIHO4c9Ljvp8kVhnwMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowGzEZMBcGCgmSJomT8ixkARkWCUlBNVN0 -cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrf -VTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSj -FzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0cAMEQCIBGM2rrM -dxmTDrvl/Rseywf6YH1A/of7g8D5c6fOyzQbAiAMbs1vmZdK9mR2IwIJKssknjaI -1u9cEXH0UFzeOGeLww== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectDCWrongEncoding.pem b/v3/testdata/subjectDCWrongEncoding.pem deleted file mode 100644 index 4190112df..000000000 --- a/v3/testdata/subjectDCWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - d2:c3:3a:50:ff:62:66:a7:bf:00:f3:ee - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: DC = UTF8String - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:2f:c7:9c:0d:15:66:fb:69:df:a6:e9:d2:cf:06: - de:ed:5f:3a:e5:eb:fc:39:2e:6e:74:f3:43:48:3c:a6:8f:d5: - 02:20:41:67:95:a6:22:1a:70:11:45:89:c3:c4:b5:3b:4c:fa: - cd:dd:15:6a:c2:0e:f9:e1:e2:8f:5c:22:be:a3:31:23 ------BEGIN CERTIFICATE----- -MIIBWzCCAQKgAwIBAgINANLDOlD/YmanvwDz7jAKBggqhkjOPQQDAjAuMRAwDgYD -VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 -MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMBwxGjAYBgoJkiaJk/IsZAEZDApVVEY4 -U3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9v -Kt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWAr -FKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgL8ec -DRVm+2nfpunSzwbe7V865ev8OS5udPNDSDymj9UCIEFnlaYiGnARRYnDxLU7TPrN -3RVqwg754eKPXCK+ozEj ------END CERTIFICATE----- diff --git a/v3/testdata/subjectGivenNameCorrectEncoding.pem b/v3/testdata/subjectGivenNameCorrectEncoding.pem deleted file mode 100644 index 7785c632c..000000000 --- a/v3/testdata/subjectGivenNameCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 71:f7:0d:aa:3e:ce:4e:3b:9c:b5:21:d6 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: GN = UTF8String, GN = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:25:7c:64:c8:65:26:d2:63:02:bd:bd:2c:a5:40: - cf:34:a7:22:bc:e0:0b:ba:ac:cc:46:42:6e:4f:d6:bc:65:6e: - 02:21:00:aa:0a:93:85:6c:c4:d4:e5:91:6d:8d:5d:c1:75:14: - 33:ca:ad:89:28:30:06:e7:d7:ea:22:63:c9:56:18:99:93 ------BEGIN CERTIFICATE----- -MIIBbjCCARSgAwIBAgIMcfcNqj7OTjuctSHWMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UEKgwKVVRGOFN0cmluZzEY -MBYGA1UEKhMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD -QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg -/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI -KoZIzj0EAwIDSAAwRQIgJXxkyGUm0mMCvb0spUDPNKcivOALuqzMRkJuT9a8ZW4C -IQCqCpOFbMTU5ZFtjV3BdRQzyq2JKDAG59fqImPJVhiZkw== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectGivenNameWrongEncoding.pem b/v3/testdata/subjectGivenNameWrongEncoding.pem deleted file mode 100644 index 6d70f6873..000000000 --- a/v3/testdata/subjectGivenNameWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 09:c7:e4:31:63:88:86:55:5f:10:1b:ae - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: GN = BMPString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:6b:96:97:b5:98:2e:18:17:e5:b1:72:ae:8a:99: - 7a:50:71:13:79:ca:f8:46:e3:a7:c2:32:f4:a9:59:a6:c3:44: - 02:21:00:84:00:fc:57:ee:56:f0:af:fe:bf:dd:4a:9b:0b:fd: - b0:d3:5c:83:26:7c:59:a8:c9:a3:b0:3d:9d:1a:8c:c0:17 ------BEGIN CERTIFICATE----- -MIIBXDCCAQKgAwIBAgIMCcfkMWOIhlVfEBuuMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowHTEbMBkGA1UEKh4SAEIATQBQAFMAdABy -AGkAbgBnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9v -Kt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWAr -FKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIga5aX -tZguGBflsXKuipl6UHETecr4RuOnwjL0qVmmw0QCIQCEAPxX7lbwr/6/3UqbC/2w -01yDJnxZqMmjsD2dGozAFw== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectLCorrectEncoding.pem b/v3/testdata/subjectLCorrectEncoding.pem deleted file mode 100644 index f09ddcfaa..000000000 --- a/v3/testdata/subjectLCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - fd:43:52:4e:ca:cf:bd:a7:ca:48:a3:e2 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: L = UTF8String, L = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:de:ae:f6:4d:40:84:d4:31:25:d9:70:1f:f7: - 41:71:b9:e2:35:f5:e4:8d:34:a9:ee:b0:01:8a:b7:33:e3:5a: - cd:02:21:00:f0:a2:95:d3:72:5e:79:cd:b9:b0:bf:ad:f6:d8: - b1:0a:f9:22:00:2b:d8:0a:e1:ca:76:9c:18:ca:66:f2:a5:82 ------BEGIN CERTIFICATE----- -MIIBcDCCARWgAwIBAgINAP1DUk7Kz72nykij4jAKBggqhkjOPQQDAjAuMRAwDgYD -VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 -MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBAcMClVURjhTdHJpbmcx -GDAWBgNVBAcTD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq -4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG -CCqGSM49BAMCA0kAMEYCIQDervZNQITUMSXZcB/3QXG54jX15I00qe6wAYq3M+Na -zQIhAPCildNyXnnNubC/rfbYsQr5IgAr2ArhynacGMpm8qWC ------END CERTIFICATE----- diff --git a/v3/testdata/subjectLWrongEncoding.pem b/v3/testdata/subjectLWrongEncoding.pem deleted file mode 100644 index 1bdf8524a..000000000 --- a/v3/testdata/subjectLWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 99:42:56:2d:ab:36:16:3c:57:d3:4f:24 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: L = IA5String - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:21:00:de:54:87:79:ec:d5:19:62:fa:e6:10:81:3b: - ef:ab:26:21:d0:ec:67:28:59:4d:7a:fd:61:72:93:59:5c:a9: - b3:02:20:31:ca:1d:6b:38:b9:c3:8a:e5:59:f0:de:73:21:5b: - e6:0d:23:1b:7c:bc:35:fb:24:8a:78:a8:00:87:73:94:fd ------BEGIN CERTIFICATE----- -MIIBUzCB+qADAgECAg0AmUJWLas2FjxX008kMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowFDESMBAGA1UEBxYJSUE1U3RyaW5nMFkw -EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZ -lGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYD -VR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIhAN5Uh3ns1Rli+uYQ -gTvvqyYh0OxnKFlNev1hcpNZXKmzAiAxyh1rOLnDiuVZ8N5zIVvmDSMbfLw1+ySK -eKgAh3OU/Q== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectOCorrectEncoding.pem b/v3/testdata/subjectOCorrectEncoding.pem deleted file mode 100644 index a75c2fd6b..000000000 --- a/v3/testdata/subjectOCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - e1:12:a3:76:b6:33:ae:cb:c5:1c:89:06 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: O = UTF8String, O = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:2a:1a:d4:fd:b7:f9:21:b6:45:4b:39:2f:5e:6f: - 06:1c:67:85:2a:ce:a4:fc:9f:1f:1b:aa:36:54:8b:94:40:1e: - 02:21:00:b9:79:3f:c5:59:2b:22:d2:74:ea:f2:c7:aa:db:7d: - e3:3e:68:0a:7d:c3:1f:08:e5:b4:12:af:a9:9a:c5:5b:e1 ------BEGIN CERTIFICATE----- -MIIBbzCCARWgAwIBAgINAOESo3a2M67LxRyJBjAKBggqhkjOPQQDAjAuMRAwDgYD -VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 -MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBAoMClVURjhTdHJpbmcx -GDAWBgNVBAoTD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq -4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG -CCqGSM49BAMCA0gAMEUCICoa1P23+SG2RUs5L15vBhxnhSrOpPyfHxuqNlSLlEAe -AiEAuXk/xVkrItJ06vLHqtt94z5oCn3DHwjltBKvqZrFW+E= ------END CERTIFICATE----- diff --git a/v3/testdata/subjectOUCorrectEncoding.pem b/v3/testdata/subjectOUCorrectEncoding.pem deleted file mode 100644 index e0f65ba12..000000000 --- a/v3/testdata/subjectOUCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 0a:f6:d2:0f:f1:ea:32:7e:e5:aa:c4:5f - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: OU = UTF8String, OU = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:85:07:51:a7:6e:09:2d:0e:61:f2:22:d4:46: - ba:10:c8:e4:93:e8:5b:76:5d:4f:22:20:c1:92:29:81:32:f2: - 2c:02:21:00:a7:63:06:e6:ed:54:44:06:24:c5:dc:e2:a5:81: - fd:14:5a:80:a7:54:09:b4:58:31:a8:8a:54:cb:57:04:48:42 ------BEGIN CERTIFICATE----- -MIIBbzCCARSgAwIBAgIMCvbSD/HqMn7lqsRfMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UECwwKVVRGOFN0cmluZzEY -MBYGA1UECxMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD -QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg -/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI -KoZIzj0EAwIDSQAwRgIhAIUHUaduCS0OYfIi1Ea6EMjkk+hbdl1PIiDBkimBMvIs -AiEAp2MG5u1URAYkxdzipYH9FFqAp1QJtFgxqIpUy1cESEI= ------END CERTIFICATE----- diff --git a/v3/testdata/subjectOUWrongEncoding.pem b/v3/testdata/subjectOUWrongEncoding.pem deleted file mode 100644 index 405e24830..000000000 --- a/v3/testdata/subjectOUWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 8c:b6:83:1f:00:80:ae:5c:0b:cc:b9:f3 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: OU = BMPString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:3c:aa:9f:07:54:ee:be:ba:9e:2e:ee:6b:04:f2: - ab:e6:87:ec:22:60:13:bc:32:3d:d7:bf:25:21:c9:a5:20:47: - 02:21:00:e0:40:c1:e7:84:d9:67:43:09:c2:e0:64:7b:98:b1: - 99:b5:81:8d:59:f0:0c:96:8a:de:7d:63:37:d0:05:0f:7d ------BEGIN CERTIFICATE----- -MIIBXTCCAQOgAwIBAgINAIy2gx8AgK5cC8y58zAKBggqhkjOPQQDAjAuMRAwDgYD -VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 -MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMB0xGzAZBgNVBAseEgBCAE0AUABTAHQA -cgBpAG4AZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmf -byrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVg -KxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIDyq -nwdU7r66ni7uawTyq+aH7CJgE7wyPde/JSHJpSBHAiEA4EDB54TZZ0MJwuBke5ix -mbWBjVnwDJaK3n1jN9AFD30= ------END CERTIFICATE----- diff --git a/v3/testdata/subjectOWrongEncoding.pem b/v3/testdata/subjectOWrongEncoding.pem deleted file mode 100644 index 7867bc0bd..000000000 --- a/v3/testdata/subjectOWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - a8:1a:72:b9:8f:9b:71:e9:7d:43:65:6f - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: O = TeletexString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:5e:75:64:c9:ff:9c:79:b2:a3:ab:55:84:35:04: - 0d:cb:29:9d:59:b5:47:ad:f3:98:53:7a:b9:83:e8:75:5a:b2: - 02:21:00:ba:12:07:23:d2:07:f5:e7:3c:19:d8:65:e9:46:d9: - e9:ec:f0:bd:87:76:14:22:e8:87:00:fa:cf:e8:c9:ff:9c ------BEGIN CERTIFICATE----- -MIIBVzCB/qADAgECAg0AqBpyuY+bcel9Q2VvMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowGDEWMBQGA1UEChQNVGVsZXRleFN0cmlu -ZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrfVTCX -Bj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAV -MBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIF51ZMn/nHmy -o6tVhDUEDcspnVm1R63zmFN6uYPodVqyAiEAuhIHI9IH9ec8Gdhl6UbZ6ezwvYd2 -FCLohwD6z+jJ/5w= ------END CERTIFICATE----- diff --git a/v3/testdata/subjectOrganizationIdentifierCorrectEncoding.pem b/v3/testdata/subjectOrganizationIdentifierCorrectEncoding.pem deleted file mode 100644 index 6ac656de7..000000000 --- a/v3/testdata/subjectOrganizationIdentifierCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - fb:92:dd:31:92:cd:49:21:21:54:22:d6 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: organizationIdentifier = UTF8String, organizationIdentifier = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:33:3b:b9:c3:1a:90:70:96:96:08:0f:b5:0c:c4: - d8:6e:46:19:9d:e4:d0:f9:f9:b3:db:2f:09:10:b6:d5:e8:a9: - 02:20:70:b9:ec:fd:ea:9d:50:b4:bf:c7:5f:75:eb:50:bd:6e: - 36:be:8c:3a:46:6a:94:ae:61:88:75:ae:37:c2:19:da ------BEGIN CERTIFICATE----- -MIIBbjCCARWgAwIBAgINAPuS3TGSzUkhIVQi1jAKBggqhkjOPQQDAjAuMRAwDgYD -VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 -MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBGEMClVURjhTdHJpbmcx -GDAWBgNVBGETD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq -4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG -CCqGSM49BAMCA0cAMEQCIDM7ucMakHCWlggPtQzE2G5GGZ3k0Pn5s9svCRC21eip -AiBwuez96p1QtL/HX3XrUL1uNr6MOkZqlK5hiHWuN8IZ2g== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectOrganizationIdentifierWrongEncoding.pem b/v3/testdata/subjectOrganizationIdentifierWrongEncoding.pem deleted file mode 100644 index 7d40eea4b..000000000 --- a/v3/testdata/subjectOrganizationIdentifierWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 16:18:78:a4:fd:6c:de:80:46:61:3f:d1 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: organizationIdentifier = TeletexString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:70:b1:29:ff:cc:f7:94:32:13:42:c8:e2:76:0d: - 8e:8d:2b:ec:b3:3d:aa:53:98:b7:45:43:48:6d:46:33:59:9b: - 02:20:69:89:4a:2f:61:65:94:93:55:fe:9a:e7:81:67:1a:43: - c2:ad:80:9f:b3:a9:87:21:a8:e1:f1:3c:11:98:16:dd ------BEGIN CERTIFICATE----- -MIIBVTCB/aADAgECAgwWGHik/WzegEZhP9EwCgYIKoZIzj0EAwIwLjEQMA4GA1UE -AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 -MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAYMRYwFAYDVQRhFA1UZWxldGV4U3RyaW5n -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcG -PQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUw -EwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgcLEp/8z3lDIT -Qsjidg2OjSvssz2qU5i3RUNIbUYzWZsCIGmJSi9hZZSTVf6a54FnGkPCrYCfs6mH -Iajh8TwRmBbd ------END CERTIFICATE----- diff --git a/v3/testdata/subjectPostalCodeCorrectEncoding.pem b/v3/testdata/subjectPostalCodeCorrectEncoding.pem deleted file mode 100644 index f9d46bc57..000000000 --- a/v3/testdata/subjectPostalCodeCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 72:07:7d:48:75:12:1e:cb:fd:57:f8:94 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: postalCode = UTF8String, postalCode = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:65:1f:74:85:94:26:af:8a:11:40:b4:cc:26:3e: - 82:08:6e:f7:70:ec:56:bb:b7:b6:27:12:21:96:11:b9:7b:2f: - 02:21:00:c7:a8:bb:6a:7d:0d:99:fb:ec:0d:f4:54:10:94:dc: - 9d:72:dd:34:f7:4c:76:c5:60:3d:b5:eb:b1:10:10:d2:86 ------BEGIN CERTIFICATE----- -MIIBbjCCARSgAwIBAgIMcgd9SHUSHsv9V/iUMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UEEQwKVVRGOFN0cmluZzEY -MBYGA1UEERMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD -QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg -/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI -KoZIzj0EAwIDSAAwRQIgZR90hZQmr4oRQLTMJj6CCG73cOxWu7e2JxIhlhG5ey8C -IQDHqLtqfQ2Z++wN9FQQlNydct0090x2xWA9teuxEBDShg== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectPostalCodeWrongEncoding.pem b/v3/testdata/subjectPostalCodeWrongEncoding.pem deleted file mode 100644 index 907bc0ad3..000000000 --- a/v3/testdata/subjectPostalCodeWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 61:e3:b0:74:8a:9b:b7:a9:95:11:ef:b2 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: postalCode = U - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:21:00:d6:70:f8:73:e1:e8:3f:92:31:e5:cf:04:12: - 93:9f:66:b6:a2:a4:3b:a1:27:8c:81:d1:c2:8c:5c:fd:4f:ea: - f5:02:20:76:bb:a2:1c:5e:b0:b0:ab:13:56:ae:3e:e4:b0:1e: - 89:b9:88:93:47:83:a6:83:70:de:1b:c9:2a:9e:79:34:e8 ------BEGIN CERTIFICATE----- -MIIBTTCB9KADAgECAgxh47B0ipu3qZUR77IwCgYIKoZIzj0EAwIwLjEQMA4GA1UE -AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 -MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAPMQ0wCwYDVQQRHAQAAABVMFkwEwYHKoZI -zj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7x -fV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAww -CjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIhANZw+HPh6D+SMeXPBBKTn2a2 -oqQ7oSeMgdHCjFz9T+r1AiB2u6IcXrCwqxNWrj7ksB6JuYiTR4Omg3DeG8kqnnk0 -6A== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectSTCorrectEncoding.pem b/v3/testdata/subjectSTCorrectEncoding.pem deleted file mode 100644 index 581ac2413..000000000 --- a/v3/testdata/subjectSTCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 7c:9f:cd:3d:05:2e:92:af:7e:a7:d2:e2 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: ST = UTF8String, ST = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:4b:65:8e:ac:28:4c:99:36:8d:73:9f:dc:86:c8: - 7a:34:93:de:d9:11:9e:0b:67:fd:fe:c4:47:d8:1f:00:c2:29: - 02:20:74:40:fe:11:7b:1d:f7:ca:0b:3f:53:88:18:b1:a3:49: - 70:62:66:93:5a:02:c4:1f:12:87:5e:c1:60:94:02:ee ------BEGIN CERTIFICATE----- -MIIBbTCCARSgAwIBAgIMfJ/NPQUukq9+p9LiMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UECAwKVVRGOFN0cmluZzEY -MBYGA1UECBMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD -QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg -/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI -KoZIzj0EAwIDRwAwRAIgS2WOrChMmTaNc5/chsh6NJPe2RGeC2f9/sRH2B8AwikC -IHRA/hF7HffKCz9TiBixo0lwYmaTWgLEHxKHXsFglALu ------END CERTIFICATE----- diff --git a/v3/testdata/subjectSTWrongEncoding.pem b/v3/testdata/subjectSTWrongEncoding.pem deleted file mode 100644 index 13a91a6b9..000000000 --- a/v3/testdata/subjectSTWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 35:96:ec:fa:02:c8:74:f8:36:55:4a:09 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: ST = TeletexString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:2a:f5:49:91:9d:e2:3f:27:70:52:03:4c:0a:97: - 56:7b:07:8e:3d:84:97:15:2c:51:62:0b:ba:da:33:a7:c2:7f: - 02:20:50:52:02:d8:0f:64:d3:ef:20:db:0b:c2:3a:b2:d0:66: - 21:ef:c0:a2:b8:41:22:72:ce:dc:c0:9f:ff:04:71:f0 ------BEGIN CERTIFICATE----- -MIIBVTCB/aADAgECAgw1luz6Ash0+DZVSgkwCgYIKoZIzj0EAwIwLjEQMA4GA1UE -AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 -MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAYMRYwFAYDVQQIFA1UZWxldGV4U3RyaW5n -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcG -PQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUw -EwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgKvVJkZ3iPydw -UgNMCpdWeweOPYSXFSxRYgu62jOnwn8CIFBSAtgPZNPvINsLwjqy0GYh78CiuEEi -cs7cwJ//BHHw ------END CERTIFICATE----- diff --git a/v3/testdata/subjectSerialNumberCorrectEncoding.pem b/v3/testdata/subjectSerialNumberCorrectEncoding.pem deleted file mode 100644 index 2b1ed6883..000000000 --- a/v3/testdata/subjectSerialNumberCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - e6:9f:8a:70:eb:18:3a:10:6b:41:bf:25 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: serialNumber = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:21:00:d5:60:1a:f2:ae:9f:49:ec:bc:3b:bf:21:6e: - c5:06:94:12:65:be:96:32:5a:25:36:ac:3b:74:b0:01:06:62: - 93:02:20:23:ff:8a:d3:bb:d8:f9:2f:2a:19:3c:94:bd:40:05: - d0:a6:94:17:aa:03:3b:4e:73:85:d8:9c:6b:65:1f:05:a9 ------BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgINAOafinDrGDoQa0G/JTAKBggqhkjOPQQDAjAuMRAwDgYD -VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 -MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMBoxGDAWBgNVBAUTD1ByaW50YWJsZVN0 -cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrf -VTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSj -FzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIQDVYBry -rp9J7Lw7vyFuxQaUEmW+ljJaJTasO3SwAQZikwIgI/+K07vY+S8qGTyUvUAF0KaU -F6oDO05zhdica2UfBak= ------END CERTIFICATE----- diff --git a/v3/testdata/subjectSerialNumberWrongEncoding.pem b/v3/testdata/subjectSerialNumberWrongEncoding.pem deleted file mode 100644 index ee9b9ee41..000000000 --- a/v3/testdata/subjectSerialNumberWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 28:84:5a:df:36:ba:eb:5b:ea:4a:c0:63 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: serialNumber = U - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:21:00:92:35:89:a2:57:f4:15:70:91:98:62:00:dd: - a7:a2:a2:72:be:eb:13:68:a9:57:7a:f5:70:76:3f:69:66:dd: - 7c:02:20:57:7a:bc:e3:79:df:95:0e:44:8e:ea:4f:a1:3b:f8: - 66:a7:1d:72:c1:d9:27:3f:0d:cb:3f:5a:4f:17:71:7a:78 ------BEGIN CERTIFICATE----- -MIIBTTCB9KADAgECAgwohFrfNrrrW+pKwGMwCgYIKoZIzj0EAwIwLjEQMA4GA1UE -AwwHTGludCBDQTENMAsGA1UECgwETGludDELMAkGA1UEBhMCREUwHhcNMjMwOTE1 -MDAwMDAwWhcNMjQwOTE1MDAwMDAwWjAPMQ0wCwYDVQQFHAQAAABVMFkwEwYHKoZI -zj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7x -fV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAww -CjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAwRQIhAJI1iaJX9BVwkZhiAN2noqJy -vusTaKlXevVwdj9pZt18AiBXerzjed+VDkSO6k+hO/hmpx1ywdknPw3LP1pPF3F6 -eA== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectStreetCorrectEncoding.pem b/v3/testdata/subjectStreetCorrectEncoding.pem deleted file mode 100644 index f0095f781..000000000 --- a/v3/testdata/subjectStreetCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 0d:dd:64:b2:6e:79:0f:6b:00:11:37:10 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: street = UTF8String, street = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:21:00:c0:7a:ce:f0:ee:9e:d0:2a:0a:bb:8b:b5:76: - df:18:fc:25:8b:b4:fa:0c:5a:e8:aa:15:21:4c:86:40:34:50: - 5e:02:20:7a:c5:9a:fc:74:10:4b:e3:4d:71:ca:30:f1:29:f0: - 92:53:85:ed:f2:52:9a:f9:23:4d:80:55:f1:a2:56:d2:82 ------BEGIN CERTIFICATE----- -MIIBbjCCARSgAwIBAgIMDd1ksm55D2sAETcQMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowLzETMBEGA1UECQwKVVRGOFN0cmluZzEY -MBYGA1UECRMPUHJpbnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD -QgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg -/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYI -KoZIzj0EAwIDSAAwRQIhAMB6zvDuntAqCruLtXbfGPwli7T6DFroqhUhTIZANFBe -AiB6xZr8dBBL401xyjDxKfCSU4Xt8lKa+SNNgFXxolbSgg== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectStreetWrongEncoding.pem b/v3/testdata/subjectStreetWrongEncoding.pem deleted file mode 100644 index 9c95715cc..000000000 --- a/v3/testdata/subjectStreetWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 0e:da:e1:4f:b5:2d:76:0f:f8:d4:c4:c7 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: street = BMPString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:b5:b2:dd:b6:7f:e5:b6:8c:c2:fb:59:4b:10: - 88:5b:93:73:ca:4e:74:2f:2f:44:fd:1a:13:42:fa:3f:d4:8b: - 61:02:21:00:fe:a2:e0:c5:d7:fe:66:90:be:a3:86:30:d1:45: - 87:16:4e:06:87:a8:6d:f3:82:55:41:95:0b:69:fe:9d:79:d5 ------BEGIN CERTIFICATE----- -MIIBXTCCAQKgAwIBAgIMDtrhT7Utdg/41MTHMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowHTEbMBkGA1UECR4SAEIATQBQAFMAdABy -AGkAbgBnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9v -Kt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWAr -FKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSQAwRgIhALWy -3bZ/5baMwvtZSxCIW5Nzyk50Ly9E/RoTQvo/1IthAiEA/qLgxdf+ZpC+o4Yw0UWH -Fk4Gh6ht84JVQZULaf6dedU= ------END CERTIFICATE----- diff --git a/v3/testdata/subjectSurnameCorrectEncoding.pem b/v3/testdata/subjectSurnameCorrectEncoding.pem deleted file mode 100644 index 8e9d87b72..000000000 --- a/v3/testdata/subjectSurnameCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - b5:a3:07:25:a9:87:c6:6a:13:70:84:34 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: SN = UTF8String, SN = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:b4:b2:d8:d6:cb:9d:ef:a0:ce:e2:f2:42:47: - 82:da:77:4c:8e:36:5e:01:54:4d:34:b8:18:39:a1:41:41:6a: - a9:02:21:00:ef:27:77:3c:5b:b3:00:ae:c3:76:88:13:df:e8: - 37:cd:3f:16:bd:59:25:83:2a:c3:13:c0:f0:46:51:6d:bf:ea ------BEGIN CERTIFICATE----- -MIIBcDCCARWgAwIBAgINALWjByWph8ZqE3CENDAKBggqhkjOPQQDAjAuMRAwDgYD -VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 -MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMC8xEzARBgNVBAQMClVURjhTdHJpbmcx -GDAWBgNVBAQTD1ByaW50YWJsZVN0cmluZzBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+8X1eHyI8Oe3xcCRefRUq -4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoG -CCqGSM49BAMCA0kAMEYCIQC0stjWy53voM7i8kJHgtp3TI42XgFUTTS4GDmhQUFq -qQIhAO8ndzxbswCuw3aIE9/oN80/Fr1ZJYMqwxPA8EZRbb/q ------END CERTIFICATE----- diff --git a/v3/testdata/subjectSurnameWrongEncoding.pem b/v3/testdata/subjectSurnameWrongEncoding.pem deleted file mode 100644 index be598d33d..000000000 --- a/v3/testdata/subjectSurnameWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 87:56:ba:6b:cb:7a:5b:1f:0e:b5:48:26 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: SN = IA5String - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:44:02:20:0d:57:db:b2:67:2e:65:19:ce:63:53:70:6a:47: - 3c:04:39:e7:53:87:20:60:06:96:5b:9b:29:f4:03:d7:25:ac: - 02:20:07:a1:fb:68:1b:6b:ea:a3:15:7f:e7:89:13:64:d0:5d: - 6b:3c:03:56:aa:6f:d7:57:0a:f1:00:7b:f5:ab:b3:dc ------BEGIN CERTIFICATE----- -MIIBUjCB+qADAgECAg0Ah1a6a8t6Wx8OtUgmMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowFDESMBAGA1UEBBYJSUE1U3RyaW5nMFkw -EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzRyOKXCZ9vKt9VMJcGPQZZ -lGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/QXEdxWArFKMXMBUwEwYD -VR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDRwAwRAIgDVfbsmcuZRnOY1Nw -akc8BDnnU4cgYAaWW5sp9APXJawCIAeh+2gba+qjFX/niRNk0F1rPANWqm/XVwrx -AHv1q7Pc ------END CERTIFICATE----- diff --git a/v3/testdata/subjectjurCCorrectEncoding.pem b/v3/testdata/subjectjurCCorrectEncoding.pem deleted file mode 100644 index ec102a6f4..000000000 --- a/v3/testdata/subjectjurCCorrectEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - fe:1e:6a:61:05:21:d3:4a:fc:2a:42:57 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: jurisdictionC = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:05:98:30:fd:9e:69:1a:f2:e2:14:0e:28:a1:92: - 48:99:94:98:3b:e7:74:95:77:ed:40:28:de:10:22:e0:2b:a2: - 02:21:00:f7:d7:8d:63:83:b2:d8:4e:95:40:b6:a8:ee:57:73: - 5c:2e:e3:27:b9:3c:bb:72:cf:da:a4:97:56:e9:ca:ea:20 ------BEGIN CERTIFICATE----- -MIIBYjCCAQigAwIBAgINAP4eamEFIdNK/CpCVzAKBggqhkjOPQQDAjAuMRAwDgYD -VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 -MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMCIxIDAeBgsrBgEEAYI3PAIBAxMPUHJp -bnRhYmxlU3RyaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9bBzR -yOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR/mE/ -QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwIDSAAw -RQIgBZgw/Z5pGvLiFA4ooZJImZSYO+d0lXftQCjeECLgK6ICIQD3141jg7LYTpVA -tqjuV3NcLuMnuTy7cs/apJdW6crqIA== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectjurCWrongEncoding.pem b/v3/testdata/subjectjurCWrongEncoding.pem deleted file mode 100644 index f4ab2f532..000000000 --- a/v3/testdata/subjectjurCWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 1b:6f:0c:d0:d1:24:8f:e7:93:c5:16:fd - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: jurisdictionC = BMPString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:52:bb:30:1b:86:c8:fd:9b:4a:a8:f4:de:ba:56: - b5:fb:b2:26:04:95:7c:7c:b9:77:68:68:10:5a:48:90:c5:c9: - 02:21:00:c5:8f:a2:59:e3:e7:85:34:2a:84:0f:64:fe:41:87: - f0:54:26:f0:03:af:01:56:2c:d0:08:df:f5:54:8a:b1:3c ------BEGIN CERTIFICATE----- -MIIBZDCCAQqgAwIBAgIMG28M0NEkj+eTxRb9MAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowJTEjMCEGCysGAQQBgjc8AgEDHhIAQgBN -AFAAUwB0AHIAaQBuAGcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ1ffiaiX1s -HNHI4pcJn28q31UwlwY9BlmUZpLaPvF9Xh8iPDnt8XAkXn0VKuD8b4tphly03BH+ -YT9BcR3FYCsUoxcwFTATBgNVHSAEDDAKMAgGBmeBDAECATAKBggqhkjOPQQDAgNI -ADBFAiBSuzAbhsj9m0qo9N66VrX7siYElXx8uXdoaBBaSJDFyQIhAMWPolnj54U0 -KoQPZP5Bh/BUJvADrwFWLNAI3/VUirE8 ------END CERTIFICATE----- diff --git a/v3/testdata/subjectjurLCorrectEncoding.pem b/v3/testdata/subjectjurLCorrectEncoding.pem deleted file mode 100644 index d43eed27a..000000000 --- a/v3/testdata/subjectjurLCorrectEncoding.pem +++ /dev/null @@ -1,42 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 3b:ac:e1:ff:21:e4:71:37:e5:fe:d5:a6 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: jurisdictionL = UTF8String, jurisdictionL = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:4f:48:36:68:89:4a:9d:62:86:99:99:ca:f5:72: - 8e:1b:1f:66:4e:7a:db:c8:a8:43:0a:9b:7c:59:ca:fd:0a:d1: - 02:21:00:f7:b5:73:b4:90:c5:77:f9:dc:7d:80:2f:02:17:35: - 15:49:d3:de:b5:df:65:f7:f9:69:35:3c:48:18:f5:95:50 ------BEGIN CERTIFICATE----- -MIIBfjCCASSgAwIBAgIMO6zh/yHkcTfl/tWmMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowPzEbMBkGCysGAQQBgjc8AgEBDApVVEY4 -U3RyaW5nMSAwHgYLKwYBBAGCNzwCAQETD1ByaW50YWJsZVN0cmluZzBZMBMGByqG -SM49AgEGCCqGSM49AwEHA0IABDV9+JqJfWwc0cjilwmfbyrfVTCXBj0GWZRmkto+ -8X1eHyI8Oe3xcCRefRUq4Pxvi2mGXLTcEf5hP0FxHcVgKxSjFzAVMBMGA1UdIAQM -MAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0gAMEUCIE9INmiJSp1ihpmZyvVyjhsf -Zk5628ioQwqbfFnK/QrRAiEA97VztJDFd/ncfYAvAhc1FUnT3rXfZff5aTU8SBj1 -lVA= ------END CERTIFICATE----- diff --git a/v3/testdata/subjectjurLWrongEncoding.pem b/v3/testdata/subjectjurLWrongEncoding.pem deleted file mode 100644 index ad5a73f7e..000000000 --- a/v3/testdata/subjectjurLWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - a5:1b:98:5a:61:8e:fa:4e:1d:db:3a:ea - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: jurisdictionL = BMPString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:21:00:cf:38:54:96:6d:9f:aa:4e:54:b9:b5:17:e6: - c5:33:d8:57:7d:62:b4:f3:06:16:ec:f2:a7:bd:45:a8:dc:cb: - bf:02:20:22:3e:7a:37:19:30:58:58:4d:68:f6:66:66:94:51: - e7:60:83:46:fd:68:6b:c6:1f:35:58:b5:8f:d9:91:f1:84 ------BEGIN CERTIFICATE----- -MIIBZTCCAQugAwIBAgINAKUbmFphjvpOHds66jAKBggqhkjOPQQDAjAuMRAwDgYD -VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 -MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMCUxIzAhBgsrBgEEAYI3PAIBAR4SAEIA -TQBQAFMAdAByAGkAbgBnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENX34mol9 -bBzRyOKXCZ9vKt9VMJcGPQZZlGaS2j7xfV4fIjw57fFwJF59FSrg/G+LaYZctNwR -/mE/QXEdxWArFKMXMBUwEwYDVR0gBAwwCjAIBgZngQwBAgEwCgYIKoZIzj0EAwID -SAAwRQIhAM84VJZtn6pOVLm1F+bFM9hXfWK08wYW7PKnvUWo3Mu/AiAiPno3GTBY -WE1o9mZmlFHnYING/Whrxh81WLWP2ZHxhA== ------END CERTIFICATE----- diff --git a/v3/testdata/subjectjurSTCorrectEncoding.pem b/v3/testdata/subjectjurSTCorrectEncoding.pem deleted file mode 100644 index d1714a1ba..000000000 --- a/v3/testdata/subjectjurSTCorrectEncoding.pem +++ /dev/null @@ -1,42 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - bd:36:1c:fc:36:8f:3d:66:2e:02:1e:ee - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: jurisdictionST = UTF8String, jurisdictionST = PrintableString - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:45:02:20:59:42:8f:1a:d0:24:9a:9a:7c:19:09:41:c7:f1: - e8:47:82:c7:1e:8d:94:d6:d5:4c:f9:de:52:7b:c4:6f:19:d1: - 02:21:00:97:8d:85:94:70:18:86:53:38:7b:cf:9d:ba:57:63: - 24:18:13:c1:c6:f9:eb:32:4f:31:bd:38:99:00:50:e8:1b ------BEGIN CERTIFICATE----- -MIIBfzCCASWgAwIBAgINAL02HPw2jz1mLgIe7jAKBggqhkjOPQQDAjAuMRAwDgYD -VQQDDAdMaW50IENBMQ0wCwYDVQQKDARMaW50MQswCQYDVQQGEwJERTAeFw0yMzA5 -MTUwMDAwMDBaFw0yNDA5MTUwMDAwMDBaMD8xGzAZBgsrBgEEAYI3PAIBAgwKVVRG -OFN0cmluZzEgMB4GCysGAQQBgjc8AgECEw9QcmludGFibGVTdHJpbmcwWTATBgcq -hkjOPQIBBggqhkjOPQMBBwNCAAQ1ffiaiX1sHNHI4pcJn28q31UwlwY9BlmUZpLa -PvF9Xh8iPDnt8XAkXn0VKuD8b4tphly03BH+YT9BcR3FYCsUoxcwFTATBgNVHSAE -DDAKMAgGBmeBDAECATAKBggqhkjOPQQDAgNIADBFAiBZQo8a0CSamnwZCUHH8ehH -gscejZTW1Uz53lJ7xG8Z0QIhAJeNhZRwGIZTOHvPnbpXYyQYE8HG+esyTzG9OJkA -UOgb ------END CERTIFICATE----- diff --git a/v3/testdata/subjectjurSTWrongEncoding.pem b/v3/testdata/subjectjurSTWrongEncoding.pem deleted file mode 100644 index 969c81e2a..000000000 --- a/v3/testdata/subjectjurSTWrongEncoding.pem +++ /dev/null @@ -1,41 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - a1:68:4b:d3:9f:d5:85:6f:62:65:e5 - Signature Algorithm: ecdsa-with-SHA256 - Issuer: CN = Lint CA, O = Lint, C = DE - Validity - Not Before: Sep 15 00:00:00 2023 GMT - Not After : Sep 15 00:00:00 2024 GMT - Subject: jurisdictionST = IA5String - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:35:7d:f8:9a:89:7d:6c:1c:d1:c8:e2:97:09:9f: - 6f:2a:df:55:30:97:06:3d:06:59:94:66:92:da:3e: - f1:7d:5e:1f:22:3c:39:ed:f1:70:24:5e:7d:15:2a: - e0:fc:6f:8b:69:86:5c:b4:dc:11:fe:61:3f:41:71: - 1d:c5:60:2b:14 - ASN1 OID: prime256v1 - NIST CURVE: P-256 - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 2.23.140.1.2.1 - - Signature Algorithm: ecdsa-with-SHA256 - 30:46:02:21:00:e0:47:84:22:ee:9d:fd:89:e5:c1:6b:5d:95: - 27:f3:23:30:44:9b:ff:c2:62:a4:eb:86:d8:01:17:73:1c:31: - a1:02:21:00:d7:85:c0:a3:8a:2b:53:07:ec:63:10:15:74:c2: - 24:0b:62:6e:6f:24:46:d9:c7:de:a3:98:10:62:8f:a8:4e:f2 ------BEGIN CERTIFICATE----- -MIIBXDCCAQGgAwIBAgIMAKFoS9Of1YVvYmXlMAoGCCqGSM49BAMCMC4xEDAOBgNV -BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx -NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowHDEaMBgGCysGAQQBgjc8AgECFglJQTVT -dHJpbmcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ1ffiaiX1sHNHI4pcJn28q -31UwlwY9BlmUZpLaPvF9Xh8iPDnt8XAkXn0VKuD8b4tphly03BH+YT9BcR3FYCsU -oxcwFTATBgNVHSAEDDAKMAgGBmeBDAECATAKBggqhkjOPQQDAgNJADBGAiEA4EeE -Iu6d/YnlwWtdlSfzIzBEm//CYqTrhtgBF3McMaECIQDXhcCjiitTB+xjEBV0wiQL -Ym5vJEbZx96jmBBij6hO8g== ------END CERTIFICATE----- From b3a86b3c0f6658a402f3a81dfb32b534e1abba3e Mon Sep 17 00:00:00 2001 From: mtgag Date: Tue, 9 Apr 2024 11:45:06 +0200 Subject: [PATCH 13/21] Revert "synchronised with project" This reverts commit 2cd7d087f4a812d4ef3640560edf1d07cce2ea56. --- v3/lints/cabf_smime_br/mailbox_address_from_san_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/v3/lints/cabf_smime_br/mailbox_address_from_san_test.go b/v3/lints/cabf_smime_br/mailbox_address_from_san_test.go index fe030488e..3d3d23542 100644 --- a/v3/lints/cabf_smime_br/mailbox_address_from_san_test.go +++ b/v3/lints/cabf_smime_br/mailbox_address_from_san_test.go @@ -42,13 +42,13 @@ func TestMailboxAddressFromSANLint(t *testing.T) { ExpectedResult: lint.Pass, }, { - Name: "NA - only contains one san:emailAddress value", + Name: "pass - only contains one san:emailAddress value", InputFilename: "WithOnlySANEmail.pem", ExpectedResult: lint.Pass, }, { - Name: "NA - only contains one san:otherName value", + Name: "pass - only contains one san:otherName value", InputFilename: "WithOnlySANOtherName.pem", ExpectedResult: lint.Pass, @@ -94,7 +94,7 @@ func TestMailboxAddressFromSANLint(t *testing.T) { ExpectedDetails: "all certificate mailbox addresses must be present in san:emailAddresses or san:otherNames in addition to any other field they may appear", }, { - Name: "NA - subject:commonName is personal name, san:emailAddress contains an email", + Name: "pass - subject:commonName is personal name, san:emailAddress contains an email", InputFilename: "sponsorValidatedMultipurposePersonalNameInCN.pem", ExpectedResult: lint.Pass, From 68edbfde9fb7457e0c26400b505c4e1a31a57ca0 Mon Sep 17 00:00:00 2001 From: mtgag Date: Fri, 21 Jun 2024 07:26:35 +0200 Subject: [PATCH 14/21] added psd2 related lint --- v3/integration/config.json | 1 + v3/integration/small.config.json | 1 + .../lint_qcstatem_psd2_national_scheme.go | 101 ++++ ...lint_qcstatem_psd2_national_scheme_test.go | 50 ++ v3/testdata/EvAltRegNumCert52NoOrgId.pem | 101 ++++ ...EvAltRegNumCert56JurCountryNotMatching.pem | 101 ++++ v3/testdata/QcStmtPsd2Cert01InvalidRoles.pem | 103 ++++ .../QcStmtPsd2Cert02Psd2ExtInvNcaId.pem | 103 ++++ v3/testdata/QcStmtPsd2Cert05Valid.pem | 103 ++++ .../QcStmtPsd2Cert07MissingRoleName.pem | 103 ++++ .../QcStmtPsd2Cert08NcaNameMissing.pem | 102 ++++ .../QcStmtPsd2Cert09NcaNameZeroLength.pem | 102 ++++ .../QcStmtPsd2Cert10RoleNameMissing.pem | 104 +++++ .../QcStmtPsd2Cert11RoleNameZeroLength.pem | 103 ++++ ...QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem | 103 ++++ v3/testdata/QcStmtPsd2Cert14Valid.pem | 102 ++++ ...tmtPsd2Cert16RoleIdAndNameInconsistent.pem | 103 ++++ v3/testdata/QcStmtPsd2Cert47MissingUri.pem | 103 ++++ ...tmtPsd2Cert48LegalPersonSyntaxViolated.pem | 103 ++++ .../QcStmtPsd2Cert49ValidNationalScheme.pem | 103 ++++ v3/util/alt_reg_num_ev.go | 137 ++++++ v3/util/misc.go | 22 + v3/util/oid.go | 55 ++- v3/util/qc_stmt.go | 438 ++++++++++++++---- v3/util/time.go | 8 +- 25 files changed, 2348 insertions(+), 107 deletions(-) create mode 100644 v3/lints/etsi/lint_qcstatem_psd2_national_scheme.go create mode 100644 v3/lints/etsi/lint_qcstatem_psd2_national_scheme_test.go create mode 100644 v3/testdata/EvAltRegNumCert52NoOrgId.pem create mode 100644 v3/testdata/EvAltRegNumCert56JurCountryNotMatching.pem create mode 100644 v3/testdata/QcStmtPsd2Cert01InvalidRoles.pem create mode 100644 v3/testdata/QcStmtPsd2Cert02Psd2ExtInvNcaId.pem create mode 100644 v3/testdata/QcStmtPsd2Cert05Valid.pem create mode 100644 v3/testdata/QcStmtPsd2Cert07MissingRoleName.pem create mode 100644 v3/testdata/QcStmtPsd2Cert08NcaNameMissing.pem create mode 100644 v3/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem create mode 100644 v3/testdata/QcStmtPsd2Cert10RoleNameMissing.pem create mode 100644 v3/testdata/QcStmtPsd2Cert11RoleNameZeroLength.pem create mode 100644 v3/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem create mode 100644 v3/testdata/QcStmtPsd2Cert14Valid.pem create mode 100644 v3/testdata/QcStmtPsd2Cert16RoleIdAndNameInconsistent.pem create mode 100644 v3/testdata/QcStmtPsd2Cert47MissingUri.pem create mode 100644 v3/testdata/QcStmtPsd2Cert48LegalPersonSyntaxViolated.pem create mode 100644 v3/testdata/QcStmtPsd2Cert49ValidNationalScheme.pem create mode 100644 v3/util/alt_reg_num_ev.go create mode 100644 v3/util/misc.go diff --git a/v3/integration/config.json b/v3/integration/config.json index a40b654c0..cc6e6e486 100644 --- a/v3/integration/config.json +++ b/v3/integration/config.json @@ -817,6 +817,7 @@ "ErrCount": 23 }, "e_cab_dv_subject_invalid_values": {}, + "e_qcstatem_psd2_national_scheme": {}, "n_ca_digital_signature_not_set": { "NoticeCount": 1405 }, diff --git a/v3/integration/small.config.json b/v3/integration/small.config.json index 7f85f0159..04cc14b2e 100644 --- a/v3/integration/small.config.json +++ b/v3/integration/small.config.json @@ -326,6 +326,7 @@ "e_incorrect_ku_encoding": { "ErrCount": 239 }, + "e_qcstatem_psd2_national_scheme": {}, "n_ca_digital_signature_not_set": { "NoticeCount": 29 }, diff --git a/v3/lints/etsi/lint_qcstatem_psd2_national_scheme.go b/v3/lints/etsi/lint_qcstatem_psd2_national_scheme.go new file mode 100644 index 000000000..453159370 --- /dev/null +++ b/v3/lints/etsi/lint_qcstatem_psd2_national_scheme.go @@ -0,0 +1,101 @@ +package etsi + +/* + * ZLint Copyright 2024 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +import ( + "regexp" + + "github.com/zmap/zcrypto/encoding/asn1" + "github.com/zmap/zcrypto/x509" + "github.com/zmap/zlint/v3/lint" + "github.com/zmap/zlint/v3/util" +) + +type qcStatemPsd2NationalScheme struct{} + +func init() { + lint.RegisterCertificateLint(&lint.CertificateLint{ + LintMetadata: lint.LintMetadata{ + Name: "e_qcstatem_psd2_national_scheme", + Description: "This lint applies if in a PSD2 certificate (i.e. featuring the PSD2 QcStatement) the subject:organizationIdentifier has a prefix of the form: 2 arbitrary initial characters followed by a colon. In this case it checks that the remainder of the string also fulfills the national scheme syntax.", + Citation: "ETSI TS 119 495, '5.2.1 PSD2 Authorization Number or other recognized identifier'", + Source: lint.EtsiEsi, + EffectiveDate: util.EtsiPSD2Date, + }, + Lint: NewQcStatemPsd2NationalScheme, + }) +} + +func NewQcStatemPsd2NationalScheme() lint.LintInterface { + return &qcStatemPsd2NationalScheme{} +} + +func (l *qcStatemPsd2NationalScheme) CheckApplies(c *x509.Certificate) bool { + _, isPresent := util.IsQcStatemPresent(c, &util.IdEtsiPsd2Statem) + if !isPresent { + return false + } + + orgId := util.GetSubjectOrgId(c.RawSubject) + re := regexp.MustCompile(`^.{2}:`) + return re.MatchString(orgId.Value) +} + +func (l *qcStatemPsd2NationalScheme) Execute(c *x509.Certificate) *lint.LintResult { + + orgId := util.GetSubjectOrgId(c.RawSubject) + if !orgId.IsPresent { + return &lint.LintResult{Status: lint.Error, Details: "missing mandatory subject:OrganizationIdentifier"} + } + if orgId.ErrorString != "" { + return &lint.LintResult{Status: lint.Error, Details: orgId.ErrorString} + } + if !util.CheckNationalScheme(orgId.Value) { + return &lint.LintResult{Status: lint.Error, Details: "invalid format of subject:organizationIdentifier for national scheme"} + } + errStr, isPresent := util.IsQcStatemPresent(c, &util.IdQcsPkixQCSyntaxV2) + if errStr != "" { + return &lint.LintResult{Status: lint.Error, Details: "error parsing IdQcsPkixQCSyntaxV2 Qc Statement"} + } + + if !isPresent { + return &lint.LintResult{Status: lint.Error, Details: "national scheme requires URI in IdQcsPkixQCSyntaxV2 Qc Statement, but this Qc Statement is not present"} + } + qcs2Generic := util.ParseQcStatem(util.GetQcStatemExtValue(c), util.IdQcsPkixQCSyntaxV2) + if qcs2Generic.GetErrorInfo() != "" { + return &lint.LintResult{Status: lint.Error, Details: qcs2Generic.GetErrorInfo()} + } + qcs2 := qcs2Generic.(util.DecodedQcS2) + for _, x := range qcs2.Decoded.NameRegAuthorities { + if len(x.FullBytes) < 3 { // have at least tag, length, value one byte each + continue + } + if x.FullBytes[0] != 0x86 { + continue + } + var decodedUri string // + rest, err := asn1.UnmarshalWithParams(x.FullBytes, &decodedUri, "tag:6") + if err != nil { + return &lint.LintResult{Status: lint.Error, Details: err.Error()} + } + if len(rest) != 0 { + return &lint.LintResult{Status: lint.Error, Details: "Trailing bytes after URI"} + } + return &lint.LintResult{Status: lint.Pass} + + } + + return &lint.LintResult{Status: lint.Error, Details: "did not find URI element within IdQcsPkixQCSyntaxV2 Qc Statement, which is mandatory for the national scheme format of the subject:organizationIdentifier"} +} diff --git a/v3/lints/etsi/lint_qcstatem_psd2_national_scheme_test.go b/v3/lints/etsi/lint_qcstatem_psd2_national_scheme_test.go new file mode 100644 index 000000000..2c00203fe --- /dev/null +++ b/v3/lints/etsi/lint_qcstatem_psd2_national_scheme_test.go @@ -0,0 +1,50 @@ +package etsi + +/* + * ZLint Copyright 2024 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +import ( + "testing" + + "github.com/zmap/zlint/v3/lint" + "github.com/zmap/zlint/v3/test" +) + +func TestQcStatemPsd2NationalScheme(t *testing.T) { + m := map[string]lint.LintStatus{ + "QcStmtPsd2Cert01InvalidRoles.pem": lint.NA, + "QcStmtPsd2Cert02Psd2ExtInvNcaId.pem": lint.NA, + "QcStmtPsd2Cert05Valid.pem": lint.NA, + "QcStmtPsd2Cert07MissingRoleName.pem": lint.NA, + "QcStmtPsd2Cert08NcaNameMissing.pem": lint.NA, + "QcStmtPsd2Cert09NcaNameZeroLength.pem": lint.NA, + "QcStmtPsd2Cert10RoleNameMissing.pem": lint.NA, + "QcStmtPsd2Cert11RoleNameZeroLength.pem": lint.NA, + "QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem": lint.NA, + "QcStmtPsd2Cert14Valid.pem": lint.NA, + "QcStmtPsd2Cert16RoleIdAndNameInconsistent.pem": lint.NA, + "QcStmtPsd2Cert47MissingUri.pem": lint.Error, + "QcStmtPsd2Cert48LegalPersonSyntaxViolated.pem": lint.NA, + "QcStmtPsd2Cert49ValidNationalScheme.pem": lint.Pass, + "EvAltRegNumCert56JurCountryNotMatching.pem": lint.NA, + "EvAltRegNumCert52NoOrgId.pem": lint.NA, + } + for inputPath, expected := range m { + out := test.TestLint("e_qcstatem_psd2_national_scheme", inputPath) + + if out.Status != expected { + t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status) + } + } +} diff --git a/v3/testdata/EvAltRegNumCert52NoOrgId.pem b/v3/testdata/EvAltRegNumCert52NoOrgId.pem new file mode 100644 index 000000000..3a1bea860 --- /dev/null +++ b/v3/testdata/EvAltRegNumCert52NoOrgId.pem @@ -0,0 +1,101 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0c:c5:96:7f:f3:7e:ac:5c:b4:e5:d3:89:2d + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: O = MTG, L = Darmstadt, ST = Hessen, C = DE, businessCategory = Private Organization, serialNumber = HRB 123456, jurisdictionC = DE, jurisdictionST = Hessen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 2.23.140.1.1 + Policy: 1.3.6.1.4.1.7879.13.24.1 + CPS: http://www.telesec.de/serverpass/cps.html + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 2e:c6:ac:44:0a:17:61:4b:bc:98:30:95:86:86:6f:2d:c5:dc: + f1:73:91:ac:25:fc:84:61:11:18:a7:6e:ba:23:ff:db:6c:7e: + d8:e9:4d:7e:b5:05:2c:4f:7c:75:90:46:da:10:e6:21:4a:ed: + aa:77:2a:e2:00:8b:be:d4:28:df:c4:76:8d:4a:db:bb:8d:e8: + 71:79:09:50:9a:da:ad:aa:6c:26:91:b1:90:df:19:65:15:f8: + 3c:00:32:ea:d1:25:16:4f:9e:c3:ea:ed:bd:8e:f3:f4:84:5c: + 98:d2:bb:08:06:12:d3:3c:20:f9:4d:e3:18:f2:57:08:eb:9b: + 7b:53:3e:9f:12:e5:3a:82:78:b9:13:c2:9f:ce:61:aa:ea:f5: + 4a:98:cc:f5:0a:3e:e8:bc:e5:1f:92:70:d9:54:47:53:6b:04: + 7e:dc:53:a8:23:f7:02:16:14:88:a7:1c:9a:aa:78:22:10:52: + 04:33:0f:1e:eb:59:f5:a0:12:e9:d6:6c:3b:56:68:e5:c5:ba: + 95:f1:71:33:e9:63:e7:9d:6f:02:69:e7:96:08:f7:47:a9:cc: + 27:39:0a:ae:71:c4:85:32:9f:f7:20:c3:8e:c8:32:d5:d9:fb: + 1d:2f:80:e2:1e:13:3e:7c:2a:4a:f3:7d:0e:f5:cd:ee:3d:62: + 1b:53:db:3e +-----BEGIN CERTIFICATE----- +MIIEyTCCA7GgAwIBAgINDMWWf/N+rFy05dOJLTANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjCB +ojEMMAoGA1UECgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhl +c3NlbjELMAkGA1UEBhMCREUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9u +MRMwEQYDVQQFEwpIUkIgMTIzNDU2MRMwEQYLKwYBBAGCNzwCAQMMAkRFMRcwFQYL +KwYBBAGCNzwCAQIMBkhlc3NlbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSK +ummj68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nb +i8M1DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTt +LWQkd+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYO +rl/8zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0 +cXCA09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAVwwggFYMB8GA1UdIwQYMBaAFAxe +nP66SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZD +OzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cu +ZXhhbXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8v +Y2EuZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5l +eGFtcGxlLmNvbS9vY3NwMFkGA1UdIARSMFAwBwYFZ4EMAQEwRQYKKwYBBAG9Rw0Y +ATA3MDUGCCsGAQUFBwIBFilodHRwOi8vd3d3LnRlbGVzZWMuZGUvc2VydmVycGFz +cy9jcHMuaHRtbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZI +hvcNAQELBQADggEBAC7GrEQKF2FLvJgwlYaGby3F3PFzkawl/IRhERinbroj/9ts +ftjpTX61BSxPfHWQRtoQ5iFK7ap3KuIAi77UKN/Edo1K27uN6HF5CVCa2q2qbCaR +sZDfGWUV+DwAMurRJRZPnsPq7b2O8/SEXJjSuwgGEtM8IPlN4xjyVwjrm3tTPp8S +5TqCeLkTwp/OYarq9UqYzPUKPui85R+ScNlUR1NrBH7cU6gj9wIWFIinHJqqeCIQ +UgQzDx7rWfWgEunWbDtWaOXFupXxcTPpY+edbwJp55YI90epzCc5Cq5xxIUyn/cg +w47IMtXZ+x0vgOIeEz58KkrzfQ71ze49YhtT2z4= +-----END CERTIFICATE----- diff --git a/v3/testdata/EvAltRegNumCert56JurCountryNotMatching.pem b/v3/testdata/EvAltRegNumCert56JurCountryNotMatching.pem new file mode 100644 index 000000000..a71f8671f --- /dev/null +++ b/v3/testdata/EvAltRegNumCert56JurCountryNotMatching.pem @@ -0,0 +1,101 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 02:62:35:a7:7d:ac:f7:2a:53:e4:00:0d:67 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: O = MTG, L = Darmstadt, ST = Hessen, C = DE, businessCategory = Private Organization, organizationIdentifier = NTRDE-12345678, serialNumber = 12345678, jurisdictionC = GB + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 2.23.140.1.1 + Policy: 1.3.6.1.4.1.7879.13.24.1 + CPS: http://www.telesec.de/serverpass/cps.html + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 5f:b4:a1:1e:4c:7e:39:f0:ce:fd:66:b8:5f:f6:fa:05:f3:04: + c6:22:1e:40:12:e0:3c:25:3f:db:37:6c:10:0e:ec:aa:7a:a9: + 9e:fd:0b:94:5f:b0:88:bb:65:b0:b0:f6:f3:f0:21:5e:d9:0d: + 52:28:f3:39:80:c9:53:1a:e7:db:fd:b7:a1:6b:8c:c2:5a:a3: + 3c:35:76:f8:b7:f8:52:34:39:03:f7:6d:ba:b3:91:56:de:54: + f7:4f:36:c3:47:09:7e:7b:29:2b:b0:85:03:58:42:18:ca:f8: + 3a:24:8e:e0:2b:fe:75:d9:06:de:4e:7d:77:d6:52:24:52:40: + 67:b9:9f:5b:ee:43:77:70:f4:34:7a:48:9c:ac:29:3c:16:36: + 73:df:f1:f6:d6:6e:c1:76:f4:93:17:43:a6:05:4b:1e:4d:ca: + c7:dd:ac:ca:c2:a9:f6:00:7f:d1:01:eb:49:98:8f:56:ec:74: + 04:85:4b:a7:3c:a3:3e:75:25:bf:35:05:03:f4:1d:43:32:cf: + 5c:f1:6d:7c:bc:e5:a7:9e:be:41:7f:34:bb:93:22:31:87:f4: + dd:ef:bc:10:7f:21:a5:31:a0:5e:62:8a:bb:ba:85:e3:8d:2f: + 02:b1:57:7e:02:f6:e1:a5:d6:be:e3:b8:3d:8d:94:3d:e0:77: + 32:83:de:a8 +-----BEGIN CERTIFICATE----- +MIIExzCCA6+gAwIBAgINAmI1p32s9ypT5AANZzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjCB +oDEMMAoGA1UECgwDTVRHMRIwEAYDVQQHDAlEYXJtc3RhZHQxDzANBgNVBAgMBkhl +c3NlbjELMAkGA1UEBhMCREUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9u +MRcwFQYDVQRhDA5OVFJERS0xMjM0NTY3ODERMA8GA1UEBRMIMTIzNDU2NzgxEzAR +BgsrBgEEAYI3PAIBAwwCR0IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDCDYFxtJQFvM+ZiqpiCPIuY7IeRvkrhZjDg9DOJq12j1znWwUgJSYyGcIkirpp +o+vKEKTzz7XGHvZwWJZbiFJqiEIzhbjGFkhPAUU5P+FquQa17zfbeZ5QkFdDW4vD +NQ2zQfQbwkp/GDw5LU+/K6VxB3MzAOWNNp7+j3LFclYIzIa277ri/Ztcxi2U7S1k +JHfmZ01i25QuKY7dHXrKvGj7FSyAVtPd5zqPmBgUSxHZxAEfuXrQ2a1pEQX2Dq5f +/M3Gs8tNro5FGAqowEARKNzNn3omZ1pHgJvZTPfaX20TgxqRktG5RPdya5dHdHFw +gNPWc792M1xwuG+HNz5+jnXlAgMBAAGjggFcMIIBWDAfBgNVHSMEGDAWgBQMXpz+ +ukshbAQdwlq344hfWd5MEjAdBgNVHQ4EFgQUDmuqg6myTVyFzbHSL4f3IMs2Qzsw +DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4 +YW1wbGUuY29tMGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDovL2Nh +LmV4YW1wbGUuY29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AuZXhh +bXBsZS5jb20vb2NzcDBZBgNVHSAEUjBQMAcGBWeBDAEBMEUGCisGAQQBvUcNGAEw +NzA1BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxlc2VjLmRlL3NlcnZlcnBhc3Mv +Y3BzLmh0bWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4IBAQBftKEeTH458M79Zrhf9voF8wTGIh5AEuA8JT/bN2wQDuyqeqme +/QuUX7CIu2WwsPbz8CFe2Q1SKPM5gMlTGufb/beha4zCWqM8NXb4t/hSNDkD9226 +s5FW3lT3TzbDRwl+eykrsIUDWEIYyvg6JI7gK/512QbeTn131lIkUkBnuZ9b7kN3 +cPQ0ekicrCk8FjZz3/H21m7BdvSTF0OmBUseTcrH3azKwqn2AH/RAetJmI9W7HQE +hUunPKM+dSW/NQUD9B1DMs9c8W18vOWnnr5BfzS7kyIxh/Td77wQfyGlMaBeYoq7 +uoXjjS8CsVd+Avbhpda+47g9jZQ94Hcyg96o +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert01InvalidRoles.pem b/v3/testdata/QcStmtPsd2Cert01InvalidRoles.pem new file mode 100644 index 000000000..9023af143 --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert01InvalidRoles.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0c:02:fd:2a:9d:b9:49:14:ff:cc:3d:a8:1f + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = PSDDE-BAFIN-1234567890 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0..0......F..0......F..0......F...0...+.......0.......I..0R......'.0H0.0.......'....PSP_PI.'Federal Financial Supervisory Authority..DE-BAFIN + Signature Algorithm: sha256WithRSAEncryption + 20:4e:b7:a4:1d:8e:05:8a:d9:a9:ac:20:59:a6:7f:db:7b:72: + 7c:2d:a6:28:13:7b:70:4b:9c:49:ac:3c:03:f0:d1:30:54:e4: + 6d:29:83:55:2d:7a:9e:dd:be:bd:24:fb:e9:4c:32:a0:07:cb: + 11:99:f1:e5:31:8f:15:e7:fd:55:05:4d:18:ac:bf:0b:a4:d0: + 67:03:89:88:7b:8f:d0:ff:bb:24:c7:b2:00:f9:20:eb:ee:00: + 35:9c:c4:74:3a:91:1c:80:59:5a:ae:e5:e2:eb:50:8c:b4:97: + 6d:52:7e:95:35:58:62:e2:a8:21:b5:e1:1c:f3:96:30:de:ee: + 38:16:47:8b:ee:29:46:e4:e3:f2:d6:6a:f4:42:11:73:de:8c: + 32:7b:32:f4:3a:43:c2:70:8f:8b:73:74:56:57:51:dc:31:41: + 42:7f:ca:9e:a9:c0:d3:b7:fa:a9:1a:ee:a8:b9:ac:70:fc:f2: + d3:41:3f:25:1e:bd:5d:fb:86:e9:ac:2e:37:c3:cc:71:48:36: + cf:43:d4:13:03:a9:98:b1:74:60:1f:3a:bf:eb:31:dc:3a:a5: + 49:40:50:cd:27:15:c8:98:10:ae:b3:b0:e2:7d:7e:72:5c:19: + 32:96:8c:97:82:f1:72:a8:38:f5:b2:07:42:1e:d2:93:f2:db: + 53:39:87:14 +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINDAL9Kp25SRT/zD2oHzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEBDAZQU1BfUEkMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBACBOt6QdjgWK2amsIFmmf9t7cnwtpigTe3BLnEmsPAPw0TBU +5G0pg1Utep7dvr0k++lMMqAHyxGZ8eUxjxXn/VUFTRisvwuk0GcDiYh7j9D/uyTH +sgD5IOvuADWcxHQ6kRyAWVqu5eLrUIy0l21SfpU1WGLiqCG14RzzljDe7jgWR4vu +KUbk4/LWavRCEXPejDJ7MvQ6Q8Jwj4tzdFZXUdwxQUJ/yp6pwNO3+qka7qi5rHD8 +8tNBPyUevV37humsLjfDzHFINs9D1BMDqZixdGAfOr/rMdw6pUlAUM0nFciYEK6z +sOJ9fnJcGTKWjJeC8XKoOPWyB0Ie0pPy21M5hxQ= +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert02Psd2ExtInvNcaId.pem b/v3/testdata/QcStmtPsd2Cert02Psd2ExtInvNcaId.pem new file mode 100644 index 000000000..23965fc0d --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert02Psd2ExtInvNcaId.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 01:35:07:86:fc:68:ad:69:ee:f0:20:00:d7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = PSDDE-BAFIN-1234567890 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0..0......F..0......F..0......F...0...+.......0.......I..0R......'.0H0.0.......'....PSP_AS.'Federal Financial Supervisory Authority..DE+BAFIN + Signature Algorithm: sha256WithRSAEncryption + 35:01:43:87:0d:cb:63:43:a5:ad:5b:a4:07:06:c6:08:a4:f2: + 5d:cf:08:4a:32:36:9f:95:c8:3a:4a:3f:11:9d:a0:3e:2f:d2: + e3:bf:7c:d9:55:dc:04:55:33:2b:6f:4d:1e:e3:a2:74:0d:40: + e7:7d:75:29:95:8f:f8:fd:87:af:7f:96:bb:77:9d:36:93:1c: + 2d:9b:90:0c:bd:3d:ab:20:ba:41:f4:88:63:ab:3c:84:2b:07: + a8:5e:09:0b:94:cf:58:e7:e8:6a:a0:7d:26:c5:11:38:2d:e8: + e4:17:d2:2a:35:4b:05:07:87:51:7a:66:b3:c7:b5:d6:f6:18: + e8:e7:45:e9:c0:c6:41:fe:a8:b0:16:6d:80:c9:38:03:7a:e3: + 45:c7:b1:8e:5a:07:e2:6c:b0:15:2a:f3:1d:4b:d4:74:4b:65: + 7d:a6:28:0a:e6:02:a0:01:ce:de:c4:15:eb:d8:4c:d6:08:3f: + b8:8b:24:c8:ff:82:5b:fa:a4:6b:73:04:c8:c8:7d:e3:d3:84: + ea:c9:10:b9:6f:fb:e9:bc:2a:1e:ad:a2:71:d8:78:d0:bf:c4: + 4f:94:69:37:34:45:42:4a:45:02:25:51:48:96:a5:6b:8a:07: + d7:ac:01:b9:16:bf:28:17:2c:fe:bc:8b:6a:8f:a7:b3:17:81: + bd:0b:73:82 +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINATUHhvxorWnu8CAA1zANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEBDAZQU1BfQVMMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUrQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBADUBQ4cNy2NDpa1bpAcGxgik8l3PCEoyNp+VyDpKPxGdoD4v +0uO/fNlV3ARVMytvTR7jonQNQOd9dSmVj/j9h69/lrt3nTaTHC2bkAy9PasgukH0 +iGOrPIQrB6heCQuUz1jn6GqgfSbFETgt6OQX0io1SwUHh1F6ZrPHtdb2GOjnRenA +xkH+qLAWbYDJOAN640XHsY5aB+JssBUq8x1L1HRLZX2mKArmAqABzt7EFevYTNYI +P7iLJMj/glv6pGtzBMjIfePThOrJELlv++m8Kh6tonHYeNC/xE+UaTc0RUJKRQIl +UUiWpWuKB9esAbkWvygXLP68i2qPp7MXgb0Lc4I= +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert05Valid.pem b/v3/testdata/QcStmtPsd2Cert05Valid.pem new file mode 100644 index 000000000..b31aa247c --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert05Valid.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0a:a5:4c:bc:8d:c8:b4:cd:e0:dd:75:76:70 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = PSDDE-BAFIN-1234567890 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0..0......F..0......F..0......F...0...+.......0.......I..0R......'.0H0.0.......'....PSP_AS.'Federal Financial Supervisory Authority..DE-BAFIN + Signature Algorithm: sha256WithRSAEncryption + 19:9b:16:eb:73:05:9b:2c:66:73:33:50:33:18:7f:46:d8:81: + 2b:5e:cb:a0:8c:75:d5:78:ac:a8:61:50:30:6a:c4:6f:6c:c6: + 0f:b1:2d:b5:cd:98:41:dd:27:a9:52:71:12:b7:87:69:90:db: + 6d:af:3e:c7:9b:2e:0b:a2:b5:c8:ac:6a:a0:0c:20:32:27:61: + f4:52:eb:9e:f2:11:79:92:79:d8:f2:58:85:52:ae:d0:9a:00: + 00:98:a0:2c:0e:3c:4c:a6:9e:3a:da:ed:6b:11:bb:65:99:67: + ee:73:93:b7:e5:a0:3c:7a:a3:94:17:2d:de:f7:0c:e2:6b:aa: + bf:eb:ea:92:fd:34:f7:f9:7b:b8:3e:be:55:6a:00:64:21:0b: + a6:74:b3:ba:e2:e5:72:27:3c:17:99:10:ca:31:d8:0b:b6:64: + 5f:d4:58:d4:5f:d3:43:27:46:f9:d8:02:5d:93:90:34:b0:1d: + c6:d4:e8:bf:01:b7:32:f1:26:56:66:2b:0d:f7:05:f4:e6:8b: + ef:90:3a:64:8f:66:3a:44:2e:99:e9:51:a9:ab:0e:62:ae:16: + 5c:6e:e7:f4:01:57:3e:91:4b:fb:17:e6:d6:64:41:33:e0:e9: + 4b:45:96:44:ad:83:d2:cb:24:49:04:bd:d4:f4:c4:c9:11:bd: + cc:f3:4c:f3 +-----BEGIN CERTIFICATE----- +MIIE+TCCA+GgAwIBAgINCqVMvI3ItM3g3XV2cDANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAb8wggG7MB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmgYIKwYBBQUHAQMEgY0wgYow +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwUgYGBACBmCcCMEgwEzARBgcEAIGYJwEBDAZQU1BfQVMMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZI +hvcNAQELBQADggEBABmbFutzBZssZnMzUDMYf0bYgStey6CMddV4rKhhUDBqxG9s +xg+xLbXNmEHdJ6lScRK3h2mQ222vPsebLguitcisaqAMIDInYfRS657yEXmSedjy +WIVSrtCaAACYoCwOPEymnjra7WsRu2WZZ+5zk7floDx6o5QXLd73DOJrqr/r6pL9 +NPf5e7g+vlVqAGQhC6Z0s7ri5XInPBeZEMox2Au2ZF/UWNRf00MnRvnYAl2TkDSw +HcbU6L8BtzLxJlZmKw33BfTmi++QOmSPZjpELpnpUamrDmKuFlxu5/QBVz6RS/sX +5tZkQTPg6UtFlkStg9LLJEkEvdT0xMkRvczzTPM= +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert07MissingRoleName.pem b/v3/testdata/QcStmtPsd2Cert07MissingRoleName.pem new file mode 100644 index 000000000..b39edcd03 --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert07MissingRoleName.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 02:7d:f8:92:27:17:f8:07:44:26:a3:c4:5c + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = PSDDE-BAFIN-1234567890 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0..0......F..0......F..0......F...0...+.......0.......I..0J......'.0@0.0.......'...'Federal Financial Supervisory Authority..DE-bafin + Signature Algorithm: sha256WithRSAEncryption + 07:cd:3a:dd:a8:6a:f0:3b:46:0d:97:35:01:c9:b9:20:6a:26: + 91:47:e8:93:7e:97:b5:80:11:f0:3a:82:f7:84:4e:ae:d7:1a: + 30:8f:75:a8:cd:7e:9b:75:78:be:c1:3e:23:8b:2e:a2:a6:c4: + 82:50:4d:ac:33:08:41:08:81:91:9e:eb:89:ce:50:fa:b4:8a: + 89:f3:cb:40:2f:41:35:dd:3b:cb:da:25:ba:22:f1:fd:a5:43: + 3a:64:c7:c4:87:b7:a3:21:77:b6:29:13:d7:d2:50:ae:6a:24: + f0:19:76:72:e8:1e:04:12:df:ef:07:99:1d:a2:aa:03:0c:bc: + 7b:cc:36:14:2b:2a:14:7a:d3:7d:6e:5e:f9:5f:91:23:9e:99: + 99:d5:bf:af:81:50:ae:8b:6e:b5:1c:59:b0:0a:0f:99:c4:41: + 66:6e:c9:b1:df:e0:a7:74:eb:c5:53:28:22:87:d6:dd:84:81: + 23:e9:8e:ad:95:94:be:4b:de:7c:5e:c5:90:c1:dc:16:9c:f2: + 08:0a:de:bc:c8:2c:63:61:97:d0:e5:f3:a2:41:ae:0e:7e:86: + 7c:da:e7:a4:25:3a:fb:a4:ce:b7:27:00:24:f7:b1:8f:b7:e3: + 07:00:57:b1:8a:49:c2:97:a1:51:56:ec:91:40:75:e4:42:44: + 0c:49:f7:46 +-----BEGIN CERTIFICATE----- +MIIE8TCCA9mgAwIBAgINAn34kicX+AdEJqPEXDANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbcwggGzMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkgYIKwYBBQUHAQMEgYUwgYIw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSgYGBACBmCcCMEAwCzAJBgcEAIGYJwEEDCdGZWRlcmFsIEZpbmFuY2lh +bCBTdXBlcnZpc29yeSBBdXRob3JpdHkMCERFLWJhZmluMA0GCSqGSIb3DQEBCwUA +A4IBAQAHzTrdqGrwO0YNlzUBybkgaiaRR+iTfpe1gBHwOoL3hE6u1xowj3WozX6b +dXi+wT4jiy6ipsSCUE2sMwhBCIGRnuuJzlD6tIqJ88tAL0E13TvL2iW6IvH9pUM6 +ZMfEh7ejIXe2KRPX0lCuaiTwGXZy6B4EEt/vB5kdoqoDDLx7zDYUKyoUetN9bl75 +X5EjnpmZ1b+vgVCui261HFmwCg+ZxEFmbsmx3+CndOvFUygih9bdhIEj6Y6tlZS+ +S958XsWQwdwWnPIICt68yCxjYZfQ5fOiQa4OfoZ82uekJTr7pM63JwAk97GPt+MH +AFexiknCl6FRVuyRQHXkQkQMSfdG +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert08NcaNameMissing.pem b/v3/testdata/QcStmtPsd2Cert08NcaNameMissing.pem new file mode 100644 index 000000000..b9701b6ee --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert08NcaNameMissing.pem @@ -0,0 +1,102 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 06:07:10:9f:9e:67:80:c7:8d:98:e6:61:a7 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = PSDDE-BAFIN-1234567890 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0a0......F..0......F..0......F...0...+.......0.......I..0)......'.0.0.0.......'....PSP_AI..DE-BAFIN + Signature Algorithm: sha256WithRSAEncryption + 4d:90:16:97:d4:b9:90:b8:2e:e3:c3:f5:fa:8a:e0:70:60:2b: + cc:c0:25:0c:8e:e7:41:6b:7c:21:53:45:34:8d:28:7c:56:5c: + dc:04:0b:b8:75:81:a0:97:2c:e1:12:38:9b:1a:d1:e3:05:1f: + 95:5b:79:9e:96:cd:4f:09:32:1e:e8:1e:01:3e:c2:30:9d:9d: + f3:b6:d8:c4:04:73:3e:1f:fb:9a:4a:15:54:fb:ad:42:cb:ac: + 4e:08:65:11:d0:d5:72:cd:64:e1:c2:7d:2a:c2:2e:a9:a3:44: + 2a:9f:cf:ac:5b:9d:ed:7d:33:91:b1:79:aa:68:2c:e6:96:70: + e5:2e:25:49:21:8e:1e:25:86:f5:8a:e1:2e:71:07:49:dc:a5: + 16:76:e2:6c:24:52:47:38:ef:82:a0:92:ac:a1:a9:fe:d6:0d: + 9c:2b:fd:cd:64:2f:9e:2d:1f:de:f5:a0:bf:b3:c4:a7:c8:62: + 01:7f:62:71:5d:70:d0:51:8d:4d:c7:a1:9b:ed:bd:fd:65:af: + d3:6b:a1:f3:bb:b5:1e:d4:51:bf:61:8d:ef:3b:01:e7:11:20: + 33:98:d6:15:d5:78:91:40:bb:48:25:b6:a0:e3:9c:4f:31:6c: + d0:57:96:9f:a7:48:17:45:15:f8:84:d1:3e:0e:46:79:db:35: + 81:30:54:ec +-----BEGIN CERTIFICATE----- +MIIEzTCCA7WgAwIBAgINBgcQn55ngMeNmOZhpzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZMwggGPMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBvBggrBgEFBQcBAwRjMGEwCAYG +BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ +AQIwKQYGBACBmCcCMB8wEzARBgcEAIGYJwEDDAZQU1BfQUkMCERFLUJBRklOMA0G +CSqGSIb3DQEBCwUAA4IBAQBNkBaX1LmQuC7jw/X6iuBwYCvMwCUMjudBa3whU0U0 +jSh8VlzcBAu4dYGglyzhEjibGtHjBR+VW3mels1PCTIe6B4BPsIwnZ3zttjEBHM+ +H/uaShVU+61Cy6xOCGUR0NVyzWThwn0qwi6po0Qqn8+sW53tfTORsXmqaCzmlnDl +LiVJIY4eJYb1iuEucQdJ3KUWduJsJFJHOO+CoJKsoan+1g2cK/3NZC+eLR/e9aC/ +s8SnyGIBf2JxXXDQUY1Nx6Gb7b39Za/Ta6Hzu7Ue1FG/YY3vOwHnESAzmNYV1XiR +QLtIJbag45xPMWzQV5afp0gXRRX4hNE+DkZ52zWBMFTs +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem b/v3/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem new file mode 100644 index 000000000..891f2ed5b --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert09NcaNameZeroLength.pem @@ -0,0 +1,102 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0e:c2:b3:32:0b:6c:e5:d3:88:2d:cc:99:cb + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = PSDDE-BAFIN-1234567890 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0c0......F..0......F..0......F...0...+.......0.......I..0+......'.0!0.0.......'....PSP_PI....DE-BAFIN + Signature Algorithm: sha256WithRSAEncryption + 4f:88:bf:d9:9f:ee:c6:41:82:76:12:83:bd:fd:76:4f:2e:1d: + 13:e9:36:79:24:3b:a7:31:0e:f6:aa:ab:40:b1:ca:55:fa:e9: + 77:54:a1:73:32:b6:f8:d5:07:52:3e:0b:6b:b9:b6:60:95:61: + c6:58:b6:ff:91:9b:57:2d:03:91:4f:b2:06:c9:35:bf:01:90: + a1:fb:c0:d0:b8:67:ae:18:4a:97:43:03:98:4d:dd:2d:6d:b9: + d0:0a:94:6d:09:b1:76:54:a4:ea:1e:bc:35:6a:a9:a3:8d:9c: + 17:90:2f:d6:99:48:5e:f5:9c:50:e2:44:f5:86:cb:f3:b1:08: + 26:1c:40:83:5d:81:1c:3a:29:4e:ba:6f:7d:d0:7b:3f:68:79: + d4:6f:bf:d4:b3:01:0b:f6:eb:91:f9:00:26:57:27:e7:7c:8f: + 48:95:ca:91:8a:50:6c:61:a9:e4:13:ff:aa:35:12:0d:f9:b2: + b6:0a:c8:4b:64:61:70:64:de:b3:b2:73:1a:f3:f5:4c:7a:66: + 10:02:cd:b8:b7:bf:63:20:88:15:61:e4:c7:58:b9:49:f6:5a: + 50:6c:6f:db:70:17:b6:af:b4:5d:fc:11:3a:d1:a7:1e:2a:f0: + 0c:ac:0f:fb:dc:90:e0:f2:bc:de:b3:07:73:d3:11:e2:4f:4b: + ca:3b:62:bd +-----BEGIN CERTIFICATE----- +MIIEzzCCA7egAwIBAgINDsKzMgts5dOILcyZyzANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZUwggGRMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBxBggrBgEFBQcBAwRlMGMwCAYG +BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ +AQIwKwYGBACBmCcCMCEwEzARBgcEAIGYJwECDAZQU1BfUEkMAAwIREUtQkFGSU4w +DQYJKoZIhvcNAQELBQADggEBAE+Iv9mf7sZBgnYSg739dk8uHRPpNnkkO6cxDvaq +q0CxylX66XdUoXMytvjVB1I+C2u5tmCVYcZYtv+Rm1ctA5FPsgbJNb8BkKH7wNC4 +Z64YSpdDA5hN3S1tudAKlG0JsXZUpOoevDVqqaONnBeQL9aZSF71nFDiRPWGy/Ox +CCYcQINdgRw6KU66b33Qez9oedRvv9SzAQv265H5ACZXJ+d8j0iVypGKUGxhqeQT +/6o1Eg35srYKyEtkYXBk3rOycxrz9Ux6ZhACzbi3v2MgiBVh5MdYuUn2WlBsb9tw +F7avtF38ETrRpx4q8AysD/vckODyvN6zB3PTEeJPS8o7Yr0= +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert10RoleNameMissing.pem b/v3/testdata/QcStmtPsd2Cert10RoleNameMissing.pem new file mode 100644 index 000000000..a359cf7a1 --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert10RoleNameMissing.pem @@ -0,0 +1,104 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0f:13:c2:9d:40:6a:8e:fe:42:9f:b6:15:a1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = PSDDE-BAFIN-1234567890 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0..0......F..0......F..0......F...0...+.......0.......I..0I......'.0?0 +0...PSP_AI.'Federal Financial Supervisory Authority..DE-BAFIN + Signature Algorithm: sha256WithRSAEncryption + 0b:5d:bf:42:b8:ea:31:79:e7:93:39:21:46:bf:fe:22:cc:93: + a6:d7:9e:aa:e5:04:48:db:b9:53:00:0f:64:6a:e8:5b:c8:13: + 9e:ae:83:86:10:7d:85:88:f3:97:f4:ec:98:42:9e:72:9d:c3: + 59:e9:c7:dc:05:f5:ab:cb:58:d8:20:98:da:57:4c:f7:45:d7: + 48:82:5c:01:38:bd:81:0e:b5:5c:bc:c6:36:20:30:f9:36:b3: + 0a:1c:56:00:33:0d:94:12:3c:08:fc:9c:d4:12:12:06:25:a4: + bb:f9:a3:c2:10:3c:13:1b:3f:ab:8a:8e:30:e2:95:51:c4:a4: + 83:dc:94:39:48:87:1e:ed:7c:fb:46:1b:8f:fd:3e:fc:76:14: + ab:67:0f:9d:99:af:9a:90:bc:bf:39:20:2e:50:cb:6c:48:22: + 2c:e7:2e:dd:a9:e4:4d:77:d4:4b:2c:67:5c:c2:1c:3a:b3:a3: + 79:98:a7:56:12:f3:52:63:96:8c:08:65:4b:44:20:28:6d:ed: + fd:09:bb:6f:d1:68:a8:1d:c2:2b:c9:da:32:87:3a:1d:b7:0c: + d9:0f:5a:c4:03:6e:a8:0c:65:2d:a8:40:21:20:8a:45:6e:e1: + fd:dd:e9:f1:ed:e2:71:82:a5:01:9c:ea:32:60:d8:7d:e7:d8: + a4:77:3b:dc +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgINDxPCnUBqjv5Cn7YVoTANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbYwggGyMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkQYIKwYBBQUHAQMEgYQwgYEw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSQYGBACBmCcCMD8wCjAIDAZQU1BfQUkMJ0ZlZGVyYWwgRmluYW5jaWFs +IFN1cGVydmlzb3J5IEF1dGhvcml0eQwIREUtQkFGSU4wDQYJKoZIhvcNAQELBQAD +ggEBAAtdv0K46jF555M5IUa//iLMk6bXnqrlBEjbuVMAD2Rq6FvIE56ug4YQfYWI +85f07JhCnnKdw1npx9wF9avLWNggmNpXTPdF10iCXAE4vYEOtVy8xjYgMPk2swoc +VgAzDZQSPAj8nNQSEgYlpLv5o8IQPBMbP6uKjjDilVHEpIPclDlIhx7tfPtGG4/9 +Pvx2FKtnD52Zr5qQvL85IC5Qy2xIIiznLt2p5E131EssZ1zCHDqzo3mYp1YS81Jj +lowIZUtEICht7f0Ju2/RaKgdwivJ2jKHOh23DNkPWsQDbqgMZS2oQCEgikVu4f3d +6fHt4nGCpQGc6jJg2H3n2KR3O9w= +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert11RoleNameZeroLength.pem b/v3/testdata/QcStmtPsd2Cert11RoleNameZeroLength.pem new file mode 100644 index 000000000..90ce40f27 --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert11RoleNameZeroLength.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 08:69:f3:36:bc:cb:02:fb:02:6d:63:30:26 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = PSDDE-BAFIN-1234567890 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0~0......F..0......F..0......F...0...+.......0.......I..0F......'.0<0 0.......'.....'Federal Financial Supervisory Authority..DE + Signature Algorithm: sha256WithRSAEncryption + 3e:29:8a:d8:e1:48:1d:30:b6:95:6b:fa:fb:13:74:95:48:3a: + 71:d9:72:66:4d:53:ec:dd:e2:04:5f:74:5a:88:06:d4:78:c3: + 08:a9:d8:94:82:dc:bc:e3:39:f3:5a:76:c6:57:ae:d6:8a:c6: + 2f:f5:40:70:98:34:4d:ef:6b:97:d6:78:8e:ee:b3:d5:be:17: + b2:31:57:49:8d:50:04:cc:48:f2:05:8f:d9:ac:45:62:5c:5c: + 8d:14:bb:b0:c8:e4:9b:b9:73:40:be:b7:a8:60:09:9b:be:86: + af:55:da:b5:cc:7b:a5:ea:b0:80:e3:26:98:b3:7d:7b:45:84: + 4b:ee:33:d9:ac:36:0a:4b:14:82:c6:90:da:8b:b3:11:1e:2b: + 85:72:6d:54:27:a6:87:33:4a:71:b7:80:fb:cc:91:38:3d:11: + 39:e9:ea:0c:23:6a:70:01:88:18:9e:18:35:2a:7d:d1:69:69: + eb:76:da:c6:ee:ae:dc:f2:60:32:bf:52:2f:ab:19:cd:a8:a6: + 68:51:0f:63:a8:20:8b:0e:cf:89:80:0a:c6:6b:32:6c:a1:41: + 5c:62:41:3c:46:99:e4:c0:78:7c:31:8a:6d:ee:27:10:68:84: + b0:ce:7a:20:c0:6a:ec:33:0a:34:10:7a:ee:3e:2d:c6:65:20: + db:1b:5d:eb +-----BEGIN CERTIFICATE----- +MIIE7DCCA9SgAwIBAgINCGnzNrzLAvsCbWMwJjANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbIwggGuMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjQYIKwYBBQUHAQMEgYAwfjAI +BgYEAI5GAQEwEwYGBACORgEGMAkGBwQAjkYBBgMwFQYIKwYBBQUHCwIwCQYHBACL +7EkBAjBGBgYEAIGYJwIwPDANMAsGBwQAgZgnAQEMAAwnRmVkZXJhbCBGaW5hbmNp +YWwgU3VwZXJ2aXNvcnkgQXV0aG9yaXR5DAJERTANBgkqhkiG9w0BAQsFAAOCAQEA +PimK2OFIHTC2lWv6+xN0lUg6cdlyZk1T7N3iBF90WogG1HjDCKnYlILcvOM581p2 +xleu1orGL/VAcJg0Te9rl9Z4ju6z1b4XsjFXSY1QBMxI8gWP2axFYlxcjRS7sMjk +m7lzQL63qGAJm76Gr1Xatcx7peqwgOMmmLN9e0WES+4z2aw2CksUgsaQ2ouzER4r +hXJtVCemhzNKcbeA+8yROD0ROenqDCNqcAGIGJ4YNSp90Wlp63baxu6u3PJgMr9S +L6sZzaimaFEPY6ggiw7PiYAKxmsybKFBXGJBPEaZ5MB4fDGKbe4nEGiEsM56IMBq +7DMKNBB67j4txmUg2xtd6w== +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem b/v3/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem new file mode 100644 index 000000000..db6b0f2d0 --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert13Psd2ExtNcaIdZeroLength.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 03:73:5e:16:82:36:9a:ab:88:7e:f4:a3:be + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = PSDDE-BAFIN-1234567890 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0..0......F..0......F..0......F...0...+.......0.......I..0J......'.0@0.0.......'....PSP_IC.'Federal Financial Supervisory Authority.. + Signature Algorithm: sha256WithRSAEncryption + 5a:90:e6:20:9e:ac:61:1f:10:a4:ef:f1:c1:2b:91:8e:84:b7: + 37:0a:87:fd:7b:ff:e3:ae:22:2f:03:58:e3:84:53:be:88:ef: + 9e:d6:95:4c:67:db:4a:ed:51:4c:05:27:be:bf:45:f3:37:da: + 15:b9:21:06:76:57:5e:6c:c8:40:9c:b0:73:af:e1:11:87:39: + 63:bd:76:82:b8:7c:e1:f7:ab:b6:30:36:d2:78:4a:df:17:88: + 7d:db:90:40:a1:eb:9a:82:52:a8:50:24:7f:ab:5c:3c:40:c8: + b0:5b:72:31:95:b7:56:31:e5:1c:dc:70:15:15:24:81:66:dc: + 40:a9:f8:7a:58:4e:71:51:a0:49:05:6c:39:6f:c7:62:c5:c4: + 1c:0c:df:57:b1:e7:42:89:9b:23:23:33:d4:36:57:5c:e2:e4: + 01:12:99:6a:15:b7:ad:56:35:06:c8:f5:60:a7:3c:0c:c8:7a: + 2b:0b:21:38:91:a7:62:51:75:f6:18:db:7b:7a:b2:14:80:49: + 9e:d0:48:26:bb:52:77:fd:1e:e5:90:d8:d7:2a:d7:e9:7a:34: + ee:c4:bb:55:e9:8c:85:f8:ae:65:d9:9b:16:29:b0:d4:1c:d1: + 48:e3:a4:e4:b2:bd:3a:25:c9:8c:c3:a9:29:59:4e:76:bc:40: + 21:fa:7e:15 +-----BEGIN CERTIFICATE----- +MIIE8TCCA9mgAwIBAgINA3NeFoI2mquIfvSjvjANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAbcwggGzMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBkgYIKwYBBQUHAQMEgYUwgYIw +CAYGBACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQA +i+xJAQIwSgYGBACBmCcCMEAwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwg +RmluYW5jaWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwAMA0GCSqGSIb3DQEBCwUA +A4IBAQBakOYgnqxhHxCk7/HBK5GOhLc3Cof9e//jriIvA1jjhFO+iO+e1pVMZ9tK +7VFMBSe+v0XzN9oVuSEGdldebMhAnLBzr+ERhzljvXaCuHzh96u2MDbSeErfF4h9 +25BAoeuaglKoUCR/q1w8QMiwW3IxlbdWMeUc3HAVFSSBZtxAqfh6WE5xUaBJBWw5 +b8dixcQcDN9XsedCiZsjIzPUNldc4uQBEplqFbetVjUGyPVgpzwMyHorCyE4kadi +UXX2GNt7erIUgEme0Egmu1J3/R7lkNjXKtfpejTuxLtV6YyF+K5l2ZsWKbDUHNFI +46Tksr06JcmMw6kpWU52vEAh+n4V +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert14Valid.pem b/v3/testdata/QcStmtPsd2Cert14Valid.pem new file mode 100644 index 000000000..c2e5cd430 --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert14Valid.pem @@ -0,0 +1,102 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0f:9d:ff:53:4f:05:7f:85:32:7c:f6:bb:f5 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = PSDDE-BAFIN-1234567890 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0h0......F..0......F..0......F...0...+.......0.......I..00......'.0&0.0.......'....PSP_IC..12345..DE-BAFIN + Signature Algorithm: sha256WithRSAEncryption + 1e:58:7a:f2:67:24:4b:2b:25:b2:6d:90:fa:29:fc:4d:6d:f2: + 16:18:d9:db:fe:a7:d4:3f:ef:3f:38:da:d0:b5:1b:96:49:4d: + c0:a3:74:67:16:b7:4e:c5:a4:28:26:61:e4:4f:c2:c1:a2:e9: + b3:fa:31:35:45:c3:7f:6e:f7:23:d1:05:4e:76:8d:63:4c:0e: + d9:b7:13:6f:04:31:91:e3:4a:67:b3:87:71:09:65:f2:cc:1d: + 0f:7b:e1:97:c9:28:00:a0:2f:1c:fb:86:24:2e:f5:a2:b5:a8: + 73:80:9b:cf:ab:ad:9b:67:be:21:4e:17:53:5b:76:3e:03:0f: + 1f:b1:a1:37:f4:cb:fc:2a:b3:d3:16:c8:71:1a:a4:99:f2:c8: + e9:d7:26:72:44:17:f8:73:41:7a:78:79:e3:a8:93:fe:40:d8: + de:4e:a0:ea:d1:07:20:f1:e3:e7:40:35:be:09:2c:8e:2e:4b: + ac:b7:c5:86:2c:0c:c7:45:f9:b7:fd:5b:3d:84:1a:64:c2:b0: + 83:cc:3f:9a:be:3c:aa:5d:20:2d:3e:3c:52:72:cf:b7:68:e0: + 84:c9:25:c1:b5:ac:32:7f:2d:4c:05:aa:43:70:b3:18:ab:60: + 98:93:bd:45:65:85:c9:4f:e3:72:df:87:af:b9:05:af:33:c6: + fa:3e:1b:3e +-----BEGIN CERTIFICATE----- +MIIE1DCCA7ygAwIBAgIND53/U08Ff4UyfPa79TANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZowggGWMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BggrBgEFBQcBAwRqMGgwCAYG +BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ +AQIwMAYGBACBmCcCMCYwEzARBgcEAIGYJwEEDAZQU1BfSUMMBTEyMzQ1DAhERS1C +QUZJTjANBgkqhkiG9w0BAQsFAAOCAQEAHlh68mckSyslsm2Q+in8TW3yFhjZ2/6n +1D/vPzja0LUblklNwKN0Zxa3TsWkKCZh5E/CwaLps/oxNUXDf273I9EFTnaNY0wO +2bcTbwQxkeNKZ7OHcQll8swdD3vhl8koAKAvHPuGJC71orWoc4Cbz6utm2e+IU4X +U1t2PgMPH7GhN/TL/Cqz0xbIcRqkmfLI6dcmckQX+HNBenh546iT/kDY3k6g6tEH +IPHj50A1vgksji5LrLfFhiwMx0X5t/1bPYQaZMKwg8w/mr48ql0gLT48UnLPt2jg +hMklwbWsMn8tTAWqQ3CzGKtgmJO9RWWFyU/jct+Hr7kFrzPG+j4bPg== +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert16RoleIdAndNameInconsistent.pem b/v3/testdata/QcStmtPsd2Cert16RoleIdAndNameInconsistent.pem new file mode 100644 index 000000000..901056ea1 --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert16RoleIdAndNameInconsistent.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 06:56:2c:58:4a:6f:61:ef:47:53:e0:96:29 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: OU = Test, O = MTG, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = PSDDE-BAFIN-1234567890 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0m0......F..0......F..0......F...0...+.......0.......I..05......'.0+0.0.......'....PSP_IC. +Federal$%&..DE-BAFIN + Signature Algorithm: sha256WithRSAEncryption + 56:bc:54:0f:91:a6:a2:76:ea:79:a2:ed:93:87:0c:9b:f5:37: + ef:b0:dc:6c:e7:55:fe:75:18:c6:d1:f4:fb:07:f8:4d:fa:ae: + 29:de:a6:ae:55:14:60:be:a0:92:29:54:e1:5c:04:f0:9c:9f: + 2e:f0:fb:f9:59:ff:29:a0:34:c6:22:90:ba:81:7d:50:38:f9: + 05:84:29:25:cf:c5:62:b2:b0:47:8b:3d:8a:fa:26:37:54:34: + 4a:c8:cf:ed:3a:1c:13:a3:d1:43:c2:ae:5d:b7:4e:87:bf:be: + d7:e9:74:5d:77:d2:14:e5:34:ee:25:bb:ed:f8:83:3a:8c:ae: + 0b:a0:c9:ac:2f:91:19:d7:38:da:48:ae:88:e3:6e:30:de:e1: + 46:c2:98:8f:fa:d8:7e:d8:af:08:de:fb:e7:84:cb:0c:0f:92: + ac:7c:72:92:e1:2d:0d:49:93:bb:fa:90:ce:f8:bc:56:10:f7: + 7e:bc:58:af:5d:a7:54:5f:b1:58:e3:58:ed:a1:fc:b7:2d:48: + 6e:3c:9b:19:0a:b0:35:f6:d5:4f:90:f5:b8:9d:6b:99:38:e4: + 97:80:ed:0b:23:d6:65:ae:92:3f:db:85:ef:da:df:9d:db:ff: + a7:42:2d:87:9e:46:51:ac:5f:2d:09:d3:70:00:87:32:f6:66: + c8:94:78:35 +-----BEGIN CERTIFICATE----- +MIIE2TCCA8GgAwIBAgINBlYsWEpvYe9HU+CWKTANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBw +MQ0wCwYDVQQLDARUZXN0MQwwCgYDVQQKDANNVEcxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEfMB0GA1UEYQwWUFNEREUt +QkFGSU4tMTIzNDU2Nzg5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMINgXG0lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj +68oQpPPPtcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1 +DbNB9BvCSn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQk +d+ZnTWLblC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8 +zcazy02ujkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA +09Zzv3YzXHC4b4c3Pn6OdeUCAwEAAaOCAZ8wggGbMB8GA1UdIwQYMBaAFAxenP66 +SyFsBB3CWrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAO +BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhh +bXBsZS5jb20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2Eu +ZXhhbXBsZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFt +cGxlLmNvbS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB7BggrBgEFBQcBAwRvMG0wCAYG +BACORgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJ +AQIwNQYGBACBmCcCMCswEzARBgcEAIGYJwEDDAZQU1BfSUMMCkZlZGVyYWwkJSYM +CERFLUJBRklOMA0GCSqGSIb3DQEBCwUAA4IBAQBWvFQPkaaidup5ou2Thwyb9Tfv +sNxs51X+dRjG0fT7B/hN+q4p3qauVRRgvqCSKVThXATwnJ8u8Pv5Wf8poDTGIpC6 +gX1QOPkFhCklz8VisrBHiz2K+iY3VDRKyM/tOhwTo9FDwq5dt06Hv77X6XRdd9IU +5TTuJbvt+IM6jK4LoMmsL5EZ1zjaSK6I424w3uFGwpiP+th+2K8I3vvnhMsMD5Ks +fHKS4S0NSZO7+pDO+LxWEPd+vFivXadUX7FY41jtofy3LUhuPJsZCrA19tVPkPW4 +nWuZOOSXgO0LI9ZlrpI/24Xv2t+d2/+nQi2HnkZRrF8tCdNwAIcy9mbIlHg1 +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert47MissingUri.pem b/v3/testdata/QcStmtPsd2Cert47MissingUri.pem new file mode 100644 index 000000000..ab74b5a1d --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert47MissingUri.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 08:4c:25:84:8a:c5:be:e7:81:59:82:d3:24 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: O = MTG, OU = Test, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = EI:SE-5567971433 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0..0......F..0......F..0......F...0...+.......0.......I..0Q......'.0G0.0.......'....PSP_IC.'Federal Financial Supervisory Authority..SE-FINA + Signature Algorithm: sha256WithRSAEncryption + 46:83:b0:4d:fd:0d:a2:a8:bd:aa:af:f7:f0:c2:dc:be:de:fb: + fe:43:07:86:70:ec:66:82:8b:f2:2f:0d:d7:a4:ea:e4:9e:8d: + 0d:3a:5b:ea:55:a0:33:5e:3d:bf:0b:c5:9e:7b:61:9d:22:df: + ea:d5:b9:be:48:a9:c3:8b:ba:52:c2:78:d9:d6:97:77:37:1e: + 58:4c:09:1c:33:0f:ba:21:e4:a6:bf:11:2c:12:5c:03:93:43: + bb:10:52:3e:e2:de:5f:6d:dd:45:2b:f7:6e:c3:6b:bf:3f:93: + 3d:d3:ba:b9:6d:77:8c:7e:42:d4:52:b7:1c:e7:db:87:cf:0b: + e3:21:70:04:83:e7:5f:89:e7:7c:7c:bc:05:17:96:ca:6f:0b: + 0a:40:b9:bc:45:b5:fc:36:53:31:c4:5c:0e:cd:ba:0c:9c:ad: + fc:fe:e1:dd:12:0b:1a:dd:51:9d:24:6a:35:34:11:7b:48:4f: + 72:83:03:58:3a:be:6c:77:f3:ee:33:c2:ef:d4:51:04:ac:86: + dc:90:e1:de:9a:f3:73:b5:91:73:31:a7:84:ed:92:5d:d9:33: + 18:aa:e4:2b:07:80:40:ad:01:b9:6d:83:f4:e6:bc:b2:7c:b7: + 65:c6:73:36:2f:03:79:07:74:1d:e0:1b:18:22:81:ba:9e:5f: + 24:87:b7:bf +-----BEGIN CERTIFICATE----- +MIIE8jCCA9qgAwIBAgINCEwlhIrFvueBWYLTJDANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBq +MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEZMBcGA1UEYQwQRUk6U0Ut +NTU2Nzk3MTQzMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMINgXG0 +lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj68oQpPPP +tcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1DbNB9BvC +Sn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQkd+ZnTWLb +lC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8zcazy02u +jkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA09Zzv3Yz +XHC4b4c3Pn6OdeUCAwEAAaOCAb4wggG6MB8GA1UdIwQYMBaAFAxenP66SyFsBB3C +WrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAOBgNVHQ8B +Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5j +b20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2EuZXhhbXBs +ZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFtcGxlLmNv +bS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0GA1UdJQQW +MBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBmQYIKwYBBQUHAQMEgYwwgYkwCAYGBACO +RgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMBUGCCsGAQUFBwsCMAkGBwQAi+xJAQIw +UQYGBACBmCcCMEcwEzARBgcEAIGYJwEEDAZQU1BfSUMMJ0ZlZGVyYWwgRmluYW5j +aWFsIFN1cGVydmlzb3J5IEF1dGhvcml0eQwHU0UtRklOQTANBgkqhkiG9w0BAQsF +AAOCAQEARoOwTf0Noqi9qq/38MLcvt77/kMHhnDsZoKL8i8N16Tq5J6NDTpb6lWg +M149vwvFnnthnSLf6tW5vkipw4u6UsJ42daXdzceWEwJHDMPuiHkpr8RLBJcA5ND +uxBSPuLeX23dRSv3bsNrvz+TPdO6uW13jH5C1FK3HOfbh88L4yFwBIPnX4nnfHy8 +BReWym8LCkC5vEW1/DZTMcRcDs26DJyt/P7h3RILGt1RnSRqNTQRe0hPcoMDWDq+ +bHfz7jPC79RRBKyG3JDh3przc7WRczGnhO2SXdkzGKrkKweAQK0BuW2D9Oa8sny3 +ZcZzNi8DeQd0HeAbGCKBup5fJIe3vw== +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert48LegalPersonSyntaxViolated.pem b/v3/testdata/QcStmtPsd2Cert48LegalPersonSyntaxViolated.pem new file mode 100644 index 000000000..a6fa34817 --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert48LegalPersonSyntaxViolated.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:19:fc:8e:3f:f2:7f:7a:2d:db:0d:1f:9c + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: O = MTG, OU = Test, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = EIS:SE-5567971433 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0..0......F..0......F..0......F...0...+.......0.......I..0Q......'.0G0.0.......'....PSP_IC.'Federal Financial Supervisory Authority..SE-FINA + Signature Algorithm: sha256WithRSAEncryption + 27:ff:6a:2e:a8:77:ff:ab:c0:e4:af:fc:8b:db:6b:5c:6a:7c: + c8:70:5c:bd:b0:6c:1c:4a:87:fb:28:af:fe:02:98:fa:98:4f: + 69:d0:0b:8e:b3:52:f0:dd:43:2a:54:68:13:4c:23:43:98:f9: + 6e:10:65:7a:1b:df:61:ed:36:b2:09:5a:91:d0:1d:6d:e1:5b: + d1:0e:61:74:64:b7:bf:9a:c7:06:12:35:9f:8a:34:87:92:9b: + 96:62:1d:1f:a3:05:93:b9:8e:47:eb:71:06:b7:d7:66:53:29: + da:f0:35:fe:6a:53:63:59:cc:59:34:68:01:df:4a:c3:24:9d: + 57:d7:0c:86:ee:2e:b1:46:7a:b4:82:47:33:d8:6e:a1:b1:05: + a2:fb:13:5c:5f:96:ac:ef:2b:1d:9c:e4:d0:a6:f7:66:03:da: + c1:be:4c:0d:e7:2a:8b:6e:d9:38:a2:a1:6f:ec:6d:13:46:b6: + fe:cb:7a:2a:8c:cd:66:90:51:9c:6b:53:a5:db:bd:8e:29:c8: + 39:2c:ad:b6:64:32:06:26:ec:2c:3e:cd:74:14:62:2a:06:cd: + a5:f7:26:73:91:80:d9:cf:79:b6:fd:8c:38:32:98:9c:cd:61: + 30:b6:f0:6e:d0:d9:46:60:75:75:49:d4:d9:82:c7:c8:64:da: + 93:c1:e0:10 +-----BEGIN CERTIFICATE----- +MIIE8zCCA9ugAwIBAgINCxn8jj/yf3ot2w0fnDANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBr +MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEaMBgGA1UEYQwRRUlTOlNF +LTU1Njc5NzE0MzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCDYFx +tJQFvM+ZiqpiCPIuY7IeRvkrhZjDg9DOJq12j1znWwUgJSYyGcIkirppo+vKEKTz +z7XGHvZwWJZbiFJqiEIzhbjGFkhPAUU5P+FquQa17zfbeZ5QkFdDW4vDNQ2zQfQb +wkp/GDw5LU+/K6VxB3MzAOWNNp7+j3LFclYIzIa277ri/Ztcxi2U7S1kJHfmZ01i +25QuKY7dHXrKvGj7FSyAVtPd5zqPmBgUSxHZxAEfuXrQ2a1pEQX2Dq5f/M3Gs8tN +ro5FGAqowEARKNzNn3omZ1pHgJvZTPfaX20TgxqRktG5RPdya5dHdHFwgNPWc792 +M1xwuG+HNz5+jnXlAgMBAAGjggG+MIIBujAfBgNVHSMEGDAWgBQMXpz+ukshbAQd +wlq344hfWd5MEjAdBgNVHQ4EFgQUDmuqg6myTVyFzbHSL4f3IMs2QzswDgYDVR0P +AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUu +Y29tMGIGCCsGAQUFBwEBBFYwVDAoBggrBgEFBQcwAoYcaHR0cDovL2NhLmV4YW1w +bGUuY29tL2NhLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AuZXhhbXBsZS5j +b20vb2NzcDAfBgNVHSAEGDAWMAkGBwQAi+xAAQQwCQYHBACBmCcDATAdBgNVHSUE +FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZkGCCsGAQUFBwEDBIGMMIGJMAgGBgQA +jkYBATATBgYEAI5GAQYwCQYHBACORgEGAzAVBggrBgEFBQcLAjAJBgcEAIvsSQEC +MFEGBgQAgZgnAjBHMBMwEQYHBACBmCcBBAwGUFNQX0lDDCdGZWRlcmFsIEZpbmFu +Y2lhbCBTdXBlcnZpc29yeSBBdXRob3JpdHkMB1NFLUZJTkEwDQYJKoZIhvcNAQEL +BQADggEBACf/ai6od/+rwOSv/Ivba1xqfMhwXL2wbBxKh/sor/4CmPqYT2nQC46z +UvDdQypUaBNMI0OY+W4QZXob32HtNrIJWpHQHW3hW9EOYXRkt7+axwYSNZ+KNIeS +m5ZiHR+jBZO5jkfrcQa312ZTKdrwNf5qU2NZzFk0aAHfSsMknVfXDIbuLrFGerSC +RzPYbqGxBaL7E1xflqzvKx2c5NCm92YD2sG+TA3nKotu2TiioW/sbRNGtv7LeiqM +zWaQUZxrU6XbvY4pyDksrbZkMgYm7Cw+zXQUYioGzaX3JnORgNnPebb9jDgymJzN +YTC28G7Q2UZgdXVJ1NmCx8hk2pPB4BA= +-----END CERTIFICATE----- diff --git a/v3/testdata/QcStmtPsd2Cert49ValidNationalScheme.pem b/v3/testdata/QcStmtPsd2Cert49ValidNationalScheme.pem new file mode 100644 index 000000000..8d9e42174 --- /dev/null +++ b/v3/testdata/QcStmtPsd2Cert49ValidNationalScheme.pem @@ -0,0 +1,103 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 01:da:28:7a:e2:eb:48:f0:c4:48:a9:4b:ec + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Test SubCA 2, OU = Test, O = MTG, C = DE + Validity + Not Before: Nov 1 08:03:01 2019 GMT + Not After : Nov 1 08:03:01 2020 GMT + Subject: O = MTG, OU = Test, L = Darmstadt, ST = Hessen, C = DE, organizationIdentifier = EI:SE-5567971433 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c2:0d:81:71:b4:94:05:bc:cf:99:8a:aa:62:08: + f2:2e:63:b2:1e:46:f9:2b:85:98:c3:83:d0:ce:26: + ad:76:8f:5c:e7:5b:05:20:25:26:32:19:c2:24:8a: + ba:69:a3:eb:ca:10:a4:f3:cf:b5:c6:1e:f6:70:58: + 96:5b:88:52:6a:88:42:33:85:b8:c6:16:48:4f:01: + 45:39:3f:e1:6a:b9:06:b5:ef:37:db:79:9e:50:90: + 57:43:5b:8b:c3:35:0d:b3:41:f4:1b:c2:4a:7f:18: + 3c:39:2d:4f:bf:2b:a5:71:07:73:33:00:e5:8d:36: + 9e:fe:8f:72:c5:72:56:08:cc:86:b6:ef:ba:e2:fd: + 9b:5c:c6:2d:94:ed:2d:64:24:77:e6:67:4d:62:db: + 94:2e:29:8e:dd:1d:7a:ca:bc:68:fb:15:2c:80:56: + d3:dd:e7:3a:8f:98:18:14:4b:11:d9:c4:01:1f:b9: + 7a:d0:d9:ad:69:11:05:f6:0e:ae:5f:fc:cd:c6:b3: + cb:4d:ae:8e:45:18:0a:a8:c0:40:11:28:dc:cd:9f: + 7a:26:67:5a:47:80:9b:d9:4c:f7:da:5f:6d:13:83: + 1a:91:92:d1:b9:44:f7:72:6b:97:47:74:71:70:80: + d3:d6:73:bf:76:33:5c:70:b8:6f:87:37:3e:7e:8e: + 75:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:0C:5E:9C:FE:BA:4B:21:6C:04:1D:C2:5A:B7:E3:88:5F:59:DE:4C:12 + + X509v3 Subject Key Identifier: + 0E:6B:AA:83:A9:B2:4D:5C:85:CD:B1:D2:2F:87:F7:20:CB:36:43:3B + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:www.example.com + Authority Information Access: + CA Issuers - URI:http://ca.example.com/ca.crt + OCSP - URI:http://ocsp.example.com/ocsp + + X509v3 Certificate Policies: + Policy: 0.4.0.194112.1.4 + Policy: 0.4.0.19495.3.1 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + qcStatements: + 0..0......F..0......F..0......F...0/..+.......0#......I..0...http://www.example.de/0Q......'.0G0.0.......'....PSP_IC.'Federal Financial Supervisory Authority..SE-FINA + Signature Algorithm: sha256WithRSAEncryption + 14:cf:0e:55:25:b5:50:a2:76:a6:d0:43:cc:4f:5d:bd:ab:c3: + 30:42:b1:7f:70:b4:72:91:4b:8e:4a:51:9f:ab:ea:01:23:60: + 03:84:7b:05:10:84:dd:02:bf:44:6a:73:e1:71:b4:be:3f:2d: + 36:b7:b0:50:1e:fc:1f:b9:14:a4:6b:c2:7e:ff:1f:44:6d:f1: + 86:52:62:95:43:78:a4:0f:cc:05:29:a6:a1:62:88:1a:0c:54: + 13:d1:b6:74:29:57:b4:f4:8d:5a:f2:aa:46:8d:7f:d9:6d:fd: + fe:18:02:e2:ac:83:72:28:01:66:3c:fd:ee:a2:ae:ad:d2:fa: + 39:e8:bd:8b:fd:cb:0a:aa:36:28:b8:71:bc:4b:70:f0:8d:4b: + ec:2d:4b:6b:5b:63:ac:af:2c:61:00:dd:c3:ca:fc:47:cb:23: + cc:c4:00:33:37:d4:c9:cb:f5:12:42:1e:ea:48:be:b5:9e:14: + fe:ec:77:a0:b6:24:15:b1:e9:ea:8e:56:e2:df:11:42:27:3a: + cd:42:d9:c4:e4:63:4c:19:52:91:03:1b:bd:af:b5:b4:80:0c: + ce:9d:49:c8:ce:b7:b3:5c:ef:6c:fd:20:8d:18:ab:b1:d6:89: + f9:73:b0:b8:4a:8b:f9:f2:0b:8f:e1:22:a7:30:ff:fd:9f:f5: + c4:dc:b4:2b +-----BEGIN CERTIFICATE----- +MIIFDDCCA/SgAwIBAgINAdooeuLrSPDESKlL7DANBgkqhkiG9w0BAQsFADBBMRUw +EwYDVQQDDAxUZXN0IFN1YkNBIDIxDTALBgNVBAsMBFRlc3QxDDAKBgNVBAoMA01U +RzELMAkGA1UEBhMCREUwHhcNMTkxMTAxMDgwMzAxWhcNMjAxMTAxMDgwMzAxWjBq +MQwwCgYDVQQKDANNVEcxDTALBgNVBAsMBFRlc3QxEjAQBgNVBAcMCURhcm1zdGFk +dDEPMA0GA1UECAwGSGVzc2VuMQswCQYDVQQGEwJERTEZMBcGA1UEYQwQRUk6U0Ut +NTU2Nzk3MTQzMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMINgXG0 +lAW8z5mKqmII8i5jsh5G+SuFmMOD0M4mrXaPXOdbBSAlJjIZwiSKummj68oQpPPP +tcYe9nBYlluIUmqIQjOFuMYWSE8BRTk/4Wq5BrXvN9t5nlCQV0Nbi8M1DbNB9BvC +Sn8YPDktT78rpXEHczMA5Y02nv6PcsVyVgjMhrbvuuL9m1zGLZTtLWQkd+ZnTWLb +lC4pjt0desq8aPsVLIBW093nOo+YGBRLEdnEAR+5etDZrWkRBfYOrl/8zcazy02u +jkUYCqjAQBEo3M2feiZnWkeAm9lM99pfbRODGpGS0blE93Jrl0d0cXCA09Zzv3Yz +XHC4b4c3Pn6OdeUCAwEAAaOCAdgwggHUMB8GA1UdIwQYMBaAFAxenP66SyFsBB3C +WrfjiF9Z3kwSMB0GA1UdDgQWBBQOa6qDqbJNXIXNsdIvh/cgyzZDOzAOBgNVHQ8B +Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg93d3cuZXhhbXBsZS5j +b20wYgYIKwYBBQUHAQEEVjBUMCgGCCsGAQUFBzAChhxodHRwOi8vY2EuZXhhbXBs +ZS5jb20vY2EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5leGFtcGxlLmNv +bS9vY3NwMB8GA1UdIAQYMBYwCQYHBACL7EABBDAJBgcEAIGYJwMBMB0GA1UdJQQW +MBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBswYIKwYBBQUHAQMEgaYwgaMwCAYGBACO +RgEBMBMGBgQAjkYBBjAJBgcEAI5GAQYDMC8GCCsGAQUFBwsCMCMGBwQAi+xJAQIw +GIYWaHR0cDovL3d3dy5leGFtcGxlLmRlLzBRBgYEAIGYJwIwRzATMBEGBwQAgZgn +AQQMBlBTUF9JQwwnRmVkZXJhbCBGaW5hbmNpYWwgU3VwZXJ2aXNvcnkgQXV0aG9y +aXR5DAdTRS1GSU5BMA0GCSqGSIb3DQEBCwUAA4IBAQAUzw5VJbVQonam0EPMT129 +q8MwQrF/cLRykUuOSlGfq+oBI2ADhHsFEITdAr9EanPhcbS+Py02t7BQHvwfuRSk +a8J+/x9EbfGGUmKVQ3ikD8wFKaahYogaDFQT0bZ0KVe09I1a8qpGjX/Zbf3+GALi +rINyKAFmPP3uoq6t0vo56L2L/csKqjYouHG8S3DwjUvsLUtrW2OsryxhAN3DyvxH +yyPMxAAzN9TJy/USQh7qSL61nhT+7HegtiQVsenqjlbi3xFCJzrNQtnE5GNMGVKR +Axu9r7W0gAzOnUnIzrezXO9s/SCNGKux1on5c7C4Sov58guP4SKnMP/9n/XE3LQr +-----END CERTIFICATE----- diff --git a/v3/util/alt_reg_num_ev.go b/v3/util/alt_reg_num_ev.go new file mode 100644 index 000000000..98d7f557f --- /dev/null +++ b/v3/util/alt_reg_num_ev.go @@ -0,0 +1,137 @@ +package util + +/* + * ZLint Copyright 2024 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +import ( + "reflect" + "regexp" + + "github.com/zmap/zcrypto/encoding/asn1" + "github.com/zmap/zcrypto/x509" +) + +type RDNSequence []RelativeDistinguishedNameSET + +type RelativeDistinguishedNameSET []AttributeTypeAndValue + +type AttributeTypeAndValue struct { + Type asn1.ObjectIdentifier + Value asn1.RawValue +} + +type parsedSubjectElement struct { + IsPresent bool + Value string + Asn1RawValue asn1.RawValue + ErrorString string +} + +type ParsedEvOrgId struct { + Rsi, Country, StateOrProvince, RegRef string +} + +type cabfOrgIdExt struct { + Rsi string `asn1:"printable"` + Country string `asn1:"printable"` + StateOrProvince string `asn1:"printable,optional,tag:0"` + RegRef string `asn1:"utf8"` +} + +func ParseCabfOrgIdExt(c *x509.Certificate) (string, ParsedEvOrgId) { + var result ParsedEvOrgId + + ext := GetExtFromCert(c, CabfExtensionOrganizationIdentifier) + var parsedExt cabfOrgIdExt + // check that we can parse the extension: + rest, err := asn1.Unmarshal(ext.Value, &parsedExt) + if len(rest) != 0 { + return "trailing bytes after extension", result + } + if err != nil { + return "could not parse extension value:" + err.Error(), result + } + errStr := CheckAsn1Reencoding(reflect.ValueOf(parsedExt).Interface(), ext.Value, "invalid string type in extension") + if errStr != "" { + return "", result + } + result.Country = parsedExt.Country + result.RegRef = parsedExt.RegRef + result.Rsi = parsedExt.Rsi + result.StateOrProvince = parsedExt.StateOrProvince + return "", result +} + +func ParseCabfOrgId(oi string, isEtsi bool) (string, ParsedEvOrgId) { + var result ParsedEvOrgId + re_ntr := regexp.MustCompile(`^(NTR)([A-Z]{2})([+]([A-Z]{2}))?-(.+)$`) + re_vat_psd := regexp.MustCompile(`^(VAT|PSD)([A-Z]{2})(())-(.+)$`) + re_lei := regexp.MustCompile(`^(LEI)(XG)(())-(.+)$`) + var sm []string + if re_ntr.MatchString(oi) { + sm = re_ntr.FindStringSubmatch(oi) + } else if re_vat_psd.MatchString(oi) { + sm = re_vat_psd.FindStringSubmatch(oi) + } else if re_lei.MatchString(oi) { + if isEtsi { + sm = re_lei.FindStringSubmatch(oi) + } else { + return "CAB/F subject:organizationIdentifier does not allow LEI", result + } + } else { + return "CAB/F subject:organizationIdentifier has an invalid format", result + } + result.Rsi = sm[1] + result.Country = sm[2] + result.StateOrProvince = sm[3] + result.RegRef = sm[5] + return "", result + +} + +func GetSubjectOrgId(rawSubject []byte) parsedSubjectElement { + return GetSubjectElement(rawSubject, CabfSubjectOrganizationIdentifier) +} +func GetSubjectElement(rawSubject []byte, soughtOid asn1.ObjectIdentifier) parsedSubjectElement { + result := parsedSubjectElement{IsPresent: false, Value: "", ErrorString: ""} + var nl RDNSequence + + rest, err := asn1.Unmarshal(rawSubject, &nl) // parse the sequence of sets, i.e. each list element in nl will be a set + if err != nil { + return parsedSubjectElement{IsPresent: false, Value: "", ErrorString: "error parsing outer SEQ of subject DN"} + } + if len(rest) != 0 { + return parsedSubjectElement{IsPresent: false, ErrorString: "rest len of outer seq != 0 in subject DN", Value: ""} + } + for _, item := range nl { + for _, typeAndValue := range item { + if typeAndValue.Type.Equal(soughtOid) { + if result.IsPresent { + AppendToStringSemicolonDelim(&result.ErrorString, "double AVA found in subject:... encountered, this is not expected") + return result + } + result.IsPresent = true + var parsedString string + _, _ = asn1.Unmarshal(typeAndValue.Value.FullBytes, &parsedString) + result.Value = parsedString + result.Asn1RawValue = typeAndValue.Value + } + } + } + return result +} + +type ParsedOrgId struct { + Rsi, Country, SubDiv, RegRef string +} diff --git a/v3/util/misc.go b/v3/util/misc.go new file mode 100644 index 000000000..aec61e872 --- /dev/null +++ b/v3/util/misc.go @@ -0,0 +1,22 @@ +package util + +/* + * ZLint Copyright 2024 Regents of the University of Michigan + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy + * of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +func AppendToStringSemicolonDelim(this *string, s string) { + if len(*this) > 0 && len(s) > 0 { + (*this) += "; " + } + (*this) += s +} diff --git a/v3/util/oid.go b/v3/util/oid.go index ec81a9041..35742ad8c 100644 --- a/v3/util/oid.go +++ b/v3/util/oid.go @@ -95,27 +95,40 @@ var ( SHA384OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} SHA512OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3} // other OIDs - OidRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} - OidRSASSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} - OidMD2WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} - OidMD5WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} - OidSHA1WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} - OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14} - OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} - OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} - OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} - AnyPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 32, 0} - UserNoticeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2} - CpsOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} - IdEtsiQcsQcCompliance = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1} - IdEtsiQcsQcLimitValue = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2} - IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3} - IdEtsiQcsQcSSCD = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4} - IdEtsiQcsQcEuPDS = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5} - IdEtsiQcsQcType = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6} - IdEtsiQcsQctEsign = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1} - IdEtsiQcsQctEseal = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2} - IdEtsiQcsQctWeb = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3} + OidRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} + OidRSASSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} + OidMD2WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} + OidMD5WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} + OidSHA1WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} + OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14} + OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} + OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} + OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} + AnyPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 32, 0} + UserNoticeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2} + CpsOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} + IdEtsiQcsQcCompliance = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1} + IdEtsiQcsQcLimitValue = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2} + IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3} + IdEtsiQcsQcSSCD = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4} + IdEtsiQcsQcEuPDS = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5} + IdEtsiQcsQcType = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6} + IdEtsiQcsQctEsign = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1} + IdEtsiQcsQctEseal = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2} + IdEtsiQcsQctWeb = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3} + IdEtsiPsd2Statem = asn1.ObjectIdentifier{0, 4, 0, 19495, 2} + IdEtsiPsd2RolePspAs = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 1} + IdEtsiPsd2RolePspPi = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 2} + IdEtsiPsd2RolePspAi = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 3} + IdEtsiPsd2RolePspIc = asn1.ObjectIdentifier{0, 4, 0, 19495, 1, 4} + IdEtsiQcsSemanticsIdLegal = asn1.ObjectIdentifier{0, 4, 0, 194121, 1, 2} + IdEtsiPolicyQcpNatural = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 0} + IdEtsiPolicyQcpLegal = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 1} + IdEtsiPolicyQcpNaturalQscd = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 2} + IdEtsiPolicyQcpLegalQscd = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 3} + IdEtsiPolicyQcpWeb = asn1.ObjectIdentifier{0, 4, 0, 194112, 1, 4} + IdQcsPkixQCSyntaxV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 11, 2} + CabfSubjectOrganizationIdentifier = asn1.ObjectIdentifier{2, 5, 4, 97} ) const ( diff --git a/v3/util/qc_stmt.go b/v3/util/qc_stmt.go index b258053d7..393bda5c5 100644 --- a/v3/util/qc_stmt.go +++ b/v3/util/qc_stmt.go @@ -18,10 +18,24 @@ import ( "bytes" "fmt" "reflect" + "regexp" + "strings" + "unicode" "github.com/zmap/zcrypto/encoding/asn1" + "github.com/zmap/zcrypto/x509" ) +var EtsiQcStmtOidList = [...]*asn1.ObjectIdentifier{ + &IdEtsiQcsQcCompliance, + &IdEtsiQcsQcLimitValue, + &IdEtsiQcsQcRetentionPeriod, + &IdEtsiQcsQcSSCD, + &IdEtsiQcsQcEuPDS, + &IdEtsiQcsQcType, + &IdEtsiPsd2Statem, +} + type anyContent struct { Raw asn1.RawContent } @@ -30,10 +44,12 @@ type qcStatementWithInfoField struct { Oid asn1.ObjectIdentifier Any asn1.RawValue } + type qcStatementWithoutInfoField struct { Oid asn1.ObjectIdentifier } +// === etsi base ==> type etsiBase struct { errorInfo string isPresent bool @@ -47,6 +63,8 @@ func (this etsiBase) IsPresent() bool { return this.isPresent } +// <== etsi base === + type EtsiQcStmtIf interface { GetErrorInfo() string IsPresent() bool @@ -98,16 +116,76 @@ type EtsiQcPds struct { PdsLocations []PdsLocation } -func AppendToStringSemicolonDelim(this *string, s string) { - if len(*this) > 0 && len(s) > 0 { - (*this) += "; " +// ==== QcStatement 2 (RFC3739)types ===> + +type DecodedQcS2 struct { + etsiBase + Decoded QcStatemt2 +} +type QcStatemt2 struct { + SemanticsId asn1.ObjectIdentifier `asn1:"optional"` + NameRegAuthorities NameRegistrationAuthorities `asn1:"optional"` +} + +type NameRegistrationAuthorities []asn1.RawValue + +// <=== QcStatement 2 (RFC3739)types ==== + +// ==== PSD2 QcStatement types ===> +type Psd2RoleOfPspType int + +const ( + RoleAs Psd2RoleOfPspType = 1 + RolePi Psd2RoleOfPspType = 2 + RoleAi Psd2RoleOfPspType = 3 + RoleIc Psd2RoleOfPspType = 4 +) + +// === ASN.1 Types ==> +type Psd2RoleOfPsp struct { + RoleType asn1.ObjectIdentifier + RoleOfPspName string `asn1:"utf8"` +} + +type EtsiPsd2QcStatem struct { + Roles []Psd2RoleOfPsp + NCAName string `asn1:"utf8"` + CountryAndNCAId string `asn1:"utf8"` +} + +// <== ASN.1 Types === + +type EtsiPsd2 struct { + etsiBase + DecodedPsd2Statm EtsiPsd2QcStatem +} + +func (this EtsiPsd2) getCountryAndNcaId() (string, string) { + runes := []rune(this.DecodedPsd2Statm.CountryAndNCAId) + if len(this.DecodedPsd2Statm.CountryAndNCAId) < 4 || !unicode.IsUpper(runes[0]) || !unicode.IsUpper(runes[1]) || runes[2] != '-' { + return "", "" } - (*this) += s + return string(runes[0:2]), string(runes[3:]) +} + +func (this EtsiPsd2) GetNcaCountry() string { + co, _ := this.getCountryAndNcaId() + return co +} +func (this EtsiPsd2) GetNcaId() string { + _, ncaId := this.getCountryAndNcaId() + return ncaId } -func checkAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfComparisonFails string) string { +// <=== PSD2 QcStatement types ==== + +func CheckAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfComparisonFails string) string { + return CheckAsn1ReencodingWithParams(i, originalEncoding, appendIfComparisonFails, "") +} + +func CheckAsn1ReencodingWithParams(i interface{}, originalEncoding []byte, appendIfComparisonFails string, params string) string { result := "" - reencoded, marshErr := asn1.Marshal(i) + reencoded, marshErr := asn1.MarshalWithParams(i, params) if marshErr != nil { AppendToStringSemicolonDelim(&result, fmt.Sprintf("error reencoding ASN1 value of statementInfo field: %s", marshErr)) @@ -118,15 +196,122 @@ func checkAsn1Reencoding(i interface{}, originalEncoding []byte, appendIfCompari return result } +func CertHasSubjectOrgIdWithPrefix(c *x509.Certificate, prefix string) bool { + + if !IsExtInCert(c, QcStateOid) { + return false + } + if !ParseQcStatem(GetExtFromCert(c, QcStateOid).Value, IdEtsiPsd2Statem).IsPresent() { + return false + } + + orgId := GetSubjectOrgId(c.RawSubject) + if len(orgId.ErrorString) != 0 || !orgId.IsPresent { + return false + } + runes := []rune(orgId.Value) + prefixLen := len(prefix) + if len(runes) < prefixLen || string(runes[0:prefixLen]) != prefix { + return false + } + return true +} + +type EtsiPsd2OrgId struct { + Rsi, Country, NcaId, PspId string +} + +func ParseEtsiPsd2OrgId(oi *string) (string, EtsiPsd2OrgId) { + var result EtsiPsd2OrgId + re_psd := regexp.MustCompile(`^(PSD)([A-Z]{2})-([A-Z]{2,8})-(.+)$`) + re_generic := regexp.MustCompile(`^(.{3})([A-Z]{2})()-(.+)$`) + var sm []string + if re_psd.MatchString(*oi) { + sm = re_psd.FindStringSubmatch(*oi) + } else if !strings.HasPrefix(*oi, "PSD") && re_generic.MatchString(*oi) { + sm = re_generic.FindStringSubmatch(*oi) + } else { + return "invalid format of PSD2 organizationIdentifier", result + } + result.Rsi = sm[1] + result.Country = sm[2] + result.NcaId = sm[3] + result.PspId = sm[4] + return "", result +} + +func CheckEtsiPsd2OrgIdPsd(oi *string) string { + errStr, x := ParseEtsiPsd2OrgId(oi) + if len(errStr) != 0 { + return errStr + } + if x.Rsi != "PSD" { + return "ETSI PSD2 OrganizationIdentifier does not start with 'PSD'" + } + return "" +} + +func GetEtsiQcTypes(c *x509.Certificate) []asn1.ObjectIdentifier { + var result []asn1.ObjectIdentifier + ext := GetExtFromCert(c, QcStateOid) + if ext == nil { + return nil + } + s := ParseQcStatem(ext.Value, IdEtsiQcsQcType) + if len(s.GetErrorInfo()) != 0 { + return nil + } + if !s.IsPresent() { + return result + } + qcType := s.(Etsi423QcType) + result = append(result, qcType.TypeOids...) + return result +} + +func HasCertAnyEtsiQcpPolicy(c *x509.Certificate) bool { + for _, p := range c.PolicyIdentifiers { + if p.Equal(IdEtsiPolicyQcpNatural) || p.Equal(IdEtsiPolicyQcpLegal) || p.Equal(IdEtsiPolicyQcpNaturalQscd) || p.Equal(IdEtsiPolicyQcpLegalQscd) || p.Equal(IdEtsiPolicyQcpWeb) { + return true + } + } + return false + +} + +func HasCertPolicy(c *x509.Certificate, soughtPolicyOid asn1.ObjectIdentifier) bool { + + for _, policyOid := range c.PolicyIdentifiers { + if policyOid.Equal(soughtPolicyOid) { + return true + } + } + return false +} + +func HasCertEtsiQcType(c *x509.Certificate, soughtTypeOid asn1.ObjectIdentifier) bool { + typeList := GetEtsiQcTypes(c) + if typeList == nil { + return false + } + for _, typeOid := range typeList { + if typeOid.Equal(soughtTypeOid) { + return true + } + } + return false +} + +func HasCertAnyEtsiQcStatement(c *x509.Certificate) bool { + ext := GetExtFromCert(c, QcStateOid) + if ext == nil { + return false + } + return IsAnyEtsiQcStatementPresent(ext.Value) +} + func IsAnyEtsiQcStatementPresent(extVal []byte) bool { - oidList := make([]*asn1.ObjectIdentifier, 6) - oidList[0] = &IdEtsiQcsQcCompliance - oidList[1] = &IdEtsiQcsQcLimitValue - oidList[2] = &IdEtsiQcsQcRetentionPeriod - oidList[3] = &IdEtsiQcsQcSSCD - oidList[4] = &IdEtsiQcsQcEuPDS - oidList[5] = &IdEtsiQcsQcType - for _, oid := range oidList { + for _, oid := range EtsiQcStmtOidList { r := ParseQcStatem(extVal, *oid) if r.IsPresent() { return true @@ -135,7 +320,29 @@ func IsAnyEtsiQcStatementPresent(extVal []byte) bool { return false } -//nolint:gocyclo +func IsQcStatemPresent(c *x509.Certificate, oid *asn1.ObjectIdentifier) (string, bool) { + if !IsExtInCert(c, QcStateOid) { + return "", false + } + qcs := ParseQcStatem(GetExtFromCert(c, QcStateOid).Value, *oid) + if qcs.GetErrorInfo() != "" { + return qcs.GetErrorInfo(), qcs.IsPresent() + } + return "", qcs.IsPresent() +} + +func CheckNationalScheme(oi string) bool { + if len(oi) < 6 { + return false + } + re := regexp.MustCompile(`^.{2}:[A-Z]{2}-.+$`) + return re.MatchString(oi) +} + +func GetQcStatemExtValue(c *x509.Certificate) []byte { + return GetExtFromCert(c, QcStateOid).Value +} + func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf { sl := make([]anyContent, 0) rest, err := asn1.Unmarshal(extVal, &sl) @@ -170,85 +377,148 @@ func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf { continue } if statem.Oid.Equal(IdEtsiQcsQcCompliance) { - etsiObj := Etsi421QualEuCert{etsiBase: etsiBase{isPresent: true}} - statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} - AppendToStringSemicolonDelim(&etsiObj.errorInfo, checkAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, - "invalid format of ETSI Complicance statement")) - return etsiObj + return handleIdEtsiQcsQcCompliance(statem, raw) } else if statem.Oid.Equal(IdEtsiQcsQcLimitValue) { - etsiObj := EtsiQcLimitValue{etsiBase: etsiBase{isPresent: true}} - numErr := false - alphErr := false - var numeric EtsiMonetaryValueNum - var alphabetic EtsiMonetaryValueAlph - restNum, errNum := asn1.Unmarshal(statem.Any.FullBytes, &numeric) - if len(restNum) != 0 || errNum != nil { - numErr = true - } else { - etsiObj.IsNum = true - etsiObj.Amount = numeric.Amount - etsiObj.Exponent = numeric.Exponent - etsiObj.CurrencyNum = numeric.Iso4217CurrencyCodeNum - - } - if numErr { - restAlph, errAlph := asn1.Unmarshal(statem.Any.FullBytes, &alphabetic) - if len(restAlph) != 0 || errAlph != nil { - alphErr = true - } else { - etsiObj.IsNum = false - etsiObj.Amount = alphabetic.Amount - etsiObj.Exponent = alphabetic.Exponent - etsiObj.CurrencyAlph = alphabetic.Iso4217CurrencyCodeAlph - AppendToStringSemicolonDelim(&etsiObj.errorInfo, - checkAsn1Reencoding(reflect.ValueOf(alphabetic).Interface(), - statem.Any.FullBytes, "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) - } - } - if numErr && alphErr { - etsiObj.errorInfo = "error parsing the ETSI Qc Statement statementInfo field" - } - return etsiObj - + return handleIdEtsiQcsQcLimitValue(statem) } else if statem.Oid.Equal(IdEtsiQcsQcRetentionPeriod) { - etsiObj := EtsiQcRetentionPeriod{etsiBase: etsiBase{isPresent: true}} - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.Period) - - if len(rest) != 0 || err != nil { - etsiObj.errorInfo = "error parsing the statementInfo field" - } - return etsiObj + return handleIdEtsiQcsQcRetentionPeriod(statem) } else if statem.Oid.Equal(IdEtsiQcsQcSSCD) { - etsiObj := EtsiQcSscd{etsiBase: etsiBase{isPresent: true}} - statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} - AppendToStringSemicolonDelim(&etsiObj.errorInfo, checkAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, - "invalid format of ETSI SCSD statement")) - return etsiObj + return handleIdEtsiQcsQcSSCD(statem, raw) } else if statem.Oid.Equal(IdEtsiQcsQcEuPDS) { - etsiObj := EtsiQcPds{etsiBase: etsiBase{isPresent: true}} - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.PdsLocations) - if len(rest) != 0 || err != nil { - etsiObj.errorInfo = "error parsing the statementInfo field" - } else { - AppendToStringSemicolonDelim(&etsiObj.errorInfo, - checkAsn1Reencoding(reflect.ValueOf(etsiObj.PdsLocations).Interface(), statem.Any.FullBytes, - "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) - } - return etsiObj + return handleIdEtsiQcsQcEuPDS(statem) } else if statem.Oid.Equal(IdEtsiQcsQcType) { - var qcType Etsi423QcType - qcType.isPresent = true - rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcType.TypeOids) - if len(rest) != 0 || err != nil { - return etsiBase{errorInfo: "error parsing IdEtsiQcsQcType extension statementInfo field", isPresent: true} - } - return qcType + return handleIdEtsiQcsQcType(statem) + } else if statem.Oid.Equal(IdEtsiPsd2Statem) { + return handleIdEtsiPsd2Statem(statem) + } else if statem.Oid.Equal(IdQcsPkixQCSyntaxV2) { + return handleIdQcsPkixQCSyntaxV2(statem) } else { return etsiBase{errorInfo: "", isPresent: true} } - } return etsiBase{errorInfo: "", isPresent: false} } + +func handleIdQcsPkixQCSyntaxV2(statem qcStatementWithInfoField) EtsiQcStmtIf { + var qcs2Statem DecodedQcS2 + qcs2Statem.isPresent = true + if len(statem.Any.FullBytes) == 0 { + return qcs2Statem + } + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcs2Statem.Decoded) + if err != nil { + AppendToStringSemicolonDelim(&qcs2Statem.errorInfo, "error parsing statement: "+err.Error()) + } + if len(rest) != 0 { + AppendToStringSemicolonDelim(&qcs2Statem.errorInfo, "trailing bytes after QcStatement") + } + return qcs2Statem +} + +func handleIdEtsiPsd2Statem(statem qcStatementWithInfoField) EtsiQcStmtIf { + var psd2Statem EtsiPsd2 + psd2Statem.isPresent = true + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &psd2Statem.DecodedPsd2Statm) + if len(rest) != 0 || err != nil { + return etsiBase{errorInfo: "error parsing IdEtsiPsd2Statem extension statementInfo field", isPresent: true} + } + if psd2Statem.DecodedPsd2Statm.CountryAndNCAId == "" || psd2Statem.DecodedPsd2Statm.NCAName == "" { + AppendToStringSemicolonDelim(&psd2Statem.errorInfo, "field has length 0") + } + for _, role := range psd2Statem.DecodedPsd2Statm.Roles { + if role.RoleOfPspName == "" { + AppendToStringSemicolonDelim(&psd2Statem.errorInfo, "field has length 0") + } + } + AppendToStringSemicolonDelim(&psd2Statem.errorInfo, + CheckAsn1Reencoding(reflect.ValueOf(psd2Statem.DecodedPsd2Statm).Interface(), statem.Any.FullBytes, + "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + return psd2Statem +} + +func handleIdEtsiQcsQcType(statem qcStatementWithInfoField) EtsiQcStmtIf { + var qcType Etsi423QcType + qcType.isPresent = true + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &qcType.TypeOids) + if len(rest) != 0 || err != nil { + return etsiBase{errorInfo: "error parsing IdEtsiQcsQcType extension statementInfo field", isPresent: true} + } + return qcType +} + +func handleIdEtsiQcsQcEuPDS(statem qcStatementWithInfoField) EtsiQcStmtIf { + etsiObj := EtsiQcPds{etsiBase: etsiBase{isPresent: true}} + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.PdsLocations) + if len(rest) != 0 || err != nil { + etsiObj.errorInfo = "error parsing the statementInfo field" + } else { + AppendToStringSemicolonDelim(&etsiObj.errorInfo, + CheckAsn1Reencoding(reflect.ValueOf(etsiObj.PdsLocations).Interface(), statem.Any.FullBytes, + "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + } + return etsiObj +} + +func handleIdEtsiQcsQcSSCD(statem qcStatementWithInfoField, raw anyContent) EtsiQcStmtIf { + etsiObj := EtsiQcSscd{etsiBase: etsiBase{isPresent: true}} + statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} + AppendToStringSemicolonDelim(&etsiObj.errorInfo, CheckAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, + "invalid format of ETSI SCSD statement")) + return etsiObj +} + +func handleIdEtsiQcsQcRetentionPeriod(statem qcStatementWithInfoField) EtsiQcStmtIf { + etsiObj := EtsiQcRetentionPeriod{etsiBase: etsiBase{isPresent: true}} + rest, err := asn1.Unmarshal(statem.Any.FullBytes, &etsiObj.Period) + + if len(rest) != 0 || err != nil { + etsiObj.errorInfo = "error parsing the statementInfo field" + } + return etsiObj +} + +func handleIdEtsiQcsQcLimitValue(statem qcStatementWithInfoField) EtsiQcStmtIf { + etsiObj := EtsiQcLimitValue{etsiBase: etsiBase{isPresent: true}} + numErr := false + alphErr := false + var numeric EtsiMonetaryValueNum + var alphabetic EtsiMonetaryValueAlph + restNum, errNum := asn1.Unmarshal(statem.Any.FullBytes, &numeric) + if len(restNum) != 0 || errNum != nil { + numErr = true + } else { + etsiObj.IsNum = true + etsiObj.Amount = numeric.Amount + etsiObj.Exponent = numeric.Exponent + etsiObj.CurrencyNum = numeric.Iso4217CurrencyCodeNum + + } + if numErr { + restAlph, errAlph := asn1.Unmarshal(statem.Any.FullBytes, &alphabetic) + if len(restAlph) != 0 || errAlph != nil { + alphErr = true + } else { + etsiObj.IsNum = false + etsiObj.Amount = alphabetic.Amount + etsiObj.Exponent = alphabetic.Exponent + etsiObj.CurrencyAlph = alphabetic.Iso4217CurrencyCodeAlph + AppendToStringSemicolonDelim(&etsiObj.errorInfo, + CheckAsn1Reencoding(reflect.ValueOf(alphabetic).Interface(), + statem.Any.FullBytes, "error with ASN.1 encoding, possibly a wrong ASN.1 string type was used")) + } + } + if numErr && alphErr { + etsiObj.errorInfo = "error parsing the ETSI Qc Statement statementInfo field" + } + return etsiObj +} + +func handleIdEtsiQcsQcCompliance(statem qcStatementWithInfoField, raw anyContent) EtsiQcStmtIf { + etsiObj := Etsi421QualEuCert{etsiBase: etsiBase{isPresent: true}} + statemWithoutInfo := qcStatementWithoutInfoField{Oid: statem.Oid} + AppendToStringSemicolonDelim(&etsiObj.errorInfo, CheckAsn1Reencoding(reflect.ValueOf(statemWithoutInfo).Interface(), raw.Raw, + "invalid format of ETSI Complicance statement")) + return etsiObj +} diff --git a/v3/util/time.go b/v3/util/time.go index 0f3a1948c..64500dbf8 100644 --- a/v3/util/time.go +++ b/v3/util/time.go @@ -78,8 +78,12 @@ var ( CABFBRs_2_0_0_Date = time.Date(2023, time.September, 15, 0, 0, 0, 0, time.UTC) NoReservedDomainLabelsDate = time.Date(2021, time.October, 1, 0, 0, 0, 0, time.UTC) CABFBRs_OU_Prohibited_Date = time.Date(2022, time.September, 1, 0, 0, 0, 0, time.UTC) - SC17EffectiveDate = time.Date(2019, time.June, 21, 0, 0, 0, 0, time.UTC) - CABF_SMIME_BRs_1_0_0_Date = time.Date(2023, time.September, 1, 0, 0, 0, 0, time.UTC) + EtsiPSD2Date = time.Date(2018, time.November, 1, 0, 0, 0, 0, time.UTC) + CABAltRegNumEvExtMandDate = time.Date(2020, time.January, 31, 0, 0, 0, 0, time.UTC) + CABAltRegNumEvDate = time.Date(2019, time.June, 21, 0, 0, 0, 0, time.UTC) + + SC17EffectiveDate = time.Date(2019, time.June, 21, 0, 0, 0, 0, time.UTC) + CABF_SMIME_BRs_1_0_0_Date = time.Date(2023, time.September, 1, 0, 0, 0, 0, time.UTC) // Enforcement date of CRL reason codes from Ballot SC 061 CABFBRs_1_8_7_Date = time.Date(2023, time.July, 15, 0, 0, 0, 0, time.UTC) // Updates to the CABF BRs and EVGLs from Ballot SC 062 https://cabforum.org/2023/03/17/ballot-sc62v2-certificate-profiles-update/ From 15a8be3cf8be2d1b2e8eddb1f2f3ddfeb81ff73a Mon Sep 17 00:00:00 2001 From: mtgag Date: Fri, 21 Jun 2024 10:03:08 +0200 Subject: [PATCH 15/21] gofmt --- v3/util/qc_stmt.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v3/util/qc_stmt.go b/v3/util/qc_stmt.go index 393bda5c5..06163f274 100644 --- a/v3/util/qc_stmt.go +++ b/v3/util/qc_stmt.go @@ -141,7 +141,7 @@ const ( RoleIc Psd2RoleOfPspType = 4 ) -// === ASN.1 Types ==> +// === ASN.1 Types ==> type Psd2RoleOfPsp struct { RoleType asn1.ObjectIdentifier RoleOfPspName string `asn1:"utf8"` From 138eaedbbb940780824d6ec93f4a0b3ed0682402 Mon Sep 17 00:00:00 2001 From: mtgag Date: Fri, 21 Jun 2024 10:04:14 +0200 Subject: [PATCH 16/21] removed unneccesary functions --- v3/util/alt_reg_num_ev.go | 55 --------------------------------------- 1 file changed, 55 deletions(-) diff --git a/v3/util/alt_reg_num_ev.go b/v3/util/alt_reg_num_ev.go index 98d7f557f..4fd554052 100644 --- a/v3/util/alt_reg_num_ev.go +++ b/v3/util/alt_reg_num_ev.go @@ -15,11 +15,7 @@ package util */ import ( - "reflect" - "regexp" - "github.com/zmap/zcrypto/encoding/asn1" - "github.com/zmap/zcrypto/x509" ) type RDNSequence []RelativeDistinguishedNameSET @@ -49,57 +45,6 @@ type cabfOrgIdExt struct { RegRef string `asn1:"utf8"` } -func ParseCabfOrgIdExt(c *x509.Certificate) (string, ParsedEvOrgId) { - var result ParsedEvOrgId - - ext := GetExtFromCert(c, CabfExtensionOrganizationIdentifier) - var parsedExt cabfOrgIdExt - // check that we can parse the extension: - rest, err := asn1.Unmarshal(ext.Value, &parsedExt) - if len(rest) != 0 { - return "trailing bytes after extension", result - } - if err != nil { - return "could not parse extension value:" + err.Error(), result - } - errStr := CheckAsn1Reencoding(reflect.ValueOf(parsedExt).Interface(), ext.Value, "invalid string type in extension") - if errStr != "" { - return "", result - } - result.Country = parsedExt.Country - result.RegRef = parsedExt.RegRef - result.Rsi = parsedExt.Rsi - result.StateOrProvince = parsedExt.StateOrProvince - return "", result -} - -func ParseCabfOrgId(oi string, isEtsi bool) (string, ParsedEvOrgId) { - var result ParsedEvOrgId - re_ntr := regexp.MustCompile(`^(NTR)([A-Z]{2})([+]([A-Z]{2}))?-(.+)$`) - re_vat_psd := regexp.MustCompile(`^(VAT|PSD)([A-Z]{2})(())-(.+)$`) - re_lei := regexp.MustCompile(`^(LEI)(XG)(())-(.+)$`) - var sm []string - if re_ntr.MatchString(oi) { - sm = re_ntr.FindStringSubmatch(oi) - } else if re_vat_psd.MatchString(oi) { - sm = re_vat_psd.FindStringSubmatch(oi) - } else if re_lei.MatchString(oi) { - if isEtsi { - sm = re_lei.FindStringSubmatch(oi) - } else { - return "CAB/F subject:organizationIdentifier does not allow LEI", result - } - } else { - return "CAB/F subject:organizationIdentifier has an invalid format", result - } - result.Rsi = sm[1] - result.Country = sm[2] - result.StateOrProvince = sm[3] - result.RegRef = sm[5] - return "", result - -} - func GetSubjectOrgId(rawSubject []byte) parsedSubjectElement { return GetSubjectElement(rawSubject, CabfSubjectOrganizationIdentifier) } From 03ba718c81fba709d47d6182ede895e0ef25cd9b Mon Sep 17 00:00:00 2001 From: mtgag Date: Fri, 21 Jun 2024 10:11:12 +0200 Subject: [PATCH 17/21] removed unused --- v3/util/alt_reg_num_ev.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/v3/util/alt_reg_num_ev.go b/v3/util/alt_reg_num_ev.go index 4fd554052..5d0033c08 100644 --- a/v3/util/alt_reg_num_ev.go +++ b/v3/util/alt_reg_num_ev.go @@ -38,13 +38,6 @@ type ParsedEvOrgId struct { Rsi, Country, StateOrProvince, RegRef string } -type cabfOrgIdExt struct { - Rsi string `asn1:"printable"` - Country string `asn1:"printable"` - StateOrProvince string `asn1:"printable,optional,tag:0"` - RegRef string `asn1:"utf8"` -} - func GetSubjectOrgId(rawSubject []byte) parsedSubjectElement { return GetSubjectElement(rawSubject, CabfSubjectOrganizationIdentifier) } From 3d30cf8e3128991e3f25df4d0b12c04e774d16ec Mon Sep 17 00:00:00 2001 From: mtgag Date: Mon, 24 Jun 2024 16:05:31 +0200 Subject: [PATCH 18/21] moved function --- v3/util/misc.go | 22 ---------------------- v3/util/qc_stmt.go | 7 +++++++ 2 files changed, 7 insertions(+), 22 deletions(-) delete mode 100644 v3/util/misc.go diff --git a/v3/util/misc.go b/v3/util/misc.go deleted file mode 100644 index aec61e872..000000000 --- a/v3/util/misc.go +++ /dev/null @@ -1,22 +0,0 @@ -package util - -/* - * ZLint Copyright 2024 Regents of the University of Michigan - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy - * of the License at http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -func AppendToStringSemicolonDelim(this *string, s string) { - if len(*this) > 0 && len(s) > 0 { - (*this) += "; " - } - (*this) += s -} diff --git a/v3/util/qc_stmt.go b/v3/util/qc_stmt.go index 06163f274..d46853f15 100644 --- a/v3/util/qc_stmt.go +++ b/v3/util/qc_stmt.go @@ -522,3 +522,10 @@ func handleIdEtsiQcsQcCompliance(statem qcStatementWithInfoField, raw anyContent "invalid format of ETSI Complicance statement")) return etsiObj } + +func AppendToStringSemicolonDelim(this *string, s string) { + if len(*this) > 0 && len(s) > 0 { + (*this) += "; " + } + (*this) += s +} From 3e4397213a811ce2cf58173f4c13b895bd454e52 Mon Sep 17 00:00:00 2001 From: mtgag Date: Wed, 26 Jun 2024 07:07:33 +0200 Subject: [PATCH 19/21] synchronised with project --- v3/go.sum | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/v3/go.sum b/v3/go.sum index e4c06379f..c3ec2324f 100644 --- a/v3/go.sum +++ b/v3/go.sum @@ -15,13 +15,11 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mreiferson/go-httpclient v0.0.0-20201222173833-5e475fde3a4d/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/pelletier/go-toml v1.9.3 h1:zeC5b1GviRUyKYd6OJPvBU/mcVDVoL1OhT17FCt5dSQ= github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -39,11 +37,9 @@ github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhu github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is= github.com/zmap/zcertificate v0.0.1/go.mod h1:q0dlN54Jm4NVSSuzisusQY0hqDWvu92C+TWveAxiVWk= -github.com/zmap/zcrypto v0.0.0-20201128221613-3719af1573cf/go.mod h1:aPM7r+JOkfL+9qSB4KbYjtoEzJqUK50EXkkJabeNJDQ= github.com/zmap/zcrypto v0.0.0-20201211161100-e54a5822fb7e/go.mod h1:aPM7r+JOkfL+9qSB4KbYjtoEzJqUK50EXkkJabeNJDQ= github.com/zmap/zcrypto v0.0.0-20230310154051-c8b263fd8300 h1:DZH5n7L3L8RxKdSyJHZt7WePgwdhHnPhQFdQSJaHF+o= github.com/zmap/zcrypto v0.0.0-20230310154051-c8b263fd8300/go.mod h1:mOd4yUMgn2fe2nV9KXsa9AyQBFZGzygVPovsZR+Rl5w= -github.com/zmap/zlint/v3 v3.0.0/go.mod h1:paGwFySdHIBEMJ61YjoqT4h7Ge+fdYG4sUQhnTb1lJ8= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -51,6 +47,8 @@ golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWP golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -65,6 +63,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -76,26 +76,30 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201126233918-771906719818/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From b5d3ada019a0f0fcccd1091ea0521962235ad808 Mon Sep 17 00:00:00 2001 From: mtgag Date: Wed, 26 Jun 2024 07:16:56 +0200 Subject: [PATCH 20/21] added --- v3/go.sum | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/v3/go.sum b/v3/go.sum index c3ec2324f..4badce035 100644 --- a/v3/go.sum +++ b/v3/go.sum @@ -15,6 +15,7 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mreiferson/go-httpclient v0.0.0-20201222173833-5e475fde3a4d/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= +github.com/pelletier/go-toml v1.9.3 h1:zeC5b1GviRUyKYd6OJPvBU/mcVDVoL1OhT17FCt5dSQ= github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -37,9 +38,11 @@ github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhu github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is= github.com/zmap/zcertificate v0.0.1/go.mod h1:q0dlN54Jm4NVSSuzisusQY0hqDWvu92C+TWveAxiVWk= +github.com/zmap/zcrypto v0.0.0-20201128221613-3719af1573cf/go.mod h1:aPM7r+JOkfL+9qSB4KbYjtoEzJqUK50EXkkJabeNJDQ= github.com/zmap/zcrypto v0.0.0-20201211161100-e54a5822fb7e/go.mod h1:aPM7r+JOkfL+9qSB4KbYjtoEzJqUK50EXkkJabeNJDQ= github.com/zmap/zcrypto v0.0.0-20230310154051-c8b263fd8300 h1:DZH5n7L3L8RxKdSyJHZt7WePgwdhHnPhQFdQSJaHF+o= github.com/zmap/zcrypto v0.0.0-20230310154051-c8b263fd8300/go.mod h1:mOd4yUMgn2fe2nV9KXsa9AyQBFZGzygVPovsZR+Rl5w= +github.com/zmap/zlint/v3 v3.0.0/go.mod h1:paGwFySdHIBEMJ61YjoqT4h7Ge+fdYG4sUQhnTb1lJ8= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -76,6 +79,7 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201126233918-771906719818/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -85,6 +89,7 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -95,6 +100,7 @@ golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= From 10b90b88ca86addd18738c040e42f4cc478d4ba6 Mon Sep 17 00:00:00 2001 From: mtgag Date: Wed, 26 Jun 2024 07:20:13 +0200 Subject: [PATCH 21/21] added --- v3/go.sum | 2 ++ 1 file changed, 2 insertions(+) diff --git a/v3/go.sum b/v3/go.sum index 4badce035..69f03aef6 100644 --- a/v3/go.sum +++ b/v3/go.sum @@ -21,6 +21,7 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -89,6 +90,7 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=