diff options
| author | svaldez <svaldez@chromium.org> | 2016-03-24 10:16:32 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-03-24 17:18:13 +0000 |
| commit | be4817807690ad47baa4e87a9fb538bca04649f8 (patch) | |
| tree | 1cbd55c791ca2790987d322fef07b5ab58d9d08d /net | |
| parent | 408aef2198a97ca36f67e98de6aebdf65d99000c (diff) | |
| download | chromium_src-be4817807690ad47baa4e87a9fb538bca04649f8.zip chromium_src-be4817807690ad47baa4e87a9fb538bca04649f8.tar.gz chromium_src-be4817807690ad47baa4e87a9fb538bca04649f8.tar.bz2 | |
Addition of an OCSP parser using the net der code.
BUG=
Review URL: https://codereview.chromium.org/1541213002
Cr-Commit-Position: refs/heads/master@{#383085}
Diffstat (limited to 'net')
33 files changed, 4179 insertions, 44 deletions
diff --git a/net/cert/internal/parse_ocsp.cc b/net/cert/internal/parse_ocsp.cc new file mode 100644 index 0000000..e06b29a --- /dev/null +++ b/net/cert/internal/parse_ocsp.cc @@ -0,0 +1,532 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <algorithm> + +#include "base/sha1.h" +#include "crypto/sha2.h" +#include "net/cert/internal/parse_ocsp.h" + +namespace net { + +OCSPCertID::OCSPCertID() {} +OCSPCertID::~OCSPCertID() {} + +OCSPSingleResponse::OCSPSingleResponse() {} +OCSPSingleResponse::~OCSPSingleResponse() {} + +OCSPResponseData::OCSPResponseData() {} +OCSPResponseData::~OCSPResponseData() {} + +OCSPResponse::OCSPResponse() {} +OCSPResponse::~OCSPResponse() {} + +der::Input BasicOCSPResponseOid() { + // From RFC 6960: + // + // id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } + // id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } + // + // In dotted notation: 1.3.6.1.5.5.7.48.1.1 + static const uint8_t oid[] = {0x2b, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x30, 0x01, 0x01}; + return der::Input(oid); +} + +// CertID ::= SEQUENCE { +// hashAlgorithm AlgorithmIdentifier, +// issuerNameHash OCTET STRING, -- Hash of issuer's DN +// issuerKeyHash OCTET STRING, -- Hash of issuer's public key +// serialNumber CertificateSerialNumber +// } +bool ParseOCSPCertID(const der::Input& raw_tlv, OCSPCertID* out) { + der::Parser outer_parser(raw_tlv); + der::Parser parser; + if (!outer_parser.ReadSequence(&parser)) + return false; + if (outer_parser.HasMore()) + return false; + + der::Input sigalg_tlv; + if (!parser.ReadRawTLV(&sigalg_tlv)) + return false; + if (!ParseHashAlgorithm(sigalg_tlv, &(out->hash_algorithm))) + return false; + if (!parser.ReadTag(der::kOctetString, &(out->issuer_name_hash))) + return false; + if (!parser.ReadTag(der::kOctetString, &(out->issuer_key_hash))) + return false; + if (!parser.ReadTag(der::kInteger, &(out->serial_number))) + return false; + if (!VerifySerialNumber(out->serial_number)) + return false; + + return !parser.HasMore(); +} + +namespace { + +// Parses |raw_tlv| to extract an OCSP RevokedInfo (RFC 6960) and stores the +// result in the OCSPCertStatus |out|. Returns whether the parsing was +// successful. +// +// RevokedInfo ::= SEQUENCE { +// revocationTime GeneralizedTime, +// revocationReason [0] EXPLICIT CRLReason OPTIONAL +// } +bool ParseRevokedInfo(const der::Input& raw_tlv, OCSPCertStatus* out) { + der::Parser parser(raw_tlv); + if (!parser.ReadGeneralizedTime(&(out->revocation_time))) + return false; + + der::Input reason_input; + if (!parser.ReadOptionalTag(der::ContextSpecificConstructed(0), &reason_input, + &(out->has_reason))) { + return false; + } + if (out->has_reason) { + der::Parser reason_parser(reason_input); + der::Input reason_value_input; + uint8_t reason_value; + if (!reason_parser.ReadTag(der::kEnumerated, &reason_value_input)) + return false; + if (!der::ParseUint8(reason_value_input, &reason_value)) + return false; + if (reason_value > + static_cast<uint8_t>(OCSPCertStatus::RevocationReason::LAST)) { + return false; + } + out->revocation_reason = + static_cast<OCSPCertStatus::RevocationReason>(reason_value); + if (out->revocation_reason == OCSPCertStatus::RevocationReason::UNUSED) + return false; + if (reason_parser.HasMore()) + return false; + } + return !parser.HasMore(); +} + +// Parses |raw_tlv| to extract an OCSP CertStatus (RFC 6960) and stores the +// result in the OCSPCertStatus |out|. Returns whether the parsing was +// successful. +// +// CertStatus ::= CHOICE { +// good [0] IMPLICIT NULL, +// revoked [1] IMPLICIT RevokedInfo, +// unknown [2] IMPLICIT UnknownInfo +// } +// +// UnknownInfo ::= NULL +bool ParseCertStatus(const der::Input& raw_tlv, OCSPCertStatus* out) { + der::Parser parser(raw_tlv); + der::Tag status_tag; + der::Input status; + if (!parser.ReadTagAndValue(&status_tag, &status)) + return false; + + out->has_reason = false; + if (status_tag == der::ContextSpecificPrimitive(0)) { + out->status = OCSPCertStatus::Status::GOOD; + } else if (status_tag == der::ContextSpecificConstructed(1)) { + out->status = OCSPCertStatus::Status::REVOKED; + if (!ParseRevokedInfo(status, out)) + return false; + } else if (status_tag == der::ContextSpecificPrimitive(2)) { + out->status = OCSPCertStatus::Status::UNKNOWN; + } else { + return false; + } + + return !parser.HasMore(); +} + +} // namespace + +// SingleResponse ::= SEQUENCE { +// certID CertID, +// certStatus CertStatus, +// thisUpdate GeneralizedTime, +// nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, +// singleExtensions [1] EXPLICIT Extensions OPTIONAL +// } +bool ParseOCSPSingleResponse(const der::Input& raw_tlv, + OCSPSingleResponse* out) { + der::Parser outer_parser(raw_tlv); + der::Parser parser; + if (!outer_parser.ReadSequence(&parser)) + return false; + if (outer_parser.HasMore()) + return false; + + if (!parser.ReadRawTLV(&(out->cert_id_tlv))) + return false; + der::Input status_tlv; + if (!parser.ReadRawTLV(&status_tlv)) + return false; + if (!ParseCertStatus(status_tlv, &(out->cert_status))) + return false; + if (!parser.ReadGeneralizedTime(&(out->this_update))) + return false; + + der::Input next_update_input; + if (!parser.ReadOptionalTag(der::ContextSpecificConstructed(0), + &next_update_input, &(out->has_next_update))) { + return false; + } + if (out->has_next_update) { + der::Parser next_update_parser(next_update_input); + if (!next_update_parser.ReadGeneralizedTime(&(out->next_update))) + return false; + if (next_update_parser.HasMore()) + return false; + } + + if (!parser.ReadOptionalTag(der::ContextSpecificConstructed(1), + &(out->extensions), &(out->has_extensions))) { + return false; + } + + return !parser.HasMore(); +} + +namespace { + +// Parses |raw_tlv| to extract a ResponderID (RFC 6960) and stores the +// result in the ResponderID |out|. Returns whether the parsing was successful. +// +// ResponderID ::= CHOICE { +// byName [1] Name, +// byKey [2] KeyHash +// } +bool ParseResponderID(const der::Input& raw_tlv, + OCSPResponseData::ResponderID* out) { + der::Parser parser(raw_tlv); + der::Tag id_tag; + der::Input id_input; + if (!parser.ReadTagAndValue(&id_tag, &id_input)) + return false; + + if (id_tag == der::ContextSpecificConstructed(1)) { + out->type = OCSPResponseData::ResponderType::NAME; + out->name = id_input; + } else if (id_tag == der::ContextSpecificConstructed(2)) { + der::Parser key_parser(id_input); + der::Input responder_key; + if (!key_parser.ReadTag(der::kOctetString, &responder_key)) + return false; + if (key_parser.HasMore()) + return false; + + SHA1HashValue key_hash; + if (responder_key.Length() != sizeof(key_hash.data)) + return false; + memcpy(key_hash.data, responder_key.UnsafeData(), sizeof(key_hash.data)); + out->type = OCSPResponseData::ResponderType::KEY_HASH; + out->key_hash = HashValue(key_hash); + } else { + return false; + } + return !parser.HasMore(); +} + +} // namespace + +// ResponseData ::= SEQUENCE { +// version [0] EXPLICIT Version DEFAULT v1, +// responderID ResponderID, +// producedAt GeneralizedTime, +// responses SEQUENCE OF SingleResponse, +// responseExtensions [1] EXPLICIT Extensions OPTIONAL +// } +bool ParseOCSPResponseData(const der::Input& raw_tlv, OCSPResponseData* out) { + der::Parser outer_parser(raw_tlv); + der::Parser parser; + if (!outer_parser.ReadSequence(&parser)) + return false; + if (outer_parser.HasMore()) + return false; + + der::Input version_input; + bool version_present; + if (!parser.ReadOptionalTag(der::ContextSpecificConstructed(0), + &version_input, &version_present)) { + return false; + } + + // For compatibilty, we ignore the restriction from X.690 Section 11.5 that + // DEFAULT values should be omitted for values equal to the default value. + // TODO: Add warning about non-strict parsing. + if (version_present) { + der::Parser version_parser(version_input); + if (!version_parser.ReadUint8(&(out->version))) + return false; + if (version_parser.HasMore()) + return false; + } else { + out->version = 0; + } + + if (out->version != 0) + return false; + + der::Input responder_input; + if (!parser.ReadRawTLV(&responder_input)) + return false; + if (!ParseResponderID(responder_input, &(out->responder_id))) + return false; + if (!parser.ReadGeneralizedTime(&(out->produced_at))) + return false; + + der::Parser responses_parser; + if (!parser.ReadSequence(&responses_parser)) + return false; + out->responses.clear(); + while (responses_parser.HasMore()) { + der::Input single_response; + if (!responses_parser.ReadRawTLV(&single_response)) + return false; + out->responses.push_back(single_response); + } + + if (!parser.ReadOptionalTag(der::ContextSpecificConstructed(1), + &(out->extensions), &(out->has_extensions))) { + return false; + } + + return !parser.HasMore(); +} + +namespace { + +// Parses |raw_tlv| to extract a BasicOCSPResponse (RFC 6960) and stores the +// result in the OCSPResponse |out|. Returns whether the parsing was +// successful. +// +// BasicOCSPResponse ::= SEQUENCE { +// tbsResponseData ResponseData, +// signatureAlgorithm AlgorithmIdentifier, +// signature BIT STRING, +// certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL +// } +bool ParseBasicOCSPResponse(const der::Input& raw_tlv, OCSPResponse* out) { + der::Parser outer_parser(raw_tlv); + der::Parser parser; + if (!outer_parser.ReadSequence(&parser)) + return false; + if (outer_parser.HasMore()) + return false; + + if (!parser.ReadRawTLV(&(out->data))) + return false; + der::Input sigalg_tlv; + if (!parser.ReadRawTLV(&sigalg_tlv)) + return false; + out->signature_algorithm = SignatureAlgorithm::CreateFromDer(sigalg_tlv); + if (!out->signature_algorithm) + return false; + if (!parser.ReadBitString(&(out->signature))) + return false; + der::Input certs_input; + if (!parser.ReadOptionalTag(der::ContextSpecificConstructed(0), &certs_input, + &(out->has_certs))) { + return false; + } + + out->certs.clear(); + if (out->has_certs) { + der::Parser certs_seq_parser(certs_input); + der::Parser certs_parser; + if (!certs_seq_parser.ReadSequence(&certs_parser)) + return false; + if (certs_seq_parser.HasMore()) + return false; + while (certs_parser.HasMore()) { + der::Input cert_tlv; + if (!certs_parser.ReadRawTLV(&cert_tlv)) + return false; + out->certs.push_back(cert_tlv); + } + } + + return !parser.HasMore(); +} + +} // namespace + +// OCSPResponse ::= SEQUENCE { +// responseStatus OCSPResponseStatus, +// responseBytes [0] EXPLICIT ResponseBytes OPTIONAL +// } +// +// ResponseBytes ::= SEQUENCE { +// responseType OBJECT IDENTIFIER, +// response OCTET STRING +// } +bool ParseOCSPResponse(const der::Input& raw_tlv, OCSPResponse* out) { + der::Parser outer_parser(raw_tlv); + der::Parser parser; + if (!outer_parser.ReadSequence(&parser)) + return false; + if (outer_parser.HasMore()) + return false; + + der::Input response_status_input; + uint8_t response_status; + if (!parser.ReadTag(der::kEnumerated, &response_status_input)) + return false; + if (!der::ParseUint8(response_status_input, &response_status)) + return false; + if (response_status > + static_cast<uint8_t>(OCSPResponse::ResponseStatus::LAST)) { + return false; + } + out->status = static_cast<OCSPResponse::ResponseStatus>(response_status); + if (out->status == OCSPResponse::ResponseStatus::UNUSED) + return false; + + if (out->status == OCSPResponse::ResponseStatus::SUCCESSFUL) { + der::Parser outer_bytes_parser; + der::Parser bytes_parser; + if (!parser.ReadConstructed(der::ContextSpecificConstructed(0), + &outer_bytes_parser)) { + return false; + } + if (!outer_bytes_parser.ReadSequence(&bytes_parser)) + return false; + if (outer_bytes_parser.HasMore()) + return false; + + der::Input type_oid; + if (!bytes_parser.ReadTag(der::kOid, &type_oid)) + return false; + if (type_oid != BasicOCSPResponseOid()) + return false; + + // As per RFC 6960 Section 4.2.1, the value of |response| SHALL be the DER + // encoding of BasicOCSPResponse. + der::Input response; + if (!bytes_parser.ReadTag(der::kOctetString, &response)) + return false; + if (!ParseBasicOCSPResponse(response, out)) + return false; + if (bytes_parser.HasMore()) + return false; + } + + return !parser.HasMore(); +} + +namespace { + +// Checks that the |type| hash of |value| is equal to |hash| +bool VerifyHash(HashValueTag type, + const der::Input& hash, + const der::Input& value) { + HashValue target(type); + if (target.size() != hash.Length()) + return false; + memcpy(target.data(), hash.UnsafeData(), target.size()); + + HashValue value_hash(type); + if (type == HASH_VALUE_SHA1) { + base::SHA1HashBytes(value.UnsafeData(), value.Length(), value_hash.data()); + } else if (type == HASH_VALUE_SHA256) { + std::string hash_string = crypto::SHA256HashString(value.AsString()); + memcpy(value_hash.data(), hash_string.data(), value_hash.size()); + } else { + return false; + } + + return target.Equals(value_hash); +} + +// Checks that the input |id_tlv| parses to a valid CertID and matches the +// issuer |issuer| name and key, as well as the serial number |serial_number|. +bool CheckCertID(const der::Input& id_tlv, + const ParsedTbsCertificate& certificate, + const ParsedTbsCertificate& issuer, + const der::Input& serial_number) { + OCSPCertID id; + if (!ParseOCSPCertID(id_tlv, &id)) + return false; + + HashValueTag type = HASH_VALUE_SHA1; + switch (id.hash_algorithm) { + case DigestAlgorithm::Sha1: + type = HASH_VALUE_SHA1; + break; + case DigestAlgorithm::Sha256: + type = HASH_VALUE_SHA256; + break; + case DigestAlgorithm::Sha384: + case DigestAlgorithm::Sha512: + NOTIMPLEMENTED(); + return false; + } + + if (!VerifyHash(type, id.issuer_name_hash, certificate.issuer_tlv)) + return false; + + // SubjectPublicKeyInfo ::= SEQUENCE { + // algorithm AlgorithmIdentifier, + // subjectPublicKey BIT STRING + // } + der::Parser outer_parser(issuer.spki_tlv); + der::Parser spki_parser; + der::BitString key_bits; + if (!outer_parser.ReadSequence(&spki_parser)) + return false; + if (outer_parser.HasMore()) + return false; + if (!spki_parser.SkipTag(der::kSequence)) + return false; + if (!spki_parser.ReadBitString(&key_bits)) + return false; + der::Input key_tlv = key_bits.bytes(); + if (!VerifyHash(type, id.issuer_key_hash, key_tlv)) + return false; + + return id.serial_number == serial_number; +} + +} // namespace + +bool GetOCSPCertStatus(const OCSPResponseData& response_data, + const ParsedCertificate& issuer, + const ParsedCertificate& cert, + OCSPCertStatus* out) { + out->status = OCSPCertStatus::Status::GOOD; + + ParsedTbsCertificate tbs_cert; + if (!ParseTbsCertificate(cert.tbs_certificate_tlv, &tbs_cert)) + return false; + ParsedTbsCertificate issuer_tbs_cert; + if (!ParseTbsCertificate(issuer.tbs_certificate_tlv, &issuer_tbs_cert)) + return false; + + bool found = false; + for (const auto& response : response_data.responses) { + OCSPSingleResponse single_response; + if (!ParseOCSPSingleResponse(response, &single_response)) + return false; + if (CheckCertID(single_response.cert_id_tlv, tbs_cert, issuer_tbs_cert, + tbs_cert.serial_number)) { + OCSPCertStatus new_status = single_response.cert_status; + found = true; + // In the case that we receive multiple responses, we keep only the + // strictest status (REVOKED > UNKNOWN > GOOD). + if (out->status == OCSPCertStatus::Status::GOOD || + new_status.status == OCSPCertStatus::Status::REVOKED) { + *out = new_status; + } + } + } + + if (!found) + out->status = OCSPCertStatus::Status::UNKNOWN; + + return found; +} + +} // namespace net diff --git a/net/cert/internal/parse_ocsp.h b/net/cert/internal/parse_ocsp.h new file mode 100644 index 0000000..63ee3e8 --- /dev/null +++ b/net/cert/internal/parse_ocsp.h @@ -0,0 +1,282 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_CERT_INTERNAL_PARSE_OCSP_H_ +#define NET_CERT_INTERNAL_PARSE_OCSP_H_ + +#include <string> +#include <vector> + +#include "base/memory/scoped_ptr.h" +#include "net/base/hash_value.h" +#include "net/cert/internal/parse_certificate.h" +#include "net/cert/internal/signature_algorithm.h" +#include "net/der/input.h" +#include "net/der/parse_values.h" +#include "net/der/parser.h" +#include "net/der/tag.h" + +namespace net { + +// OCSPCertID contains a representation of a DER-encoded RFC 6960 "CertID". +// +// CertID ::= SEQUENCE { +// hashAlgorithm AlgorithmIdentifier, +// issuerNameHash OCTET STRING, -- Hash of issuer's DN +// issuerKeyHash OCTET STRING, -- Hash of issuer's public key +// serialNumber CertificateSerialNumber +// } +struct OCSPCertID { + OCSPCertID(); + ~OCSPCertID(); + + DigestAlgorithm hash_algorithm; + der::Input issuer_name_hash; + der::Input issuer_key_hash; + der::Input serial_number; +}; + +// OCSPCertStatus contains a representation of a DER-encoded RFC 6960 +// "CertStatus". |revocation_time| and |has_reason| are only valid when +// |status| is REVOKED. |revocation_reason| is only valid when |has_reason| is +// true. +// +// CertStatus ::= CHOICE { +// good [0] IMPLICIT NULL, +// revoked [1] IMPLICIT RevokedInfo, +// unknown [2] IMPLICIT UnknownInfo +// } +// +// RevokedInfo ::= SEQUENCE { +// revocationTime GeneralizedTime, +// revocationReason [0] EXPLICIT CRLReason OPTIONAL +// } +// +// UnknownInfo ::= NULL +// +// CRLReason ::= ENUMERATED { +// unspecified (0), +// keyCompromise (1), +// cACompromise (2), +// affiliationChanged (3), +// superseded (4), +// cessationOfOperation (5), +// certificateHold (6), +// -- value 7 is not used +// removeFromCRL (8), +// privilegeWithdrawn (9), +// aACompromise (10) +// } +// (from RFC 5280) +struct OCSPCertStatus { + enum class Status { + GOOD, + REVOKED, + UNKNOWN, + }; + + // Correspond to the values of CRLReason + enum class RevocationReason { + UNSPECIFIED = 0, + KEY_COMPROMISE = 1, + CA_COMPROMISE = 2, + AFFILIATION_CHANGED = 3, + SUPERSEDED = 4, + CESSATION_OF_OPERATION = 5, + CERTIFICATE_HOLD = 6, + UNUSED = 7, + REMOVE_FROM_CRL = 8, + PRIVILEGE_WITHDRAWN = 9, + AA_COMPROMISE = 10, + + LAST = AA_COMPROMISE, + }; + + Status status; + der::GeneralizedTime revocation_time; + bool has_reason; + RevocationReason revocation_reason; +}; + +// OCSPSingleResponse contains a representation of a DER-encoded RFC 6960 +// "SingleResponse". The |cert_id_tlv| and |extensions| fields are pointers to +// the original object and are only valid as long as it is alive. They also +// aren't verified until they are parsed. |next_update| is only valid if +// |has_next_update| is true and |extensions| is only valid if |has_extensions| +// is true. +// +// SingleResponse ::= SEQUENCE { +// certID CertID, +// certStatus CertStatus, +// thisUpdate GeneralizedTime, +// nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, +// singleExtensions [1] EXPLICIT Extensions OPTIONAL +// } +struct NET_EXPORT OCSPSingleResponse { + OCSPSingleResponse(); + ~OCSPSingleResponse(); + + der::Input cert_id_tlv; + OCSPCertStatus cert_status; + der::GeneralizedTime this_update; + bool has_next_update; + der::GeneralizedTime next_update; + bool has_extensions; + der::Input extensions; +}; + +// OCSPResponseData contains a representation of a DER-encoded RFC 6960 +// "ResponseData". The |responses| and |extensions| fields are pointers to the +// original object and are only valid as long as it is alive. They also aren't +// verified until they are parsed into OCSPSingleResponse and ParsedExtensions. +// |extensions| is only valid if |has_extensions| is true. +// +// ResponseData ::= SEQUENCE { +// version [0] EXPLICIT Version DEFAULT v1, +// responderID ResponderID, +// producedAt GeneralizedTime, +// responses SEQUENCE OF SingleResponse, +// responseExtensions [1] EXPLICIT Extensions OPTIONAL +// } +struct NET_EXPORT OCSPResponseData { + enum class ResponderType { NAME, KEY_HASH }; + + struct ResponderID { + ResponderType type; + der::Input name; + HashValue key_hash; + }; + + OCSPResponseData(); + ~OCSPResponseData(); + + uint8_t version; + OCSPResponseData::ResponderID responder_id; + der::GeneralizedTime produced_at; + std::vector<der::Input> responses; + bool has_extensions; + der::Input extensions; +}; + +// OCSPResponse contains a representation of a DER-encoded RFC 6960 +// "OCSPResponse" and the corresponding "BasicOCSPResponse". The |data| field +// is a pointer to the original object and are only valid as long is it is +// alive. The |data| field isn't verified until it is parsed into an +// OCSPResponseData. |data|, |signature_algorithm|, |signature|, and +// |has_certs| is only valid if |status| is SUCCESSFUL. |certs| is only valid +// if |has_certs| is true. +// +// OCSPResponse ::= SEQUENCE { +// responseStatus OCSPResponseStatus, +// responseBytes [0] EXPLICIT ResponseBytes OPTIONAL +// } +// +// ResponseBytes ::= SEQUENCE { +// responseType OBJECT IDENTIFIER, +// response OCTET STRING +// } +// +// BasicOCSPResponse ::= SEQUENCE { +// tbsResponseData ResponseData, +// signatureAlgorithm AlgorithmIdentifier, +// signature BIT STRING, +// certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL +// } +// +// OCSPResponseStatus ::= ENUMERATED { +// successful (0), -- Response has valid confirmations +// malformedRequest (1), -- Illegal confirmation request +// internalError (2), -- Internal error in issuer +// tryLater (3), -- Try again later +// -- (4) is not used +// sigRequired (5), -- Must sign the request +// unauthorized (6) -- Request unauthorized +// } +struct NET_EXPORT OCSPResponse { + // Correspond to the values of OCSPResponseStatus + enum class ResponseStatus { + SUCCESSFUL = 0, + MALFORMED_REQUEST = 1, + INTERNAL_ERROR = 2, + TRY_LATER = 3, + UNUSED = 4, + SIG_REQUIRED = 5, + UNAUTHORIZED = 6, + + LAST = UNAUTHORIZED, + }; + + OCSPResponse(); + ~OCSPResponse(); + + ResponseStatus status; + der::Input data; + scoped_ptr<SignatureAlgorithm> signature_algorithm; + der::BitString signature; + bool has_certs; + std::vector<der::Input> certs; +}; + +// From RFC 6960: +// +// id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } +// id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } +// +// In dotted notation: 1.3.6.1.5.5.7.48.1.1 +NET_EXPORT der::Input BasicOCSPResponseOid(); + +// Parses a DER-encoded OCSP "CertID" as specified by RFC 6960. Returns true on +// success and sets the results in |out|. +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +NET_EXPORT_PRIVATE bool ParseOCSPCertID(const der::Input& raw_tlv, + OCSPCertID* out); + +// Parses a DER-encoded OCSP "SingleResponse" as specified by RFC 6960. Returns +// true on success and sets the results in |out|. The resulting |out| +// references data from |raw_tlv| and is only valid for the lifetime of +// |raw_tlv|. +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +NET_EXPORT_PRIVATE bool ParseOCSPSingleResponse(const der::Input& raw_tlv, + OCSPSingleResponse* out); + +// Parses a DER-encoded OCSP "ResponseData" as specified by RFC 6960. Returns +// true on success and sets the results in |out|. The resulting |out| +// references data from |raw_tlv| and is only valid for the lifetime of +// |raw_tlv|. +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +NET_EXPORT_PRIVATE bool ParseOCSPResponseData(const der::Input& raw_tlv, + OCSPResponseData* out); + +// Parses a DER-encoded "OCSPResponse" as specified by RFC 6960. Returns true +// on success and sets the results in |out|. The resulting |out| +// references data from |raw_tlv| and is only valid for the lifetime of +// |raw_tlv|. +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +NET_EXPORT_PRIVATE bool ParseOCSPResponse(const der::Input& raw_tlv, + OCSPResponse* out); + +// Checks the certificate status of |cert| based on the OCSPResponseData +// |response_data| and issuer |issuer| and sets the results in |out|. In the +// case that there are multiple responses for a given certificate, as a result +// of caching or performance (RFC 6960, 4.2.2.3), the strictest response is +// returned (REVOKED > UNKNOWN > GOOD). +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +NET_EXPORT_PRIVATE bool GetOCSPCertStatus(const OCSPResponseData& response_data, + const ParsedCertificate& issuer, + const ParsedCertificate& cert, + OCSPCertStatus* out); + +} // namespace net + +#endif // NET_CERT_INTERNAL_PARSE_OCSP_H_ diff --git a/net/cert/internal/parse_ocsp_unittest.cc b/net/cert/internal/parse_ocsp_unittest.cc new file mode 100644 index 0000000..12657e6 --- /dev/null +++ b/net/cert/internal/parse_ocsp_unittest.cc @@ -0,0 +1,177 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/cert/internal/parse_ocsp.h" + +#include "base/files/file_path.h" +#include "base/logging.h" +#include "net/base/test_data_directory.h" +#include "net/cert/internal/test_helpers.h" +#include "net/cert/x509_certificate.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +namespace { + +std::string GetFilePath(const std::string& file_name) { + return std::string("net/data/parse_ocsp_unittest/") + file_name; +} + +enum OCSPFailure { + OCSP_SUCCESS, + PARSE_CERT, + PARSE_OCSP, + OCSP_NOT_SUCCESSFUL, + PARSE_OCSP_DATA, + PARSE_OCSP_SINGLE_RESPONSE, + VERIFY_OCSP, + OCSP_SUCCESS_REVOKED, + OCSP_SUCCESS_UNKNOWN, +}; + +OCSPFailure ParseOCSP(const std::string& file_name) { + std::string ocsp_data; + std::string ca_data; + std::string cert_data; + const PemBlockMapping mappings[] = { + {"OCSP RESPONSE", &ocsp_data}, + {"CA CERTIFICATE", &ca_data}, + {"CERTIFICATE", &cert_data}, + }; + + if (!ReadTestDataFromPemFile(GetFilePath(file_name), mappings)) + return PARSE_CERT; + + der::Input ocsp_input(&ocsp_data); + der::Input ca_input(&ca_data); + der::Input cert_input(&cert_data); + + ParsedCertificate issuer; + ParsedCertificate cert; + if (!ParseCertificate(ca_input, &issuer)) + return PARSE_CERT; + if (!ParseCertificate(cert_input, &cert)) + return PARSE_CERT; + OCSPResponse parsed_ocsp; + OCSPResponseData parsed_ocsp_data; + if (!ParseOCSPResponse(ocsp_input, &parsed_ocsp)) + return PARSE_OCSP; + if (parsed_ocsp.status != OCSPResponse::ResponseStatus::SUCCESSFUL) + return OCSP_NOT_SUCCESSFUL; + if (!ParseOCSPResponseData(parsed_ocsp.data, &parsed_ocsp_data)) + return PARSE_OCSP_DATA; + + OCSPCertStatus status; + + if (!GetOCSPCertStatus(parsed_ocsp_data, issuer, cert, &status)) + return PARSE_OCSP_SINGLE_RESPONSE; + + switch (status.status) { + case OCSPCertStatus::Status::GOOD: + return OCSP_SUCCESS; + case OCSPCertStatus::Status::REVOKED: + return OCSP_SUCCESS_REVOKED; + case OCSPCertStatus::Status::UNKNOWN: + return OCSP_SUCCESS_UNKNOWN; + } + + return OCSP_SUCCESS_UNKNOWN; +} + +} // namespace + +TEST(ParseOCSPTest, OCSPGoodResponse) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response.pem")); +} + +TEST(ParseOCSPTest, OCSPNoResponse) { + ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("no_response.pem")); +} + +TEST(ParseOCSPTest, OCSPMalformedStatus) { + ASSERT_EQ(OCSP_NOT_SUCCESSFUL, ParseOCSP("malformed_status.pem")); +} + +TEST(ParseOCSPTest, OCSPBadStatus) { + ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_status.pem")); +} + +TEST(ParseOCSPTest, OCSPInvalidOCSPOid) { + ASSERT_EQ(PARSE_OCSP, ParseOCSP("bad_ocsp_type.pem")); +} + +TEST(ParseOCSPTest, OCSPBadSignature) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("bad_signature.pem")); +} + +TEST(ParseOCSPTest, OCSPDirectSignature) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_direct.pem")); +} + +TEST(ParseOCSPTest, OCSPIndirectSignature) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect.pem")); +} + +TEST(ParseOCSPTest, OCSPMissingIndirectSignature) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_indirect_missing.pem")); +} + +TEST(ParseOCSPTest, OCSPInvalidSignature) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_sign_bad_indirect.pem")); +} + +TEST(ParseOCSPTest, OCSPExtraCerts) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("ocsp_extra_certs.pem")); +} + +TEST(ParseOCSPTest, OCSPIncludesVersion) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_version.pem")); +} + +TEST(ParseOCSPTest, OCSPResponderName) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_name.pem")); +} + +TEST(ParseOCSPTest, OCSPResponderKeyHash) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("responder_id.pem")); +} + +TEST(ParseOCSPTest, OCSPOCSPExtension) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_extension.pem")); +} + +TEST(ParseOCSPTest, OCSPIncludeNextUpdate) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("good_response_next_update.pem")); +} + +TEST(ParseOCSPTest, OCSPRevokedResponse) { + ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response.pem")); +} + +TEST(ParseOCSPTest, OCSPRevokedResponseWithReason) { + ASSERT_EQ(OCSP_SUCCESS_REVOKED, ParseOCSP("revoke_response_reason.pem")); +} + +TEST(ParseOCSPTest, OCSPUnknownCertStatus) { + ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("unknown_response.pem")); +} + +TEST(ParseOCSPTest, OCSPMultipleCertStatus) { + ASSERT_EQ(OCSP_SUCCESS_UNKNOWN, ParseOCSP("multiple_response.pem")); +} + +TEST(ParseOCSPTest, OCSPWrongCertResponse) { + ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("other_response.pem")); +} + +TEST(ParseOCSPTest, OCSPOCSPSingleExtension) { + ASSERT_EQ(OCSP_SUCCESS, ParseOCSP("has_single_extension.pem")); +} + +TEST(ParseOCSPTest, OCSPMissingResponse) { + ASSERT_EQ(PARSE_OCSP_SINGLE_RESPONSE, ParseOCSP("missing_response.pem")); +} + +} // namespace net diff --git a/net/cert/internal/signature_algorithm.cc b/net/cert/internal/signature_algorithm.cc index 13243ea..315243f 100644 --- a/net/cert/internal/signature_algorithm.cc +++ b/net/cert/internal/signature_algorithm.cc @@ -321,49 +321,6 @@ scoped_ptr<SignatureAlgorithm> ParseEcdsa(DigestAlgorithm digest, return SignatureAlgorithm::CreateEcdsa(digest); } -// Parses a HashAlgorithm as defined by RFC 5912: -// -// HashAlgorithm ::= AlgorithmIdentifier{DIGEST-ALGORITHM, -// {HashAlgorithms}} -// -// HashAlgorithms DIGEST-ALGORITHM ::= { -// { IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent } | -// { IDENTIFIER id-sha224 PARAMS TYPE NULL ARE preferredPresent } | -// { IDENTIFIER id-sha256 PARAMS TYPE NULL ARE preferredPresent } | -// { IDENTIFIER id-sha384 PARAMS TYPE NULL ARE preferredPresent } | -// { IDENTIFIER id-sha512 PARAMS TYPE NULL ARE preferredPresent } -// } -WARN_UNUSED_RESULT bool ParseHashAlgorithm(const der::Input input, - DigestAlgorithm* out) { - der::Input oid; - der::Input params; - if (!ParseAlgorithmIdentifier(input, &oid, ¶ms)) - return false; - - DigestAlgorithm hash; - - if (oid == der::Input(kOidSha1)) { - hash = DigestAlgorithm::Sha1; - } else if (oid == der::Input(kOidSha256)) { - hash = DigestAlgorithm::Sha256; - } else if (oid == der::Input(kOidSha384)) { - hash = DigestAlgorithm::Sha384; - } else if (oid == der::Input(kOidSha512)) { - hash = DigestAlgorithm::Sha512; - } else { - // Unsupported digest algorithm. - return false; - } - - // From RFC 5912: "PARAMS TYPE NULL ARE preferredPresent". Which is to say - // the can either be absent, or NULL. - if (!IsEmpty(params) && !IsNull(params)) - return false; - - *out = hash; - return true; -} - // Parses a MaskGenAlgorithm as defined by RFC 5912: // // MaskGenAlgorithm ::= AlgorithmIdentifier{ALGORITHM, @@ -539,6 +496,37 @@ scoped_ptr<SignatureAlgorithm> ParseRsaPss(const der::Input& params) { } // namespace +WARN_UNUSED_RESULT bool ParseHashAlgorithm(const der::Input input, + DigestAlgorithm* out) { + der::Input oid; + der::Input params; + if (!ParseAlgorithmIdentifier(input, &oid, ¶ms)) + return false; + + DigestAlgorithm hash; + + if (oid == der::Input(kOidSha1)) { + hash = DigestAlgorithm::Sha1; + } else if (oid == der::Input(kOidSha256)) { + hash = DigestAlgorithm::Sha256; + } else if (oid == der::Input(kOidSha384)) { + hash = DigestAlgorithm::Sha384; + } else if (oid == der::Input(kOidSha512)) { + hash = DigestAlgorithm::Sha512; + } else { + // Unsupported digest algorithm. + return false; + } + + // From RFC 5912: "PARAMS TYPE NULL ARE preferredPresent". Which is to say + // the can either be absent, or NULL. + if (!IsEmpty(params) && !IsNull(params)) + return false; + + *out = hash; + return true; +} + RsaPssParameters::RsaPssParameters(DigestAlgorithm mgf1_hash, uint32_t salt_length) : mgf1_hash_(mgf1_hash), salt_length_(salt_length) { diff --git a/net/cert/internal/signature_algorithm.h b/net/cert/internal/signature_algorithm.h index de35a29..d1400be 100644 --- a/net/cert/internal/signature_algorithm.h +++ b/net/cert/internal/signature_algorithm.h @@ -34,6 +34,21 @@ enum class SignatureAlgorithmId { Ecdsa, // ECDSA }; +// Parses a HashAlgorithm as defined by RFC 5912: +// +// HashAlgorithm ::= AlgorithmIdentifier{DIGEST-ALGORITHM, +// {HashAlgorithms}} +// +// HashAlgorithms DIGEST-ALGORITHM ::= { +// { IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent } | +// { IDENTIFIER id-sha224 PARAMS TYPE NULL ARE preferredPresent } | +// { IDENTIFIER id-sha256 PARAMS TYPE NULL ARE preferredPresent } | +// { IDENTIFIER id-sha384 PARAMS TYPE NULL ARE preferredPresent } | +// { IDENTIFIER id-sha512 PARAMS TYPE NULL ARE preferredPresent } +// } +WARN_UNUSED_RESULT bool ParseHashAlgorithm(const der::Input input, + DigestAlgorithm* out); + // Base class for describing algorithm parameters. class NET_EXPORT SignatureAlgorithmParameters { public: diff --git a/net/data/parse_ocsp_unittest/annotate_test_data.py b/net/data/parse_ocsp_unittest/annotate_test_data.py new file mode 100755 index 0000000..256a0a2 --- /dev/null +++ b/net/data/parse_ocsp_unittest/annotate_test_data.py @@ -0,0 +1,173 @@ +#!/usr/bin/python +# Copyright (c) 2016 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +# TODO(svaldez): Deduplicate various annotate_test_data. + +"""This script is called without any arguments to re-format all of the *.pem +files in the script's parent directory. + +The main formatting change is to run "openssl asn1parse" for each of the PEM +block sections, and add that output to the comment. It also runs the command +on the OCTET STRING representing BasicOCSPResponse. + +""" + +import glob +import os +import re +import base64 +import subprocess + + +def Transform(file_data): + """Returns a transformed (formatted) version of file_data""" + + result = '' + + for block in GetPemBlocks(file_data): + if len(result) != 0: + result += '\n' + + # If there was a user comment (non-script-generated comment) associated + # with the block, output it immediately before the block. + user_comment = GetUserComment(block.comment) + if user_comment: + result += user_comment + '\n' + + generated_comment = GenerateCommentForBlock(block.name, block.data) + result += generated_comment + '\n' + + + result += MakePemBlockString(block.name, block.data) + + return result + + +def GenerateCommentForBlock(block_name, block_data): + """Returns a string describing the ASN.1 structure of block_data""" + + p = subprocess.Popen(['openssl', 'asn1parse', '-i', '-inform', 'DER'], + stdout=subprocess.PIPE, stdin=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout_data, stderr_data = p.communicate(input=block_data) + generated_comment = '$ openssl asn1parse -i < [%s]\n%s' % (block_name, + stdout_data) + + # The OCTET STRING encoded BasicOCSPResponse is also parsed out using + #'openssl asn1parse'. + if block_name == 'OCSP RESPONSE': + if '[HEX DUMP]:' in generated_comment: + (generated_comment, response) = generated_comment.split('[HEX DUMP]:', 1) + response = response.replace('\n', '') + if len(response) % 2 != 0: + response = '0' + response + response = GenerateCommentForBlock('INNER', response.decode('hex')) + response = response.split('\n', 1)[1] + response = response.replace(': ', ': ') + generated_comment += '\n%s' % (response) + return generated_comment.strip('\n') + + + +def GetUserComment(comment): + """Removes any script-generated lines (everything after the $ openssl line)""" + + # Consider everything after "$ openssl" to be a generated comment. + comment = comment.split('$ openssl asn1parse -i', 1)[0] + if IsEntirelyWhiteSpace(comment): + comment = '' + return comment + + +def MakePemBlockString(name, data): + return ('-----BEGIN %s-----\n' + '%s' + '-----END %s-----\n') % (name, EncodeDataForPem(data), name) + + +def GetPemFilePaths(): + """Returns an iterable for all the paths to the PEM test files""" + + base_dir = os.path.dirname(os.path.realpath(__file__)) + return glob.iglob(os.path.join(base_dir, '*.pem')) + + +def ReadFileToString(path): + with open(path, 'r') as f: + return f.read() + + +def WrapTextToLineWidth(text, column_width): + result = '' + pos = 0 + while pos < len(text): + result += text[pos : pos + column_width] + '\n' + pos += column_width + return result + + +def EncodeDataForPem(data): + result = base64.b64encode(data) + return WrapTextToLineWidth(result, 75) + + +class PemBlock(object): + def __init__(self): + self.name = None + self.data = None + self.comment = None + + +def StripAllWhitespace(text): + pattern = re.compile(r'\s+') + return re.sub(pattern, '', text) + + +def IsEntirelyWhiteSpace(text): + return len(StripAllWhitespace(text)) == 0 + + +def DecodePemBlockData(text): + text = StripAllWhitespace(text) + return base64.b64decode(text) + + +def GetPemBlocks(data): + """Returns an iterable of PemBlock""" + + comment_start = 0 + + regex = re.compile(r'-----BEGIN ([\w ]+)-----(.*?)-----END \1-----', + re.DOTALL) + + for match in regex.finditer(data): + block = PemBlock() + + block.name = match.group(1) + block.data = DecodePemBlockData(match.group(2)) + + # Keep track of any non-PEM text above blocks + block.comment = data[comment_start : match.start()].strip() + comment_start = match.end() + + yield block + + +def WriteStringToFile(data, path): + with open(path, "w") as f: + f.write(data) + + +def main(): + for path in GetPemFilePaths(): + print "Processing %s ..." % (path) + original_data = ReadFileToString(path) + transformed_data = Transform(original_data) + if original_data != transformed_data: + WriteStringToFile(transformed_data, path) + print "Rewrote %s" % (path) + + +if __name__ == "__main__": + main() diff --git a/net/data/parse_ocsp_unittest/bad_ocsp_type.pem b/net/data/parse_ocsp_unittest/bad_ocsp_type.pem new file mode 100644 index 0000000..3441d9e --- /dev/null +++ b/net/data/parse_ocsp_unittest/bad_ocsp_type.pem @@ -0,0 +1,123 @@ +Has an invalid OCSP OID +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 299 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 292 cons: cont [ 0 ] + 11:d=2 hl=4 l= 288 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :OCSP Nonce + 26:d=3 hl=4 l= 273 prim: OCTET STRING + 0:d=0 hl=4 l= 269 cons: SEQUENCE + 4:d=1 hl=2 l= 120 cons: SEQUENCE + 6:d=2 hl=2 l= 20 cons: cont [ 1 ] + 8:d=3 hl=2 l= 18 cons: SEQUENCE + 10:d=4 hl=2 l= 16 cons: SET + 12:d=5 hl=2 l= 14 cons: SEQUENCE + 14:d=6 hl=2 l= 3 prim: OBJECT :commonName + 19:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 28:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 45:d=2 hl=2 l= 79 cons: SEQUENCE + 47:d=3 hl=2 l= 77 cons: SEQUENCE + 49:d=4 hl=2 l= 56 cons: SEQUENCE + 51:d=5 hl=2 l= 7 cons: SEQUENCE + 53:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 60:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 82:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 104:d=5 hl=2 l= 1 prim: INTEGER :03 + 107:d=4 hl=2 l= 0 prim: cont [ 0 ] + 109:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 126:d=1 hl=2 l= 13 cons: SEQUENCE + 128:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 139:d=2 hl=2 l= 0 prim: NULL + 141:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBKwoBAKCCASQwggEgBgkrBgEFBQcwAQIEggERMIIBDTB4oRQwEjEQMA4GA1UEAxMHVGVzdCB +DQRgPMjAxNjAzMDQxNjQwMDJaME8wTTA4MAcGBSsOAwIaBBQC/3XaJN6K3RUPq2idzObmY20JAQ +QUdzWstN/nudyCWTgbfu3wiCuXNTQCAQOAABgPMjAxNjAzMDQxNjQwMDJaMA0GCSqGSIb3DQEBB +QUAA4GBAEaH8xtlTUtrtKBa/dKPjWhP5dl+FQMVmCpKVGYVkh+mq/mltWcFgqmVr2uMuCngTIXg +xXd9xzvdjl3Y8PqbFXd2267ZQ5JWLkyU1FFxOYRQsjNZD45AnPmXUeHTJ+KqvmIoduFMc2O42RK +/bUfjrcMZcpbblnbPReAfYUsUaiCE +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/bad_signature.pem b/net/data/parse_ocsp_unittest/bad_signature.pem new file mode 100644 index 0000000..f128604 --- /dev/null +++ b/net/data/parse_ocsp_unittest/bad_signature.pem @@ -0,0 +1,121 @@ +Has an invalid signature +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=3 l= 170 cons: SEQUENCE + 3:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 6:d=1 hl=3 l= 164 cons: cont [ 0 ] + 9:d=2 hl=3 l= 161 cons: SEQUENCE + 12:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 23:d=3 hl=3 l= 147 prim: OCTET STRING + 0:d=0 hl=3 l= 144 cons: SEQUENCE + 3:d=1 hl=2 l= 120 cons: SEQUENCE + 5:d=2 hl=2 l= 20 cons: cont [ 1 ] + 7:d=3 hl=2 l= 18 cons: SEQUENCE + 9:d=4 hl=2 l= 16 cons: SET + 11:d=5 hl=2 l= 14 cons: SEQUENCE + 13:d=6 hl=2 l= 3 prim: OBJECT :commonName + 18:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 27:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 44:d=2 hl=2 l= 79 cons: SEQUENCE + 46:d=3 hl=2 l= 77 cons: SEQUENCE + 48:d=4 hl=2 l= 56 cons: SEQUENCE + 50:d=5 hl=2 l= 7 cons: SEQUENCE + 52:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 59:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 81:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 103:d=5 hl=2 l= 1 prim: INTEGER :03 + 106:d=4 hl=2 l= 0 prim: cont [ 0 ] + 108:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 125:d=1 hl=2 l= 13 cons: SEQUENCE + 127:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 138:d=2 hl=2 l= 0 prim: NULL + 140:d=1 hl=2 l= 5 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIGqCgEAoIGkMIGhBgkrBgEFBQcwAQEEgZMwgZAweKEUMBIxEDAOBgNVBAMTB1Rlc3QgQ0EYDzI +wMTYwMzA0MTY0MDAyWjBPME0wODAHBgUrDgMCGgQUAv912iTeit0VD6tonczm5mNtCQEEFHc1rL +Tf57ncglk4G37t8IgrlzU0AgEDgAAYDzIwMTYwMzA0MTY0MDAyWjANBgkqhkiG9w0BAQUFAAMFA +N6tvu8= +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/bad_status.pem b/net/data/parse_ocsp_unittest/bad_status.pem new file mode 100644 index 0000000..db7c66c --- /dev/null +++ b/net/data/parse_ocsp_unittest/bad_status.pem @@ -0,0 +1,91 @@ +Has an invalid status larger than the defined Status enumeration +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: ENUMERATED :11 +-----BEGIN OCSP RESPONSE----- +MAMKARE= +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/good_response.pem b/net/data/parse_ocsp_unittest/good_response.pem new file mode 100644 index 0000000..f103d9a --- /dev/null +++ b/net/data/parse_ocsp_unittest/good_response.pem @@ -0,0 +1,123 @@ +Is a valid response for the cert +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 299 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 292 cons: cont [ 0 ] + 11:d=2 hl=4 l= 288 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 273 prim: OCTET STRING + 0:d=0 hl=4 l= 269 cons: SEQUENCE + 4:d=1 hl=2 l= 120 cons: SEQUENCE + 6:d=2 hl=2 l= 20 cons: cont [ 1 ] + 8:d=3 hl=2 l= 18 cons: SEQUENCE + 10:d=4 hl=2 l= 16 cons: SET + 12:d=5 hl=2 l= 14 cons: SEQUENCE + 14:d=6 hl=2 l= 3 prim: OBJECT :commonName + 19:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 28:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 45:d=2 hl=2 l= 79 cons: SEQUENCE + 47:d=3 hl=2 l= 77 cons: SEQUENCE + 49:d=4 hl=2 l= 56 cons: SEQUENCE + 51:d=5 hl=2 l= 7 cons: SEQUENCE + 53:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 60:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 82:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 104:d=5 hl=2 l= 1 prim: INTEGER :03 + 107:d=4 hl=2 l= 0 prim: cont [ 0 ] + 109:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 126:d=1 hl=2 l= 13 cons: SEQUENCE + 128:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 139:d=2 hl=2 l= 0 prim: NULL + 141:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBKwoBAKCCASQwggEgBgkrBgEFBQcwAQEEggERMIIBDTB4oRQwEjEQMA4GA1UEAxMHVGVzdCB +DQRgPMjAxNjAzMDQxNjQwMDJaME8wTTA4MAcGBSsOAwIaBBQC/3XaJN6K3RUPq2idzObmY20JAQ +QUdzWstN/nudyCWTgbfu3wiCuXNTQCAQOAABgPMjAxNjAzMDQxNjQwMDJaMA0GCSqGSIb3DQEBB +QUAA4GBAEaH8xtlTUtrtKBa/dKPjWhP5dl+FQMVmCpKVGYVkh+mq/mltWcFgqmVr2uMuCngTIXg +xXd9xzvdjl3Y8PqbFXd2267ZQ5JWLkyU1FFxOYRQsjNZD45AnPmXUeHTJ+KqvmIoduFMc2O42RK +/bUfjrcMZcpbblnbPReAfYUsUaiCE +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/good_response_next_update.pem b/net/data/parse_ocsp_unittest/good_response_next_update.pem new file mode 100644 index 0000000..7169d7d --- /dev/null +++ b/net/data/parse_ocsp_unittest/good_response_next_update.pem @@ -0,0 +1,125 @@ +Is a valid response for the cert until nextUpdate +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 319 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 312 cons: cont [ 0 ] + 11:d=2 hl=4 l= 308 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 293 prim: OCTET STRING + 0:d=0 hl=4 l= 289 cons: SEQUENCE + 4:d=1 hl=3 l= 139 cons: SEQUENCE + 7:d=2 hl=2 l= 20 cons: cont [ 1 ] + 9:d=3 hl=2 l= 18 cons: SEQUENCE + 11:d=4 hl=2 l= 16 cons: SET + 13:d=5 hl=2 l= 14 cons: SEQUENCE + 15:d=6 hl=2 l= 3 prim: OBJECT :commonName + 20:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 29:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 46:d=2 hl=2 l= 98 cons: SEQUENCE + 48:d=3 hl=2 l= 96 cons: SEQUENCE + 50:d=4 hl=2 l= 56 cons: SEQUENCE + 52:d=5 hl=2 l= 7 cons: SEQUENCE + 54:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 61:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 83:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 105:d=5 hl=2 l= 1 prim: INTEGER :03 + 108:d=4 hl=2 l= 0 prim: cont [ 0 ] + 110:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 127:d=4 hl=2 l= 17 cons: cont [ 0 ] + 129:d=5 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 146:d=1 hl=2 l= 13 cons: SEQUENCE + 148:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 159:d=2 hl=2 l= 0 prim: NULL + 161:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBPwoBAKCCATgwggE0BgkrBgEFBQcwAQEEggElMIIBITCBi6EUMBIxEDAOBgNVBAMTB1Rlc3Q +gQ0EYDzIwMTYwMzA0MTY0MDAyWjBiMGAwODAHBgUrDgMCGgQUAv912iTeit0VD6tonczm5mNtCQ +EEFHc1rLTf57ncglk4G37t8IgrlzU0AgEDgAAYDzIwMTYwMzA0MTY0MDAyWqARGA8yMDE2MDMwN +DE2NDAwMlowDQYJKoZIhvcNAQEFBQADgYEAUaMzuLydF/skM3i+4I0fPNHhe0Ilzxidd4SW4l7s +NhZLc5kngs2sP+WcPIc9UCHYeB5rGgL8ochmQj8EIO+Z+rlss3L5CLlyYXw2cv3i7Bcb9MJResS +az0cM1VDLiDP2zxS+sPtPtWt5q2PQh91ATJjLH+rl94IJLrfqGJ8m5Vc= +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/has_extension.pem b/net/data/parse_ocsp_unittest/has_extension.pem new file mode 100644 index 0000000..5fcd285 --- /dev/null +++ b/net/data/parse_ocsp_unittest/has_extension.pem @@ -0,0 +1,124 @@ +Includes an x509v3 extension +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 319 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 312 cons: cont [ 0 ] + 11:d=2 hl=4 l= 308 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 293 prim: OCTET STRING + 0:d=0 hl=4 l= 289 cons: SEQUENCE + 4:d=1 hl=3 l= 139 cons: SEQUENCE + 7:d=2 hl=2 l= 20 cons: cont [ 1 ] + 9:d=3 hl=2 l= 18 cons: SEQUENCE + 11:d=4 hl=2 l= 16 cons: SET + 13:d=5 hl=2 l= 14 cons: SEQUENCE + 15:d=6 hl=2 l= 3 prim: OBJECT :commonName + 20:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 29:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 46:d=2 hl=2 l= 79 cons: SEQUENCE + 48:d=3 hl=2 l= 77 cons: SEQUENCE + 50:d=4 hl=2 l= 56 cons: SEQUENCE + 52:d=5 hl=2 l= 7 cons: SEQUENCE + 54:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 61:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 83:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 105:d=5 hl=2 l= 1 prim: INTEGER :03 + 108:d=4 hl=2 l= 0 prim: cont [ 0 ] + 110:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 127:d=2 hl=2 l= 17 cons: cont [ 1 ] + 129:d=3 hl=2 l= 15 cons: SEQUENCE + 131:d=4 hl=2 l= 13 cons: SEQUENCE + 133:d=5 hl=2 l= 3 prim: OBJECT :1.2.3.4 +Error in encoding +-----BEGIN OCSP RESPONSE----- +MIIBPwoBAKCCATgwggE0BgkrBgEFBQcwAQEEggElMIIBITCBi6EUMBIxEDAOBgNVBAMTB1Rlc3Q +gQ0EYDzIwMTYwMzA0MTY0MDAyWjBPME0wODAHBgUrDgMCGgQUAv912iTeit0VD6tonczm5mNtCQ +EEFHc1rLTf57ncglk4G37t8IgrlzU0AgEDgAAYDzIwMTYwMzA0MTY0MDAyWqERMA8wDQYDKgMER +EVBREJFRUYwDQYJKoZIhvcNAQEFBQADgYEAIAs38OAgwQtXMBhJwNs8EHgrIUMIKz5aZBX79OL3 +hAtpoA94hSvA/Z7iJ9R6XX+x6RAjVTODkFjQCpZb3cjgUQvJgQDr4ct34KdY0uDYNlEKGfrecaG +z5TEAu92I16UVjj69lBbBuU7IxJQPKjU2ZoR0nqh9VyDgAyOvVcCz608= +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/has_single_extension.pem b/net/data/parse_ocsp_unittest/has_single_extension.pem new file mode 100644 index 0000000..385ee05 --- /dev/null +++ b/net/data/parse_ocsp_unittest/has_single_extension.pem @@ -0,0 +1,124 @@ +Has an extension in the SingleResponse +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 319 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 312 cons: cont [ 0 ] + 11:d=2 hl=4 l= 308 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 293 prim: OCTET STRING + 0:d=0 hl=4 l= 289 cons: SEQUENCE + 4:d=1 hl=3 l= 139 cons: SEQUENCE + 7:d=2 hl=2 l= 20 cons: cont [ 1 ] + 9:d=3 hl=2 l= 18 cons: SEQUENCE + 11:d=4 hl=2 l= 16 cons: SET + 13:d=5 hl=2 l= 14 cons: SEQUENCE + 15:d=6 hl=2 l= 3 prim: OBJECT :commonName + 20:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 29:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 46:d=2 hl=2 l= 98 cons: SEQUENCE + 48:d=3 hl=2 l= 96 cons: SEQUENCE + 50:d=4 hl=2 l= 56 cons: SEQUENCE + 52:d=5 hl=2 l= 7 cons: SEQUENCE + 54:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 61:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 83:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 105:d=5 hl=2 l= 1 prim: INTEGER :03 + 108:d=4 hl=2 l= 0 prim: cont [ 0 ] + 110:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 127:d=4 hl=2 l= 17 cons: cont [ 1 ] + 129:d=5 hl=2 l= 15 cons: SEQUENCE + 131:d=6 hl=2 l= 13 cons: SEQUENCE + 133:d=7 hl=2 l= 3 prim: OBJECT :1.2.3.4 +Error in encoding +-----BEGIN OCSP RESPONSE----- +MIIBPwoBAKCCATgwggE0BgkrBgEFBQcwAQEEggElMIIBITCBi6EUMBIxEDAOBgNVBAMTB1Rlc3Q +gQ0EYDzIwMTYwMzA0MTY0MDAyWjBiMGAwODAHBgUrDgMCGgQUAv912iTeit0VD6tonczm5mNtCQ +EEFHc1rLTf57ncglk4G37t8IgrlzU0AgEDgAAYDzIwMTYwMzA0MTY0MDAyWqERMA8wDQYDKgMER +EVBREJFRUYwDQYJKoZIhvcNAQEFBQADgYEAbcAvOhDvLP8Wuine9UmLz2+gIkxLEdPLdexxb844 +9xAX+JuofgeDI4m7+Z3KYH+4Pl0c5d8hcoCNT0gievvtpyb533yOb3ROEEaSSasECEXFi4ZRIiz +nHUH5pWBtqw0lA/BoVj66Lb0dG5AiuIyrZom3SylNh9A0pHAZIyIDe0M= +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/has_version.pem b/net/data/parse_ocsp_unittest/has_version.pem new file mode 100644 index 0000000..766d76d4 --- /dev/null +++ b/net/data/parse_ocsp_unittest/has_version.pem @@ -0,0 +1,123 @@ +Includes a default version V1 +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 299 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 292 cons: cont [ 0 ] + 11:d=2 hl=4 l= 288 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 273 prim: OCTET STRING + 0:d=0 hl=4 l= 269 cons: SEQUENCE + 4:d=1 hl=2 l= 120 cons: SEQUENCE + 6:d=2 hl=2 l= 20 cons: cont [ 1 ] + 8:d=3 hl=2 l= 18 cons: SEQUENCE + 10:d=4 hl=2 l= 16 cons: SET + 12:d=5 hl=2 l= 14 cons: SEQUENCE + 14:d=6 hl=2 l= 3 prim: OBJECT :commonName + 19:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 28:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 45:d=2 hl=2 l= 79 cons: SEQUENCE + 47:d=3 hl=2 l= 77 cons: SEQUENCE + 49:d=4 hl=2 l= 56 cons: SEQUENCE + 51:d=5 hl=2 l= 7 cons: SEQUENCE + 53:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 60:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 82:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 104:d=5 hl=2 l= 1 prim: INTEGER :03 + 107:d=4 hl=2 l= 0 prim: cont [ 0 ] + 109:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 126:d=1 hl=2 l= 13 cons: SEQUENCE + 128:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 139:d=2 hl=2 l= 0 prim: NULL + 141:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBKwoBAKCCASQwggEgBgkrBgEFBQcwAQEEggERMIIBDTB4oRQwEjEQMA4GA1UEAxMHVGVzdCB +DQRgPMjAxNjAzMDQxNjQwMDJaME8wTTA4MAcGBSsOAwIaBBQC/3XaJN6K3RUPq2idzObmY20JAQ +QUdzWstN/nudyCWTgbfu3wiCuXNTQCAQOAABgPMjAxNjAzMDQxNjQwMDJaMA0GCSqGSIb3DQEBB +QUAA4GBAEaH8xtlTUtrtKBa/dKPjWhP5dl+FQMVmCpKVGYVkh+mq/mltWcFgqmVr2uMuCngTIXg +xXd9xzvdjl3Y8PqbFXd2267ZQ5JWLkyU1FFxOYRQsjNZD45AnPmXUeHTJ+KqvmIoduFMc2O42RK +/bUfjrcMZcpbblnbPReAfYUsUaiCE +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/malformed_status.pem b/net/data/parse_ocsp_unittest/malformed_status.pem new file mode 100644 index 0000000..be983d7 --- /dev/null +++ b/net/data/parse_ocsp_unittest/malformed_status.pem @@ -0,0 +1,91 @@ +Has a status of MALFORMED_REQUEST +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=2 l= 3 cons: SEQUENCE + 2:d=1 hl=2 l= 1 prim: ENUMERATED :01 +-----BEGIN OCSP RESPONSE----- +MAMKAQE= +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/missing_response.pem b/net/data/parse_ocsp_unittest/missing_response.pem new file mode 100644 index 0000000..a904537 --- /dev/null +++ b/net/data/parse_ocsp_unittest/missing_response.pem @@ -0,0 +1,112 @@ +Missing a response for the cert +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=3 l= 216 cons: SEQUENCE + 3:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 6:d=1 hl=3 l= 210 cons: cont [ 0 ] + 9:d=2 hl=3 l= 207 cons: SEQUENCE + 12:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 23:d=3 hl=3 l= 193 prim: OCTET STRING + 0:d=0 hl=3 l= 190 cons: SEQUENCE + 3:d=1 hl=2 l= 41 cons: SEQUENCE + 5:d=2 hl=2 l= 20 cons: cont [ 1 ] + 7:d=3 hl=2 l= 18 cons: SEQUENCE + 9:d=4 hl=2 l= 16 cons: SET + 11:d=5 hl=2 l= 14 cons: SEQUENCE + 13:d=6 hl=2 l= 3 prim: OBJECT :commonName + 18:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 27:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 44:d=2 hl=2 l= 0 cons: SEQUENCE + 46:d=1 hl=2 l= 13 cons: SEQUENCE + 48:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 59:d=2 hl=2 l= 0 prim: NULL + 61:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIHYCgEAoIHSMIHPBgkrBgEFBQcwAQEEgcEwgb4wKaEUMBIxEDAOBgNVBAMTB1Rlc3QgQ0EYDzI +wMTYwMzA0MTY0MDAyWjAAMA0GCSqGSIb3DQEBBQUAA4GBAFEVksQxQGbZHWAsFEgQHN/UVO6fdf +nOATPc/lnJLGVzGXgYoa/Rg9bRZ9hVdz0QYLE5u8PbQKqNCWzq31ilry2NZtMbFpd/Gr3TkAcIB +hpBYTcxK3+x1nq8ztuep36XoV+gGbTaB3f7BqeR60t4/pWzwjf8A+8+6unFC5hYE07J +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/multiple_response.pem b/net/data/parse_ocsp_unittest/multiple_response.pem new file mode 100644 index 0000000..985bf82 --- /dev/null +++ b/net/data/parse_ocsp_unittest/multiple_response.pem @@ -0,0 +1,133 @@ +Has multiple responses for the cert +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 380 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 373 cons: cont [ 0 ] + 11:d=2 hl=4 l= 369 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 354 prim: OCTET STRING + 0:d=0 hl=4 l= 350 cons: SEQUENCE + 4:d=1 hl=3 l= 200 cons: SEQUENCE + 7:d=2 hl=2 l= 20 cons: cont [ 1 ] + 9:d=3 hl=2 l= 18 cons: SEQUENCE + 11:d=4 hl=2 l= 16 cons: SET + 13:d=5 hl=2 l= 14 cons: SEQUENCE + 15:d=6 hl=2 l= 3 prim: OBJECT :commonName + 20:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 29:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 46:d=2 hl=3 l= 158 cons: SEQUENCE + 49:d=3 hl=2 l= 77 cons: SEQUENCE + 51:d=4 hl=2 l= 56 cons: SEQUENCE + 53:d=5 hl=2 l= 7 cons: SEQUENCE + 55:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 62:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 84:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 106:d=5 hl=2 l= 1 prim: INTEGER :03 + 109:d=4 hl=2 l= 0 prim: cont [ 0 ] + 111:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 128:d=3 hl=2 l= 77 cons: SEQUENCE + 130:d=4 hl=2 l= 56 cons: SEQUENCE + 132:d=5 hl=2 l= 7 cons: SEQUENCE + 134:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 141:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 163:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 185:d=5 hl=2 l= 1 prim: INTEGER :03 + 188:d=4 hl=2 l= 0 prim: cont [ 2 ] + 190:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 207:d=1 hl=2 l= 13 cons: SEQUENCE + 209:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 220:d=2 hl=2 l= 0 prim: NULL + 222:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBfAoBAKCCAXUwggFxBgkrBgEFBQcwAQEEggFiMIIBXjCByKEUMBIxEDAOBgNVBAMTB1Rlc3Q +gQ0EYDzIwMTYwMzA0MTY0MDAyWjCBnjBNMDgwBwYFKw4DAhoEFAL/ddok3ordFQ+raJ3M5uZjbQ +kBBBR3Nay03+e53IJZOBt+7fCIK5c1NAIBA4AAGA8yMDE2MDMwNDE2NDAwMlowTTA4MAcGBSsOA +wIaBBQC/3XaJN6K3RUPq2idzObmY20JAQQUdzWstN/nudyCWTgbfu3wiCuXNTQCAQOCABgPMjAx +NjAzMDQxNjQwMDJaMA0GCSqGSIb3DQEBBQUAA4GBADtJYfmQINzaAJV81Nocj2EBm0O0hXhSKd3 +Vb5EP5e2mAxywv6HzW+kde1cTfQCRLNaumm8/Mow4RpmfquWL/ZCIDYLk1flxYE2MR4Gr7QpPP0 +iiisfzJwe7LpiFSYMO7W4jxlqmPIGeHz28/KD1GT6R0fC+kXJF1dZoQyIRy9xE +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/no_response.pem b/net/data/parse_ocsp_unittest/no_response.pem new file mode 100644 index 0000000..73b4080 --- /dev/null +++ b/net/data/parse_ocsp_unittest/no_response.pem @@ -0,0 +1,112 @@ +No SingleResponses attached to the response +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=3 l= 216 cons: SEQUENCE + 3:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 6:d=1 hl=3 l= 210 cons: cont [ 0 ] + 9:d=2 hl=3 l= 207 cons: SEQUENCE + 12:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 23:d=3 hl=3 l= 193 prim: OCTET STRING + 0:d=0 hl=3 l= 190 cons: SEQUENCE + 3:d=1 hl=2 l= 41 cons: SEQUENCE + 5:d=2 hl=2 l= 20 cons: cont [ 1 ] + 7:d=3 hl=2 l= 18 cons: SEQUENCE + 9:d=4 hl=2 l= 16 cons: SET + 11:d=5 hl=2 l= 14 cons: SEQUENCE + 13:d=6 hl=2 l= 3 prim: OBJECT :commonName + 18:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 27:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 44:d=2 hl=2 l= 0 cons: SEQUENCE + 46:d=1 hl=2 l= 13 cons: SEQUENCE + 48:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 59:d=2 hl=2 l= 0 prim: NULL + 61:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIHYCgEAoIHSMIHPBgkrBgEFBQcwAQEEgcEwgb4wKaEUMBIxEDAOBgNVBAMTB1Rlc3QgQ0EYDzI +wMTYwMzA0MTY0MDAyWjAAMA0GCSqGSIb3DQEBBQUAA4GBAFEVksQxQGbZHWAsFEgQHN/UVO6fdf +nOATPc/lnJLGVzGXgYoa/Rg9bRZ9hVdz0QYLE5u8PbQKqNCWzq31ilry2NZtMbFpd/Gr3TkAcIB +hpBYTcxK3+x1nq8ztuep36XoV+gGbTaB3f7BqeR60t4/pWzwjf8A+8+6unFC5hYE07J +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/ocsp_extra_certs.pem b/net/data/parse_ocsp_unittest/ocsp_extra_certs.pem new file mode 100644 index 0000000..cfdad7b --- /dev/null +++ b/net/data/parse_ocsp_unittest/ocsp_extra_certs.pem @@ -0,0 +1,205 @@ +Includes extra certs +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l=1165 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l=1158 cons: cont [ 0 ] + 11:d=2 hl=4 l=1154 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l=1139 prim: OCTET STRING + 0:d=0 hl=4 l=1135 cons: SEQUENCE + 4:d=1 hl=2 l= 120 cons: SEQUENCE + 6:d=2 hl=2 l= 20 cons: cont [ 1 ] + 8:d=3 hl=2 l= 18 cons: SEQUENCE + 10:d=4 hl=2 l= 16 cons: SET + 12:d=5 hl=2 l= 14 cons: SEQUENCE + 14:d=6 hl=2 l= 3 prim: OBJECT :commonName + 19:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 28:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 45:d=2 hl=2 l= 79 cons: SEQUENCE + 47:d=3 hl=2 l= 77 cons: SEQUENCE + 49:d=4 hl=2 l= 56 cons: SEQUENCE + 51:d=5 hl=2 l= 7 cons: SEQUENCE + 53:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 60:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 82:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 104:d=5 hl=2 l= 1 prim: INTEGER :03 + 107:d=4 hl=2 l= 0 prim: cont [ 0 ] + 109:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 126:d=1 hl=2 l= 13 cons: SEQUENCE + 128:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 139:d=2 hl=2 l= 0 prim: NULL + 141:d=1 hl=3 l= 129 prim: BIT STRING + 273:d=1 hl=4 l= 862 cons: cont [ 0 ] + 277:d=2 hl=4 l= 858 cons: SEQUENCE + 281:d=3 hl=4 l= 408 cons: SEQUENCE + 285:d=4 hl=4 l= 257 cons: SEQUENCE + 289:d=5 hl=2 l= 3 cons: cont [ 0 ] + 291:d=6 hl=2 l= 1 prim: INTEGER :02 + 294:d=5 hl=2 l= 1 prim: INTEGER :00 + 297:d=5 hl=2 l= 13 cons: SEQUENCE + 299:d=6 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 310:d=6 hl=2 l= 0 prim: NULL + 312:d=5 hl=2 l= 18 cons: SEQUENCE + 314:d=6 hl=2 l= 16 cons: SET + 316:d=7 hl=2 l= 14 cons: SEQUENCE + 318:d=8 hl=2 l= 3 prim: OBJECT :commonName + 323:d=8 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 332:d=5 hl=2 l= 30 cons: SEQUENCE + 334:d=6 hl=2 l= 13 prim: UTCTIME :160304214002Z + 349:d=6 hl=2 l= 13 prim: UTCTIME :260302214002Z + 364:d=5 hl=2 l= 18 cons: SEQUENCE + 366:d=6 hl=2 l= 16 cons: SET + 368:d=7 hl=2 l= 14 cons: SEQUENCE + 370:d=8 hl=2 l= 3 prim: OBJECT :commonName + 375:d=8 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 384:d=5 hl=3 l= 159 cons: SEQUENCE + 387:d=6 hl=2 l= 13 cons: SEQUENCE + 389:d=7 hl=2 l= 9 prim: OBJECT :rsaEncryption + 400:d=7 hl=2 l= 0 prim: NULL + 402:d=6 hl=3 l= 141 prim: BIT STRING + 546:d=4 hl=2 l= 13 cons: SEQUENCE + 548:d=5 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 559:d=5 hl=2 l= 0 prim: NULL + 561:d=4 hl=3 l= 129 prim: BIT STRING + 693:d=3 hl=4 l= 442 cons: SEQUENCE + 697:d=4 hl=4 l= 291 cons: SEQUENCE + 701:d=5 hl=2 l= 3 cons: cont [ 0 ] + 703:d=6 hl=2 l= 1 prim: INTEGER :02 + 706:d=5 hl=2 l= 1 prim: INTEGER :01 + 709:d=5 hl=2 l= 13 cons: SEQUENCE + 711:d=6 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 722:d=6 hl=2 l= 0 prim: NULL + 724:d=5 hl=2 l= 18 cons: SEQUENCE + 726:d=6 hl=2 l= 16 cons: SET + 728:d=7 hl=2 l= 14 cons: SEQUENCE + 730:d=8 hl=2 l= 3 prim: OBJECT :commonName + 735:d=8 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 744:d=5 hl=2 l= 30 cons: SEQUENCE + 746:d=6 hl=2 l= 13 prim: UTCTIME :160304214002Z + 761:d=6 hl=2 l= 13 prim: UTCTIME :260302214002Z + 776:d=5 hl=2 l= 27 cons: SEQUENCE + 778:d=6 hl=2 l= 25 cons: SET + 780:d=7 hl=2 l= 23 cons: SEQUENCE + 782:d=8 hl=2 l= 3 prim: OBJECT :commonName + 787:d=8 hl=2 l= 16 prim: PRINTABLESTRING :Test OCSP Signer + 805:d=5 hl=3 l= 159 cons: SEQUENCE + 808:d=6 hl=2 l= 13 cons: SEQUENCE + 810:d=7 hl=2 l= 9 prim: OBJECT :rsaEncryption + 821:d=7 hl=2 l= 0 prim: NULL + 823:d=6 hl=3 l= 141 prim: BIT STRING + 967:d=5 hl=2 l= 23 cons: cont [ 3 ] + 969:d=6 hl=2 l= 21 cons: SEQUENCE + 971:d=7 hl=2 l= 19 cons: SEQUENCE + 973:d=8 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage + 978:d=8 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070309 + 992:d=4 hl=2 l= 13 cons: SEQUENCE + 994:d=5 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 1005:d=5 hl=2 l= 0 prim: NULL + 1007:d=4 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIEjQoBAKCCBIYwggSCBgkrBgEFBQcwAQEEggRzMIIEbzB4oRQwEjEQMA4GA1UEAxMHVGVzdCB +DQRgPMjAxNjAzMDQxNjQwMDJaME8wTTA4MAcGBSsOAwIaBBQC/3XaJN6K3RUPq2idzObmY20JAQ +QUdzWstN/nudyCWTgbfu3wiCuXNTQCAQOAABgPMjAxNjAzMDQxNjQwMDJaMA0GCSqGSIb3DQEBB +QUAA4GBAEaH8xtlTUtrtKBa/dKPjWhP5dl+FQMVmCpKVGYVkh+mq/mltWcFgqmVr2uMuCngTIXg +xXd9xzvdjl3Y8PqbFXd2267ZQ5JWLkyU1FFxOYRQsjNZD45AnPmXUeHTJ+KqvmIoduFMc2O42RK +/bUfjrcMZcpbblnbPReAfYUsUaiCEoIIDXjCCA1owggGYMIIBAaADAgECAgEAMA0GCSqGSIb3DQ +EBBQUAMBIxEDAOBgNVBAMTB1Rlc3QgQ0EwHhcNMTYwMzA0MjE0MDAyWhcNMjYwMzAyMjE0MDAyW +jASMRAwDgYDVQQDEwdUZXN0IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDE3whHt7Lq +NNVTJLqSQKq3bH3+bGdHPvs/LorB2bc/2OojCqsJG6oBd8LlBzJ7JRpcoJzj1uYvtzLrhSjBOuc +iPKqJg5fRU7q3dl0pzLb/xTa7B0vmhk+UGSkjqZTu+X7espsqQ0808u/xqnAUXXMgdSbW26d3Xn +Y+UwBZC7quZQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJhpZ2OHHQBEaGzUOPU3pFch/RTrr2clz +HReS4L/IvkmLXpyMjWzvpqtWMYrs49nTXXHj+A0xEuPfXDLEqx+DepB2ViRWXz0LC0D4rGCFChG +EPxxJZjVo5BybiEzXUcTm3lXI1uF5I4FXCg5vzA5yBkURF8I1ZtzHZrdZhUkIahTMIIBujCCASO +gAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE2MDMwNDIxND +AwMloXDTI2MDMwMjIxNDAwMlowGzEZMBcGA1UEAxMQVGVzdCBPQ1NQIFNpZ25lcjCBnzANBgkqh +kiG9w0BAQEFAAOBjQAwgYkCgYEAr33RA+84nexEDSI0KGSwbWlLiaACkAiVbJQwXoWDqTSKrD1u +b376zek9M+5WETYka2V0ZwnW9IbJiEpmnn4rKvTdItkHYv7vYK5+9KBi4s8w4aYRECYDdTKc6+0 +I6ZY/jAXY1Zxz/rAmfFVvV7roAD2QvVM3f7hUC2uIqQPjXJECAwEAAaMXMBUwEwYDVR0lBAwwCg +YIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADgYEAvIZNLVTEHpgj0gKN9x1LvTJJUVSJovny2zI/Y +Bt1HluMNjgMmTKUearYNJVBlqWKB0xytByOQVgkkPQjJYSTVFguc6ObfKG005OlhNXa2ZDffSn+ +gmo8NtdOQyDbz0ydaENNCxpSxr4QXNdOGMiwxN3FSjE1V7v0XdGGsAgrSRw= +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/ocsp_sign_bad_indirect.pem b/net/data/parse_ocsp_unittest/ocsp_sign_bad_indirect.pem new file mode 100644 index 0000000..308d2c7 --- /dev/null +++ b/net/data/parse_ocsp_unittest/ocsp_sign_bad_indirect.pem @@ -0,0 +1,163 @@ +Signed through an intermediate without the correct key usage +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 750 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 743 cons: cont [ 0 ] + 11:d=2 hl=4 l= 739 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 724 prim: OCTET STRING + 0:d=0 hl=4 l= 720 cons: SEQUENCE + 4:d=1 hl=3 l= 135 cons: SEQUENCE + 7:d=2 hl=2 l= 35 cons: cont [ 1 ] + 9:d=3 hl=2 l= 33 cons: SEQUENCE + 11:d=4 hl=2 l= 31 cons: SET + 13:d=5 hl=2 l= 29 cons: SEQUENCE + 15:d=6 hl=2 l= 3 prim: OBJECT :commonName + 20:d=6 hl=2 l= 22 prim: PRINTABLESTRING :Test False OCSP Signer + 44:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 61:d=2 hl=2 l= 79 cons: SEQUENCE + 63:d=3 hl=2 l= 77 cons: SEQUENCE + 65:d=4 hl=2 l= 56 cons: SEQUENCE + 67:d=5 hl=2 l= 7 cons: SEQUENCE + 69:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 76:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 98:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 120:d=5 hl=2 l= 1 prim: INTEGER :03 + 123:d=4 hl=2 l= 0 prim: cont [ 0 ] + 125:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 142:d=1 hl=2 l= 13 cons: SEQUENCE + 144:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 155:d=2 hl=2 l= 0 prim: NULL + 157:d=1 hl=3 l= 129 prim: BIT STRING + 289:d=1 hl=4 l= 431 cons: cont [ 0 ] + 293:d=2 hl=4 l= 427 cons: SEQUENCE + 297:d=3 hl=4 l= 423 cons: SEQUENCE + 301:d=4 hl=4 l= 272 cons: SEQUENCE + 305:d=5 hl=2 l= 3 cons: cont [ 0 ] + 307:d=6 hl=2 l= 1 prim: INTEGER :02 + 310:d=5 hl=2 l= 1 prim: INTEGER :02 + 313:d=5 hl=2 l= 13 cons: SEQUENCE + 315:d=6 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 326:d=6 hl=2 l= 0 prim: NULL + 328:d=5 hl=2 l= 18 cons: SEQUENCE + 330:d=6 hl=2 l= 16 cons: SET + 332:d=7 hl=2 l= 14 cons: SEQUENCE + 334:d=8 hl=2 l= 3 prim: OBJECT :commonName + 339:d=8 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 348:d=5 hl=2 l= 30 cons: SEQUENCE + 350:d=6 hl=2 l= 13 prim: UTCTIME :160304214002Z + 365:d=6 hl=2 l= 13 prim: UTCTIME :260302214002Z + 380:d=5 hl=2 l= 33 cons: SEQUENCE + 382:d=6 hl=2 l= 31 cons: SET + 384:d=7 hl=2 l= 29 cons: SEQUENCE + 386:d=8 hl=2 l= 3 prim: OBJECT :commonName + 391:d=8 hl=2 l= 22 prim: PRINTABLESTRING :Test False OCSP Signer + 415:d=5 hl=3 l= 159 cons: SEQUENCE + 418:d=6 hl=2 l= 13 cons: SEQUENCE + 420:d=7 hl=2 l= 9 prim: OBJECT :rsaEncryption + 431:d=7 hl=2 l= 0 prim: NULL + 433:d=6 hl=3 l= 141 prim: BIT STRING + 577:d=4 hl=2 l= 13 cons: SEQUENCE + 579:d=5 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 590:d=5 hl=2 l= 0 prim: NULL + 592:d=4 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIC7goBAKCCAucwggLjBgkrBgEFBQcwAQEEggLUMIIC0DCBh6EjMCExHzAdBgNVBAMTFlRlc3Q +gRmFsc2UgT0NTUCBTaWduZXIYDzIwMTYwMzA0MTY0MDAyWjBPME0wODAHBgUrDgMCGgQUAv912i +Teit0VD6tonczm5mNtCQEEFHc1rLTf57ncglk4G37t8IgrlzU0AgEDgAAYDzIwMTYwMzA0MTY0M +DAyWjANBgkqhkiG9w0BAQUFAAOBgQBUbTwYMCKST8shnSN4BIA6rdPZn+kUZF2hEWLqY7A0Ru1H +OaAd4idxtPIfb7nzydt3gXuaI1lgjT5F9Choe99e20X2+xkZpnnzoN5OKeUhiK08I8azqGHsxfC +hWlrAASXdA7iwld5dGbw+RlNHB4nrAuknAUdTHFGdiP7x7TBhNaCCAa8wggGrMIIBpzCCARCgAw +IBAgIBAjANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE2MDMwNDIxNDAwM +loXDTI2MDMwMjIxNDAwMlowITEfMB0GA1UEAxMWVGVzdCBGYWxzZSBPQ1NQIFNpZ25lcjCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApn44UGWdpvHcClqexVMmT8yIGg8DjLaZzDMT4YktTYs +Df011huQhUoNNOHbVR+zveTORiw+J+Xe2fvz10E35Fp8hrdc2BUXPywcIwGMBAqw4Xfn065B0it +sUg8AYm4yPTL0/TPXFKj4LF5TbGdOlYD/hQgzehtvsPLEfCPLy6IsCAwEAATANBgkqhkiG9w0BA +QUFAAOBgQCU24MnAyNiaNesmlQRj9sZSBERuSddMWKsLlXBMs4k3iVJBq92wxOcj3YCk84dFttM +nj5hEKVnVxzHDTSGjOWLvzJtj7y8CjQ2CS1xkB1c1xrnsYXjQLqWSSIwUFIxC926BsTMIU7zOs/ +mjO7GAm4CJhP9MYGPwv3Yy4g66I+HUA== +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/ocsp_sign_direct.pem b/net/data/parse_ocsp_unittest/ocsp_sign_direct.pem new file mode 100644 index 0000000..23b245b --- /dev/null +++ b/net/data/parse_ocsp_unittest/ocsp_sign_direct.pem @@ -0,0 +1,123 @@ +Signed directly by the issuer +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 299 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 292 cons: cont [ 0 ] + 11:d=2 hl=4 l= 288 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 273 prim: OCTET STRING + 0:d=0 hl=4 l= 269 cons: SEQUENCE + 4:d=1 hl=2 l= 120 cons: SEQUENCE + 6:d=2 hl=2 l= 20 cons: cont [ 1 ] + 8:d=3 hl=2 l= 18 cons: SEQUENCE + 10:d=4 hl=2 l= 16 cons: SET + 12:d=5 hl=2 l= 14 cons: SEQUENCE + 14:d=6 hl=2 l= 3 prim: OBJECT :commonName + 19:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 28:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 45:d=2 hl=2 l= 79 cons: SEQUENCE + 47:d=3 hl=2 l= 77 cons: SEQUENCE + 49:d=4 hl=2 l= 56 cons: SEQUENCE + 51:d=5 hl=2 l= 7 cons: SEQUENCE + 53:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 60:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 82:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 104:d=5 hl=2 l= 1 prim: INTEGER :03 + 107:d=4 hl=2 l= 0 prim: cont [ 0 ] + 109:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 126:d=1 hl=2 l= 13 cons: SEQUENCE + 128:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 139:d=2 hl=2 l= 0 prim: NULL + 141:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBKwoBAKCCASQwggEgBgkrBgEFBQcwAQEEggERMIIBDTB4oRQwEjEQMA4GA1UEAxMHVGVzdCB +DQRgPMjAxNjAzMDQxNjQwMDJaME8wTTA4MAcGBSsOAwIaBBQC/3XaJN6K3RUPq2idzObmY20JAQ +QUdzWstN/nudyCWTgbfu3wiCuXNTQCAQOAABgPMjAxNjAzMDQxNjQwMDJaMA0GCSqGSIb3DQEBB +QUAA4GBAEaH8xtlTUtrtKBa/dKPjWhP5dl+FQMVmCpKVGYVkh+mq/mltWcFgqmVr2uMuCngTIXg +xXd9xzvdjl3Y8PqbFXd2267ZQ5JWLkyU1FFxOYRQsjNZD45AnPmXUeHTJ+KqvmIoduFMc2O42RK +/bUfjrcMZcpbblnbPReAfYUsUaiCE +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/ocsp_sign_indirect.pem b/net/data/parse_ocsp_unittest/ocsp_sign_indirect.pem new file mode 100644 index 0000000..3c3cbe1 --- /dev/null +++ b/net/data/parse_ocsp_unittest/ocsp_sign_indirect.pem @@ -0,0 +1,168 @@ +Signed indirectly through an intermediate +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 763 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 756 cons: cont [ 0 ] + 11:d=2 hl=4 l= 752 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 737 prim: OCTET STRING + 0:d=0 hl=4 l= 733 cons: SEQUENCE + 4:d=1 hl=3 l= 129 cons: SEQUENCE + 7:d=2 hl=2 l= 29 cons: cont [ 1 ] + 9:d=3 hl=2 l= 27 cons: SEQUENCE + 11:d=4 hl=2 l= 25 cons: SET + 13:d=5 hl=2 l= 23 cons: SEQUENCE + 15:d=6 hl=2 l= 3 prim: OBJECT :commonName + 20:d=6 hl=2 l= 16 prim: PRINTABLESTRING :Test OCSP Signer + 38:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 55:d=2 hl=2 l= 79 cons: SEQUENCE + 57:d=3 hl=2 l= 77 cons: SEQUENCE + 59:d=4 hl=2 l= 56 cons: SEQUENCE + 61:d=5 hl=2 l= 7 cons: SEQUENCE + 63:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 70:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 92:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 114:d=5 hl=2 l= 1 prim: INTEGER :03 + 117:d=4 hl=2 l= 0 prim: cont [ 0 ] + 119:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 136:d=1 hl=2 l= 13 cons: SEQUENCE + 138:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 149:d=2 hl=2 l= 0 prim: NULL + 151:d=1 hl=3 l= 129 prim: BIT STRING + 283:d=1 hl=4 l= 450 cons: cont [ 0 ] + 287:d=2 hl=4 l= 446 cons: SEQUENCE + 291:d=3 hl=4 l= 442 cons: SEQUENCE + 295:d=4 hl=4 l= 291 cons: SEQUENCE + 299:d=5 hl=2 l= 3 cons: cont [ 0 ] + 301:d=6 hl=2 l= 1 prim: INTEGER :02 + 304:d=5 hl=2 l= 1 prim: INTEGER :01 + 307:d=5 hl=2 l= 13 cons: SEQUENCE + 309:d=6 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 320:d=6 hl=2 l= 0 prim: NULL + 322:d=5 hl=2 l= 18 cons: SEQUENCE + 324:d=6 hl=2 l= 16 cons: SET + 326:d=7 hl=2 l= 14 cons: SEQUENCE + 328:d=8 hl=2 l= 3 prim: OBJECT :commonName + 333:d=8 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 342:d=5 hl=2 l= 30 cons: SEQUENCE + 344:d=6 hl=2 l= 13 prim: UTCTIME :160304214002Z + 359:d=6 hl=2 l= 13 prim: UTCTIME :260302214002Z + 374:d=5 hl=2 l= 27 cons: SEQUENCE + 376:d=6 hl=2 l= 25 cons: SET + 378:d=7 hl=2 l= 23 cons: SEQUENCE + 380:d=8 hl=2 l= 3 prim: OBJECT :commonName + 385:d=8 hl=2 l= 16 prim: PRINTABLESTRING :Test OCSP Signer + 403:d=5 hl=3 l= 159 cons: SEQUENCE + 406:d=6 hl=2 l= 13 cons: SEQUENCE + 408:d=7 hl=2 l= 9 prim: OBJECT :rsaEncryption + 419:d=7 hl=2 l= 0 prim: NULL + 421:d=6 hl=3 l= 141 prim: BIT STRING + 565:d=5 hl=2 l= 23 cons: cont [ 3 ] + 567:d=6 hl=2 l= 21 cons: SEQUENCE + 569:d=7 hl=2 l= 19 cons: SEQUENCE + 571:d=8 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage + 576:d=8 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070309 + 590:d=4 hl=2 l= 13 cons: SEQUENCE + 592:d=5 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 603:d=5 hl=2 l= 0 prim: NULL + 605:d=4 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIC+woBAKCCAvQwggLwBgkrBgEFBQcwAQEEggLhMIIC3TCBgaEdMBsxGTAXBgNVBAMTEFRlc3Q +gT0NTUCBTaWduZXIYDzIwMTYwMzA0MTY0MDAyWjBPME0wODAHBgUrDgMCGgQUAv912iTeit0VD6 +tonczm5mNtCQEEFHc1rLTf57ncglk4G37t8IgrlzU0AgEDgAAYDzIwMTYwMzA0MTY0MDAyWjANB +gkqhkiG9w0BAQUFAAOBgQClgWYlzN9DKHjCisGXYGbagKQmGo2zPi8/pK5zE9YPzDTx0mFP2w6T +ZgrdtYW+e66U6WgtbYbUL1USBAugHy2mbXjeZroHiKRHxBdb17M2ADhqS/tyue4IyuPEGuyhUXt +qvPxIiyXFCNnP4HU0uxcnQK9PMNWQnFlk5aA1ixoQjaCCAcIwggG+MIIBujCCASOgAwIBAgIBAT +ANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE2MDMwNDIxNDAwMloXDTI2M +DMwMjIxNDAwMlowGzEZMBcGA1UEAxMQVGVzdCBPQ1NQIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAr33RA+84nexEDSI0KGSwbWlLiaACkAiVbJQwXoWDqTSKrD1ub376zek9M+5 +WETYka2V0ZwnW9IbJiEpmnn4rKvTdItkHYv7vYK5+9KBi4s8w4aYRECYDdTKc6+0I6ZY/jAXY1Z +xz/rAmfFVvV7roAD2QvVM3f7hUC2uIqQPjXJECAwEAAaMXMBUwEwYDVR0lBAwwCgYIKwYBBQUHA +wkwDQYJKoZIhvcNAQEFBQADgYEAvIZNLVTEHpgj0gKN9x1LvTJJUVSJovny2zI/YBt1HluMNjgM +mTKUearYNJVBlqWKB0xytByOQVgkkPQjJYSTVFguc6ObfKG005OlhNXa2ZDffSn+gmo8NtdOQyD +bz0ydaENNCxpSxr4QXNdOGMiwxN3FSjE1V7v0XdGGsAgrSRw= +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/ocsp_sign_indirect_missing.pem b/net/data/parse_ocsp_unittest/ocsp_sign_indirect_missing.pem new file mode 100644 index 0000000..5286b55 --- /dev/null +++ b/net/data/parse_ocsp_unittest/ocsp_sign_indirect_missing.pem @@ -0,0 +1,123 @@ +Signed indirectly through a missing intermediate +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 309 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 302 cons: cont [ 0 ] + 11:d=2 hl=4 l= 298 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 283 prim: OCTET STRING + 0:d=0 hl=4 l= 279 cons: SEQUENCE + 4:d=1 hl=3 l= 129 cons: SEQUENCE + 7:d=2 hl=2 l= 29 cons: cont [ 1 ] + 9:d=3 hl=2 l= 27 cons: SEQUENCE + 11:d=4 hl=2 l= 25 cons: SET + 13:d=5 hl=2 l= 23 cons: SEQUENCE + 15:d=6 hl=2 l= 3 prim: OBJECT :commonName + 20:d=6 hl=2 l= 16 prim: PRINTABLESTRING :Test OCSP Signer + 38:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 55:d=2 hl=2 l= 79 cons: SEQUENCE + 57:d=3 hl=2 l= 77 cons: SEQUENCE + 59:d=4 hl=2 l= 56 cons: SEQUENCE + 61:d=5 hl=2 l= 7 cons: SEQUENCE + 63:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 70:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 92:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 114:d=5 hl=2 l= 1 prim: INTEGER :03 + 117:d=4 hl=2 l= 0 prim: cont [ 0 ] + 119:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 136:d=1 hl=2 l= 13 cons: SEQUENCE + 138:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 149:d=2 hl=2 l= 0 prim: NULL + 151:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBNQoBAKCCAS4wggEqBgkrBgEFBQcwAQEEggEbMIIBFzCBgaEdMBsxGTAXBgNVBAMTEFRlc3Q +gT0NTUCBTaWduZXIYDzIwMTYwMzA0MTY0MDAyWjBPME0wODAHBgUrDgMCGgQUAv912iTeit0VD6 +tonczm5mNtCQEEFHc1rLTf57ncglk4G37t8IgrlzU0AgEDgAAYDzIwMTYwMzA0MTY0MDAyWjANB +gkqhkiG9w0BAQUFAAOBgQClgWYlzN9DKHjCisGXYGbagKQmGo2zPi8/pK5zE9YPzDTx0mFP2w6T +ZgrdtYW+e66U6WgtbYbUL1USBAugHy2mbXjeZroHiKRHxBdb17M2ADhqS/tyue4IyuPEGuyhUXt +qvPxIiyXFCNnP4HU0uxcnQK9PMNWQnFlk5aA1ixoQjQ== +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/other_response.pem b/net/data/parse_ocsp_unittest/other_response.pem new file mode 100644 index 0000000..e151cac --- /dev/null +++ b/net/data/parse_ocsp_unittest/other_response.pem @@ -0,0 +1,135 @@ +Is a response for a different cert +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 397 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 390 cons: cont [ 0 ] + 11:d=2 hl=4 l= 386 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 371 prim: OCTET STRING + 0:d=0 hl=4 l= 367 cons: SEQUENCE + 4:d=1 hl=3 l= 217 cons: SEQUENCE + 7:d=2 hl=2 l= 20 cons: cont [ 1 ] + 9:d=3 hl=2 l= 18 cons: SEQUENCE + 11:d=4 hl=2 l= 16 cons: SET + 13:d=5 hl=2 l= 14 cons: SEQUENCE + 15:d=6 hl=2 l= 3 prim: OBJECT :commonName + 20:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 29:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 46:d=2 hl=3 l= 175 cons: SEQUENCE + 49:d=3 hl=2 l= 77 cons: SEQUENCE + 51:d=4 hl=2 l= 56 cons: SEQUENCE + 53:d=5 hl=2 l= 7 cons: SEQUENCE + 55:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 62:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:99D6B1D2B9004AD4235ABC2407F6A911CF4744F5 + 84:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:47901C53047CFFA389F6D500D49AA1D45500EB94 + 106:d=5 hl=2 l= 1 prim: INTEGER :04 + 109:d=4 hl=2 l= 0 prim: cont [ 0 ] + 111:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 128:d=3 hl=2 l= 94 cons: SEQUENCE + 130:d=4 hl=2 l= 56 cons: SEQUENCE + 132:d=5 hl=2 l= 7 cons: SEQUENCE + 134:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 141:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:99D6B1D2B9004AD4235ABC2407F6A911CF4744F5 + 163:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:47901C53047CFFA389F6D500D49AA1D45500EB94 + 185:d=5 hl=2 l= 1 prim: INTEGER :04 + 188:d=4 hl=2 l= 17 cons: cont [ 1 ] + 190:d=5 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 207:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 224:d=1 hl=2 l= 13 cons: SEQUENCE + 226:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 237:d=2 hl=2 l= 0 prim: NULL + 239:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBjQoBAKCCAYYwggGCBgkrBgEFBQcwAQEEggFzMIIBbzCB2aEUMBIxEDAOBgNVBAMTB1Rlc3Q +gQ0EYDzIwMTYwMzA0MTY0MDAyWjCBrzBNMDgwBwYFKw4DAhoEFJnWsdK5AErUI1q8JAf2qRHPR0 +T1BBRHkBxTBHz/o4n21QDUmqHUVQDrlAIBBIAAGA8yMDE2MDMwNDE2NDAwMlowXjA4MAcGBSsOA +wIaBBSZ1rHSuQBK1CNavCQH9qkRz0dE9QQUR5AcUwR8/6OJ9tUA1Jqh1FUA65QCAQShERgPMjAx +NjAzMDQxNjQwMDJaGA8yMDE2MDMwNDE2NDAwMlowDQYJKoZIhvcNAQEFBQADgYEAYr+5Vsn/I0Z +bEqIJbRm1hkZE8MFTkxvz+CArS+1FaBnGt+FUTiv8o6XDKDSgZmvAfPpgy5PSoK7cJ5H8Rp09BK +SLGCeCWF/Kmv2EWGV8RspRFP5CmNYmbjayU0OOSUyNTQFHmmB90/2t1i7wwcLl7tbW4EuFdpBZ5 +hZSLXpsS6U= +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/responder_id.pem b/net/data/parse_ocsp_unittest/responder_id.pem new file mode 100644 index 0000000..13fed4f --- /dev/null +++ b/net/data/parse_ocsp_unittest/responder_id.pem @@ -0,0 +1,119 @@ +Uses byKey to identify the signer +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 301 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 294 cons: cont [ 0 ] + 11:d=2 hl=4 l= 290 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 275 prim: OCTET STRING + 0:d=0 hl=4 l= 271 cons: SEQUENCE + 4:d=1 hl=2 l= 122 cons: SEQUENCE + 6:d=2 hl=2 l= 22 cons: cont [ 2 ] + 8:d=3 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 30:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 47:d=2 hl=2 l= 79 cons: SEQUENCE + 49:d=3 hl=2 l= 77 cons: SEQUENCE + 51:d=4 hl=2 l= 56 cons: SEQUENCE + 53:d=5 hl=2 l= 7 cons: SEQUENCE + 55:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 62:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 84:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 106:d=5 hl=2 l= 1 prim: INTEGER :03 + 109:d=4 hl=2 l= 0 prim: cont [ 0 ] + 111:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 128:d=1 hl=2 l= 13 cons: SEQUENCE + 130:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 141:d=2 hl=2 l= 0 prim: NULL + 143:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBLQoBAKCCASYwggEiBgkrBgEFBQcwAQEEggETMIIBDzB6ohYEFHc1rLTf57ncglk4G37t8Ig +rlzU0GA8yMDE2MDMwNDE2NDAwMlowTzBNMDgwBwYFKw4DAhoEFAL/ddok3ordFQ+raJ3M5uZjbQ +kBBBR3Nay03+e53IJZOBt+7fCIK5c1NAIBA4AAGA8yMDE2MDMwNDE2NDAwMlowDQYJKoZIhvcNA +QEFBQADgYEAlBfILkufybGfg0K/0dK5o+xVYsra4kyHHfeGe2+X7Ie/QL88dafZRqycraUmO+Yv +uqKgLMOUsMJCaWo/leyiAUVFcDa8NzcEWUiqPFtPzq4YSfnHoUIyzHliJMx1//Q9f6HtMAUqBk8 +FaET1SGuZB46eW0cck0ZgeNFT3rOmOno= +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/responder_name.pem b/net/data/parse_ocsp_unittest/responder_name.pem new file mode 100644 index 0000000..45293ad --- /dev/null +++ b/net/data/parse_ocsp_unittest/responder_name.pem @@ -0,0 +1,123 @@ +Uses byName to identify the signer +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 299 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 292 cons: cont [ 0 ] + 11:d=2 hl=4 l= 288 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 273 prim: OCTET STRING + 0:d=0 hl=4 l= 269 cons: SEQUENCE + 4:d=1 hl=2 l= 120 cons: SEQUENCE + 6:d=2 hl=2 l= 20 cons: cont [ 1 ] + 8:d=3 hl=2 l= 18 cons: SEQUENCE + 10:d=4 hl=2 l= 16 cons: SET + 12:d=5 hl=2 l= 14 cons: SEQUENCE + 14:d=6 hl=2 l= 3 prim: OBJECT :commonName + 19:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 28:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 45:d=2 hl=2 l= 79 cons: SEQUENCE + 47:d=3 hl=2 l= 77 cons: SEQUENCE + 49:d=4 hl=2 l= 56 cons: SEQUENCE + 51:d=5 hl=2 l= 7 cons: SEQUENCE + 53:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 60:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 82:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 104:d=5 hl=2 l= 1 prim: INTEGER :03 + 107:d=4 hl=2 l= 0 prim: cont [ 0 ] + 109:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 126:d=1 hl=2 l= 13 cons: SEQUENCE + 128:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 139:d=2 hl=2 l= 0 prim: NULL + 141:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBKwoBAKCCASQwggEgBgkrBgEFBQcwAQEEggERMIIBDTB4oRQwEjEQMA4GA1UEAxMHVGVzdCB +DQRgPMjAxNjAzMDQxNjQwMDJaME8wTTA4MAcGBSsOAwIaBBQC/3XaJN6K3RUPq2idzObmY20JAQ +QUdzWstN/nudyCWTgbfu3wiCuXNTQCAQOAABgPMjAxNjAzMDQxNjQwMDJaMA0GCSqGSIb3DQEBB +QUAA4GBAEaH8xtlTUtrtKBa/dKPjWhP5dl+FQMVmCpKVGYVkh+mq/mltWcFgqmVr2uMuCngTIXg +xXd9xzvdjl3Y8PqbFXd2267ZQ5JWLkyU1FFxOYRQsjNZD45AnPmXUeHTJ+KqvmIoduFMc2O42RK +/bUfjrcMZcpbblnbPReAfYUsUaiCE +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/revoke_response.pem b/net/data/parse_ocsp_unittest/revoke_response.pem new file mode 100644 index 0000000..dfeb6b1 --- /dev/null +++ b/net/data/parse_ocsp_unittest/revoke_response.pem @@ -0,0 +1,124 @@ +Is a REVOKE response for the cert +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 317 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 310 cons: cont [ 0 ] + 11:d=2 hl=4 l= 306 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 291 prim: OCTET STRING + 0:d=0 hl=4 l= 287 cons: SEQUENCE + 4:d=1 hl=3 l= 137 cons: SEQUENCE + 7:d=2 hl=2 l= 20 cons: cont [ 1 ] + 9:d=3 hl=2 l= 18 cons: SEQUENCE + 11:d=4 hl=2 l= 16 cons: SET + 13:d=5 hl=2 l= 14 cons: SEQUENCE + 15:d=6 hl=2 l= 3 prim: OBJECT :commonName + 20:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 29:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 46:d=2 hl=2 l= 96 cons: SEQUENCE + 48:d=3 hl=2 l= 94 cons: SEQUENCE + 50:d=4 hl=2 l= 56 cons: SEQUENCE + 52:d=5 hl=2 l= 7 cons: SEQUENCE + 54:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 61:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 83:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 105:d=5 hl=2 l= 1 prim: INTEGER :03 + 108:d=4 hl=2 l= 17 cons: cont [ 1 ] + 110:d=5 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 127:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 144:d=1 hl=2 l= 13 cons: SEQUENCE + 146:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 157:d=2 hl=2 l= 0 prim: NULL + 159:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBPQoBAKCCATYwggEyBgkrBgEFBQcwAQEEggEjMIIBHzCBiaEUMBIxEDAOBgNVBAMTB1Rlc3Q +gQ0EYDzIwMTYwMzA0MTY0MDAyWjBgMF4wODAHBgUrDgMCGgQUAv912iTeit0VD6tonczm5mNtCQ +EEFHc1rLTf57ncglk4G37t8IgrlzU0AgEDoREYDzIwMTYwMzA0MTY0MDAyWhgPMjAxNjAzMDQxN +jQwMDJaMA0GCSqGSIb3DQEBBQUAA4GBAA1dkQpeYy4+X5lBJfNwWY7W9AKtDHgLzI4kxhGmPfsF +EGVlnyrHpTHP04csXfnW4oF/xK5wpN+3jMDNxoShEZR/OBcfGw0XDZm8ttSOAjHeloPpnO3ozTq +Zvw+sMIEpWuygFcYMHJ7CnJycYS01A+is5GqCBuRyvXCxv5bVrEu4 +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/revoke_response_reason.pem b/net/data/parse_ocsp_unittest/revoke_response_reason.pem new file mode 100644 index 0000000..0abcecf --- /dev/null +++ b/net/data/parse_ocsp_unittest/revoke_response_reason.pem @@ -0,0 +1,126 @@ +Is a REVOKE response for the cert with a reason +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 322 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 315 cons: cont [ 0 ] + 11:d=2 hl=4 l= 311 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 296 prim: OCTET STRING + 0:d=0 hl=4 l= 292 cons: SEQUENCE + 4:d=1 hl=3 l= 142 cons: SEQUENCE + 7:d=2 hl=2 l= 20 cons: cont [ 1 ] + 9:d=3 hl=2 l= 18 cons: SEQUENCE + 11:d=4 hl=2 l= 16 cons: SET + 13:d=5 hl=2 l= 14 cons: SEQUENCE + 15:d=6 hl=2 l= 3 prim: OBJECT :commonName + 20:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 29:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 46:d=2 hl=2 l= 101 cons: SEQUENCE + 48:d=3 hl=2 l= 99 cons: SEQUENCE + 50:d=4 hl=2 l= 56 cons: SEQUENCE + 52:d=5 hl=2 l= 7 cons: SEQUENCE + 54:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 61:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 83:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 105:d=5 hl=2 l= 1 prim: INTEGER :03 + 108:d=4 hl=2 l= 22 cons: cont [ 1 ] + 110:d=5 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 127:d=5 hl=2 l= 3 cons: cont [ 0 ] + 129:d=6 hl=2 l= 1 prim: ENUMERATED :01 + 132:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 149:d=1 hl=2 l= 13 cons: SEQUENCE + 151:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 162:d=2 hl=2 l= 0 prim: NULL + 164:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBQgoBAKCCATswggE3BgkrBgEFBQcwAQEEggEoMIIBJDCBjqEUMBIxEDAOBgNVBAMTB1Rlc3Q +gQ0EYDzIwMTYwMzA0MTY0MDAyWjBlMGMwODAHBgUrDgMCGgQUAv912iTeit0VD6tonczm5mNtCQ +EEFHc1rLTf57ncglk4G37t8IgrlzU0AgEDoRYYDzIwMTYwMzA0MTY0MDAyWqADCgEBGA8yMDE2M +DMwNDE2NDAwMlowDQYJKoZIhvcNAQEFBQADgYEAdJ2fItNUjBLpAUqtph3z6OGWnlilggMBSayg +rAWg/BgxKgxoBv/WXMKgjWKJw2/+gdqXsiXxQiunSvCKK4t7ghhTvelofc5R1KUO3zPU95tsMPX +r1PXdp0BSkt+03qWhiB3xyIboZJp1esjcnGnBC3lQD39V7n28AXW+17n73/Q= +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/data/parse_ocsp_unittest/unknown_response.pem b/net/data/parse_ocsp_unittest/unknown_response.pem new file mode 100644 index 0000000..f19d37a --- /dev/null +++ b/net/data/parse_ocsp_unittest/unknown_response.pem @@ -0,0 +1,123 @@ +Is an UNKNOWN response for the cert +$ openssl asn1parse -i < [OCSP RESPONSE] + 0:d=0 hl=4 l= 299 cons: SEQUENCE + 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 + 7:d=1 hl=4 l= 292 cons: cont [ 0 ] + 11:d=2 hl=4 l= 288 cons: SEQUENCE + 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response + 26:d=3 hl=4 l= 273 prim: OCTET STRING + 0:d=0 hl=4 l= 269 cons: SEQUENCE + 4:d=1 hl=2 l= 120 cons: SEQUENCE + 6:d=2 hl=2 l= 20 cons: cont [ 1 ] + 8:d=3 hl=2 l= 18 cons: SEQUENCE + 10:d=4 hl=2 l= 16 cons: SET + 12:d=5 hl=2 l= 14 cons: SEQUENCE + 14:d=6 hl=2 l= 3 prim: OBJECT :commonName + 19:d=6 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 28:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 45:d=2 hl=2 l= 79 cons: SEQUENCE + 47:d=3 hl=2 l= 77 cons: SEQUENCE + 49:d=4 hl=2 l= 56 cons: SEQUENCE + 51:d=5 hl=2 l= 7 cons: SEQUENCE + 53:d=6 hl=2 l= 5 prim: OBJECT :sha1 + 60:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 + 82:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 + 104:d=5 hl=2 l= 1 prim: INTEGER :03 + 107:d=4 hl=2 l= 0 prim: cont [ 2 ] + 109:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z + 126:d=1 hl=2 l= 13 cons: SEQUENCE + 128:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 139:d=2 hl=2 l= 0 prim: NULL + 141:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN OCSP RESPONSE----- +MIIBKwoBAKCCASQwggEgBgkrBgEFBQcwAQEEggERMIIBDTB4oRQwEjEQMA4GA1UEAxMHVGVzdCB +DQRgPMjAxNjAzMDQxNjQwMDJaME8wTTA4MAcGBSsOAwIaBBQC/3XaJN6K3RUPq2idzObmY20JAQ +QUdzWstN/nudyCWTgbfu3wiCuXNTQCAQOCABgPMjAxNjAzMDQxNjQwMDJaMA0GCSqGSIb3DQEBB +QUAA4GBADKSl26nGkptHNremzcuCoEVLVCrOT7EjBpbCktlga4QNAuMaOCwWccIa+yfxCQ1O04M +jx0vbOWqTSZG/dRCgJYzGV007KNKxEOuQALdwtjrjNg89VZ+VaDp/zJEGO5LqOUdawiwbVxjQK1 +hcwGkVxiFuibzzZKeQf2/xf3jaMWy +-----END OCSP RESPONSE----- + +$ openssl asn1parse -i < [CA CERTIFICATE] + 0:d=0 hl=4 l= 408 cons: SEQUENCE + 4:d=1 hl=4 l= 257 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :00 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 18 cons: SEQUENCE + 85:d=3 hl=2 l= 16 cons: SET + 87:d=4 hl=2 l= 14 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 103:d=2 hl=3 l= 159 cons: SEQUENCE + 106:d=3 hl=2 l= 13 cons: SEQUENCE + 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 119:d=4 hl=2 l= 0 prim: NULL + 121:d=3 hl=3 l= 141 prim: BIT STRING + 265:d=1 hl=2 l= 13 cons: SEQUENCE + 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 278:d=2 hl=2 l= 0 prim: NULL + 280:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CA CERTIFICATE----- +MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk +iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC +RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU +7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO +BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM +RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO +cgZFERfCNWbcx2a3WYVJCGoUw== +-----END CA CERTIFICATE----- + +$ openssl asn1parse -i < [CERTIFICATE] + 0:d=0 hl=4 l= 410 cons: SEQUENCE + 4:d=1 hl=4 l= 259 cons: SEQUENCE + 8:d=2 hl=2 l= 3 cons: cont [ 0 ] + 10:d=3 hl=2 l= 1 prim: INTEGER :02 + 13:d=2 hl=2 l= 1 prim: INTEGER :03 + 16:d=2 hl=2 l= 13 cons: SEQUENCE + 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 29:d=3 hl=2 l= 0 prim: NULL + 31:d=2 hl=2 l= 18 cons: SEQUENCE + 33:d=3 hl=2 l= 16 cons: SET + 35:d=4 hl=2 l= 14 cons: SEQUENCE + 37:d=5 hl=2 l= 3 prim: OBJECT :commonName + 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA + 51:d=2 hl=2 l= 30 cons: SEQUENCE + 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z + 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z + 83:d=2 hl=2 l= 20 cons: SEQUENCE + 85:d=3 hl=2 l= 18 cons: SET + 87:d=4 hl=2 l= 16 cons: SEQUENCE + 89:d=5 hl=2 l= 3 prim: OBJECT :commonName + 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert + 105:d=2 hl=3 l= 159 cons: SEQUENCE + 108:d=3 hl=2 l= 13 cons: SEQUENCE + 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption + 121:d=4 hl=2 l= 0 prim: NULL + 123:d=3 hl=3 l= 141 prim: BIT STRING + 267:d=1 hl=2 l= 13 cons: SEQUENCE + 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 280:d=2 hl=2 l= 0 prim: NULL + 282:d=1 hl=3 l= 129 prim: BIT STRING +-----BEGIN CERTIFICATE----- +MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE +2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS +qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI +ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d +jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU +AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl +3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V +42JEeS36VZs/yhLupvaLx9PcRwM +-----END CERTIFICATE----- diff --git a/net/der/parser.cc b/net/der/parser.cc index 6419549..0cb2600 100644 --- a/net/der/parser.cc +++ b/net/der/parser.cc @@ -179,6 +179,13 @@ bool Parser::ReadSequence(Parser* out) { return ReadConstructed(kSequence, out); } +bool Parser::ReadUint8(uint8_t* out) { + Input encoded_int; + if (!ReadTag(kInteger, &encoded_int)) + return false; + return ParseUint8(encoded_int, out); +} + bool Parser::ReadUint64(uint64_t* out) { Input encoded_int; if (!ReadTag(kInteger, &encoded_int)) @@ -193,6 +200,13 @@ bool Parser::ReadBitString(BitString* bit_string) { return ParseBitString(value, bit_string); } +bool Parser::ReadGeneralizedTime(GeneralizedTime* out) { + Input value; + if (!ReadTag(kGeneralizedTime, &value)) + return false; + return ParseGeneralizedTime(value, out); +} + } // namespace der } // namespace net diff --git a/net/der/parser.h b/net/der/parser.h index 2192371..d18728e 100644 --- a/net/der/parser.h +++ b/net/der/parser.h @@ -19,6 +19,7 @@ namespace net { namespace der { class BitString; +struct GeneralizedTime; // Parses a DER-encoded ASN.1 structure. DER (distinguished encoding rules) // encodes each data value with a tag, length, and value (TLV). The tag @@ -146,10 +147,19 @@ class NET_EXPORT Parser { // to be 0x30 (SEQUENCE). bool ReadSequence(Parser* out) WARN_UNUSED_RESULT; + // Expects the current tag to be kInteger, and calls ParseUint8 on the + // current value. Note that DER-encoded integers are arbitrary precision, + // so this method will fail for valid input that represents an integer + // outside the range of an uint8_t. + // + // Note that on failure the Parser is left in an undefined state (the + // input may or may not have been advanced). + bool ReadUint8(uint8_t* out) WARN_UNUSED_RESULT; + // Expects the current tag to be kInteger, and calls ParseUint64 on the // current value. Note that DER-encoded integers are arbitrary precision, // so this method will fail for valid input that represents an integer - // outside the range of an int64_t. + // outside the range of an uint64_t. // // Note that on failure the Parser is left in an undefined state (the // input may or may not have been advanced). @@ -161,6 +171,12 @@ class NET_EXPORT Parser { // input may or may not have been advanced). bool ReadBitString(BitString* out) WARN_UNUSED_RESULT; + // Reads a GeneralizeTime. On success fills |out| and returns true. + // + // Note that on failure the Parser is left in an undefined state (the + // input may or may not have been advanced). + bool ReadGeneralizedTime(GeneralizedTime* out) WARN_UNUSED_RESULT; + // Lower level methods. The previous methods couple reading data from the // input with advancing the Parser's internal pointer to the next TLV; these // lower level methods decouple those two steps into methods that read from diff --git a/net/net.gyp b/net/net.gyp index c50c4f6..d4eff8e 100644 --- a/net/net.gyp +++ b/net/net.gyp @@ -358,6 +358,7 @@ 'data/certificate_policies_unittest/', 'data/name_constraints_unittest/', 'data/parse_certificate_unittest/', + 'data/parse_ocsp_unittest/', 'data/ssl/certificates/', 'data/test.html', 'data/url_request_unittest/', diff --git a/net/net.gypi b/net/net.gypi index b6efc17..5b48ac9 100644 --- a/net/net.gypi +++ b/net/net.gypi @@ -103,6 +103,8 @@ 'cert/internal/parse_certificate.h', 'cert/internal/parse_name.cc', 'cert/internal/parse_name.h', + 'cert/internal/parse_ocsp.h', + 'cert/internal/parse_ocsp.cc', 'cert/internal/signature_algorithm.cc', 'cert/internal/signature_algorithm.h', 'cert/internal/signature_policy.cc', @@ -1395,6 +1397,7 @@ 'cert/internal/nist_pkits_unittest.h', 'cert/internal/parse_certificate_unittest.cc', 'cert/internal/parse_name_unittest.cc', + 'cert/internal/parse_ocsp_unittest.cc', 'cert/internal/signature_algorithm_unittest.cc', 'cert/internal/test_helpers.cc', 'cert/internal/test_helpers.h', |