diff options
| author | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-15 22:39:58 +0000 |
|---|---|---|
| committer | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-15 22:39:58 +0000 |
| commit | 39a6d21d254773c175a852fc38aadc83a58aa17c (patch) | |
| tree | 37110e4ac7185dedb649f9dc7a61eee507bd58f7 /net | |
| parent | 8658ac6d02565f95fc440da5689fc5c72d5f69da (diff) | |
| download | chromium_src-39a6d21d254773c175a852fc38aadc83a58aa17c.zip chromium_src-39a6d21d254773c175a852fc38aadc83a58aa17c.tar.gz chromium_src-39a6d21d254773c175a852fc38aadc83a58aa17c.tar.bz2 | |
Reject certificate chains containing small RSA and DSA keys.
"Small" means less than 1024 bits.
BUG=102949
TEST=net_unittests, X509CertificateTest.*
Review URL: http://codereview.chromium.org/8568040
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
38 files changed, 1815 insertions, 5 deletions
diff --git a/net/base/cert_status_flags.cc b/net/base/cert_status_flags.cc index d897df5..153327f 100644 --- a/net/base/cert_status_flags.cc +++ b/net/base/cert_status_flags.cc @@ -41,6 +41,8 @@ CertStatus MapNetErrorToCertStatus(int error) { return CERT_STATUS_INVALID; case ERR_CERT_WEAK_SIGNATURE_ALGORITHM: return CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; + case ERR_CERT_WEAK_KEY: + return CERT_STATUS_WEAK_KEY; case ERR_CERT_NOT_IN_DNS: return CERT_STATUS_NOT_IN_DNS; default: @@ -65,6 +67,8 @@ int MapCertStatusToNetError(CertStatus cert_status) { return ERR_CERT_COMMON_NAME_INVALID; if (cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM) return ERR_CERT_WEAK_SIGNATURE_ALGORITHM; + if (cert_status & CERT_STATUS_WEAK_KEY) + return ERR_CERT_WEAK_KEY; if (cert_status & CERT_STATUS_DATE_INVALID) return ERR_CERT_DATE_INVALID; diff --git a/net/base/cert_status_flags.h b/net/base/cert_status_flags.h index 79ac1b0..7adddc5 100644 --- a/net/base/cert_status_flags.h +++ b/net/base/cert_status_flags.h @@ -32,6 +32,7 @@ static const CertStatus CERT_STATUS_INVALID = 1 << 7; static const CertStatus CERT_STATUS_WEAK_SIGNATURE_ALGORITHM = 1 << 8; static const CertStatus CERT_STATUS_NOT_IN_DNS = 1 << 9; static const CertStatus CERT_STATUS_NON_UNIQUE_NAME = 1 << 10; +static const CertStatus CERT_STATUS_WEAK_KEY = 1 << 11; // Bits 16 to 31 are for non-error statuses. static const CertStatus CERT_STATUS_IS_EV = 1 << 16; diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h index 13fba2c..37f5f31 100644 --- a/net/base/net_error_list.h +++ b/net/base/net_error_list.h @@ -380,13 +380,17 @@ NET_ERROR(CERT_NOT_IN_DNS, -209) // The host name specified in the certificate is not unique. NET_ERROR(CERT_NON_UNIQUE_NAME, -210) +// The server responded with a certificate that contains a weak key (e.g. +// a too-small RSA key). +NET_ERROR(CERT_WEAK_KEY, -211) + // Add new certificate error codes here. // // Update the value of CERT_END whenever you add a new certificate error // code. // The value immediately past the last certificate error code. -NET_ERROR(CERT_END, -211) +NET_ERROR(CERT_END, -212) // The URL is invalid. NET_ERROR(INVALID_URL, -300) diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc index 06eb662..6802060 100644 --- a/net/base/x509_certificate.cc +++ b/net/base/x509_certificate.cc @@ -224,6 +224,20 @@ X509Certificate::OSCertHandle CreateOSCert(base::StringPiece der_cert) { } #endif +// Returns true if |type| is |kPublicKeyTypeRSA| or |kPublicKeyTypeDSA|, and +// if |size_bits| is < 1024. Note that this means there may be false +// negatives: keys for other algorithms and which are weak will pass this +// test. +bool IsWeakKey(X509Certificate::PublicKeyType type, size_t size_bits) { + switch (type) { + case X509Certificate::kPublicKeyTypeRSA: + case X509Certificate::kPublicKeyTypeDSA: + return size_bits < 1024; + default: + return false; + } +} + } // namespace bool X509Certificate::LessThan::operator()(X509Certificate* lhs, @@ -597,6 +611,31 @@ int X509Certificate::Verify(const std::string& hostname, rv = MapCertStatusToNetError(verify_result->cert_status); } + // Check for weak keys in the entire verified chain. + size_t size_bits = 0; + PublicKeyType type = kPublicKeyTypeUnknown; + bool weak_key = false; + + GetPublicKeyInfo(verify_result->verified_cert->os_cert_handle(), &size_bits, + &type); + if (IsWeakKey(type, size_bits)) { + weak_key = true; + } else { + const OSCertHandles& intermediates = + verify_result->verified_cert->GetIntermediateCertificates(); + for (OSCertHandles::const_iterator i = intermediates.begin(); + i != intermediates.end(); ++i) { + GetPublicKeyInfo(*i, &size_bits, &type); + if (IsWeakKey(type, size_bits)) + weak_key = true; + } + } + + if (weak_key) { + verify_result->cert_status |= CERT_STATUS_WEAK_KEY; + return MapCertStatusToNetError(verify_result->cert_status); + } + // Treat certificates signed using broken signature algorithms as invalid. if (verify_result->has_md2 || verify_result->has_md4) { verify_result->cert_status |= CERT_STATUS_INVALID; diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h index 05e74b3..303d18d 100644 --- a/net/base/x509_certificate.h +++ b/net/base/x509_certificate.h @@ -74,6 +74,15 @@ class NET_EXPORT X509Certificate typedef std::vector<OSCertHandle> OSCertHandles; + enum PublicKeyType { + kPublicKeyTypeUnknown, + kPublicKeyTypeRSA, + kPublicKeyTypeDSA, + kPublicKeyTypeECDSA, + kPublicKeyTypeDH, + kPublicKeyTypeECDH + }; + // Predicate functor used in maps when X509Certificate is used as the key. class NET_EXPORT LessThan { public: @@ -422,6 +431,13 @@ class NET_EXPORT X509Certificate // the first element. bool GetPEMEncodedChain(std::vector<std::string>* pem_encoded) const; + // Sets |*size_bits| to be the length of the public key in bits, and sets + // |*type| to one of the |PublicKeyType| values. In case of + // |kPublicKeyTypeUnknown|, |*size_bits| will be set to 0. + static void GetPublicKeyInfo(OSCertHandle cert_handle, + size_t* size_bits, + PublicKeyType* type); + // Returns the OSCertHandle of this object. Because of caching, this may // differ from the OSCertHandle originally supplied during initialization. // Note: On Windows, CryptoAPI may return unexpected results if this handle diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc index 0e65375..333cd82 100644 --- a/net/base/x509_certificate_mac.cc +++ b/net/base/x509_certificate_mac.cc @@ -812,7 +812,7 @@ X509Certificate* X509Certificate::CreateSelfSigned( } CSSM_BOOL confirmRequired; - CSSM_TP_RESULT_SET *resultSet = NULL; + CSSM_TP_RESULT_SET* resultSet = NULL; crtn = CSSM_TP_RetrieveCredResult(tp_handle, &refId, NULL, &estTime, &confirmRequired, &resultSet); ScopedEncodedCertResults scopedResults(resultSet); @@ -1514,4 +1514,49 @@ bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, cert_data.Length); } +// static +void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, + size_t* size_bits, + PublicKeyType* type) { + // Since we might fail, set the output parameters to default values first. + *type = kPublicKeyTypeUnknown; + *size_bits = 0; + + SecKeyRef key; + OSStatus status = SecCertificateCopyPublicKey(cert_handle, &key); + if (status) { + NOTREACHED() << "SecCertificateCopyPublicKey failed: " << status; + return; + } + ScopedCFTypeRef<SecKeyRef> scoped_key; + + const CSSM_KEY* cssm_key; + status = SecKeyGetCSSMKey(key, &cssm_key); + if (status) { + NOTREACHED() << "SecKeyGetCSSMKey failed: " << status; + return; + } + + *size_bits = cssm_key->KeyHeader.LogicalKeySizeInBits; + + switch (cssm_key->KeyHeader.AlgorithmId) { + case CSSM_ALGID_RSA: + *type = kPublicKeyTypeRSA; + break; + case CSSM_ALGID_DSA: + *type = kPublicKeyTypeDSA; + break; + case CSSM_ALGID_ECDSA: + *type = kPublicKeyTypeECDSA; + break; + case CSSM_ALGID_DH: + *type = kPublicKeyTypeDH; + break; + default: + *type = kPublicKeyTypeUnknown; + *size_bits = 0; + break; + } +} + } // namespace net diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc index 0436abb..bb87144 100644 --- a/net/base/x509_certificate_nss.cc +++ b/net/base/x509_certificate_nss.cc @@ -1142,4 +1142,38 @@ bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, cert_handle->derCert.len); } +// static +void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, + size_t* size_bits, + PublicKeyType* type) { + // Since we might fail, set the output parameters to default values first. + *type = kPublicKeyTypeUnknown; + *size_bits = 0; + + SECKEYPublicKey* key = CERT_ExtractPublicKey(cert_handle); + if (!key) + return; + + *size_bits = SECKEY_PublicKeyStrengthInBits(key); + + switch (key->keyType) { + case rsaKey: + *type = kPublicKeyTypeRSA; + break; + case dsaKey: + *type = kPublicKeyTypeDSA; + break; + case dhKey: + *type = kPublicKeyTypeDH; + break; + case ecKey: + *type = kPublicKeyTypeECDSA; + break; + default: + *type = kPublicKeyTypeUnknown; + *size_bits = 0; + break; + } +} + } // namespace net diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc index e1cbdb1..07edede 100644 --- a/net/base/x509_certificate_openssl.cc +++ b/net/base/x509_certificate_openssl.cc @@ -662,6 +662,37 @@ bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, der_cache.data_length); } +// static +void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, + size_t* size_bits, + PublicKeyType* type) { + EVP_PKEY* key = X509_get_pubkey(cert_handle); + CHECK(key); + + switch (key->type) { + case EVP_PKEY_RSA: + *type = kPublicKeyTypeRSA; + *size_bits = EVP_PKEY_size(key) * 8; + break; + case EVP_PKEY_DSA: + *type = kPublicKeyTypeDSA; + *size_bits = EVP_PKEY_size(key) * 8; + break; + case EVP_PKEY_EC: + *type = kPublicKeyTypeECDSA; + *size_bits = EVP_PKEY_size(key); + break; + case EVP_PKEY_DH: + *type = kPublicKeyTypeDH; + *size_bits = EVP_PKEY_size(key) * 8; + break; + default: + *type = kPublicKeyTypeUnknown; + *size_bits = 0; + break; + } +} + #if defined(OS_ANDROID) void X509Certificate::GetChainDEREncodedBytes( std::vector<std::string>* chain_bytes) const { diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc index c6bca86..cf779b7 100644 --- a/net/base/x509_certificate_unittest.cc +++ b/net/base/x509_certificate_unittest.cc @@ -24,6 +24,12 @@ #include <cert.h> #endif +#if defined(OS_WIN) +#include "base/win/windows_version.h" +#elif defined(OS_MACOSX) +#include "base/mac/mac_util.h" +#endif + // Unit tests aren't allowed to access external resources. Unfortunately, to // properly verify the EV-ness of a cert, we need to check for its revocation // through online servers. If you're manually running unit tests, feel free to @@ -611,6 +617,90 @@ TEST(X509CertificateTest, DISABLED_GlobalSignR3EVTest) { EXPECT_EQ(ERR_CERT_DATE_INVALID, error); } +// Currently, only RSA and DSA keys are checked for weakness, and our example +// weak size is 768. These could change in the future. +// +// Note that this means there may be false negatives: keys for other +// algorithms and which are weak will pass this test. +static bool IsWeakKeyType(const std::string& key_type) { + size_t pos = key_type.find("-"); + std::string size = key_type.substr(0, pos); + std::string type = key_type.substr(pos + 1); + + if (type == "rsa" || type == "dsa") + return size == "768"; + + return false; +} + +TEST(X509CertificateTest, RejectWeakKeys) { + FilePath certs_dir = GetTestCertsDirectory(); + typedef std::vector<std::string> Strings; + Strings key_types; + + // generate-weak-test-chains.sh currently has: + // key_types="768-rsa 1024-rsa 2048-rsa prime256v1-ecdsa" + // We must use the same key types here. The filenames generated look like: + // 2048-rsa-ee-by-768-rsa-intermediate.pem + key_types.push_back("768-rsa"); + key_types.push_back("1024-rsa"); + key_types.push_back("2048-rsa"); + + bool use_ecdsa = true; +#if defined(OS_WIN) + use_ecdsa = base::win::GetVersion() > base::win::VERSION_XP; +#elif defined(OS_MACOSX) + use_ecdsa = base::mac::IsOSSnowLeopardOrLater(); +#endif + + if (use_ecdsa) + key_types.push_back("prime256v1-ecdsa"); + + // Add the root that signed the intermediates for this test. + scoped_refptr<X509Certificate> root_cert = + ImportCertFromFile(certs_dir, "2048-rsa-root.pem"); + ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); + TestRootCerts::GetInstance()->Add(root_cert.get()); + + // Now test each chain. + for (Strings::const_iterator ee_type = key_types.begin(); + ee_type != key_types.end(); ++ee_type) { + for (Strings::const_iterator signer_type = key_types.begin(); + signer_type != key_types.end(); ++signer_type) { + std::string basename = *ee_type + "-ee-by-" + *signer_type + + "-intermediate.pem"; + scoped_refptr<X509Certificate> ee_cert = + ImportCertFromFile(certs_dir, basename); + ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_cert); + + basename = *signer_type + "-intermediate.pem"; + scoped_refptr<X509Certificate> intermediate = + ImportCertFromFile(certs_dir, basename); + ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate); + + X509Certificate::OSCertHandles intermediates; + intermediates.push_back(intermediate->os_cert_handle()); + scoped_refptr<X509Certificate> cert_chain = + X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(), + intermediates); + + CertVerifyResult verify_result; + int error = cert_chain->Verify("127.0.0.1", 0, NULL, &verify_result); + + if (IsWeakKeyType(*ee_type) || IsWeakKeyType(*signer_type)) { + EXPECT_NE(OK, error); + EXPECT_EQ(CERT_STATUS_WEAK_KEY, + verify_result.cert_status & CERT_STATUS_WEAK_KEY); + } else { + EXPECT_EQ(OK, error); + EXPECT_EQ(0U, verify_result.cert_status & CERT_STATUS_WEAK_KEY); + } + } + } + + TestRootCerts::GetInstance()->Clear(); +} + // Test for bug 94673. TEST(X509CertificateTest, GoogleDigiNotarTest) { FilePath certs_dir = GetTestCertsDirectory(); @@ -727,7 +817,7 @@ TEST(X509CertificateTest, ExtractSPKIFromDERCert) { base::SHA1HashBytes(reinterpret_cast<const uint8*>(spkiBytes.data()), spkiBytes.size(), hash); - EXPECT_TRUE(0 == memcmp(hash, nistSPKIHash, sizeof(hash))); + EXPECT_EQ(0, memcmp(hash, nistSPKIHash, sizeof(hash))); } TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) { @@ -1382,7 +1472,7 @@ const CertificateNameVerifyTestData kNameVerifyTestData[] = { { false, "f.uk", ".uk" }, { false, "w.bar.foo.com", "?.bar.foo.com" }, { false, "www.foo.com", "(www|ftp).foo.com" }, - { false, "www.foo.com", "www.foo.com#" }, // # = null char. + { false, "www.foo.com", "www.foo.com#" }, // # = null char. { false, "www.foo.com", "", "www.foo.com#*.foo.com,#,#" }, { false, "www.house.example", "ww.house.example" }, { false, "test.org", "", "www.test.org,*.test.org,*.org" }, @@ -1520,7 +1610,7 @@ TEST_P(X509CertificateNameVerifyTest, VerifyHostname) { for (size_t i = 0; i < ip_addressses_ascii.size(); ++i) { std::string& addr_ascii = ip_addressses_ascii[i]; ASSERT_NE(0U, addr_ascii.length()); - if (addr_ascii[0] == 'x') { // Hex encoded address + if (addr_ascii[0] == 'x') { // Hex encoded address addr_ascii.erase(0, 1); std::vector<uint8> bytes; EXPECT_TRUE(base::HexStringToBytes(addr_ascii, &bytes)) diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc index c672dfc..3fd48e1 100644 --- a/net/base/x509_certificate_win.cc +++ b/net/base/x509_certificate_win.cc @@ -1171,4 +1171,40 @@ bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, length); } +// static +void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, + size_t* size_bits, + PublicKeyType* type) { + PCCRYPT_OID_INFO oid_info = CryptFindOIDInfo( + CRYPT_OID_INFO_OID_KEY, + cert_handle->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, + CRYPT_PUBKEY_ALG_OID_GROUP_ID); + PCHECK(oid_info); + CHECK(oid_info->dwGroupId == CRYPT_PUBKEY_ALG_OID_GROUP_ID); + + *size_bits = CertGetPublicKeyLength( + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + &cert_handle->pCertInfo->SubjectPublicKeyInfo); + + switch (oid_info->Algid) { + case CALG_RSA_SIGN: + case CALG_RSA_KEYX: + *type = kPublicKeyTypeRSA; + break; + case CALG_DSS_SIGN: + *type = kPublicKeyTypeDSA; + break; + case CALG_ECDSA: + *type = kPublicKeyTypeECDSA; + break; + case CALG_ECDH: + *type = kPublicKeyTypeECDH; + break; + default: + *type = kPublicKeyTypeUnknown; + *size_bits = 0; + break; + } +} + } // namespace net diff --git a/net/data/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem b/net/data/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem new file mode 100644 index 0000000..725bfce --- /dev/null +++ b/net/data/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem @@ -0,0 +1,50 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 237 (0xed) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=1024 rsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:de:52:f9:7c:4e:29:e3:35:24:63:74:83:70:5b: + 90:75:75:53:65:cb:74:a1:8e:b8:5a:bf:17:d0:0d: + a5:73:af:13:08:94:e4:ad:c3:d3:5c:bd:fd:b0:f7: + 0b:97:55:bd:7b:4d:87:54:d3:6b:0f:3f:1c:b9:fc: + 3b:65:20:29:4e:18:f0:77:fe:13:bb:b3:25:30:e4: + 3e:04:fa:49:4a:45:d0:80:a0:de:ba:1c:c9:be:ca: + 83:cc:94:18:f9:16:ab:3d:0f:43:28:b2:2c:d9:cf: + 43:17:17:48:9a:8e:6f:7a:53:46:4e:aa:ff:89:7b: + a8:0e:e4:04:41:b8:45:a5:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + 99:ed:12:d1:1c:a1:a4:f6:88:30:23:40:69:af:14:ba:7b:e9: + 24:ef:01:a9:6f:b0:77:78:91:49:f7:84:17:84:ca:63:e1:71: + 8c:52:50:b7:20:06:fc:58:c9:20:d4:fa:78:89:5f:da:0b:2d: + 88:c9:41:ed:a6:52:c6:f8:dc:c9:1a:11:c7:ab:0a:ae:80:e4: + 7c:15:41:ac:64:63:3e:93:e5:ad:dc:de:e8:dc:d6:ca:0a:fd: + 01:01:d7:4d:4a:dd:c6:93:7c:52:ad:61:18:09:8c:29:ae:6b: + 42:d1:3a:98:d8:14:45:e4:d7:e1:b2:1e:12:92:99:65:6c:13: + 03:46 +-----BEGIN CERTIFICATE----- +MIICDTCCAXYCAgDtMA0GCSqGSIb3DQEBBQUAMCgxJjAkBgNVBAMMHTEwMjQgcnNh +IFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTExMTIxMjIyNDc1M1oXDTIxMTIwOTIy +NDc1M1owYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEy +Ny4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3lL5fE4p4zUkY3SD +cFuQdXVTZct0oY64Wr8X0A2lc68TCJTkrcPTXL39sPcLl1W9e02HVNNrDz8cufw7 +ZSApThjwd/4Tu7MlMOQ+BPpJSkXQgKDeuhzJvsqDzJQY+RarPQ9DKLIs2c9DFxdI +mo5velNGTqr/iXuoDuQEQbhFpU8CAwEAAaMTMBEwDwYDVR0RBAgwBocEfwAAATAN +BgkqhkiG9w0BAQUFAAOBgQCZ7RLRHKGk9ogwI0BprxS6e+kk7wGpb7B3eJFJ94QX +hMpj4XGMUlC3IAb8WMkg1Pp4iV/aCy2IyUHtplLG+NzJGhHHqwqugOR8FUGsZGM+ +k+Wt3N7o3NbKCv0BAddNSt3Gk3xSrWEYCYwprmtC0TqY2BRF5Nfhsh4SkpllbBMD +Rg== +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem b/net/data/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem new file mode 100644 index 0000000..69482c3 --- /dev/null +++ b/net/data/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 237 (0xed) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=2048 rsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:f0:6b:dc:59:dc:ed:79:a3:68:4f:10:00:8b:31: + cd:aa:44:34:b9:3b:94:6c:4c:d1:05:3a:ba:bc:93: + f6:d6:89:00:ec:71:10:ed:9b:11:84:10:80:d4:51: + 30:fe:3e:17:bd:d7:e2:89:7b:22:80:ca:73:75:98: + e3:67:cd:fd:c4:c8:d1:7a:95:ae:f3:98:95:45:06: + 91:3c:6f:dc:37:e5:4d:29:9a:e1:99:9b:a3:6b:b5: + 74:be:1d:f8:97:92:27:1c:15:fb:5b:cb:e4:88:e7: + 10:ff:2f:8a:59:fd:59:53:76:0f:57:83:db:27:45: + 0a:00:b0:4f:3a:e9:4d:24:5f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + 5f:a8:ec:ff:b6:09:b6:6e:42:82:c5:72:9e:ba:d5:d2:7b:36: + 06:fc:c3:8c:ce:ad:47:18:60:4c:ce:aa:08:fc:7d:85:df:e4: + d7:44:86:89:be:36:bc:04:c9:be:5e:af:85:f5:92:7c:ec:96: + 24:1a:11:c3:e7:8f:bc:79:51:c0:44:4e:4b:d3:d9:3a:6c:7c: + 2c:80:21:d3:22:db:2f:e8:04:94:0d:b0:13:32:ea:d8:26:bd: + e8:01:c0:ff:57:6a:2d:86:a1:f1:e0:a2:8b:39:73:7a:8b:e9: + 0b:ee:a1:e8:45:56:f7:45:fa:7f:a1:c4:e6:9a:32:c8:2e:03: + c2:57:f8:f9:be:c1:af:82:39:73:7a:39:e7:8c:c2:36:5c:47: + 5b:c7:20:e2:b1:5f:06:1e:34:c7:f3:e0:4f:a9:b5:34:79:83: + a0:b2:79:70:a2:b7:1c:a3:1b:7d:7c:e3:24:57:90:0e:3a:43: + b9:98:68:97:70:17:dc:31:c7:e1:be:2b:d4:a7:1f:97:8a:e4: + 57:58:2f:b3:c6:27:3b:1b:f4:f3:11:0e:4c:31:73:5e:22:c9: + e0:07:7b:0e:87:06:ba:f9:10:f5:bb:4d:5e:cf:14:ab:57:6b: + 76:8e:bd:66:2d:39:4b:8a:42:00:3e:0b:5e:dc:39:69:89:ca: + 5a:37:4f:bc +-----BEGIN CERTIFICATE----- +MIICjjCCAXYCAgDtMA0GCSqGSIb3DQEBBQUAMCgxJjAkBgNVBAMMHTIwNDggcnNh +IFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTExMTIxMjIyNDc1M1oXDTIxMTIwOTIy +NDc1M1owYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEy +Ny4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8GvcWdzteaNoTxAA +izHNqkQ0uTuUbEzRBTq6vJP21okA7HEQ7ZsRhBCA1FEw/j4XvdfiiXsigMpzdZjj +Z839xMjRepWu85iVRQaRPG/cN+VNKZrhmZuja7V0vh34l5InHBX7W8vkiOcQ/y+K +Wf1ZU3YPV4PbJ0UKALBPOulNJF8CAwEAAaMTMBEwDwYDVR0RBAgwBocEfwAAATAN +BgkqhkiG9w0BAQUFAAOCAQEAX6js/7YJtm5CgsVynrrV0ns2BvzDjM6tRxhgTM6q +CPx9hd/k10SGib42vATJvl6vhfWSfOyWJBoRw+ePvHlRwEROS9PZOmx8LIAh0yLb +L+gElA2wEzLq2Ca96AHA/1dqLYah8eCiizlzeovpC+6h6EVW90X6f6HE5poyyC4D +wlf4+b7Br4I5c3o554zCNlxHW8cg4rFfBh40x/PgT6m1NHmDoLJ5cKK3HKMbfXzj +JFeQDjpDuZhol3AX3DHH4b4r1Kcfl4rkV1gvs8YnOxv08xEOTDFzXiLJ4Ad7DocG +uvkQ9btNXs8Uq1drdo69Zi05S4pCAD4LXtw5aYnKWjdPvA== +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem b/net/data/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem new file mode 100644 index 0000000..1b278f9 --- /dev/null +++ b/net/data/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem @@ -0,0 +1,47 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 237 (0xed) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=768 rsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b5:21:de:d6:d7:1b:b3:ba:1d:9b:cd:89:56:7f: + c4:82:cb:86:34:d0:27:3a:95:d9:57:bc:e8:74:e6: + cd:01:1a:8c:72:07:68:5b:ad:4e:2a:91:e0:50:e7: + 23:34:c7:c8:18:d9:7f:e9:f1:a8:09:2e:eb:e1:3f: + 26:5a:b5:9a:9d:50:82:fb:30:4a:b3:f4:d3:1d:3c: + 90:5b:67:dc:92:eb:70:78:4f:c4:62:b8:7b:93:3f: + 70:56:6d:18:4b:a5:63:03:d0:15:c6:94:f5:ed:3c: + 5b:0d:7e:0a:85:0b:26:2f:0d:c9:68:08:42:33:94: + a2:81:7d:b0:34:12:f2:d3:db + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + ac:96:12:2e:32:99:ba:13:11:ba:67:e3:8c:71:03:4e:ea:3f: + 03:d4:88:a1:eb:93:83:dd:53:02:3b:df:9f:f5:7c:f6:49:e8: + 71:c0:2a:2e:75:c1:53:9e:be:a1:0a:13:21:0c:e2:44:2f:a0: + 12:6e:ed:f5:60:43:2d:79:e8:6d:58:e6:c8:f1:b0:64:04:31: + 0e:f7:61:7c:a0:35:f1:d6:b3:67:b2:6c:e4:5c:6e:ec:02:43: + a5:7e:00:d8:bf:a7 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXUCAgDtMA0GCSqGSIb3DQEBBQUAMCcxJTAjBgNVBAMMHDc2OCByc2Eg +VGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTExMjEyMjI0NzUzWhcNMjExMjA5MjI0 +NzUzWjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE +BwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3 +LjAuMC4xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1Id7W1xuzuh2bzYlW +f8SCy4Y00Cc6ldlXvOh05s0BGoxyB2hbrU4qkeBQ5yM0x8gY2X/p8agJLuvhPyZa +tZqdUIL7MEqz9NMdPJBbZ9yS63B4T8RiuHuTP3BWbRhLpWMD0BXGlPXtPFsNfgqF +CyYvDcloCEIzlKKBfbA0EvLT2wIDAQABoxMwETAPBgNVHREECDAGhwR/AAABMA0G +CSqGSIb3DQEBBQUAA2EArJYSLjKZuhMRumfjjHEDTuo/A9SIoeuTg91TAjvfn/V8 +9knoccAqLnXBU56+oQoTIQziRC+gEm7t9WBDLXnobVjmyPGwZAQxDvdhfKA18daz +Z7Js5Fxu7AJDpX4A2L+n +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem b/net/data/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem new file mode 100644 index 0000000..1032f82 --- /dev/null +++ b/net/data/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem @@ -0,0 +1,44 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 237 (0xed) + Signature Algorithm: ecdsa-with-SHA1 + Issuer: CN=prime256v1 ecdsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:cc:ca:df:89:1f:e5:aa:3c:2e:d1:62:85:de:2a: + 4c:bd:68:89:d0:05:06:56:30:f5:6e:93:a4:4f:74: + c0:7e:14:5f:1b:dd:93:33:ea:b7:17:8d:63:3e:c4: + 2e:2c:b3:0c:62:37:0f:1b:90:16:8e:73:b5:90:3f: + c5:e2:08:9d:b6:8f:80:e0:95:3d:28:d3:8f:d7:b7: + 0e:8b:43:8c:95:29:a9:51:3b:6d:0d:35:ea:c1:ff: + d8:8b:47:71:7b:3b:4c:65:7f:a9:85:43:6e:43:1f: + 9d:9c:ff:15:d2:ac:29:db:5f:56:42:88:4a:68:0d: + 49:73:0a:fd:b2:94:58:95:f7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: ecdsa-with-SHA1 + 30:45:02:20:07:1e:96:23:74:f5:77:05:b4:a9:fa:2f:8c:b3: + 3c:48:89:46:38:f0:0d:18:76:d2:9c:ee:cd:2d:8d:ce:7a:71: + 02:21:00:ff:b1:8b:0d:40:a4:ef:1b:9d:ba:d6:92:30:04:38: + 21:b1:ad:53:61:71:83:01:9a:3c:3e:ef:d4:53:59:c7:df +-----BEGIN CERTIFICATE----- +MIIB0zCCAXoCAgDtMAkGByqGSM49BAEwMDEuMCwGA1UEAwwlcHJpbWUyNTZ2MSBl +Y2RzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xMTEyMTIyMjQ3NTNaFw0yMTEy +MDkyMjQ3NTNaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD +DAkxMjcuMC4wLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMzK34kf5ao8 +LtFihd4qTL1oidAFBlYw9W6TpE90wH4UXxvdkzPqtxeNYz7ELiyzDGI3DxuQFo5z +tZA/xeIInbaPgOCVPSjTj9e3DotDjJUpqVE7bQ016sH/2ItHcXs7TGV/qYVDbkMf +nZz/FdKsKdtfVkKISmgNSXMK/bKUWJX3AgMBAAGjEzARMA8GA1UdEQQIMAaHBH8A +AAEwCQYHKoZIzj0EAQNIADBFAiAHHpYjdPV3BbSp+i+MszxIiUY48A0YdtKc7s0t +jc56cQIhAP+xiw1ApO8bnbrWkjAEOCGxrVNhcYMBmjw+79RTWcff +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/1024-rsa-ee-by-secp256k1-ecdsa-intermediate.pem b/net/data/ssl/certificates/1024-rsa-ee-by-secp256k1-ecdsa-intermediate.pem new file mode 100644 index 0000000..2d47ace --- /dev/null +++ b/net/data/ssl/certificates/1024-rsa-ee-by-secp256k1-ecdsa-intermediate.pem @@ -0,0 +1,44 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 237 (0xed) + Signature Algorithm: ecdsa-with-SHA1 + Issuer: CN=secp256k1 ecdsa Test intermediate CA + Validity + Not Before: Dec 10 01:51:17 2011 GMT + Not After : Dec 9 01:51:17 2012 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:9b:1b:ad:af:0e:61:db:3f:dc:b7:91:5d:bf:1f: + 0a:70:6a:fa:89:b7:6e:fc:aa:ef:ce:9e:db:6c:4c: + 9a:2d:81:7b:59:96:20:eb:11:ef:e4:85:c6:ca:33: + 41:22:4a:20:86:9c:01:02:f9:63:13:9b:3b:1e:f5: + a9:3e:40:98:8e:78:1f:99:32:64:2f:4c:dc:ae:3a: + e7:cf:00:22:2f:77:f2:be:7b:64:9c:a0:92:27:b1: + 35:4d:44:de:7b:cd:75:4a:a7:9b:27:e0:3c:0b:13: + ee:57:5a:f7:c2:81:c0:b8:ea:0b:39:b5:6f:17:57: + 24:f0:c0:c5:4b:b3:0d:92:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: ecdsa-with-SHA1 + 30:46:02:21:00:83:ef:77:11:e7:67:3c:53:20:88:b6:03:10: + e8:e5:9b:a1:12:48:3a:1e:a8:3b:31:fa:1b:56:95:28:d3:6e: + 6b:02:21:00:cd:e3:2c:6e:41:59:e2:6a:d4:ec:de:11:99:99: + e6:b7:7e:90:89:91:e5:35:d1:2c:c7:15:e7:46:94:ab:11:6f +-----BEGIN CERTIFICATE----- +MIIB0zCCAXkCAgDtMAkGByqGSM49BAEwLzEtMCsGA1UEAwwkc2VjcDI1NmsxIGVj +ZHNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTExMTIxMDAxNTExN1oXDTEyMTIw +OTAxNTExN1owYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU +BgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMM +CTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmxutrw5h2z/c +t5Fdvx8KcGr6ibdu/Krvzp7bbEyaLYF7WZYg6xHv5IXGyjNBIkoghpwBAvljE5s7 +HvWpPkCYjngfmTJkL0zcrjrnzwAiL3fyvntknKCSJ7E1TUTee811SqebJ+A8CxPu +V1r3woHAuOoLObVvF1ck8MDFS7MNkm8CAwEAAaMTMBEwDwYDVR0RBAgwBocEfwAA +ATAJBgcqhkjOPQQBA0kAMEYCIQCD73cR52c8UyCItgMQ6OWboRJIOh6oOzH6G1aV +KNNuawIhAM3jLG5BWeJq1OzeEZmZ5rd+kImR5TXRLMcV50aUqxFv +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/1024-rsa-intermediate.pem b/net/data/ssl/certificates/1024-rsa-intermediate.pem new file mode 100644 index 0000000..54f0217 --- /dev/null +++ b/net/data/ssl/certificates/1024-rsa-intermediate.pem @@ -0,0 +1,63 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 237 (0xed) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=2048 RSA Test Root CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: CN=1024 rsa Test intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:bf:d2:b4:44:b4:7a:03:64:91:ca:2d:cf:7b:22: + bd:02:f3:5d:b7:97:fa:72:91:cd:c8:9c:4f:e1:6a: + 52:08:67:3b:2c:06:63:89:c0:0a:cd:e1:80:56:88: + 27:93:12:32:d6:47:6e:e5:34:ac:9e:f4:17:f3:c8: + b1:29:65:3f:75:5a:01:c9:2a:63:48:d7:8a:13:a4: + 08:ae:8c:a4:95:e4:78:2d:35:ff:73:5e:49:d3:1d: + 14:f7:c7:7c:56:9c:ff:c9:f9:d4:bf:44:c7:4d:57: + 71:4d:7d:64:3d:7e:ec:9f:eb:69:50:7b:34:9c:8d: + 99:0a:4f:26:90:1e:b5:06:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 67:2E:75:A1:D2:3D:9D:36:78:59:C4:20:6E:8C:2F:AD:75:5C:16:8B + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha1WithRSAEncryption + 44:49:10:c4:22:4f:57:bb:c2:29:c7:77:21:48:a8:1d:ca:7a: + 86:c3:24:3d:7a:f6:05:3b:77:75:5f:54:6f:04:8c:c0:89:e9: + 17:4f:84:c7:23:33:fb:23:d8:f8:c5:46:e4:cc:e1:69:6b:4f: + b3:a9:1d:36:6c:92:c4:55:c7:73:bd:ff:5b:56:b5:80:f5:a7: + 2c:50:73:04:76:44:b0:ad:61:1e:bc:d0:78:88:77:74:94:1d: + 2d:1d:4f:3b:15:11:47:02:d6:a4:af:f4:8b:75:39:bf:bf:41: + 41:77:db:e1:7d:28:8f:da:66:88:0e:4a:53:81:30:e2:18:3f: + e6:09:8c:d3:98:00:50:ac:d7:24:08:bf:2d:2c:20:b2:74:06: + 2c:3e:9b:3c:e6:3c:72:08:b0:6d:49:a9:b9:26:67:17:d4:ed: + 95:48:71:72:5d:fe:8d:0a:0f:31:e6:bd:15:ec:e1:36:65:c1: + b0:00:45:ae:bc:d2:13:0d:ac:6e:4f:8c:f4:29:2c:b1:a0:cb: + aa:a4:ff:21:92:5b:8d:f7:23:9b:df:18:f6:cb:a4:4b:6c:56: + e6:bf:e1:74:2e:74:30:8a:d6:ab:16:c3:f2:b2:21:4b:04:a5: + dd:c5:c4:98:71:4d:ae:47:43:d6:af:8f:d3:4c:13:44:e0:3d: + d3:4f:68:6a +-----BEGIN CERTIFICATE----- +MIICgjCCAWqgAwIBAgICAO0wDQYJKoZIhvcNAQEFBQAwIDEeMBwGA1UEAwwVMjA0 +OCBSU0EgVGVzdCBSb290IENBMB4XDTExMTIxMjIyNDc1M1oXDTIxMTIwOTIyNDc1 +M1owKDEmMCQGA1UEAwwdMTAyNCByc2EgVGVzdCBpbnRlcm1lZGlhdGUgQ0EwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL/StES0egNkkcotz3sivQLzXbeX+nKR +zcicT+FqUghnOywGY4nACs3hgFaIJ5MSMtZHbuU0rJ70F/PIsSllP3VaAckqY0jX +ihOkCK6MpJXkeC01/3NeSdMdFPfHfFac/8n51L9Ex01XcU19ZD1+7J/raVB7NJyN +mQpPJpAetQaNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGcu +daHSPZ02eFnEIG6ML611XBaLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF +AAOCAQEAREkQxCJPV7vCKcd3IUioHcp6hsMkPXr2BTt3dV9UbwSMwInpF0+ExyMz ++yPY+MVG5MzhaWtPs6kdNmySxFXHc73/W1a1gPWnLFBzBHZEsK1hHrzQeIh3dJQd +LR1POxURRwLWpK/0i3U5v79BQXfb4X0oj9pmiA5KU4Ew4hg/5gmM05gAUKzXJAi/ +LSwgsnQGLD6bPOY8cgiwbUmpuSZnF9TtlUhxcl3+jQoPMea9FezhNmXBsABFrrzS +Ew2sbk+M9CkssaDLqqT/IZJbjfcjm98Y9sukS2xW5r/hdC50MIrWqxbD8rIhSwSl +3cXEmHFNrkdD1q+P00wTROA9009oag== +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem b/net/data/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem new file mode 100644 index 0000000..259786e9 --- /dev/null +++ b/net/data/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 238 (0xee) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=1024 rsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:54 2011 GMT + Not After : Dec 9 22:47:54 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:ae:52:d9:c5:51:d2:0f:bf:ee:b1:7c:a0:4e:c7: + a3:b5:e5:bf:72:f1:53:d5:dc:9e:2e:0b:72:5e:06: + 77:71:ee:0d:be:93:9b:b2:77:d4:b6:f8:e2:f9:3c: + e1:0e:6a:7a:35:4f:74:df:f0:b9:f6:b1:85:dd:ef: + 13:0c:67:df:25:eb:ee:21:70:e5:39:e9:61:5f:ad: + e7:42:17:69:a4:dd:2b:47:99:33:71:63:3e:0d:6a: + 36:97:01:4b:a2:e8:32:41:a5:87:91:af:f8:3e:e8: + 8c:e2:f1:86:8f:0f:7b:98:30:56:55:75:8b:82:75: + a2:ef:26:da:5b:83:12:5f:ee:92:08:cc:a0:64:30: + 9d:56:30:9c:64:79:34:a0:09:a0:c5:e0:47:a1:89: + e7:d3:43:b7:b4:13:26:bc:a2:50:75:07:9f:98:67: + 22:ba:e9:00:da:96:ee:2c:2a:d9:b5:2f:7f:7f:70: + 3f:26:d7:45:28:eb:90:de:f7:37:89:c7:9d:a2:06: + 81:30:7f:c2:cf:8f:4c:3d:c4:43:48:6d:5d:2a:c4: + e6:c5:5a:b4:54:55:e0:87:65:67:24:f8:e1:af:c0: + 5e:e4:99:0d:55:c8:8a:d8:73:3a:9c:b3:3d:91:51: + b8:4e:16:d0:ca:36:92:01:4f:b9:a2:d6:da:39:8d: + 4e:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + 00:05:e5:a4:4b:3d:15:1d:26:0f:42:2c:69:ce:b1:c4:fc:33: + 07:d9:50:66:25:57:2f:57:e9:7f:9e:dd:df:bf:74:2e:c1:49: + f5:d3:3c:17:0b:80:86:9f:11:a5:95:8d:88:f3:43:ce:68:04: + 96:4a:59:05:4a:3b:f8:df:f1:e1:e3:48:ae:ab:f5:a9:9d:ce: + 04:a5:9b:90:f5:9d:f4:c2:49:6b:e4:34:2b:91:85:2a:ae:c1: + 7b:b8:3d:6d:27:0e:ad:24:0a:33:31:dd:b9:cd:00:04:e7:8d: + 39:34:3a:3c:fc:4d:a8:2d:06:13:71:0e:03:29:31:c4:25:5f: + cd:0c +-----BEGIN CERTIFICATE----- +MIICkTCCAfoCAgDuMA0GCSqGSIb3DQEBBQUAMCgxJjAkBgNVBAMMHTEwMjQgcnNh +IFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTExMTIxMjIyNDc1NFoXDTIxMTIwOTIy +NDc1NFowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEy +Ny4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5S2cVR0g+/ +7rF8oE7Ho7Xlv3LxU9Xcni4Lcl4Gd3HuDb6Tm7J31Lb44vk84Q5qejVPdN/wufax +hd3vEwxn3yXr7iFw5TnpYV+t50IXaaTdK0eZM3FjPg1qNpcBS6LoMkGlh5Gv+D7o +jOLxho8Pe5gwVlV1i4J1ou8m2luDEl/ukgjMoGQwnVYwnGR5NKAJoMXgR6GJ59ND +t7QTJryiUHUHn5hnIrrpANqW7iwq2bUvf39wPybXRSjrkN73N4nHnaIGgTB/ws+P +TD3EQ0htXSrE5sVatFRV4IdlZyT44a/AXuSZDVXIithzOpyzPZFRuE4W0Mo2kgFP +uaLW2jmNTnECAwEAAaMTMBEwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQUF +AAOBgQAABeWkSz0VHSYPQixpzrHE/DMH2VBmJVcvV+l/nt3fv3QuwUn10zwXC4CG +nxGllY2I80POaASWSlkFSjv43/Hh40iuq/Wpnc4EpZuQ9Z30wklr5DQrkYUqrsF7 +uD1tJw6tJAozMd25zQAE5405NDo8/E2oLQYTcQ4DKTHEJV/NDA== +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem b/net/data/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem new file mode 100644 index 0000000..f23d636 --- /dev/null +++ b/net/data/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem @@ -0,0 +1,71 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 238 (0xee) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=2048 rsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:54 2011 GMT + Not After : Dec 9 22:47:54 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:9f:da:64:07:a7:c4:a4:31:eb:21:18:56:5f:8d: + bb:f1:ac:dd:2b:a1:45:e9:42:e1:a3:5c:6a:91:a4: + f1:78:ac:e9:c1:0a:c3:87:59:5a:51:f5:04:47:73: + 5b:f8:47:b5:ab:81:d5:30:7e:13:e7:67:be:fa:14: + 33:79:49:92:2a:fc:ec:61:3e:38:74:64:d5:e6:1b: + 53:51:5f:56:a4:c2:d3:57:13:0d:e1:c0:66:f8:49: + eb:bb:e5:8e:4c:dc:b1:38:57:84:05:f4:a8:6c:e2: + 51:1c:10:3f:d5:9d:ec:d5:db:b9:7d:0b:fc:b9:19: + 07:28:ed:63:98:33:d1:7b:eb:59:2e:9e:16:ff:2d: + aa:cf:8e:0e:2d:9c:5c:40:7c:6b:1a:9a:0a:5a:15: + 02:d2:f1:93:c6:89:79:dd:93:e8:0b:01:7f:95:f3: + 23:78:9c:69:77:ae:27:a9:67:4f:03:91:13:6f:01: + 7f:e9:8f:f8:d9:44:be:e4:c2:e7:b1:06:47:05:0e: + 13:98:48:a3:45:6f:ff:c5:17:1d:2c:cb:7f:c8:a2: + 5d:6b:53:e3:9b:45:81:5a:b6:43:49:1c:1f:07:b5: + 69:30:52:64:73:d7:3c:e7:48:df:12:db:a5:17:35: + 0d:45:44:0b:68:f4:52:8d:b1:5a:d7:b5:9a:ce:8d: + 8e:cf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + 08:ef:7a:ce:d2:0b:a8:1e:34:a2:d5:ee:b0:7a:b4:b4:fc:ba: + 76:3b:f4:92:21:42:80:85:49:1f:b1:dd:77:45:85:97:5d:22: + a8:c9:e3:d9:54:a2:df:57:ae:e9:a0:fb:1a:bd:69:9b:dd:df: + 58:8a:38:c8:59:92:9c:f3:31:d0:23:5c:cb:e8:7a:c2:8b:60: + 31:bd:9c:51:05:92:30:13:43:c9:f1:51:54:21:61:e5:3a:8d: + 4f:d2:2d:93:5c:dc:ed:51:30:6a:6f:30:0f:21:09:45:e2:34: + 03:c7:d0:78:83:d6:78:72:fc:6d:37:2f:e1:ca:25:df:18:79: + 99:c0:5e:b7:a3:ec:a6:b3:08:e6:9a:00:2c:a7:4d:01:20:d5: + f1:7f:62:fe:e2:33:5e:60:6a:87:0c:df:24:83:67:99:e1:dc: + eb:e3:59:12:15:1c:a8:dc:99:4c:fe:b6:99:37:a1:b0:90:b4: + c7:ff:0f:70:99:f9:94:c8:f1:fc:bf:45:fd:d5:98:1e:b6:4f: + 14:7e:1a:c6:f0:d2:26:1e:d7:d3:ed:45:23:6e:19:68:4c:2d: + cb:23:d6:9b:bd:47:eb:5b:64:14:c6:13:0a:5d:99:6d:d2:5f: + 17:dc:f2:d9:5b:f5:ad:2f:41:f0:3a:4c:ee:e1:86:d9:f3:57: + d9:0c:34:4c +-----BEGIN CERTIFICATE----- +MIIDEjCCAfoCAgDuMA0GCSqGSIb3DQEBBQUAMCgxJjAkBgNVBAMMHTIwNDggcnNh +IFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTExMTIxMjIyNDc1NFoXDTIxMTIwOTIy +NDc1NFowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEy +Ny4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/aZAenxKQx +6yEYVl+Nu/Gs3SuhRelC4aNcapGk8Xis6cEKw4dZWlH1BEdzW/hHtauB1TB+E+dn +vvoUM3lJkir87GE+OHRk1eYbU1FfVqTC01cTDeHAZvhJ67vljkzcsThXhAX0qGzi +URwQP9Wd7NXbuX0L/LkZByjtY5gz0XvrWS6eFv8tqs+ODi2cXEB8axqaCloVAtLx +k8aJed2T6AsBf5XzI3icaXeuJ6lnTwORE28Bf+mP+NlEvuTC57EGRwUOE5hIo0Vv +/8UXHSzLf8iiXWtT45tFgVq2Q0kcHwe1aTBSZHPXPOdI3xLbpRc1DUVEC2j0Uo2x +Wte1ms6Njs8CAwEAAaMTMBEwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQUF +AAOCAQEACO96ztILqB40otXusHq0tPy6djv0kiFCgIVJH7Hdd0WFl10iqMnj2VSi +31eu6aD7Gr1pm93fWIo4yFmSnPMx0CNcy+h6wotgMb2cUQWSMBNDyfFRVCFh5TqN +T9Itk1zc7VEwam8wDyEJReI0A8fQeIPWeHL8bTcv4col3xh5mcBet6PsprMI5poA +LKdNASDV8X9i/uIzXmBqhwzfJINnmeHc6+NZEhUcqNyZTP62mTehsJC0x/8PcJn5 +lMjx/L9F/dWYHrZPFH4axvDSJh7X0+1FI24ZaEwtyyPWm71H61tkFMYTCl2ZbdJf +F9zy2Vv1rS9B8DpM7uGG2fNX2Qw0TA== +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem b/net/data/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem new file mode 100644 index 0000000..29e5eb7 --- /dev/null +++ b/net/data/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 238 (0xee) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=768 rsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:f1:de:da:de:0d:99:88:05:1e:96:f3:3c:4d:11: + 1e:c6:b4:47:9a:ff:74:4c:ba:ae:2b:8d:30:e7:d5: + 15:e2:08:70:58:33:51:44:03:cb:c4:9c:67:dd:24: + 65:51:10:f8:a7:f2:8a:38:d7:82:99:2c:04:98:da: + 48:d6:2b:b7:dd:1f:af:7f:26:d1:19:67:10:36:54: + a0:fe:f2:7c:17:40:d9:18:2e:cf:82:ef:d6:c8:c5: + 5c:1f:ca:6c:34:f8:7f:2c:f1:a2:8e:5e:81:53:b6: + 54:98:b6:90:50:60:96:fd:82:20:fb:4c:25:5b:61: + 52:dc:af:55:6c:55:f6:46:b0:33:b6:65:4f:0a:ff: + 94:6c:c8:27:0a:bb:cd:44:f2:45:ff:a1:ba:56:c3: + d9:a6:ad:64:fc:ab:95:28:6e:a8:80:1b:66:37:44: + 71:1e:6f:1f:5c:32:bd:c6:d1:97:ce:08:1a:15:fc: + a8:20:e3:cd:2a:5f:b4:49:7f:aa:2f:36:f1:3e:45: + 33:80:63:38:a6:b2:c5:35:2a:5c:58:a2:19:e0:6a: + 43:50:77:0b:7a:a2:2e:29:5e:c0:7d:32:f4:94:bd: + 7d:40:b0:95:d2:35:a8:98:88:a2:68:4a:f2:c8:45: + ab:9b:04:24:7b:d3:47:7a:e0:5d:d9:b6:aa:da:4e: + 3e:7b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + 7b:3d:57:0d:58:2c:23:2a:24:b8:35:ee:0a:05:fb:39:fe:77: + 4a:38:17:63:72:ea:1c:6f:f6:2e:a8:3c:11:c3:0f:fb:f5:e1: + e5:ce:64:7f:63:e5:99:e0:dc:39:90:a4:4c:ca:4f:ad:39:ba: + e6:eb:89:e9:78:43:50:6d:c6:99:6f:ea:50:76:83:32:da:50: + 7b:55:f0:a5:73:f8:69:25:9e:89:0d:1d:fd:b7:1e:19:96:40: + ae:ff:9b:cc:7b:16 +-----BEGIN CERTIFICATE----- +MIICbzCCAfkCAgDuMA0GCSqGSIb3DQEBBQUAMCcxJTAjBgNVBAMMHDc2OCByc2Eg +VGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTExMjEyMjI0NzUzWhcNMjExMjA5MjI0 +NzUzWjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE +BwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3 +LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8d7a3g2ZiAUe +lvM8TREexrRHmv90TLquK40w59UV4ghwWDNRRAPLxJxn3SRlURD4p/KKONeCmSwE +mNpI1iu33R+vfybRGWcQNlSg/vJ8F0DZGC7Pgu/WyMVcH8psNPh/LPGijl6BU7ZU +mLaQUGCW/YIg+0wlW2FS3K9VbFX2RrAztmVPCv+UbMgnCrvNRPJF/6G6VsPZpq1k +/KuVKG6ogBtmN0RxHm8fXDK9xtGXzggaFfyoIOPNKl+0SX+qLzbxPkUzgGM4prLF +NSpcWKIZ4GpDUHcLeqIuKV7AfTL0lL19QLCV0jWomIiiaEryyEWrmwQke9NHeuBd +2baq2k4+ewIDAQABoxMwETAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBBQUA +A2EAez1XDVgsIyokuDXuCgX7Of53SjgXY3LqHG/2Lqg8EcMP+/Xh5c5kf2PlmeDc +OZCkTMpPrTm65uuJ6XhDUG3GmW/qUHaDMtpQe1XwpXP4aSWeiQ0d/bceGZZArv+b +zHsW +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem b/net/data/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem new file mode 100644 index 0000000..7b80a7c --- /dev/null +++ b/net/data/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem @@ -0,0 +1,56 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 238 (0xee) + Signature Algorithm: ecdsa-with-SHA1 + Issuer: CN=prime256v1 ecdsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:54 2011 GMT + Not After : Dec 9 22:47:54 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:92:b8:c2:a0:68:77:27:d3:07:af:d4:3f:4a:d9: + 56:08:ec:12:e5:d1:70:0a:1f:c1:29:b9:20:2b:65: + 1a:de:b3:25:72:5c:3b:72:28:9e:11:d9:9f:f5:2a: + 8a:f5:1e:f2:d0:cd:fd:8b:ba:2f:22:19:8e:34:f8: + 8a:c5:df:f0:d7:c9:d9:cb:fc:18:94:9f:5d:8c:e7: + c3:33:f7:b5:18:dd:48:24:16:1c:56:19:92:cf:1e: + 1a:aa:45:2e:85:23:57:f1:b2:6c:04:e8:75:a2:92: + 15:c9:02:64:96:b0:86:14:26:ab:6f:c1:4d:db:07: + 7b:16:61:7e:d7:26:83:5f:0b:b2:5e:08:5b:63:30: + 38:bf:50:92:3c:cc:57:fd:05:91:4a:f4:99:1b:a3: + 4b:de:99:08:2f:e4:b6:4e:e2:74:ee:35:5e:8a:9d: + 32:4d:60:c6:89:cf:c8:34:1b:73:95:dc:58:75:fd: + fd:fb:83:08:78:09:fe:09:58:f3:c2:64:95:14:28: + bd:92:c4:a4:25:9d:4e:a9:07:4b:ca:7c:ec:2b:e3: + 8b:f1:2e:bd:64:d4:53:c7:4a:4e:0a:b3:65:df:08: + fe:37:20:db:87:8d:cc:67:62:4a:98:b2:ed:47:9a: + 77:26:da:b2:03:2f:59:5d:a2:41:35:78:b1:b2:85: + 4a:15 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: ecdsa-with-SHA1 + 30:46:02:21:00:94:ad:24:93:85:3b:9f:cf:67:8c:cc:01:31: + ed:8c:23:ed:79:fa:3d:88:b0:57:e1:29:71:f2:d1:15:90:cc: + 73:02:21:00:a8:66:ce:74:c8:3f:e7:71:c2:08:46:54:5b:7b: + 0a:a3:76:1b:13:0b:9c:0e:8d:13:c0:01:6d:2b:34:93:86:7e +-----BEGIN CERTIFICATE----- +MIICWDCCAf4CAgDuMAkGByqGSM49BAEwMDEuMCwGA1UEAwwlcHJpbWUyNTZ2MSBl +Y2RzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xMTEyMTIyMjQ3NTRaFw0yMTEy +MDkyMjQ3NTRaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD +DAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSuMKg +aHcn0wev1D9K2VYI7BLl0XAKH8EpuSArZRresyVyXDtyKJ4R2Z/1Kor1HvLQzf2L +ui8iGY40+IrF3/DXydnL/BiUn12M58Mz97UY3UgkFhxWGZLPHhqqRS6FI1fxsmwE +6HWikhXJAmSWsIYUJqtvwU3bB3sWYX7XJoNfC7JeCFtjMDi/UJI8zFf9BZFK9Jkb +o0vemQgv5LZO4nTuNV6KnTJNYMaJz8g0G3OV3Fh1/f37gwh4Cf4JWPPCZJUUKL2S +xKQlnU6pB0vKfOwr44vxLr1k1FPHSk4Ks2XfCP43INuHjcxnYkqYsu1Hmncm2rID +L1ldokE1eLGyhUoVAgMBAAGjEzARMA8GA1UdEQQIMAaHBH8AAAEwCQYHKoZIzj0E +AQNJADBGAiEAlK0kk4U7n89njMwBMe2MI+15+j2IsFfhKXHy0RWQzHMCIQCoZs50 +yD/nccIIRlRbewqjdhsTC5wOjRPAAW0rNJOGfg== +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/2048-rsa-ee-by-secp256k1-ecdsa-intermediate.pem b/net/data/ssl/certificates/2048-rsa-ee-by-secp256k1-ecdsa-intermediate.pem new file mode 100644 index 0000000..d23179d --- /dev/null +++ b/net/data/ssl/certificates/2048-rsa-ee-by-secp256k1-ecdsa-intermediate.pem @@ -0,0 +1,56 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 238 (0xee) + Signature Algorithm: ecdsa-with-SHA1 + Issuer: CN=secp256k1 ecdsa Test intermediate CA + Validity + Not Before: Dec 10 01:51:17 2011 GMT + Not After : Dec 9 01:51:17 2012 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:e7:10:f2:68:0c:18:a5:e5:dd:a8:4b:2f:6b:f5: + 71:f4:bf:dd:ef:39:69:04:38:3d:52:c5:e7:cc:b3: + eb:98:57:13:4e:3e:79:cf:80:4b:d7:9d:7e:88:f3: + a9:02:47:b8:d9:ec:8a:8c:34:20:aa:29:3b:a1:d6: + 45:23:b5:6d:36:56:3c:a4:64:13:ee:23:70:09:fa: + 75:83:c6:b7:be:b5:b3:3f:80:cb:ce:7b:18:1f:ac: + 7c:25:b6:58:bc:07:b7:35:77:2b:64:1e:ca:14:0b: + d0:bb:6c:6e:1d:2f:ee:10:90:a1:ce:a9:ab:88:0a: + 28:74:ae:ae:ca:fc:da:c3:3a:ba:39:de:c8:1b:46: + bf:93:98:a2:5b:ba:b2:a6:d8:bd:54:52:be:52:31: + fa:07:3a:6d:8f:42:c2:92:80:31:5c:ae:cb:15:f0: + 72:cf:f6:5c:b9:f2:6b:91:b0:03:48:08:ae:a6:8d: + e4:bd:a1:f6:05:38:1c:70:43:b6:7d:34:b5:c1:b9: + 0b:f7:ec:71:0c:a4:20:92:2b:0f:c0:41:80:16:84: + 64:98:6d:13:38:df:ce:82:98:8c:ac:97:56:10:6d: + f8:e1:d5:19:ed:b7:60:44:c8:9e:72:61:1f:16:3b: + 81:13:a8:c3:99:99:47:ba:81:68:af:2a:39:80:c5: + 88:1b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: ecdsa-with-SHA1 + 30:45:02:21:00:b4:35:4d:5d:8b:9c:bd:ea:be:86:13:75:ab: + d0:af:cc:fb:39:85:20:0b:2d:a7:84:d7:ce:8f:44:54:b6:6a: + 7c:02:20:62:49:3e:32:da:e2:fe:bb:f3:db:8d:f6:78:de:0a: + 46:e3:93:87:1c:e7:b1:6f:81:9e:1d:b2:3b:5e:a2:2c:7b +-----BEGIN CERTIFICATE----- +MIICVjCCAf0CAgDuMAkGByqGSM49BAEwLzEtMCsGA1UEAwwkc2VjcDI1NmsxIGVj +ZHNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTExMTIxMDAxNTExN1oXDTEyMTIw +OTAxNTExN1owYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU +BgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMM +CTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOcQ8mgM +GKXl3ahLL2v1cfS/3e85aQQ4PVLF58yz65hXE04+ec+AS9edfojzqQJHuNnsiow0 +IKopO6HWRSO1bTZWPKRkE+4jcAn6dYPGt761sz+Ay857GB+sfCW2WLwHtzV3K2Qe +yhQL0Ltsbh0v7hCQoc6pq4gKKHSursr82sM6ujneyBtGv5OYolu6sqbYvVRSvlIx ++gc6bY9CwpKAMVyuyxXwcs/2XLnya5GwA0gIrqaN5L2h9gU4HHBDtn00tcG5C/fs +cQykIJIrD8BBgBaEZJhtEzjfzoKYjKyXVhBt+OHVGe23YETInnJhHxY7gROow5mZ +R7qBaK8qOYDFiBsCAwEAAaMTMBEwDwYDVR0RBAgwBocEfwAAATAJBgcqhkjOPQQB +A0gAMEUCIQC0NU1di5y96r6GE3Wr0K/M+zmFIAstp4TXzo9EVLZqfAIgYkk+Mtri +/rvz2432eN4KRuOThxznsW+Bnh2yO16iLHs= +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/2048-rsa-intermediate.pem b/net/data/ssl/certificates/2048-rsa-intermediate.pem new file mode 100644 index 0000000..8a5bc3d --- /dev/null +++ b/net/data/ssl/certificates/2048-rsa-intermediate.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 238 (0xee) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=2048 RSA Test Root CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: CN=2048 rsa Test intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:ca:0a:cb:c7:e3:8d:05:87:73:4b:a2:fc:31:a3: + 87:21:2a:d6:0f:83:d0:3d:c2:d8:d2:77:62:28:05: + fe:06:ad:b9:c5:e9:97:87:b3:90:f2:e5:13:45:47: + b0:9e:8b:bd:1b:7f:f9:35:7f:25:f6:bc:5d:c1:dc: + 6c:42:49:56:70:69:d7:55:a0:75:e0:68:7a:c8:8d: + 51:07:15:66:3d:30:3f:20:bb:e6:20:df:d0:5b:f1: + 4b:fd:0a:3f:d7:88:01:20:4f:21:f7:84:61:36:e5: + ca:63:c5:e8:d8:50:a5:a0:43:f5:a7:4c:f7:89:9b: + 2b:40:0e:bf:78:6c:33:85:87:73:78:1a:bc:2f:e2: + a8:ae:81:1f:89:e7:a0:88:96:d5:b5:bf:9a:68:d2: + 44:42:fa:af:f5:d9:82:93:97:c7:df:a6:22:11:16: + 90:06:14:0f:fb:84:a1:75:ba:2a:2b:ba:5b:4f:cf: + f0:21:81:9f:66:a7:88:70:64:5c:27:96:b4:9a:e1: + 53:a3:e5:25:0b:60:fa:48:05:6b:b1:73:ee:94:f2: + 9b:be:8b:01:f6:14:0c:3c:a2:28:01:64:6c:81:86: + 25:ac:0d:e8:df:37:3c:2c:a9:42:a3:b9:42:19:95: + a9:2f:aa:35:0c:13:4f:e2:1a:b3:6e:dc:4d:c6:28: + 09:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 48:6A:51:0C:3A:1F:20:7F:BD:4C:6B:0A:11:1F:A4:16:84:FB:83:C5 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha1WithRSAEncryption + 3a:f6:e3:fc:14:01:a3:89:91:84:7b:cb:50:e5:64:0a:a4:40: + d6:ad:40:26:53:29:28:c3:17:3b:12:42:8a:e8:bf:78:4a:77: + d2:65:08:0e:50:75:c9:fd:9e:13:de:f0:95:44:35:4a:98:50: + f6:ce:24:6b:e1:8c:a4:56:04:3e:4c:c7:f2:a8:07:bb:94:64: + ec:63:cb:e9:0d:a0:96:d8:d0:25:d5:22:cc:c7:a3:79:31:23: + 24:8a:24:9c:0c:a2:6c:05:a9:49:80:07:21:4f:f4:84:0f:34: + 9e:64:15:ed:3b:b9:ae:fc:3f:d8:06:92:b7:01:56:99:1f:91: + a6:13:06:11:9e:5b:66:71:30:ca:d2:44:6d:6f:8b:98:75:57: + 62:01:3b:47:aa:3e:ac:ea:97:00:24:5e:95:44:39:c3:df:cd: + f3:61:22:74:3f:64:31:11:31:b7:6e:a6:36:90:ee:9e:07:ca: + b9:81:e4:c7:fe:a9:ed:16:4f:f2:bc:14:1e:ef:79:44:23:33: + 42:e3:ab:eb:71:5e:ef:14:43:f8:29:48:7a:b4:40:80:6e:b5: + c0:de:d4:db:42:01:0f:9f:88:43:72:7e:76:01:72:a3:25:c1: + 2f:47:59:7e:a0:c8:e0:06:98:e0:47:9b:e9:98:55:5f:92:3e: + 7d:41:79:6a +-----BEGIN CERTIFICATE----- +MIIDBjCCAe6gAwIBAgICAO4wDQYJKoZIhvcNAQEFBQAwIDEeMBwGA1UEAwwVMjA0 +OCBSU0EgVGVzdCBSb290IENBMB4XDTExMTIxMjIyNDc1M1oXDTIxMTIwOTIyNDc1 +M1owKDEmMCQGA1UEAwwdMjA0OCByc2EgVGVzdCBpbnRlcm1lZGlhdGUgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKCsvH440Fh3NLovwxo4chKtYP +g9A9wtjSd2IoBf4GrbnF6ZeHs5Dy5RNFR7Cei70bf/k1fyX2vF3B3GxCSVZwaddV +oHXgaHrIjVEHFWY9MD8gu+Yg39Bb8Uv9Cj/XiAEgTyH3hGE25cpjxejYUKWgQ/Wn +TPeJmytADr94bDOFh3N4Grwv4qiugR+J56CIltW1v5po0kRC+q/12YKTl8ffpiIR +FpAGFA/7hKF1uiorultPz/AhgZ9mp4hwZFwnlrSa4VOj5SULYPpIBWuxc+6U8pu+ +iwH2FAw8oigBZGyBhiWsDejfNzwsqUKjuUIZlakvqjUME0/iGrNu3E3GKAlvAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEhqUQw6HyB/vUxrChEf +pBaE+4PFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAOvbj/BQB +o4mRhHvLUOVkCqRA1q1AJlMpKMMXOxJCiui/eEp30mUIDlB1yf2eE97wlUQ1SphQ +9s4ka+GMpFYEPkzH8qgHu5Rk7GPL6Q2gltjQJdUizMejeTEjJIoknAyibAWpSYAH +IU/0hA80nmQV7Tu5rvw/2AaStwFWmR+RphMGEZ5bZnEwytJEbW+LmHVXYgE7R6o+ +rOqXACRelUQ5w9/N82EidD9kMRExt26mNpDungfKuYHkx/6p7RZP8rwUHu95RCMz +QuOr63Fe7xRD+ClIerRAgG61wN7U20IBD5+IQ3J+dgFyoyXBL0dZfqDI4AaY4Eeb +6ZhVX5I+fUF5ag== +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/2048-rsa-root.pem b/net/data/ssl/certificates/2048-rsa-root.pem new file mode 100644 index 0000000..ef7dde1 --- /dev/null +++ b/net/data/ssl/certificates/2048-rsa-root.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICvDCCAaQCCQCTFvHGgBv5DTANBgkqhkiG9w0BAQUFADAgMR4wHAYDVQQDDBUy +MDQ4IFJTQSBUZXN0IFJvb3QgQ0EwHhcNMTExMjEyMjI0NzQwWhcNMjExMjA5MjI0 +NzQwWjAgMR4wHAYDVQQDDBUyMDQ4IFJTQSBUZXN0IFJvb3QgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3qdvYWmdiR80bRDk+xLGgAsjeqFJJQbSx +jyBmB9BP4vf14FZrwezRt83RDqE7PlbWZ7BAG0MZ2SsuY6ZTu20zeoqMGaFPLWA9 +nqSI+DIoc5cARpMDFvZJaA1ip9NQw9kZrgGBgCUkYQpQyQ/ZKP3eU7dlDT6szj8g +sZh0aQqelIDLo+KGan32ICPorV6gjSOlklw5io6/h5rf6UpCmoON0WWkO2+rXsgW +OcJ5lzoCRAk7uPvbe0MklJlaCGtnfDI0ftH+uB54odT/cGp+k9ok7o8qvM/nNDOq +i+jWqwr4XzdroqN7DnqOj14Luq1SfuwTdVQohUiJBjDrA2ZZbd0jAgMBAAEwDQYJ +KoZIhvcNAQEFBQADggEBAII1PYV5jW0uK4t9aNbAaK6M2L+WCRUQrc+xZqbMqkK0 +L7ZFOuRt0uDq/fp3dlF16KoIsMKHkpGqxF0ipbvhLpH2olW52dMQQ/D5Kb84DZ+g +etjutHQWHon2xCGFPfnl1i04hiKg4XVuupGhu2rR4HFqerc0HXFHcnlDQ7BlQ1+I +Ug8GcOwc2lXbnB8cfDCmOnpUNUd1D3bNEZUy+YhvqxYlKLgp9xc1mWfEyW/8Caqx ++XNntHZ7xEWBX+OJu3Sg7iBLUUGzckl6KJ6DxMam3Bi334zgKW/dlML8vJ7vnkG+ +mpvuz+9C6Dq5r2VVkLrAHjGLLPAiiXUvoXOEitKsTQs= +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem b/net/data/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem new file mode 100644 index 0000000..5556aa2 --- /dev/null +++ b/net/data/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem @@ -0,0 +1,47 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 236 (0xec) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=1024 rsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (768 bit) + Modulus (768 bit): + 00:99:15:16:6e:0f:58:af:87:bc:b8:83:ae:3a:57: + 85:f9:9c:70:f8:b7:9b:e2:17:c6:5e:4b:c2:4b:e3: + 94:ba:c3:5d:85:91:2d:cb:73:6d:ee:9b:76:9f:b1: + ce:34:cc:9f:73:75:00:1f:d7:cf:66:e9:a4:cc:8b: + 93:2e:b6:15:15:16:c0:7f:eb:70:00:ed:9c:f1:19: + d3:8e:38:60:bb:39:68:38:68:5b:06:67:84:13:7b: + 5a:69:71:82:a7:90:99 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + 98:23:c2:af:db:c3:76:a7:5d:c2:29:ae:03:be:30:6d:aa:c9: + ef:01:04:a8:9d:45:ad:45:4b:f1:7f:6e:bb:7d:ee:41:d6:a6: + da:65:e1:07:28:05:fd:35:ca:89:25:a4:c3:3a:49:8e:d5:2f: + fe:95:8a:26:a7:82:5b:ea:b7:c6:85:bf:3f:03:1c:d5:90:e4: + 40:95:12:3c:1a:8f:ef:1a:ef:f3:ac:4b:05:21:63:4a:d8:4f: + 5f:4a:9a:b2:6e:b2:8b:d5:3a:93:0a:c9:84:c0:3e:9a:ac:b7: + b3:a6:36:fb:fe:6a:9a:5a:10:fc:be:40:09:ac:2b:d6:93:30: + b3:50 +-----BEGIN CERTIFICATE----- +MIIB6TCCAVICAgDsMA0GCSqGSIb3DQEBBQUAMCgxJjAkBgNVBAMMHTEwMjQgcnNh +IFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTExMTIxMjIyNDc1M1oXDTIxMTIwOTIy +NDc1M1owYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEy +Ny4wLjAuMTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgCYQCZFRZuD1ivh7y4g646V4X5 +nHD4t5viF8ZeS8JL45S6w12FkS3Lc23um3afsc40zJ9zdQAf189m6aTMi5MuthUV +FsB/63AA7ZzxGdOOOGC7OWg4aFsGZ4QTe1ppcYKnkJkCAwEAAaMTMBEwDwYDVR0R +BAgwBocEfwAAATANBgkqhkiG9w0BAQUFAAOBgQCYI8Kv28N2p13CKa4DvjBtqsnv +AQSonUWtRUvxf267fe5B1qbaZeEHKAX9NcqJJaTDOkmO1S/+lYomp4Jb6rfGhb8/ +AxzVkORAlRI8Go/vGu/zrEsFIWNK2E9fSpqybrKL1TqTCsmEwD6arLezpjb7/mqa +WhD8vkAJrCvWkzCzUA== +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem b/net/data/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem new file mode 100644 index 0000000..7385c61 --- /dev/null +++ b/net/data/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem @@ -0,0 +1,56 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 236 (0xec) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=2048 rsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (768 bit) + Modulus (768 bit): + 00:d8:33:27:fc:e4:01:aa:68:42:d1:6d:26:ae:8f: + e5:9e:85:a7:af:98:86:9a:bc:ad:a9:c6:81:75:fb: + 2d:fc:ce:84:16:bc:02:d7:93:37:98:f1:c7:9e:b5: + 5a:ce:45:92:2d:0f:fd:79:07:16:36:ef:63:e2:7b: + 81:02:1f:ee:ea:2b:68:66:75:d0:51:29:ce:77:cd: + db:06:29:e2:83:41:86:90:98:3a:a3:21:b6:82:ad: + 0a:b7:c8:04:fd:b5:2f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + 1c:93:4c:b9:cf:c2:3f:7e:b7:09:1c:d9:14:ca:36:f7:a6:93: + c7:99:09:77:ce:0e:a9:1b:ca:19:90:20:2f:3b:ca:62:5c:3d: + 28:75:b1:f4:be:99:3b:2d:d6:bf:df:8a:4d:81:7d:9c:a2:16: + 7d:93:73:a1:61:cb:13:63:88:94:20:fb:87:a4:4b:c8:d5:5b: + 77:07:7a:3a:d8:c8:fb:f1:76:2d:68:5b:7b:69:37:74:4a:96: + 32:39:5d:99:18:10:80:6a:ee:43:6d:72:74:69:85:1a:9f:ee: + 4d:f7:b0:cd:b9:0b:c3:1b:b0:76:3a:53:6f:9b:b4:f6:8c:af: + f7:b7:33:b2:d6:18:94:3b:ae:db:22:72:0b:d7:ea:d3:3d:6d: + db:50:78:e8:60:2f:04:aa:f3:68:23:43:fe:83:b7:be:39:54: + 0a:06:df:b9:0f:13:56:0b:ba:cf:dd:f0:ca:c1:d6:f6:a7:15: + e9:c8:20:fe:a0:46:86:2a:2b:26:cd:0b:9c:0c:0d:a3:84:3a: + bf:ae:60:65:88:2f:e5:6d:d6:e5:d7:e0:75:3d:00:73:65:ae: + dd:f1:2b:1d:ff:5c:9d:58:db:07:4b:c7:3a:78:06:6a:d1:73: + 30:d8:bf:cb:9b:1d:e3:fc:f8:42:49:08:4b:e8:f9:67:c6:fd: + f9:34:54:a1 +-----BEGIN CERTIFICATE----- +MIICajCCAVICAgDsMA0GCSqGSIb3DQEBBQUAMCgxJjAkBgNVBAMMHTIwNDggcnNh +IFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTExMTIxMjIyNDc1M1oXDTIxMTIwOTIy +NDc1M1owYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEy +Ny4wLjAuMTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgCYQDYMyf85AGqaELRbSauj+We +haevmIaavK2pxoF1+y38zoQWvALXkzeY8ceetVrORZItD/15BxY272Pie4ECH+7q +K2hmddBRKc53zdsGKeKDQYaQmDqjIbaCrQq3yAT9tS8CAwEAAaMTMBEwDwYDVR0R +BAgwBocEfwAAATANBgkqhkiG9w0BAQUFAAOCAQEAHJNMuc/CP363CRzZFMo296aT +x5kJd84OqRvKGZAgLzvKYlw9KHWx9L6ZOy3Wv9+KTYF9nKIWfZNzoWHLE2OIlCD7 +h6RLyNVbdwd6OtjI+/F2LWhbe2k3dEqWMjldmRgQgGruQ21ydGmFGp/uTfewzbkL +wxuwdjpTb5u09oyv97czstYYlDuu2yJyC9fq0z1t21B46GAvBKrzaCND/oO3vjlU +CgbfuQ8TVgu6z93wysHW9qcV6cgg/qBGhiorJs0LnAwNo4Q6v65gZYgv5W3W5dfg +dT0Ac2Wu3fErHf9cnVjbB0vHOngGatFzMNi/y5sd4/z4QkkIS+j5Z8b9+TRUoQ== +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem b/net/data/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem new file mode 100644 index 0000000..bec71b2 --- /dev/null +++ b/net/data/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem @@ -0,0 +1,44 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 236 (0xec) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=768 rsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (768 bit) + Modulus (768 bit): + 00:a2:72:21:2e:6e:fa:d0:4e:6c:13:b8:7c:c4:e4: + 7b:c8:e9:ab:d3:b8:ce:f5:9f:f6:c2:25:39:08:c4: + a0:c8:a9:30:43:d4:e3:fa:f1:23:57:9a:93:51:ec: + 00:7d:a1:85:22:2d:cf:75:b7:c4:60:f7:e0:e9:6d: + ac:45:e5:eb:15:a5:27:5c:f6:a9:3d:87:7b:82:dc: + 5a:39:65:03:8b:ee:32:55:f7:2a:52:fa:a8:07:5e: + 31:de:d7:02:74:bc:01 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + 70:6a:2e:12:b8:3e:49:6a:f4:5b:c1:57:54:b8:fd:5b:0a:20: + d1:c7:71:35:2f:61:3a:64:25:9f:9f:f2:88:d0:10:f6:08:a5: + 0f:19:b1:ba:ee:a2:21:ff:da:ca:d1:1e:41:54:8a:e4:c2:4b: + 53:aa:dc:5f:46:aa:66:13:6f:3e:65:c5:f3:05:ea:a3:7c:fc: + e9:89:b3:9a:8d:c1:e9:98:61:33:1c:5e:64:e3:aa:e2:25:03: + fb:70:58:9b:81:99 +-----BEGIN CERTIFICATE----- +MIIBxzCCAVECAgDsMA0GCSqGSIb3DQEBBQUAMCcxJTAjBgNVBAMMHDc2OCByc2Eg +VGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTExMjEyMjI0NzUzWhcNMjExMjA5MjI0 +NzUzWjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE +BwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3 +LjAuMC4xMHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJyIS5u+tBObBO4fMTke8jp +q9O4zvWf9sIlOQjEoMipMEPU4/rxI1eak1HsAH2hhSItz3W3xGD34OltrEXl6xWl +J1z2qT2He4LcWjllA4vuMlX3KlL6qAdeMd7XAnS8AQIDAQABoxMwETAPBgNVHREE +CDAGhwR/AAABMA0GCSqGSIb3DQEBBQUAA2EAcGouErg+SWr0W8FXVLj9Wwog0cdx +NS9hOmQln5/yiNAQ9gilDxmxuu6iIf/aytEeQVSK5MJLU6rcX0aqZhNvPmXF8wXq +o3z86Ymzmo3B6ZhhMxxeZOOq4iUD+3BYm4GZ +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem b/net/data/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem new file mode 100644 index 0000000..c293709 --- /dev/null +++ b/net/data/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem @@ -0,0 +1,42 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 236 (0xec) + Signature Algorithm: ecdsa-with-SHA1 + Issuer: CN=prime256v1 ecdsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (768 bit) + Modulus (768 bit): + 00:9f:be:cd:ca:eb:45:e5:2a:77:c6:d2:82:b8:22: + 9b:44:d5:d8:04:34:af:8e:35:ba:83:d2:fa:0d:64: + e4:1c:4e:1b:34:8b:db:a2:1b:67:36:fb:8d:ac:3b: + 52:71:aa:77:63:e7:a5:3b:a5:1c:ae:7a:7f:1e:8c: + 98:ac:e8:19:67:ca:a0:fc:fb:df:57:3c:6c:b1:85: + bb:7c:a6:15:df:13:82:34:e7:84:7b:75:c7:69:ed: + f3:8f:77:63:af:6f:29 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: ecdsa-with-SHA1 + 30:45:02:20:76:9c:1b:cf:23:dd:36:94:7a:8e:76:80:b8:4a: + f1:c9:d0:d0:ca:5c:81:57:e3:cf:21:43:63:72:03:56:f8:5d: + 02:21:00:fe:01:ba:f2:5e:ad:ca:2f:56:2f:b3:6d:82:cd:72: + 9c:22:2d:0e:10:04:e0:55:e0:d3:c7:4b:a1:60:8d:2c:2b +-----BEGIN CERTIFICATE----- +MIIBrzCCAVYCAgDsMAkGByqGSM49BAEwMDEuMCwGA1UEAwwlcHJpbWUyNTZ2MSBl +Y2RzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xMTEyMTIyMjQ3NTNaFw0yMTEy +MDkyMjQ3NTNaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD +DAkxMjcuMC4wLjEwfDANBgkqhkiG9w0BAQEFAANrADBoAmEAn77NyutF5Sp3xtKC +uCKbRNXYBDSvjjW6g9L6DWTkHE4bNIvbohtnNvuNrDtScap3Y+elO6Ucrnp/HoyY +rOgZZ8qg/PvfVzxssYW7fKYV3xOCNOeEe3XHae3zj3djr28pAgMBAAGjEzARMA8G +A1UdEQQIMAaHBH8AAAEwCQYHKoZIzj0EAQNIADBFAiB2nBvPI902lHqOdoC4SvHJ +0NDKXIFX488hQ2NyA1b4XQIhAP4BuvJercovVi+zbYLNcpwiLQ4QBOBV4NPHS6Fg +jSwr +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/768-rsa-ee-by-secp256k1-ecdsa-intermediate.pem b/net/data/ssl/certificates/768-rsa-ee-by-secp256k1-ecdsa-intermediate.pem new file mode 100644 index 0000000..5825106 --- /dev/null +++ b/net/data/ssl/certificates/768-rsa-ee-by-secp256k1-ecdsa-intermediate.pem @@ -0,0 +1,42 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 236 (0xec) + Signature Algorithm: ecdsa-with-SHA1 + Issuer: CN=secp256k1 ecdsa Test intermediate CA + Validity + Not Before: Dec 10 01:51:16 2011 GMT + Not After : Dec 9 01:51:16 2012 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (768 bit) + Modulus (768 bit): + 00:cb:5e:34:c8:77:3c:55:25:ee:1c:68:96:0c:2c: + 48:2b:ed:83:ca:91:12:37:ea:71:ff:bc:c8:de:16: + 03:0c:cf:b8:40:ff:3c:43:1f:10:ab:bf:d8:e4:8f: + c1:82:cf:66:7d:c0:aa:c6:e6:3d:74:65:2d:df:f3: + f7:e1:f0:c0:4a:f8:eb:b8:5d:63:ff:78:67:b7:c6: + 1b:24:33:6d:0f:9c:39:86:72:41:03:26:8f:e0:55: + 1d:1c:72:a5:38:15:8f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: ecdsa-with-SHA1 + 30:44:02:20:72:f6:48:3b:5d:88:f4:fc:50:c8:74:21:a6:f2: + c4:f7:d0:40:69:a1:48:93:98:36:fe:36:16:ec:95:a6:28:12: + 02:20:48:e4:7e:32:a0:4b:c0:4d:08:5f:c8:63:f9:67:7f:2d: + dc:78:77:78:ec:0e:a2:ee:78:60:d9:07:7d:b3:0a:d3 +-----BEGIN CERTIFICATE----- +MIIBrTCCAVUCAgDsMAkGByqGSM49BAEwLzEtMCsGA1UEAwwkc2VjcDI1NmsxIGVj +ZHNhIFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTExMTIxMDAxNTExNloXDTEyMTIw +OTAxNTExNlowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU +BgNVBAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMM +CTEyNy4wLjAuMTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgCYQDLXjTIdzxVJe4caJYM +LEgr7YPKkRI36nH/vMjeFgMMz7hA/zxDHxCrv9jkj8GCz2Z9wKrG5j10ZS3f8/fh +8MBK+Ou4XWP/eGe3xhskM20PnDmGckEDJo/gVR0ccqU4FY8CAwEAAaMTMBEwDwYD +VR0RBAgwBocEfwAAATAJBgcqhkjOPQQBA0cAMEQCIHL2SDtdiPT8UMh0IabyxPfQ +QGmhSJOYNv42FuyVpigSAiBI5H4yoEvATQhfyGP5Z38t3Hh3eOwOou54YNkHfbMK +0w== +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/768-rsa-intermediate.pem b/net/data/ssl/certificates/768-rsa-intermediate.pem new file mode 100644 index 0000000..3ad84e5 --- /dev/null +++ b/net/data/ssl/certificates/768-rsa-intermediate.pem @@ -0,0 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 236 (0xec) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=2048 RSA Test Root CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: CN=768 rsa Test intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (768 bit) + Modulus (768 bit): + 00:cc:6a:db:92:b7:bf:b3:fa:c0:b3:54:8e:3d:26: + 08:e6:a3:d0:ca:e2:75:86:25:27:0d:f4:67:e4:9f: + 90:0e:2f:4d:d4:15:af:c9:53:1c:44:f4:2e:90:6c: + 82:9b:b6:d2:59:0d:89:6a:f8:4a:c4:37:39:4f:c9: + 08:f1:c1:ed:e4:51:74:0c:b7:a6:2a:cf:ba:f5:47: + 96:6c:09:ac:d3:e4:3c:fe:ec:6f:63:60:ad:7d:ee: + 33:d1:cd:4f:15:f4:a7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + D5:89:AE:A8:B3:CF:6A:F1:0C:AF:E0:11:2F:C8:59:12:A6:31:E9:3E + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha1WithRSAEncryption + 1f:a3:25:77:24:2e:b9:92:5b:06:4c:fe:31:a8:fd:86:23:97: + 03:ab:8f:50:7f:44:0b:6a:77:ff:0d:c8:0e:d2:98:e4:26:9c: + cc:26:ed:5f:1f:9c:40:0e:9e:e5:8d:1d:7f:7c:cb:2e:64:fc: + 8a:81:a6:d9:9d:05:4d:a1:45:76:d2:78:2a:4e:d9:5e:8c:59: + b3:cd:be:3b:ae:09:8c:e2:a6:a0:0e:c5:28:93:b1:bb:c1:76: + c1:f3:d7:d7:22:e3:25:d4:1c:cc:ae:4a:6e:1b:ae:98:3b:c5: + bb:dc:92:87:8b:a3:92:91:b2:23:84:1f:7f:cb:f9:85:42:d2: + 85:ff:a7:90:69:e0:26:ae:3f:fd:cb:7f:a6:e9:b9:3f:7f:54: + 3f:c7:b3:98:15:e3:22:da:c3:e7:ab:d1:b8:00:62:a2:26:9f: + 59:7f:51:b5:c5:10:5a:0e:a4:be:bd:22:26:5b:fc:d6:2d:32: + 13:04:ae:28:32:ac:e5:10:7a:81:79:a9:84:ca:67:6c:74:31: + 64:07:4e:3e:4f:6f:c4:e9:90:7f:a8:f5:b4:f9:65:4d:35:fa: + ab:92:1b:2f:b5:49:c7:73:38:3a:c7:92:f0:16:bb:a5:55:b8: + d9:79:4f:98:4e:6e:2a:4d:88:a3:c4:23:5c:c4:3f:ee:f7:26: + 56:38:1e:11 +-----BEGIN CERTIFICATE----- +MIICXTCCAUWgAwIBAgICAOwwDQYJKoZIhvcNAQEFBQAwIDEeMBwGA1UEAwwVMjA0 +OCBSU0EgVGVzdCBSb290IENBMB4XDTExMTIxMjIyNDc1M1oXDTIxMTIwOTIyNDc1 +M1owJzElMCMGA1UEAwwcNzY4IHJzYSBUZXN0IGludGVybWVkaWF0ZSBDQTB8MA0G +CSqGSIb3DQEBAQUAA2sAMGgCYQDMatuSt7+z+sCzVI49Jgjmo9DK4nWGJScN9Gfk +n5AOL03UFa/JUxxE9C6QbIKbttJZDYlq+ErENzlPyQjxwe3kUXQMt6Yqz7r1R5Zs +CazT5Dz+7G9jYK197jPRzU8V9KcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQU1YmuqLPPavEMr+ARL8hZEqYx6T4wDgYDVR0PAQH/BAQDAgEGMA0G +CSqGSIb3DQEBBQUAA4IBAQAfoyV3JC65klsGTP4xqP2GI5cDq49Qf0QLanf/DcgO +0pjkJpzMJu1fH5xADp7ljR1/fMsuZPyKgabZnQVNoUV20ngqTtlejFmzzb47rgmM +4qagDsUok7G7wXbB89fXIuMl1BzMrkpuG66YO8W73JKHi6OSkbIjhB9/y/mFQtKF +/6eQaeAmrj/9y3+m6bk/f1Q/x7OYFeMi2sPnq9G4AGKiJp9Zf1G1xRBaDqS+vSIm +W/zWLTITBK4oMqzlEHqBeamEymdsdDFkB04+T2/E6ZB/qPW0+WVNNfqrkhsvtUnH +czg6x5LwFrulVbjZeU+YTm4qTYijxCNcxD/u9yZWOB4R +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/README b/net/data/ssl/certificates/README index 8d6e164..1bca4aa 100644 --- a/net/data/ssl/certificates/README +++ b/net/data/ssl/certificates/README @@ -76,3 +76,12 @@ unit tests. - unescaped.pem : Regression test for http://crbug.com/102839. Contains characters such as '=' and '"' that would normally be escaped when converting a subject/issuer name to their stringized form. + +- 2048-rsa-root.pem +- {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem +- {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by- + {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem + These certficates are generated by + net/data/ssl/scripts/generate-weak-test-chains.sh and used in the + RejectWeakKeys test in net/base/x509_certificate_unittest.cc. + diff --git a/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem b/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem new file mode 100644 index 0000000..d5711bd --- /dev/null +++ b/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem @@ -0,0 +1,44 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 242 (0xf2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=1024 rsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:54 2011 GMT + Not After : Dec 9 22:47:54 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + EC Public Key: + pub: + 04:c6:da:96:04:72:10:1a:ac:92:fd:d6:23:1e:c5: + cc:92:2e:09:2e:76:39:a4:d5:ca:e3:c1:2d:e4:8e: + b1:84:90:9d:6e:6a:ca:46:48:22:80:50:ed:80:83: + b8:43:96:c7:be:77:a8:23:f3:bf:f4:0f:c6:78:55: + 8f:0c:9e:6d:a6 + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + 54:45:00:a1:6b:41:42:0b:5f:ac:23:75:06:2c:58:e7:46:05: + 1e:f1:f6:cb:37:e6:d2:3d:84:db:0c:b8:fd:4d:d6:f5:13:ff: + 1a:22:14:01:fe:ff:09:8d:e3:fd:64:68:12:7e:d1:ae:31:cb: + c4:17:99:fe:20:1e:68:7c:d7:d6:93:f6:2e:88:d0:89:34:8e: + a6:59:17:1e:4f:2a:53:69:9a:46:5a:80:91:65:47:ca:17:87: + 5e:2d:b8:41:bf:05:fa:80:fb:57:20:23:d6:99:5e:7e:5d:bf: + bc:6d:0b:83:86:53:bb:28:f1:4a:83:3c:32:14:06:00:ce:cc: + 62:d7 +-----BEGIN CERTIFICATE----- +MIIBxjCCAS8CAgDyMA0GCSqGSIb3DQEBBQUAMCgxJjAkBgNVBAMMHTEwMjQgcnNh +IFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTExMTIxMjIyNDc1NFoXDTIxMTIwOTIy +NDc1NFowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEy +Ny4wLjAuMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMbalgRyEBqskv3WIx7F +zJIuCS52OaTVyuPBLeSOsYSQnW5qykZIIoBQ7YCDuEOWx753qCPzv/QPxnhVjwye +baajEzARMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQADgYEAVEUAoWtB +QgtfrCN1BixY50YFHvH2yzfm0j2E2wy4/U3W9RP/GiIUAf7/CY3j/WRoEn7RrjHL +xBeZ/iAeaHzX1pP2LojQiTSOplkXHk8qU2maRlqAkWVHyheHXi24Qb8F+oD7VyAj +1plefl2/vG0Lg4ZTuyjxSoM8MhQGAM7MYtc= +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem b/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem new file mode 100644 index 0000000..aea77ee --- /dev/null +++ b/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem @@ -0,0 +1,54 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 242 (0xf2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=2048 rsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:54 2011 GMT + Not After : Dec 9 22:47:54 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + EC Public Key: + pub: + 04:c6:80:6a:45:dd:d9:c1:83:91:b8:9f:d6:59:cb: + 08:0d:5b:b1:b3:52:83:4d:e8:68:61:3e:df:df:82: + 7c:84:63:ce:08:a9:8f:04:20:81:8d:ad:c0:80:25: + 72:0e:b3:f3:06:fe:7c:46:0d:4d:cd:9f:0a:72:5b: + a5:7b:ee:f2:31 + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + 17:05:5c:7d:c4:c7:07:d1:08:09:fd:8f:01:29:8e:91:cd:de: + d8:f2:22:66:86:63:b1:8b:fb:41:f9:46:31:f5:24:3f:19:a4: + 4b:40:4e:ef:e6:1a:5f:90:24:3d:04:3b:ae:42:17:be:a4:1d: + 0c:8d:b1:e3:8f:05:fd:d7:b5:a7:c1:ee:b6:97:72:1a:25:86: + 61:dc:31:11:81:af:20:3c:4a:c0:b1:ff:03:23:8c:7c:2b:94: + e0:4b:25:74:7c:13:5e:0e:a7:72:e4:8e:a1:27:86:c4:ea:b1: + a3:b7:f3:80:b6:5f:76:91:6b:04:d5:55:96:01:35:10:a6:33: + 4f:cc:ea:2f:d2:f1:fc:a4:a1:14:77:1f:61:a9:a1:c4:b5:90: + bb:73:c1:ed:bb:63:47:a7:e8:27:a3:8e:27:88:c9:7e:dc:00: + 76:44:2e:89:a7:b0:ef:9f:bb:f2:58:e1:c5:01:7b:b1:a0:b2: + dc:ce:c7:cf:a7:5d:0d:37:b8:86:4a:5a:61:9c:59:98:ef:4d: + af:61:35:de:ed:5b:b2:94:16:7f:3d:2a:96:87:9e:63:0b:0d: + 80:ac:36:1b:ac:bf:2f:c8:4b:be:c2:6d:ea:8b:7b:e3:8f:b5: + d6:62:0d:dc:c8:17:d4:eb:78:40:a4:9e:95:e7:38:75:c0:31: + 64:2b:ad:d8 +-----BEGIN CERTIFICATE----- +MIICRzCCAS8CAgDyMA0GCSqGSIb3DQEBBQUAMCgxJjAkBgNVBAMMHTIwNDggcnNh +IFRlc3QgaW50ZXJtZWRpYXRlIENBMB4XDTExMTIxMjIyNDc1NFoXDTIxMTIwOTIy +NDc1NFowYDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB1Rlc3QgQ0ExEjAQBgNVBAMMCTEy +Ny4wLjAuMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMaAakXd2cGDkbif1lnL +CA1bsbNSg03oaGE+39+CfIRjzgipjwQggY2twIAlcg6z8wb+fEYNTc2fCnJbpXvu +8jGjEzARMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQEFBQADggEBABcFXH3E +xwfRCAn9jwEpjpHN3tjyImaGY7GL+0H5RjH1JD8ZpEtATu/mGl+QJD0EO65CF76k +HQyNseOPBf3XtafB7raXcholhmHcMRGBryA8SsCx/wMjjHwrlOBLJXR8E14Op3Lk +jqEnhsTqsaO384C2X3aRawTVVZYBNRCmM0/M6i/S8fykoRR3H2GpocS1kLtzwe27 +Y0en6CejjieIyX7cAHZELomnsO+fu/JY4cUBe7GgstzOx8+nXQ03uIZKWmGcWZjv +Ta9hNd7tW7KUFn89KpaHnmMLDYCsNhusvy/IS77CbeqLe+OPtdZiDdzIF9TreECk +npXnOHXAMWQrrdg= +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem b/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem new file mode 100644 index 0000000..434b93f --- /dev/null +++ b/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem @@ -0,0 +1,41 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 242 (0xf2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=768 rsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:54 2011 GMT + Not After : Dec 9 22:47:54 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + EC Public Key: + pub: + 04:bd:53:19:05:f9:a1:53:38:f9:94:53:38:c3:5f: + 65:91:ca:00:98:ff:8c:78:cb:a9:ce:a7:f4:ac:74: + 48:94:0a:6d:8e:6e:12:16:0c:ba:fb:4d:39:6f:75: + 96:0e:f6:6a:ab:e9:9b:a4:6f:3b:35:fc:ad:dc:6b: + 12:97:1e:de:79 + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: sha1WithRSAEncryption + 5a:27:e9:f3:8a:ea:29:4b:32:0d:27:de:e4:c8:94:d4:72:1e: + b9:97:f6:a1:d1:13:df:fc:7d:98:1e:5e:bc:05:0b:24:9a:0a: + 4c:cc:5f:66:8a:7a:51:18:42:48:b1:1b:56:1b:46:bf:9b:56: + bd:c5:46:54:da:c1:7f:00:2c:c5:f1:e9:24:da:1e:19:83:96: + 5f:df:71:15:61:73:8e:6c:ca:3d:50:e7:de:2d:4a:ce:9a:a1: + 44:51:64:0e:b0:6a +-----BEGIN CERTIFICATE----- +MIIBpDCCAS4CAgDyMA0GCSqGSIb3DQEBBQUAMCcxJTAjBgNVBAMMHDc2OCByc2Eg +VGVzdCBpbnRlcm1lZGlhdGUgQ0EwHhcNMTExMjEyMjI0NzU0WhcNMjExMjA5MjI0 +NzU0WjBgMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE +BwwNTW91bnRhaW4gVmlldzEQMA4GA1UECgwHVGVzdCBDQTESMBAGA1UEAwwJMTI3 +LjAuMC4xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvVMZBfmhUzj5lFM4w19l +kcoAmP+MeMupzqf0rHRIlAptjm4SFgy6+005b3WWDvZqq+mbpG87Nfyt3GsSlx7e +eaMTMBEwDwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQUFAANhAFon6fOK6ilL +Mg0n3uTIlNRyHrmX9qHRE9/8fZgeXrwFCySaCkzMX2aKelEYQkixG1YbRr+bVr3F +RlTawX8ALMXx6STaHhmDll/fcRVhc45syj1Q594tSs6aoURRZA6wag== +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem b/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem new file mode 100644 index 0000000..6e00ebf --- /dev/null +++ b/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem @@ -0,0 +1,39 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 242 (0xf2) + Signature Algorithm: ecdsa-with-SHA1 + Issuer: CN=prime256v1 ecdsa Test intermediate CA + Validity + Not Before: Dec 12 22:47:55 2011 GMT + Not After : Dec 9 22:47:55 2021 GMT + Subject: C=US, ST=California, L=Mountain View, O=Test CA, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + EC Public Key: + pub: + 04:79:bf:01:56:fb:d3:32:5c:95:eb:7f:78:d3:ec: + bc:4d:df:ae:5f:58:ed:c1:c8:21:a8:23:96:6d:37: + b1:ea:21:a6:3e:4a:2e:36:1d:d9:3f:ff:b2:8d:36: + 10:02:44:38:8a:a7:63:d0:b1:89:6b:2e:da:e2:a9: + f2:c6:fa:66:a5 + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Subject Alternative Name: + IP Address:127.0.0.1 + Signature Algorithm: ecdsa-with-SHA1 + 30:46:02:21:00:8d:99:02:83:bf:bd:8d:45:06:7f:1b:3e:e3: + 61:31:3e:93:ca:27:62:f3:7a:6f:1e:b6:6b:67:26:c4:ee:95: + e9:02:21:00:d6:34:24:c3:53:8e:56:92:0a:fb:2b:bf:b2:33: + 3a:2d:7a:23:7e:a8:d3:d1:67:42:e0:b0:4e:c6:01:b6:a0:8a +-----BEGIN CERTIFICATE----- +MIIBjTCCATMCAgDyMAkGByqGSM49BAEwMDEuMCwGA1UEAwwlcHJpbWUyNTZ2MSBl +Y2RzYSBUZXN0IGludGVybWVkaWF0ZSBDQTAeFw0xMTEyMTIyMjQ3NTVaFw0yMTEy +MDkyMjQ3NTVaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw +FAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdUZXN0IENBMRIwEAYDVQQD +DAkxMjcuMC4wLjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5vwFW+9MyXJXr +f3jT7LxN365fWO3ByCGoI5ZtN7HqIaY+Si42Hdk//7KNNhACRDiKp2PQsYlrLtri +qfLG+maloxMwETAPBgNVHREECDAGhwR/AAABMAkGByqGSM49BAEDSQAwRgIhAI2Z +AoO/vY1FBn8bPuNhMT6Tyidi83pvHrZrZybE7pXpAiEA1jQkw1OOVpIK+yu/sjM6 +LXojfqjT0WdC4LBOxgG2oIo= +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/prime256v1-ecdsa-intermediate.pem b/net/data/ssl/certificates/prime256v1-ecdsa-intermediate.pem new file mode 100644 index 0000000..589c001 --- /dev/null +++ b/net/data/ssl/certificates/prime256v1-ecdsa-intermediate.pem @@ -0,0 +1,58 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 242 (0xf2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=2048 RSA Test Root CA + Validity + Not Before: Dec 12 22:47:53 2011 GMT + Not After : Dec 9 22:47:53 2021 GMT + Subject: CN=prime256v1 ecdsa Test intermediate CA + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + EC Public Key: + pub: + 04:d1:35:14:53:74:2f:e1:e4:9b:41:9e:42:9d:10: + 6b:0b:f4:16:8f:bc:a7:c7:a4:39:09:73:34:cb:87: + df:2f:7e:4a:5f:b1:b5:e4:dc:49:41:4e:a8:81:34: + b5:da:7d:27:7d:05:c1:bd:0a:29:6d:ad:a3:5d:37: + 7b:56:b7:1b:60 + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 95:31:9C:D4:B9:C2:F8:A6:08:71:5F:3A:17:F7:2C:1E:A9:AD:46:41 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha1WithRSAEncryption + 22:38:c0:f9:09:fc:7b:2d:d3:31:8e:eb:7d:bb:b9:78:b7:89: + f4:7a:85:b4:f8:0f:2a:1b:a5:c3:53:f1:55:a4:bd:a3:dd:d2: + 2d:e5:af:63:bd:fc:eb:6d:95:90:7a:de:1e:ed:fa:a9:b4:df: + 82:f1:22:10:3a:b9:c7:a1:23:d0:9f:2a:60:81:61:83:a0:e6: + 2b:de:b7:a0:4e:f6:81:a7:8f:02:c7:14:06:16:f1:9e:85:c9: + 7d:7d:f3:31:aa:78:cd:a9:a8:81:5b:e4:26:2f:fa:93:e7:6a: + 6e:a8:2f:1b:0a:b9:20:cc:f0:93:89:81:43:58:c8:b6:0a:40: + d3:24:b9:e9:c6:64:93:13:16:9c:0b:e8:bd:77:91:6e:96:bf: + 22:85:db:ba:88:5b:db:18:9a:5d:10:5d:45:07:ba:99:9b:60: + c0:30:4b:41:64:20:03:fa:97:94:82:59:5b:85:e6:f3:be:a5: + e8:c9:52:11:1a:62:e1:f0:24:7e:47:30:e2:e2:8d:8c:5b:84: + 10:ec:cc:f5:d2:4c:9e:47:ea:20:66:20:31:0f:8b:03:77:b3: + b6:54:9f:b4:7a:60:6e:1a:63:47:9f:b4:00:b7:7c:35:be:58: + e3:8b:22:0e:3d:79:b9:6f:0e:4f:05:06:1a:16:e1:b9:92:1c: + ea:f5:ef:9d +-----BEGIN CERTIFICATE----- +MIICQzCCASugAwIBAgICAPIwDQYJKoZIhvcNAQEFBQAwIDEeMBwGA1UEAwwVMjA0 +OCBSU0EgVGVzdCBSb290IENBMB4XDTExMTIxMjIyNDc1M1oXDTIxMTIwOTIyNDc1 +M1owMDEuMCwGA1UEAwwlcHJpbWUyNTZ2MSBlY2RzYSBUZXN0IGludGVybWVkaWF0 +ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNE1FFN0L+Hkm0GeQp0Qawv0 +Fo+8p8ekOQlzNMuH3y9+Sl+xteTcSUFOqIE0tdp9J30Fwb0KKW2to103e1a3G2Cj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJUxnNS5wvimCHFfOhf3LB6p +rUZBMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAIjjA+Qn8ey3T +MY7rfbu5eLeJ9HqFtPgPKhulw1PxVaS9o93SLeWvY738622VkHreHu36qbTfgvEi +EDq5x6Ej0J8qYIFhg6DmK963oE72gaePAscUBhbxnoXJfX3zMap4zamogVvkJi/6 +k+dqbqgvGwq5IMzwk4mBQ1jItgpA0yS56cZkkxMWnAvovXeRbpa/IoXbuohb2xia +XRBdRQe6mZtgwDBLQWQgA/qXlIJZW4Xm876l6MlSERpi4fAkfkcw4uKNjFuEEOzM +9dJMnkfqIGYgMQ+LA3eztlSftHpgbhpjR5+0ALd8Nb5Y44siDj15uW8OTwUGGhbh +uZIc6vXvnQ== +-----END CERTIFICATE----- diff --git a/net/data/ssl/scripts/ca.cnf b/net/data/ssl/scripts/ca.cnf new file mode 100644 index 0000000..de27d8e --- /dev/null +++ b/net/data/ssl/scripts/ca.cnf @@ -0,0 +1,86 @@ +[ca] +default_ca = CA_root +preserve = yes + +# The default test root, used to generate certificates and CRLs. +[CA_root] +dir = $ENV::CA_DIR +key_size = $ENV::KEY_SIZE +algo = $ENV::ALGO +cert_type = $ENV::CERT_TYPE +type = $key_size-$algo-$cert_type +database = $dir/$type-index.txt +new_certs_dir = $dir +serial = $dir/$type-serial +certificate = $dir/$type.pem +private_key = $dir/$type.key +RANDFILE = $dir/.rand +default_days = 3650 +default_crl_days = 30 +default_md = sha1 +policy = policy_anything +unique_subject = no +copy_extensions = copy + +[user_cert] +# Extensions to add when signing a request for an EE cert +basicConstraints = critical, CA:false +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +extendedKeyUsage = serverAuth,clientAuth + +[ca_cert] +# Extensions to add when signing a request for an intermediate/CA cert +basicConstraints = critical, CA:true +subjectKeyIdentifier = hash +#authorityKeyIdentifier = keyid:always +keyUsage = critical, keyCertSign, cRLSign + +[crl_extensions] +# Extensions to add when signing a CRL +authorityKeyIdentifier = keyid:always + +[policy_anything] +# Default signing policy +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[req] +# The request section used to generate the root CA certificate. This should +# not be used to generate end-entity certificates. For certificates other +# than the root CA, see README to find the appropriate configuration file +# (ie: openssl_cert.cnf). +default_bits = $ENV::KEY_SIZE +default_md = sha1 +string_mask = utf8only +prompt = no +encrypt_key = no +distinguished_name = $ENV::CA_NAME +x509_extensions = req_ca_exts + +[req_ca_dn] +C = US +ST = California +L = Mountain View +O = Test CA +CN = Test Root CA + +[req_intermediate_dn] +C = US +ST = California +L = Mountain View +O = Test CA +CN = Test Intermediate CA + +[req_env_dn] +CN = $ENV::CA_COMMON_NAME + +[req_ca_exts] +basicConstraints = critical, CA:true +keyUsage = critical, keyCertSign, cRLSign +subjectKeyIdentifier = hash diff --git a/net/data/ssl/scripts/ee.cnf b/net/data/ssl/scripts/ee.cnf new file mode 100644 index 0000000..76e5ff6 --- /dev/null +++ b/net/data/ssl/scripts/ee.cnf @@ -0,0 +1,18 @@ +[req] +default_bits = $ENV::KEY_SIZE +default_md = sha1 +string_mask = utf8only +prompt = no +encrypt_key = no +distinguished_name = req_dn +req_extensions = req_extensions + +[req_dn] +C = US +ST = California +L = Mountain View +O = Test CA +CN = 127.0.0.1 + +[req_extensions] +subjectAltName = IP:127.0.0.1 diff --git a/net/data/ssl/scripts/generate-weak-test-chains.sh b/net/data/ssl/scripts/generate-weak-test-chains.sh new file mode 100755 index 0000000..c99509f --- /dev/null +++ b/net/data/ssl/scripts/generate-weak-test-chains.sh @@ -0,0 +1,168 @@ +#!/bin/sh + +# Copyright (c) 2011 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# This script generates a set of test (end-entity, intermediate, root) +# certificates with (weak, strong), (RSA, DSA, ECDSA) key pairs. + +key_types="768-rsa 1024-rsa 2048-rsa prime256v1-ecdsa" + +try () { + echo "$@" + $@ || exit 1 +} + +generate_key_command () { + case "$1" in + dsa) + echo "dsaparam -genkey" + ;; + ecdsa) + echo "ecparam -genkey" + ;; + rsa) + echo genrsa + ;; + *) + exit 1 + esac +} + +try rm -rf out +try mkdir out + +# Create the serial number files. +try echo 1 > out/2048-rsa-root-serial +for key_type in $key_types +do + try echo 1 > out/$key_type-intermediate-serial +done + +# Generate one root CA certificate. +try openssl genrsa -out out/2048-rsa-root.key 2048 + +CA_COMMON_NAME="2048 RSA Test Root CA" \ + CA_DIR=out \ + CA_NAME=req_env_dn \ + KEY_SIZE=2048 \ + ALGO=rsa \ + CERT_TYPE=root \ + try openssl req \ + -new \ + -key out/2048-rsa-root.key \ +-extensions ca_cert \ + -out out/2048-rsa-root.csr \ + -config ca.cnf + +CA_COMMON_NAME="2048 RSA Test Root CA" \ + CA_DIR=out \ + CA_NAME=req_env_dn \ + try openssl x509 \ + -req -days 3650 \ + -in out/2048-rsa-root.csr \ +-extensions ca_cert \ + -signkey out/2048-rsa-root.key \ + -out out/2048-rsa-root.pem + +# Generate private keys of all types and strengths for intermediate CAs and +# end-entities. +for key_type in $key_types +do + key_size=$(echo "$key_type" | sed -E 's/-.+//') + algo=$(echo "$key_type" | sed -E 's/.+-//') + + if [ ecdsa = $algo ] + then + key_size="-name $key_size" + fi + + try openssl $(generate_key_command $algo) \ + -out out/$key_type-intermediate.key $key_size +done + +for key_type in $key_types +do + key_size=$(echo "$key_type" | sed -E 's/-.+//') + algo=$(echo "$key_type" | sed -E 's/.+-//') + + if [ ecdsa = $algo ] + then + key_size="-name $key_size" + fi + + for signer_key_type in $key_types + do + try openssl $(generate_key_command $algo) \ + -out out/$key_type-ee-by-$signer_key_type-intermediate.key $key_size + done +done + +# The root signs the intermediates. +for key_type in $key_types +do + key_size=$(echo "$key_type" | sed -E 's/-.+//') + algo=$(echo "$key_type" | sed -E 's/.+-//') + + CA_COMMON_NAME="$key_size $algo Test intermediate CA" \ + CA_DIR=out \ + CA_NAME=req_env_dn \ + KEY_SIZE=$key_size \ + ALGO=$algo \ + CERT_TYPE=intermediate \ + try openssl req \ + -new \ + -key out/$key_type-intermediate.key \ + -out out/$key_type-intermediate.csr \ + -config ca.cnf + + # Make sure the signer's DB file exists. + touch out/2048-rsa-root-index.txt + + CA_COMMON_NAME="2048 RSA Test Root CA" \ + CA_DIR=out \ + CA_NAME=req_env_dn \ + KEY_SIZE=2048 \ + ALGO=rsa \ + CERT_TYPE=root \ + try openssl ca \ + -batch \ + -extensions ca_cert \ + -in out/$key_type-intermediate.csr \ + -out out/$key_type-intermediate.pem \ + -config ca.cnf +done + +# The intermediates sign the end-entities. +for key_type in $key_types +do + for signer_key_type in $key_types + do + key_size=$(echo "$key_type" | sed -E 's/-.+//') + algo=$(echo "$key_type" | sed -E 's/.+-//') + signer_key_size=$(echo "$signer_key_type" | sed -E 's/-.+//') + signer_algo=$(echo "$signer_key_type" | sed -E 's/.+-//') + touch out/$signer_key_type-intermediate-index.txt + + KEY_SIZE=$key_size \ + try openssl req \ + -new \ + -key out/$key_type-ee-by-$signer_key_type-intermediate.key \ + -out out/$key_type-ee-by-$signer_key_type-intermediate.csr \ + -config ee.cnf + + CA_COMMON_NAME="$signer_key_size $algo Test intermediate CA" \ + CA_DIR=out \ + CA_NAME=req_env_dn \ + KEY_SIZE=$signer_key_size \ + ALGO=$signer_algo \ + CERT_TYPE=intermediate \ + try openssl ca \ + -batch \ + -in out/$key_type-ee-by-$signer_key_type-intermediate.csr \ + -out out/$key_type-ee-by-$signer_key_type-intermediate.pem \ + -config ca.cnf + done +done + |