pax_global_header00006660000000000000000000000064145364276060014527gustar00rootroot0000000000000052 comment=a749639840ea8b2863875850886e5498b734da4a certvalidator-0.26.3/000077500000000000000000000000001453642760600144625ustar00rootroot00000000000000certvalidator-0.26.3/.git-blame-ignore-revs000066400000000000000000000000611453642760600205570ustar00rootroot00000000000000# black 046670b4db337749691192dd35ca1eedfbde9024 certvalidator-0.26.3/.github/000077500000000000000000000000001453642760600160225ustar00rootroot00000000000000certvalidator-0.26.3/.github/dependabot.yml000066400000000000000000000006771453642760600206640ustar00rootroot00000000000000version: 2 updates: - package-ecosystem: "github-actions" directory: "/" schedule: interval: "weekly" day: "sunday" time: "22:00" timezone: "UTC" - package-ecosystem: "pip" directory: "/" schedule: interval: "monthly" day: "sunday" time: "22:00" timezone: "UTC" ignore: - dependency-name: "*" # don't suggest major version upgrades by default update-types: ["version-update:semver-major"] certvalidator-0.26.3/.github/gh-release-template.md000066400000000000000000000004401453642760600221670ustar00rootroot00000000000000The release artifacts have been published to [PyPI](https://pypi.org/project/pyhanko-certvalidator/:VERSION). ## Change log The release notes for the :VERSION release have been included in the [changelog file](https://github.com/MatthiasValvekens/certvalidator/blob/master/changelog.md)certvalidator-0.26.3/.github/stale.yml000066400000000000000000000011631453642760600176560ustar00rootroot00000000000000staleLabel: stale closeComment: false exemptLabels: - pinned - security - help wanted pulls: daysUntilStale: 21 daysUntilClose: 14 markComment: > This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions! issues: daysUntilStale: 60 daysUntilClose: 14 markComment: > This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions! certvalidator-0.26.3/.github/workflows/000077500000000000000000000000001453642760600200575ustar00rootroot00000000000000certvalidator-0.26.3/.github/workflows/build-pipeline.yml000066400000000000000000000061101453642760600235020ustar00rootroot00000000000000name: CI pipeline on: push: branches: [ master, "release/*", "maintenance/*", "ci/*", "ci-*" ] pull_request: branches: [ master ] workflow_call: secrets: {} outputs: hashes: description: "Hashes of the artifacts that were built" value: ${{ jobs.build.outputs.hashes }} permissions: actions: read contents: read env: MAIN_PYTHON_VERSION: "3.10" jobs: build: runs-on: ubuntu-22.04 outputs: hashes: ${{ steps.artifact-hashes.outputs.hashes }} steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: ${{ env.MAIN_PYTHON_VERSION }} - name: Install build tools run: pip install --upgrade build setuptools pip wheel - name: build run: python -m build - name: Record release artifact hashes id: artifact-hashes run: cd dist && echo "hashes=$(sha256sum * | base64 -w0)" >> "$GITHUB_OUTPUT" - name: Upload dist artifacts uses: actions/upload-artifact@v3 with: name: pyhanko-certvalidator-dist path: dist/ pytest-coverage: runs-on: ubuntu-22.04 needs: build strategy: matrix: python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"] steps: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Download dist artifacts uses: actions/download-artifact@v3 with: name: pyhanko-certvalidator-dist path: dist/ - name: Disable Python problem matchers shell: bash # we remove setup-python's problem matchers because # they aren't really an asset given the way pyhanko-certvalidator is tested run: echo "::remove-matcher owner=python::" - name: Install Python dependencies shell: bash run: | python -m pip install --upgrade pip WHEEL=(dist/*.whl) REQ="${WHEEL[0]}[testing]" python -m pip install $REQ - name: Test with pytest run: python -m pytest --cov=./ --cov-report=xml:python-${{ matrix.python-version }}-coverage.xml - name: Stash coverage report uses: actions/upload-artifact@v3 with: name: coverage path: "*-coverage.xml" codecov-upload: runs-on: ubuntu-22.04 needs: pytest-coverage steps: # checkout necessary to ensure the uploaded report contains the correct paths - uses: actions/checkout@v4 - name: Retrieve coverage reports uses: actions/download-artifact@v3 with: name: coverage path: ./reports/ - name: Upload all coverage reports to Codecov uses: codecov/codecov-action@v3 with: directory: ./reports/ flags: unittests env_vars: OS,PYTHON name: codecov-umbrella - name: Clean up coverage reports uses: GeekyEggo/delete-artifact@v2 with: name: coverage certvalidator-0.26.3/.github/workflows/release.yml000066400000000000000000000103561453642760600222270ustar00rootroot00000000000000name: Publish release on: workflow_dispatch: inputs: environment: type: environment description: "Environment in which to execute the release process" push: branches: [ "ci/*", "ci-*" ] jobs: ci: name: Run CI pipeline uses: MatthiasValvekens/certvalidator/.github/workflows/build-pipeline.yml@master permissions: actions: read contents: read find-env: name: Determine target environment runs-on: ubuntu-latest permissions: {} outputs: publish-env: ${{ steps.setenv.outputs.envname }} release-version: ${{ steps.getversion.outputs.version }} steps: - id: setenv run: | if [[ $GITHUB_EVENT_NAME == 'release' ]]; then echo envname=release >> "$GITHUB_OUTPUT" elif [[ $GITHUB_EVENT_NAME == 'push' ]]; then # at times it may be convenient to temporarily turn on release-on-push # for testing purposes, so leaving this line in helps make that smoother echo envname=test-release >> "$GITHUB_OUTPUT" elif [[ $GITHUB_EVENT_NAME == 'workflow_dispatch' ]]; then echo "envname=${{ inputs.environment }}" >> "$GITHUB_OUTPUT" else echo "Cannot run release workflow for trigger event $GITHUB_EVENT_NAME" exit 1 fi cat "$GITHUB_OUTPUT" - uses: actions/checkout@v4 - name: Get version information id: getversion run: | set -eo pipefail grep __version__ < pyhanko_certvalidator/version.py \ | sed "s/__version__ = '\(.*\)'/version=\1/" >> "$GITHUB_OUTPUT" - name: Generate release body run: | sed "s/:VERSION/$VERSION/g" < .github/gh-release-template.md > release.md cat release.md env: VERSION: ${{ steps.getversion.outputs.version }} - name: Upload release body uses: actions/upload-artifact@v3 with: name: release-body path: release.md provenance: name: Generate SLSA provenance data needs: [ci] permissions: actions: read id-token: write contents: write # https://github.com/slsa-framework/slsa-github-generator/issues/2044 :( uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.ci.outputs.hashes }}" upload-assets: false provenance-name: multiple.intoto.jsonl publish: name: Publish release artifacts needs: [provenance, find-env] runs-on: ubuntu-latest environment: ${{ needs.find-env.outputs.publish-env }} permissions: # we use PyPI's trusted publisher model -> expose identity token id-token: write # we want to add sigstore's artifacts to the release on GitHub contents: write steps: - name: Download dist artifacts uses: actions/download-artifact@v3 with: name: pyhanko-certvalidator-dist path: dist/ - name: Download provenance data uses: actions/download-artifact@v3 with: name: multiple.intoto.jsonl path: provenance/ - name: Download release body uses: actions/download-artifact@v3 with: name: release-body path: release-body - name: Upload to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: repository-url: ${{ vars.REPOSITORY_URL }} - name: Sign with sigstore uses: sigstore/gh-action-sigstore-python@v2.1.0 with: inputs: ./dist/* # useful to inspect workflow artifacts in test runs upload-signing-artifacts: true # Append only the .sigstore bundle, # the .sig suffix conflicts with my own GPG signatures bundle-only: true - name: Create GitHub release if: needs.find-env.outputs.publish-env == 'release' && startsWith(github.ref, 'refs/tags/') uses: softprops/action-gh-release@v1 with: files: | dist/*.whl dist/*.tar.gz dist/*.sigstore provenance/multiple.intoto.jsonl body_path: release-body/release.md fail_on_unmatched_files: true prerelease: true name: pyhanko-certvalidator ${{ needs.extract-params.outputs.release-version }} certvalidator-0.26.3/.github/workflows/static-analysis.yml000066400000000000000000000013521453642760600237130ustar00rootroot00000000000000name: Static analysis on: ["push", "pull_request"] permissions: actions: read contents: read jobs: lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 - run: pip install --upgrade pip isort black - name: Check import order run: isort --profile black --line-length 80 --check pyhanko_certvalidator tests - name: Run Black run: black -S --line-length 80 --check pyhanko_certvalidator tests mypy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: jpetrucciani/mypy-check@0.991 with: path: pyhanko_certvalidator requirements: "-e .[mypy] --config-settings editable_mode=strict" certvalidator-0.26.3/.gitignore000066400000000000000000000002051453642760600164470ustar00rootroot00000000000000*.egg-info/ .tox/ .eggs/ __pycache__/ build/ dist/ tests/output/ *.pyc .coverage .DS_Store .python-version coverage.xml .idea *.swp certvalidator-0.26.3/LICENSE000066400000000000000000000021621453642760600154700ustar00rootroot00000000000000Copyright (c) 2015-2018 Will Bond Copyright (c) 2020-2023 Matthias Valvekens Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. certvalidator-0.26.3/README.md000066400000000000000000000070311453642760600157420ustar00rootroot00000000000000# certvalidator This library started as a fork of [wbond/certvalidator](https://github.com/wbond/certvalidator) with patches for [pyHanko](https://github.com/MatthiasValvekens/pyHanko), but has since diverged considerably from its parent repository. Bugs and questions regarding this library should be asked in the [pyHanko repository](https://github.com/MatthiasValvekens/pyHanko/discussions) rather than here. `pyhanko-certvalidator` is a Python library for validating X.509 certificates paths. It supports various options, including: validation at a specific moment in time, whitelisting and revocation checks. - [Features](#features) - [Current Release](#current-release) - [Installation](#installation) - [License](#license) - [Documentation](#documentation) - [Continuous Integration](#continuous-integration) - [Testing](#testing) ## Features - X.509 path building - X.509 basic path validation - Signatures - RSA (including PSS padding), DSA, ECDSA and EdDSA algorithms. - Name chaining - Validity dates - Basic constraints extension - CA flag - Path length constraint - Key usage extension - Extended key usage extension - Certificate policies - Policy constraints - Policy mapping - Inhibit anyPolicy - Failure on unknown/unsupported critical extensions - TLS/SSL server validation - Whitelisting certificates - Blacklisting hash algorithms - Revocation checks - CRLs - Indirect CRLs - Delta CRLs - OCSP checks - Delegated OCSP responders - Disable, require or allow soft failures - Caching of CRLs/OCSP responses - CRL and OCSP HTTP clients - Point-in-time validation - Name constraints - Attribute certificate support ## Current Release ![pypi](https://img.shields.io/pypi/v/pyhanko-certvalidator.svg) - [changelog](changelog.md) ## Dependencies - *asn1crypto* - *cryptography* - *uritools* - *oscrypto* - *requests* or *aiohttp* (use the latter for more efficient asyncio, requires resource management) - Python 3.7 or higher ### Note on compatibility Starting with `pyhanko-certvalidator` version `0.17.0`, the library has been refactored to use asynchronous I/O as much as possible. Most high-level API entrypoints can still be used synchronously, but have been deprecated in favour of their asyncio equivalents. As part of this move, the OCSP and CRL clients now have two separate implementations: a `requests`-based one, and an `aiohttp`-based one. The latter is probably more performant, but requires more resource management efforts on the caller's part, which was impossible to implement without making major breaking changes to the public API that would make the migration path more complicated. Therefore, the `requests`-based fetcher will remain the default for the time being. ## Installation ```bash pip install pyhanko-certvalidator ``` ## License *certvalidator* is licensed under the terms of the MIT license. See the [LICENSE](LICENSE) file for the exact license text. ## Testing ### Test framework Tests are written using `pytest` and require an asynchronous test case backend such as `pytest-asyncio`. ### Test cases The test cases for the library are comprised of: - [Public Key Interoperability Test Suite from NIST](http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html) - [OCSP tests from OpenSSL](https://github.com/openssl/openssl/blob/master/test/recipes/80-test_ocsp.t) - Various certificates generated for TLS certificate validation Existing releases can be found at https://pypi.org/project/pyhanko-certvalidator. certvalidator-0.26.3/changelog.md000066400000000000000000000267671453642760600167550ustar00rootroot00000000000000# changelog ## 0.26.3 - Bump `aiohttp` requirement to `>=3.8,<3.10`. - Address two certificate fetching issues (see PR #13) - Tolerate CMS certificate-only message in response without `Content-Type`. - Deal with implicit reliance on order of certs when processing such messages. ## 0.26.2 - Bump some dependency versions. ## 0.26.1 - Handle nonspecific OCSP validation errors cleanly during validation. ## 0.26.0 - Fix error reporting on banned algorithms in some cases - Allow caller to assert revocation status of a cert - More refined POE information tracking in experimental AdES API ## 0.25.0 - Introduce a more precise error type to signal stale revocation information (see PR #11) ## 0.24.1 - Ignore content types altogether when fetching certificates and the response payload is PEM (see PR #9) ## 0.24.0 - Further increase leniency regarding content types when fetching certificates on-the-fly - Add SLSA provenance data to releases - Various updates in test dependencies and CI workflow dependencies. ## 0.23.0 - Improve processing of OCSP responses without `nextUpdate` - Some more package metadata & release flow tweaks ## 0.22.0 - No implementation changes compared to `0.21.2` - Renamed `async_http` dependency group to `async-http`. - Move towards automated GitHub Actions-based release flow as a move towards better process standardisation. - Sign release artifacts with Sigstore. ## 0.21.2 - Fix a typing issue caused by a typo in the `requests` cert fetcher. - Removed a piece of misbehaving and duplicative logic in the revocation freshness checker. ## 0.21.1 - Fix `DisallowedAlgorithmError` parameters. - Preserve timestamp info in expiration-related errors. - Disable algo enforcement in prima facie past validation checks. - Correct a misunderstanding in the interaction between the AdES code and the old "retroactive revinfo" setting. ## 0.21.0 - Switch to `pyproject.toml` to manage project metadata. - Path validation errors now carry information about the paths that triggered them. - `InvalidCertificateError` is no longer a subclass of `PathValidationError`, only of `ValidationError`. This is a minor but nonetheless breaking change. ## 0.20.1 Minor maintenance release without functional changes, only to metadata, documentation and typing. ## 0.20.0 This is a big release, with many breaking changes in the "deeper" APIs. The impact on the high-level API should be small to nonexistent, but caution when upgrading is advised. - More uniform and machine-processable errors. - Move towards a setup using "policy objects" that can be used to construct `ValidationContext`s in a systematic way. - Move revinfo gathering to a separate revinfo manager class. Some arguably internal methods on `ValidationContext` were moved to the `RevinfoManager` class. - Incubating API for AdES validation primitives (freshness, POE handling, more sophisticated revinfo gathering, time slide) and some certificate-related validation routines. - Introduce a more fully-fledged API to manage permissible algorithms. - Broaden trust root provisioning beyond certificates: trust roots can now have qualifiers, and be provisioned as a name-key pair as opposed to a (self-signed) certificate. This implies breaking changes for `ValidationPath`. In general, issuance semantics in the internals are now expressed through the `Authority` API as much as possible. - In the same vein, `CertificateRegistry` was refactored into `TrustManager`, `CertificateRegistry` and `PathBuilder`. These are respectively responsible for managing trust, maintaining the certificate cache, and building paths. - Thorough clean-up of legacy dev tooling; put in place `mypy` and `black`, move to `pytest`, get rid of `pretty_message` in favour of f-strings. ## 0.19.8 - Fix double encoding when generating OCSP nonces ## 0.19.7 - Make certificate fetcher more tolerant (see #2) ## 0.19.6 - Update `asn1crypto` to `1.5.1` - Declare Python 3.11 support ## 0.19.5 - Maintenance update to bump `asn1crypto` to `1.5.0` and get rid of a number of compatibility shims for fixes that were upstreamed to `asn1crypto`. ## 0.19.4 - Fix improper error handling when dealing with expired or not-yet-valid attribute certificates. ## 0.19.3 - Correct and improve behaviour of certificate fetcher when the server does not supply a Content-Type header. ## 0.19.2 - Patch `asn1crypto` to work around tagging issue in AC issuer field ## 0.19.1 - Properly enforce algo matching in AC validation ## 0.19.0 - Attribute certificate validation support - Support for `AAControls` extension - Refactored OCSP and CRL logic to work with attribute certificate validation - Many nominal type checks removed in favour of type annotations - Many API entry points now accept both `asn1crypto.x509.Certificate` and `asn1crypto.cms.AttributeCertificateV2` - Minor breaking change: `bytes` is no longer acceptable as a substitute for `asn1crypto.x509.Certificate` in the public API ## 0.18.1 - Various improvements to error handling in certificate fetchers ## 0.18.0 - Replace `revocation_mode` with more flexible revocation policy controls, aligned with ETSI TS 119 172. Old `revocation_mode` params will be transparently translated to corresponding 'refined' policies, but the `revocation_mode` property on `ValidationContext` was removed. - Handle soft fails as part of revocation policies. Concretely, this means that the `SoftFailError` exception type was removed. Exceptions arising from quashed 'soft' failures can still be retrieved via the `soft_fail_exceptions` property on `ValidationContext` instances; the resulting list can contain any exception type. - Fix various hiccups in CRL and OCSP handling. ## 0.17.4 - Fix mistaken assumption when a certificate's MIME type is announced as `application/x-x509-ca-cert`. - Update aiohttp to 3.8.0 ## 0.17.3 - Fix a deadlocking bug caused by improper exception handling in the fetcher code. - Exceptions are now communicated to fetch jobs waiting for results. ## 0.17.2 - Replace `run_until_complete()` with `asyncio.run()` for better event loop state management. ## 0.17.1 - Fixes a packaging error in `0.17.0` ## 0.17.0 **!!Compatibility note!!** **This release contains breaking changes in lower-level APIs.** High-level API functions should continue to work as-is, although some have been deprecated. However, the rewrite of the CRL & OCSP fetch logic breaks compatibility with the previous version's API. - Refactor OCSP/certificate/CRL fetch logic to be more modular and swappable. - Automatically fetch missing issuer certificates if there is an AIA record indicating where to find them - Favour asynchronous I/O throughout the API. `CertificateValidator.validate_usage`, `CertificateValidator.validate_tls` and the `ValidationContext.retrieve_XYZ` methods were deprecated in favour of their asynchronous equivalents. - Support two backends for fetching revocation information and certificates: `requests` (legacy) and `aiohttp` (via the `async-http` optional dependency group). - It is expected that using `aiohttp` fetchers will yield better performance with the asynchronous APIs, but as these require some resource management on the caller's part, `requests` is still the default. - Fetcher backends can be swapped out by means of the `fetcher_backend` argument to `ValidationContext`. ## 0.16.0 - Refactor CertificateRegistry - Change OCSP responder cert selection procedure to give priority to certificates embedded into the response data (if there are any). ## 0.15.3 - Short-circuit anyPolicy when reporting policies - Export PKIXValidationParams - Limit CRL client to HTTP-based URLs ## 0.15.2 - Properly handle missing Content-Type header in server response when fetching CA certificates referenced in a CRL. ## 0.15.1 - Gracefully handle lack of thisUpdate / nextUpdate in OCSP responses. ## 0.15.0 - Use `pyca/cryptography` for signature validation. `oscrypto` is still included to access the system trust list. - Support RSASSA-PSS and EdDSA certificates. - Support name constraints. - Support all input parameters to the PKIX validation algorithm (acceptable policy set, policy mapping inhibition, ...). - Further increase PKITS coverage. ## 0.14.1 - No code changes, rerelease because distribution package was polluted due to improper build cache cleanup. ## 0.14.0 - Raise RequestError if CRL / OCSP client returns a status code other than 200. Previously, this would fail with a cryptic ASN.1 deserialisation error instead. - Rename Python package to `pyhanko_certvalidator` to avoid the potential name conflict with the upstream `certvalidator` package. ## 0.13.1 - Consider SHA-1 weak by default, and do not hard-code the list of potential weak hash algos. ## 0.13.0 - Added an optional `retroactive_revinfo` flag to `ValidationContext` to ignore the `thisUpdate` field in OCSP responses and CRLs. The effect of this is that CRLs and OCSP responses are also considered valid for point-in-time validation with respect to a time in the past. This is useful for some validation profiles. The default state of the flag remains `False` nonetheless. ## 0.12.1 - Fixed a packaging error. ## 0.12.0 - Forked from [certvalidator](https://github.com/wbond/certvalidator) to add patches for [pyHanko](https://github.com/MatthiasValvekens/pyHanko). - Replaced urllib calls with `requests` library for universal mocking. - Added a `time_tolerance` parameter to the validation context to allow for some time drift on CRLs and OCSP responses. - Deal with no-matches on OCSP and CRLs strictly in hard-fail mode. - Drop support for Python 2, and all Python 3 versions prior to 3.7. It is likely that the code still runs on older Python 3 versions, but I have no interest in maintaining support for those. ## 0.11.1 - Updated [asn1crypto](https://github.com/wbond/asn1crypto) dependency to `0.18.1`, [oscrypto](https://github.com/wbond/oscrypto) dependency to `0.16.1`. ## 0.11.0 - Updated for compatibility with oscrypto 0.16.0 ## 0.10.0 - Backwards compability break: the `require_revocation_checks` parameter was removed and a new keyword parameter, `revocation_mode`, was added to `ValidationContext()`. Validation may now be in a `soft-fail` (default), `hard-fail`, or `require` mode. See the documentation for information about the behavior of each mode. - Added certificate signature hash algorithm checks, with a default blacklist of `md2` and `md5` - Trust roots no longer need to be self-signed, allowing for cross-signed roots - Keys with no `key_usage` extension are now permitted to sign CRLs - An OCSP or CRL check may fail and not result in an error if the other is successful - Exceptions for expired or not-yet-valid certificates now include full date and time - Self-signed certificates now have a unique exception message instead of a generic message indicating the issuer could not be found in the trust roots - `crl_client` can now handle CRLs that are PEM-encoded - Fixed encoding of URLs in Python 2 when fetching CRLs and OCSP responses - Corrected an error when trying to check the signature of a certificate to determine if it is self-signed or not - Fixed a bug with duplicate HTTP headers during OCSP requests on Python 3 - Fixed an exception that would be thrown if a signature not using RSA, DSA or ECDSA is found ## 0.9.1 - Fixed a bug with whitelisting certificates on Python 3.2 ## 0.9.0 - Initial release certvalidator-0.26.3/pyhanko_certvalidator/000077500000000000000000000000001453642760600210565ustar00rootroot00000000000000certvalidator-0.26.3/pyhanko_certvalidator/__init__.py000066400000000000000000000266731453642760600232050ustar00rootroot00000000000000import asyncio import warnings from typing import Iterable, Optional from asn1crypto import x509 from ._types import type_name from .context import ValidationContext from .errors import InvalidCertificateError, PathBuildingError, ValidationError from .path import ValidationPath from .policy_decl import PKIXValidationParams from .util import CancelableAsyncIterator from .validate import async_validate_path, validate_tls_hostname, validate_usage from .version import __version__, __version_info__ __all__ = [ '__version__', '__version_info__', 'CertificateValidator', 'ValidationContext', 'PKIXValidationParams', 'find_valid_path', ] async def find_valid_path( certificate: x509.Certificate, paths: CancelableAsyncIterator[ValidationPath], validation_context: ValidationContext, pkix_validation_params: Optional[PKIXValidationParams] = None, ): exceptions = [] try: async for candidate_path in paths: try: await async_validate_path( validation_context, candidate_path, pkix_validation_params ) return candidate_path except ValidationError as e: exceptions.append(e) except PathBuildingError: if certificate.self_signed in {'yes', 'maybe'}: raise InvalidCertificateError( f'The X.509 certificate provided is self-signed - ' f'"{certificate.subject.human_friendly}"' ) raise finally: await paths.cancel() if len(exceptions) == 1: raise exceptions[0] non_signature_exception = None for exception in exceptions: if 'signature' not in str(exception): non_signature_exception = exception if non_signature_exception: raise non_signature_exception raise exceptions[0] class CertificateValidator: # A pyhanko_certvalidator.path.ValidationPath object - only set once validated _path = None def __init__( self, end_entity_cert: x509.Certificate, intermediate_certs: Optional[Iterable[x509.Certificate]] = None, validation_context: Optional[ValidationContext] = None, pkix_params: Optional[PKIXValidationParams] = None, ): """ :param end_entity_cert: An asn1crypto.x509.Certificate object X.509 end-entity certificate to validate :param intermediate_certs: None or a list of asn1crypto.x509.Certificate Used in constructing certificate paths for validation. :param validation_context: A pyhanko_certvalidator.context.ValidationContext() object that controls generic validation options and tracks revocation data. The same validation context will also be used in the validation of relevant certificates found in OCSP responses and/or CRLs. :param pkix_params: A pyhanko_certvalidator.context.PKIXValidationParams() object that controls advanced PKIX validation parameters used to validate the end-entity certificate. These can be used to constrain policy processing and names. Ancillary validation of CRLs and OCSP responses ignore these settings. """ if validation_context is None: validation_context = ValidationContext() if intermediate_certs is not None: certificate_registry = validation_context.certificate_registry for intermediate_cert in intermediate_certs: certificate_registry.register(intermediate_cert) self._context: ValidationContext = validation_context self._certificate: x509.Certificate = end_entity_cert self._params: Optional[PKIXValidationParams] = pkix_params @property def certificate(self): return self._certificate async def async_validate_path(self) -> ValidationPath: """ Builds possible certificate paths and validates them until a valid one is found, or all fail. :raises: pyhanko_certvalidator.errors.PathBuildingError - when an error occurs building the path pyhanko_certvalidator.errors.PathValidationError - when an error occurs validating the path pyhanko_certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked """ if self._path is not None: return self._path certificate = self._certificate paths = self._context.path_builder.async_build_paths_lazy(certificate) self._path = candidate_path = await find_valid_path( certificate, paths, validation_context=self._context, pkix_validation_params=self._params, ) return candidate_path def validate_usage( self, key_usage, extended_key_usage=None, extended_optional=False ): """ Validates the certificate path and that the certificate is valid for the key usage and extended key usage purposes specified. .. deprecated:: 0.17.0 Use :meth:`async_validate_usage` instead. :param key_usage: A set of unicode strings of the required key usage purposes. Valid values include: - "digital_signature" - "non_repudiation" - "key_encipherment" - "data_encipherment" - "key_agreement" - "key_cert_sign" - "crl_sign" - "encipher_only" - "decipher_only" :param extended_key_usage: A set of unicode strings of the required extended key usage purposes. These must be either dotted number OIDs, or one of the following extended key usage purposes: - "server_auth" - "client_auth" - "code_signing" - "email_protection" - "ipsec_end_system" - "ipsec_tunnel" - "ipsec_user" - "time_stamping" - "ocsp_signing" - "wireless_access_points" An example of a dotted number OID: - "1.3.6.1.5.5.7.3.1" :param extended_optional: A bool - if the extended_key_usage extension may be ommited and still considered valid :raises: pyhanko_certvalidator.errors.PathValidationError - when an error occurs validating the path pyhanko_certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked pyhanko_certvalidator.errors.InvalidCertificateError - when the certificate is not valid for the usages specified :return: A pyhanko_certvalidator.path.ValidationPath object of the validated certificate validation path """ warnings.warn( "'validate_usage' is deprecated, use " "'async_validate_usage' instead", DeprecationWarning, ) return asyncio.run( self.async_validate_usage( key_usage, extended_key_usage, extended_optional ) ) async def async_validate_usage( self, key_usage, extended_key_usage=None, extended_optional=False ): """ Validates the certificate path and that the certificate is valid for the key usage and extended key usage purposes specified. :param key_usage: A set of unicode strings of the required key usage purposes. Valid values include: - "digital_signature" - "non_repudiation" - "key_encipherment" - "data_encipherment" - "key_agreement" - "key_cert_sign" - "crl_sign" - "encipher_only" - "decipher_only" :param extended_key_usage: A set of unicode strings of the required extended key usage purposes. These must be either dotted number OIDs, or one of the following extended key usage purposes: - "server_auth" - "client_auth" - "code_signing" - "email_protection" - "ipsec_end_system" - "ipsec_tunnel" - "ipsec_user" - "time_stamping" - "ocsp_signing" - "wireless_access_points" An example of a dotted number OID: - "1.3.6.1.5.5.7.3.1" :param extended_optional: A bool - if the extended_key_usage extension may be ommited and still considered valid :raises: pyhanko_certvalidator.errors.PathValidationError - when an error occurs validating the path pyhanko_certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked pyhanko_certvalidator.errors.InvalidCertificateError - when the certificate is not valid for the usages specified :return: A pyhanko_certvalidator.path.ValidationPath object of the validated certificate validation path """ validated_path = await self.async_validate_path() validate_usage( self._context, self._certificate, key_usage, extended_key_usage, extended_optional, ) return validated_path def validate_tls(self, hostname): """ Validates the certificate path, that the certificate is valid for the hostname provided and that the certificate is valid for the purpose of a TLS connection. .. deprecated:: 0.17.0 Use :meth:`async_validate_tls` instead. :param hostname: A unicode string of the TLS server hostname :raises: pyhanko_certvalidator.errors.PathValidationError - when an error occurs validating the path pyhanko_certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked pyhanko_certvalidator.errors.InvalidCertificateError - when the certificate is not valid for TLS or the hostname :return: A pyhanko_certvalidator.path.ValidationPath object of the validated certificate validation path """ warnings.warn( "'validate_tls' is deprecated, use 'async_validate_tls' instead", DeprecationWarning, ) return asyncio.run(self.async_validate_tls(hostname)) async def async_validate_tls(self, hostname): """ Validates the certificate path, that the certificate is valid for the hostname provided and that the certificate is valid for the purpose of a TLS connection. :param hostname: A unicode string of the TLS server hostname :raises: pyhanko_certvalidator.errors.PathValidationError - when an error occurs validating the path pyhanko_certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked pyhanko_certvalidator.errors.InvalidCertificateError - when the certificate is not valid for TLS or the hostname :return: A pyhanko_certvalidator.path.ValidationPath object of the validated certificate validation path """ await self.async_validate_path() validate_tls_hostname(self._context, self._certificate, hostname) return self._path certvalidator-0.26.3/pyhanko_certvalidator/_asyncio_compat.py000066400000000000000000000021651453642760600246030ustar00rootroot00000000000000import asyncio import contextvars import functools # Used as an alternative for asyncio.to_thread in python <=3.8 # Repurposed from CPython, used under the terms of the PSL # Upstream source: https://github.com/python/cpython/blob/4b4227b907a262446b9d276c274feda2590a4e6e/Lib/asyncio/threads.py # License: https://github.com/python/cpython/blob/4b4227b907a262446b9d276c274feda2590a4e6e/LICENSE # Copyright (c) 2021 Python Software Foundation async def _to_thread(func, *args, **kwargs): """Asynchronously run function *func* in a separate thread. Any *args and **kwargs supplied for this function are directly passed to *func*. Also, the current :class:`contextvars.Context` is propagated, allowing context variables from the main thread to be accessed in the separate thread. Return a coroutine that can be awaited to get the eventual result of *func*. """ loop = asyncio.get_running_loop() ctx = contextvars.copy_context() func_call = functools.partial(ctx.run, func, *args, **kwargs) return await loop.run_in_executor(None, func_call) to_thread = getattr(asyncio, 'to_thread', _to_thread) certvalidator-0.26.3/pyhanko_certvalidator/_state.py000066400000000000000000000050221453642760600227060ustar00rootroot00000000000000from typing import Optional from asn1crypto import x509 from pyhanko_certvalidator.path import ValidationPath from pyhanko_certvalidator.util import ConsList class ValProcState: def __init__( self, *, cert_path_stack: ConsList[ValidationPath], ee_name_override: Optional[str] = None, is_side_validation: bool = False, ): if cert_path_stack.head is None: raise ValueError("Empty path stack") self.index: int = 0 self.ee_name_override = ee_name_override self.is_side_validation = bool( is_side_validation or cert_path_stack.tail ) self.cert_path_stack = cert_path_stack @property def path_len(self): """ Length of the path being validated. .. note:: This is the path length in the sense of RFC 5280, i.e. the root doesn't count. """ from pyhanko_certvalidator.path import ValidationPath path = self.cert_path_stack.head assert isinstance(path, ValidationPath) return path.pkix_len @property def is_ee_cert(self) -> bool: return self.index == self.path_len def check_path_verif_recursion(self, ee_cert: x509.Certificate): """ Helper method to avoid recursion in indirect CRL validation. There are some questionable-but-technically-valid CA setups where a CRL issuer is authorised to assert its own revocation status, which could cause a naive implementation to recurse. """ from pyhanko_certvalidator.path import ValidationPath path: ValidationPath for path in self.cert_path_stack: cert = path.get_ee_cert_safe() if cert and cert.sha256 == ee_cert.sha256: return path return None def describe_cert(self, def_interm=False, never_def=False): """ :return: A unicode string describing the position of a certificate in the chain """ prefix = not never_def if self.index < 1 and self.ee_name_override is None: # catchall default result = "certificate" elif not self.is_ee_cert: prefix &= def_interm result = f'intermediate certificate {self.index}' elif self.ee_name_override is not None: result = self.ee_name_override else: result = 'end-entity certificate' if prefix: return "the " + result else: return result certvalidator-0.26.3/pyhanko_certvalidator/_types.py000066400000000000000000000007411453642760600227350ustar00rootroot00000000000000# coding: utf-8 import inspect def type_name(value): """ Returns a user-readable name for the type of an object :param value: A value to get the type name of :return: A unicode string of the object's type name """ if inspect.isclass(value): cls = value else: cls = value.__class__ if cls.__module__ in {'builtins', '__builtin__'}: return cls.__name__ return '%s.%s' % (cls.__module__, cls.__name__) certvalidator-0.26.3/pyhanko_certvalidator/asn1_types.py000066400000000000000000000055351453642760600235260ustar00rootroot00000000000000from typing import Optional from asn1crypto import cms, core, x509 __all__ = [ 'Target', 'TargetCert', 'Targets', 'SequenceOfTargets', 'AttrSpec', 'AAControls', ] class TargetCert(core.Sequence): _fields = [ ('target_certificate', cms.IssuerSerial), ('target_name', x509.GeneralName, {'optional': True}), ('cert_digest_info', cms.ObjectDigestInfo, {'optional': True}), ] class Target(core.Choice): _alternatives = [ ('target_name', x509.GeneralName, {'explicit': 0}), ('target_group', x509.GeneralName, {'explicit': 1}), ('target_cert', TargetCert, {'explicit': 2}), ] class Targets(core.SequenceOf): _child_spec = Target # Blame X.509... class SequenceOfTargets(core.SequenceOf): _child_spec = Targets class AttrSpec(core.SequenceOf): _child_spec = cms.AttCertAttributeType class AAControls(core.Sequence): _fields = [ ('path_len_constraint', core.Integer, {'optional': True}), ('permitted_attrs', AttrSpec, {'optional': True, 'implicit': 0}), ('excluded_attrs', AttrSpec, {'optional': True, 'implicit': 1}), ('permit_unspecified', core.Boolean, {'default': True}), ] def accept(self, attr_id: cms.AttCertAttributeType) -> bool: attr_id_str = attr_id.native excluded = self['excluded_attrs'].native if excluded is not None: excluded = frozenset(excluded) if excluded is not None and attr_id_str in excluded: return False permitted = self['permitted_attrs'].native if permitted is not None: permitted = frozenset(permitted) if permitted is not None and attr_id_str in permitted: return True return bool(self['permit_unspecified']) @classmethod def read_extension_value( cls, cert: x509.Certificate ) -> Optional['AAControls']: # handle AA controls (not natively supported by asn1crypto, so # not available as an attribute). try: return next( ext['extn_value'].parsed for ext in cert['tbs_certificate']['extensions'] if ext['extn_id'].native == 'aa_controls' ) except StopIteration: return None # patch in attribute certificate extensions # Note: unlike in Certomancer, we don't do this one conditionally, since # we need the actual Python types to agree with what we export ext_map = x509.ExtensionId._map ext_specs = x509.Extension._oid_specs ext_map['2.5.29.55'] = 'target_information' ext_specs['target_information'] = SequenceOfTargets ext_map['2.5.29.56'] = 'no_rev_avail' ext_specs['no_rev_avail'] = core.Null ext_map['1.3.6.1.5.5.7.1.6'] = 'aa_controls' ext_specs['aa_controls'] = AAControls ext_map['1.3.6.1.5.5.7.1.4'] = 'audit_identity' ext_specs['audit_identity'] = core.OctetString certvalidator-0.26.3/pyhanko_certvalidator/authority.py000066400000000000000000000211361453642760600234630ustar00rootroot00000000000000import abc from dataclasses import dataclass from typing import Optional from asn1crypto import keys, x509 from .name_trees import process_general_subtrees from .policy_decl import PKIXValidationParams # TODO add support for roots that are limited in time? @dataclass(frozen=True) class TrustQualifiers: """ .. versionadded 0.20.0 Parameters that allow a trust root to be qualified. """ standard_parameters: Optional['PKIXValidationParams'] = None """ Standard validation parameters that will apply when initialising the PKIX validation process. """ max_path_length: Optional[int] = None """ Maximal allowed path length for this trust root, excluding self-issued intermediate CA certificates. If ``None``, any path length will be accepted. """ max_aa_path_length: Optional[int] = None """ Maximal allowed path length for this trust root for the purposes of AAControls. If ``None``, any path length will be accepted. """ class Authority(abc.ABC): """ .. versionadded:: 0.20.0 Abstract authority, i.e. a named key. """ @property def name(self) -> x509.Name: """ The authority's name. """ raise NotImplementedError @property def public_key(self) -> keys.PublicKeyInfo: """ The authority's public key. """ raise NotImplementedError @property def hashable(self): """ A hashable unique identifier of the authority, used in ``__eq__`` and ``__hash__``. """ raise NotImplementedError def __hash__(self): return hash(self.hashable) def __eq__(self, other): if not isinstance(other, Authority): return False return self.hashable == other.hashable @property def key_id(self) -> Optional[bytes]: """ Key ID as (potentially) referenced in an authorityKeyIdentifier extension. Only used to eliminate non-matching trust anchors, never to retrieve keys or to definitively identify trust anchors. """ raise NotImplementedError def is_potential_issuer_of(self, cert: x509.Certificate) -> bool: """ Function to determine whether this trust root could potentially be an issuer of a given certificate. This function is used during path building. :param cert: The certificate to evaluate. """ if cert.issuer != self.name: return False if cert.authority_key_identifier and self.key_id: if cert.authority_key_identifier != self.key_id: return False return True class TrustAnchor: """ Abstract trust root. A trust root is an authority with trust qualifiers. Equality of trust roots reduces to equality of authorities. """ def __init__( self, authority: Authority, quals: Optional[TrustQualifiers] = None ): self._authority = authority self._quals = quals @property def authority(self) -> Authority: return self._authority @property def trust_qualifiers(self) -> TrustQualifiers: """ Qualifiers for the trust root. """ return self._quals or TrustQualifiers() def __eq__(self, other): return ( isinstance(other, TrustAnchor) and other._authority == self._authority ) def __hash__(self): return hash(self._authority) def derive_quals_from_cert(cert: x509.Certificate) -> TrustQualifiers: """ Extract trust qualifiers from data and extensions of a certificate. .. note:: Recall that any property of a trust root other than its name and public key are in principle irrelevant to the PKIX validation algorithm itself. This function is merely a helper function that allows the certificate's other data to be conveniently gathered to populate the default validation parameters for paths deriving from that trust root. :param cert: The certificate from which to extract qualifiers (usually a self-signed one) :return: A :class:`TrustQualifiers` object with the extracted qualifiers. """ # TODO align with RFC 5937? ext_found = False permitted_subtrees = excluded_subtrees = None if cert.name_constraints_value is not None: ext_found = True nc_ext: x509.NameConstraints = cert.name_constraints_value permitted_val = nc_ext['permitted_subtrees'] if isinstance(permitted_val, x509.GeneralSubtrees): permitted_subtrees = process_general_subtrees(permitted_val) excluded_val = nc_ext['excluded_subtrees'] if isinstance(excluded_val, x509.GeneralSubtrees): excluded_subtrees = process_general_subtrees(excluded_val) acceptable_policies = None if cert.certificate_policies_value is not None: ext_found = True policies_val: x509.CertificatePolicies = cert.certificate_policies_value acceptable_policies = frozenset( [pol_info['policy_identifier'].dotted for pol_info in policies_val] ) params = None if ext_found: params = PKIXValidationParams( user_initial_policy_set=( acceptable_policies or frozenset(['any_policy']) ), # For trust roots where the user asked for this derivation, # let's assume that they want the policies to be enforced. initial_explicit_policy=acceptable_policies is not None, initial_permitted_subtrees=permitted_subtrees, initial_excluded_subtrees=excluded_subtrees, ) return TrustQualifiers( max_path_length=cert.max_path_length, standard_parameters=params ) class AuthorityWithCert(Authority): """ .. versionadded:: 0.20.0 Authority provisioned as a certificate. :param cert: The certificate. """ def __init__(self, cert: x509.Certificate): self._cert = cert @property def name(self) -> x509.Name: return self._cert.subject @property def public_key(self): return self._cert.public_key @property def hashable(self): cert = self._cert return cert.subject.hashable, cert.public_key.dump() @property def key_id(self) -> Optional[bytes]: return self._cert.key_identifier @property def certificate(self) -> x509.Certificate: return self._cert def is_potential_issuer_of(self, cert: x509.Certificate): if not super().is_potential_issuer_of(cert): return False if cert.authority_issuer_serial: if cert.authority_issuer_serial != self._cert.issuer_serial: return False return True class CertTrustAnchor(TrustAnchor): """ .. versionadded:: 0.20.0 Trust anchor provisioned as a certificate. :param cert: The certificate, usually self-signed. :param quals: Explicit trust qualifiers. :param derive_default_quals_from_cert: Flag indicating to derive default trust qualifiers from the certificate content if explicit ones are not provided. Defaults to ``False``. """ def __init__( self, cert: x509.Certificate, quals: Optional[TrustQualifiers] = None, derive_default_quals_from_cert: bool = False, ): authority = AuthorityWithCert(cert) self._cert = cert super().__init__(authority, quals) self._derive = derive_default_quals_from_cert @property def certificate(self) -> x509.Certificate: return self._cert @property def trust_qualifiers(self) -> TrustQualifiers: if self._quals is not None: return self._quals elif self._derive: self._quals = quals = derive_quals_from_cert(self._cert) return quals else: return TrustQualifiers() class NamedKeyAuthority(Authority): """ Authority provisioned as a named key. :param entity_name: The name of the entity that controls the private key of the trust root. :param public_key: The trust root's public key. """ def __init__(self, entity_name: x509.Name, public_key: keys.PublicKeyInfo): self._name = entity_name self._public_key = public_key @property def name(self) -> x509.Name: return self._name @property def public_key(self): return self._public_key @property def key_id(self) -> Optional[bytes]: return None @property def hashable(self): return self._name.hashable, self._public_key.dump() certvalidator-0.26.3/pyhanko_certvalidator/context.py000066400000000000000000000610611453642760600231200ustar00rootroot00000000000000import asyncio import binascii import warnings from dataclasses import dataclass, field from datetime import datetime, timedelta from typing import Dict, Iterable, List, Optional, Set, Union from asn1crypto import crl, ocsp, x509 from asn1crypto.util import timezone from .authority import AuthorityWithCert, CertTrustAnchor from .fetchers import FetcherBackend, Fetchers, default_fetcher_backend from .fetchers.requests_fetchers import RequestsFetcherBackend from .ltv.poe import POEManager from .ltv.types import ValidationTimingInfo, ValidationTimingParams from .path import ValidationPath from .policy_decl import ( AlgorithmUsagePolicy, CertRevTrustPolicy, DisallowWeakAlgorithmsPolicy, NonRevokedStatusAssertion, PKIXValidationParams, RevocationCheckingPolicy, ) from .registry import ( CertificateRegistry, PathBuilder, SimpleTrustManager, TrustManager, TrustRootList, ) from .revinfo.archival import ( CRLContainer, OCSPContainer, process_legacy_crl_input, process_legacy_ocsp_input, ) from .revinfo.manager import RevinfoManager @dataclass(frozen=True) class ACTargetDescription: """ Value type to guide attribute certificate targeting checks, for attribute certificates that use the target information extension. As stipulated in RFC 5755, an AC targeting check passes if the information in the relevant :class:`.AATargetDescription` matches at least one ``Target`` in the AC's target information extension. """ validator_names: List[x509.GeneralName] = field(default_factory=list) """ The validating entity's names. This value is matched directly against any ``Target``s that use the ``targetName`` alternative. """ group_memberships: List[x509.GeneralName] = field(default_factory=list) """ The validating entity's group memberships. This value is matched against any ``Target``s that use the ``targetGroup`` alternative. """ class ValidationContext: def __init__( self, trust_roots: Optional[TrustRootList] = None, extra_trust_roots: Optional[TrustRootList] = None, other_certs: Optional[Iterable[x509.Certificate]] = None, whitelisted_certs: Optional[Iterable[Union[bytes, str]]] = None, moment: Optional[datetime] = None, best_signature_time: Optional[datetime] = None, allow_fetching: bool = False, crls: Optional[Iterable[Union[bytes, crl.CertificateList]]] = None, ocsps: Optional[Iterable[Union[bytes, ocsp.OCSPResponse]]] = None, revocation_mode: str = "soft-fail", revinfo_policy: Optional[CertRevTrustPolicy] = None, weak_hash_algos: Optional[Iterable[str]] = None, time_tolerance: timedelta = timedelta(seconds=1), retroactive_revinfo: bool = False, fetcher_backend: Optional[FetcherBackend] = None, acceptable_ac_targets: Optional[ACTargetDescription] = None, poe_manager: Optional[POEManager] = None, revinfo_manager: Optional[RevinfoManager] = None, certificate_registry: Optional[CertificateRegistry] = None, trust_manager: Optional[TrustManager] = None, algorithm_usage_policy: Optional[AlgorithmUsagePolicy] = None, fetchers: Optional[Fetchers] = None, ): """ :param trust_roots: If the operating system's trust list should not be used, instead pass a list of byte strings containing DER or PEM-encoded X.509 certificates, or asn1crypto.x509.Certificate objects. These certificates will be used as the trust roots for the path being built. :param extra_trust_roots: If the operating system's trust list should be used, but augmented with one or more extra certificates. This should be a list of byte strings containing DER or PEM-encoded X.509 certificates, or asn1crypto.x509.Certificate objects. :param other_certs: A list of byte strings containing DER or PEM-encoded X.509 certificates, or a list of asn1crypto.x509.Certificate objects. These other certs are usually provided by the service/item being validated. In TLS, these would be intermediate chain certs. :param whitelisted_certs: None or a list of byte strings or unicode strings of the SHA-1 fingerprint of one or more certificates. The fingerprint is a hex encoding of the SHA-1 byte string, optionally separated into pairs by spaces or colons. These whilelisted certificates will not be checked for validity dates. If one of the certificates is an end-entity certificate in a certificate path, any TLS hostname mismatches, key usage errors or extended key usage errors will also be ignored. :param moment: If certificate validation should be performed based on a date and time other than right now. A datetime.datetime object with a tzinfo value. If this parameter is specified, then the only way to check OCSP and CRL responses is to pass them via the crls and ocsps parameters. Can not be combined with allow_fetching=True. :param best_signature_time: The presumptive time at which the certificate was used. Assumed equal to :class:`moment` if unspecified. .. note:: The difference is significant in some point-in-time validation models, where the signature is validated after a "cooldown period" of sorts. :param crls: None or a list/tuple of asn1crypto.crl.CertificateList objects of pre-fetched/cached CRLs to be utilized during validation of paths :param ocsps: None or a list/tuple of asn1crypto.ocsp.OCSPResponse objects of pre-fetched/cached OCSP responses to be utilized during validation of paths :param allow_fetching: A bool - if HTTP requests should be made to fetch CRLs and OCSP responses. If this is True and certificates contain the location of a CRL or OCSP responder, an HTTP request will be made to obtain information for revocation checking. :param revocation_mode: A unicode string of the revocation mode to use: "soft-fail" (the default), "hard-fail" or "require". In "soft-fail" mode, any sort of error in fetching or locating revocation information is ignored. In "hard-fail" mode, if a certificate has a known CRL or OCSP and it can not be checked, it is considered a revocation failure. In "require" mode, every certificate in the certificate path must have a CRL or OCSP. :param weak_hash_algos: A set of unicode strings of hash algorithms that should be considered weak. :param time_tolerance: Time delta tolerance allowed in validity checks. Defaults to one second. :param retroactive_revinfo: Treat revocation info as retroactively valid, i.e. ignore the ``this_update`` field in CRLs and OCSP responses. Defaults to ``False``. .. warning:: Be careful with this option, since it will cause incorrect behaviour for CAs that make use of certificate holds or other reversible revocation methods. :param revinfo_manager: Internal API, to be elaborated. :param trust_manager: Internal API, to be elaborated. :param certificate_registry: Internal API, to be elaborated. :param algorithm_usage_policy: Internal API, to be elaborated. """ if revinfo_policy is None: revinfo_policy = CertRevTrustPolicy( RevocationCheckingPolicy.from_legacy(revocation_mode), retroactive_revinfo=retroactive_revinfo, ) elif revinfo_policy.expected_post_expiry_revinfo_time is not None: raise NotImplementedError( "Dealing with post-expiry revocation info has not been " "implemented yet." ) self._revinfo_policy = revinfo_policy rev_essential = revinfo_policy.revocation_checking_policy.essential if ( not allow_fetching and not revinfo_manager and crls is None and ocsps is None and rev_essential ): raise ValueError( "revocation data is not optional and allow_fetching is False, " "however crls and ocsps are both None, meaning " "that no validation can happen" ) if moment is None: moment = datetime.now(timezone.utc) point_in_time_validation = False elif moment.utcoffset() is None: raise ValueError( "moment is a naive datetime object, meaning the tzinfo " "attribute is not set to a valid timezone" ) else: point_in_time_validation = True if best_signature_time is None: best_signature_time = moment elif best_signature_time.utcoffset() is None: raise ValueError( "best_signature_time is a naive datetime object, meaning the tzinfo " "attribute is not set to a valid timezone" ) self._whitelisted_certs: Set[bytes] = set() if whitelisted_certs is not None: for whitelisted_cert in whitelisted_certs: if isinstance(whitelisted_cert, bytes): whitelisted_cert = whitelisted_cert.decode('ascii') # Allow users to copy from various OS and browser info dialogs, # some of which separate the hex char pairs via spaces or colons whitelisted_cert = whitelisted_cert.replace(' ', '').replace( ':', '' ) self._whitelisted_certs.add( binascii.unhexlify(whitelisted_cert.encode('ascii')) ) if algorithm_usage_policy is None: if weak_hash_algos is not None: algorithm_usage_policy = DisallowWeakAlgorithmsPolicy( frozenset(weak_hash_algos) ) else: algorithm_usage_policy = DisallowWeakAlgorithmsPolicy() self.algorithm_policy = algorithm_usage_policy cert_fetcher = None if allow_fetching: # not None -> externally managed fetchers if fetchers is None: # fetcher managed by this validation context, # but backend possibly managed externally if fetcher_backend is None: # in this case, we load the default requests-based # backend, since the caller doesn't do any resource # management fetcher_backend = default_fetcher_backend() fetchers = fetcher_backend.get_fetchers() cert_fetcher = fetchers.cert_fetcher else: fetchers = None if certificate_registry is None: certificate_registry = CertificateRegistry.build( other_certs or (), cert_fetcher=cert_fetcher ) self.certificate_registry: CertificateRegistry = certificate_registry if trust_manager is None: trust_manager = SimpleTrustManager.build( trust_roots=trust_roots, extra_trust_roots=extra_trust_roots ) if isinstance(trust_manager, SimpleTrustManager): for root in trust_manager.iter_certs(): certificate_registry.register(root) self.path_builder = PathBuilder( trust_manager=trust_manager, registry=certificate_registry ) crls = process_legacy_crl_input(crls) if crls else () ocsps = process_legacy_ocsp_input(ocsps) if ocsps else () if revinfo_manager is None: revinfo_manager = RevinfoManager( certificate_registry=certificate_registry, poe_manager=poe_manager or POEManager(), crls=crls, ocsps=ocsps, fetchers=fetchers, ) self._revinfo_manager = revinfo_manager self._validate_map: Dict[bytes, ValidationPath] = {} self._soft_fail_exceptions: List[Exception] = [] time_tolerance = abs(time_tolerance) if time_tolerance else timedelta(0) self.timing_params = ValidationTimingParams( ValidationTimingInfo( validation_time=moment, best_signature_time=best_signature_time, point_in_time_validation=point_in_time_validation, ), time_tolerance=time_tolerance, ) self._acceptable_ac_targets = acceptable_ac_targets @property def revinfo_manager(self) -> RevinfoManager: return self._revinfo_manager @property def revinfo_policy(self) -> CertRevTrustPolicy: return self._revinfo_policy @property def retroactive_revinfo(self) -> bool: return self._revinfo_policy.retroactive_revinfo @property def time_tolerance(self) -> timedelta: return self.timing_params.time_tolerance @property def moment(self) -> datetime: return self.timing_params.validation_time @property def best_signature_time(self) -> datetime: return self.timing_params.best_signature_time @property def fetching_allowed(self) -> bool: return self.revinfo_manager.fetching_allowed @property def crls(self) -> List[crl.CertificateList]: """ A list of all cached :class:`crl.CertificateList` objects """ return self._revinfo_manager.crls @property def ocsps(self) -> List[ocsp.OCSPResponse]: """ A list of all cached :class:`ocsp.OCSPResponse` objects """ return self._revinfo_manager.ocsps @property def soft_fail_exceptions(self): """ A list of soft-fail exceptions that were ignored during checks """ return self._soft_fail_exceptions def is_whitelisted(self, cert): """ Checks to see if a certificate has been whitelisted :param cert: An asn1crypto.x509.Certificate object :return: A bool - if the certificate is whitelisted """ return cert.sha1 in self._whitelisted_certs def _report_soft_fail(self, e: Exception): self._soft_fail_exceptions.append(e) async def async_retrieve_crls(self, cert): """ :param cert: An asn1crypto.x509.Certificate object :return: A list of asn1crypto.crl.CertificateList objects """ results = await self._revinfo_manager.async_retrieve_crls(cert) return [res.crl_data for res in results] def retrieve_crls(self, cert): """ .. deprecated:: 0.17.0 Use :meth:`async_retrieve_crls` instead. :param cert: An asn1crypto.x509.Certificate object :return: A list of asn1crypto.crl.CertificateList objects """ warnings.warn( "'retrieve_crls' is deprecated, use 'async_retrieve_crls' instead", DeprecationWarning, ) if not self.revinfo_manager.fetching_allowed: return self.revinfo_manager.crls return asyncio.run(self.async_retrieve_crls(cert)) async def async_retrieve_ocsps(self, cert, issuer): """ :param cert: An asn1crypto.x509.Certificate object :param issuer: An asn1crypto.x509.Certificate object of cert's issuer :return: A list of asn1crypto.ocsp.OCSPResponse objects """ results = await self._revinfo_manager.async_retrieve_ocsps( cert, AuthorityWithCert(issuer) ) return [res.ocsp_response_data for res in results] def retrieve_ocsps(self, cert, issuer): """ .. deprecated:: 0.17.0 Use :meth:`async_retrieve_ocsps` instead. :param cert: An asn1crypto.x509.Certificate object :param issuer: An asn1crypto.x509.Certificate object of cert's issuer :return: A list of asn1crypto.ocsp.OCSPResponse objects """ warnings.warn( "'retrieve_ocsps' is deprecated, use " "'async_retrieve_ocsps' instead", DeprecationWarning, ) if not self.revinfo_manager.fetching_allowed: return self.revinfo_manager.ocsps return asyncio.run(self.async_retrieve_ocsps(cert, issuer)) def record_validation(self, cert, path): """ Records that a certificate has been validated, along with the path that was used for validation. This helps reduce duplicate work when validating a ceritifcate and related resources such as CRLs and OCSPs. :param cert: An ans1crypto.x509.Certificate object :param path: A pyhanko_certvalidator.path.ValidationPath object """ self._validate_map[cert.signature] = path def check_validation(self, cert): """ Checks to see if a certificate has been validated, and if so, returns the ValidationPath used to validate it. :param cert: An asn1crypto.x509.Certificate object :return: None if not validated, or a pyhanko_certvalidator.path.ValidationPath object of the validation path """ if ( self.path_builder.trust_manager.is_root(cert) and cert.signature not in self._validate_map ): self._validate_map[cert.signature] = ValidationPath( trust_anchor=CertTrustAnchor(cert), interm=[], leaf=None ) return self._validate_map.get(cert.signature) def clear_validation(self, cert): """ Clears the record that a certificate has been validated :param cert: An ans1crypto.x509.Certificate object """ if cert.signature in self._validate_map: del self._validate_map[cert.signature] @property def acceptable_ac_targets(self) -> Optional[ACTargetDescription]: return self._acceptable_ac_targets @dataclass(frozen=True) class ValidationDataHandlers: """ Value class to hold 'manager'/'registry' objects. These are responsible for accumulating and exposing various data collections that are relevant for certificate validation. """ revinfo_manager: RevinfoManager """ The revocation information manager. """ poe_manager: POEManager """ The proof-of-existence record manager. """ cert_registry: CertificateRegistry """ The certificate registry. .. note:: The certificate registry is a trustless construct. It only holds certificates, but does mark them as trusted or store information related to how the certificates fit together. """ def bootstrap_validation_data_handlers( fetchers: Union[Fetchers, FetcherBackend, None] = RequestsFetcherBackend(), crls: Iterable[CRLContainer] = (), ocsps: Iterable[OCSPContainer] = (), certs: Iterable[x509.Certificate] = (), poe_manager: Optional[POEManager] = None, nonrevoked_assertions: Iterable[NonRevokedStatusAssertion] = (), ) -> ValidationDataHandlers: """ Simple bootstrapping method for a :class:`.ValidationDataHandlers` instance with reasonable defaults. :param fetchers: Data fetcher implementation and/or backend to use. If ``None``, remote fetching is disabled. The ``requests``-based implementation is the default. :param crls: Initial collection of CRLs to feed to the revocation info manager. :param ocsps: Initial collection of OCSP responses to feed to the revocation info manager. :param certs: Initial collection of certificates to add to the certificate registry. :param poe_manager: Explicit POE manager. Will instantiate an empty one if left unspecified. :param nonrevoked_assertions: Assertions about the non-revoked status of certain certificates that will be taken as true by fiat. :return: A :class:`.ValidationDataHandlers` object. """ _fetchers: Optional[Fetchers] if isinstance(fetchers, FetcherBackend): _fetchers = fetchers.get_fetchers() elif isinstance(fetchers, Fetchers): _fetchers = fetchers else: _fetchers = None poe_manager = poe_manager or POEManager() cert_registry = CertificateRegistry( cert_fetcher=_fetchers.cert_fetcher if _fetchers is not None else None ) cert_registry.register_multiple(certs) revinfo_manager = RevinfoManager( certificate_registry=cert_registry, poe_manager=poe_manager, crls=crls, ocsps=ocsps, fetchers=_fetchers, assertions=nonrevoked_assertions, ) return ValidationDataHandlers( revinfo_manager=revinfo_manager, poe_manager=poe_manager, cert_registry=cert_registry, ) @dataclass(frozen=True) class CertValidationPolicySpec: """ Policy object describing how to validate certificates at a high level. .. note:: A certificate validation policy differs from a validation context in that :class:`ValidationContext` objects keep state as well. This is not the case for a certificate validation policy, which makes them suitable for reuse in complex validation workflows where the same policy needs to be applied independently in multiple steps. .. warning:: While a certification policy spec is intended to be stateless, some of its fields are abstract classes. As such, the true behaviour may depend on the underlying implementation. """ trust_manager: TrustManager """ The trust manager that defines this policy's trust anchors. """ revinfo_policy: CertRevTrustPolicy """ The policy describing how to handle certificate revocation and associated revocation information. """ time_tolerance: timedelta = timedelta(seconds=1) """ The time drift tolerated during validation. Defaults to one second. """ acceptable_ac_targets: Optional[ACTargetDescription] = None """ Targets to accept when evaluating the scope of an attribute certificate. """ algorithm_usage_policy: Optional[AlgorithmUsagePolicy] = field( default=DisallowWeakAlgorithmsPolicy() ) """ Policy on cryptographic algorithm usage. If left unspecified, a default will be used. """ pkix_validation_params: Optional[PKIXValidationParams] = None """ The PKIX validation parameters to use, as defined in :rfc:`5280`. """ def build_validation_context( self, timing_info: ValidationTimingInfo, handlers: Optional[ValidationDataHandlers], ) -> ValidationContext: """ Build a validation context from this policy, validation timing info and a set of validation data handlers. :param timing_info: Timing settings. :param handlers: Optionally specify validation data handlers. A reasonable default will be supplied if absent. :return: A new :class:`ValidationContext` reflecting the parameters. """ if handlers is None: cert_registry = CertificateRegistry() poe_manager = POEManager() revinfo_manager = RevinfoManager( certificate_registry=cert_registry, poe_manager=poe_manager, crls=[], ocsps=[], ) else: cert_registry = handlers.cert_registry poe_manager = handlers.poe_manager revinfo_manager = handlers.revinfo_manager return ValidationContext( trust_manager=self.trust_manager, revinfo_policy=self.revinfo_policy, revinfo_manager=revinfo_manager, certificate_registry=cert_registry, poe_manager=poe_manager, algorithm_usage_policy=self.algorithm_usage_policy, moment=timing_info.validation_time, best_signature_time=timing_info.best_signature_time, time_tolerance=self.time_tolerance, acceptable_ac_targets=self.acceptable_ac_targets, allow_fetching=revinfo_manager.fetching_allowed, ) certvalidator-0.26.3/pyhanko_certvalidator/errors.py000066400000000000000000000136731453642760600227560ustar00rootroot00000000000000# coding: utf-8 from datetime import datetime from typing import List, Optional, Type, TypeVar from asn1crypto.crl import CRLReason from cryptography.exceptions import InvalidSignature from pyhanko_certvalidator._state import ValProcState from pyhanko_certvalidator.path import ValidationPath class PathError(Exception): pass class PathBuildingError(PathError): pass class CertificateFetchError(PathBuildingError): pass class CRLValidationError(Exception): pass class CRLNoMatchesError(CRLValidationError): pass class CRLFetchError(CRLValidationError): pass class CRLValidationIndeterminateError(CRLValidationError): def __init__( self, msg: str, failures: List[str], suspect_stale: Optional[datetime] = None, ): self.msg = msg self.failures = failures self.suspect_stale = suspect_stale super().__init__(msg, failures) class OCSPValidationError(Exception): pass class OCSPNoMatchesError(OCSPValidationError): pass class OCSPValidationIndeterminateError(OCSPValidationError): def __init__( self, msg: str, failures: List[str], suspect_stale: Optional[datetime] = None, ): self.msg = msg self.failures = failures self.suspect_stale = suspect_stale super().__init__(msg, failures) class OCSPFetchError(OCSPValidationError): pass class ValidationError(Exception): def __init__(self, message: str): self.failure_msg = message super().__init__(message) TPathErr = TypeVar('TPathErr', bound='PathValidationError') class PathValidationError(ValidationError): @classmethod def from_state( cls: Type[TPathErr], msg: str, proc_state: ValProcState ) -> TPathErr: return cls(msg, proc_state=proc_state) def __init__(self, msg: str, *, proc_state: ValProcState): self.is_ee_cert = proc_state.is_ee_cert self.is_side_validation = proc_state.is_side_validation current = proc_state.cert_path_stack.head orig = proc_state.cert_path_stack.last assert current is not None and orig is not None self.current_path: ValidationPath = current self.original_path: ValidationPath = orig super().__init__(msg) class RevokedError(PathValidationError): @classmethod def format( cls, reason: CRLReason, revocation_dt: datetime, revinfo_type: str, proc_state: ValProcState, ): reason_str = reason.human_friendly date = revocation_dt.strftime('%Y-%m-%d') time = revocation_dt.strftime('%H:%M:%S') msg = ( f'{revinfo_type} indicates {proc_state.describe_cert()} ' f'was revoked at {time} on {date}, due to {reason_str}.' ) return RevokedError(msg, reason, revocation_dt, proc_state) def __init__( self, msg, reason: CRLReason, revocation_dt: datetime, proc_state: ValProcState, ): self.reason = reason self.revocation_dt = revocation_dt super().__init__(msg, proc_state=proc_state) class InsufficientRevinfoError(PathValidationError): pass class StaleRevinfoError(InsufficientRevinfoError): @classmethod def format( cls, msg: str, time_cutoff: datetime, proc_state: ValProcState, ): return StaleRevinfoError(msg, time_cutoff, proc_state) def __init__( self, msg: str, time_cutoff: datetime, proc_state: ValProcState ): self.time_cutoff = time_cutoff super().__init__(msg, proc_state=proc_state) class InsufficientPOEError(PathValidationError): pass class ExpiredError(PathValidationError): @classmethod def format( cls, *, expired_dt: datetime, proc_state: ValProcState, ): msg = ( f"The path could not be validated because " f"{proc_state.describe_cert()} expired " f"{expired_dt.strftime('%Y-%m-%d %H:%M:%SZ')}" ) return ExpiredError(msg, expired_dt, proc_state) def __init__(self, msg, expired_dt: datetime, proc_state: ValProcState): self.expired_dt = expired_dt super().__init__(msg, proc_state=proc_state) class NotYetValidError(PathValidationError): @classmethod def format( cls, *, valid_from: datetime, proc_state: ValProcState, ): msg = ( f"The path could not be validated because " f"{proc_state.describe_cert()} is not valid until " f"{valid_from.strftime('%Y-%m-%d %H:%M:%SZ')}" ) return NotYetValidError(msg, valid_from, proc_state) def __init__(self, msg, valid_from: datetime, proc_state: ValProcState): self.valid_from = valid_from super().__init__(msg, proc_state=proc_state) class InvalidCertificateError(ValidationError): pass class DisallowedAlgorithmError(PathValidationError): def __init__( self, *args, banned_since: Optional[datetime] = None, **kwargs ): self.banned_since = banned_since super().__init__(*args, **kwargs) @classmethod def from_state( cls, msg: str, proc_state: ValProcState, banned_since: Optional[datetime] = None, ) -> 'DisallowedAlgorithmError': return cls(msg, banned_since=banned_since, proc_state=proc_state) class InvalidAttrCertificateError(InvalidCertificateError): pass class PSSParameterMismatch(InvalidSignature): pass class DSAParametersUnavailable(InvalidSignature): # TODO Technically, such a signature isn't _really_ invalid # (we merely couldn't validate it). # However, this is only an issue for CRLs and OCSP responses that # make use of DSA parameter inheritance, which is pretty much a # completely irrelevant problem in this day and age, so treating those # signatures as invalid as a matter of course seems pretty much OK. pass certvalidator-0.26.3/pyhanko_certvalidator/fetchers/000077500000000000000000000000001453642760600226615ustar00rootroot00000000000000certvalidator-0.26.3/pyhanko_certvalidator/fetchers/__init__.py000066400000000000000000000007531453642760600247770ustar00rootroot00000000000000from .api import * __all__ = [ 'Fetchers', 'FetcherBackend', 'OCSPFetcher', 'CRLFetcher', 'CertificateFetcher', 'default_fetcher_backend', ] def default_fetcher_backend() -> FetcherBackend: """ Instantiate a default fetcher backend that doesn't require any resource management, but is less efficient than a fully asynchronous fetcher would be. """ from .requests_fetchers import RequestsFetcherBackend return RequestsFetcherBackend() certvalidator-0.26.3/pyhanko_certvalidator/fetchers/aiohttp_fetchers/000077500000000000000000000000001453642760600262145ustar00rootroot00000000000000certvalidator-0.26.3/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__init__.py000066400000000000000000000023511453642760600303260ustar00rootroot00000000000000from typing import Optional import aiohttp from ..api import FetcherBackend, Fetchers from .cert_fetch_client import AIOHttpCertificateFetcher from .crl_client import AIOHttpCRLFetcher from .ocsp_client import AIOHttpOCSPFetcher from .util import LazySession __all__ = ['AIOHttpFetcherBackend'] class AIOHttpFetcherBackend(FetcherBackend): def __init__( self, session: Optional[aiohttp.ClientSession] = None, per_request_timeout=10, ): self.session = session or LazySession() self.per_request_timeout = per_request_timeout def get_fetchers(self) -> Fetchers: session = self.session to = self.per_request_timeout return Fetchers( ocsp_fetcher=AIOHttpOCSPFetcher(session, per_request_timeout=to), crl_fetcher=AIOHttpCRLFetcher(session, per_request_timeout=to), cert_fetcher=AIOHttpCertificateFetcher( session, per_request_timeout=to ), ) async def close(self): session = self.session # only close the session if it's a lazy session; # a session passed in by the caller is their own responsibility if isinstance(session, LazySession): await session.close() certvalidator-0.26.3/pyhanko_certvalidator/fetchers/aiohttp_fetchers/cert_fetch_client.py000066400000000000000000000115331453642760600322350ustar00rootroot00000000000000import logging from typing import Iterable, Union import aiohttp from asn1crypto import cms, x509 from ...errors import CertificateFetchError from ..api import CertificateFetcher from ..common_utils import ( ACCEPTABLE_CERT_DER_ALIASES, ACCEPTABLE_CERT_PEM_ALIASES, ACCEPTABLE_PKCS7_DER_ALIASES, ACCEPTABLE_STRICT_CERT_CONTENT_TYPES, complete_certificate_fetch_jobs, gather_aia_issuer_urls, unpack_cert_content, ) from .util import AIOHttpMixin, LazySession logger = logging.getLogger(__name__) class AIOHttpCertificateFetcher(CertificateFetcher, AIOHttpMixin): def __init__( self, session: Union[aiohttp.ClientSession, LazySession], user_agent=None, per_request_timeout=10, permit_pem=True, ): super().__init__(session, user_agent, per_request_timeout) self.permit_pem = permit_pem async def fetch_certs(self, url, url_origin_type): """ Fetch one or more certificates from a URL. :param url: URL to fetch. :param url_origin_type: Parameter indicating where the URL came from (e.g. 'CRL'), for error reporting purposes. :raises: CertificateFetchError - when a network I/O or decoding error occurs :return: An iterable of asn1crypto.x509.Certificate objects. """ async def task(): try: logger.info(f"Fetching certificates from {url}...") return await _grab_certs( url, permit_pem=self.permit_pem, timeout=self.per_request_timeout, user_agent=self.user_agent, session=await self.get_session(), url_origin_type=url_origin_type, ) except (ValueError, aiohttp.ClientError) as e: msg = f"Failed to fetch certificate(s) from url {url}." logger.debug(msg, exc_info=e) raise CertificateFetchError(msg) return await self._post_fetch_task(url, task) def fetch_cert_issuers( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2] ): fetch_jobs = [ self.fetch_certs(url, url_origin_type='certificate') for url in gather_aia_issuer_urls(cert) ] if isinstance(cert, x509.Certificate): target = cert.subject.human_friendly else: # TODO log audit ID target = "attribute certificate" logger.info(f"Retrieving issuer certs for {target}...") return complete_certificate_fetch_jobs(fetch_jobs) def fetch_crl_issuers(self, certificate_list): fetch_jobs = [ self.fetch_certs(url, url_origin_type='CRL') for url in certificate_list.issuer_cert_urls ] return complete_certificate_fetch_jobs(fetch_jobs) def fetched_certs(self) -> Iterable[x509.Certificate]: return self.get_results() async def _grab_certs( url, *, user_agent, session: aiohttp.ClientSession, url_origin_type, timeout, permit_pem=True, ): """ Grab one or more certificates from a caIssuers URL. We accept two types of content in the response: - A single DER-encoded X.509 certificate - A PKCS#7 'certs-only' SignedData message - PEM-encoded certificates (if permit_pem=True) Note: strictly speaking, you're not supposed to use PEM to serve certs for AIA purposes in PEM format, but people do it anyway. """ if permit_pem: acceptable_cts = ( ACCEPTABLE_STRICT_CERT_CONTENT_TYPES | ACCEPTABLE_CERT_PEM_ALIASES | ACCEPTABLE_CERT_DER_ALIASES | ACCEPTABLE_PKCS7_DER_ALIASES ) else: acceptable_cts = ACCEPTABLE_STRICT_CERT_CONTENT_TYPES headers = {'Accept': ','.join(acceptable_cts), 'User-Agent': user_agent} cl_timeout = aiohttp.ClientTimeout(timeout) async with session.get( url=url, headers=headers, timeout=cl_timeout, raise_for_status=True ) as response: response_data = await response.read() try: content_type = response.headers['Content-Type'].strip() if content_type not in acceptable_cts: ct_err = ( f"Unacceptable content type '{repr(content_type)}' " f"when fetching issuer certificate for {url_origin_type} " f"from URL {url}." ) raise aiohttp.ContentTypeError( response.request_info, response.history, message=ct_err, headers=response.headers, ) except KeyError: content_type = None certs = unpack_cert_content(response_data, content_type, url, permit_pem) return list(certs) certvalidator-0.26.3/pyhanko_certvalidator/fetchers/aiohttp_fetchers/crl_client.py000066400000000000000000000076171453642760600307170ustar00rootroot00000000000000import logging from typing import Dict, Iterable, List, Union import aiohttp from asn1crypto import cms, crl, pem, x509 from ... import errors from ...util import get_relevant_crl_dps, issuer_serial from ..api import CRLFetcher from ..common_utils import crl_job_results_as_completed from .util import AIOHttpMixin, LazySession logger = logging.getLogger(__name__) class AIOHttpCRLFetcher(CRLFetcher, AIOHttpMixin): def __init__( self, session: Union[aiohttp.ClientSession, LazySession], user_agent=None, per_request_timeout=10, ): super().__init__(session, user_agent, per_request_timeout) self._by_cert: Dict[bytes, List[crl.CertificateList]] = {} async def fetch( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2], *, use_deltas=True, ): iss_serial = issuer_serial(cert) try: return self._by_cert[iss_serial] except KeyError: pass results = [] async for fetched_crl in self._fetch(cert, use_deltas=use_deltas): results.append(fetched_crl) self._by_cert[iss_serial] = results return results async def _fetch(self, cert: x509.Certificate, *, use_deltas): sources = get_relevant_crl_dps(cert, use_deltas=use_deltas) if not sources: return if isinstance(cert, x509.Certificate): target = cert.subject.human_friendly else: # TODO log audit ID target = "attribute certificate" logger.info(f"Retrieving CRLs for {target}...") def _fetch_jobs(): for distribution_point in sources: url = distribution_point.url # Only fetch CRLs over http # (or https, but that doesn't really happen all that often) # In particular, don't attempt to grab CRLs over LDAP if url.startswith('http'): yield self._single_fetch(url) # when the issue with .crl_distribution_points is fixed, # we should handle at_least_one_success and last_e on a per-DP basis async for result in crl_job_results_as_completed(_fetch_jobs()): yield result async def _single_fetch(self, url): async def task(): return await _grab_crl( url, user_agent=self.user_agent, session=await self.get_session(), timeout=self.per_request_timeout, ) return await self._post_fetch_task(url, task) def fetched_crls(self) -> Iterable[crl.CertificateList]: return {crl_ for crl_ in self.get_results()} def fetched_crls_for_cert(self, cert) -> Iterable[crl.CertificateList]: return self._by_cert[issuer_serial(cert)] async def _grab_crl( url, *, user_agent, session: aiohttp.ClientSession, timeout ): """ Fetches a CRL and parses it :param url: A unicode string of the URL to fetch the CRL from :param user_agent: A unicode string of the user agent to use when fetching the URL :param session: ``aiohttp`` client session to use. :param timeout: Timeout in seconds. :return: An asn1crypto.crl.CertificateList object """ try: logger.info(f"Requesting CRL from {url}...") headers = {'Accept': 'application/pkix-crl', 'User-Agent': user_agent} cl_timeout = aiohttp.ClientTimeout(total=timeout) async with session.get( url=url, headers=headers, timeout=cl_timeout, raise_for_status=True ) as response: data = await response.read() if pem.detect(data): _, _, data = pem.unarmor(data) return crl.CertificateList.load(data) except (ValueError, aiohttp.ClientError) as e: raise errors.CRLFetchError( f"Failure to fetch CRL from URL {url}" ) from e certvalidator-0.26.3/pyhanko_certvalidator/fetchers/aiohttp_fetchers/ocsp_client.py000066400000000000000000000105101453642760600310650ustar00rootroot00000000000000import logging from typing import Iterable, Union import aiohttp from asn1crypto import cms, ocsp, x509 from ... import errors from ...authority import Authority from ...util import get_ocsp_urls, issuer_serial from ..api import OCSPFetcher from ..common_utils import ( format_ocsp_request, ocsp_job_get_earliest, process_ocsp_response_data, ) from .util import AIOHttpMixin, LazySession logger = logging.getLogger(__name__) class AIOHttpOCSPFetcher(OCSPFetcher, AIOHttpMixin): def __init__( self, session: Union[aiohttp.ClientSession, LazySession], user_agent=None, per_request_timeout=10, certid_hash_algo='sha1', request_nonces=True, ): super().__init__(session, user_agent, per_request_timeout) if certid_hash_algo not in ('sha1', 'sha256'): raise ValueError( f'certid_hash_algo must be one of "sha1", "sha256", not ' f'{repr(certid_hash_algo)}' ) self.certid_hash_algo = certid_hash_algo self.request_nonces = request_nonces async def fetch( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2], authority: Authority, ) -> ocsp.OCSPResponse: tag = (issuer_serial(cert), authority.hashable) if isinstance(cert, x509.Certificate): target = cert.subject.human_friendly else: # TODO log audit ID target = "attribute certificate" logger.info(f"About to queue OCSP fetch for {target}...") async def task(): return await self._fetch(cert, authority) return await self._post_fetch_task(tag, task) async def _fetch( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2], authority: Authority, ): ocsp_request = format_ocsp_request( cert, authority, certid_hash_algo=self.certid_hash_algo, request_nonces=self.request_nonces, ) # Try the OCSP responders in arbitrary order, and process the responses # as they come in ocsp_urls = get_ocsp_urls(cert) if not ocsp_urls: raise errors.OCSPFetchError("No URLs to fetch OCSP responses from") if isinstance(cert, x509.Certificate): target = cert.subject.human_friendly else: # TODO log audit ID target = "attribute certificate" logger.info( f"Fetching OCSP status for {target} from url(s) " f"{';'.join(ocsp_urls)}..." ) session = await self.get_session() fetch_jobs = ( _grab_ocsp( ocsp_request, ocsp_url, user_agent=self.user_agent, session=session, timeout=self.per_request_timeout, ) for ocsp_url in ocsp_urls ) return await ocsp_job_get_earliest(fetch_jobs) def fetched_responses(self) -> Iterable[ocsp.OCSPResponse]: return self.get_results() def fetched_responses_for_cert( self, cert: x509.Certificate ) -> Iterable[ocsp.OCSPResponse]: target_is = issuer_serial(cert) return { resp for (subj_is, _), resp in self._iter_results() if subj_is == target_is } async def _grab_ocsp( ocsp_request: ocsp.OCSPRequest, ocsp_url: str, *, user_agent, session: aiohttp.ClientSession, timeout, ): try: logger.info(f"Requesting OCSP response from {ocsp_url}...") headers = { 'Accept': 'application/ocsp-response', 'Content-Type': 'application/ocsp-request', 'User-Agent': user_agent, } cl_timeout = aiohttp.ClientTimeout(total=timeout) async with session.post( url=ocsp_url, headers=headers, data=ocsp_request.dump(), raise_for_status=True, timeout=cl_timeout, ) as response: response_data = await response.read() return process_ocsp_response_data( response_data, ocsp_request=ocsp_request, ocsp_url=ocsp_url ) except (aiohttp.ClientError, errors.OCSPValidationError) as e: raise errors.OCSPFetchError( f"Failed to fetch OCSP response from {ocsp_url}", ) from e certvalidator-0.26.3/pyhanko_certvalidator/fetchers/aiohttp_fetchers/util.py000066400000000000000000000034661453642760600275540ustar00rootroot00000000000000import asyncio from typing import Any, Dict, Union import aiohttp from ..api import DEFAULT_USER_AGENT from ..common_utils import queue_fetch_task __all__ = ['LazySession', 'AIOHttpMixin'] class LazySession: def __init__(self): self._session = None async def get_session(self): session = self._session if session is None: self._session = session = aiohttp.ClientSession() return session async def close(self): session = self._session if session is not None: await session.close() class AIOHttpMixin: def __init__( self, session: Union[aiohttp.ClientSession, LazySession], user_agent=None, per_request_timeout=10, ): self._session = session self.user_agent = user_agent or DEFAULT_USER_AGENT self.per_request_timeout = per_request_timeout self.__results: Dict[Any, Any] = {} self.__result_events: Dict[Any, asyncio.Event] = {} super().__init__() async def get_session(self) -> aiohttp.ClientSession: session = self._session if isinstance(session, LazySession): return await session.get_session() else: return session def get_results(self): return { v for v in self.__results.values() if not isinstance(v, Exception) } def get_results_for_tag(self, tag): result = self.__results[tag] if isinstance(result, Exception): raise KeyError def _iter_results(self): for k, v in self.__results.items(): if not isinstance(v, Exception): yield k, v async def _post_fetch_task(self, tag, async_fun): return await queue_fetch_task( self.__results, self.__result_events, tag, async_fun ) certvalidator-0.26.3/pyhanko_certvalidator/fetchers/api.py000066400000000000000000000147371453642760600240200ustar00rootroot00000000000000""" Asynchronous API for fetching OCSP responses, CRLs and certificates. """ import abc from dataclasses import dataclass from typing import AsyncGenerator, Iterable, Union from asn1crypto import cms, crl, ocsp, x509 from pyhanko_certvalidator.authority import Authority from pyhanko_certvalidator.version import __version__ __all__ = [ 'OCSPFetcher', 'CRLFetcher', 'CertificateFetcher', 'Fetchers', 'FetcherBackend', 'DEFAULT_USER_AGENT', ] DEFAULT_USER_AGENT = 'pyhanko_certvalidator %s' % __version__ class OCSPFetcher(abc.ABC): """Utility interface to fetch and cache OCSP responses.""" async def fetch( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2], authority: Authority, ) -> ocsp.OCSPResponse: """ Fetch an OCSP response for a certificate. :param cert: The certificate for which an OCSP response has to be fetched. :param authority: The issuing authority. :raises: OCSPFetchError - Raised if an OCSP response could not be obtained. :return: An OCSP response. """ raise NotImplementedError def fetched_responses(self) -> Iterable[ocsp.OCSPResponse]: """ Return all responses fetched by this OCSP fetcher. """ raise NotImplementedError def fetched_responses_for_cert( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2] ) -> Iterable[ocsp.OCSPResponse]: """ Return all responses fetched by this OCSP fetcher that are relevant to determine the revocation status of the given certificate. """ raise NotImplementedError class CRLFetcher(abc.ABC): """Utility interface to fetch and cache CRLs.""" async def fetch( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2], *, use_deltas=None, ) -> Iterable[crl.CertificateList]: """ Fetches the CRLs for a certificate. :param cert: An asn1crypto.x509.Certificate object to get the CRL for :param use_deltas: A boolean indicating if delta CRLs should be fetched :raises: CRLFetchError - when a network/IO error or decoding error occurs :return: An iterable of CRLs fetched. """ # side note: we don't want this to be a generator, because in principle, # we always need to consider CRLs from all distribution points together # anyway, so there's no "stream processing" to speak of. # (this is currently not 100% efficient in the default implementation, # see comments below) raise NotImplementedError def fetched_crls(self) -> Iterable[crl.CertificateList]: """ Return all CRLs fetched by this CRL fetcher. """ raise NotImplementedError def fetched_crls_for_cert( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2] ) -> Iterable[crl.CertificateList]: """ Return all relevant fetched CRLs for the given certificate :param cert: A certificate. :return: An iterable of CRLs :raise KeyError: if no fetch operations have been performed for this certificate """ raise NotImplementedError class CertificateFetcher(abc.ABC): """Utility interface to fetch and cache certificates.""" def fetch_cert_issuers( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2] ) -> AsyncGenerator[x509.Certificate, None]: """ Fetches certificates from the authority information access extension of a certificate. :param cert: A certificate :raises: CertificateFetchError - when a network I/O or decoding error occurs :return: An asynchronous generator yielding asn1crypto.x509.Certificate objects that were fetched. """ raise NotImplementedError def fetch_crl_issuers( self, certificate_list ) -> AsyncGenerator[x509.Certificate, None]: """ Fetches certificates from the authority information access extension of an asn1crypto.crl.CertificateList. :param certificate_list: An asn1crypto.crl.CertificateList object :raises: CertificateFetchError - when a network I/O or decoding error occurs :return: An asynchronous generator yielding asn1crypto.x509.Certificate objects that were fetched. """ raise NotImplementedError def fetched_certs(self) -> Iterable[x509.Certificate]: """ Return all certificates retrieved by this certificate fetcher. """ raise NotImplementedError @dataclass(frozen=True) class Fetchers: """ Models a collection of fetchers to be used by a validation context. The intention is that these can share resources (like a connection pool) in a unified, controlled manner. See also :class:`.FetcherBackend`. """ ocsp_fetcher: OCSPFetcher crl_fetcher: CRLFetcher cert_fetcher: CertificateFetcher class FetcherBackend(abc.ABC): """ Generic, bare-bones interface to help abstract away instantiation logic for fetcher implementations. Intended to operate as an asynchronous context manager, with `async with backend_obj as fetchers: ...` putting the resulting :class:`.Fetchers` object in to the variable named `fetchers`. .. note:: The initialisation part of the API is necessarily synchronous, for backwards compatibility with the old ``ValidationContext`` API. If you need asynchronous resource management, handle it elsewhere, or use some form of lazy resource provisioning. Alternatively, you can pass :class:`Fetchers` objects to the validation context yourself, and forgo use of the :class:`.FetcherBackend` API altogether. """ def get_fetchers(self) -> Fetchers: """ Set up fetchers synchronously. .. note:: This is a synchronous method """ raise NotImplementedError async def close(self): """ Clean up the resources associated with this fetcher backend, asynchronously. """ pass async def __aenter__(self) -> Fetchers: return self.get_fetchers() async def __aexit__(self, exc_type, exc_val, exc_tb): return await self.close() certvalidator-0.26.3/pyhanko_certvalidator/fetchers/common_utils.py000066400000000000000000000252441453642760600257520ustar00rootroot00000000000000""" Internal backend-agnostic utilities to help process fetched certificates, CRLs and OCSP responses. """ import asyncio import logging import os from typing import Awaitable, Callable, Dict, Optional, TypeVar, Union from asn1crypto import algos, cms, core, ocsp, pem, x509 from .. import errors from ..authority import Authority from ..util import get_ac_extension_value __all__ = [ 'unpack_cert_content', 'format_ocsp_request', 'process_ocsp_response_data', 'queue_fetch_task', 'crl_job_results_as_completed', 'ocsp_job_get_earliest', 'complete_certificate_fetch_jobs', 'gather_aia_issuer_urls', 'ACCEPTABLE_STRICT_CERT_CONTENT_TYPES', 'ACCEPTABLE_CERT_PEM_ALIASES', 'ACCEPTABLE_PKCS7_DER_ALIASES', 'ACCEPTABLE_CERT_DER_ALIASES', ] logger = logging.getLogger(__name__) ACCEPTABLE_STRICT_CERT_CONTENT_TYPES = frozenset( [ 'application/pkix-cert', 'application/pkcs7-mime', 'application/x-x509-ca-cert', 'application/x-pkcs7-certificates', ] ) ACCEPTABLE_CERT_PEM_ALIASES = frozenset( [ 'application/x-pem-file', 'text/plain', 'application/octet-stream', 'binary/octet-stream', ] ) ACCEPTABLE_CERT_DER_ALIASES = frozenset( [ 'application/pkix-cert', 'application/x-x509-ca-cert', 'application/octet-stream', 'binary/octet-stream', ] ) ACCEPTABLE_PKCS7_DER_ALIASES = frozenset( [ 'application/pkcs7-mime', 'application/x-pkcs7-certificates', 'binary/octet-stream', ] ) def unpack_cert_content( response_data: bytes, content_type: Optional[str], url: str, permit_pem: bool, ): is_pem = pem.detect(response_data) if ( content_type is None or content_type in ACCEPTABLE_CERT_DER_ALIASES ) and not is_pem: # sometimes we get DER over octet-stream if content_type is None: logger.warning( f"Response to certificate fetch request to {url} did not " f"include a content type, verifying it's sequence length to " f"check if it is a certificate or pkcs7." ) der_sequence_length = len(core.Sequence.load(response_data)) if der_sequence_length == 2: yield from _unpack_der_pkcs7(response_data, url) elif der_sequence_length == 3: yield x509.Certificate.load(response_data) elif (content_type in ACCEPTABLE_PKCS7_DER_ALIASES) and not is_pem: yield from _unpack_der_pkcs7(response_data, url) elif permit_pem and is_pem: # technically, PEM is not allowed here, but of course some people don't # bother following the rules for type_name, _, data in pem.unarmor(response_data, multiple=True): if type_name == 'PKCS7': yield from _unpack_der_pkcs7(data, url) else: yield x509.Certificate.load(data) else: # pragma: nocover raise ValueError( f"Failed to extract certs from {content_type} payload. " f"Source URL: {url}." ) def _unpack_der_pkcs7(pkcs7_data: bytes, pkcs7_url: str): content_info: cms.ContentInfo = cms.ContentInfo.load(pkcs7_data) cms_ct = content_info['content_type'].native if cms_ct != 'signed_data': raise ValueError( "Expected CMS SignedData when extracting certs from " "application/pkcs7-mime payload, but content type was " f"'{cms_ct}'. Source URL: {pkcs7_url}." ) signed_data = content_info['content'] if isinstance(signed_data['certificates'], cms.CertificateSet): for cert_choice in signed_data['certificates']: if cert_choice.name == 'certificate': yield cert_choice.chosen def get_certid( cert: Union[x509.Certificate, cms.AttributeCertificateV2], authority: Authority, *, certid_hash_algo, ) -> ocsp.CertId: if isinstance(cert, x509.Certificate): serial_number = cert.serial_number else: serial_number = cert['ac_info']['serial_number'].native iss_name_hash = getattr(authority.name, certid_hash_algo) cert_id = ocsp.CertId( { 'hash_algorithm': algos.DigestAlgorithm( {'algorithm': certid_hash_algo} ), 'issuer_name_hash': iss_name_hash, 'issuer_key_hash': getattr(authority.public_key, certid_hash_algo), 'serial_number': serial_number, } ) return cert_id def format_ocsp_request( cert: x509.Certificate, authority: Authority, *, certid_hash_algo: str, request_nonces: bool, ): cert_id = get_certid(cert, authority, certid_hash_algo=certid_hash_algo) request = ocsp.Request( { 'req_cert': cert_id, } ) tbs_request = ocsp.TBSRequest( { 'request_list': ocsp.Requests([request]), } ) if request_nonces: nonce_extension = ocsp.TBSRequestExtension( { 'extn_id': 'nonce', 'critical': False, 'extn_value': core.OctetString(os.urandom(16)), } ) tbs_request['request_extensions'] = ocsp.TBSRequestExtensions( [nonce_extension] ) return ocsp.OCSPRequest({'tbs_request': tbs_request}) def process_ocsp_response_data( response_data: bytes, *, ocsp_request: ocsp.OCSPRequest, ocsp_url: str ): try: ocsp_response = ocsp.OCSPResponse.load(response_data) except ValueError: raise errors.OCSPFetchError('Failed to parse response from OCSP server') status = ocsp_response['response_status'].native if status != 'successful': raise errors.OCSPValidationError( 'OCSP server at %s returned an error. Status was \'%s\'.' % (ocsp_url, status) ) request_nonce = ocsp_request.nonce_value if request_nonce: response_nonce = ocsp_response.nonce_value # if the response did not contain the nonce extension, there's no # point in trying to enforce it, that's the CA's problem. # (I suppose we could give callers the option to mark the nonce # extension as critical in the request, but that's discouraged by the # specification) if response_nonce and (request_nonce.native != response_nonce.native): raise errors.OCSPValidationError( 'Unable to verify OCSP response since the request and ' 'response nonces do not match' ) return ocsp_response T = TypeVar('T') R = TypeVar('R') async def queue_fetch_task( results: Dict[T, Union[R, Exception]], running_jobs: Dict[T, asyncio.Event], tag: T, async_fun: Callable[[], Awaitable[R]], ) -> Union[R, Exception]: # use an asyncio events to make sure that we don't attempt to re-fetch # the same tag while the job is running # Note: this uses asyncio locking, so we only transfer control # on 'await'. # We use events instead of locks because we don't care about fairness, # and events are easier to reason about. try: result = results[tag] logger.debug( f"Result for fetch job with tag {repr(tag)} was available in cache." ) return _return_or_raise(result) except KeyError: pass try: wait_event: asyncio.Event = running_jobs[tag] logger.debug(f"Waiting for fetch job with tag {repr(tag)} to return...") # there's a fetch job running, wait for it to finish and then # return the result await wait_event.wait() logger.debug( f"Received completion signal for job with tag {repr(tag)}." ) return _return_or_raise(results[tag]) except KeyError: logger.debug(f"Starting new fetch job with tag {repr(tag)}...") # no fetch job running, run the task and store the result running_jobs[tag] = wait_event = asyncio.Event() try: result = await async_fun() except Exception as e: logger.debug( f"New fetch job with tag {repr(tag)} threw an exception: {e}" ) result = e results[tag] = result logger.debug(f"New fetch job with tag {repr(tag)} returned.") # deregister event, notify waiters del running_jobs[tag] wait_event.set() return _return_or_raise(result) def _return_or_raise(result): if isinstance(result, Exception): raise result return result async def crl_job_results_as_completed(jobs): last_e = None at_least_one_success = False for crl_job in asyncio.as_completed(list(jobs)): try: fetched_crl = await crl_job yield fetched_crl except errors.CRLFetchError as e: last_e = e if last_e is not None and not at_least_one_success: raise last_e async def cancel_all(pending_tasks): pending = asyncio.gather(*pending_tasks) pending.cancel() try: await pending except asyncio.CancelledError: pass async def ocsp_job_get_earliest(jobs): queue = [asyncio.create_task(coro) for coro in jobs] ocsp_resp = last_e = None while queue: done, queue = await asyncio.wait( queue, return_when=asyncio.FIRST_COMPLETED ) for ocsp_job in done: try: ocsp_resp = await ocsp_job break except errors.OCSPFetchError as e: last_e = e if ocsp_resp is not None: # cancel remaining fetch tasks await cancel_all(queue) return ocsp_resp raise last_e or errors.OCSPFetchError("No OCSP results") def gather_aia_issuer_urls( cert: Union[x509.Certificate, cms.AttributeCertificateV2] ): if isinstance(cert, x509.Certificate): aia_value = cert.authority_information_access_value else: aia_value = get_ac_extension_value(cert, 'authority_information_access') if aia_value is None: return for entry in aia_value: if entry['access_method'].native == 'ca_issuers': location = entry['access_location'] if location.name != 'uniform_resource_identifier': continue url = location.native if url.startswith('http'): yield url async def complete_certificate_fetch_jobs(fetch_jobs): for fetch_job in asyncio.as_completed(fetch_jobs): try: certs_fetched = await fetch_job except errors.CertificateFetchError as e: logger.warning( f'Error during certificate fetch job, skipping... ' f'(Error: {e})', ) continue for cert in certs_fetched: yield cert certvalidator-0.26.3/pyhanko_certvalidator/fetchers/requests_fetchers/000077500000000000000000000000001453642760600264175ustar00rootroot00000000000000certvalidator-0.26.3/pyhanko_certvalidator/fetchers/requests_fetchers/__init__.py000066400000000000000000000017731453642760600305400ustar00rootroot00000000000000""" Fetcher implementation using the ``requests`` library for backwards compatibility. This fetcher backend doesn't take advantage of asyncio, but has the advantage of not requiring any resource management on the caller's part. """ from ..api import FetcherBackend, Fetchers from .cert_fetch_client import RequestsCertificateFetcher from .crl_client import RequestsCRLFetcher from .ocsp_client import RequestsOCSPFetcher __all__ = ['RequestsFetcherBackend'] class RequestsFetcherBackend(FetcherBackend): def __init__(self, per_request_timeout=10): self.per_request_timeout = per_request_timeout def get_fetchers(self) -> Fetchers: to = self.per_request_timeout return Fetchers( ocsp_fetcher=RequestsOCSPFetcher(per_request_timeout=to), crl_fetcher=RequestsCRLFetcher(per_request_timeout=to), cert_fetcher=RequestsCertificateFetcher(per_request_timeout=to), ) async def close(self): # don't need to do anything return certvalidator-0.26.3/pyhanko_certvalidator/fetchers/requests_fetchers/cert_fetch_client.py000066400000000000000000000106361453642760600324430ustar00rootroot00000000000000import logging from typing import Iterable, Union import requests from asn1crypto import cms, x509 from ...errors import CertificateFetchError from ..api import CertificateFetcher from ..common_utils import ( ACCEPTABLE_CERT_DER_ALIASES, ACCEPTABLE_CERT_PEM_ALIASES, ACCEPTABLE_PKCS7_DER_ALIASES, ACCEPTABLE_STRICT_CERT_CONTENT_TYPES, complete_certificate_fetch_jobs, gather_aia_issuer_urls, unpack_cert_content, ) from .util import RequestsFetcherMixin logger = logging.getLogger(__name__) class RequestsCertificateFetcher(CertificateFetcher, RequestsFetcherMixin): """ Implementation of async CertificateFetcher API using requests, for backwards compatibility. This class does not require resource management. """ def __init__( self, user_agent=None, per_request_timeout=10, permit_pem=True ): super().__init__(user_agent, per_request_timeout) self.permit_pem = permit_pem async def fetch_certs(self, url, url_origin_type): """ Fetch one or more certificates from a URL. :param url: URL to fetch. :param url_origin_type: Parameter indicating where the URL came from (e.g. 'CRL'), for error reporting purposes. :raises: CertificateFetchError - when a network I/O or decoding error occurs :return: An iterable of asn1crypto.x509.Certificate objects. """ async def task(): try: logger.info(f"Fetching certificates from {url}...") results = await self._grab_certs( url, url_origin_type=url_origin_type ) except (ValueError, requests.RequestException) as e: msg = f"Failed to fetch certificate(s) from url {url}." logger.debug(msg, exc_info=e) raise CertificateFetchError(msg) return results return await self._perform_fetch(url, task) def fetch_cert_issuers( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2] ): fetch_jobs = [ self.fetch_certs(url, url_origin_type='certificate') for url in gather_aia_issuer_urls(cert) ] if isinstance(cert, x509.Certificate): target = cert.subject.human_friendly else: # TODO log audit ID target = "attribute certificate" logger.info(f"Retrieving issuer certs for {target}...") return complete_certificate_fetch_jobs(fetch_jobs) def fetch_crl_issuers(self, certificate_list): fetch_jobs = [ self.fetch_certs(url, url_origin_type='CRL') for url in certificate_list.issuer_cert_urls ] return complete_certificate_fetch_jobs(fetch_jobs) def fetched_certs(self) -> Iterable[x509.Certificate]: return self.get_results() async def _grab_certs(self, url, *, url_origin_type): """ Grab one or more certificates from a caIssuers URL. We accept two types of content in the response: - A single DER-encoded X.509 certificate - A PKCS#7 'certs-only' SignedData message - PEM-encoded certificates (if permit_pem=True) Note: strictly speaking, you're not supposed to use PEM to serve certs for AIA purposes in PEM format, but people do it anyway. """ permit_pem = self.permit_pem if permit_pem: acceptable_cts = ( ACCEPTABLE_STRICT_CERT_CONTENT_TYPES | ACCEPTABLE_CERT_PEM_ALIASES | ACCEPTABLE_CERT_DER_ALIASES | ACCEPTABLE_PKCS7_DER_ALIASES ) else: acceptable_cts = ACCEPTABLE_STRICT_CERT_CONTENT_TYPES response = await self._get(url, acceptable_content_types=acceptable_cts) try: content_type = response.headers['Content-Type'].strip() if content_type not in acceptable_cts: ct_err = ( f"Unacceptable content type '{repr(content_type)}' " f"when fetching issuer certificate for {url_origin_type} " f"from URL {url}." ) raise requests.RequestException(ct_err) except KeyError: content_type = None certs = unpack_cert_content( response.content, content_type, url, permit_pem ) return list(certs) certvalidator-0.26.3/pyhanko_certvalidator/fetchers/requests_fetchers/crl_client.py000066400000000000000000000050531453642760600311120ustar00rootroot00000000000000import logging from typing import Iterable, Union import requests from asn1crypto import cms, crl, pem, x509 from ... import errors from ...util import get_relevant_crl_dps, issuer_serial from ..api import CRLFetcher from ..common_utils import crl_job_results_as_completed from .util import RequestsFetcherMixin logger = logging.getLogger(__name__) class RequestsCRLFetcher(CRLFetcher, RequestsFetcherMixin): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self._by_cert = {} async def fetch( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2], *, use_deltas=True, ): iss_serial = issuer_serial(cert) try: return self._by_cert[iss_serial] except KeyError: pass results = [] async for fetched_crl in self._fetch(cert, use_deltas=use_deltas): results.append(fetched_crl) self._by_cert[iss_serial] = results return results async def _fetch_single(self, url): async def task(): logger.info(f"Requesting CRL from {url}...") try: response = await self._get( url, acceptable_content_types=('application/pkix-crl',) ) data = response.content if pem.detect(data): _, _, data = pem.unarmor(data) return crl.CertificateList.load(data) except (ValueError, requests.RequestException) as e: raise errors.CRLFetchError( f"Failure to fetch CRL from URL {url}" ) from e return await self._perform_fetch(url, task) async def _fetch(self, cert: x509.Certificate, *, use_deltas): sources = get_relevant_crl_dps(cert, use_deltas=use_deltas) def _fetch_jobs(): for distribution_point in sources: url = distribution_point.url # Only fetch CRLs over http # (or https, but that doesn't really happen all that often) # In particular, don't attempt to grab CRLs over LDAP if url.startswith('http'): yield self._fetch_single(url) async for result in crl_job_results_as_completed(_fetch_jobs()): yield result def fetched_crls(self) -> Iterable[crl.CertificateList]: return {crl_ for crl_ in self.get_results()} def fetched_crls_for_cert(self, cert) -> Iterable[crl.CertificateList]: return self._by_cert[issuer_serial(cert)] certvalidator-0.26.3/pyhanko_certvalidator/fetchers/requests_fetchers/ocsp_client.py000066400000000000000000000066321453642760600313020ustar00rootroot00000000000000import logging from typing import Iterable, Union import requests from asn1crypto import cms, ocsp, x509 from ... import errors from ...authority import Authority from ...util import get_ocsp_urls, issuer_serial from ..api import OCSPFetcher from ..common_utils import ( format_ocsp_request, ocsp_job_get_earliest, process_ocsp_response_data, ) from .util import RequestsFetcherMixin logger = logging.getLogger(__name__) class RequestsOCSPFetcher(OCSPFetcher, RequestsFetcherMixin): def __init__( self, user_agent=None, per_request_timeout=10, certid_hash_algo='sha1', request_nonces=True, ): super().__init__(user_agent, per_request_timeout) if certid_hash_algo not in ('sha1', 'sha256'): raise ValueError( f'certid_hash_algo must be one of "sha1", "sha256", not ' f'{repr(certid_hash_algo)}' ) self.certid_hash_algo = certid_hash_algo self.request_nonces = request_nonces async def fetch( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2], authority: Authority, ) -> ocsp.OCSPResponse: tag = (issuer_serial(cert), authority.hashable) return await self._perform_fetch( tag, lambda: self._fetch(cert, authority) ) async def _fetch_single(self, ocsp_url, ocsp_request): try: logger.info(f"Requesting OCSP response from {ocsp_url}...") response = await self._post( url=ocsp_url, data=ocsp_request.dump(), content_type='application/ocsp-request', acceptable_content_types=('application/ocsp-response',), ) return process_ocsp_response_data( response.content, ocsp_request=ocsp_request, ocsp_url=ocsp_url ) except (ValueError, requests.RequestException) as e: raise errors.OCSPFetchError( f"Failed to fetch OCSP response from {ocsp_url}", ) from e async def _fetch( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2], authority: Authority, ): ocsp_request = format_ocsp_request( cert, authority, certid_hash_algo=self.certid_hash_algo, request_nonces=self.request_nonces, ) ocsp_urls = get_ocsp_urls(cert) if not ocsp_urls: raise errors.OCSPFetchError("No URLs to fetch OCSP responses from") if isinstance(cert, x509.Certificate): target = cert.subject.human_friendly else: # TODO log audit ID target = "attribute certificate" logger.info( f"Fetching OCSP status for {target} from url(s) " f"{';'.join(ocsp_urls)}..." ) ocsp_response = await ocsp_job_get_earliest( self._fetch_single(ocsp_url, ocsp_request) for ocsp_url in ocsp_urls ) return ocsp_response def fetched_responses(self) -> Iterable[ocsp.OCSPResponse]: return self.get_results() def fetched_responses_for_cert( self, cert: Union[x509.Certificate, cms.AttributeCertificateV2] ) -> Iterable[ocsp.OCSPResponse]: target_is = issuer_serial(cert) return { resp for (subj_is, _), resp in self._iter_results() if subj_is == target_is } certvalidator-0.26.3/pyhanko_certvalidator/fetchers/requests_fetchers/util.py000066400000000000000000000046401453642760600277520ustar00rootroot00000000000000from typing import Awaitable import requests from pyhanko_certvalidator._asyncio_compat import to_thread from ..api import DEFAULT_USER_AGENT from ..common_utils import queue_fetch_task __all__ = ['RequestsFetcherMixin'] class RequestsFetcherMixin: def __init__(self, user_agent=None, per_request_timeout=10): self.user_agent = user_agent or DEFAULT_USER_AGENT self.per_request_timeout = per_request_timeout self.__results = {} self.__result_events = {} def get_results(self): return { v for v in self.__results.values() if not isinstance(v, Exception) } def get_results_for_tag(self, tag): result = self.__results[tag] if isinstance(result, Exception): raise KeyError def _iter_results(self): for k, v in self.__results.items(): if not isinstance(v, Exception): yield k, v async def _perform_fetch(self, tag, fetch_fun): return await queue_fetch_task( self.__results, self.__result_events, tag, fetch_fun ) def _get( self, url, *, acceptable_content_types ) -> Awaitable[requests.Response]: def task(): headers = { 'Accept': ','.join(acceptable_content_types), 'User-Agent': self.user_agent, } response = requests.get( url=url, timeout=self.per_request_timeout, headers=headers ) if response.status_code != 200: raise requests.RequestException( f"status code {response.status_code}" ) return response return to_thread(task) def _post( self, url, data, *, content_type, acceptable_content_types ) -> Awaitable[requests.Response]: def task(): headers = { 'Accept': ','.join(acceptable_content_types), 'User-Agent': self.user_agent, 'Content-Type': content_type, } response = requests.post( url=url, timeout=self.per_request_timeout, headers=headers, data=data, ) if response.status_code != 200: raise requests.RequestException( f"status code {response.status_code}" ) return response return to_thread(task) certvalidator-0.26.3/pyhanko_certvalidator/ltv/000077500000000000000000000000001453642760600216635ustar00rootroot00000000000000certvalidator-0.26.3/pyhanko_certvalidator/ltv/__init__.py000066400000000000000000000000001453642760600237620ustar00rootroot00000000000000certvalidator-0.26.3/pyhanko_certvalidator/ltv/ades_past.py000066400000000000000000000136451453642760600242110ustar00rootroot00000000000000import dataclasses import logging from datetime import datetime, timezone from typing import Optional from pyhanko_certvalidator.context import ( CertValidationPolicySpec, ValidationDataHandlers, ) from pyhanko_certvalidator.errors import ValidationError from pyhanko_certvalidator.ltv.errors import ( PastValidatePrecheckFailure, TimeSlideFailure, ) from pyhanko_certvalidator.ltv.time_slide import time_slide from pyhanko_certvalidator.ltv.types import ValidationTimingInfo from pyhanko_certvalidator.path import ValidationPath from pyhanko_certvalidator.policy_decl import ( NO_REVOCATION, AcceptAllAlgorithms, CertRevTrustPolicy, ) from pyhanko_certvalidator.validate import async_validate_path __all__ = ['past_validate'] logger = logging.getLogger(__name__) async def _past_validate_precheck( path: ValidationPath, validation_policy_spec: CertValidationPolicySpec, ): # The past validation algorithm requires us to run the "regular" # validation algorithm without regard for revocation and expiration # on a known-good time # Shell model: intersect the validity windows of all certs in the path certs = list(path.iter_certs(include_root=False)) lower_bound = max(c.not_valid_before for c in certs) upper_bound = min(c.not_valid_after for c in certs) if lower_bound >= upper_bound: raise PastValidatePrecheckFailure( "The intersection of the validity periods of the certificates " "in the path is empty or degenerate." ) ref_time = ValidationTimingInfo( validation_time=upper_bound, best_signature_time=upper_bound, point_in_time_validation=True, ) validation_context = dataclasses.replace( validation_policy_spec, revinfo_policy=CertRevTrustPolicy( revocation_checking_policy=NO_REVOCATION ), algorithm_usage_policy=AcceptAllAlgorithms(), ).build_validation_context(timing_info=ref_time, handlers=None) try: await async_validate_path( validation_context, path, validation_policy_spec.pkix_validation_params, ) except ValidationError as e: raise PastValidatePrecheckFailure( "Elementary path validation routine failed during pre-check " "for past point-in-time validation" ) from e async def past_validate( path: ValidationPath, validation_policy_spec: CertValidationPolicySpec, validation_data_handlers: ValidationDataHandlers, init_control_time: Optional[datetime] = None, best_signature_time: Optional[datetime] = None, ) -> datetime: """ Execute the ETSI EN 319 102-1 past certificate validation algorithm against the given path (ETSI EN 319 102-1, § 5.6.2.1). Instead of merely evaluating X.509 validation constraints, the algorithm will perform a full point-in-time reevaluation of the path at the control time mandated by the specification. This implies that a caller implementing the past signature validation algorithm no longer needs to explicitly reevaluate CA certificate revocation times and/or algorithm constraints based on POEs. .. warning:: This is incubating internal API. :param path: The prospective validation path against which to execute the algorithm. :param validation_policy_spec: The validation policy specification. :param validation_data_handlers: The handlers used to manage collected certificates,revocation information and proof-of-existence records. :param init_control_time: Initial control time; defaults to the current time. :param best_signature_time: Usage time to use in freshness computations. :return: The control time returned by the time sliding algorithm. Informally, the last time at which the certificate was known to be valid. """ await _past_validate_precheck( path, validation_policy_spec, ) try: # time slide init_control_time = init_control_time or datetime.now(tz=timezone.utc) control_time = await time_slide( path, init_control_time=init_control_time, rev_trust_policy=validation_policy_spec.revinfo_policy, algo_usage_policy=validation_policy_spec.algorithm_usage_policy, time_tolerance=validation_policy_spec.time_tolerance, revinfo_manager=validation_data_handlers.revinfo_manager, ) logger.info( f"AdES time slide yields %s as the control time for path with " f"leaf {path.describe_leaf()}", control_time, ) except ValidationError as e: raise TimeSlideFailure( f"Failed to get control time for point-in-time validation for path " f"with leaf {path.describe_leaf()}" ) from e ref_time = ValidationTimingInfo( validation_time=control_time, best_signature_time=best_signature_time or control_time, point_in_time_validation=True, ) # -> validate validation_context = validation_policy_spec.build_validation_context( timing_info=ref_time, handlers=validation_data_handlers ) # Maintenance note: # Doing a full point-in-time re-validation of the path is much more # heavy-handed than what the AdES spec requires. We really only have to # evaluate the chain constraints here. # However, the past signature validation algorithm needs information about # revocations up the chain and algorithm usage for _all_ operations in # the validation process which is hard to pass on given the current # architecture of certvalidator. Reevaluating with a time in the past # is easier, and the POE enforcement is the same either way. await async_validate_path( validation_context, path, parameters=validation_policy_spec.pkix_validation_params, ) return control_time certvalidator-0.26.3/pyhanko_certvalidator/ltv/errors.py000066400000000000000000000003531453642760600235520ustar00rootroot00000000000000from pyhanko_certvalidator.errors import ValidationError __all__ = ['PastValidatePrecheckFailure', 'TimeSlideFailure'] class PastValidatePrecheckFailure(ValidationError): pass class TimeSlideFailure(ValidationError): pass certvalidator-0.26.3/pyhanko_certvalidator/ltv/poe.py000066400000000000000000000156041453642760600230260ustar00rootroot00000000000000import enum import hashlib from dataclasses import dataclass from datetime import datetime, timezone from typing import Any, Dict, Iterator, Optional, Union from asn1crypto import core, x509 from pyhanko_certvalidator.revinfo.archival import CRLContainer, OCSPContainer __all__ = [ 'ValidationObjectType', 'ValidationObject', 'POEType', 'KnownPOE', 'POEManager', 'digest_for_poe', ] @enum.unique class ValidationObjectType(enum.Enum): """ Types of validation objects recognised by ETSI TS 119 102-2. """ CERTIFICATE = 'certificate' CRL = 'CRL' OCSP_RESPONSE = 'OCSPResponse' TIMESTAMP = 'timestamp' EVIDENCE_RECORD = 'evidencerecord' PUBLIC_KEY = 'publicKey' SIGNED_DATA = 'signedData' OTHER = 'other' def urn(self): return f'urn:etsi:019102:validationObject:{self.value}' KnownObjectType = Union[bytes, CRLContainer, OCSPContainer, x509.Certificate] def guess_validation_object_type( thing: object, ) -> Optional[ValidationObjectType]: if isinstance(thing, CRLContainer): return ValidationObjectType.CRL elif isinstance(thing, OCSPContainer): return ValidationObjectType.OCSP_RESPONSE elif isinstance(thing, x509.Certificate): return ValidationObjectType.CERTIFICATE return None @dataclass(frozen=True) class ValidationObject: """ A validation object used in the course of a validation operation for which proofs of existence can potentially be gathered. """ object_type: ValidationObjectType """ The type of validation object. """ value: Any """ The actual object. Currently, the following types are supported explicitly. Others must currently be supplied as :class:`bytes`. - :class:`.CRLContainer`: :attr:`.ValidationObjectType.CRL` - :class:`.OCSPContainer`: :attr:`.ValidationObjectType.OCSP_RESPONSE` - :class:`x509.Certificate`: :attr:`.ValidationObjectType.CERTIFICATE` """ @enum.unique class POEType(enum.Enum): PROVIDED = 'provided' VALIDATION = 'validation' POLICY = 'policy' @property def urn(self) -> str: return f'urn:etsi:019102:poetype:{self.value}' @dataclass(frozen=True) class KnownPOE: poe_type: POEType digest: bytes poe_time: datetime validation_object: Optional[ValidationObject] = None def digest_for_poe(data: bytes) -> bytes: return hashlib.sha256(data).digest() class POEManager: """ Class to manage proof-of-existence (POE) claims. :param current_dt_override: Override the current time. """ def __init__(self, current_dt_override: Optional[datetime] = None): self._poes: Dict[bytes, KnownPOE] = {} self._current_dt_override = current_dt_override def register( self, data: KnownObjectType, poe_type: POEType, dt: Optional[datetime] = None, ) -> KnownPOE: """ Register a new POE claim if no POE for an earlier time is available. :param data: Data to register a POE claim for. :param poe_type: The type of POE. :param dt: The POE time to register. If ``None``, assume the current time. :return: The oldest POE datetime available. """ if isinstance(data, bytes): b_data = data elif isinstance(data, core.Asn1Value): b_data = data.dump() elif isinstance(data, CRLContainer): b_data = data.crl_data.dump() elif isinstance(data, OCSPContainer): b_data = data.ocsp_response_data.dump() else: raise NotImplementedError digest = digest_for_poe(b_data) dt = dt or self._current_dt_override or datetime.now(timezone.utc) vo_type = guess_validation_object_type(data) vo = None if vo_type: vo = ValidationObject(object_type=vo_type, value=data) return self.register_known_poe( KnownPOE( poe_type=poe_type, digest=digest, poe_time=dt, validation_object=vo, ) ) def register_by_digest( self, digest: bytes, poe_type: POEType, dt: Optional[datetime] = None, ) -> KnownPOE: """ Register a new POE claim if no POE for an earlier time is available. :param digest: SHA-256 digest of the data to register a POE claim for. :param dt: The POE time to register. If ``None``, assume the current time. :param poe_type: The type of POE. :return: The oldest POE datetime available. """ dt = dt or self._current_dt_override or datetime.now(timezone.utc) return self.register_known_poe( KnownPOE( poe_type=poe_type, digest=digest, poe_time=dt, validation_object=None, ) ) def register_known_poe(self, known_poe: KnownPOE) -> KnownPOE: """ Register a new POE claim if no POE for an earlier time is available. :param known_poe: The POE object to register. :return: The oldest POE for the given digest. """ dt = known_poe.poe_time digest = known_poe.digest try: cur_poe = self._poes[digest] if cur_poe.poe_time <= dt: return cur_poe except KeyError: pass self._poes[digest] = known_poe return known_poe def __iter__(self) -> Iterator[KnownPOE]: """ Iterate over the current earliest known POE for all items currently being managed. Returns an iterator with :class:`KnownPOE` objects. """ return iter(self._poes.values()) def __getitem__(self, item: KnownObjectType) -> datetime: """ Return the earliest available POE for an item. .. note:: This is a wrapper around :meth:`register` with `dt=None`, and hence will register the current time as the POE time for the given item. This side effect is intentional. :param item: Item to get the current POE time for. :return: A datetime object representing the earliest available POE for the item. """ return self.register( item, poe_type=POEType.VALIDATION, dt=None ).poe_time def __ior__(self, other): """ Combine data in another POE manager with the POEs managed by this instance. """ if not isinstance(other, POEManager): raise TypeError for poe in iter(other): self.register_known_poe(poe) def __copy__(self): new_instance = POEManager(current_dt_override=self._current_dt_override) new_instance._poes = dict(self._poes) return new_instance certvalidator-0.26.3/pyhanko_certvalidator/ltv/time_slide.py000066400000000000000000000376041453642760600243650ustar00rootroot00000000000000import asyncio from datetime import datetime, timedelta from typing import Iterable, List, Optional, Set, Tuple from asn1crypto import algos, keys, x509 from pyhanko_certvalidator._state import ValProcState from pyhanko_certvalidator.errors import ( DisallowedAlgorithmError, InsufficientPOEError, InsufficientRevinfoError, RevokedError, ) from pyhanko_certvalidator.ltv.types import ( ValidationTimingInfo, ValidationTimingParams, ) from pyhanko_certvalidator.path import ValidationPath from pyhanko_certvalidator.policy_decl import ( AlgorithmUsagePolicy, CertRevTrustPolicy, RevocationCheckingRule, ) from pyhanko_certvalidator.revinfo.archival import RevinfoContainer from pyhanko_certvalidator.revinfo.manager import RevinfoManager from pyhanko_certvalidator.revinfo.validate_crl import ( CRLOfInterest, _check_cert_on_crl_and_delta, _CRLErrs, collect_relevant_crls_with_paths, ) from pyhanko_certvalidator.revinfo.validate_ocsp import ( OCSPResponseOfInterest, _check_ocsp_status, collect_relevant_responses_with_paths, ) from pyhanko_certvalidator.util import ConsList __all__ = ['time_slide', 'ades_gather_prima_facie_revinfo'] async def ades_gather_prima_facie_revinfo( path: ValidationPath, revinfo_manager: RevinfoManager, control_time: datetime, revocation_checking_rule: RevocationCheckingRule, ) -> Tuple[List[CRLOfInterest], List[OCSPResponseOfInterest]]: """ Gather potentially relevant revocation information for the leaf certificate of a candidate validation path. Only the scope of the revocation information will be checked, no detailed validation will occur. :param path: The candidate validation path. :param revinfo_manager: The revocation info manager. :param control_time: The time horizon that serves as a relevance cutoff. :param revocation_checking_rule: Revocation info rule controlling which kind(s) of revocation information will be fetched. :return: A 2-element tuple containing a list of the fetched CRLs and OCSP responses, respectively. """ cert = path.leaf if revocation_checking_rule.ocsp_relevant: ocsp_result = await collect_relevant_responses_with_paths( cert, path, revinfo_manager, control_time ) ocsps = ocsp_result.responses else: ocsps = [] if revocation_checking_rule.crl_relevant: crl_result = await collect_relevant_crls_with_paths( cert, path, revinfo_manager, control_time ) crls = crl_result.crls else: crls = [] return crls, ocsps def _tails(path: ValidationPath): cur_path = path yield cur_path, True while cur_path.pkix_len > 1: cur_path = cur_path.copy_and_drop_leaf() yield cur_path, False def _apply_algo_policy( algo_policy: AlgorithmUsagePolicy, algo_used: algos.SignedDigestAlgorithm, control_time: datetime, public_key: keys.PublicKeyInfo, val_proc_state: ValProcState, ): sig_constraint = algo_policy.signature_algorithm_allowed( algo_used, control_time, public_key ) algo_name = algo_used['algorithm'].native if not sig_constraint.allowed: if sig_constraint.not_allowed_after: # rewind the clock up until the point where the algorithm # was actually permissible control_time = min(control_time, sig_constraint.not_allowed_after) else: msg = ( f"Algorithm {algo_name} is banned outright without " f"time constraints." ) if sig_constraint.failure_reason is not None: msg += f" Reason: {sig_constraint.failure_reason}" raise DisallowedAlgorithmError.from_state( msg, val_proc_state, banned_since=None, ) return control_time def _update_control_time_for_unrevoked( control_time: datetime, revinfo_container: RevinfoContainer, rev_trust_policy: CertRevTrustPolicy, time_tolerance: timedelta, ): # if the cert is not on the list, we need the freshness check usability = revinfo_container.usable_at( rev_trust_policy, ValidationTimingParams( timing_info=ValidationTimingInfo( validation_time=control_time, best_signature_time=control_time, point_in_time_validation=True, ), time_tolerance=time_tolerance, ), ) issuance_date = revinfo_container.issuance_date if not usability.rating.usable_ades: # set the control time to the issuance date / last usable date # (note: the TOO_NEW check is to prevent problems # with freshness policies involving cooldown periods, # which aren't really supported in the time sliding # algorithm, but hey) # NOTE: the spec mandates using the issuance date here, but I believe # that's wrong: the last date at which the revinfo is still considered # fresh should be used instead. This distinction matters, since # (especially when CRLs are used) the issuance date of the revinfo # is often before the signature time. cutoff_date = usability.last_usable_at or issuance_date if cutoff_date is not None: control_time = min(cutoff_date, control_time) return control_time def _update_control_time( revoked_date: Optional[datetime], control_time: datetime, revinfo_container: RevinfoContainer, algo_policy: Optional[AlgorithmUsagePolicy], issuer_public_key: keys.PublicKeyInfo, val_proc_state: ValProcState, ): if revoked_date: # this means we have to update control_time control_time = min(revoked_date, control_time) algo_used = revinfo_container.revinfo_sig_mechanism_used if algo_policy is not None and algo_used is not None: control_time = _apply_algo_policy( algo_policy, algo_used, control_time, issuer_public_key, val_proc_state, ) return control_time async def _time_slide( path: ValidationPath, init_control_time: datetime, revinfo_manager: RevinfoManager, rev_trust_policy: CertRevTrustPolicy, algo_usage_policy: Optional[AlgorithmUsagePolicy], # TODO use policy objects time_tolerance: timedelta, cert_stack: ConsList[bytes], path_stack: ConsList[ValidationPath], ) -> datetime: control_time = init_control_time checking_policy = rev_trust_policy.revocation_checking_policy # For zero-length paths, there is nothing to check if path.pkix_len == 0: return init_control_time # The ETSI algorithm requires us to collect revinfo for each # cert in the path, starting with the first (after the root). # Since our revinfo collection methods require paths instead of individual # certs, we instead loop over partial paths partial_paths = list(reversed(list(_tails(path)))) poe_manager = revinfo_manager.poe_manager for current_path, is_ee in partial_paths: crls, ocsps = await ades_gather_prima_facie_revinfo( current_path, revinfo_manager=revinfo_manager, control_time=control_time, revocation_checking_rule=( checking_policy.ee_certificate_rule if is_ee else checking_policy.intermediate_ca_cert_rule ), ) cert = current_path.leaf new_cert_stack = cert_stack.cons(cert.dump()) new_path_stack = path_stack.cons(path) proc_state = ValProcState(cert_path_stack=new_path_stack) if poe_manager[cert] > control_time: raise InsufficientPOEError.from_state( f"No proof of existence available for certificate " f"{cert.subject.human_friendly} at control time " f"{control_time.isoformat()}.", proc_state, ) if not crls and not ocsps: if isinstance(cert, x509.Certificate): ident = cert.subject.human_friendly else: ident = "attribute certificate" # don't raise an error for revo-exempt certs (OCSP responders) if cert.ocsp_no_check_value is None: raise InsufficientRevinfoError.from_state( f"No revocation info from before {control_time.isoformat()}" f" found for certificate {ident}.", proc_state, ) once_revoked = False most_recent_crl = None # We always take the chain of trust of a CRL/OCSP response # at face value for crl_of_interest in crls: # skip CRLs that are no longer relevant issued = crl_of_interest.crl.issuance_date if ( not issued or issued > control_time or poe_manager[crl_of_interest.crl] > control_time ): continue sub_paths = crl_of_interest.prov_paths # recurse into the paths associated with the CRL and adjust # the control time accordingly # don't bother checking issuers that already appear # in the chain of trust that we're currently looking into sub_path_skip_list: Set[bytes] = set(new_cert_stack) | set( cert.dump() for cert in current_path ) sub_path_control_times = await asyncio.gather( *( _time_slide( crl_path.path, control_time, revinfo_manager, rev_trust_policy, algo_usage_policy, time_tolerance, cert_stack=new_cert_stack, path_stack=new_path_stack, ) for crl_path in sub_paths if ( crl_path.path.leaf and crl_path.path.leaf.dump() not in sub_path_skip_list ) ) ) control_time = min([control_time, *sub_path_control_times]) for candidate_crl_path in sub_paths: revoked_date, revoked_reason = _check_cert_on_crl_and_delta( crl_issuer=candidate_crl_path.path.leaf, cert=cert, certificate_list_cont=crl_of_interest.crl, delta_certificate_list_cont=candidate_crl_path.delta, errs=_CRLErrs(), ) crl_iss_cert = candidate_crl_path.path.leaf assert isinstance(crl_iss_cert, x509.Certificate) once_revoked |= revoked_date is not None crl_container = crl_of_interest.crl if ( most_recent_crl is None or most_recent_crl.issuance_date < crl_container.issuance_date ): most_recent_crl = crl_container control_time = _update_control_time( revoked_date, control_time, revinfo_container=crl_container, algo_policy=algo_usage_policy, issuer_public_key=crl_iss_cert.public_key, val_proc_state=proc_state, ) most_recent_ocsp = None for ocsp_of_interest in ocsps: ocsp_container = ocsp_of_interest.ocsp_response issued = ocsp_container.issuance_date if ( not issued or issued > control_time or poe_manager[ocsp_of_interest.ocsp_response] > control_time ): continue control_time = await _time_slide( ocsp_of_interest.prov_path, control_time, revinfo_manager, rev_trust_policy, algo_usage_policy, time_tolerance, cert_stack=new_cert_stack, path_stack=new_path_stack, ) try: _check_ocsp_status( ocsp_response=ocsp_container, proc_state=ValProcState(cert_path_stack=new_path_stack), control_time=control_time, ) revoked_date = None except RevokedError as e: revoked_date = e.revocation_dt once_revoked |= revoked_date is not None ocsp_iss_cert = ocsp_of_interest.prov_path.leaf assert isinstance(ocsp_iss_cert, x509.Certificate) if ( most_recent_ocsp is None or most_recent_ocsp.issuance_date < issued ): most_recent_ocsp = ocsp_container control_time = _update_control_time( revoked_date, control_time, revinfo_container=ocsp_container, algo_policy=algo_usage_policy, issuer_public_key=ocsp_iss_cert.public_key, val_proc_state=proc_state, ) # check the algorithm constraints for the certificate itself if algo_usage_policy is not None: leaf_ca = list(current_path.iter_authorities())[-1] control_time = _apply_algo_policy( algo_usage_policy, cert['signature_algorithm'], control_time, leaf_ca.public_key, val_proc_state=proc_state, ) # (c) if the certificate was not marked as revoked -> update # based on the freshness of the most recent piece of revinfo if not once_revoked: revinfo_items: Iterable[RevinfoContainer] = [ x for x in (most_recent_ocsp, most_recent_crl) if x is not None ] most_recent_revinfo = max( revinfo_items, key=lambda x: x.issuance_date or control_time, default=None, ) if most_recent_revinfo is not None: control_time = _update_control_time_for_unrevoked( control_time=control_time, revinfo_container=most_recent_revinfo, rev_trust_policy=rev_trust_policy, time_tolerance=time_tolerance, ) return control_time async def time_slide( path: ValidationPath, init_control_time: datetime, revinfo_manager: RevinfoManager, rev_trust_policy: CertRevTrustPolicy, algo_usage_policy: Optional[AlgorithmUsagePolicy], time_tolerance: timedelta, ) -> datetime: """ Execute the ETSI EN 319 102-1 time slide algorithm against the given path. .. warning:: This is incubating internal API. .. note:: This implementation will also attempt to take into account chains of trust of indirect CRLs. This is not a requirement of the specification, but also somewhat unlikely to arise in practice in cases where AdES compliance actually matters. :param path: The prospective validation path against which to execute the time slide algorithm. :param init_control_time: The initial control time, typically the current time. :param revinfo_manager: The revocation info manager. :param rev_trust_policy: The trust policy for revocation information. :param algo_usage_policy: The algorithm usage policy. :param time_tolerance: The tolerance to apply when evaluating time-related constraints. :return: The resulting control time. """ return await _time_slide( path, init_control_time, revinfo_manager, rev_trust_policy, algo_usage_policy, time_tolerance, cert_stack=ConsList.empty(), path_stack=ConsList.empty(), ) certvalidator-0.26.3/pyhanko_certvalidator/ltv/types.py000066400000000000000000000026701453642760600234060ustar00rootroot00000000000000import abc from dataclasses import dataclass from datetime import datetime, timedelta, timezone, tzinfo from typing import Optional __all__ = [ 'ValidationTimingInfo', 'ValidationTimingParams', 'IssuedItemContainer', ] # TODO potentially re-home these at some point @dataclass(frozen=True) class ValidationTimingInfo: validation_time: datetime best_signature_time: datetime point_in_time_validation: bool @classmethod def now(cls, tz: Optional[tzinfo] = None) -> 'ValidationTimingInfo': now = datetime.now(tz=tz or timezone.utc) return ValidationTimingInfo( validation_time=now, best_signature_time=now, point_in_time_validation=False, ) @dataclass(frozen=True) class ValidationTimingParams: timing_info: ValidationTimingInfo time_tolerance: timedelta @property def validation_time(self): return self.timing_info.validation_time @property def best_signature_time(self): return self.timing_info.best_signature_time @property def point_in_time_validation(self): return self.timing_info.point_in_time_validation class IssuedItemContainer(abc.ABC): """ A container for some data object issued by an entity (e.g. a certificate). """ @property def issuance_date(self) -> Optional[datetime]: """ The issuance date of the item. """ raise NotImplementedError certvalidator-0.26.3/pyhanko_certvalidator/name_trees.py000066400000000000000000000315561453642760600235640ustar00rootroot00000000000000import enum import logging from dataclasses import dataclass from ipaddress import IPv4Address, IPv6Address from typing import Callable, Dict, Iterable, List, Optional, Set, Union from asn1crypto import x509 from uritools import urisplit logger = logging.getLogger(__name__) class NameConstraintError(ValueError): pass def host_tree_contains(base_host: str, other_host: str) -> bool: # if the constraint starts with '.', it specifies a domain, and must be # expanded with one or more labels, otherwise it refers to a single host. if base_host[0] == '.': pre, _, post = other_host.rpartition(base_host) return bool(pre) and not bool(post) else: return other_host == base_host def _host_regname(cand_uri): cand_host = urisplit(cand_uri).gethost() if not cand_host or isinstance(cand_host, (IPv4Address, IPv6Address)): host_err = ( f'has host {cand_host}.' if cand_host is not None else ('is not a well-formed URI.') ) msg = ( "URI constraints require URIs with a host specified as a FQDN; " f"URI '{cand_uri}' {host_err}." ) logger.warning(msg) raise NameConstraintError(msg) return cand_host def uri_tree_contains(base: str, other: str) -> bool: # The constraint applies to the host part other_host: str = _host_regname(other) return host_tree_contains(base, other_host) def dns_tree_contains(base: str, other: str): # check if 'other' consists of adding zero or more labels to 'base' # (from the left) base_labels = base.split('.') other_labels = other.split('.') if len(other_labels) < len(base_labels): return False return len(other_labels) >= len(base_labels) and all( x == y for x, y in zip(reversed(other_labels), reversed(base_labels)) ) def email_tree_contains(base: str, other: str): # use rpartition instead of rsplit to deal with the case where there's no @ # uniformly base_mailbox, _, base_host_or_domain = base.rpartition('@') other_mailbox, _, other_host_or_domain = other.rpartition('@') if base_mailbox: # only exact match return base == other else: return host_tree_contains(base_host_or_domain, other_host_or_domain) def dirname_tree_contains(base: x509.Name, other: x509.Name): base_rdn_sequence = base.chosen other_rdn_sequence = other.chosen return len(other_rdn_sequence) >= len(base_rdn_sequence) and all( x == y for x, y in zip(base_rdn_sequence, other_rdn_sequence) ) # TODO support IP address constraints as well class GeneralNameType(enum.Enum): OTHER_NAME = enum.auto() RFC822_NAME = enum.auto() DNS_NAME = enum.auto() X400_ADDRESS = enum.auto() DIRECTORY_NAME = enum.auto() EDI_PARTY_NAME = enum.auto() UNIFORM_RESOURCE_IDENTIFIER = enum.auto() IP_ADDRESS = enum.auto() REGISTERED_ID = enum.auto() @property def check_membership( self, ) -> Optional[ Callable[[Union[str, x509.Name], Union[str, x509.Name]], bool] ]: return _name_type_checkers.get(self, None) @classmethod def from_choice(cls, choice) -> 'GeneralNameType': return getattr(cls, choice.upper()) _name_type_checkers = { GeneralNameType.DIRECTORY_NAME: dirname_tree_contains, GeneralNameType.RFC822_NAME: email_tree_contains, GeneralNameType.DNS_NAME: dns_tree_contains, GeneralNameType.UNIFORM_RESOURCE_IDENTIFIER: uri_tree_contains, } class UnsupportedNameTypeError(NotImplementedError): def __init__(self, name_type: GeneralNameType): super().__init__(name_type.name.lower()) def _interpret_general_name(gname: x509.GeneralName): gname_type = GeneralNameType.from_choice(gname.name) value = gname.chosen # for directory names, we keep the Name object,but everything # else gets converted to a string representation if gname_type != GeneralNameType.DIRECTORY_NAME: value = value.native return gname_type, value def _enumerate_names_in_cert(cert: x509.Certificate): # start with the subject's distinguished name, if it is non-empty if len(cert.subject.chosen): yield GeneralNameType.DIRECTORY_NAME, cert.subject subject_alt_names: x509.GeneralNames = cert.subject_alt_name_value if subject_alt_names is None: # if the subject has email address component(s) and no subjectAltName # name constraints for rfc822Name-type names should also apply to those # addresses name_pair: x509.NameTypeAndValue for rdn in cert.subject.chosen: for name_pair in rdn: if name_pair['type'].native == 'email_address': yield GeneralNameType.RFC822_NAME, name_pair['value'].native else: for name in subject_alt_names: yield _interpret_general_name(name) class _StringOrName: # Wrapper class for hashing purposes. Not for external use. def __init__(self, value: Union[str, x509.Name]): self.value = value @property def _code(self): val = self.value if isinstance(val, x509.Name): return 0, val.dump() else: return 1, val def __hash__(self): return hash(self._code) def __eq__(self, other): return isinstance(other, _StringOrName) and self._code == other._code @dataclass(frozen=True) class NameSubtree: name_type: GeneralNameType tree_base: Optional[_StringOrName] min: int = 0 max: Optional[int] = None def __contains__(self, item: Union[str, x509.Name]) -> bool: if self.tree_base is None: # special value: accept all certs return True # TODO processing min / max for DNs and DNS names would make sense if self.min != 0 or self.max is not None: raise NotImplementedError( "The minimum/maximum fields on a name constraint are not " "meaningful in the PKIX (RFC 5280) profile --- not processing." ) checker = self.name_type.check_membership if checker is None: raise NotImplementedError( f"No containment checker available for {self.name_type}" ) return checker(self.tree_base.value, item) @classmethod def from_name(cls, name_type: GeneralNameType, name: Union[str, x509.Name]): return NameSubtree(name_type=name_type, tree_base=_StringOrName(name)) @classmethod def from_general_subtree(cls, subtree) -> 'NameSubtree': gname = subtree['base'] name_type, name_obj = _interpret_general_name(gname) return NameSubtree( name_type, _StringOrName(name_obj), min=subtree['minimum'].native, max=subtree['maximum'].native, ) @classmethod def universal_tree(cls, name_type: GeneralNameType) -> 'NameSubtree': """ Tree that contains all names of a given type. :param name_type: The name type to use. :return: """ return NameSubtree(name_type=name_type, tree_base=None) # a subtree collection as used in the PKIX validation algorithm PKIXSubtrees = Dict[GeneralNameType, Set[NameSubtree]] def x509_names_to_subtrees(names: Iterable[x509.Name]) -> PKIXSubtrees: def _subtree(name: x509.Name): return NameSubtree.from_name( name_type=GeneralNameType.DIRECTORY_NAME, name=name ) return {GeneralNameType.DIRECTORY_NAME: {_subtree(n) for n in names}} def _group_subtrees(trees: Iterable[NameSubtree]) -> PKIXSubtrees: # This should NOT be a defaultdict, because the semantics of a tree # type not being present vs. the set being empty are very different! # If necessary, the caller can do a setdefault() result: PKIXSubtrees = {} for tree in trees: try: result[tree.name_type].add(tree) except KeyError: result[tree.name_type] = {tree} return result def process_general_subtrees(subtrees: x509.GeneralSubtrees) -> PKIXSubtrees: return _group_subtrees( NameSubtree.from_general_subtree(subtree) for subtree in subtrees ) class NameConstraintValidationResult: def __init__( self, failing_name_type: Optional[GeneralNameType] = None, failing_name: Union[str, x509.Name, None] = None, ): self.failing_name_type: Optional[GeneralNameType] = failing_name_type self.failing_name: Union[str, x509.Name, None] = failing_name def __bool__(self): return self.failing_name_type is None @property def error_message(self): assert self.failing_name_type is not None name_str = self.failing_name if isinstance(name_str, x509.Name): name_str = name_str.human_friendly name_type = self.failing_name_type.name.lower() return f"The name '{name_str}' of type {name_type} is not allowed." class PermittedSubtrees: def __init__(self, initial_permitted_subtrees: PKIXSubtrees): # The structure of self._trees is name_type -> list[tree set] # where each tree set in the list denotes a generation # For each "generation", there must be at least one tree that accepts # the name (i.e. later certificates can only restrict existing # constraints). # note: if the set of applicable trees is empty, # we reject the cert. # However, initial-permitted-subtrees (by default) includes a # universal acceptor for each name type in our implementation, # which seems to be what most implementations do. # We deep-copy the initial permitted subtrees trees: Dict[GeneralNameType, List[Set[NameSubtree]]] = { name_type: [set(initial_permitted_subtrees.get(name_type, ()))] for name_type in GeneralNameType } self._trees = trees def intersect_with(self, trees: PKIXSubtrees): # only change the values that appear in the new tree set! for name_type, new_permitted in trees.items(): self._trees[name_type].append(new_permitted) def accept_name(self, name_type: GeneralNameType, name) -> bool: # make sure that name is contained in the intersection of all whitelist # filters we accumulated. # Run through the list in reverse order (newest first) to apply the # (generally) strictest conditions first try: return all( any(name in tree for tree in trees_in_generation) for trees_in_generation in reversed(self._trees[name_type]) ) except NameConstraintError: return False def accept_cert( self, cert: x509.Certificate ) -> NameConstraintValidationResult: try: failing_name_type, failing_name = next( (name_type, name) for name_type, name in _enumerate_names_in_cert(cert) if not self.accept_name(name_type, name) ) return NameConstraintValidationResult( failing_name_type=failing_name_type, failing_name=failing_name ) except StopIteration: return NameConstraintValidationResult() class ExcludedSubtrees: def __init__(self, initial_excluded_subtrees: PKIXSubtrees): # The situation is not fully symmetric with the whitelist case: # here, we don't need to remember individual generations of blacklists, # we can just take unions to strictify conditions as we move along the # path under scrutiny. self._trees: PKIXSubtrees = { name_type: set(tree_set) for name_type, tree_set in initial_excluded_subtrees.items() } def union_with(self, trees: PKIXSubtrees): # only change the values that appear in the new tree set! for name_type, new_excluded in trees.items(): self._trees[name_type].update(new_excluded) def reject_name(self, name_type: GeneralNameType, name) -> bool: try: return any(name in tree for tree in self._trees[name_type]) except NameConstraintError: return True def accept_cert( self, cert: x509.Certificate ) -> NameConstraintValidationResult: try: failing_name_type, failing_name = next( (name_type, name) for name_type, name in _enumerate_names_in_cert(cert) if self.reject_name(name_type, name) ) return NameConstraintValidationResult( failing_name_type=failing_name_type, failing_name=failing_name ) except StopIteration: return NameConstraintValidationResult() def default_permitted_subtrees() -> PKIXSubtrees: return { name_type: {NameSubtree.universal_tree(name_type)} for name_type in GeneralNameType } def default_excluded_subtrees() -> PKIXSubtrees: return {name_type: set() for name_type in GeneralNameType} certvalidator-0.26.3/pyhanko_certvalidator/path.py000066400000000000000000000277001453642760600223720ustar00rootroot00000000000000# coding: utf-8 import itertools from dataclasses import dataclass from typing import FrozenSet, Iterable, Iterator, Optional, Union from asn1crypto import cms, x509 from .asn1_types import AAControls from .authority import ( Authority, AuthorityWithCert, CertTrustAnchor, TrustAnchor, ) from .util import get_ac_extension_value, get_issuer_dn @dataclass(frozen=True) class QualifiedPolicy: issuer_domain_policy_id: str """ Policy OID in the issuer domain (i.e. as listed on the certificate). """ user_domain_policy_id: str """ Policy OID of the equivalent policy in the user domain. """ qualifiers: frozenset """ Set of x509.PolicyQualifierInfo objects. """ Leaf = Union[x509.Certificate, cms.AttributeCertificateV2] class ValidationPath: """ Represents a path going towards an end-entity certificate or attribute certificate. """ _qualified_policies: Optional[FrozenSet[QualifiedPolicy]] = None _path_aa_controls = None def __init__( self, trust_anchor: TrustAnchor, interm: Iterable[x509.Certificate], leaf: Optional[Leaf], ): if interm and not leaf: raise ValueError("Leafless paths cannot have intermediate certs") self._interm = list(interm) self._root = trust_anchor self._leaf = leaf @property def trust_anchor(self) -> TrustAnchor: return self._root @property def first(self): """ Returns the current beginning of the path - for a path to be complete, this certificate should be a trust root .. warning:: This is a compatibility property, and will return the first non-root certificate if the trust root is not provisioned as a certificate. If you want the trust root itself (even when it doesn't have a certificate), use :attr:`trust_anchor`. :return: The first asn1crypto.x509.Certificate object in the path """ root = self._root.authority if isinstance(root, AuthorityWithCert): return root.certificate elif self._interm: return self._interm[0] elif isinstance(self._leaf, x509.Certificate): return self._leaf @property def leaf(self) -> Optional[Leaf]: """ Returns the current leaf certificate (AC or public-key). The trust root's certificate will be returned if there is one and there are no other certificates in the path. If the trust root is certificate-less and there are no certificates, the result will be ``None``. """ if self._leaf is not None: return self._leaf elif not self._interm and isinstance(self._root, CertTrustAnchor): return self._root.certificate # __init__ ensures that leaf None -> there are no intermediate certs return None def describe_leaf(self) -> Optional[str]: leaf = self.leaf if isinstance(leaf, x509.Certificate): return leaf.subject.human_friendly elif isinstance(leaf, cms.AttributeCertificateV2): return '' else: return None def get_ee_cert_safe(self) -> Optional[x509.Certificate]: """ Returns the current leaf certificate if it is an X.509 public-key certificate, and ``None`` otherwise. :return: """ leaf = self.leaf if isinstance(leaf, x509.Certificate): return leaf else: return None @property def last(self) -> x509.Certificate: """ Returns the last certificate in the path if it is an X.509 public-key certificate, and throws an error otherwise. :return: The last asn1crypto.x509.Certificate object in the path """ cert = self.get_ee_cert_safe() if cert: return cert else: raise LookupError def iter_authorities(self) -> Iterable[Authority]: """ Iterate over all authorities in the path, including the trust root. """ yield self._root.authority for cert in self._interm: yield AuthorityWithCert(cert) def find_issuing_authority(self, cert: Leaf): """ Return the issuer of the cert specified, as defined by this path :param cert: A certificate to get the issuer of :raises: LookupError - when the issuer of the certificate could not be found :return: An asn1crypto.x509.Certificate object of the issuer """ issuer_name = get_issuer_dn(cert) if isinstance(cert, x509.Certificate): aki = cert.authority_key_identifier else: aki_ext = get_ac_extension_value(cert, 'authority_key_identifier') aki = aki_ext['key_identifier'].native if aki_ext else None for authority in self.iter_authorities(): if authority.name == issuer_name: keyid = authority.key_id if keyid and aki and keyid != aki: continue return authority raise LookupError( 'Unable to find the issuer of the certificate specified' ) def truncate_to_and_append(self, cert: x509.Certificate, new_leaf: Leaf): """ Remove all certificates in the path after the cert specified and return them in a new path. Internal API. :param cert: An asn1crypto.x509.Certificate object to find :param new_leaf: A new leaf certificate to append. :raises: LookupError - when the certificate could not be found :return: The current ValidationPath object, for chaining """ if isinstance(self._root, CertTrustAnchor): if self._root.certificate.issuer_serial == cert.issuer_serial: return ValidationPath(self._root, interm=[], leaf=new_leaf) certs = self._interm cert_index = None for index, entry in enumerate(certs): if entry.issuer_serial == cert.issuer_serial: cert_index = index break if cert_index is None: raise LookupError('Unable to find the certificate specified') return ValidationPath( self._root, interm=certs[: cert_index + 1], leaf=new_leaf ) # TODO generalise this to ACs as well? def truncate_to_issuer_and_append(self, cert: x509.Certificate): """ Remove all certificates in the path after the issuer of the cert specified, as defined by this path, and append a new one. Internal API. :param cert: A new leaf certificate to append. :raises: LookupError - when the issuer of the certificate could not be found :return: The current ValidationPath object, for chaining """ issuer_index = None # check the trust root separately if self.trust_anchor.authority.is_potential_issuer_of(cert): # in case of a match, truncate everything if cert.self_signed == 'maybe': # if the candidate leaf is self-signed (according to metadata), # then it's actually the authority itself -> no need to append. return ValidationPath(self._root, interm=[], leaf=None) else: return ValidationPath(self._root, interm=[], leaf=cert) # now run through the rest of the path certs = self._interm for index, entry in enumerate(certs): if entry.subject == cert.issuer: if entry.key_identifier and cert.authority_key_identifier: if entry.key_identifier == cert.authority_key_identifier: issuer_index = index break else: issuer_index = index break if issuer_index is None: raise LookupError( 'Unable to find the issuer of the certificate specified' ) return ValidationPath(self._root, certs[: issuer_index + 1], leaf=cert) def copy_and_append(self, cert: Leaf): new_certs = self._interm[:] if self._leaf: new_certs.append(self._leaf) return ValidationPath( trust_anchor=self._root, interm=new_certs, leaf=cert ) def copy_and_drop_leaf(self) -> 'ValidationPath': """ Drop the leaf cert from this path and return a new path with the last intermediate certificate set as the leaf. """ if len(self._interm) == 0: raise IndexError new_interm, new_leaf = self._interm[:-1], self._interm[-1] return ValidationPath( trust_anchor=self._root, interm=new_interm, leaf=new_leaf ) def _set_qualified_policies(self, policies): self._qualified_policies = policies def qualified_policies(self) -> Optional[FrozenSet[QualifiedPolicy]]: return self._qualified_policies def aa_attr_in_scope(self, attr_id: cms.AttCertAttributeType) -> bool: aa_controls_extensions = [ AAControls.read_extension_value(cert) for cert in self ] aa_controls_used = any(x is not None for x in aa_controls_extensions) if not aa_controls_used: return True else: # the path validation code ensures that all non-anchor certs # have an AAControls extension, but we still enforce the root's # AAControls if there is one (since we might as well treat it # as a configuration setting/failsafe at that point) # This is appropriate in PKIX-land (see RFC 5280, § 6.2 as # updated in RFC 6818, § 4) return all( ctrl.accept(attr_id) for ctrl in aa_controls_extensions # None check for defensiveness (already enforced by validation # algorithm), and to (potentially) skip the root if ctrl is not None ) @property def pkix_len(self): return len(self._interm) + (1 if self._leaf else 0) def __len__(self): # backwards compat return 1 + self.pkix_len def __getitem__(self, key): # convoluted because of compatibility issues... if key > 0: leaf_ix = len(self._interm) + 1 if key == leaf_ix and self._leaf is not None: return self._leaf return self._interm[key - 1] elif isinstance(self._root, CertTrustAnchor): # backwards compat return self._root.certificate else: # Throw an error instead of returning None, because we want this # to fail loudly. raise LookupError("Root has no certificate") def iter_certs(self, include_root: bool) -> Iterator[x509.Certificate]: """ Iterate over the certificates in the path. :param include_root: Include the root (if it is supplied as a certificate) :return: An iterator. """ root = self._root.authority from_root = ( (root.certificate,) if include_root and isinstance(root, AuthorityWithCert) else () ) leaf = self._leaf from_leaf = (leaf,) if isinstance(leaf, x509.Certificate) else () return itertools.chain(from_root, self._interm, from_leaf) def __iter__(self): # backwards compat, we iterate over all certs _including_ the root # if it is supplied as a cert return self.iter_certs(include_root=True) def __eq__(self, other): if not isinstance(other, ValidationPath): return False return ( self.trust_anchor == other.trust_anchor and self._interm == other._interm and self._leaf == other._leaf ) certvalidator-0.26.3/pyhanko_certvalidator/policy_decl.py000066400000000000000000000465671453642760600237400ustar00rootroot00000000000000""" .. versionadded:: 0.20.0 """ import abc import enum from dataclasses import dataclass from datetime import datetime, timedelta from typing import FrozenSet, Iterable, Optional from asn1crypto import algos, keys from .name_trees import PKIXSubtrees __all__ = [ 'RevocationCheckingRule', 'RevocationCheckingPolicy', 'FreshnessReqType', 'CertRevTrustPolicy', 'PKIXValidationParams', 'AlgorithmUsageConstraint', 'AlgorithmUsagePolicy', 'DisallowWeakAlgorithmsPolicy', 'AcceptAllAlgorithms', 'NonRevokedStatusAssertion', 'DEFAULT_WEAK_HASH_ALGOS', 'REQUIRE_REVINFO', 'NO_REVOCATION', ] DEFAULT_WEAK_HASH_ALGOS = frozenset(['md2', 'md5', 'sha1']) """ Digest algorithms considered weak by default. """ FRESHNESS_FALLBACK_VALIDITY_DEFAULT = timedelta(minutes=30) """ Default freshness used by the default/legacy freshness policy when the revocation information does not specify a next update time. In practice this only applies to OCSP responses. """ @dataclass(frozen=True) class NonRevokedStatusAssertion: """ Assert that a certificate was not revoked at some given date. """ cert_sha256: bytes """ SHA-256 hash of the certificate. """ at: datetime """ Moment in time at which the assertion is to be considered valid. """ @enum.unique class RevocationCheckingRule(enum.Enum): """ Rules determining in what circumstances revocation data has to be checked, and what kind. """ # yes, this is consistently misspelled in all parts of the # ETSI TS 119 172 series... CRL_REQUIRED = "clrcheck" """ Check CRLs. """ OCSP_REQUIRED = "ocspcheck" """ Check OCSP. """ CRL_AND_OCSP_REQUIRED = "bothcheck" """ Check CRL and OCSP. """ CRL_OR_OCSP_REQUIRED = "eithercheck" """ Check CRL or OCSP. """ NO_CHECK = "nocheck" """ Do not check. """ CHECK_IF_DECLARED = "ifdeclaredcheck" """ Check revocation information if declared in the certificate. .. warning:: This is not an ESI check type, but is preserved for compatibility with the 'hard-fail' mode in certvalidator. .. note:: In this mode, cached CRLs will _not_ be checked if the certificate does not list any distribution points. """ CHECK_IF_DECLARED_SOFT = "ifdeclaredsoftcheck" """ Check revocation information if declared in the certificate, but do not fail validation if the check fails. .. warning:: This is not an ESI check type, but is preserved for compatibility with the 'soft-fail' mode in certvalidator. .. note:: In this mode, cached CRLs will _not_ be checked if the certificate does not list any distribution points. """ @property def strict(self) -> bool: # note that this is not quite the same as (not self.tolerant)! return self not in ( RevocationCheckingRule.CHECK_IF_DECLARED, RevocationCheckingRule.CHECK_IF_DECLARED_SOFT, RevocationCheckingRule.NO_CHECK, ) @property def tolerant(self) -> bool: return self in ( RevocationCheckingRule.CHECK_IF_DECLARED_SOFT, RevocationCheckingRule.NO_CHECK, ) @property def crl_mandatory(self) -> bool: return self in ( RevocationCheckingRule.CRL_REQUIRED, RevocationCheckingRule.CRL_AND_OCSP_REQUIRED, ) @property def crl_relevant(self) -> bool: return self not in ( RevocationCheckingRule.NO_CHECK, RevocationCheckingRule.OCSP_REQUIRED, ) @property def ocsp_mandatory(self) -> bool: return self in ( RevocationCheckingRule.OCSP_REQUIRED, RevocationCheckingRule.CRL_AND_OCSP_REQUIRED, ) @property def ocsp_relevant(self) -> bool: return self not in ( RevocationCheckingRule.NO_CHECK, RevocationCheckingRule.CRL_REQUIRED, ) @dataclass(frozen=True) class RevocationCheckingPolicy: """ Class describing a revocation checking policy based on the types defined in the ETSI TS 119 172 series. """ ee_certificate_rule: RevocationCheckingRule """ Revocation rule applied to end-entity certificates. """ intermediate_ca_cert_rule: RevocationCheckingRule """ Revocation rule applied to certificates further up the path. """ @classmethod def from_legacy(cls, policy: str): try: return LEGACY_POLICY_MAP[policy] except KeyError: raise ValueError(f"'{policy}' is not a valid revocation mode") @property def essential(self) -> bool: return not ( self.ee_certificate_rule.tolerant and self.ee_certificate_rule.tolerant ) REQUIRE_REVINFO = RevocationCheckingPolicy( RevocationCheckingRule.CRL_OR_OCSP_REQUIRED, RevocationCheckingRule.CRL_OR_OCSP_REQUIRED, ) """ Policy indicating that revocation information is always required, but either OCSP or CRL-based revocation information is OK. """ NO_REVOCATION = RevocationCheckingPolicy( ee_certificate_rule=RevocationCheckingRule.NO_CHECK, intermediate_ca_cert_rule=RevocationCheckingRule.NO_CHECK, ) """ Policy indicating that revocation information is never required. """ LEGACY_POLICY_MAP = { 'soft-fail': RevocationCheckingPolicy( RevocationCheckingRule.CHECK_IF_DECLARED_SOFT, RevocationCheckingRule.CHECK_IF_DECLARED_SOFT, ), 'hard-fail': RevocationCheckingPolicy( RevocationCheckingRule.CHECK_IF_DECLARED, RevocationCheckingRule.CHECK_IF_DECLARED, ), 'require': REQUIRE_REVINFO, } """ Mapping of legacy ``certvalidator`` revocation modes to :class:`RevocationCheckingPolicy` objects. """ @enum.unique class FreshnessReqType(enum.Enum): """ Freshness requirement type. """ DEFAULT = enum.auto() """ The default freshness policy, i.e. the ``certvalidator`` legacy policy. This policy considers revocation info valid between its ``thisUpdate`` and ``nextUpdate`` times, but not outside of that window. """ MAX_DIFF_REVOCATION_VALIDATION = enum.auto() """ Freshness policy requiring that the validation time, if later than the issuance date of the revocation info, be sufficiently close to that issuance date. """ TIME_AFTER_SIGNATURE = enum.auto() """ Freshness policy requiring that the revocation info be issued after a predetermined "cooldown period" after the certificate was used to produce a signature. """ @dataclass(frozen=True) class CertRevTrustPolicy: """ Class describing conditions for trusting revocation info. Based on CertificateRevTrust in ETSI TS 119 172-3. """ revocation_checking_policy: RevocationCheckingPolicy """ The revocation checking policy requirements. """ freshness: Optional[timedelta] = None """ Freshness interval. If not specified, this defaults to the distance between ``thisUpdate`` and ``nextUpdate`` for the given piece of revocation information. If the ``nextUpdate`` field is not present, then the effective default is 30 minutes. """ freshness_req_type: FreshnessReqType = FreshnessReqType.DEFAULT """ Controls whether the freshness requirement applies relatively to the signing time or to the validation time. """ expected_post_expiry_revinfo_time: Optional[timedelta] = None """ Duration for which the issuing CA is expected to supply status information after a certificate expires. """ retroactive_revinfo: bool = False """ Treat revocation info as retroactively valid, i.e. ignore the ``this_update`` field in CRLs and OCSP responses. This parameter is not taken into account for freshness policies other than :attr:`FreshnessReqType.DEFAULT`, and is ``False`` by default in those cases. .. warning:: Be careful with this option, since it will cause incorrect behaviour for CAs that make use of certificate holds or other reversible revocation methods. """ def intersect_policy_sets( a_pols: FrozenSet[str], b_pols: FrozenSet[str] ) -> FrozenSet[str]: """ Intersect two sets of policies, taking into account the special 'any_policy'. :param a_pols: A set of policies. :param b_pols: Another set of policies. :return: The intersection of both. """ a_any = 'any_policy' in a_pols b_any = 'any_policy' in b_pols if a_any and b_any: return frozenset(['any_policy']) elif a_any: return b_pols elif b_any: return b_pols else: return b_pols & a_pols @dataclass(frozen=True) class PKIXValidationParams: user_initial_policy_set: frozenset = frozenset(['any_policy']) """ Set of policies that the user is willing to accept. By default, any policy is acceptable. When setting this parameter to a non-default value, you probably want to set :attr:`initial_explicit_policy` as well. .. note:: These are specified in the policy domain of the trust root(s), and subject to policy mapping by intermediate certificate authorities. """ initial_policy_mapping_inhibit: bool = False """ Flag indicating whether policy mapping is forbidden along the entire certification chains. By default, policy mapping is permitted. .. note:: Policy constraints on intermediate certificates may force policy mapping to be inhibited from some point onwards. """ initial_explicit_policy: bool = False """ Flag indicating whether path validation must terminate with at least one permissible policy; see :attr:`user_initial_policy_set`. By default, no such requirement is imposed. .. note:: If :attr:`user_initial_policy_set` is set to its default value of ``{'any_policy'}``, the effect is that the path validation must accept at least one policy, without specifying which. .. warning:: Due to widespread mis-specification of policy extensions in the wild, many real-world certification chains terminate with an empty set (or rather, tree) of valid policies. Therefore, this flag is set to ``False`` by default. """ initial_any_policy_inhibit: bool = False """ Flag indicating whether ``anyPolicy`` should be left unprocessed when it appears in a certificate. By default, ``anyPolicy`` is always processed when it appears. """ initial_permitted_subtrees: Optional[PKIXSubtrees] = None """ Set of permitted subtrees for each name type, indicating restrictions to impose on subject names (and alternative names) in the certification path. By default, all names are permitted. This behaviour can be modified by name constraints on intermediate CA certificates. """ initial_excluded_subtrees: Optional[PKIXSubtrees] = None """ Set of excluded subtrees for each name type, indicating restrictions to impose on subject names (and alternative names) in the certification path. By default, no names are excluded. This behaviour can be modified by name constraints on intermediate CA certificates. """ def merge(self, other: 'PKIXValidationParams') -> 'PKIXValidationParams': """ Combine the conditions of these PKIX validation params with another set of parameters, producing the most lenient set of parameters that is stricter than both inputs. :param other: Another set of PKIX validation parameters. :return: A combined set of PKIX validation parameters. """ if 'any_policy' in self.user_initial_policy_set: init_policy_set = other.user_initial_policy_set elif 'any_policy' in other.user_initial_policy_set: init_policy_set = self.user_initial_policy_set else: init_policy_set = ( other.user_initial_policy_set & self.user_initial_policy_set ) initial_any_policy_inhibit = ( self.initial_any_policy_inhibit and other.initial_any_policy_inhibit ) initial_explicit_policy = ( self.initial_explicit_policy and other.initial_explicit_policy ) initial_policy_mapping_inhibit = ( self.initial_policy_mapping_inhibit and other.initial_policy_mapping_inhibit ) return PKIXValidationParams( user_initial_policy_set=init_policy_set, initial_any_policy_inhibit=initial_any_policy_inhibit, initial_explicit_policy=initial_explicit_policy, initial_policy_mapping_inhibit=initial_policy_mapping_inhibit, ) @dataclass(frozen=True) class AlgorithmUsageConstraint: """ Expression of a constraint on the usage of an algorithm (possibly with parameter choices). """ allowed: bool """ Flag indicating whether the algorithm can be used. """ not_allowed_after: Optional[datetime] = None """ Date indicating when the algorithm became unavailable (given the relevant choice of parameters, if applicable). """ failure_reason: Optional[str] = None """ A human-readable description of the failure reason, if applicable. """ def __bool__(self): return self.allowed class AlgorithmUsagePolicy(abc.ABC): """ Abstract interface defining a usage policy for cryptographic algorithms. """ def digest_algorithm_allowed( self, algo: algos.DigestAlgorithm, moment: Optional[datetime] ) -> AlgorithmUsageConstraint: """ Determine if the indicated digest algorithm can be used at the point in time indicated. :param algo: A digest algorithm description in ASN.1 form. :param moment: The point in time at which the algorithm should be usable. If ``None``, then the returned judgment applies at all times. :return: A :class:`.AlgorithmUsageConstraint` expressing the judgment. """ raise NotImplementedError def signature_algorithm_allowed( self, algo: algos.SignedDigestAlgorithm, moment: Optional[datetime], public_key: Optional[keys.PublicKeyInfo], ) -> AlgorithmUsageConstraint: """ Determine if the indicated signature algorithm (including the associated digest function and any parameters, if applicable) can be used at the point in time indicated. :param algo: A signature mechanism description in ASN.1 form. :param moment: The point in time at which the algorithm should be usable. If ``None``, then the returned judgment applies at all times. :param public_key: The public key associated with the operation, if available. .. note:: This parameter can be used to enforce key size limits or to filter out keys with known structural weaknesses. :return: A :class:`.AlgorithmUsageConstraint` expressing the judgment. """ raise NotImplementedError class DisallowWeakAlgorithmsPolicy(AlgorithmUsagePolicy): """ Primitive usage policy that forbids a list of user-specified "weak" algorithms and allows everything else. It also ignores the time parameter completely. .. note:: This denial-based strategy is supplied to provide a backwards-compatible default. In many scenarios, an explicit allow-based strategy is more appropriate. Users with specific security requirements are encouraged to implement :class:`.AlgorithmUsagePolicy` themselves. :param weak_hash_algos: The list of digest algorithms considered weak. Defaults to :const:`.DEFAULT_WEAK_HASH_ALGOS`. :param weak_signature_algos: The list of digest algorithms considered weak. Defaults to the empty set. :param rsa_key_size_threshold: The key length threshold for RSA keys, in bits. :param dsa_key_size_threshold: The key length threshold for DSA keys, in bits. """ def __init__( self, weak_hash_algos=DEFAULT_WEAK_HASH_ALGOS, weak_signature_algos=frozenset(), rsa_key_size_threshold=2048, # TODO is this a reasonable default? dsa_key_size_threshold=3192, ): self.weak_hash_algos = weak_hash_algos self.weak_signature_algos = weak_signature_algos self.rsa_key_size_threshold = rsa_key_size_threshold self.dsa_key_size_threshold = dsa_key_size_threshold def digest_algorithm_allowed( self, algo: algos.DigestAlgorithm, moment: Optional[datetime] ) -> AlgorithmUsageConstraint: return AlgorithmUsageConstraint( algo['algorithm'].native not in self.weak_hash_algos ) def signature_algorithm_allowed( self, algo: algos.SignedDigestAlgorithm, moment: Optional[datetime], public_key: Optional[keys.PublicKeyInfo], ) -> AlgorithmUsageConstraint: algo_name = algo.signature_algo algo_allowed = algo_name not in self.weak_signature_algos is_rsa = algo_name.startswith('rsa') is_dsa = algo_name == 'dsa' if algo_allowed and public_key is not None and (is_rsa or is_dsa): key_sz = public_key.bit_size failed_threshold = None if is_rsa and key_sz < self.rsa_key_size_threshold: failed_threshold = self.rsa_key_size_threshold elif is_dsa and key_sz < self.dsa_key_size_threshold: failed_threshold = self.dsa_key_size_threshold if failed_threshold is not None: return AlgorithmUsageConstraint( allowed=False, failure_reason=( f"Key size {key_sz} for algorithm {algo_name} is " f"considered too small; " f"policy mandates >= {failed_threshold}" ), ) try: hash_algo = algo.hash_algo except ValueError: hash_algo = None if algo_allowed and hash_algo is not None: digest_allowed = self.digest_algorithm_allowed( algos.DigestAlgorithm({'algorithm': algo.hash_algo}), moment ) if not digest_allowed: return AlgorithmUsageConstraint( allowed=False, failure_reason=( f"Digest algorithm {digest_allowed} is not allowed, " f"which disqualifies the signature mechanism " f"{algo['algorithm'].native} as well." ), not_allowed_after=digest_allowed.not_allowed_after, ) return AlgorithmUsageConstraint(allowed=algo_allowed) class AcceptAllAlgorithms(AlgorithmUsagePolicy): def digest_algorithm_allowed( self, algo: algos.DigestAlgorithm, moment: Optional[datetime] ) -> AlgorithmUsageConstraint: return AlgorithmUsageConstraint(allowed=True) def signature_algorithm_allowed( self, algo: algos.SignedDigestAlgorithm, moment: Optional[datetime], public_key: Optional[keys.PublicKeyInfo], ) -> AlgorithmUsageConstraint: return AlgorithmUsageConstraint(allowed=True) certvalidator-0.26.3/pyhanko_certvalidator/policy_tree.py000066400000000000000000000253321453642760600237530ustar00rootroot00000000000000from collections import defaultdict from typing import Iterable, Optional, Set from asn1crypto import x509 from ._state import ValProcState from .errors import PathValidationError def update_policy_tree( certificate_policies, valid_policy_tree: 'PolicyTreeRoot', depth: int, any_policy_uninhibited: bool, ) -> Optional['PolicyTreeRoot']: """ Internal method to update the policy tree during RFC 5280 validation. """ cert_any_policy = None cert_policy_identifiers = set() # Step 2 d 1 for policy in certificate_policies: policy_identifier = policy['policy_identifier'].native if policy_identifier == 'any_policy': cert_any_policy = policy continue cert_policy_identifiers.add(policy_identifier) policy_qualifiers = policy['policy_qualifiers'] policy_id_match = False parent_any_policy = None # Step 2 d 1 i for node in valid_policy_tree.at_depth(depth - 1): if node.valid_policy == 'any_policy': parent_any_policy = node if policy_identifier not in node.expected_policy_set: continue policy_id_match = True node.add_child( policy_identifier, policy_qualifiers, {policy_identifier} ) # Step 2 d 1 ii if not policy_id_match and parent_any_policy: parent_any_policy.add_child( policy_identifier, policy_qualifiers, {policy_identifier} ) # Step 2 d 2 if cert_any_policy and any_policy_uninhibited: for node in valid_policy_tree.at_depth(depth - 1): for expected_policy_identifier in node.expected_policy_set: if expected_policy_identifier not in cert_policy_identifiers: node.add_child( expected_policy_identifier, cert_any_policy['policy_qualifiers'], {expected_policy_identifier}, ) # Step 2 d 3 valid_policy_tree = _prune_policy_tree(valid_policy_tree, depth - 1) return valid_policy_tree def _prune_policy_tree(valid_policy_tree, depth): for node in valid_policy_tree.walk_up(depth): if not node.children: node.parent.remove_child(node) if not valid_policy_tree.children: valid_policy_tree = None return valid_policy_tree def enumerate_policy_mappings( mappings: Iterable[x509.PolicyMapping], proc_state: ValProcState ): """ Internal function to process policy mapping extension values into a Python dictionary mapping issuer domain policies to the corresponding policies in the subject policy domain. """ policy_map = defaultdict(set) for mapping in mappings: issuer_domain_policy = mapping['issuer_domain_policy'].native subject_domain_policy = mapping['subject_domain_policy'].native policy_map[issuer_domain_policy].add(subject_domain_policy) # Step 3 a if ( issuer_domain_policy == 'any_policy' or subject_domain_policy == 'any_policy' ): raise PathValidationError.from_state( f"The path could not be validated because " f"{proc_state.describe_cert()} contains " f"a policy mapping for the \"any policy\"", proc_state, ) return policy_map def apply_policy_mapping( policy_map, valid_policy_tree, depth: int, policy_mapping_uninhibited: bool ): """ Internal function to apply the policy mapping to the current policy tree in accordance with the algorithm in RFC 5280. """ for issuer_domain_policy, subject_domain_policies in policy_map.items(): # Step 3 b 1 if policy_mapping_uninhibited: issuer_domain_policy_match = False cert_any_policy = None for node in valid_policy_tree.at_depth(depth): if node.valid_policy == 'any_policy': cert_any_policy = node if node.valid_policy == issuer_domain_policy: issuer_domain_policy_match = True node.expected_policy_set = subject_domain_policies if not issuer_domain_policy_match and cert_any_policy: cert_any_policy.parent.add_child( issuer_domain_policy, cert_any_policy.qualifier_set, subject_domain_policies, ) # Step 3 b 2 else: for node in valid_policy_tree.at_depth(depth): if node.valid_policy == issuer_domain_policy: node.parent.remove_child(node) valid_policy_tree = _prune_policy_tree(valid_policy_tree, depth - 1) return valid_policy_tree def prune_unacceptable_policies( path_length, valid_policy_tree, acceptable_policies ) -> Optional['PolicyTreeRoot']: # Step 4 g iii 1: compute nodes that branch off any_policy # In other words, find all policies that are valid and meaningful in # the trust root(s) namespace. We don't care about what policy mapping # transformed them into; that's taken care of by the validation # algorithm. # Note: set() consumes the iterator to avoid operating on the tree # while iterating over it. Performance is probably not a concern # anyhow. valid_policy_node_set = set(valid_policy_tree.nodes_in_current_domain()) # Step 4 g iii 2: eliminate unacceptable policies def _filter_acceptable(): for policy_node in valid_policy_node_set: policy_id = policy_node.valid_policy if policy_id == 'any_policy' or policy_id in acceptable_policies: yield policy_id else: policy_node.parent.remove_child(policy_node) # list of policies that were explicitly valid valid_and_acceptable = set(_filter_acceptable()) # Step 4 g iii 3: if the final layer contains an anyPolicy node # (there can be at most one), expand it out into acceptable policies # that are not explicitly qualified already try: final_any_policy: PolicyTreeNode = next( policy_node for policy_node in valid_policy_tree.at_depth(path_length) if policy_node.valid_policy == 'any_policy' ) wildcard_parent = final_any_policy.parent assert wildcard_parent is not None wildcard_quals = final_any_policy.qualifier_set for acceptable_policy in acceptable_policies - valid_and_acceptable: wildcard_parent.add_child( acceptable_policy, wildcard_quals, {acceptable_policy} ) # prune the anyPolicy node wildcard_parent.remove_child(final_any_policy) except StopIteration: pass # Step 4 g iii 4: prune the policy tree return _prune_policy_tree(valid_policy_tree, path_length - 1) class PolicyTreeRoot: """ A generic policy tree node, used for the root node in the tree """ @classmethod def init_policy_tree(cls, valid_policy, qualifier_set, expected_policy_set): """ Accepts values for a PolicyTreeNode that will be created at depth 0 :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs """ root = PolicyTreeRoot() root.add_child(valid_policy, qualifier_set, expected_policy_set) return root def __init__(self): self.parent = None self.children = [] def add_child(self, valid_policy, qualifier_set, expected_policy_set): """ Creates a new PolicyTreeNode as a child of this node :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs """ child = PolicyTreeNode(valid_policy, qualifier_set, expected_policy_set) child.parent = self self.children.append(child) def remove_child(self, child): """ Removes a child from this node :param child: An instance of PolicyTreeNode """ self.children.remove(child) def at_depth(self, depth) -> Iterable['PolicyTreeNode']: """ Returns a generator yielding all nodes in the tree at a specific depth :param depth: An integer >= 0 of the depth of nodes to yield :return: A generator yielding PolicyTreeNode objects """ for child in list(self.children): if depth == 0: yield child else: for grandchild in child.at_depth(depth - 1): yield grandchild def walk_up(self, depth): """ Returns a generator yielding all nodes in the tree at a specific depth, or above. Yields nodes starting with leaves and traversing up to the root. :param depth: An integer >= 0 of the depth of nodes to walk up from :return: A generator yielding PolicyTreeNode objects """ for child in list(self.children): if depth != 0: for grandchild in child.walk_up(depth - 1): yield grandchild yield child def nodes_in_current_domain(self) -> Iterable['PolicyTreeNode']: """ Returns a generator yielding all nodes in the tree that are children of an ``any_policy`` node. """ for child in self.children: yield child if child.valid_policy == 'any_policy': yield from child.nodes_in_current_domain() class PolicyTreeNode(PolicyTreeRoot): """ A policy tree node that is used for all nodes but the root """ def __init__( self, valid_policy: str, qualifier_set: x509.PolicyQualifierInfos, expected_policy_set: Set[str], ): """ :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs """ super().__init__() self.valid_policy = valid_policy self.qualifier_set = qualifier_set self.expected_policy_set = expected_policy_set def path_to_root(self): node = self while node is not None: yield node node = node.parent certvalidator-0.26.3/pyhanko_certvalidator/py.typed000066400000000000000000000000001453642760600225430ustar00rootroot00000000000000certvalidator-0.26.3/pyhanko_certvalidator/registry.py000066400000000000000000000531021453642760600233010ustar00rootroot00000000000000# coding: utf-8 import abc import asyncio from collections import defaultdict from typing import AsyncGenerator, Iterable, Iterator, List, Optional, Union from asn1crypto import x509 from oscrypto import trust_list from .authority import CertTrustAnchor, TrustAnchor from .errors import PathBuildingError from .fetchers import CertificateFetcher from .path import ValidationPath from .util import CancelableAsyncIterator, ConsList class CertificateCollection(abc.ABC): """ Abstract base class for read-only access to a collection of certificates. """ def retrieve_by_key_identifier(self, key_identifier: bytes): """ Retrieves a cert via its key identifier :param key_identifier: A byte string of the key identifier :return: None or an asn1crypto.x509.Certificate object """ candidates = self.retrieve_many_by_key_identifier(key_identifier) if not candidates: return None else: return candidates[0] def retrieve_many_by_key_identifier(self, key_identifier: bytes): """ Retrieves possibly multiple certs via the corresponding key identifiers :param key_identifier: A byte string of the key identifier :return: A list of asn1crypto.x509.Certificate objects """ raise NotImplementedError def retrieve_by_name(self, name: x509.Name): """ Retrieves a list certs via their subject name :param name: An asn1crypto.x509.Name object :return: A list of asn1crypto.x509.Certificate objects """ raise NotImplementedError def retrieve_by_issuer_serial(self, issuer_serial): """ Retrieve a certificate by its ``issuer_serial`` value. :param issuer_serial: The ``issuer_serial`` value of the certificate. :return: The certificate corresponding to the ``issuer_serial`` key passed in. :return: None or an asn1crypto.x509.Certificate object """ raise NotImplementedError class CertificateStore(CertificateCollection, abc.ABC): def register(self, cert: x509.Certificate) -> bool: """ Register a single certificate. :param cert: Certificate to add. :return: ``True`` if the certificate was added, ``False`` if it already existed in this store. """ raise NotImplementedError def register_multiple(self, certs: Iterable[x509.Certificate]): """ Register multiple certificates. :param certs: Certificates to register. :return: ``True`` if at least one certificate was added, ``False`` if all certificates already existed in this store. """ added = False for cert in certs: added |= self.register(cert) return added def __iter__(self): raise NotImplementedError class SimpleCertificateStore(CertificateStore): """ Simple trustless certificate store. """ @classmethod def from_certs(cls, certs): result = cls() for cert in certs: result.register(cert) return result def __init__(self): self.certs = {} self._subject_map = defaultdict(list) self._key_identifier_map = defaultdict(list) def register(self, cert: x509.Certificate) -> bool: """ Register a single certificate. :param cert: Certificate to add. :return: ``True`` if the certificate was added, ``False`` if it already existed in this store. """ if cert.issuer_serial in self.certs: return False self.certs[cert.issuer_serial] = cert self._subject_map[cert.subject.hashable].append(cert) if cert.key_identifier: self._key_identifier_map[cert.key_identifier].append(cert) else: self._key_identifier_map[cert.public_key.sha1].append(cert) return True def __getitem__(self, item): return self.certs[item] def __iter__(self): return iter(self.certs.values()) def retrieve_many_by_key_identifier(self, key_identifier: bytes): return self._key_identifier_map[key_identifier] def retrieve_by_name(self, name: x509.Name): return self._subject_map[name.hashable] def retrieve_by_issuer_serial(self, issuer_serial): try: return self[issuer_serial] except KeyError: return None TrustRootList = Iterable[Union[x509.Certificate, TrustAnchor]] class TrustManager: """ Abstract trust manager API. """ def is_root(self, cert: x509.Certificate) -> bool: """ Checks if a certificate is in the list of trust roots in this registry :param cert: An asn1crypto.x509.Certificate object :return: A boolean - if the certificate is in the CA list """ raise NotImplementedError def find_potential_issuers( self, cert: x509.Certificate ) -> Iterator[TrustAnchor]: """ Find potential issuers that might have (directly) issued a particular certificate. :param cert: Issued certificate. :return: An iterator with potentially relevant trust anchors. """ raise NotImplementedError class SimpleTrustManager(TrustManager): """ Trust manager backed by a list of trust roots, possibly in addition to the system trust list. """ def __init__(self): self._roots = set() self._root_subject_map = defaultdict(list) @classmethod def build( cls, trust_roots: Optional[TrustRootList] = None, extra_trust_roots: Optional[TrustRootList] = None, ) -> 'SimpleTrustManager': """ :param trust_roots: If the operating system's trust list should not be used, instead pass a list of asn1crypto.x509.Certificate objects. These certificates will be used as the trust roots for the path being built. :param extra_trust_roots: If the operating system's trust list should be used, but augmented with one or more extra certificates. This should be a list of asn1crypto.x509.Certificate objects. :return: """ if trust_roots is None: trust_roots = [e[0] for e in trust_list.get_list()] else: trust_roots = list(trust_roots) if extra_trust_roots is not None: trust_roots.extend(extra_trust_roots) manager = SimpleTrustManager() for trust_root in trust_roots: manager._register_root(trust_root) return manager def _register_root(self, trust_root: Union[TrustAnchor, x509.Certificate]): if isinstance(trust_root, TrustAnchor): anchor = trust_root else: anchor = CertTrustAnchor(trust_root) if anchor not in self._roots: authority = anchor.authority self._roots.add(anchor) self._root_subject_map[authority.name.hashable].append(anchor) def is_root(self, cert: x509.Certificate): """ Checks if a certificate is in the list of trust roots in this registry :param cert: An asn1crypto.x509.Certificate object :return: A boolean - if the certificate is in the CA list """ return CertTrustAnchor(cert) in self._roots def iter_certs(self) -> Iterator[x509.Certificate]: return ( root.certificate for root in self._roots if isinstance(root, CertTrustAnchor) ) def find_potential_issuers( self, cert: x509.Certificate ) -> Iterator[TrustAnchor]: issuer_hashable = cert.issuer.hashable root: TrustAnchor for root in self._root_subject_map[issuer_hashable]: if root.authority.is_potential_issuer_of(cert): yield root class CertificateRegistry(SimpleCertificateStore): """ Contains certificate lists used to build validation paths, and is also capable of fetching missing certificates if a certificate fetcher is supplied. """ def __init__(self, *, cert_fetcher: Optional[CertificateFetcher] = None): super().__init__() self.fetcher = cert_fetcher @classmethod def build( cls, certs: Iterable[x509.Certificate] = (), *, cert_fetcher: Optional[CertificateFetcher] = None, ): """ Convenience method to set up a certificate registry and import certs into it. :param certs: Initial list of certificates to import. :param cert_fetcher: Certificate fetcher to handle retrieval of missing certificates (in situations where that is possible). :return: A populated certificate registry. """ result: CertificateRegistry = cls(cert_fetcher=cert_fetcher) for cert in certs: result.register(cert) result.fetcher = cert_fetcher return result def retrieve_by_name( self, name: x509.Name, first_certificate: Optional[x509.Certificate] = None, ): """ Retrieves a list certs via their subject name :param name: An asn1crypto.x509.Name object :param first_certificate: An asn1crypto.x509.Certificate object that if found, should be placed first in the result list :return: A list of asn1crypto.x509.Certificate objects """ output = [] first = None for cert in super().retrieve_by_name(name): if first_certificate and first_certificate.sha256 == cert.sha256: first = cert else: output.append(cert) if first: output.insert(0, first) return output def find_potential_issuers( self, cert: x509.Certificate, trust_manager: TrustManager ) -> Iterator[Union[TrustAnchor, x509.Certificate]]: issuer_hashable = cert.issuer.hashable # Info from the authority key identifier extension can be used to # eliminate possible options when multiple keys with the same # subject exist, such as during a transition, or with cross-signing. # go through matching trust roots first yield from trust_manager.find_potential_issuers(cert) for issuer in self._subject_map[issuer_hashable]: if trust_manager.is_root(issuer): continue # skip, we've had these in the previous step if cert.authority_key_identifier and issuer.key_identifier: if cert.authority_key_identifier != issuer.key_identifier: continue elif cert.authority_issuer_serial: if cert.authority_issuer_serial != issuer.issuer_serial: continue yield issuer async def fetch_missing_potential_issuers(self, cert: x509.Certificate): if self.fetcher is None: return issuers = [ issuer async for issuer in self.fetcher.fetch_cert_issuers(cert) ] self.register_multiple(issuers) for issuer in issuers: yield issuer class PathBuilder: """ Class to handle path building. """ def __init__( self, trust_manager: TrustManager, registry: CertificateRegistry ): self.trust_manager = trust_manager self.registry = registry def build_paths(self, end_entity_cert): """ Builds a list of ValidationPath objects from a certificate in the operating system trust store to the end-entity certificate .. note:: This is a synchronous equivalent of :meth:`async_build_paths` that calls the latter in a new event loop. As such, it can't be used from within asynchronous code. :param end_entity_cert: A byte string of a DER or PEM-encoded X.509 certificate, or an instance of asn1crypto.x509.Certificate :return: A list of pyhanko_certvalidator.path.ValidationPath objects that represent the possible paths from the end-entity certificate to one of the CA certs. """ return asyncio.run(self.async_build_paths(end_entity_cert)) async def async_build_paths(self, end_entity_cert: x509.Certificate): """ Builds a list of ValidationPath objects from a certificate in the operating system trust store to the end-entity certificate, returning all paths in a single list. :param end_entity_cert: A byte string of a DER or PEM-encoded X.509 certificate, or an instance of asn1crypto.x509.Certificate :return: A list of pyhanko_certvalidator.path.ValidationPath objects that represent the possible paths from the end-entity certificate to one of the CA certs. """ paths: List[ValidationPath] = [] async for result in self.async_build_paths_lazy(end_entity_cert): paths.append(result) return paths def async_build_paths_lazy( self, end_entity_cert: x509.Certificate ) -> CancelableAsyncIterator[ValidationPath]: """ Builds a list of ValidationPath objects from a certificate in the operating system trust store to the end-entity certificate, and emit them as an asynchronous generator. :param end_entity_cert: A byte string of a DER or PEM-encoded X.509 certificate, or an instance of asn1crypto.x509.Certificate :return: An asynchronous iterator that yields pyhanko_certvalidator.path.ValidationPath objects that represent the possible paths from the end-entity certificate to one of the CA certs, and raises PathBuildingError if no paths could be built """ walker = _PathWalker( self, path=ConsList.sing(end_entity_cert), certs_seen=ConsList.sing(end_entity_cert.issuer_serial), failed_paths=[], ) return LazyPathIterator(walker, end_entity_cert) class _IssuerFetcher: def __init__( self, path_builder: 'PathBuilder', cert: x509.Certificate, certs_seen: ConsList[bytes], ): self.cert = cert self.path_builder = path_builder self.certs_seen = certs_seen local_issuers = self.path_builder.registry.find_potential_issuers( cert, self.path_builder.trust_manager ) self.local_iss_iter = iter(local_issuers) self.local_issuers_found = 0 self.fetched_issuers_found = 0 self._fetched_cas: Optional[ AsyncGenerator[x509.Certificate, None] ] = None self._fetching_done = False @property def issuers_found(self): return self.local_issuers_found + self.fetched_issuers_found def __aiter__(self): return self def __iter__(self): return self def __next__(self) -> Union[TrustAnchor, x509.Certificate]: for issuer in self.local_iss_iter: if isinstance(issuer, x509.Certificate): cert_id = issuer.issuer_serial if cert_id in self.certs_seen: # no duplicates continue self.local_issuers_found += 1 return issuer raise StopIteration async def __anext__(self) -> Union[TrustAnchor, x509.Certificate]: try: return next(self) except StopIteration: pass if ( self._fetched_cas is None and not self.local_issuers_found and not self._fetching_done ): # attempt to download certs only if we didn't find anything locally self._fetched_cas = ( self.path_builder.registry.fetch_missing_potential_issuers( self.cert ) ) if self._fetched_cas is not None: async for issuer in self._fetched_cas: cert_id = issuer.issuer_serial if cert_id in self.certs_seen: continue self.fetched_issuers_found += 1 return issuer self._fetching_done = True raise StopAsyncIteration async def cancel(self): if self._fetched_cas is not None: await self._fetched_cas.aclose() self._fetched_cas = None self._fetching_done = True class _PathWalker: def __init__( self, path_builder: 'PathBuilder', path: ConsList[x509.Certificate], certs_seen: ConsList[bytes], failed_paths: List[ConsList[x509.Certificate]], ): self.path = path self.path_builder = path_builder self.certs_seen = certs_seen cert = path.head assert isinstance(cert, x509.Certificate) self._issuer_fetcher = _IssuerFetcher(path_builder, cert, certs_seen) self.failed_paths = failed_paths self._next_level: Optional[_PathWalker] = None async def cancel(self): if self._issuer_fetcher is not None: await self._issuer_fetcher.cancel() self._issuer_fetcher = None if self._next_level is not None: await self._next_level.cancel() self._next_level = None def __aiter__(self): return self async def __anext__(self): if self._issuer_fetcher is None: raise StopAsyncIteration # pragma: nocover next_path = None while next_path is None: if self._next_level is None: # Fetch the next candidate issuer in the list try: next_issuer = await self._issuer_fetcher.__anext__() except StopAsyncIteration as e: if not self._issuer_fetcher.issuers_found: self.failed_paths.append(self.path) self._issuer_fetcher = None raise e if isinstance(next_issuer, TrustAnchor): # We've reached a trust root -> emit path and stop certs = list(self.path) return ValidationPath(next_issuer, certs[:-1], certs[-1]) else: # if it's not a trust root, we need a new child _PathWalker self._next_level = _PathWalker( self.path_builder, self.path.cons(next_issuer), self.certs_seen.cons(next_issuer.issuer_serial), self.failed_paths, ) # check if next_level has any paths left, if not we clear it # and loop around to look at the next issuer try: next_path = await self._next_level.__anext__() except StopAsyncIteration: self._next_level = None return next_path class LazyPathIterator(CancelableAsyncIterator[ValidationPath]): _as_root: Optional[ValidationPath] = None def __init__(self, walker: _PathWalker, cert: x509.Certificate): # special case for root certs if walker.path_builder.trust_manager.is_root(cert): self._as_root = ValidationPath(CertTrustAnchor(cert), [], None) self._walker: Optional[_PathWalker] = walker self.emitted_count = 0 self._name = cert.subject.human_friendly async def cancel(self): if self._walker is not None: await self._walker.cancel() def __aiter__(self): return self async def __anext__(self) -> ValidationPath: if self._walker is None: raise StopAsyncIteration elif self._as_root is not None: self.emitted_count += 1 self._walker = None return self._as_root try: next_path = await self._walker.__anext__() self.emitted_count += 1 return next_path except StopAsyncIteration: pass if self.emitted_count == 0: path_head = self._walker.failed_paths[0].head assert isinstance(path_head, x509.Certificate) missing_issuer_name = path_head.issuer.human_friendly self._walker = None raise PathBuildingError( f"Unable to build a validation path for the certificate " f"\"{self._name}\" - no issuer matching " f"\"{missing_issuer_name}\" was found" ) raise StopAsyncIteration class LayeredCertificateStore(CertificateCollection): """ Trustless certificate store that looks up certificates in other stores in a specific order. """ def __init__(self, stores: List[CertificateCollection]): self._stores = stores def retrieve_many_by_key_identifier(self, key_identifier: bytes): def _gen(): for store in self._stores: yield from store.retrieve_many_by_key_identifier(key_identifier) return list(_gen()) def retrieve_by_name(self, name: x509.Name): def _gen(): for store in self._stores: yield from store.retrieve_by_name(name) return list(_gen()) def retrieve_by_issuer_serial(self, issuer_serial): for store in self._stores: result = store.retrieve_by_issuer_serial(issuer_serial) if result is not None: return result return None certvalidator-0.26.3/pyhanko_certvalidator/revinfo/000077500000000000000000000000001453642760600225265ustar00rootroot00000000000000certvalidator-0.26.3/pyhanko_certvalidator/revinfo/__init__.py000066400000000000000000000000001453642760600246250ustar00rootroot00000000000000certvalidator-0.26.3/pyhanko_certvalidator/revinfo/_err_gather.py000066400000000000000000000013161453642760600253620ustar00rootroot00000000000000from dataclasses import dataclass, field from datetime import datetime from typing import Any, Optional @dataclass class Errors: failures: list = field(default_factory=list) freshness_failures_only: bool = True stale_last_usable_at: Optional[datetime] = None def append(self, msg: str, revinfo: Any, is_freshness_failure=False): self.failures.append((msg, revinfo)) self.freshness_failures_only &= is_freshness_failure def update_stale(self, dt: Optional[datetime]): if dt is not None: self.stale_last_usable_at = ( dt if self.stale_last_usable_at is None else max(self.stale_last_usable_at, dt) ) certvalidator-0.26.3/pyhanko_certvalidator/revinfo/archival.py000066400000000000000000000335551453642760600247040ustar00rootroot00000000000000import abc import enum from dataclasses import dataclass from datetime import datetime from typing import Iterable, List, Optional, TypeVar, Union from asn1crypto import algos, crl, ocsp from pyhanko_certvalidator._types import type_name from pyhanko_certvalidator.ltv.types import ( IssuedItemContainer, ValidationTimingParams, ) from pyhanko_certvalidator.policy_decl import ( FRESHNESS_FALLBACK_VALIDITY_DEFAULT, CertRevTrustPolicy, FreshnessReqType, ) __all__ = [ 'RevinfoUsabilityRating', 'RevinfoUsability', 'RevinfoContainer', 'OCSPContainer', 'CRLContainer', 'sort_freshest_first', 'process_legacy_crl_input', 'process_legacy_ocsp_input', ] class RevinfoUsabilityRating(enum.Enum): """ Description of whether a piece of revocation information is considered usable in the circumstances provided. """ OK = enum.auto() """ The revocation information is usable. """ STALE = enum.auto() """ The revocation information is stale/too old. """ TOO_NEW = enum.auto() """ The revocation information is too recent. .. note:: This is never an issue in the AdES validation model. """ UNCLEAR = enum.auto() """ The usability of the revocation information could not be assessed unambiguously. """ @property def usable_ades(self) -> bool: """ Boolean indicating whether the assigned rating corresponds to a "fresh" judgment in AdES. """ return self in ( RevinfoUsabilityRating.OK, RevinfoUsabilityRating.TOO_NEW, ) @dataclass(frozen=True) class RevinfoUsability: """ Usability rating and cutoff date for a particular piece of revocation information. """ rating: RevinfoUsabilityRating """ The rating assigned. """ last_usable_at: Optional[datetime] = None """ The last date at which the revocation information could have been considered usable, if applicable. """ class RevinfoContainer(IssuedItemContainer, abc.ABC): """ A container for a piece of revocation information. """ def usable_at( self, policy: CertRevTrustPolicy, timing_params: ValidationTimingParams ) -> RevinfoUsability: """ Assess the usability of the revocation information given a revocation information trust policy and timing parameters. :param policy: The revocation information trust policy. :param timing_params: Timing-related information. :return: A :class:`.RevinfoUsability` judgment. """ raise NotImplementedError @property def revinfo_sig_mechanism_used( self, ) -> Optional[algos.SignedDigestAlgorithm]: """ Extract the signature mechanism used to guarantee the authenticity of the revocation information, if applicable. """ raise NotImplementedError RevInfoType = TypeVar('RevInfoType', bound=RevinfoContainer) def sort_freshest_first(lst: Iterable[RevInfoType]) -> List[RevInfoType]: """ Sort a list of revocation information containers in freshest-first order. Revocation information that does not have a well-defined issuance date will be grouped at the end. :param lst: A list of :class:`.RevinfoContainer` objects of the same type. :return: The same list sorted from fresh to stale. """ def _key(container: RevinfoContainer): dt = container.issuance_date # if dt is None ---> (0, None) # else ---> (1, dt) # This ensures that None is never compared to anything (which would # cause a TypeError), and that (0, None) gets sorted before everything # else. Since we sort reversed, the "unknown issuance date" ones # are dumped at the end of the list. return dt is not None, dt return sorted(lst, key=_key, reverse=True) def _freshness_delta(policy, this_update, next_update, time_tolerance): freshness_delta = policy.freshness if freshness_delta is None: if next_update is not None and next_update >= this_update: freshness_delta = next_update - this_update if freshness_delta is not None: freshness_delta = abs(freshness_delta) + time_tolerance return freshness_delta def _judge_revinfo( this_update: Optional[datetime], next_update: Optional[datetime], policy: CertRevTrustPolicy, timing_params: ValidationTimingParams, ) -> RevinfoUsability: if this_update is None: return RevinfoUsability(RevinfoUsabilityRating.UNCLEAR) validation_time = timing_params.validation_time time_tolerance = timing_params.time_tolerance # Revinfo issued after the validation time may need to be considered # in AdES point-in-time validation. # In the legacy "default" policy, this is controlled by the retroactive # revinfo switch. # see 5.2.5.4 in ETSI EN 319 102-1 if policy.freshness_req_type == FreshnessReqType.TIME_AFTER_SIGNATURE: # check whether the revinfo was generated sufficiently long _after_ # the (presumptive) signature time freshness_delta = _freshness_delta( policy, this_update, next_update, time_tolerance ) if freshness_delta is None: return RevinfoUsability(RevinfoUsabilityRating.UNCLEAR) signature_poe_time = timing_params.best_signature_time if this_update - signature_poe_time < freshness_delta: return RevinfoUsability( RevinfoUsabilityRating.STALE, last_usable_at=this_update + freshness_delta, ) elif ( policy.freshness_req_type == FreshnessReqType.MAX_DIFF_REVOCATION_VALIDATION ): # check whether the difference between thisUpdate # and the validation time is small enough # add time_tolerance to allow for additional time drift freshness_delta = _freshness_delta( policy, this_update, next_update, time_tolerance ) if freshness_delta is None: return RevinfoUsability(RevinfoUsabilityRating.UNCLEAR) # See ETSI EN 319 102-1, § 5.2.5.4, item 2) # in particular, "too recent" doesn't seem to apply; # the result is pass/fail if this_update < validation_time - freshness_delta: return RevinfoUsability( RevinfoUsabilityRating.STALE, last_usable_at=this_update + freshness_delta, ) elif policy.freshness_req_type == FreshnessReqType.DEFAULT: # check whether the validation time falls within the # thisUpdate-nextUpdate window (non-AdES!!) if next_update is None: # OCSP semantics of nextUpdate = VOID is "please request # another update whenever you like". # In our default/legacy validation model this is difficult to # interpret. # for historical point-in-time validation, this is disqualifying next_update = this_update + FRESHNESS_FALLBACK_VALIDITY_DEFAULT retroactive = policy.retroactive_revinfo if not retroactive and validation_time < this_update - time_tolerance: return RevinfoUsability(RevinfoUsabilityRating.TOO_NEW) if validation_time > next_update + time_tolerance: return RevinfoUsability( RevinfoUsabilityRating.STALE, last_usable_at=next_update + time_tolerance, ) else: # pragma: nocover raise NotImplementedError return RevinfoUsability(RevinfoUsabilityRating.OK) def _extract_basic_ocsp_response( ocsp_response, ) -> Optional[ocsp.BasicOCSPResponse]: # Make sure that we get a valid response back from the OCSP responder status = ocsp_response['response_status'].native if status != 'successful': return None response_bytes = ocsp_response['response_bytes'] if response_bytes['response_type'].native != 'basic_ocsp_response': return None return response_bytes['response'].parsed @dataclass(frozen=True) class OCSPContainer(RevinfoContainer): """ Container for an OCSP response. """ ocsp_response_data: ocsp.OCSPResponse """ The OCSP response value. """ index: int = 0 """ The index of the ``SingleResponse`` payload in the original OCSP response object retrieved from the server, if applicable. """ @classmethod def load_multi( cls, ocsp_response: ocsp.OCSPResponse ) -> List['OCSPContainer']: """ Turn an OCSP response object into one or more :class:`.OCSPContainer` objects. If a :class:`.OCSPContainer` contains more than one ``SingleResponse``, then the same OCSP response will be duplicated into multiple containers, each with a different ``index`` value. :param ocsp_response: An OCSP response. :return: A list of :class:`.OCSPContainer` objects, one for each ``SingleResponse`` value. """ basic_ocsp_response = _extract_basic_ocsp_response(ocsp_response) if basic_ocsp_response is None: return [] tbs_response = basic_ocsp_response['tbs_response_data'] return [ OCSPContainer(ocsp_response_data=ocsp_response, index=ix) for ix in range(len(tbs_response['responses'])) ] @property def issuance_date(self) -> Optional[datetime]: cert_response = self.extract_single_response() if cert_response is None: return None return cert_response['this_update'].native def usable_at( self, policy: CertRevTrustPolicy, timing_params: ValidationTimingParams ) -> RevinfoUsability: cert_response = self.extract_single_response() if cert_response is None: return RevinfoUsability(RevinfoUsabilityRating.UNCLEAR) this_update = cert_response['this_update'].native next_update = cert_response['next_update'].native return _judge_revinfo( this_update, next_update, policy=policy, timing_params=timing_params, ) def extract_basic_ocsp_response(self) -> Optional[ocsp.BasicOCSPResponse]: """ Extract the ``BasicOCSPResponse``, assuming there is one (i.e. the OCSP response is a standard, non-error response). """ return _extract_basic_ocsp_response(self.ocsp_response_data) def extract_single_response(self) -> Optional[ocsp.SingleResponse]: """ Extract the unique ``SingleResponse`` value identified by the index. """ basic_ocsp_response = self.extract_basic_ocsp_response() if basic_ocsp_response is None: return None tbs_response = basic_ocsp_response['tbs_response_data'] if len(tbs_response['responses']) <= self.index: return None return tbs_response['responses'][self.index] @property def revinfo_sig_mechanism_used( self, ) -> Optional[algos.SignedDigestAlgorithm]: basic_resp = self.extract_basic_ocsp_response() return None if basic_resp is None else basic_resp['signature_algorithm'] @dataclass(frozen=True) class CRLContainer(RevinfoContainer): """ Container for a certificate revocation list (CRL). """ crl_data: crl.CertificateList """ The CRL data. """ def usable_at( self, policy: CertRevTrustPolicy, timing_params: ValidationTimingParams ) -> RevinfoUsability: tbs_cert_list = self.crl_data['tbs_cert_list'] this_update = tbs_cert_list['this_update'].native next_update = tbs_cert_list['next_update'].native return _judge_revinfo( this_update, next_update, policy=policy, timing_params=timing_params ) @property def issuance_date(self) -> Optional[datetime]: tbs_cert_list = self.crl_data['tbs_cert_list'] return tbs_cert_list['this_update'].native @property def revinfo_sig_mechanism_used(self) -> algos.SignedDigestAlgorithm: return self.crl_data['signature_algorithm'] LegacyCompatCRL = Union[bytes, crl.CertificateList, CRLContainer] LegacyCompatOCSP = Union[bytes, ocsp.OCSPResponse, OCSPContainer] def process_legacy_crl_input( crls: Iterable[LegacyCompatCRL], ) -> List[CRLContainer]: """ Internal function to process legacy CRL data into one or more :class:`.CRLContainer`. :param crls: Legacy CRL input data. :return: A list of :class:`.CRLContainer` objects. """ new_crls = [] for crl_ in crls: if isinstance(crl_, bytes): crl_ = crl.CertificateList.load(crl_) if isinstance(crl_, crl.CertificateList): crl_ = CRLContainer(crl_) if isinstance(crl_, CRLContainer): new_crls.append(crl_) else: raise TypeError( f"crls must be a list of byte strings or " f"asn1crypto.crl.CertificateList objects, not {type_name(crl_)}" ) return new_crls def process_legacy_ocsp_input( ocsps: Iterable[LegacyCompatOCSP], ) -> List[OCSPContainer]: """ Internal function to process legacy OCSP data into one or more :class:`.OCSPContainer`. :param ocsps: Legacy OCSP input data. :return: A list of :class:`.OCSPContainer` objects. """ new_ocsps = [] for ocsp_ in ocsps: if isinstance(ocsp_, bytes): ocsp_ = ocsp.OCSPResponse.load(ocsp_) if isinstance(ocsp_, ocsp.OCSPResponse): extr = OCSPContainer.load_multi(ocsp_) new_ocsps.extend(extr) elif isinstance(ocsp_, OCSPContainer): new_ocsps.append(ocsp_) else: raise TypeError( f"ocsps must be a list of byte strings or " f"asn1crypto.ocsp.OCSPResponse objects, not {type_name(ocsp_)}" ) return new_ocsps certvalidator-0.26.3/pyhanko_certvalidator/revinfo/constants.py000066400000000000000000000010671453642760600251200ustar00rootroot00000000000000KNOWN_CRL_EXTENSIONS = { 'issuer_alt_name', 'crl_number', 'delta_crl_indicator', 'issuing_distribution_point', 'authority_key_identifier', 'freshest_crl', 'authority_information_access', } VALID_REVOCATION_REASONS = { 'key_compromise', 'ca_compromise', 'affiliation_changed', 'superseded', 'cessation_of_operation', 'certificate_hold', 'privilege_withdrawn', 'aa_compromise', } KNOWN_CRL_ENTRY_EXTENSIONS = { 'crl_reason', 'hold_instruction_code', 'invalidity_date', 'certificate_issuer', } certvalidator-0.26.3/pyhanko_certvalidator/revinfo/manager.py000066400000000000000000000221151453642760600245130ustar00rootroot00000000000000from datetime import datetime from typing import Dict, Iterable, List, Optional, Set from asn1crypto import crl, ocsp, x509 from pyhanko_certvalidator.authority import Authority from pyhanko_certvalidator.errors import OCSPFetchError from pyhanko_certvalidator.fetchers import Fetchers from pyhanko_certvalidator.ltv.poe import ( KnownPOE, POEManager, POEType, ValidationObject, ValidationObjectType, digest_for_poe, ) from pyhanko_certvalidator.policy_decl import NonRevokedStatusAssertion from pyhanko_certvalidator.registry import CertificateRegistry from pyhanko_certvalidator.revinfo.archival import ( CRLContainer, OCSPContainer, sort_freshest_first, ) class RevinfoManager: """ .. versionadded:: 0.20.0 Class to manage and potentially fetch revocation information. :param certificate_registry: The associated certificate registry. :param poe_manager: The proof-of-existence (POE) data manager. :param crls: CRL data. :param ocsps: OCSP response data. :param fetchers: Fetchers for collecting revocation information. If ``None``, no fetching will be performed. """ def __init__( self, certificate_registry: CertificateRegistry, poe_manager: POEManager, crls: Iterable[CRLContainer], ocsps: Iterable[OCSPContainer], assertions: Iterable[NonRevokedStatusAssertion] = (), fetchers: Optional[Fetchers] = None, ): self._certificate_registry = certificate_registry self._poe_manager = poe_manager self._revocation_certs: Dict[bytes, x509.Certificate] = {} self._crl_issuer_map: Dict[bytes, x509.Certificate] = {} self._crls: List[CRLContainer] = [] if crls: self._crls = sort_freshest_first(crls) self._ocsps: List[OCSPContainer] = [] if ocsps: self._ocsps = ocsps = sort_freshest_first(ocsps) for ocsp_response in ocsps: self._extract_ocsp_certs(ocsp_response) self._fetchers = fetchers self._assertions: Dict[bytes, NonRevokedStatusAssertion] = { assertion.cert_sha256: assertion for assertion in assertions } @property def poe_manager(self) -> POEManager: """ The proof-of-existence (POE) data manager. """ return self._poe_manager @property def certificate_registry(self) -> CertificateRegistry: """ The associated certificate registry. """ return self._certificate_registry @property def fetching_allowed(self) -> bool: """ Boolean indicating whether fetching is allowed. """ return self._fetchers is not None @property def crls(self) -> List[crl.CertificateList]: """ A list of all cached :class:`crl.CertificateList` objects """ raw_crls = [cont.crl_data for cont in self._crls] if not self._fetchers: return raw_crls return list(self._fetchers.crl_fetcher.fetched_crls()) + raw_crls @property def ocsps(self) -> List[ocsp.OCSPResponse]: """ A list of all cached :class:`ocsp.OCSPResponse` objects """ raw_ocsps = [cont.ocsp_response_data for cont in self._ocsps] if not self._fetchers: return raw_ocsps return list(self._fetchers.ocsp_fetcher.fetched_responses()) + raw_ocsps @property def new_revocation_certs(self) -> List[x509.Certificate]: """ A list of newly-fetched :class:`x509.Certificate` objects that were obtained from OCSP responses and CRLs """ return list(self._revocation_certs.values()) def _extract_ocsp_certs(self, ocsp_response: OCSPContainer): """ Extracts any certificates included with an OCSP response and adds them to the certificate registry :param ocsp_response: An asn1crypto.ocsp.OCSPResponse object to look for certs inside of """ poe_man = self._poe_manager ocsp_poe_time = poe_man[ocsp_response] registry = self._certificate_registry revo_certs = self._revocation_certs basic = ocsp_response.extract_basic_ocsp_response() if basic is not None and basic['certs']: for other_cert in basic['certs']: if registry.register(other_cert): revo_certs[other_cert.issuer_serial] = other_cert poe_man.register_known_poe( KnownPOE( poe_type=POEType.VALIDATION, digest=digest_for_poe(other_cert.dump()), # register with the same POE time as the OCSP # response poe_time=ocsp_poe_time, validation_object=ValidationObject( object_type=ValidationObjectType.CERTIFICATE, value=other_cert, ), ) ) def record_crl_issuer(self, certificate_list, cert): """ Records the certificate that issued a certificate list. Used to reduce processing code when dealing with self-issued certificates and multiple CRLs. :param certificate_list: An ans1crypto.crl.CertificateList object :param cert: An ans1crypto.x509.Certificate object """ self._crl_issuer_map[certificate_list.signature] = cert def check_crl_issuer(self, certificate_list) -> Optional[x509.Certificate]: """ Checks to see if the certificate that signed a certificate list has been found :param certificate_list: An ans1crypto.crl.CertificateList object :return: None if not found, or an asn1crypto.x509.Certificate object of the issuer """ return self._crl_issuer_map.get(certificate_list.signature) async def async_retrieve_crls(self, cert) -> List[CRLContainer]: """ .. versionadded:: 0.20.0 :param cert: An asn1crypto.x509.Certificate object :return: A list of :class:`CRLContainer` objects """ if not self._fetchers: return self._crls fetchers = self._fetchers try: crls = fetchers.crl_fetcher.fetched_crls_for_cert(cert) except KeyError: crls = await fetchers.crl_fetcher.fetch(cert) conts = [CRLContainer(crl_data) for crl_data in crls] return conts + self._crls async def async_retrieve_ocsps( self, cert, authority: Authority ) -> List[OCSPContainer]: """ .. versionadded:: 0.20.0 :param cert: An asn1crypto.x509.Certificate object :param authority: The issuing authority for the certificate :return: A list of :class:`OCSPContainer` objects """ if not self._fetchers: return self._ocsps fetchers = self._fetchers ocsps = [ OCSPContainer(resp) for resp in fetchers.ocsp_fetcher.fetched_responses_for_cert(cert) ] if not ocsps: ocsp_response_data = await fetchers.ocsp_fetcher.fetch( cert, authority ) ocsps = OCSPContainer.load_multi(ocsp_response_data) # Responses can contain certificates that are useful in # validating the response itself. We can use these since they # will be validated using the local trust roots. for resp in ocsps: try: self._extract_ocsp_certs(resp) except ValueError: raise OCSPFetchError( "Failed to extract certificates from " "fetched OCSP response" ) return ocsps + self._ocsps def evict_ocsps(self, hashes_to_evict: Set[bytes]): """ Internal API to eliminate local OCSP records from consideration. :param hashes_to_evict: A collection of OCSP response hashes; see :func:`.digest_for_poe`. """ def p(container: OCSPContainer): digest = digest_for_poe(container.ocsp_response_data.dump()) return digest not in hashes_to_evict self._ocsps = list(filter(p, self._ocsps)) def evict_crls(self, hashes_to_evict: Set[bytes]): """ Internal API to eliminate local CRLs from consideration. :param hashes_to_evict: A collection of CRL hashes; see :func:`.digest_for_poe`. """ def p(container: CRLContainer): digest = digest_for_poe(container.crl_data.dump()) return digest not in hashes_to_evict self._crls = list(filter(p, self._crls)) def check_asserted_unrevoked( self, cert: x509.Certificate, at: datetime ) -> bool: try: return at <= self._assertions[cert.sha256].at except KeyError: return False certvalidator-0.26.3/pyhanko_certvalidator/revinfo/validate_crl.py000066400000000000000000001347311453642760600255420ustar00rootroot00000000000000import hashlib import logging from collections import defaultdict from dataclasses import dataclass, field from datetime import datetime from typing import Dict, List, Optional, Set, Tuple, Union from asn1crypto import cms, crl, x509 from cryptography.exceptions import InvalidSignature from pyhanko_certvalidator._state import ValProcState from pyhanko_certvalidator.authority import Authority, AuthorityWithCert from pyhanko_certvalidator.context import ValidationContext from pyhanko_certvalidator.errors import ( CertificateFetchError, CRLNoMatchesError, CRLValidationError, CRLValidationIndeterminateError, PathValidationError, PSSParameterMismatch, RevokedError, ) from pyhanko_certvalidator.ltv.types import ValidationTimingParams from pyhanko_certvalidator.path import ValidationPath from pyhanko_certvalidator.policy_decl import CertRevTrustPolicy from pyhanko_certvalidator.registry import CertificateRegistry from pyhanko_certvalidator.revinfo._err_gather import Errors from pyhanko_certvalidator.revinfo.archival import ( CRLContainer, RevinfoUsabilityRating, ) from pyhanko_certvalidator.revinfo.constants import ( KNOWN_CRL_ENTRY_EXTENSIONS, KNOWN_CRL_EXTENSIONS, VALID_REVOCATION_REASONS, ) from pyhanko_certvalidator.revinfo.manager import RevinfoManager from pyhanko_certvalidator.util import ( ConsList, get_ac_extension_value, get_issuer_dn, validate_sig, ) logger = logging.getLogger(__name__) @dataclass(frozen=True) class CRLWithPaths: """ A CRL with a number of candidate paths """ crl: CRLContainer paths: List[ValidationPath] async def _find_candidate_crl_issuer_certs( crl_authority_name: x509.Name, certificate_list: crl.CertificateList, *, cert_issuer_auth: Authority, cert_registry: CertificateRegistry, ) -> List[x509.Certificate]: # first, look for certs issued to the issuer named as the entity # that signed the CRL. # In both cases, we prioritise the next-level issuer in the main path # if it matches the criteria. delegated_issuer = certificate_list.issuer cert_issuer_cert = None if isinstance(cert_issuer_auth, AuthorityWithCert): cert_issuer_cert = cert_issuer_auth.certificate candidates = cert_registry.retrieve_by_name( delegated_issuer, cert_issuer_cert ) if not candidates and crl_authority_name != certificate_list.issuer: # next, look in the cache for certs issued to the entity named # in the issuing distribution point (i.e. the issuing authority) candidates = cert_registry.retrieve_by_name( crl_authority_name, cert_issuer_cert ) if not candidates and cert_registry.fetcher is not None: candidates = [] valid_names = {crl_authority_name, delegated_issuer} # Try to download certificates from URLs in the AIA extension, # if there is one async for cert in cert_registry.fetcher.fetch_crl_issuers( certificate_list ): # filter by name if cert.subject in valid_names: candidates.insert(0, cert) return candidates @dataclass class _CRLIssuerSearchErrs: candidate_issuers: int candidates_skipped: int = 0 signatures_failed: int = 0 unauthorized_certs: int = 0 path_building_failures: int = 0 explicit_errors: List[CRLValidationError] = field(default_factory=list) def get_exc(self): plural = self.candidate_issuers > 1 if ( not self.candidate_issuers or self.candidates_skipped == self.candidate_issuers ): return CRLNoMatchesError() elif self.signatures_failed == self.candidate_issuers: return CRLValidationError('CRL signature could not be verified') elif self.unauthorized_certs == self.candidate_issuers: return CRLValidationError( 'The CRL issuers that were identified are not authorized ' 'to sign CRLs' if plural else 'The CRL issuer that was identified is ' 'not authorized to sign CRLs' ) elif self.path_building_failures == self.candidate_issuers: return CRLValidationError( 'The chain of trust for the CRL issuers that were identified ' 'could not be determined' if plural else 'The chain of trust for the CRL issuer that was identified ' 'could not be determined' ) elif self.explicit_errors and len(self.explicit_errors) == 1: # if there's only one error, throw it return self.explicit_errors[0] else: msg = 'Unable to determine CRL trust status. ' msg += '; '.join(str(e) for e in self.explicit_errors) return CRLValidationError(msg) async def _validate_crl_issuer_path( *, candidate_crl_issuer_path: ValidationPath, validation_context: ValidationContext, issuing_authority_identical: bool, proc_state: ValProcState, ): # If we have a validation cached (from before, or because the CRL issuer # appears further up in the path) use it. # This is not just for efficiency, it also makes for clearer errors when # validation fails due to revocation info issues further up in the path if validation_context.check_validation(candidate_crl_issuer_path.last): return try: temp_override = proc_state.ee_name_override if not issuing_authority_identical: temp_override = ( proc_state.describe_cert(never_def=True) + ' CRL issuer' ) from pyhanko_certvalidator.validate import intl_validate_path new_stack = proc_state.cert_path_stack.cons(candidate_crl_issuer_path) await intl_validate_path( validation_context, candidate_crl_issuer_path, proc_state=ValProcState( ee_name_override=temp_override, cert_path_stack=new_stack ), ) except PathValidationError as e: iss_cert = candidate_crl_issuer_path.last logger.warning( f"Path for CRL issuer {iss_cert.subject.human_friendly} could not " f"be validated.", exc_info=e, ) raise CRLValidationError( f'The CRL issuer certificate path could not be validated. {e}' ) async def _find_candidate_crl_paths( crl_authority_name: x509.Name, certificate_list: crl.CertificateList, *, cert: Union[x509.Certificate, cms.AttributeCertificateV2], cert_issuer_auth: Authority, cert_path: ValidationPath, certificate_registry: CertificateRegistry, is_indirect: bool, proc_state: ValProcState, ) -> Tuple[List[ValidationPath], _CRLIssuerSearchErrs]: cert_sha256 = hashlib.sha256(cert.dump()).digest() candidate_crl_issuers = await _find_candidate_crl_issuer_certs( crl_authority_name, certificate_list, cert_issuer_auth=cert_issuer_auth, cert_registry=certificate_registry, ) cert_issuer_name = cert_issuer_auth.name errs = _CRLIssuerSearchErrs(candidate_issuers=len(candidate_crl_issuers)) candidate_paths = [] for candidate_crl_issuer in candidate_crl_issuers: direct_issuer = candidate_crl_issuer.subject == cert_issuer_name # In some cases an indirect CRL issuer is a certificate issued # by the certificate issuer. However, we need to ensure that # the candidate CRL issuer is not the certificate being checked, # otherwise we may be checking an incorrect CRL and produce # incorrect results. indirect_issuer = ( candidate_crl_issuer.issuer == cert_issuer_name and candidate_crl_issuer.sha256 != cert_sha256 ) if not direct_issuer and not indirect_issuer and not is_indirect: errs.candidates_skipped += 1 continue key_usage_value = candidate_crl_issuer.key_usage_value if key_usage_value and 'crl_sign' not in key_usage_value.native: errs.unauthorized_certs += 1 continue try: # Step g # NOTE: Theoretically this can only be done after full X.509 # path validation (step f), but that only matters for DSA key # inheritance which we don't support anyhow when doing revocation # checks. _verify_crl_signature( certificate_list, candidate_crl_issuer.public_key ) except CRLValidationError: errs.signatures_failed += 1 continue cand_path = proc_state.check_path_verif_recursion(candidate_crl_issuer) if not cand_path: try: cand_path = cert_path.truncate_to_issuer_and_append( candidate_crl_issuer ) except LookupError: errs.path_building_failures += 1 continue candidate_paths.append(cand_path) return candidate_paths, errs async def _find_crl_issuer( crl_authority_name: x509.Name, certificate_list: crl.CertificateList, *, cert: Union[x509.Certificate, cms.AttributeCertificateV2], cert_issuer_auth: Authority, cert_path: ValidationPath, validation_context: ValidationContext, is_indirect: bool, proc_state: ValProcState, ) -> ValidationPath: candidate_paths, errs = await _find_candidate_crl_paths( crl_authority_name, certificate_list, cert=cert, cert_issuer_auth=cert_issuer_auth, cert_path=cert_path, certificate_registry=validation_context.certificate_registry, is_indirect=is_indirect, proc_state=proc_state, ) for candidate_crl_issuer_path in candidate_paths: candidate_crl_issuer = candidate_crl_issuer_path.last # Skip path validation step if we're recursing # (necessary to process CRLs that have their own certificate in-scope, # which is questionable practice, but PKITS has a test case for this # specific wrinkle, and it's not contradicted by anything in RFC 5280, # so it's probably allowed in theory) if proc_state.check_path_verif_recursion(candidate_crl_issuer): validation_context.revinfo_manager.record_crl_issuer( certificate_list, candidate_crl_issuer ) return candidate_crl_issuer_path # Step f # Note: this is not the same as .truncate_to() if # candidate_crl_issuer doesn't appear in the path! candidate_crl_issuer_path = cert_path.truncate_to_issuer_and_append( candidate_crl_issuer ) try: # This check needs to know not only whether the names agree, # but also whether the keys are the same, in order to yield # the correct error message on failure. # (Scenario: CA with separate keys for CRL signing and for # certificate issuance, but with the same name on both certs) issuing_authority_identical = not is_indirect and ( cert_issuer_auth is not None and cert_issuer_auth.public_key.dump() == candidate_crl_issuer.public_key.dump() ) await _validate_crl_issuer_path( candidate_crl_issuer_path=candidate_crl_issuer_path, validation_context=validation_context, issuing_authority_identical=issuing_authority_identical, proc_state=proc_state, ) validation_context.revinfo_manager.record_crl_issuer( certificate_list, candidate_crl_issuer ) return candidate_crl_issuer_path except CRLValidationError as e: errs.explicit_errors.append(e) continue raise errs.get_exc() @dataclass class _CRLErrs(Errors): issuer_failures: int = 0 def _find_matching_delta_crl( delta_lists: List[CRLContainer], crl_authority_name: x509.Name, crl_idp: crl.IssuingDistributionPoint, parent_crl_aki: Optional[bytes], ) -> Optional[CRLContainer]: for candidate_delta_cl_cont in delta_lists: candidate_delta_cl = candidate_delta_cl_cont.crl_data # Step c 1 if candidate_delta_cl.issuer != crl_authority_name: continue # Step c 2 delta_crl_idp = candidate_delta_cl.issuing_distribution_point_value if (crl_idp is None and delta_crl_idp is not None) or ( crl_idp is not None and delta_crl_idp is None ): continue if crl_idp is not None and crl_idp.native != delta_crl_idp.native: continue # Step c 3 if parent_crl_aki != candidate_delta_cl.authority_key_identifier: continue return candidate_delta_cl_cont return None def _match_dps_idp_names( crl_idp: crl.IssuingDistributionPoint, crl_dps: Optional[x509.CRLDistributionPoints], crl_issuer: x509.Certificate, crl_authority_name: x509.Name, ) -> bool: # Step b 2 i has_idp_name = False has_dp_name = False idp_dp_match = False idp_general_names = [] idp_dp_name = crl_idp['distribution_point'] if idp_dp_name: has_idp_name = True if idp_dp_name.name == 'full_name': for general_name in idp_dp_name.chosen: idp_general_names.append(general_name) else: inner_extended_issuer_name = crl_issuer.subject.copy() inner_extended_issuer_name.chosen.append(idp_dp_name.chosen.untag()) idp_general_names.append( x509.GeneralName( name='directory_name', value=inner_extended_issuer_name ) ) if crl_dps: for dp in crl_dps: if idp_dp_match: break dp_name = dp['distribution_point'] if dp_name: has_dp_name = True if dp_name.name == 'full_name': for general_name in dp_name.chosen: if general_name in idp_general_names: idp_dp_match = True break else: inner_extended_issuer_name = crl_issuer.subject.copy() inner_extended_issuer_name.chosen.append( dp_name.chosen.untag() ) dp_extended_issuer_name = x509.GeneralName( name='directory_name', value=inner_extended_issuer_name ) if dp_extended_issuer_name in idp_general_names: idp_dp_match = True elif dp['crl_issuer']: has_dp_name = True for dp_crl_authority_name in dp['crl_issuer']: if dp_crl_authority_name in idp_general_names: idp_dp_match = True break else: # If there is no DP, we consider the CRL issuer name to be it has_dp_name = True general_name = x509.GeneralName( name='directory_name', value=crl_authority_name ) if general_name in idp_general_names: idp_dp_match = True return idp_dp_match or not has_idp_name or not has_dp_name def _handle_crl_idp_ext_constraints( cert: x509.Certificate, certificate_list: crl.CertificateList, crl_issuer: x509.Certificate, crl_idp: crl.IssuingDistributionPoint, crl_authority_name: x509.Name, errs: _CRLErrs, ) -> bool: match = _match_dps_idp_names( crl_idp=crl_idp, crl_dps=cert.crl_distribution_points_value, crl_issuer=crl_issuer, crl_authority_name=crl_authority_name, ) if not match: errs.append( "The CRL issuing distribution point extension does not " "share any names with the certificate CRL distribution " "point extension", certificate_list, ) errs.issuer_failures += 1 return False # Step b 2 ii if crl_idp['only_contains_user_certs'].native: if ( cert.basic_constraints_value and cert.basic_constraints_value['ca'].native ): errs.append( "CRL only contains end-entity certificates and " "certificate is a CA certificate", certificate_list, ) return False # Step b 2 iii if crl_idp['only_contains_ca_certs'].native: if ( not cert.basic_constraints_value or cert.basic_constraints_value['ca'].native is False ): errs.append( "CRL only contains CA certificates and certificate " "is an end-entity certificate", certificate_list, ) return False # Step b 2 iv if crl_idp['only_contains_attribute_certs'].native: errs.append( 'CRL only contains attribute certificates', certificate_list ) return False return True def _handle_attr_cert_crl_idp_ext_constraints( certificate_list: crl.CertificateList, crl_dps: Optional[x509.CRLDistributionPoints], crl_issuer: x509.Certificate, crl_idp: crl.IssuingDistributionPoint, crl_authority_name: x509.Name, errs: _CRLErrs, ) -> bool: match = _match_dps_idp_names( crl_idp=crl_idp, crl_dps=crl_dps, crl_issuer=crl_issuer, crl_authority_name=crl_authority_name, ) if not match: errs.append( "The CRL issuing distribution point extension does not " "share any names with the attribute certificate's " "CRL distribution point extension", certificate_list, ) errs.issuer_failures += 1 return False # Step b 2 ii pkc_only = ( crl_idp['only_contains_user_certs'].native or crl_idp['only_contains_ca_certs'].native ) if pkc_only: errs.append( "CRL only contains public-key certificates, but " "certificate is an attribute certificate", certificate_list, ) return False return True def _check_crl_freshness( certificate_list_cont: CRLContainer, revinfo_policy: CertRevTrustPolicy, timing_params: ValidationTimingParams, errs: _CRLErrs, is_delta: bool, ): freshness_result = certificate_list_cont.usable_at( policy=revinfo_policy, timing_params=timing_params, ) prefix = "Delta CRL" if is_delta else "CRL" rating = freshness_result.rating if rating != RevinfoUsabilityRating.OK: if rating == RevinfoUsabilityRating.STALE: msg = f'{prefix} is not recent enough' errs.update_stale(freshness_result.last_usable_at) elif rating == RevinfoUsabilityRating.TOO_NEW: msg = f'{prefix} is too recent' else: msg = f'{prefix} freshness could not be established' errs.append(msg, certificate_list_cont, is_freshness_failure=True) return False return True async def _handle_single_crl( cert: Union[x509.Certificate, cms.AttributeCertificateV2], cert_issuer_auth: Authority, certificate_list_cont: CRLContainer, path: ValidationPath, validation_context: ValidationContext, delta_lists_by_issuer: Dict[str, List[CRLContainer]], use_deltas: bool, errs: _CRLErrs, proc_state: ValProcState, ) -> Optional[Set[str]]: certificate_list = certificate_list_cont.crl_data try: is_indirect, crl_authority_name = _get_crl_authority_name( certificate_list_cont, cert_issuer_auth.name, certificate_registry=validation_context.certificate_registry, errs=errs, ) except LookupError: # already logged by _get_crl_authority_name return None # check if we already know the issuer of this CRL crl_issuer = validation_context.revinfo_manager.check_crl_issuer( certificate_list ) # if not, attempt to determine it if not crl_issuer: try: crl_issuer_path = await _find_crl_issuer( crl_authority_name, certificate_list, cert=cert, cert_issuer_auth=cert_issuer_auth, cert_path=path, validation_context=validation_context, is_indirect=is_indirect, proc_state=proc_state, ) crl_issuer = crl_issuer_path.last except CRLNoMatchesError: # this no-match issue will be dealt with at a higher level later errs.issuer_failures += 1 return None except (CertificateFetchError, CRLValidationError) as e: errs.append(e.args[0], certificate_list) return None interim_reasons = _get_crl_scope_assuming_authority( crl_issuer=crl_issuer, cert=cert, certificate_list_cont=certificate_list_cont, is_indirect=is_indirect, errs=errs, ) if interim_reasons is None: return None if not _check_crl_freshness( certificate_list_cont, validation_context.revinfo_policy, validation_context.timing_params, errs, is_delta=False, ): return None # Step c if use_deltas: delta_certificate_list_cont = _maybe_get_delta_crl( certificate_list=certificate_list, crl_issuer=crl_issuer, policy=validation_context.revinfo_policy, timing_params=validation_context.timing_params, delta_lists_by_issuer=delta_lists_by_issuer, errs=errs, ) else: delta_certificate_list_cont = None try: revoked_date, revoked_reason = _check_cert_on_crl_and_delta( crl_issuer=crl_issuer, cert=cert, certificate_list_cont=certificate_list_cont, delta_certificate_list_cont=delta_certificate_list_cont, errs=errs, ) except NotImplementedError: # the subroutine already registered the failure, so just bail return None timing = validation_context.timing_params control_time = ( timing.validation_time if timing.point_in_time_validation else None ) if revoked_reason and (control_time is None or revoked_date < control_time): raise RevokedError.format( reason=revoked_reason, revocation_dt=revoked_date, revinfo_type='CRL', proc_state=proc_state, ) return interim_reasons def _get_crl_authority_name( certificate_list_cont: CRLContainer, cert_issuer_name: x509.Name, certificate_registry: CertificateRegistry, errs: _CRLErrs, ) -> Tuple[bool, x509.Name]: """ Figure out the name of the entity on behalf of which the CRL was issued. """ certificate_list = certificate_list_cont.crl_data crl_idp: crl.IssuingDistributionPoint = ( certificate_list.issuing_distribution_point_value ) is_indirect = bool(crl_idp and crl_idp['indirect_crl'].native) if not is_indirect: crl_authority_name = certificate_list.issuer else: crl_idp_name = crl_idp['distribution_point'] if crl_idp_name: if crl_idp_name.name == 'full_name': crl_authority_name = crl_idp_name.chosen[0].chosen else: crl_authority_name = cert_issuer_name.copy().chosen.append( crl_idp_name.chosen ) elif certificate_list.authority_key_identifier: tmp_crl_issuer = certificate_registry.retrieve_by_key_identifier( certificate_list.authority_key_identifier ) crl_authority_name = tmp_crl_issuer.subject else: errs.append( 'CRL is marked as an indirect CRL, but provides no ' 'mechanism for locating the CRL issuer certificate', certificate_list_cont, ) raise LookupError return is_indirect, crl_authority_name def _maybe_get_delta_crl( certificate_list: crl.CertificateList, crl_issuer: x509.Certificate, delta_lists_by_issuer: Dict[str, List[CRLContainer]], errs: _CRLErrs, timing_params: Optional[ValidationTimingParams] = None, policy: Optional[CertRevTrustPolicy] = None, ) -> Optional[CRLContainer]: if ( not certificate_list.freshest_crl_value or len(certificate_list.freshest_crl_value) == 0 ): # nothing to do, return return None crl_authority_name = crl_issuer.subject crl_idp: crl.IssuingDistributionPoint = ( certificate_list.issuing_distribution_point_value ) candidate_delta_lists = delta_lists_by_issuer.get( crl_authority_name.hashable, [] ) delta_certificate_list_cont = _find_matching_delta_crl( delta_lists=candidate_delta_lists, crl_authority_name=crl_authority_name, crl_idp=crl_idp, parent_crl_aki=certificate_list.authority_key_identifier, ) if not delta_certificate_list_cont: return None delta_certificate_list = delta_certificate_list_cont.crl_data if not _verify_no_unknown_critical_extensions( delta_certificate_list_cont, errs, is_delta=True ): return None # Step h try: _verify_crl_signature(delta_certificate_list, crl_issuer.public_key) except CRLValidationError: errs.append( 'Delta CRL signature could not be verified', delta_certificate_list_cont, ) return None if policy and timing_params: if _check_crl_freshness( delta_certificate_list_cont, policy, timing_params, errs, is_delta=True, ): return delta_certificate_list_cont return None def _verify_no_unknown_critical_extensions( certificate_list_cont: CRLContainer, errs: _CRLErrs, is_delta: bool ): extensions = certificate_list_cont.crl_data.critical_extensions if extensions - KNOWN_CRL_EXTENSIONS: errs.append( f'One or more unrecognized critical extensions are present in ' f'the {"delta CRL" if is_delta else "CRL"}', certificate_list_cont, ) return False return True def _get_crl_scope_assuming_authority( crl_issuer: x509.Certificate, cert: Union[x509.Certificate, cms.AttributeCertificateV2], certificate_list_cont: CRLContainer, is_indirect: bool, errs: _CRLErrs, ) -> Optional[Set[str]]: certificate_list = certificate_list_cont.crl_data crl_idp: crl.IssuingDistributionPoint = ( certificate_list.issuing_distribution_point_value ) is_pkc = isinstance(cert, x509.Certificate) # Step b 1 has_dp_crl_issuer = False dp_match = False if is_pkc: crl_dps = cert.crl_distribution_points_value else: crl_dps = get_ac_extension_value(cert, 'crl_distribution_points') if crl_dps: crl_issuer_general_name = x509.GeneralName( name='directory_name', value=crl_issuer.subject ) for dp in crl_dps: if dp['crl_issuer']: has_dp_crl_issuer = True if crl_issuer_general_name in dp['crl_issuer']: dp_match = True crl_authority_name = crl_issuer.subject cert_issuer_name = get_issuer_dn(cert) same_issuer = crl_authority_name == cert_issuer_name indirect_match = has_dp_crl_issuer and dp_match and is_indirect missing_idp = has_dp_crl_issuer and (not dp_match or not is_indirect) indirect_crl_issuer = crl_issuer.issuer == cert_issuer_name if ( not same_issuer and not indirect_match and not indirect_crl_issuer ) or missing_idp: errs.issuer_failures += 1 return None # Step b 2 if crl_idp is not None: if is_pkc: crl_idp_match = _handle_crl_idp_ext_constraints( cert=cert, certificate_list=certificate_list, crl_issuer=crl_issuer, crl_idp=crl_idp, crl_authority_name=crl_authority_name, errs=errs, ) else: crl_idp_match = _handle_attr_cert_crl_idp_ext_constraints( crl_dps=crl_dps, certificate_list=certificate_list, crl_issuer=crl_issuer, crl_idp=crl_idp, crl_authority_name=crl_authority_name, errs=errs, ) # error reporting is taken care of in the delegated method if not crl_idp_match: return None # Step d idp_reasons = None if crl_idp and crl_idp['only_some_reasons'].native is not None: idp_reasons = crl_idp['only_some_reasons'].native reason_keys = None if idp_reasons: reason_keys = idp_reasons if reason_keys is None: interim_reasons = VALID_REVOCATION_REASONS.copy() else: interim_reasons = reason_keys # Step e # We don't skip a CRL if it only contains reasons already checked since # a certificate issuer can self-issue a new cert that is used for CRLs if not _verify_no_unknown_critical_extensions( certificate_list_cont, errs, is_delta=False ): return None return interim_reasons def _check_cert_on_crl_and_delta( crl_issuer: x509.Certificate, cert: Union[x509.Certificate, cms.AttributeCertificateV2], certificate_list_cont: CRLContainer, delta_certificate_list_cont: Optional[CRLContainer], errs: _CRLErrs, ): certificate_list = certificate_list_cont.crl_data # Step i revoked_reason = None revoked_date = None cert_issuer_name = get_issuer_dn(cert) if delta_certificate_list_cont: delta_certificate_list = delta_certificate_list_cont.crl_data try: revoked_date, revoked_reason = find_cert_in_list( cert, cert_issuer_name, delta_certificate_list, crl_issuer.subject, ) except NotImplementedError: errs.append( 'One or more unrecognized critical extensions are present in ' 'the CRL entry for the certificate', delta_certificate_list_cont, ) raise # Step j if revoked_reason is None: try: revoked_date, revoked_reason = find_cert_in_list( cert, cert_issuer_name, certificate_list, crl_issuer.subject ) except NotImplementedError: errs.append( 'One or more unrecognized critical extensions are present in ' 'the CRL entry for the certificate', certificate_list_cont, ) raise # Step k if revoked_reason and revoked_reason.native == 'remove_from_crl': revoked_reason = None revoked_date = None return revoked_date, revoked_reason async def _classify_relevant_crls( revinfo_manager: RevinfoManager, cert: x509.Certificate, errs: _CRLErrs, control_time: Optional[datetime] = None, ): # NOTE: the control_time parameter is only used in the time sliding # algorithm code path for AdES validation certificate_lists = await revinfo_manager.async_retrieve_crls(cert) poe_manager = revinfo_manager.poe_manager complete_lists_by_issuer = defaultdict(list) delta_lists_by_issuer = defaultdict(list) for certificate_list_cont in certificate_lists: certificate_list = certificate_list_cont.crl_data if control_time is not None: issued = certificate_list_cont.issuance_date if ( issued is None or issued > control_time or poe_manager[certificate_list_cont] > control_time ): # We don't care about stuff issued after control_time # or without the right POE continue try: issuer_hashable = certificate_list.issuer.hashable if certificate_list.delta_crl_indicator_value is None: complete_lists_by_issuer[issuer_hashable].append( certificate_list_cont ) else: delta_lists_by_issuer[issuer_hashable].append( certificate_list_cont ) except ValueError as e: msg = "Generic processing error while classifying CRL." logging.debug(msg, exc_info=e) errs.append(msg, certificate_list) return complete_lists_by_issuer, delta_lists_by_issuer def _process_crl_completeness( checked_reasons: Set[str], total_crls: int, errs: _CRLErrs, proc_state: ValProcState, ): # CRLs should not include this value, but at least one of the examples # from the NIST test suite does checked_reasons -= {'unused'} if checked_reasons != VALID_REVOCATION_REASONS: if total_crls == errs.issuer_failures: return CRLNoMatchesError( f"No CRLs were issued by the issuer of " f"{proc_state.describe_cert()}, or any indirect CRL " "issuer" ) if not errs.failures: errs.append( 'The available CRLs do not cover all revocation reasons', None ) return CRLValidationIndeterminateError( f"Unable to determine if {proc_state.describe_cert()} " f"is revoked due to insufficient information from known CRLs", failures=errs.failures, suspect_stale=( errs.stale_last_usable_at if errs.freshness_failures_only else None ), ) async def verify_crl( cert: Union[x509.Certificate, cms.AttributeCertificateV2], path: ValidationPath, validation_context: ValidationContext, use_deltas=True, proc_state: Optional[ValProcState] = None, ): """ Verifies a certificate against a list of CRLs, checking to make sure the certificate has not been revoked. Uses the algorithm from https://tools.ietf.org/html/rfc5280#section-6.3 as a basis, but the implementation differs to allow CRLs from unrecorded locations. :param cert: An asn1crypto.x509.Certificate or asn1crypto.cms.AttributeCertificateV2 object to check for in the CRLs :param path: A pyhanko_certvalidator.path.ValidationPath object of the cert's validation path, or in the case of an AC, the AA's validation path. :param validation_context: A pyhanko_certvalidator.context.ValidationContext object to use for caching validation information :param use_deltas: A boolean indicating if delta CRLs should be used :param proc_state: Internal state for error reporting and policy application decisions. :raises: pyhanko_certvalidator.errors.CRLNoMatchesError - when none of the CRLs match the certificate pyhanko_certvalidator.errors.CRLValidationError - when any error occurs trying to verify the CertificateList pyhanko_certvalidator.errors.RevokedError - when the CRL indicates the certificate has been revoked """ is_pkc = isinstance(cert, x509.Certificate) proc_state = proc_state or ValProcState( cert_path_stack=ConsList.sing(path), ee_name_override="attribute certificate" if not is_pkc else None, ) revinfo_manager = validation_context.revinfo_manager errs = _CRLErrs() ( complete_lists_by_issuer, delta_lists_by_issuer, ) = await _classify_relevant_crls(revinfo_manager, cert, errs) try: cert_issuer_auth = path.find_issuing_authority(cert) except LookupError: raise CRLNoMatchesError( f"Could not determine issuer certificate for " f"{proc_state.describe_cert()} in path." ) # In the main loop, only complete CRLs are processed, so delta CRLs are # weeded out of the to-do list crls_to_process = [] for issuer_crls in complete_lists_by_issuer.values(): crls_to_process.extend(issuer_crls) total_crls = len(crls_to_process) checked_reasons = set() for certificate_list_cont in crls_to_process: try: interim_reasons = await _handle_single_crl( cert=cert, cert_issuer_auth=cert_issuer_auth, certificate_list_cont=certificate_list_cont, path=path, validation_context=validation_context, delta_lists_by_issuer=delta_lists_by_issuer, use_deltas=use_deltas, errs=errs, proc_state=proc_state, ) if interim_reasons is not None: # Step l checked_reasons |= interim_reasons except ValueError as e: msg = "Generic processing error while validating CRL." logging.debug(msg, exc_info=e) errs.append(msg, certificate_list_cont) exc = _process_crl_completeness( checked_reasons, total_crls, errs, proc_state ) if exc is not None: raise exc @dataclass(frozen=True) class ProvisionalCRLTrust: """ A provisional CRL path, together with an optional delta CRL that may be relevant. """ path: ValidationPath """ A provisional validation path for the CRL. Requires path validation. """ delta: Optional[CRLContainer] """ A delta CRL that may be relevant to the parent CRL for which the path was put together. """ @dataclass(frozen=True) class CRLOfInterest: """ A CRL of interest. """ crl: CRLContainer """ The CRL data, packaged in a revocation info container. """ prov_paths: List[ProvisionalCRLTrust] """ Candidate validation paths for the CRL, together with relevant delta CRLs, if appropriate. """ is_indirect: bool """ Boolean indicating whether the CRL is an indirect one. """ crl_authority_name: x509.Name """ Distinguished name for the authority for which the CRL controls revocation. """ @dataclass(frozen=True) class CRLCollectionResult: """ The result of a CRL collection operation for AdES point-in-time validation purposes. """ crls: List[CRLOfInterest] """ List of potentially relevant CRLs. """ failure_msgs: List[str] """ List of failure messages, for error reporting purposes. """ async def _assess_crl_relevance( cert: Union[x509.Certificate, cms.AttributeCertificateV2], cert_issuer_auth: Authority, certificate_list_cont: CRLContainer, path: ValidationPath, revinfo_manager: RevinfoManager, delta_lists_by_issuer: Dict[str, List[CRLContainer]], use_deltas: bool, errs: _CRLErrs, proc_state: ValProcState, ) -> Optional[CRLOfInterest]: certificate_list = certificate_list_cont.crl_data registry = revinfo_manager.certificate_registry try: is_indirect, crl_authority_name = _get_crl_authority_name( certificate_list_cont, cert_issuer_auth.name, certificate_registry=registry, errs=errs, ) except LookupError: # already logged by _get_crl_authority_name return None try: candidate_paths, _ = await _find_candidate_crl_paths( crl_authority_name, certificate_list, cert=cert, cert_issuer_auth=cert_issuer_auth, cert_path=path, certificate_registry=registry, is_indirect=is_indirect, proc_state=proc_state, ) except CRLNoMatchesError: # this no-match issue will be dealt with at a higher level later errs.issuer_failures += 1 return None except (CertificateFetchError, CRLValidationError) as e: errs.append(e.args[0], certificate_list) return None provisional_results = [] for cand_path in candidate_paths: putative_issuer = cand_path.last interim_reasons = _get_crl_scope_assuming_authority( crl_issuer=putative_issuer, cert=cert, certificate_list_cont=certificate_list_cont, is_indirect=is_indirect, errs=errs, ) if interim_reasons is None: continue if use_deltas: delta = _maybe_get_delta_crl( certificate_list=certificate_list, crl_issuer=putative_issuer, delta_lists_by_issuer=delta_lists_by_issuer, errs=errs, ) else: delta = None prov = ProvisionalCRLTrust(path=cand_path, delta=delta) provisional_results.append(prov) if not provisional_results: return None return CRLOfInterest( crl=certificate_list_cont, prov_paths=provisional_results, is_indirect=is_indirect, crl_authority_name=crl_authority_name, ) async def collect_relevant_crls_with_paths( cert: Union[x509.Certificate, cms.AttributeCertificateV2], path: ValidationPath, revinfo_manager: RevinfoManager, control_time: datetime, use_deltas=True, proc_state: Optional[ValProcState] = None, ) -> CRLCollectionResult: """ Collect potentially relevant CRLs with the associated validation paths. Will not perform actual path validation. :param cert: The certificate under scrutiny. :param path: The path currently being evaluated. :param revinfo_manager: The revocation info manager. :param control_time: The control time before which the validation info should have been issued. :param use_deltas: Whether to include delta CRLs. :param proc_state: The state of any prior validation process. :return: A :class:`.CRLCollectionResult`. """ proc_state = proc_state or ValProcState(cert_path_stack=ConsList.sing(path)) errs = _CRLErrs() classify_job = _classify_relevant_crls( revinfo_manager, cert, errs, control_time=control_time ) complete_lists_by_issuer, delta_lists_by_issuer = await classify_job # In the main loop, only complete CRLs are processed, so delta CRLs are # weeded out of the to-do list crls_to_process = [] for issuer_crls in complete_lists_by_issuer.values(): crls_to_process.extend(issuer_crls) try: cert_issuer_auth = path.find_issuing_authority(cert) except LookupError: raise CRLNoMatchesError( f"Could not determine issuer certificate for " f"{proc_state.describe_cert()} in path." ) relevant_crls = [] for certificate_list_cont in crls_to_process: try: result = await _assess_crl_relevance( cert=cert, cert_issuer_auth=cert_issuer_auth, certificate_list_cont=certificate_list_cont, path=path, delta_lists_by_issuer=delta_lists_by_issuer, use_deltas=use_deltas, revinfo_manager=revinfo_manager, errs=errs, proc_state=proc_state, ) if result is not None: relevant_crls.append(result) except ValueError as e: msg = "Generic processing error while validating CRL." logging.debug(msg, exc_info=e) errs.append(msg, certificate_list_cont) return CRLCollectionResult( crls=relevant_crls, failure_msgs=[f[0] for f in errs.failures], ) def _verify_crl_signature(certificate_list, public_key): """ Verifies the digital signature on an asn1crypto.crl.CertificateList object :param certificate_list: An asn1crypto.crl.CertificateList object :raises: pyhanko_certvalidator.errors.CRLValidationError - when the signature is invalid or uses an unsupported algorithm """ signature_algo = certificate_list['signature_algorithm'].signature_algo hash_algo = certificate_list['signature_algorithm'].hash_algo try: validate_sig( signature=certificate_list['signature'].native, signed_data=certificate_list['tbs_cert_list'].dump(), public_key_info=public_key, sig_algo=signature_algo, hash_algo=hash_algo, parameters=certificate_list['signature_algorithm']['parameters'], ) except PSSParameterMismatch as e: raise CRLValidationError( 'Invalid signature parameters on CertificateList' ) from e except InvalidSignature: raise CRLValidationError( 'Unable to verify the signature of the CertificateList' ) def find_cert_in_list( cert: Union[x509.Certificate, cms.AttributeCertificateV2], cert_issuer_name: x509.Name, certificate_list: crl.CertificateList, crl_authority_name: x509.Name, ): """ Looks for a cert in the list of revoked certificates :param cert: An asn1crypto.x509.Certificate object of the cert being checked, or an asn1crypto.cms.AttributeCertificateV2 object in the case of an attribute certificate. :param cert_issuer_name: The certificate issuer's distinguished name :param certificate_list: An ans1crypto.crl.CertificateList object to look in for the cert :param crl_authority_name: The distinguished name of the default authority for which the CRL issues certificates. :return: A tuple of (None, None) if not present, otherwise a tuple of (asn1crypto.x509.Time object, asn1crypto.crl.CRLReason object) representing the date/time the object was revoked and why """ revoked_certificates = certificate_list['tbs_cert_list'][ 'revoked_certificates' ] if isinstance(cert, x509.Certificate): cert_serial = cert.serial_number else: cert_serial = cert['ac_info']['serial_number'].native last_issuer_name = crl_authority_name for revoked_cert in revoked_certificates: # If any unknown critical extensions, the entry can not be used if revoked_cert.critical_extensions - KNOWN_CRL_ENTRY_EXTENSIONS: raise NotImplementedError() if ( revoked_cert.issuer_name and revoked_cert.issuer_name != last_issuer_name ): last_issuer_name = revoked_cert.issuer_name if last_issuer_name != cert_issuer_name: continue if revoked_cert['user_certificate'].native != cert_serial: continue if not revoked_cert.crl_reason_value: crl_reason = crl.CRLReason('unspecified') else: crl_reason = revoked_cert.crl_reason_value return revoked_cert['revocation_date'].native, crl_reason return None, None certvalidator-0.26.3/pyhanko_certvalidator/revinfo/validate_ocsp.py000066400000000000000000000546061453642760600257300ustar00rootroot00000000000000import logging from dataclasses import dataclass from datetime import datetime from typing import List, Optional, Union from asn1crypto import cms, crl, x509 from asn1crypto.crl import CRLReason from asn1crypto.keys import PublicKeyInfo from cryptography.exceptions import InvalidSignature from pyhanko_certvalidator._state import ValProcState from pyhanko_certvalidator.authority import ( Authority, AuthorityWithCert, TrustAnchor, ) from pyhanko_certvalidator.context import ValidationContext from pyhanko_certvalidator.errors import ( OCSPNoMatchesError, OCSPValidationError, OCSPValidationIndeterminateError, PathValidationError, PSSParameterMismatch, RevokedError, ) from pyhanko_certvalidator.path import ValidationPath from pyhanko_certvalidator.policy_decl import ( CertRevTrustPolicy, RevocationCheckingPolicy, RevocationCheckingRule, ) from pyhanko_certvalidator.registry import ( CertificateCollection, LayeredCertificateStore, SimpleCertificateStore, ) from pyhanko_certvalidator.revinfo._err_gather import Errors from pyhanko_certvalidator.revinfo.archival import ( OCSPContainer, RevinfoUsabilityRating, ) from pyhanko_certvalidator.revinfo.manager import RevinfoManager from pyhanko_certvalidator.util import ( ConsList, extract_ac_issuer_dir_name, validate_sig, ) OCSP_PROVENANCE_ERR = ( "Unable to verify OCSP response since response signing " "certificate could not be validated" ) def _delegated_ocsp_response_path( responder_cert: x509.Certificate, issuer: Authority, ee_path: ValidationPath ): if isinstance(issuer, AuthorityWithCert): responder_chain = ee_path.truncate_to_and_append( issuer.certificate, responder_cert ) else: responder_chain = ValidationPath( trust_anchor=TrustAnchor(issuer), interm=[], leaf=responder_cert ) return responder_chain async def _validate_delegated_ocsp_provenance( responder_cert: x509.Certificate, issuer: Authority, validation_context: ValidationContext, ee_path: ValidationPath, proc_state: ValProcState, ): if proc_state.check_path_verif_recursion(responder_cert): # we permit this for CRLs for historical reasons, but there's no # sane reason why this would make sense for OCSP responders, so # throw an error raise PathValidationError.from_state( "Recursion detected in OCSP responder authorisation check for " "responder certificate %s." % responder_cert.subject.human_friendly, proc_state, ) from pyhanko_certvalidator.validate import intl_validate_path # OCSP responder certs must be issued directly by the CA on behalf of # which they act. # Moreover, RFC 6960 says that we don't have to accept OCSP responses signed # with a different key than the one used to sign subscriber certificates. ocsp_ee_name_override = ( proc_state.describe_cert(never_def=True) + ' OCSP responder' ) if responder_cert.ocsp_no_check_value is not None: # we don't have to check the revocation of the OCSP responder, # so do a simplified check revinfo_policy = CertRevTrustPolicy( revocation_checking_policy=RevocationCheckingPolicy( ee_certificate_rule=RevocationCheckingRule.NO_CHECK, # this one should never trigger intermediate_ca_cert_rule=RevocationCheckingRule.NO_CHECK, ) ) vc = ValidationContext( trust_roots=[TrustAnchor(issuer)], allow_fetching=False, revinfo_policy=revinfo_policy, moment=validation_context.moment, algorithm_usage_policy=validation_context.algorithm_policy, time_tolerance=validation_context.time_tolerance, ) ocsp_trunc_path = ValidationPath( trust_anchor=TrustAnchor(issuer), interm=[], leaf=responder_cert ) ocsp_trunc_proc_state = ValProcState( cert_path_stack=proc_state.cert_path_stack.cons(ocsp_trunc_path), ee_name_override=ocsp_ee_name_override, ) try: # verify the truncated path await intl_validate_path( vc, path=ocsp_trunc_path, proc_state=ocsp_trunc_proc_state ) except PathValidationError as e: raise OCSPValidationError(OCSP_PROVENANCE_ERR) from e # record validation in the original VC # TODO maybe have an (issuer, [verified_responder]) cache? # caching OCSP responder validation results with everything else is # probably somewhat incorrect responder_chain = _delegated_ocsp_response_path( responder_cert, issuer, ee_path ) validation_context.record_validation(responder_cert, responder_chain) else: responder_chain = _delegated_ocsp_response_path( responder_cert, issuer, ee_path ) ocsp_proc_state = ValProcState( cert_path_stack=proc_state.cert_path_stack.cons(responder_chain), ee_name_override=ocsp_ee_name_override, ) try: await intl_validate_path( validation_context, path=responder_chain, proc_state=ocsp_proc_state, ) except PathValidationError as e: raise OCSPValidationError(OCSP_PROVENANCE_ERR) from e def _ocsp_allowed(responder_cert: x509.Certificate): extended_key_usage = responder_cert.extended_key_usage_value return ( extended_key_usage is not None and 'ocsp_signing' in extended_key_usage.native ) @dataclass class _OCSPErrs(Errors): mismatch_failures: int = 0 def _match_ocsp_certid( cert: Union[x509.Certificate, cms.AttributeCertificateV2], issuer: Authority, ocsp_response: OCSPContainer, errs: _OCSPErrs, ) -> bool: cert_response = ocsp_response.extract_single_response() if cert_response is None: errs.mismatch_failures += 1 return False response_cert_id = cert_response['cert_id'] issuer_hash_algo = response_cert_id['hash_algorithm']['algorithm'].native is_pkc = isinstance(cert, x509.Certificate) if is_pkc: cert_issuer_name_hash = getattr(cert.issuer, issuer_hash_algo) cert_serial_number = cert.serial_number else: iss_name = extract_ac_issuer_dir_name(cert) cert_issuer_name_hash = getattr(iss_name, issuer_hash_algo) cert_serial_number = cert['ac_info']['serial_number'].native cert_issuer_key_hash = getattr(issuer.public_key, issuer_hash_algo) key_hash_mismatch = ( response_cert_id['issuer_key_hash'].native != cert_issuer_key_hash ) name_mismatch = ( response_cert_id['issuer_name_hash'].native != cert_issuer_name_hash ) serial_mismatch = ( response_cert_id['serial_number'].native != cert_serial_number ) if (name_mismatch or serial_mismatch) and key_hash_mismatch: errs.mismatch_failures += 1 return False if name_mismatch: errs.append( 'OCSP response issuer name hash does not match', ocsp_response ) return False if serial_mismatch: errs.append( 'OCSP response certificate serial number does not match', ocsp_response, ) return False if key_hash_mismatch: errs.append( 'OCSP response issuer key hash does not match', ocsp_response ) return False return True def _identify_responder_cert( ocsp_response: OCSPContainer, cert_store: CertificateCollection, errs: _OCSPErrs, ) -> Optional[x509.Certificate]: # To verify the response as legitimate, the responder cert must be located # prioritise the certificates included with the response, if there # are any response = ocsp_response.extract_basic_ocsp_response() # should be ensured by successful extraction earlier assert response is not None if response['certs']: cert_store = LayeredCertificateStore( [SimpleCertificateStore.from_certs(response['certs']), cert_store] ) tbs_response = response['tbs_response_data'] if tbs_response['responder_id'].name == 'by_key': key_identifier = tbs_response['responder_id'].native responder_cert = cert_store.retrieve_by_key_identifier(key_identifier) else: candidate_responder_certs = cert_store.retrieve_by_name( tbs_response['responder_id'].chosen ) responder_cert = ( candidate_responder_certs[0] if candidate_responder_certs else None ) if not responder_cert: errs.append( "Unable to verify OCSP response since response signing " "certificate could not be located", ocsp_response, ) return responder_cert def _precheck_ocsp_responder_auth( responder_cert: x509.Certificate, issuer: Authority, is_pkc: bool ) -> Optional[bool]: """ This function checks OCSP conditions that don't require path validation to pass. If ``None`` is returned, path validation is necessary to proceed. """ # If the cert signing the OCSP response is not the issuer, it must be # issued by the cert issuer and be valid for OCSP responses. # We currently do _not_ allow naked trust anchor keys to be used in OCSP # validation (but that may change in the future). This decision is based on # a conservative reading of RFC 6960. # First, check whether the certs are the same. if ( isinstance(issuer, AuthorityWithCert) and issuer.certificate.issuer_serial == responder_cert.issuer_serial ): issuer_cert = issuer.certificate # let's check whether the certs are actually the same # (by comparing the signatures as a proxy) # -> literal interpretation of 4.2.2.2 in RFC 6960 issuer_sig = bytes(issuer_cert['signature_value']) responder_sig = bytes(responder_cert['signature_value']) return issuer_sig == responder_sig # If OCSP is being delegated # check whether the relevant OCSP-related extensions are present. # Also, explicitly disallow delegation for attribute authorities # since they cannot act as CAs and hence can't issue responder certificates. # This would otherwise be detected during path validation or while checking # the basicConstraints on the AA certificate, but this is more explicit. elif not _ocsp_allowed(responder_cert) or not is_pkc: return False return None async def _check_ocsp_authorisation( responder_cert: x509.Certificate, issuer: Authority, cert_path: ValidationPath, ocsp_response: OCSPContainer, validation_context: ValidationContext, is_pkc: bool, errs: _OCSPErrs, proc_state: ValProcState, ) -> bool: simple_check = _precheck_ocsp_responder_auth(responder_cert, issuer, is_pkc) # we can take an early out in this case if simple_check is not None: auth_ok = simple_check else: try: await _validate_delegated_ocsp_provenance( responder_cert=responder_cert, issuer=issuer, validation_context=validation_context, ee_path=cert_path, proc_state=proc_state, ) auth_ok = True except OCSPValidationError as e: errs.append(e.args[0], ocsp_response) auth_ok = False if not auth_ok: errs.append( 'Unable to verify OCSP response since response was ' 'signed by an unauthorized certificate', ocsp_response, ) return auth_ok def _check_ocsp_status( ocsp_response: OCSPContainer, proc_state: ValProcState, control_time: Optional[datetime], ) -> bool: cert_response = ocsp_response.extract_single_response() if cert_response is None: return False # Finally check to see if the certificate has been revoked status = cert_response['cert_status'].name if status == 'good': return True if status == 'revoked': revocation_info = cert_response['cert_status'].chosen reason: CRLReason = revocation_info['revocation_reason'] if reason.native is None: reason = crl.CRLReason('unspecified') revocation_dt: datetime = revocation_info['revocation_time'].native if control_time is None or revocation_dt <= control_time: raise RevokedError.format( reason=reason, revocation_dt=revocation_dt, revinfo_type='OCSP response', proc_state=proc_state, ) return False def _verify_ocsp_signature( responder_key: PublicKeyInfo, ocsp_response: OCSPContainer, errs: _OCSPErrs ) -> bool: response = ocsp_response.extract_basic_ocsp_response() if response is None: return False # Determine what algorithm was used to sign the response signature_algo = response['signature_algorithm'].signature_algo hash_algo = response['signature_algorithm'].hash_algo # Verify that the response was properly signed by the validated certificate tbs_response = response['tbs_response_data'] try: validate_sig( signature=response['signature'].native, signed_data=tbs_response.dump(), public_key_info=responder_key, sig_algo=signature_algo, hash_algo=hash_algo, parameters=response['signature_algorithm']['parameters'], ) return True except PSSParameterMismatch: errs.append( 'The signature parameters on the OCSP response do not match ' 'the constraints on the public key', ocsp_response, ) except InvalidSignature: errs.append('Unable to verify OCSP response signature', ocsp_response) return False def _assess_ocsp_relevance( cert: Union[x509.Certificate, cms.AttributeCertificateV2], issuer: Authority, ocsp_response: OCSPContainer, cert_store: CertificateCollection, errs: _OCSPErrs, ) -> Optional[x509.Certificate]: matched = _match_ocsp_certid( cert, issuer=issuer, ocsp_response=ocsp_response, errs=errs ) if not matched: return None responder_cert = _identify_responder_cert( ocsp_response, cert_store=cert_store, errs=errs ) if not responder_cert: return None signature_ok = _verify_ocsp_signature( responder_key=responder_cert.public_key, ocsp_response=ocsp_response, errs=errs, ) if not signature_ok: return None return responder_cert async def _handle_single_ocsp_resp( cert: Union[x509.Certificate, cms.AttributeCertificateV2], issuer: Authority, path: ValidationPath, ocsp_response: OCSPContainer, validation_context: ValidationContext, errs: _OCSPErrs, proc_state: ValProcState, ) -> bool: responder_cert = _assess_ocsp_relevance( cert=cert, issuer=issuer, ocsp_response=ocsp_response, cert_store=validation_context.certificate_registry, errs=errs, ) if responder_cert is None: return False freshness_result = ocsp_response.usable_at( policy=validation_context.revinfo_policy, timing_params=validation_context.timing_params, ) rating = freshness_result.rating if rating != RevinfoUsabilityRating.OK: if rating == RevinfoUsabilityRating.STALE: msg = 'OCSP response is not recent enough' errs.update_stale(freshness_result.last_usable_at) elif rating == RevinfoUsabilityRating.TOO_NEW: msg = 'OCSP response is too recent' else: msg = 'OCSP response freshness could not be established' errs.append(msg, ocsp_response, is_freshness_failure=True) return False # check whether the responder cert is authorised authorised = await _check_ocsp_authorisation( responder_cert, issuer=issuer, cert_path=path, ocsp_response=ocsp_response, validation_context=validation_context, is_pkc=isinstance(cert, x509.Certificate), errs=errs, proc_state=proc_state, ) if not authorised: return False timing = validation_context.timing_params control_time = ( timing.validation_time if timing.point_in_time_validation else None ) return _check_ocsp_status(ocsp_response, proc_state, control_time) async def verify_ocsp_response( cert: Union[x509.Certificate, cms.AttributeCertificateV2], path: ValidationPath, validation_context: ValidationContext, proc_state: Optional[ValProcState] = None, ): """ Verifies an OCSP response, checking to make sure the certificate has not been revoked. Fulfills the requirements of https://tools.ietf.org/html/rfc6960#section-3.2. :param cert: An asn1cyrpto.x509.Certificate object or an asn1crypto.cms.AttributeCertificateV2 object to verify the OCSP response for :param path: A pyhanko_certvalidator.path.ValidationPath object of the cert's validation path, or in the case of an AC, the AA's validation path. :param validation_context: A pyhanko_certvalidator.context.ValidationContext object to use for caching validation information :param proc_state: Internal state for error reporting and policy application decisions. :raises: pyhanko_certvalidator.errors.OCSPNoMatchesError - when none of the OCSP responses match the certificate pyhanko_certvalidator.errors.OCSPValidationIndeterminateError - when the OCSP response could not be verified pyhanko_certvalidator.errors.RevokedError - when the OCSP response indicates the certificate has been revoked """ proc_state = proc_state or ValProcState(cert_path_stack=ConsList.sing(path)) cert_description = proc_state.describe_cert() try: cert_issuer = path.find_issuing_authority(cert) except LookupError: raise OCSPNoMatchesError( 'Could not determine issuer certificate for %s in path.', proc_state.describe_cert(), ) errs = _OCSPErrs() ocsp_responses = ( await validation_context.revinfo_manager.async_retrieve_ocsps( cert, cert_issuer ) ) for ocsp_response in ocsp_responses: try: ocsp_good = await _handle_single_ocsp_resp( cert=cert, issuer=cert_issuer, path=path, ocsp_response=ocsp_response, validation_context=validation_context, errs=errs, proc_state=proc_state, ) if ocsp_good: return except ValueError as e: msg = "Generic processing error while validating OCSP response." logging.debug(msg, exc_info=e) errs.append(msg, ocsp_response) if errs.mismatch_failures == len(ocsp_responses): raise OCSPNoMatchesError( f"No OCSP responses were issued for {cert_description}." ) raise OCSPValidationIndeterminateError( f"Unable to determine if {cert_description} " f"is revoked due to insufficient information from OCSP responses.", failures=errs.failures, suspect_stale=( errs.stale_last_usable_at if errs.freshness_failures_only else None ), ) @dataclass(frozen=True) class OCSPResponseOfInterest: ocsp_response: OCSPContainer prov_path: ValidationPath @dataclass(frozen=True) class OCSPCollectionResult: """ The result of an OCSP collection operation for AdES point-in-time validation purposes. """ responses: List[OCSPResponseOfInterest] """ List of potentially relevant OCSP responses. """ failure_msgs: List[str] """ List of failure messages, for error reporting purposes. """ async def collect_relevant_responses_with_paths( cert: Union[x509.Certificate, cms.AttributeCertificateV2], path: ValidationPath, revinfo_manager: RevinfoManager, control_time: datetime, proc_state: Optional[ValProcState] = None, ) -> OCSPCollectionResult: """ Collect potentially relevant OCSP responses with the associated validation paths. Will not perform actual path validation. :param cert: The certificate under scrutiny. :param path: The path currently being evaluated. :param revinfo_manager: The revocation info manager. :param control_time: The control time before which the validation info should have been issued. :param proc_state: The state of any prior validation process. :return: A :class:`.OCSPCollectionResult`. """ proc_state = proc_state or ValProcState(cert_path_stack=ConsList.sing(path)) try: cert_issuer_auth = path.find_issuing_authority(cert) except LookupError: raise OCSPNoMatchesError( f"Could not determine issuer certificate " f"for {proc_state.describe_cert()} in path." ) relevant = [] ocsp_responses = await revinfo_manager.async_retrieve_ocsps( cert, cert_issuer_auth ) poe_manager = revinfo_manager.poe_manager errs = _OCSPErrs() for ocsp_response_cont in ocsp_responses: issued = ocsp_response_cont.issuance_date if ( issued is None or issued > control_time or poe_manager[ocsp_response_cont] > control_time ): # We don't care about responses issued after control_time continue try: responder_cert = _assess_ocsp_relevance( cert=cert, issuer=cert_issuer_auth, ocsp_response=ocsp_response_cont, cert_store=revinfo_manager.certificate_registry, errs=errs, ) if responder_cert is None: continue path = _delegated_ocsp_response_path( responder_cert, cert_issuer_auth, ee_path=path ) result = OCSPResponseOfInterest( ocsp_response=ocsp_response_cont, prov_path=path ) relevant.append(result) except ValueError as e: msg = "Generic processing error while validating OCSP response." logging.debug(msg, exc_info=e) errs.append(msg, ocsp_response_cont) return OCSPCollectionResult( responses=relevant, failure_msgs=[f[0] for f in errs.failures], ) certvalidator-0.26.3/pyhanko_certvalidator/util.py000066400000000000000000000241531453642760600224120ustar00rootroot00000000000000from __future__ import annotations import abc from dataclasses import dataclass from typing import AsyncIterator, Generic, List, Optional, TypeVar, Union from asn1crypto import algos, cms, core, x509 from asn1crypto.keys import PublicKeyInfo from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ( dsa, ec, ed448, ed25519, padding, rsa, ) def extract_dir_name( names: x509.GeneralNames, err_msg_prefix: str ) -> x509.Name: try: name: x509.Name = next( gname.chosen for gname in names if gname.name == 'directory_name' ) except StopIteration: raise NotImplementedError( f"{err_msg_prefix}; only distinguished names are supported, " f"and none were found." ) return name.untag() def extract_ac_issuer_dir_name( attr_cert: cms.AttributeCertificateV2, ) -> x509.Name: issuer_rec = attr_cert['ac_info']['issuer'] if issuer_rec.name == 'v1_form': aa_names = issuer_rec.chosen else: issuerv2: cms.V2Form = issuer_rec.chosen if not isinstance(issuerv2['issuer_name'], core.Void): aa_names = issuerv2['issuer_name'] else: aa_names = x509.GeneralNames([]) return extract_dir_name(aa_names, "Could not extract AC issuer name") def get_issuer_dn( cert: Union[x509.Certificate, cms.AttributeCertificateV2] ) -> x509.Name: if isinstance(cert, x509.Certificate): return cert.issuer else: return extract_ac_issuer_dir_name(cert) def issuer_serial( cert: Union[x509.Certificate, cms.AttributeCertificateV2] ) -> bytes: if isinstance(cert, x509.Certificate): return cert.issuer_serial else: issuer_name = extract_ac_issuer_dir_name(cert) result_bytes = b'%s:%d' % ( issuer_name.sha256, cert['ac_info']['serial_number'].native, ) return result_bytes def get_ac_extension_value( attr_cert: cms.AttributeCertificateV2, ext_name: str ): try: return next( ext['extn_value'].parsed for ext in attr_cert['ac_info']['extensions'] if ext['extn_id'].native == ext_name ) except StopIteration: return None def _get_absolute_http_crls(dps: Optional[x509.CRLDistributionPoints]): # see x509._get_http_crl_distribution_points if dps is None: return for distribution_point in dps: distribution_point_name = distribution_point['distribution_point'] if isinstance(distribution_point_name, core.Void): continue # RFC 5280 indicates conforming CA should not use the relative form if distribution_point_name.name == 'name_relative_to_crl_issuer': continue # This library is currently only concerned with HTTP-based CRLs for general_name in distribution_point_name.chosen: if general_name.name == 'uniform_resource_identifier': yield distribution_point def _get_ac_crl_dps( attr_cert: cms.AttributeCertificateV2, ) -> List[x509.DistributionPoint]: dps_ext = get_ac_extension_value(attr_cert, 'crl_distribution_points') return list(_get_absolute_http_crls(dps_ext)) def _get_ac_delta_crl_dps( attr_cert: cms.AttributeCertificateV2, ) -> List[x509.DistributionPoint]: delta_dps_ext = get_ac_extension_value(attr_cert, 'freshest_crl') return list(_get_absolute_http_crls(delta_dps_ext)) def get_relevant_crl_dps( cert: Union[x509.Certificate, cms.AttributeCertificateV2], *, use_deltas ) -> List[x509.DistributionPoint]: is_pkc = isinstance(cert, x509.Certificate) if is_pkc: # FIXME: This utility property in asn1crypto is not precise enough. # More to the point, URLs attached to the same distribution point # are considered interchangeable, but URLs belonging to different # distribution points very much aren't---different distribution points # can differ in what reason codes they record, etc. # For the time being, we'll assume that people who care about that sort # of nuance will run in 'require' mode, in which case the validator # should complain if the available CRLs don't cover all reason codes. sources = list(cert.crl_distribution_points) else: sources = _get_ac_crl_dps(cert) if use_deltas: if is_pkc: sources.extend(cert.delta_crl_distribution_points) else: sources.extend(_get_ac_delta_crl_dps(cert)) return sources def _get_http_ocsp_urls(aia_ext): if aia_ext is None: return for entry in aia_ext: # compare x509.Certificate.ocsp_urls if entry['access_method'].native == 'ocsp': location = entry['access_location'] if location.name != 'uniform_resource_identifier': continue url = location.native if url.lower().startswith( ( 'http://', 'https://', ) ): yield url def get_ocsp_urls(cert: Union[x509.Certificate, cms.AttributeCertificateV2]): if isinstance(cert, x509.Certificate): aia = cert.authority_information_access_value else: aia = get_ac_extension_value(cert, 'authority_information_access') return list(_get_http_ocsp_urls(aia)) def get_declared_revinfo( cert: Union[x509.Certificate, cms.AttributeCertificateV2] ): if isinstance(cert, x509.Certificate): aia = cert.authority_information_access_value crl_dps = cert.crl_distribution_points_value else: aia = get_ac_extension_value(cert, 'authority_information_access') crl_dps = get_ac_extension_value(cert, 'crl_distribution_points') has_crl = crl_dps is not None # check if the AIA contains any OCSP entries (and here we include all # entries, including those that we can't query) if aia is not None: has_ocsp = any(entry['access_method'].native == 'ocsp' for entry in aia) else: has_ocsp = False return has_crl, has_ocsp def validate_sig( signature: bytes, signed_data: bytes, public_key_info: PublicKeyInfo, sig_algo: str, hash_algo: str, parameters=None, ): from .errors import DSAParametersUnavailable, PSSParameterMismatch if ( sig_algo == 'dsa' and public_key_info['algorithm']['parameters'].native is None ): raise DSAParametersUnavailable( "DSA public key parameters were not provided." ) # pyca/cryptography can't load PSS-exclusive keys without some help: if public_key_info.algorithm == 'rsassa_pss': public_key_info = public_key_info.copy() assert isinstance(parameters, algos.RSASSAPSSParams) pss_key_params = public_key_info['algorithm']['parameters'].native if pss_key_params is not None and pss_key_params != parameters.native: raise PSSParameterMismatch( "Public key info includes PSS parameters that do not match " "those on the signature" ) # set key type to generic RSA, discard parameters public_key_info['algorithm'] = {'algorithm': 'rsa'} pub_key = serialization.load_der_public_key(public_key_info.dump()) if sig_algo == 'rsassa_pkcs1v15': assert isinstance(pub_key, rsa.RSAPublicKey) h = getattr(hashes, hash_algo.upper())() pub_key.verify(signature, signed_data, padding.PKCS1v15(), h) elif sig_algo == 'rsassa_pss': assert isinstance(pub_key, rsa.RSAPublicKey) assert isinstance(parameters, algos.RSASSAPSSParams) mga: algos.MaskGenAlgorithm = parameters['mask_gen_algorithm'] if not mga['algorithm'].native == 'mgf1': raise NotImplementedError("Only MFG1 is supported") mgf_md_name = mga['parameters']['algorithm'].native salt_len: int = parameters['salt_length'].native mgf_md = getattr(hashes, mgf_md_name.upper())() pss_padding = padding.PSS( mgf=padding.MGF1(algorithm=mgf_md), salt_length=salt_len ) hash_spec = getattr(hashes, hash_algo.upper())() pub_key.verify(signature, signed_data, pss_padding, hash_spec) elif sig_algo == 'dsa': assert isinstance(pub_key, dsa.DSAPublicKey) hash_spec = getattr(hashes, hash_algo.upper())() pub_key.verify(signature, signed_data, hash_spec) elif sig_algo == 'ecdsa': assert isinstance(pub_key, ec.EllipticCurvePublicKey) hash_spec = getattr(hashes, hash_algo.upper())() pub_key.verify(signature, signed_data, ec.ECDSA(hash_spec)) elif sig_algo == 'ed25519': assert isinstance(pub_key, ed25519.Ed25519PublicKey) pub_key.verify(signature, signed_data) elif sig_algo == 'ed448': assert isinstance(pub_key, ed448.Ed448PublicKey) pub_key.verify(signature, signed_data) else: # pragma: nocover raise NotImplementedError( f"Signature mechanism {sig_algo} is not supported." ) ListElem = TypeVar('ListElem') @dataclass(frozen=True) class ConsList(Generic[ListElem]): head: Optional[ListElem] tail: Optional[ConsList[ListElem]] = None @staticmethod def empty() -> ConsList[ListElem]: return ConsList(head=None) @staticmethod def sing(value: ListElem) -> ConsList[ListElem]: return ConsList(value, ConsList.empty()) def __iter__(self): cur = self while cur.head is not None: yield cur.head cur = cur.tail @property def last(self) -> Optional[ListElem]: cur = self result = None while cur.tail is not None: result = cur.head cur = cur.tail return result def cons(self, head: ListElem) -> ConsList[ListElem]: return ConsList(head, self) def __repr__(self): # pragma: nocover return f"ConsList({list(reversed(list(self)))})" def __bool__(self): return self.head is not None T = TypeVar('T') class CancelableAsyncIterator(abc.ABC, AsyncIterator[T]): async def cancel(self): raise NotImplementedError certvalidator-0.26.3/pyhanko_certvalidator/validate.py000066400000000000000000001565731453642760600232420ustar00rootroot00000000000000# coding: utf-8 import asyncio import datetime import logging from dataclasses import dataclass from typing import Dict, FrozenSet, Iterable, List, Optional, Set from asn1crypto import algos, cms, core, x509 from asn1crypto.x509 import Validity from cryptography.exceptions import InvalidSignature from ._state import ValProcState from .asn1_types import AAControls, Target from .authority import CertTrustAnchor, TrustAnchor from .context import ACTargetDescription, ValidationContext from .errors import ( CRLFetchError, CRLNoMatchesError, CRLValidationIndeterminateError, DisallowedAlgorithmError, ExpiredError, InsufficientRevinfoError, InvalidAttrCertificateError, InvalidCertificateError, NotYetValidError, OCSPFetchError, OCSPNoMatchesError, OCSPValidationError, OCSPValidationIndeterminateError, PathBuildingError, PathValidationError, PSSParameterMismatch, StaleRevinfoError, ValidationError, ) from .name_trees import ( ExcludedSubtrees, PermittedSubtrees, default_excluded_subtrees, default_permitted_subtrees, process_general_subtrees, ) from .path import QualifiedPolicy, ValidationPath from .policy_decl import ( AlgorithmUsagePolicy, PKIXValidationParams, RevocationCheckingRule, intersect_policy_sets, ) from .policy_tree import ( PolicyTreeNode, PolicyTreeRoot, apply_policy_mapping, enumerate_policy_mappings, prune_unacceptable_policies, update_policy_tree, ) from .registry import CertificateCollection from .revinfo.validate_crl import verify_crl from .revinfo.validate_ocsp import verify_ocsp_response from .util import ( ConsList, extract_dir_name, get_ac_extension_value, get_declared_revinfo, validate_sig, ) logger = logging.getLogger(__name__) def validate_path( validation_context, path, parameters: Optional[PKIXValidationParams] = None ): """ Validates the path using the algorithm from https://tools.ietf.org/html/rfc5280#section-6.1. Critical extensions on the end-entity certificate are not validated and are left up to the consuming application to process and/or fail on. .. note:: This is a synchronous equivalent of :func:`.async_validate_path` that calls the latter in a new event loop. As such, it can't be used from within asynchronous code. :param validation_context: A pyhanko_certvalidator.context.ValidationContext object to use for configuring validation behavior :param path: A pyhanko_certvalidator.path.ValidationPath object of the path to validate :param parameters: Additional input parameters to the PKIX validation algorithm. These are not used when validating CRLs and OCSP responses. :raises: pyhanko_certvalidator.errors.PathValidationError - when an error occurs validating the path pyhanko_certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked :return: The final certificate in the path - an instance of asn1crypto.x509.Certificate """ result = asyncio.run( async_validate_path(validation_context, path, parameters=parameters) ) return result async def async_validate_path( validation_context: ValidationContext, path: ValidationPath, parameters: Optional[PKIXValidationParams] = None, ): """ Validates the path using the algorithm from https://tools.ietf.org/html/rfc5280#section-6.1. Critical extensions on the end-entity certificate are not validated and are left up to the consuming application to process and/or fail on. :param validation_context: A pyhanko_certvalidator.context.ValidationContext object to use for configuring validation behavior :param path: A pyhanko_certvalidator.path.ValidationPath object of the path to validate :param parameters: Additional input parameters to the PKIX validation algorithm. These are not used when validating CRLs and OCSP responses. :raises: pyhanko_certvalidator.errors.PathValidationError - when an error occurs validating the path pyhanko_certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked :return: The final certificate in the path - an instance of asn1crypto.x509.Certificate """ proc_state = ValProcState(cert_path_stack=ConsList.sing(path)) return await intl_validate_path( validation_context, path, parameters=parameters, proc_state=proc_state ) def validate_tls_hostname( validation_context: ValidationContext, cert: x509.Certificate, hostname: str ): """ Validates the end-entity certificate from a pyhanko_certvalidator.path.ValidationPath object to ensure that the certificate is valid for the hostname provided and that the certificate is valid for the purpose of a TLS connection. THE CERTIFICATE PATH MUST BE VALIDATED SEPARATELY VIA validate_path()! :param validation_context: A pyhanko_certvalidator.context.ValidationContext object to use for configuring validation behavior :param cert: An asn1crypto.x509.Certificate object returned from validate_path() :param hostname: A unicode string of the TLS server hostname :raises: pyhanko_certvalidator.errors.InvalidCertificateError - when the certificate is not valid for TLS or the hostname """ if validation_context.is_whitelisted(cert): return if not cert.is_valid_domain_ip(hostname): raise InvalidCertificateError( f"The X.509 certificate provided is not valid for {hostname}. " f"Valid hostnames include: {', '.join(cert.valid_domains)}." ) bad_key_usage = ( cert.key_usage_value and 'digital_signature' not in cert.key_usage_value.native ) bad_ext_key_usage = ( cert.extended_key_usage_value and 'server_auth' not in cert.extended_key_usage_value.native ) if bad_key_usage or bad_ext_key_usage: raise InvalidCertificateError( "The X.509 certificate provided is not valid for securing TLS " "connections" ) def validate_usage( validation_context: ValidationContext, cert: x509.Certificate, key_usage: Set[str], extended_key_usage: Set[str], extended_optional: bool, ): """ Validates the end-entity certificate from a pyhanko_certvalidator.path.ValidationPath object to ensure that the certificate is valid for the key usage and extended key usage purposes specified. THE CERTIFICATE PATH MUST BE VALIDATED SEPARATELY VIA validate_path()! :param validation_context: A pyhanko_certvalidator.context.ValidationContext object to use for configuring validation behavior :param cert: An asn1crypto.x509.Certificate object returned from validate_path() :param key_usage: A set of unicode strings of the required key usage purposes :param extended_key_usage: A set of unicode strings of the required extended key usage purposes :param extended_optional: A bool - if the extended_key_usage extension may be omitted and still considered valid :raises: pyhanko_certvalidator.errors.InvalidCertificateError - when the certificate is not valid for the usages specified """ if validation_context.is_whitelisted(cert): return if key_usage is None: key_usage = set() if extended_key_usage is None: extended_key_usage = set() missing_key_usage = key_usage if cert.key_usage_value: missing_key_usage = key_usage - cert.key_usage_value.native missing_extended_key_usage = set() if extended_optional is False and not cert.extended_key_usage_value: missing_extended_key_usage = extended_key_usage elif cert.extended_key_usage_value is not None: missing_extended_key_usage = extended_key_usage - set( cert.extended_key_usage_value.native ) if missing_key_usage or missing_extended_key_usage: plural = ( 's' if len(missing_key_usage | missing_extended_key_usage) > 1 else '' ) friendly_purposes = [] for purpose in sorted(missing_key_usage | missing_extended_key_usage): friendly_purposes.append(purpose.replace('_', ' ')) raise InvalidCertificateError( f"The X.509 certificate provided is not valid for the " f"purpose{plural} of {', '.join(friendly_purposes)}" ) def validate_aa_usage( validation_context: ValidationContext, cert: x509.Certificate, extended_key_usage: Optional[Set[str]] = None, ): """ Validate AA certificate profile conditions in RFC 5755 § 4.5 :param validation_context: :param cert: :param extended_key_usage: :return: """ if validation_context.is_whitelisted(cert): return # Check key usage requirements validate_usage( validation_context, cert, key_usage={'digital_signature'}, extended_key_usage=extended_key_usage or set(), extended_optional=extended_key_usage is not None, ) # Check basic constraints: AA must not be a CA bc = cert.basic_constraints_value if bc is not None and bool(bc['ca']): raise InvalidCertificateError( "The X.509 certificate provided is a CA certificate, so " "it cannot be used to validate attribute certificates." ) def _validate_ac_targeting( attr_cert: cms.AttributeCertificateV2, acceptable_targets: ACTargetDescription, ): target_info = get_ac_extension_value(attr_cert, 'target_information') if target_info is None: return target: Target gen_name: x509.GeneralName for targets in target_info: for target in targets: if target.name == 'target_name': gen_name = target.chosen valid_names = acceptable_targets.validator_names elif target.name == 'target_group': gen_name = target.chosen valid_names = acceptable_targets.group_memberships else: logger.info( f"'{target.name}' is not supported as a targeting mode; " f"ignoring." ) continue try: target_ok = gen_name in valid_names except ValueError: # fall back to binary comparison in case the name type is not # supported by asn1crypto's comparison logic for GeneralName # (we could be more efficient here, but this is probably # rare, so let's follow YAGNI) target_ok = gen_name.dump() in {n.dump() for n in valid_names} if target_ok: return # TODO log audit identity raise InvalidAttrCertificateError("AC targeting check failed") SUPPORTED_AC_EXTENSIONS = frozenset( [ 'authority_information_access', 'authority_key_identifier', 'crl_distribution_points', 'freshest_crl', 'key_identifier', 'no_rev_avail', 'target_information', # NOTE: we don't actively process this extension, but we never log holder # identifying information, so the purpose of the audit identity # extension is still satisfied. # TODO actually use audit_identity for logging purposes, falling back # to holder info if audit_identity is not available. 'audit_identity', ] ) def _parse_iss_serial( iss_serial: cms.IssuerSerial, err_msg_prefix: str ) -> bytes: """ Render a cms.IssuerSerial value into something that matches x509.Certificate.issuer_serial output. """ issuer_names = iss_serial['issuer'] issuer_dirname = extract_dir_name(issuer_names, err_msg_prefix) result_bytes = b'%s:%d' % ( issuer_dirname.sha256, iss_serial['serial'].native, ) return result_bytes def _process_aki_ext(aki_ext: x509.AuthorityKeyIdentifier): aki = aki_ext['key_identifier'].native # could be None auth_iss_ser = auth_iss_dirname = None if not isinstance(aki_ext['authority_cert_issuer'], core.Void): auth_iss_dirname = extract_dir_name( aki_ext['authority_cert_issuer'], "Could not decode authority issuer in AKI extension", ) auth_ser = aki_ext['authority_cert_serial_number'].native if auth_ser is not None: auth_iss_ser = b'%s:%d' % (auth_ser.sha256, auth_ser) return aki, auth_iss_dirname, auth_iss_ser def _candidate_ac_issuers( attr_cert: cms.AttributeCertificateV2, registry: CertificateCollection ): # TODO support matching against subjectAltName? # Outside the scope of RFC 5755, but it might make sense issuer_rec = attr_cert['ac_info']['issuer'] aa_names: Optional[x509.GeneralNames] = None aa_iss_serial: Optional[bytes] = None if issuer_rec.name == 'v1_form': aa_names = issuer_rec.chosen else: issuerv2: cms.V2Form = issuer_rec.chosen if not isinstance(issuerv2['issuer_name'], core.Void): aa_names = issuerv2['issuer_name'] if not isinstance(issuerv2['base_certificate_id'], core.Void): # not allowed by RFC 5755, but let's parse it anyway if # we encounter it aa_iss_serial = _parse_iss_serial( issuerv2['base_certificate_id'], "Could not identify AA issuer in base_certificate_id", ) if not isinstance(issuerv2['object_digest_info'], core.Void): # TODO support objectdigestinfo? Also not allowed by RFC 5755 raise NotImplementedError( "Could not identify AA; objectDigestInfo is not supported." ) # Process the AKI extension if there is one aki_ext = get_ac_extension_value(attr_cert, 'authority_key_identifier') if aki_ext is not None: aki, aa_issuer, aki_aa_iss_serial = _process_aki_ext(aki_ext) if aki_aa_iss_serial is not None: if aa_iss_serial is not None and aa_iss_serial != aki_aa_iss_serial: raise InvalidAttrCertificateError( "AC's AKI extension and issuer include conflicting " "identifying information for the issuing AA" ) else: aa_iss_serial = aki_aa_iss_serial else: aki = None candidates: Iterable[x509.Certificate] = () aa_name = None if aa_names is not None: aa_name = extract_dir_name(aa_names, "Could not identify AA by name") if aa_iss_serial is not None: exact_cert = registry.retrieve_by_issuer_serial(aa_iss_serial) if exact_cert is not None: candidates = (exact_cert,) elif aa_name is not None: candidates = registry.retrieve_by_name(aa_name) for aa_candidate in candidates: if aa_name is not None and aa_candidate.subject != aa_name: continue if aki is not None and aa_candidate.key_identifier != aki: # AC's AKI doesn't match candidate's SKI continue yield aa_candidate def _check_ac_signature( attr_cert: cms.AttributeCertificateV2, aa_cert: x509.Certificate, validation_context: ValidationContext, ): sd_algo = attr_cert['signature_algorithm'] embedded_sd_algo = attr_cert['ac_info']['signature'] use_time = validation_context.best_signature_time digest_allowed = ( validation_context.algorithm_policy.signature_algorithm_allowed( sd_algo, use_time, public_key=aa_cert.public_key ) ) if sd_algo.native != embedded_sd_algo.native: raise InvalidAttrCertificateError( "Signature algorithm declaration in signed portion of AC does not " "match the signature algorithm declaration on the envelope." ) elif not digest_allowed: raise DisallowedAlgorithmError( "The attribute certificate could not be validated because " f"the signature uses the disallowed signature algorithm " f"{sd_algo['algorithm'].native}. ", is_ee_cert=True, is_side_validation=False, banned_since=digest_allowed.not_allowed_after, ) signature_algo = sd_algo.signature_algo hash_algo = attr_cert['signature_algorithm'].hash_algo try: validate_sig( signature=attr_cert['signature'].native, signed_data=attr_cert['ac_info'].dump(), # TODO support PK parameter inheritance? # (would have to remember the working public key from the # validation algo) # low-priority since this only affects DSA in practice public_key_info=aa_cert.public_key, sig_algo=signature_algo, hash_algo=hash_algo, parameters=attr_cert['signature_algorithm']['parameters'], ) except PSSParameterMismatch: raise InvalidAttrCertificateError( "The signature parameters for the attribute certificate " "do not match the constraints on the public key. " ) except InvalidSignature: raise InvalidAttrCertificateError( "The attribute certificate could not be validated because the " "signature could not be verified." ) def check_ac_holder_match(holder_cert: x509.Certificate, holder: cms.Holder): """ Match a candidate holder certificate against the holder entry of an attribute certificate. :param holder_cert: Candidate holder certificate. :param holder: Holder value to match against. :return: Return the parts of the holder entry that mismatched as a set. Possible values are `'base_certificate_id'`, `'entity_name'` and `'object_digest_info'`. If the returned set is empty, all entries in the holder entry matched the information in the certificate. """ base_cert_id = holder['base_certificate_id'] mismatches = set() # TODO what about subjectAltName matches? if not isinstance(base_cert_id, core.Void): # repurpose _parse_iss_serial since RFC 5755 restricts # baseCertificateID.issuer to a single DN designated_iss_serial = _parse_iss_serial( base_cert_id, "Could not identify holder certificate issuer" ) if designated_iss_serial != holder_cert.issuer_serial: mismatches.add('base_certificate_id') entity_name = holder['entity_name'] # TODO what about subjectAltName matches? if not isinstance(entity_name, core.Void): holder_dn = extract_dir_name( entity_name, "Could not identify AC holder DN" ) if holder_dn != holder_cert.subject: mismatches.add('entity_name') # TODO implement objectDigestInfo support obj_digest_info = holder['object_digest_info'] if not isinstance(obj_digest_info, core.Void): raise NotImplementedError( "Object digest info is currently not supported" ) return mismatches @dataclass(frozen=True) class ACValidationResult: """ The result of a successful attribute certificate validation. """ attr_cert: cms.AttributeCertificateV2 """ The attribute certificate that was validated. """ aa_cert: x509.Certificate """ The attribute authority that issued the certificate. """ aa_path: ValidationPath """ The validation path of the attribute authority's certificate. """ approved_attributes: Dict[str, cms.AttCertAttribute] """ Approved attributes in the attribute certificate, possibly filtered by AA controls. """ async def async_validate_ac( attr_cert: cms.AttributeCertificateV2, validation_context: ValidationContext, aa_pkix_params: PKIXValidationParams = PKIXValidationParams(), holder_cert: Optional[x509.Certificate] = None, ) -> ACValidationResult: """ Validate an attribute certificate with respect to a given validation context. :param attr_cert: The attribute certificate to validate. :param validation_context: The validation context to validate against. :param aa_pkix_params: PKIX validation parameters to supply to the path validation algorithm applied to the attribute authority's certificate. :param holder_cert: Certificate of the presumed holder to match against the AC's holder entry. If not provided, the holder check is left to the caller to perform. .. note:: This is a convenience option in case there's only one reasonable candidate holder certificate (e.g. when the attribute certificates are part of a CMS SignedData value with only a single signer). :return: An :class:`.ACValidationResult` detailing the validation result, if successful. """ # Process extensions # We do this first because all later steps may involve potentially slow # network IO, so this allows quicker failure. extensions_present = { ext['extn_id'].native: bool(ext['critical']) for ext in attr_cert['ac_info']['extensions'] } unsupported_critical_extensions = { ext for ext, crit in extensions_present.items() if crit and ext not in SUPPORTED_AC_EXTENSIONS } if unsupported_critical_extensions: raise InvalidCertificateError( "The AC could not be validated because it contains the " f"following unsupported critical extension" f"{'s' if len(unsupported_critical_extensions) != 1 else ''}: " f"{', '.join(sorted(unsupported_critical_extensions))}." ) if 'target_information' in extensions_present: targ_desc = validation_context.acceptable_ac_targets if targ_desc is None: raise InvalidAttrCertificateError( "The attribute certificate is targeted, but no targeting " "information is available in the validation context." ) _validate_ac_targeting(attr_cert, targ_desc) ac_holder = attr_cert['ac_info']['holder'] if len(ac_holder) == 0: raise InvalidAttrCertificateError("AC holder entry is empty") if holder_cert is not None: mismatches = check_ac_holder_match(holder_cert, ac_holder) if mismatches: raise InvalidAttrCertificateError( f"Could not match AC holder entry against supplied holder " f"certificate; mismatched entries: {', '.join(mismatches)}" ) path_builder = validation_context.path_builder aa_candidates = _candidate_ac_issuers( attr_cert, validation_context.certificate_registry ) exceptions: List[Exception] = [] aa_path: Optional[ValidationPath] = None for aa_candidate in aa_candidates: try: validate_aa_usage(validation_context, aa_candidate) except InvalidAttrCertificateError as e: exceptions.append(e) continue try: paths = await path_builder.async_build_paths(aa_candidate) except PathBuildingError as e: exceptions.append(e) continue for candidate_path in paths: try: await intl_validate_path( validation_context, candidate_path, parameters=aa_pkix_params, proc_state=ValProcState( cert_path_stack=ConsList.sing(candidate_path), ee_name_override="AA certificate", ), ) aa_path = candidate_path break except ValidationError as e: exceptions.append(e) if aa_path is None: # TODO log audit identifier if not exceptions: raise PathBuildingError( "Could not find a suitable AA for the attribute certificate" ) else: raise exceptions[0] # check the signature aa_cert = aa_path.last _check_ac_signature(attr_cert, aa_cert, validation_context) validity = attr_cert['ac_info']['att_cert_validity_period'] # NOTE: this is a bit of a hack, and the path in question is only used # for error reporting # TODO make paths with ACs at the end easier to handle ac_path = aa_path.copy_and_append(attr_cert) proc_state = ValProcState( cert_path_stack=ConsList.sing(ac_path), is_side_validation=False, ee_name_override="the attribute certificate", ) _check_validity( validity=Validity( { 'not_before': validity['not_before_time'], 'not_after': validity['not_after_time'], } ), moment=validation_context.moment, tolerance=validation_context.time_tolerance, proc_state=proc_state, ) if 'no_rev_avail' not in extensions_present: await _check_revocation( attr_cert, validation_context, ac_path, proc_state=proc_state ) ok_attrs = { attr['type'].native: attr for attr in attr_cert['ac_info']['attributes'] if aa_path.aa_attr_in_scope(attr['type']) } return ACValidationResult( attr_cert=attr_cert, aa_cert=aa_cert, aa_path=aa_path, approved_attributes=ok_attrs, ) @dataclass class _PathValidationState: """ State variables that need to be maintained while traversing a certification path """ valid_policy_tree: Optional['PolicyTreeRoot'] explicit_policy: int inhibit_any_policy: int policy_mapping: int max_path_length: int max_aa_path_length: int working_public_key: x509.PublicKeyInfo working_issuer_name: x509.Name permitted_subtrees: PermittedSubtrees excluded_subtrees: ExcludedSubtrees aa_controls_used: bool = False @staticmethod def init_pkix_validation_state( path_length, trust_anchor: TrustAnchor, parameters: Optional[PKIXValidationParams], ): trust_anchor_quals = trust_anchor.trust_qualifiers max_path_length = max_aa_path_length = path_length if trust_anchor_quals.max_path_length is not None: max_path_length = trust_anchor_quals.max_path_length if trust_anchor_quals.max_path_length is not None: max_aa_path_length = trust_anchor_quals.max_aa_path_length trust_anchor_params = trust_anchor_quals.standard_parameters if parameters is not None and trust_anchor_params is not None: # need to make sure both sets of parameters are respected acceptable_policies = intersect_policy_sets( parameters.user_initial_policy_set, trust_anchor_params.user_initial_policy_set, ) initial_any_policy_inhibit = ( parameters.initial_any_policy_inhibit and parameters.initial_any_policy_inhibit ) initial_explicit_policy = ( parameters.initial_explicit_policy and parameters.initial_explicit_policy ) initial_policy_mapping_inhibit = ( parameters.initial_policy_mapping_inhibit and parameters.initial_policy_mapping_inhibit ) initial_permitted_subtrees = PermittedSubtrees( parameters.initial_permitted_subtrees or default_permitted_subtrees() ) if trust_anchor_params.initial_permitted_subtrees is not None: initial_permitted_subtrees.intersect_with( trust_anchor_params.initial_permitted_subtrees ) initial_excluded_subtrees = ExcludedSubtrees( parameters.initial_excluded_subtrees or default_excluded_subtrees() ) if trust_anchor_params.initial_excluded_subtrees is not None: initial_excluded_subtrees.union_with( trust_anchor_params.initial_excluded_subtrees ) else: parameters = ( parameters or trust_anchor_params or PKIXValidationParams() ) acceptable_policies = parameters.user_initial_policy_set initial_explicit_policy = parameters.initial_explicit_policy initial_any_policy_inhibit = parameters.initial_any_policy_inhibit initial_policy_mapping_inhibit = ( parameters.initial_policy_mapping_inhibit ) initial_permitted_subtrees = PermittedSubtrees( parameters.initial_permitted_subtrees or default_permitted_subtrees() ) initial_excluded_subtrees = ExcludedSubtrees( parameters.initial_excluded_subtrees or default_excluded_subtrees() ) state = _PathValidationState( # Step 1 a valid_policy_tree=PolicyTreeRoot.init_policy_tree( 'any_policy', set(), {'any_policy'} ), # Steps 1 b-c permitted_subtrees=initial_permitted_subtrees, excluded_subtrees=initial_excluded_subtrees, # Steps 1 d-f explicit_policy=(0 if initial_explicit_policy else path_length + 1), inhibit_any_policy=( 0 if initial_any_policy_inhibit else path_length + 1 ), policy_mapping=( 0 if initial_policy_mapping_inhibit else path_length + 1 ), # Steps 1 g-j working_public_key=trust_anchor.authority.public_key, working_issuer_name=trust_anchor.authority.name, # Step 1 k max_path_length=max_path_length, # NOTE: the algorithm (for now) assumes that the AA CA of RFC 5755 # is trusted by fiat, and does not require chaining up to a distinct # CA. In particular, we assume that the AA CA is the trust anchor in # the path. This matches the validation model used in signature # policies (where there are separate trust trees for attributes) max_aa_path_length=max_aa_path_length, ) return state, acceptable_policies def update_policy_restrictions(self, cert: x509.Certificate): # Step 3 h if not cert.self_issued: # Step 3 h 1 if self.explicit_policy != 0: self.explicit_policy -= 1 # Step 3 h 2 if self.policy_mapping != 0: self.policy_mapping -= 1 # Step 3 h 3 if self.inhibit_any_policy != 0: self.inhibit_any_policy -= 1 # Step 3 i policy_constraints = cert.policy_constraints_value if policy_constraints: # Step 3 i 1 require_explicit_policy = policy_constraints[ 'require_explicit_policy' ].native if require_explicit_policy is not None: self.explicit_policy = min( self.explicit_policy, require_explicit_policy ) # Step 3 i 2 inhibit_policy_mapping = policy_constraints[ 'inhibit_policy_mapping' ].native if inhibit_policy_mapping is not None: self.policy_mapping = min( self.policy_mapping, inhibit_policy_mapping ) # Step 3 j if cert.inhibit_any_policy_value is not None: self.inhibit_any_policy = min( cert.inhibit_any_policy_value.native, self.inhibit_any_policy ) def process_policies( self, index: int, certificate_policies, any_policy_uninhibited, proc_state: ValProcState, ): if certificate_policies and self.valid_policy_tree is not None: self.valid_policy_tree = update_policy_tree( certificate_policies, self.valid_policy_tree, depth=index, any_policy_uninhibited=any_policy_uninhibited, ) # Step 2 e elif certificate_policies is None: self.valid_policy_tree = None # Step 2 f if self.valid_policy_tree is None and self.explicit_policy <= 0: raise PathValidationError.from_state( "The path could not be validated because there is no valid set " f"of policies for {proc_state.describe_cert()}", proc_state, ) def check_name_constraints(self, cert, proc_state: ValProcState): # name constraint processing whitelist_result = self.permitted_subtrees.accept_cert(cert) if not whitelist_result: raise PathValidationError.from_state( "The path could not be validated because not all names of " f"{proc_state.describe_cert()} are in the permitted namespace " f"of the issuing authority. {whitelist_result.error_message}", proc_state, ) blacklist_result = self.excluded_subtrees.accept_cert(cert) if not blacklist_result: raise PathValidationError.from_state( "The path could not be validated because some names of " f"{proc_state.describe_cert()} are excluded from the " f"namespace of the issuing authority. " f"{blacklist_result.error_message}", proc_state, ) def check_certificate_signature( self, cert: x509.Certificate, algorithm_policy: AlgorithmUsagePolicy, proc_state: ValProcState, moment: datetime.datetime, ): sd_algo: algos.SignedDigestAlgorithm = cert['signature_algorithm'] sd_algo_name = sd_algo['algorithm'].native sig_algo_allowed = algorithm_policy.signature_algorithm_allowed( sd_algo, moment, public_key=self.working_public_key ) if not sig_algo_allowed: msg = ( f"The path could not be validated because the signature " f"of {proc_state.describe_cert()} uses the disallowed " f"signature mechanism {sd_algo_name}." ) if sig_algo_allowed.failure_reason is not None: msg += f" Reason: {sig_algo_allowed.failure_reason}." raise DisallowedAlgorithmError.from_state( msg, proc_state, banned_since=sig_algo_allowed.not_allowed_after, ) try: validate_sig( signature=cert['signature_value'].native, signed_data=cert['tbs_certificate'].dump(), public_key_info=self.working_public_key, sig_algo=sd_algo.signature_algo, hash_algo=sd_algo.hash_algo, parameters=cert['signature_algorithm']['parameters'], ) except PSSParameterMismatch: raise PathValidationError.from_state( f"The signature parameters for {proc_state.describe_cert()} do " f"not match the constraints on the public key.", proc_state, ) except InvalidSignature: raise PathValidationError.from_state( f"The path could not be validated because the signature of " f"{proc_state.describe_cert()} could not be verified", proc_state, ) # TODO allow delegation to calling library here? SUPPORTED_EXTENSIONS = frozenset( [ 'authority_information_access', 'authority_key_identifier', 'basic_constraints', 'crl_distribution_points', 'extended_key_usage', 'freshest_crl', 'key_identifier', 'key_usage', 'ocsp_no_check', 'certificate_policies', 'policy_mappings', 'policy_constraints', 'inhibit_any_policy', 'name_constraints', 'subject_alt_name', 'aa_controls', ] ) async def intl_validate_path( validation_context: ValidationContext, path: ValidationPath, proc_state: ValProcState, parameters: Optional[PKIXValidationParams] = None, ): """ Internal copy of validate_path() that allows overriding the name of the end-entity certificate as used in exception messages. This functionality is used during chain validation when dealing with indirect CRLs issuer or OCSP responder certificates. :param validation_context: A pyhanko_certvalidator.context.ValidationContext object to use for configuring validation behavior :param path: A pyhanko_certvalidator.path.ValidationPath object of the path to validate :param proc_state: Internal state for error reporting and policy application decisions. :param parameters: Additional input parameters to the PKIX validation algorithm. These are not used when validating CRLs and OCSP responses. :return: The final certificate in the path - an instance of asn1crypto.x509.Certificate """ moment = validation_context.moment # Inputs trust_anchor = path.trust_anchor path_length = path.pkix_len # Step 1: initialization ( state, acceptable_policies, ) = _PathValidationState.init_pkix_validation_state( path_length, trust_anchor, parameters ) # Step 2: basic processing completed_path: ValidationPath = ValidationPath( trust_anchor, interm=[], leaf=None ) cert: Optional[x509.Certificate] if isinstance(trust_anchor, CertTrustAnchor): # if the trust root has a cert, record it as validated. validation_context.record_validation( trust_anchor.certificate, completed_path ) cert = trust_anchor.certificate else: cert = None # TODO support this for attr certs leaf_asserted_nonrevoked = False revinfo_manager = validation_context.revinfo_manager if isinstance(path.leaf, x509.Certificate): leaf_asserted_nonrevoked = revinfo_manager.check_asserted_unrevoked( path.leaf, moment ) for index in range(1, path_length + 1): cert = path[index] proc_state.index += 1 # Step 2 a 1 state.check_certificate_signature( cert, validation_context.algorithm_policy, proc_state, validation_context.best_signature_time, ) # Step 2 a 2 if not validation_context.is_whitelisted(cert): tolerance = validation_context.time_tolerance validity = cert['tbs_certificate']['validity'] _check_validity( validity=validity, moment=moment, tolerance=tolerance, proc_state=proc_state, ) # Step 2 a 3 - CRL/OCSP if ( not leaf_asserted_nonrevoked and not revinfo_manager.check_asserted_unrevoked(cert, moment) ): await _check_revocation( cert=cert, validation_context=validation_context, path=path, proc_state=proc_state, ) # Step 2 a 4 if cert.issuer != state.working_issuer_name: raise PathValidationError.from_state( f"The path could not be validated because " f"{proc_state.describe_cert()} issuer name " f"could not be matched", proc_state, ) # Steps 2 b-c if index == path_length or not cert.self_issued: state.check_name_constraints(cert, proc_state=proc_state) # Steps 2 d state.process_policies( index, cert.certificate_policies_value, # (see step 2 d 2) any_policy_uninhibited=( state.inhibit_any_policy > 0 or (index < path_length and cert.self_issued) ), proc_state=proc_state, ) if index < path_length: # Step 3: prepare for certificate index+1 _prepare_next_step(index, cert, state, proc_state=proc_state) _check_aa_controls(cert, state, index, proc_state=proc_state) # Step 3 o / 4 f # Check for critical unsupported extensions unsupported_critical_extensions = ( cert.critical_extensions - SUPPORTED_EXTENSIONS ) if unsupported_critical_extensions: raise PathValidationError.from_state( f"The path could not be validated because " f"{proc_state.describe_cert()} contains the " f"following unsupported critical extension" f"{'s' if len(unsupported_critical_extensions) != 1 else ''}" f": {', '.join(sorted(unsupported_critical_extensions))}", proc_state, ) if validation_context: # TODO I left this in from the original code, # but caching intermediate results might not be appropriate at all # times. For example, handling for self-issued certs is different # depending on whether they're treated as an end-entity or not. completed_path = completed_path.copy_and_append(cert) validation_context.record_validation(cert, completed_path) # Step 4: wrap-up procedure # Steps 4 c-e skipped since this method doesn't output it # Step 4 f skipped since this method defers that to the calling application # --> only policy processing remains if cert is not None: qualified_policies = _finish_policy_processing( state=state, cert=cert, acceptable_policies=acceptable_policies, path_length=path_length, proc_state=proc_state, ) path._set_qualified_policies(qualified_policies) # TODO cache valid policies on intermediate certs too? completed_path._set_qualified_policies(qualified_policies) return cert def _check_validity( validity: Validity, moment, tolerance, proc_state: ValProcState ): if moment < validity['not_before'].native - tolerance: raise NotYetValidError.format( valid_from=validity['not_before'].native, proc_state=proc_state ) if moment > validity['not_after'].native + tolerance: raise ExpiredError.format( expired_dt=validity['not_after'].native, proc_state=proc_state ) def _finish_policy_processing( state, cert, acceptable_policies, path_length, proc_state: ValProcState ): # Step 4 a if state.explicit_policy != 0: state.explicit_policy -= 1 # Step 4 b if cert.policy_constraints_value: if cert.policy_constraints_value['require_explicit_policy'].native == 0: state.explicit_policy = 0 # Step 4 g # Step 4 g i intersection: Optional[PolicyTreeRoot] if state.valid_policy_tree is None: intersection = None # Step 4 g ii elif acceptable_policies == {'any_policy'}: intersection = state.valid_policy_tree # Step 4 g iii else: intersection = prune_unacceptable_policies( path_length, state.valid_policy_tree, acceptable_policies ) qualified_policies: FrozenSet[QualifiedPolicy] = frozenset() if intersection is not None: # collect policies in a user-friendly format and attach them to the # path object def _enum_policies() -> Iterable[QualifiedPolicy]: accepted_policy: PolicyTreeNode assert intersection is not None for accepted_policy in intersection.at_depth(path_length): listed_pol = accepted_policy.valid_policy if listed_pol != 'any_policy': # the first ancestor that is a child of any_policy # will have an ID that makes sense in the user's policy # domain (here 'ancestor' includes the node itself) user_domain_policy_id = next( ancestor.valid_policy for ancestor in accepted_policy.path_to_root() if ancestor.parent.valid_policy == 'any_policy' ) else: # any_policy can't be mapped, so we don't have to do # any walking up the tree. This also covers the corner case # where the path length is 0 (in this case, PKIX validation # is pointless, but we have to deal with it gracefully) user_domain_policy_id = 'any_policy' yield QualifiedPolicy( user_domain_policy_id=user_domain_policy_id, issuer_domain_policy_id=listed_pol, qualifiers=frozenset(accepted_policy.qualifier_set), ) qualified_policies = frozenset(_enum_policies()) elif state.explicit_policy == 0: raise PathValidationError.from_state( f"The path could not be validated because there is no valid set of " f"policies for {proc_state.describe_cert()}.", proc_state, ) return qualified_policies async def _check_revocation( cert, validation_context: ValidationContext, path: ValidationPath, proc_state: ValProcState, ): ocsp_status_good = False revocation_check_failed = False ocsp_matched = False crl_matched = False soft_fail = False failures = [] cert_has_crl, cert_has_ocsp = get_declared_revinfo(cert) revinfo_declared = cert_has_crl or cert_has_ocsp rev_check_policy = ( validation_context.revinfo_policy.revocation_checking_policy ) rev_rule = ( rev_check_policy.ee_certificate_rule if proc_state.is_ee_cert else rev_check_policy.intermediate_ca_cert_rule ) ocsp_suspect_stale_since = None # for OCSP, we don't bother if there's nothing in the certificate's AIA if rev_rule.ocsp_relevant and cert_has_ocsp: try: await verify_ocsp_response( cert, path, validation_context, proc_state=proc_state ) ocsp_status_good = True ocsp_matched = True except OCSPValidationIndeterminateError as e: failures.extend([failure[0] for failure in e.failures]) revocation_check_failed = True ocsp_matched = True ocsp_suspect_stale_since = e.suspect_stale except OCSPNoMatchesError: pass except OCSPFetchError as e: if rev_rule.tolerant: soft_fail = True validation_context._report_soft_fail(e) else: failures.append(e.args[0]) revocation_check_failed = True except OCSPValidationError as e: failures.append(e.args[0]) revocation_check_failed = True ocsp_matched = True if not ocsp_status_good and rev_rule.ocsp_mandatory: if failures: err_str = '; '.join(str(f) for f in failures) else: err_str = 'an applicable OCSP response could not be found' raise InsufficientRevinfoError.from_state( f"The path could not be validated because the mandatory OCSP " f"check(s) for {proc_state.describe_cert()} failed: {err_str}", proc_state, ) status_good = ( ocsp_status_good and rev_rule != RevocationCheckingRule.CRL_AND_OCSP_REQUIRED ) crl_status_good = False crl_suspect_stale_since = None # do not attempt to check CRLs (even cached ones) if there are no # distribution points, unless we have to crl_required_by_policy = rev_rule.crl_mandatory or ( not status_good and rev_rule == RevocationCheckingRule.CRL_OR_OCSP_REQUIRED ) crl_fetchable = rev_rule.crl_relevant and cert_has_crl if crl_required_by_policy or (crl_fetchable and not status_good): try: await verify_crl( cert, path, validation_context, proc_state=proc_state ) revocation_check_failed = False crl_status_good = True crl_matched = True except CRLValidationIndeterminateError as e: failures.extend([failure[0] for failure in e.failures]) revocation_check_failed = True crl_matched = True crl_suspect_stale_since = e.suspect_stale except CRLNoMatchesError: pass except CRLFetchError as e: if rev_rule.tolerant: soft_fail = True validation_context._report_soft_fail(e) else: failures.append(e.args[0]) revocation_check_failed = True if not crl_status_good and rev_rule.crl_mandatory: if failures: err_str = '; '.join(str(f) for f in failures) else: err_str = 'an applicable CRL could not be found' raise InsufficientRevinfoError.from_state( f"The path could not be validated because the mandatory CRL " f"check(s) for {proc_state.describe_cert()} failed: {err_str}", proc_state, ) # If we still didn't find a match, the certificate has CRL/OCSP entries # but we couldn't query any of them. Let's check if this is disqualifying. # With 'strict' the fact that there's no match (irrespective # of certificate properties) is enough to cause a failure, # otherwise we have to check. expected_revinfo = rev_rule.strict or ( revinfo_declared and rev_rule == RevocationCheckingRule.CHECK_IF_DECLARED ) # Did we find any revinfo that "has jurisdiction"? matched = crl_matched or ocsp_matched expected_revinfo_not_found = not matched and expected_revinfo if not soft_fail: if not status_good and matched and revocation_check_failed: msg = ( f"The path could not be validated because " f"{proc_state.describe_cert(def_interm=True)} revocation " f"checks failed: {'; '.join(failures)}" ) maybe_stale_cutoff = ( ocsp_suspect_stale_since or crl_suspect_stale_since ) if maybe_stale_cutoff: stale_cutoff = ( max(ocsp_suspect_stale_since, crl_suspect_stale_since) if ocsp_suspect_stale_since and crl_suspect_stale_since else maybe_stale_cutoff ) raise StaleRevinfoError.format(msg, stale_cutoff, proc_state) else: raise InsufficientRevinfoError.from_state( msg, proc_state, ) if expected_revinfo_not_found: raise InsufficientRevinfoError.from_state( f"The path could not be validated because no revocation " f"information could be found for {proc_state.describe_cert()}", proc_state, ) def _check_aa_controls( cert: x509.Certificate, state: _PathValidationState, index, proc_state: ValProcState, ): aa_controls = AAControls.read_extension_value(cert) if aa_controls is not None: if not state.aa_controls_used and index > 1: raise PathValidationError.from_state( f"AA controls extension only present on part of the " f"certificate chain: {proc_state.describe_cert()} has AA " f"controls while preceding certificates do not. ", proc_state, ) state.aa_controls_used = True # deal with path length new_max_aa_path_length = aa_controls['path_len_constraint'].native if ( new_max_aa_path_length is not None and new_max_aa_path_length < state.max_aa_path_length ): state.max_aa_path_length = new_max_aa_path_length elif state.aa_controls_used: raise PathValidationError.from_state( f"AA controls extension only present on part of the " f"certificate chain: {proc_state.describe_cert()} " f"has no AA controls ", proc_state, ) def _prepare_next_step( index, cert: x509.Certificate, state: _PathValidationState, proc_state: ValProcState, ): if cert.policy_mappings_value: policy_map = enumerate_policy_mappings( cert.policy_mappings_value, proc_state=proc_state ) # Step 3 b if state.valid_policy_tree is not None: state.valid_policy_tree = apply_policy_mapping( policy_map, state.valid_policy_tree, depth=index, policy_mapping_uninhibited=state.policy_mapping > 0, ) # Step 3 c state.working_issuer_name = cert.subject # Steps 3 d-f # Handle inheritance of DSA parameters from a signing CA to the # next in the chain # NOTE: we don't perform this step for RSASSA-PSS since there the # parameters are drawn form the signature parameters, where they # must always be present. copy_params = None if cert.public_key.algorithm == 'dsa' and cert.public_key.hash_algo is None: if state.working_public_key.algorithm == 'dsa': key_alg = state.working_public_key['algorithm'] copy_params = key_alg['parameters'].copy() if copy_params: working_public_key = cert.public_key.copy() working_public_key['algorithm']['parameters'] = copy_params state.working_public_key = working_public_key else: state.working_public_key = cert.public_key # Step 3 g nc_value: x509.NameConstraints = cert.name_constraints_value if nc_value is not None: new_permitted_subtrees = nc_value['permitted_subtrees'] if isinstance(new_permitted_subtrees, x509.GeneralSubtrees): state.permitted_subtrees.intersect_with( process_general_subtrees(new_permitted_subtrees) ) new_excluded_subtrees = nc_value['excluded_subtrees'] if isinstance(new_excluded_subtrees, x509.GeneralSubtrees): state.excluded_subtrees.union_with( process_general_subtrees(new_excluded_subtrees) ) # Step 3 h-j state.update_policy_restrictions(cert) # Step 3 k if not cert.ca: raise PathValidationError.from_state( f"The path could not be validated because " f"{proc_state.describe_cert()} is not a CA", proc_state, ) # Step 3 l if not cert.self_issued: if state.max_path_length == 0: raise PathValidationError.from_state( "The path could not be validated because it exceeds the " "maximum path length", proc_state, ) state.max_path_length -= 1 if state.max_aa_path_length == 0: raise PathValidationError.from_state( "The path could not be validated because it exceeds the " "maximum path length for an AA certificate", proc_state, ) state.max_aa_path_length -= 1 # Step 3 m if ( cert.max_path_length is not None and cert.max_path_length < state.max_path_length ): state.max_path_length = cert.max_path_length # Step 3 n if ( cert.key_usage_value and 'key_cert_sign' not in cert.key_usage_value.native ): raise PathValidationError.from_state( "The path could not be validated because " f"{proc_state.describe_cert()} is not allowed to sign certificates", proc_state, ) certvalidator-0.26.3/pyhanko_certvalidator/version.py000066400000000000000000000001071453642760600231130ustar00rootroot00000000000000# coding: utf-8 __version__ = '0.26.3' __version_info__ = (0, 26, 3) certvalidator-0.26.3/pyproject.toml000066400000000000000000000043011453642760600173740ustar00rootroot00000000000000[build-system] requires = [ "setuptools>=67.4", "wheel", "pytest-runner", ] build-backend = "setuptools.build_meta" [project] name = "pyhanko-certvalidator" dynamic = ['version'] authors = [{name = "Matthias Valvekens", email = "dev@mvalvekens.be"}] license = {text = "MIT"} description = "Validates X.509 certificates and paths; forked from wbond/certvalidator" keywords = [ "crypto", "pki", "x509", "certificate", "crl", "ocsp", ] classifiers = [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", "Topic :: Security :: Cryptography", ] requires-python = ">=3.7" dependencies = [ "asn1crypto>=1.5.1", "oscrypto>=1.1.0", "cryptography>=41.0.5", "uritools>=3.0.1", "requests>=2.31.0", ] [project.readme] file = "README.md" content-type = "text/markdown" [project.urls] Homepage = "https://github.com/MatthiasValvekens/certvalidator" [project.optional-dependencies] async-http = ["aiohttp>=3.8,<3.10"] testing = [ "pytest>=6.1.1", "pytest-cov>=4.0,<4.2", "freezegun>=1.1.0", "aiohttp>=3.8,<3.10", "pytest-aiohttp~=1.0.4", "pyhanko-certvalidator[async-http]", ] mypy = [ "types-requests", "pyhanko-certvalidator[testing]", ] [tool.setuptools] include-package-data = false [tool.setuptools.dynamic] version = {attr = "pyhanko_certvalidator.version.__version__"} [tool.setuptools.packages.find] include = ["pyhanko_certvalidator*"] exclude = ["tests*"] [tool.setuptools.package-data] pyhanko_certvalidator = ["py.typed"] [tool.mypy] files = 'pyhanko_certvalidator' [[tool.mypy.overrides]] module = [ "asn1crypto.*", "pkcs11.*", "oscrypto.*", "uritools.*", ] ignore_missing_imports = true [tool.pytest.ini_options] log_format = "%(asctime)s %(levelname)s %(message)s" log_date_format = "%Y-%m-%d %H:%M:%S" log_cli = true log_cli_level = "INFO" testpaths = "tests" asyncio_mode = "strict" certvalidator-0.26.3/tests/000077500000000000000000000000001453642760600156245ustar00rootroot00000000000000certvalidator-0.26.3/tests/__init__.py000066400000000000000000000000001453642760600177230ustar00rootroot00000000000000certvalidator-0.26.3/tests/common.py000066400000000000000000000032201453642760600174630ustar00rootroot00000000000000import base64 import os from asn1crypto import crl, ocsp, pem, x509 from pyhanko_certvalidator import authority from pyhanko_certvalidator.path import ValidationPath TESTS_ROOT = os.path.dirname(__file__) FIXTURES_DIR = os.path.join(TESTS_ROOT, 'fixtures') def load_cert_object(*path_components) -> x509.Certificate: with open(os.path.join(FIXTURES_DIR, *path_components), 'rb') as f: cert_bytes = f.read() if pem.detect(cert_bytes): _, _, cert_bytes = pem.unarmor(cert_bytes) cert = x509.Certificate.load(cert_bytes) return cert def load_path(base_dir, *cert_files) -> ValidationPath: certs_collected = [] for cert_file in cert_files: certs_collected.append(load_cert_object(base_dir, cert_file)) return ValidationPath( trust_anchor=authority.CertTrustAnchor(certs_collected[0]), interm=certs_collected[1:-1], leaf=certs_collected[-1], ) def load_nist_cert(filename): return load_cert_object('nist_pkits', 'certs', filename) def load_crl(*path_components) -> crl.CertificateList: with open(os.path.join(FIXTURES_DIR, *path_components), 'rb') as inf: return crl.CertificateList.load(inf.read()) def load_ocsp_response(*path_components) -> ocsp.OCSPResponse: with open(os.path.join(FIXTURES_DIR, *path_components), 'rb') as inf: return ocsp.OCSPResponse.load(inf.read()) def load_nist_crl(filename): return load_crl(FIXTURES_DIR, 'nist_pkits', 'crls', filename) def load_openssl_ors(filename): with open(os.path.join(FIXTURES_DIR, 'openssl-ocsp', filename), 'rb') as f: return ocsp.OCSPResponse.load(base64.b64decode(f.read())) certvalidator-0.26.3/tests/constants.py000066400000000000000000000000321453642760600202050ustar00rootroot00000000000000TEST_REQUEST_TIMEOUT = 30 certvalidator-0.26.3/tests/fixtures/000077500000000000000000000000001453642760600174755ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/ades/000077500000000000000000000000001453642760600204115ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/ades/time-slide/000077500000000000000000000000001453642760600224455ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/ades/time-slide/alice-2020-10-01.ors000066400000000000000000000026641453642760600252740ustar00rootroot000000000000000‚°  ‚©0‚¥ +0‚–0‚’0­¢ÔqFIíºûgü¾ð˜gÎÇf„£20201001000000Z000W0  `†He ÿ×ãÿu±µMia:KÛ1×qG†sJÿ§Ñ’m¬`Õ? ÙD;ÛWŽ—V³9bá:ðX¤Ý[ yyYc·RN#TñÂ#`é9!{¡ý^ì-™Â~µÈzª®^;ÑŒ{™´ ÆH Çí£{0y0UÔqFIíºûgü¾ð˜gÎÇf„£0U#0€0ô=σÉvÃÚyh²mìâihÏU0Uÿ€0U%ÿ 0 + 0 +00  *†H†÷  ‚ï8É•^ƒ}O©¸›+ó·Ñϳ ÖÉžR.g§>RQIÚszY.ÌŽ¹ÖUBîAÈç´Æ*ü%𽧚¼5QŒ{>S)YíQ¶l¸¬Qèùäw“2ËÑêÖ›vÍŽ¥ä—y–ðž#†Cí‡îf©U‰ vAjGõ7>± ä áÞ v3{7)Ëà6)™ß}¢[”Õ­ÒCïÔd“ŽSnçÉž3ˆðýœU•kcb”’Sƒ¦)”é`¤½3¶’Ñ­OöÝ\´oOÚ=$ˆÎ²û ‚NVÙá‰âš·®‚ïsdhJ¸!#uŒÓa[“d] 72F‡Qõ`MÇvcertvalidator-0.26.3/tests/fixtures/ades/time-slide/alice-2020-11-29.ors000066400000000000000000000026641453642760600253070ustar00rootroot000000000000000‚°  ‚©0‚¥ +0‚–0‚’0­¢ÔqFIíºûgü¾ð˜gÎÇf„£20201129000000Z000W0  `†He ÿ×ãÿu±µMia:KÛ1×qG†sJÿ§Ñ’m¬`Õ? ÙD;ÛWŽ—V³9bá:ðX¤Ý[ yyY“ÐŤ•?žÿ7¡>^ VVÁ/WVc—t¥ÏeðJ¨¾Œ„Hÿàf©ŠMŠû–EtØ'ñLƒ¥[#@ó§2º’=¸‘, VÚY†ƒ W¦ ‚Ê0‚Æ0‚Â0‚ª 0  *†H†÷  0]1 0 UXX10U Testing Authority10U Time-Slide Test10U Intermediate CA0  000101000000Z21000101000000Z0l1 0 UXX10U Testing Authority10U Time-Slide Test1'0%U Intermediate CA OCSP Responder0‚"0  *†H†÷ ‚0‚ ‚Ë†ðˆ ²:!kh6ööèAízž®üß“êðÁ@=Ï¢¶oB¨ZcqÇÑ‚â<%õõ@Ü=8Ѫ‘Êmú‹¤A(Š* }’ž›ÝìMFš@5s½ß"éš“_aÒ¹Kû€íÄ­Ì<Š¬(<øDÕ“îÀ냾ÝÓtÎ Cš ®â¾A?Ý^‡rŸ”»U6¤-ÒÑþÉëÞÅåÜ+Í ¯ƒ¹'Ó„ Üì£ Â ¶þêÂs!a§ÇƒY¡®—KÏ„ƒÖæCïWÎ8­¦>c·RN#TñÂ#`é9!{¡ý^ì-™Â~µÈzª®^;ÑŒ{™´ ÆH Çí£{0y0UÔqFIíºûgü¾ð˜gÎÇf„£0U#0€0ô=σÉvÃÚyh²mìâihÏU0Uÿ€0U%ÿ 0 + 0 +00  *†H†÷  ‚ï8É•^ƒ}O©¸›+ó·Ñϳ ÖÉžR.g§>RQIÚszY.ÌŽ¹ÖUBîAÈç´Æ*ü%𽧚¼5QŒ{>S)YíQ¶l¸¬Qèùäw“2ËÑêÖ›vÍŽ¥ä—y–ðž#†Cí‡îf©U‰ vAjGõ7>± ä áÞ v3{7)Ëà6)™ß}¢[”Õ­ÒCïÔd“ŽSnçÉž3ˆðýœU•kcb”’Sƒ¦)”é`¤½3¶’Ñ­OöÝ\´oOÚ=$ˆÎ²û ‚NVÙá‰âš·®‚ïsdhJ¸!#uŒÓa[“d] 72F‡Qõ`MÇvcertvalidator-0.26.3/tests/fixtures/ades/time-slide/alice-2020-12-10.ors000066400000000000000000000027131453642760600252710ustar00rootroot000000000000000‚Ç  ‚À0‚¼ +0‚­0‚©0Ä¢ÔqFIíºûgü¾ð˜gÎÇf„£20201210000000Z0˜0•0W0  `†He ÿ×ãÿu±µMia:KÛ1×qG†sJÿ§Ñ’m¬`Õ? ÙD;ÛWŽ—V³9bá:ðX¤Ý[ yyYº ‚Ê0‚Æ0‚Â0‚ª 0  *†H†÷  0]1 0 UXX10U Testing Authority10U Time-Slide Test10U Intermediate CA0  000101000000Z21000101000000Z0l1 0 UXX10U Testing Authority10U Time-Slide Test1'0%U Intermediate CA OCSP Responder0‚"0  *†H†÷ ‚0‚ ‚Ë†ðˆ ²:!kh6ööèAízž®üß“êðÁ@=Ï¢¶oB¨ZcqÇÑ‚â<%õõ@Ü=8Ѫ‘Êmú‹¤A(Š* }’ž›ÝìMFš@5s½ß"éš“_aÒ¹Kû€íÄ­Ì<Š¬(<øDÕ“îÀ냾ÝÓtÎ Cš ®â¾A?Ý^‡rŸ”»U6¤-ÒÑþÉëÞÅåÜ+Í ¯ƒ¹'Ó„ Üì£ Â ¶þêÂs!a§ÇƒY¡®—KÏ„ƒÖæCïWÎ8­¦>c·RN#TñÂ#`é9!{¡ý^ì-™Â~µÈzª®^;ÑŒ{™´ ÆH Çí£{0y0UÔqFIíºûgü¾ð˜gÎÇf„£0U#0€0ô=σÉvÃÚyh²mìâihÏU0Uÿ€0U%ÿ 0 + 0 +00  *†H†÷  ‚ï8É•^ƒ}O©¸›+ó·Ñϳ ÖÉžR.g§>RQIÚszY.ÌŽ¹ÖUBîAÈç´Æ*ü%𽧚¼5QŒ{>S)YíQ¶l¸¬Qèùäw“2ËÑêÖ›vÍŽ¥ä—y–ðž#†Cí‡îf©U‰ vAjGõ7>± ä áÞ v3{7)Ëà6)™ß}¢[”Õ­ÒCïÔd“ŽSnçÉž3ˆðýœU•kcb”’Sƒ¦)”é`¤½3¶’Ñ­OöÝ\´oOÚ=$ˆÎ²û ‚NVÙá‰âš·®‚ïsdhJ¸!#uŒÓa[“d] 72F‡Qõ`MÇvcertvalidator-0.26.3/tests/fixtures/ades/time-slide/certomancer.yml000066400000000000000000000054431453642760600255000ustar00rootroot00000000000000external-url-prefix: "http://ca.example.com" keysets: testing-ca: path-prefix: keys keys: root: path: root.key.pem interm: path: interm.key.pem interm-ocsp: path: interm-ocsp.key.pem alice: path: alice.key.pem bob: path: bob.key.pem pki-architectures: time-slide-ca: keyset: testing-ca entity-defaults: country-name: XX organization-name: Testing Authority organizational-unit-name: Time-Slide Test entities: root: common-name: Root CA interm: common-name: Intermediate CA interm-ocsp: common-name: Intermediate CA OCSP Responder alice: common-name: Alice bob: common-name: Bob certs: root: subject: root issuer: root validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2500-01-01T00:00:00+0000" profiles: - id: simple-ca params: crl-repo: root interm: subject: interm issuer: root validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2100-01-01T00:00:00+0000" profiles: - id: simple-ca params: crl-repo: interm ocsp-service: interm max-path-len: 0 interm-revoked: subject: interm issuer: root validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2100-01-01T00:00:00+0000" revocation: revoked-since: "2020-12-01T00:00:00+0000" reason: key_compromise profiles: - simple-ca interm-ocsp: issuer: interm issuer-cert: interm validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2100-01-01T00:00:00+0000" profiles: - ocsp-responder alice: subject: alice issuer: interm issuer-cert: interm validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2100-01-01T00:00:00+0000" revocation: revoked-since: "2020-12-01T00:00:00+0000" reason: key_compromise extensions: - id: key_usage critical: true smart-value: schema: key-usage params: [digital_signature] services: ocsp: interm: for-issuer: interm issuer-cert: interm responder-cert: interm-ocsp signing-key: interm-ocsp crl-repo: root: for-issuer: root signing-key: root simulated-update-schedule: "P10D" interm: for-issuer: interm signing-key: interm issuer-cert: interm simulated-update-schedule: "P10D"certvalidator-0.26.3/tests/fixtures/ades/time-slide/certs/000077500000000000000000000000001453642760600235655ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/ades/time-slide/certs/alice.crt000066400000000000000000000020401453642760600253500ustar00rootroot000000000000000‚0‚ 0  *†H†÷  0]1 0 UXX10U Testing Authority10U Time-Slide Test10U Intermediate CA0  000101000000Z21000101000000Z0S1 0 UXX10U Testing Authority10U Time-Slide Test10 U Alice0‚"0  *†H†÷ ‚0‚ ‚º¿åŸ/-| hbÑOúÒMiÊN>Y–DW_%·ÈñÑ#ÀG?pWuº½FG={ad«‘f< üˆÿÍ'a ¬uœuZáô5«ƒ×Kó"†Jªß¾×U|LŸx[ZƒãûÕEñ$Ú*½15›Ø1jÔŽè¹hYüצ–N¡•Ö ›ÿk%Œåx£àµ*}@‡éЛÕĺ·3kã†8;½ÖÉÄvÂÀ; >ßRÆà„—m›åpP¤T×xlé-Ùvªë@»ã¥hsª„}6ùæƒ8,úMFî=msœ, d¦`Ü|‰ÄÇŸ_þLëÕiÜ™þôáA„ÏØLzÙ£í0ê0UZDÔ[]ˆ{ðësx—6²ÀÙ¨0U#0€0ô=σÉvÃÚyh²mìâihÏU0KUD0B0@ > <†:http://ca.example.com/time-slide-ca/crls/interm/latest.crl0K+?0=0;+0†/http://ca.example.com/time-slide-ca/ocsp/interm0Uÿ€0  *†H†÷  ‚F!º´EÈŪ"…Á Ûѧ.)T€Y5ºÑ:íÛ4ßÍwà8ǧО”ê^å62«¦zã£'fÚ.åeKwB;×P0²¸VUTª³Ü}^!.1…H«\¤qè‰<„ê›â°Fi5µOÀð‘Ã’ÃÝs ||2—… xº´ÿ‰;Œ° VdWuÍÄlóGXÖ£½,ǃvVû1ZÌ#¡) `j¢ªp»œÖy³»æP„FÝZ,hÀÞ󜀎| ÿ^'¶òÌ0Y|nVFxýÔ—Þ÷¸q¢tåû²Gö‘i´îGbŸ8 U•nw,­BZŽ% ä¼kÏŸˆµ‡?JPdcertvalidator-0.26.3/tests/fixtures/ades/time-slide/certs/interm-ocsp.crt000066400000000000000000000017061453642760600265430ustar00rootroot000000000000000‚Â0‚ª 0  *†H†÷  0]1 0 UXX10U Testing Authority10U Time-Slide Test10U Intermediate CA0  000101000000Z21000101000000Z0l1 0 UXX10U Testing Authority10U Time-Slide Test1'0%U Intermediate CA OCSP Responder0‚"0  *†H†÷ ‚0‚ ‚Ë†ðˆ ²:!kh6ööèAízž®üß“êðÁ@=Ï¢¶oB¨ZcqÇÑ‚â<%õõ@Ü=8Ѫ‘Êmú‹¤A(Š* }’ž›ÝìMFš@5s½ß"éš“_aÒ¹Kû€íÄ­Ì<Š¬(<øDÕ“îÀ냾ÝÓtÎ Cš ®â¾A?Ý^‡rŸ”»U6¤-ÒÑþÉëÞÅåÜ+Í ¯ƒ¹'Ó„ Üì£ Â ¶þêÂs!a§ÇƒY¡®—KÏ„ƒÖæCïWÎ8­¦>c·RN#TñÂ#`é9!{¡ý^ì-™Â~µÈzª®^;ÑŒ{™´ ÆH Çí£{0y0UÔqFIíºûgü¾ð˜gÎÇf„£0U#0€0ô=σÉvÃÚyh²mìâihÏU0Uÿ€0U%ÿ 0 + 0 +00  *†H†÷  ‚ï8É•^ƒ}O©¸›+ó·Ñϳ ÖÉžR.g§>RQIÚszY.ÌŽ¹ÖUBîAÈç´Æ*ü%𽧚¼5QŒ{>S)YíQ¶l¸¬Qèùäw“2ËÑêÖ›vÍŽ¥ä—y–ðž#†Cí‡îf©U‰ vAjGõ7>± ä áÞ v3{7)Ëà6)™ß}¢[”Õ­ÒCïÔd“ŽSnçÉž3ˆðýœU•kcb”’Sƒ¦)”é`¤½3¶’Ñ­OöÝ\´oOÚ=$ˆÎ²û ‚NVÙá‰âš·®‚ïsdhJ¸!#uŒÓa[“d] 72F‡Qõ`MÇvcertvalidator-0.26.3/tests/fixtures/ades/time-slide/certs/interm-revoked.crt000066400000000000000000000017441453642760600272400ustar00rootroot000000000000000‚à0‚È 0  *†H†÷  0U1 0 UXX10U Testing Authority10U Time-Slide Test10U Root CA0  000101000000Z21000101000000Z0]1 0 UXX10U Testing Authority10U Time-Slide Test10U Intermediate CA0‚"0  *†H†÷ ‚0‚ ‚©D ß×=-úÓ@q]ÿ¬1øUËuèzBŒ ˜7q!–A4‡…ã“PzÓxÇ+F*Æz_WTò–…‚€ëûȃ&áEïü§…µÝ0Bè&ò¡kß™`uw±f“ÉŸBà—† ©B²*±w•Ì°Ašõ /± &Lk‹;˜Š¯uªBß'pÙº5ˆ›JðìÜåŠEÒÜ@L ãdk"G:*8žñÔ­Ä’ê Uº¢Tñê#ѼBÙfÃ$§”¹›^¿%äÀ[óríàp[¡µ4†92n÷ýT ;¹•ˆ½2xkËfê~ Є»žàL¸ëGQµ¬>¦LÔG5£¯0¬0U0ô=σÉvÃÚyh²mìâihÏU0U#0€½÷ÿHýXóÜÔ¡^6a ?0Uÿ0ÿ0Uÿ†0IUB0@0> < :†8http://ca.example.com/time-slide-ca/crls/root/latest.crl0  *†H†÷  ‚pÌaPwÑaqà-ç§Øó#°v¨e½W] :ÁŠ3‰[Çfõ²Á°óèM‡þºÈ.r »y2cßàHEƒâJZU°Èü5ØóÊàLZ +>fÔ\¼vDAO_aš<ñHç§ÊT¤HŸÉc˪¾º ;&)Ї*òKí¦¦ScýÚg_nUóVݹÑÄеj}Ю•sCXˆ ~|,îgI–¾*ª"¦è•åzÏ€Íãâo¿.犫 ]_·öpeK€èó¾²ãÛ_^i¶äʼn2"ëÌÍ!…r&øQ¨c~³ÅÀXŠeGná=ºbº‘Ün]@RFÞ"÷Ö;certvalidator-0.26.3/tests/fixtures/ades/time-slide/certs/interm.crt000066400000000000000000000017471453642760600256060ustar00rootroot000000000000000‚ã0‚Ë 0  *†H†÷  0U1 0 UXX10U Testing Authority10U Time-Slide Test10U Root CA0  000101000000Z21000101000000Z0]1 0 UXX10U Testing Authority10U Time-Slide Test10U Intermediate CA0‚"0  *†H†÷ ‚0‚ ‚©D ß×=-úÓ@q]ÿ¬1øUËuèzBŒ ˜7q!–A4‡…ã“PzÓxÇ+F*Æz_WTò–…‚€ëûȃ&áEïü§…µÝ0Bè&ò¡kß™`uw±f“ÉŸBà—† ©B²*±w•Ì°Ašõ /± &Lk‹;˜Š¯uªBß'pÙº5ˆ›JðìÜåŠEÒÜ@L ãdk"G:*8žñÔ­Ä’ê Uº¢Tñê#ѼBÙfÃ$§”¹›^¿%äÀ[óríàp[¡µ4†92n÷ýT ;¹•ˆ½2xkËfê~ Є»žàL¸ëGQµ¬>¦LÔG5£²0¯0U0ô=σÉvÃÚyh²mìâihÏU0U#0€½÷ÿHýXóÜÔ¡^6a ?0Uÿ0ÿ0Uÿ†0IUB0@0> < :†8http://ca.example.com/time-slide-ca/crls/root/latest.crl0  *†H†÷  ‚ ÇfáCgKiÒh=­Ws÷—të䌭/ÎR¿é<ìHu·/²ff¹«%Q³»h³‡pßîaragþUh†ÌÈþ¨)Þý#¢‰}pµ÷ÇqûÁ”G>rŽE4ä¹ý‰Ðәਨ^Y‘¹ðu +ççjÕÊ£††ó¤dp·Y†)"nì:“Keqü„Gï,Ý>:ð÷CmÊÂÛa{©kÐUiiž!»ÏnR3vñ×úG âfì°©Z…;ÇEIÇ%?uyÌ›8S›ÊÿïlÝê,ÜqèoÉŸƒ8!îÒH#;«ÌN³¸ o¤t"² Ùý?Î>ºÚаEÎcertvalidator-0.26.3/tests/fixtures/ades/time-slide/certs/root.crt000066400000000000000000000017341453642760600252670ustar00rootroot000000000000000‚Ø0‚À 0  *†H†÷  0U1 0 UXX10U Testing Authority10U Time-Slide Test10U Root CA0  000101000000Z25000101000000Z0U1 0 UXX10U Testing Authority10U Time-Slide Test10U Root CA0‚"0  *†H†÷ ‚0‚ ‚­3ÈBÁÄLRÝšû姿D'ÑE‡*=ëõÇ$o&Ûè¹T7>qkdb××ñ2gétWéPGå­ÿsêXŒoþÂÜ 7߶¤ç$‚Ý´a¬VüÕ2ˆ¡ú}@/™5+ô«!^f-7yê”çþóU¦œ/­{¶42´‡U~ oNxoä:aÀêá<ÔÎãîÈ¡Éæǵè'][1õ"G÷ÌÞ‹B×E"jº _‘ÝÏ•BŒöü(R’µÇr´¼±¤½o##k¾‚äo ‚Êx£pœv-‡ÖÄ¡ÆXÓeø_g„¢ÑÕ3­Zû”ÎŒÿµè<ï_f?êóst[£¯0¬0U½÷ÿHýXóÜÔ¡^6a ?0U#0€½÷ÿHýXóÜÔ¡^6a ?0Uÿ0ÿ0Uÿ†0IUB0@0> < :†8http://ca.example.com/time-slide-ca/crls/root/latest.crl0  *†H†÷  ‚›4½‚“a¥YÊêíhv¥ØdÚ´ g*»æºvÇô»oYµÑö¤è2?“gô°Lʹ³DĬ "}Ç£kÇkʬ»"•Éj¢yU™­WÞ˜ìæ½Å‡ð¸+&öŠ“é#«”]7OIï…½Evy¤8 Ëþòþ=§ÞbÊSNödÛô<6î‘`ÆÛV6#äËŽóß?Šû0ÿ£;³_Ihôq“âÞ°dg¤óa.B*~ü¼Ñw‘›ß–䧩  ‘Z?‰hßù»÷,qáh‘ £Æׯ®¨Šw76[ËÀJ]^ªBÕuÕ!DãÓºmŠB2Ÿ­øFåzH"ëø‹dº@Ëcertvalidator-0.26.3/tests/fixtures/ades/time-slide/generate000077500000000000000000000013731453642760600241710ustar00rootroot00000000000000#!/bin/bash rm *.ors *.crl certs/*.crt alice_ocsp() { certomancer seance time-slide-ca alice interm "alice-$1.ors" \ --at-time "$1T00:00:00+0000" } root_crl() { certomancer necronomicon time-slide-ca root "root-$1.crl" \ --no-pem --at-time "$1T00:00:00+0000" } interm_crl() { certomancer necronomicon time-slide-ca interm "interm-$1.crl" \ --no-pem --at-time "$1T00:00:00+0000" } certomancer mass-summon time-slide-ca certs --flat --no-pfx --no-pem echo "OCSPs for Alice..." alice_ocsp "2020-10-01" alice_ocsp "2020-11-29" alice_ocsp "2020-12-10" echo "Root CRLs..." root_crl "2020-10-01" root_crl "2020-11-29" root_crl "2020-12-10" echo "Intermediate CA CRLs..." interm_crl "2020-10-01" interm_crl "2020-11-29" interm_crl "2020-12-10" certvalidator-0.26.3/tests/fixtures/ades/time-slide/interm-2020-10-01.crl000066400000000000000000000010611453642760600254600ustar00rootroot000000000000000‚-0‚0  *†H†÷  0]1 0 UXX10U Testing Authority10U Time-Slide Test10U Intermediate CA20200922000000Z20201002000000Z0 ~0|0 Uõ0U#0€0ô=σÉvÃÚyh²mìâihÏU0LUÿB0@ > <†:http://ca.example.com/time-slide-ca/crls/interm/latest.crl0  *†H†÷  ‚1ÐÒRmêOåËjLªiŽEœãà¬MšôÀêœEé€R¶ùfXÛmo¶­¤ ¢Cëm!-B7I N¿ºŸyavUœ}oño9 ²_RS]ÌIe7!^óƒÌo)ªIþíÂM¾3¥S°a.úøšQùAýž\?˸$ñ"¬ÌwÙ [g`ÙPÓƒéBûÂèãzÒN”êÚ+*½]¹‚±³ï6·‚ ‡cñu;TM–4§3ÎTe«zAÂ!I9¢çÊ°] C'7^ñ*açšíÎI|í¢ˆ/ÇÁC@f­f$x(sÞ¦ãJý„^OoFñóBMà`5ÄŽº˜certvalidator-0.26.3/tests/fixtures/ades/time-slide/interm-2020-11-29.crl000066400000000000000000000010611453642760600254730ustar00rootroot000000000000000‚-0‚0  *†H†÷  0]1 0 UXX10U Testing Authority10U Time-Slide Test10U Intermediate CA20201121000000Z20201201000000Z0 ~0|0 Uû0U#0€0ô=σÉvÃÚyh²mìâihÏU0LUÿB0@ > <†:http://ca.example.com/time-slide-ca/crls/interm/latest.crl0  *†H†÷  ‚´_'3ÉÛçÀЪä–ìG]˜%¦èÊ+u?>V•Arg#=ÉnR‚ÙÜi)î5÷Ü]n¦òÏ2ª¼XŽšƒÿUòéúÂB)’6[ J]åV¢€‘!“ß!B%6Œ~Ms-xE”ø±è ){ˆÌdI Dg¦ë:IçŽXú¯.{ÝÉj‹Æïþõ†Añ1[ §mø®Ô¸J™ßLKç!¼X;v¢¿ÜÅÒ´âUµ¿hß/Ï?2owÖ ˆó‚škôÿઆÛ3¹*÷‡%Ÿÿ_ €>įù qÌê·Tx¨¥´„‘Wäè„éYÐUð¾Ì"º¶ë:á‰Qcertvalidator-0.26.3/tests/fixtures/ades/time-slide/interm-2020-12-10.crl000066400000000000000000000011261453642760600254640ustar00rootroot000000000000000‚R0‚:0  *†H†÷  0]1 0 UXX10U Testing Authority10U Time-Slide Test10U Intermediate CA20201201000000Z20201211000000Z0%0#20201201000000Z0 0 U  ~0|0 Uü0U#0€0ô=σÉvÃÚyh²mìâihÏU0LUÿB0@ > <†:http://ca.example.com/time-slide-ca/crls/interm/latest.crl0  *†H†÷  ‚„Ýàý÷>Ä{t²*ß+E‚ƤC½/#±rÁ_s«¾¡ê~$T€´ŽYíÛ¼Û€d±XiBLÉÕ7ƒÖsÃïêÞàÈuŽ$ÖgC*вŸwœœ­A>•øã¨ç0kÔl§é—ŒÚW满 2–ÇY-?ÁéÿDH$ô IÙ­=ZÇÁd,Oå´âMRóÒ`Y40Ót-m¬™mÙK)kÈB¡·—Èñô•{ð”›ñÖvÛ%ÐÏ"{ÿœò“›P׳›‰q>¯Y‚ÑÇÄD]‘¹ðwen.îÌŽÑK¢q׳q­Ë~íß›ú¿8e<å²{×Á%B¢Â,certvalidator-0.26.3/tests/fixtures/ades/time-slide/keys/000077500000000000000000000000001453642760600234205ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/ades/time-slide/keys/alice.key.pem000066400000000000000000000032131453642760600257660ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAur/lny8tfApoYtFP+tJNacpOPlkOlkRXXyW3yPHRI8BHPxtw VwB1ur1GRz17gWFkHquRZjwfCRP8iP/NJ2EJrHWcdVrhAPQ1B6uD10vzIoZKqt++ 11V8HUyfeFtag+P71R5F8STaKhS9MTWb2DFq1I7ouWhZ/Nemlk6hldYKm/9rJRCM 5Xij4AiPtSp9QIfp0JvVxLoQtxIza+OGODu91snEdsLAOyA+31IQxuDChJdtm+Vw UKQeVNd4bOktBwQA2Qd2qutAu+OlaHOqhH02+eYdgzgs+k0HRu49bXOcLAlkGaYY YNx8icTHn1/+GUzrB9UeadyZ/vThQYTP2Ex62QIDAQABAoIBAHk+n2EjKx+uTili BdAte48khnoaLctHoYYnodO3k/XnHxqMwPnrVYQg4KDd/PJ5/Zuf/i1m+StWq41y ropTiQlL7oGOuCh7ZHaPV3CPYdJXZ+DalTeOy57mIV7tyK16dgTeu8AdEftiLZbm XEEXjGlmQxgk9M+gXwqVEHmMVqUCKm5vivVU6QYyYv4qyf0XiyhMdFs2MrynOn2N qdEMW588p5HHqsO/xU7YRxZG5HxIzix7y70SKe+lq6WHXPCpKdFoH/QeB5eNZHLp f+G8UUvSPcl18u57VherbdALsphcrcv4uQaLUv4Jes1ZWgHpA8TAyr//Zibubuna WrX9sjUCgYEA2zF1lEu0Pq5VJ2fm5Z0A9wmLVkdFfm3WrVmN/4Mml63tJAd4MryZ 3y+ZHbEpmjuxkePK2SDc89/hOfzMWkxYWrx8Qku/f3856AwW6HiBoCxCvcV6iXdK 35ZGG4pzYesQFqP/bPMtIw8QtW82MGaPPupyG+AE5rrR8XTsmWBYs9MCgYEA2hvF tF+NKSwGUinW8yVWg2Y946Z5IFUrbbALzXt17Y1Ljkex0XeaQ6hM7ArFenC1OrtA L9o6iLInK0eoLsPNlelRn6VqLDbpSXSPtrjf1yHAv9V+8Ya8si+cGKX9VGhWuKQp hkfIylxGT7JhJeNJ5Z9umdIntT/oyAD0k3umZyMCgYEAum+8IbGuku33UfgnRcAg NP8yO+WNL3c/dNzKUb180uDF5rJPw1/1xQcYRlANIbmKVJubSsmQBgKz8H2cV2W+ dRcC3eTN8iUF3OCDj6IIJ3PeJMnWaxxDXB/Wa9B8SZoFaix9sm64QqyqupfoUIy7 ZHlHK3yEzreyoJyiLebsK68CgYBWiCgy/KnTiNzlIiZehxTAwwKQ3A44TrIRLYQx POc3nRQ52aXpterlJtOF3mwkvKyaJYo8sfcBHrU9jYtjKlnZPR0eGpF6Azsg4nbW BpkAECsZsMlRZ6RbiVoDyW8tWsv1K2QyGy7FYkCfA+VZE8jQqiVGL8ODPFzNZNuj 263UQwKBgEXtI1kpfEGMp6EVO2v7Fh2cH50dQWxlSMpflz2VPY/2Trcm2aGrvCvf AObSlgx1Yh1nUu/pHJyAVLFnCyTuxYG+NSPcnUyvATginEtjgASdkcFouKUBdH5V gMHjwfe/P5gdoCgrhPx2w7GAuwT8Y4i5X8RbETPlY0a3ej51o8FD -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/ades/time-slide/keys/bob.key.pem000066400000000000000000000032171453642760600254570ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA3gs9cXiCWjzomXEU7BfCFQGmtssxHbvD2mrPgvuRXXQrHlTu x7BfwuDpXewGrzuIp8rqzU+EcPaLViVMqrBRyWhgOEJCwkB4T/7T9mQ1JLt9Shgz MAk6nbrMfUFtdYUIAzA5D9UVatwXzGPm7zhBlw+jhJKrwLdwM2j12U8KN/FOiMEV gxCpBKo3UP/3O1ESXl0cqKfiXPe9VZHguxYnmiXa88x5pAu9EXEDsOrBvRrw05qT Ai1s6xQkmUAMqlKnV7dpkLfupZZzCNJAhEst5HTYmi5BCs8V5qsiNZJEd7anr2se irmBxkT97/f4YI160Qn088Yr6wbyBih7NxHS5QIDAQABAoIBAQCXKKG4iKh80/Ao 3UG4A+h9MnWTBTq3miaXn5UK/0WTkEz2Ri2Txa87VK+p388hJe8/AzXbdSGdYUmz 6IqLvKLA8Qxn4DvgT9FX7AvSNZ+0FOsTMOxP7Eh6LjudnZftpBWzTfXaoF4HNDQD UZNaETsdomjYDJ1eAcMhTHfpaxRyxc/hbQ0LQZ2AkrSAKt3yKKd0iLar/jDTm+xV ivXHKgd8QH+L8wYkaDFGNb3QniV9LQWZFKR+6lyPCimxjcVzo53kTmAYwsbte+Ct zOe3MshUmH9y5FQ1yHLC2l3PSGcYEGMxpT604govbgOyOXob+OKthD5ZpY/jESan WONEgxVVAoGBAPHlMV3BY4OGDBuf+UsbNkTI+oJMHtV2bSc5C+lZE2EBapf5hB+j HjHf9W55+e3xmbgsOjPBJ/HOH0xVhaSsjbe3H6Oh7Nd2e1wnfn4G7hRx5hUVMGVH sTYAUhzJM8rI1bwwUikdfubTcquX6k/2n4xAr+5FCS7cXaza85TO+xmLAoGBAOr9 uQFvqlSbqvX4g3Gwjg7wJE9uTQmzLSe4sq46h2ZUMngmIn3qSK6QzU8MbCojYn7n QBHW9h4cEBoKaKbEpy0DPpLuzja8VIInUNMcrnvf6EgfOtXbbjQFyRAcBNWdRwaa PcntIr2Y9TmeHPQSfQWcbMFxZ8ykbwryyC9JwvNPAoGBAJ6lOHlK6l9KPQqpIrDV igQW4+Us01QgtXnx+hPyrbkDWsuNg8/UBWukfK0WJoqd17lomEt1NSNrki9YL6xO 1ytUWNXSzyiItmM8K8Ov+9lA0iull/X0zQ6jqzbh5qvqh/NCpb/9bkspBp3vpmcH UqCDlF7qvBkVwgIqH3LLRPf9AoGBAMygxrK+d1eX+saYcnXU5c+SRDw687DHq0GU r1vSscdk+FHx+0Ukd8gzZeU5DxOeno2deAhQ5R8RFuBmQf0+78jds2alt0Kouvpf nB1KM5LBRvdO4qAJpax9gTma/Ia7n3bbZ4ToD8GEab6TtejAFMiHD5lf1KC6a8vf 4Hx1QeM3AoGAGVyG0jTe7P5D7/RupaeY7rjTxXc9r6OL+BF2Z2NI3jtgUmDOonMd NzMQQcEbGO0qCc3ZZUCoBUnAAK6lAVfRBxxJAhA3NdPO2TFcpjDS5kVcxKGIr5jW g+T2EqCbIeMKkZFVBbrRBEb5XLKpNA1o2+pcuT2WU+y/xVbo/Q7M13Q= -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/ades/time-slide/keys/interm-ocsp.key.pem000066400000000000000000000032131453642760600271510ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAy4bwiAogsjoha2gFNvb26EHtep6u/N+THup/8MFAPc+itgFv QqhaY3HH0YKd4jwaJfX1QNyNPQY40aqRyo1t+o+LpEEoCIoqCn2SAwKem93sTUaa QDVzvR/fIumak19hEA/SuRFLE/uAFO3ErRTMPIqsKDz4RNUWk+7A64O+3dN0zglD mgmu4r5BP90AXhsQFYdyn5S7VZA2HaQt0tGB/snr3hHF5dwrzQuvg7kn04QK3Oyj C8Igtv7qwnMhYafHg1mhrpdLz4SD1hUZ5kPvV844raY+Y7dSEk4jVPHCI2DpOSGB e6H9XuwtmcJ+tch6qq5eO9GMexSZtA3GSCDH7QIDAQABAoIBADREHPTylN7wKrDo b55j4ZhXheLdaVarG57u3Zg4KIU3EzPmPmpBzaSIDaZyApWclaJ1/VuAyAyJ0oGV agc4NqwHvPabfOpkgNNc1+hJ/e1NGmfl36rpjyVcT/MpRnbeIZD8X0MDe+JPzd6S CNXh52kMu5VBwwf6KOgoggZ5OMTCGXNOXMCXXwPBQO14hg62KKEf8JrJqipqEPNN 4J/XkkGBbFcGVLwRqw0JlifLebDU3jAOTtG/QDsrgGmGl5jpEs7DWwfKxXghylya eFy6dtFkwktfzQJ1veapyhX8SRY+nPR/u222Czu5xbTODFwY//zghMxBzP3PRi7C RA3F3gECgYEA8C4GlJGuvp4Eq/exfMWl8VOh3T3xcme87wczi4R4iKbralnY+CmR ORDky+YvSV3w9M2ftfDbTa9ILen5rIbap+H0FrKzNkefNbEnIX8ihdeq5oVLVrCJ EpZfgx0jfEDkbFVURBRDgtSuuDaFcy7EBczv4JC31b4iSppyba+FXMECgYEA2O7d 5x21odLh2e7cFvh+/KKNurKtdjIO2nXzuRDcqzQZEgN3YpVoUZRhfnERQQ1Hp6UP TwB2x+t0uoSWCTMDtGVXZl5199sUksUeU48Xn4gs//Squek6mAFtkJ1whuNfggtu UyIq1qFn/zhogAp64zVKYCW4zRqkTrQ7/djb+i0CgYBdrBW06/yTK133E+uNFija Lhv7BaWdUQhG0TAxQcEgyrkWCWStpMiW0RfqziOzIYhQccHQW9esPKiR/6b4ur+c qmtgTuHGUbiuYCE61zLHsI1eyq3PaZqMPUmTAVJNq6Fq/vyWcLDD3d8myVzSx3J8 MKl9k/Oe0UDeh84JKWOCAQKBgQCCnbB2i+jk+riKI8vY+N5c9vMnSpYu6I0Q9Jw+ /ewgGUpPEk87yIH7PMBHBYVCCeDvC+9fvgPG8/pgo5xDBbhhUfOB67ZT+lE03gMY hLvQjompw4NYVRm2lIWH4YPzc8v53TAcViI9AQpBHZGuJqE/VMLniU7wD+6GhPbq LTymMQKBgA5ST+G30w51sFRJJULSfB2kXCeRs6dDDuLwZWLXAtBfyUHypx+OcLzR 49YBt8cE/IM6UvvMGCavucU9FOgfk3JQEg9uHd7ky3z5vc8g9XZ7f/cURbix2lPZ mhYZPLA+/xQdxIk/zOs8MV/QLja/YetW7kc657iRMnlbKBjgTeCT -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/ades/time-slide/keys/interm.key.pem000066400000000000000000000032131453642760600262070ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAqUQg3xjXPS0Q+tNAcZ0GXf+sMfhVyxgBdeh6QowJmDdxIZZB fzSHH4Xjk1B603jHK0YZKsZ6XwdXVPKWhYKA6/vIgRmDJuFFB+/8p4W13TBC6H8m 8hmha9+ZYHV3G7Fmk8mPn0LgjZeGoKlCsiqxd5XMDwGwQZr1EwkvsQkZJkwXa4s7 mIqvdapC3ydw2bo1iJtK8BIf7ATcCOWKRdLcQEwg42RrIo9HOio4ngfx1K3EkuoK VbqiVPHqI9G8QtlmwySnlLmbXr8l5MBbGfNyEO3gcFuhtTSGOTJu9/1UIDu5lYi9 Mnhry2bqfgrQhLueE+BMuOtHUbWsET6mTNRHNQIDAQABAoIBAGcOoezzlOkcbUAq KwyBjITizBbImoPDI/CEERw/YwAYkXrfnxUyCCs7O6pPz9i9qpZAYcZXfd4p/BQu d1LmeFQ1wohH3kBn273PckcU8/uuDK697BpvXIbvZtUB7/kec9P7XsSa1VmgLknX hFIyCEdFHy7r2kK3dAuZBj6FyZg0snkPQcsNgocZGA9b6xqC/T0V0b504csmpz26 0SeP2NuBa1vDk8AnY5FXWWuBm4QV9U6qoE3dJG7gkNE2OvybksCPSEGnVXuFHEjB kCacMMQRUEnY0kuy7ZXb21z9bwCBNDgauR+kw8d2Uv2deb0cLxyEMHGaBAMivBvP r7KHw6kCgYEA0UDjHVnfU15iZyAWv6xNG/6grAPhN7KjtJ/1U8Gje5TvikO9aF2u YO78jb3wZAAARItXUoMArivdKG13OddvRtPBgJljaAYdNIM4mbfyQ8sm4FtzVOtE fwL9oMJgEnNH1iwSPSXh30nZ7uC44xSXgaFe/2ix19qNLPmer5xt/T8CgYEAzxRi ENwQcs+/c+lVBDuKR7F0XDKHakH5RKMxU6q8s0uPdaBdbPa4qXfM3LubC0XauNSR jpe0kAlhir5uPjCAd+gWBGu0SUUJAZnMEGxiD+YeVCvk7KO3vcJx0vBVDdmNrmjk a1L01oQuNPv5fAr6f1JkeffWpg5Lfh0UXFnkuosCgYAFNFXxvvB9BFXyNqwaLFDm p1ibrqUFW54Suf/CC4jjY/rpN3IYjGvv4UHKzLST6CQZkFWlqbh0nIatoLtcZu1P l6iyaB4+0hgb3D+mIxsVcJIQ9nVR4WAcwJhKTUtSaieZPhNeDfkmMpIHDPPMQhDa mobgV1xFAByOx86Yk41wxQKBgD2qWDmlDtDhxKWDymlkQZ1v3rLF6UVfOBeUcU/0 /BR4X9QrWSblob/1iPACff0xZBy+UEoiKwbphD6IztN+JgOO/V97o0heYnwzjG0n mVwartVp7NX7OvArQzIJl4p0Spixa7P6FCb9XbUxg+3IZygbJQidITJ590kq57FI o7BZAoGAI+JNLXIinUrFMhQYWxi4h0IDyI6nhVpazu2+Q6tnfHRKItP2e6X6W3Xs 7FqDqpHgr0b29m9fLXwGK5eZMtqZ26zrr2uNgKNsUhh9XeDq0F/KECh1aTdpUDeq /X1Ytv9OsTKyxpzXzP+Pj641jrgSgGCAaGIy9F2c4DkeFuHynOM= -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/ades/time-slide/keys/root.key.pem000066400000000000000000000032171453642760600257000ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEArTPIQsHETFLdmvvlp79EJ9FFGhsHEocqPev1xyRvCCbbkOi5 VDc+cWtkYtfX8TJn6XRX6VBH5a3/cw/qWIyQbwP+wtwMN5DftqTnJILdtGEdrFb8 1TKIofoCfUAvBJk1K/SrIV6BZi03eeqU5/7zVaaBnC8ZrXu2NDK0h1V+Co8Cb054 b+Q6YcDq4Rw81M7jHu7Iocnmx7XoJ11bMQb1Ikcd9xrM3otC10UiaroKX5Hdf88I lUIHjPYZ/ChSH4GStcePcrS8saS9byMja76C5G8Lgsp4o3Ccdi2H1sShxp1Y02X4 X2eEotHVM61a+5TOjP+16DzvX2YPFT/q83N0WwIDAQABAoIBAG8fXOmvpcCOHc20 tWhFZ3XgZuRT2NrDS4/E1sA4mN/zBkXXeigU9YQRMavU7Z+7Bj4avdhcAHTUiKMK 4ACF1pjTSF0+jrwLv+xPqlibeaCj+kS63qXuMQky/OvdBQ1/OkUESdMz7fNfKUuX /IdH5FjcZiWNdnz+dSzSJ074w9ADWHIjEg9ixmw0xU2QbulOgJabuwuri20kVyuO cDrl1zW10e7iiog85HHEIFwTXfen+wb0QgH/mt1/BS+3ch0dmP0i8Dx6wZMqh7P9 RQU6N/947jwgHMP3HV4SDcHLSznIB+G/veaFotL0IDKHbhdQIZTGfIUJXIx5RTTD 4XTF9hkCgYEA2Eg/GNtOwtlQILGpkBLvEgq9dlttQYjBeSBnXbNhI5NHMuYq0piF xki+Io3zonLKMJ5LZCMLYesJm+WMGVLZ2d0F7NSfvngI1nApa70Nsux3EeZrcFTs u88vWJCCXR8++x21iUk1M0SHxdXfPc89l+a3C30XYTD3MTEgkdN3ChcCgYEAzQJI ZwYV1JH/jE6AIil472YIBQXBB+YI6Dx2V3H7XDzE7G6IKU7VuxrvZA1i/ODKzPSD tBeCrhnUdqTOwb/Ba7CRL/a935tYiOJRQb8fM0Kyy0cO33cPBsbjOeZRMNdyhVKF 8eg2qCMPuEYLVdumQQl2wNbKcEUbgxgd+Icxxl0CgYEAyp3EHrE1c+zJ2BcYVtSm CyzsmXjFPeOz/JmSvIFTu1Q6G0DtVSV2DXAQT6bUW5dWO33P+xupii36boX5Xa/0 Ttl0t43pqTIidWHWLAyMTNaiJa7LcAzfSoKqRDn9JugixHXsn5RptoG5AGmAHhOM DEYjrSufP3nz2a3AaVzF5DkCgYEAqpVvsWn62DnzrcfUDpj7rBf2LFexWuUqHDPT NMf/I6zdHu6KFfUnGt06vMH2z/wsQ4Zh4IR/lGahx2czMzxfsT/mT0a8j0cv0Bah Dlf9miWxqDukQIVM15K+l/rxK/bZr94O3k8ey6EA/5Ao9nQiTpOVYLhZEjouvlJe /eFgpXECgYAviXclHhkyJ4movlUrbwlkE5/ezS90jM/1Y0iinCxEfjzN+p0YmlGR rbtAahdSHVr5YeB2d5aBDWhFv4GJifhZPUR2Gy5Zqgnl0UQWyVSWx8wFDe36Cjku eDS/6nCP0f3M3ZHbRA/Xm0mBnc9uI4yD9bTG1ly2KE9Tpu+gggYEFA== -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/ades/time-slide/root-2020-10-01.crl000066400000000000000000000010471453642760600251510ustar00rootroot000000000000000‚#0‚ 0  *†H†÷  0U1 0 UXX10U Testing Authority10U Time-Slide Test10U Root CA20200922000000Z20201002000000Z0 |0z0 Uõ0U#0€½÷ÿHýXóÜÔ¡^6a ?0JUÿ@0> < :†8http://ca.example.com/time-slide-ca/crls/root/latest.crl0  *†H†÷  ‚ª2Û š«DÛûÿK.ÊžúÉÙ&lÔŽŽ• tEätÕÕÚ‚óÿ‡_‰¿µ ŠuÓ¾ÄÙþÕPiTt¡Ž.¨É;ú3]½äÚ¼ê’ámlb`Gz¦)Õoß}E·¯žrÅÉa‡Ð#;€7É"ô¦³‹`ãJKßÜíûGHS×(>,±Êw;;ëQ8á°·€$# T¡¹Ëæ1š²mâ÷Ý;f‹žq$ͳÅkjàL˜S§f€_47‡s©åða$mh×ûGf%?VH SLÊ8aËRF9˜ÿ"´¯>ÝÁt8j¹róA¸X:6üüßýl¦g|GÎÆÝcertvalidator-0.26.3/tests/fixtures/ades/time-slide/root-2020-11-29.crl000066400000000000000000000010471453642760600251640ustar00rootroot000000000000000‚#0‚ 0  *†H†÷  0U1 0 UXX10U Testing Authority10U Time-Slide Test10U Root CA20201121000000Z20201201000000Z0 |0z0 Uû0U#0€½÷ÿHýXóÜÔ¡^6a ?0JUÿ@0> < :†8http://ca.example.com/time-slide-ca/crls/root/latest.crl0  *†H†÷  ‚)úOš-ÐYp¿ž‘+Sð¸ <@b§§Üfú³¦_ì„F¾¹¤š_u= ÃöR×@‰â©Ît4=g"—Þ1A}Ð3>vÿù™Ýç±Ýå„b‹€<ñ–èû£^è›è¢Ë¾Ž€: .vpNš‡¶R¼tåý#àÑ–."ý¥}bÁý_颗6ÐQoßJIÙSyÙ¦”"k¶”©bZ½TÑlB€(òXLç Ï–¾^_”–ŸôÜÍÚ¾ep3””ÜX¸û|hZ£&Úƒ¼v§ ¤Šˆ+›©nÊÿŠ¼Eê#FÜÁIÈ­¤¼Â¯O$TI«Ä¾—¦¯certvalidator-0.26.3/tests/fixtures/ades/time-slide/root-2020-12-10.crl000066400000000000000000000011141453642760600251460ustar00rootroot000000000000000‚H0‚00  *†H†÷  0U1 0 UXX10U Testing Authority10U Time-Slide Test10U Root CA20201201000000Z20201211000000Z0%0#20201201000000Z0 0 U  |0z0 Uü0U#0€½÷ÿHýXóÜÔ¡^6a ?0JUÿ@0> < :†8http://ca.example.com/time-slide-ca/crls/root/latest.crl0  *†H†÷  ‚Xt‚c 1LFRâ£5oáw½Þùƒw z’ÑdÛÇáÁ­Oÿc¤#w-ÌCÊŠÁaE5‚Áä™cä÷ǸÅÆÄÈÏôž³&ò¿÷m±È›wg—¯¥†"àƒÈ_ž›¶«'Ñö¥øÕbŸ†Ô¶wô$Ç뮵]œÚCmã-0Râ93]E9&rnrÛ¡ŽW$zDa·bþñhV/ B­ª“}(1àê¡ |ÑÕª©Ñ(ëâóÔ.Ù·ÇØZ5’ )y¼v­Ö ÀnS6t®$–|Æ”ÛI£M'h*]ælïè°3)ßhÑй9ð×°‘*ù Ù¶míH‰·certvalidator-0.26.3/tests/fixtures/alexa_top_1000.csv000066400000000000000000000240761453642760600226370ustar00rootroot00000000000000google.com facebook.com youtube.com baidu.com yahoo.com amazon.com wikipedia.org login.qq.com twitter.com taobao.com google.co.in login.live.com linkedin.com weibo.com bing.com google.co.jp ebay.com yandex.ru vk.com tmall.com www.hao123.com instagram.com google.de msn.com amazon.co.jp t.co google.co.uk pinterest.com onclickads.net mail.ru reddit.com google.fr wordpress.com google.ru www.ask.com blogspot.com google.com.br paypal.com www.aliexpress.com tumblr.com apple.com imgur.com microsoft.com google.it google.es www.imdb.com netflix.com amazon.de disney.com ok.ru google.ca stackoverflow.com google.com.mx amazon.co.uk amazon.in google.com.hk www.rakuten.co.jp www.diply.com craigslist.org blogger.com google.com.tr espn.go.com www.cnn.com www.outbrain.com www.jd.com flipkart.com adnetworkperformance.com google.co.id google.co.kr popads.net bbc.co.uk dropbox.com google.pl github.com ebay.de google.com.au cntv.cn kat.cr www.pixnet.net ebay.co.uk www.directrev.com terraclicks.com nytimes.com dailymotion.com www.alipay.com tradeadexchange.com sogou.com adobe.com bbc.com wikia.com 163.com amazon.cn coccoc.com www.dailymail.co.uk www.indiatimes.com english.china.com booking.com google.com.tw chase.com google.com.eg office.com www.huffingtonpost.com google.com.sa www.buzzfeed.com www.walmart.com detail.tmall.com google.com.ar login.microsoftonline.com www.snapdeal.com amazon.fr aws.amazon.com whatsapp.com adcash.com etsy.com twitch.tv www.theguardian.com slideshare.net google.com.pk bankofamerica.com yelp.com stackexchange.com www.aol.com www.cnet.com target.com indeed.com flickr.com amazon.it reimageplus.com quora.com forbes.com www.weather.com soundcloud.com douban.com vice.com google.nl www.ettoday.net matome.naver.jp adf.ly bestbuy.com google.co.ve google.co.za wellsfargo.com adplxmd.com zillow.com google.gr leboncoin.fr www.ikea.com avito.ru godaddy.com vimeo.com salesforce.com about.com mozilla.org google.com.ua foxnews.com www.nih.gov livejournal.com popcash.net theladbible.com tripadvisor.com files.wordpress.com washingtonpost.com deviantart.com www.wikihow.com www.w3schools.com taboola.com www.zhihu.com 9gag.com gfycat.com feedly.com detik.com nametests.com google.com.co mediafire.com themeforest.net onet.pl www.espncricinfo.com wordpress.org steamcommunity.com americanexpress.com www.comcast.net amazon.es www.pixiv.net mystart.com telegraph.co.uk www.homedepot.com shutterstock.com businessinsider.com wix.com www.steampowered.com secureserver.net google.ro archive.org www.bilibili.com google.se office365.com www.usps.com google.com.sg groupon.com nfl.com google.com.ng wikimedia.org www.ups.com web.de flirchi.com rambler.ru ebay-kleinanzeigen.de www.skype.com www.ndtv.com weebly.com www.orange.fr www.avg.com addthis.com google.com.ph user.gamer.com.tw github.io smzdm.com google.be hulu.com hdfcbank.com gmx.net www.mercadolivre.com.br www.speedtest.net paytm.com media.tumblr.com mailchimp.com ebay.in xfinity.com www.ifeng.com www.usatoday.com uptodown.com www.webmd.com goodreads.com xuite.net hp.com google.pt gmail.com bet365.com amazon.ca www.fedex.com blogfa.com blog.jp liveadexchanger.com www.t-online.de www.babytree.com google.com.pe spiegel.de google.ae pandora.com hootsuite.com seznam.cz stumbleupon.com answers.com www.capitalone.com www.thesaurus.com gameforge.com www.icicibank.com abs-cbnnews.com www.fbcdn.net www.macys.com bloomberg.com www.ign.com kaskus.co.id jabong.com spotify.com 1688.com www.samsung.com www.bild.de 2ch.net wsj.com www.dell.com badoo.com google.ch www.kohls.com liputan6.com www.onlinesbi.com www.engadget.com www.accuweather.com mega.nz www.dmm.com att.com chaoshi.tmall.com rediff.com tistory.com slickdeals.net google.cl reuters.com www.styletv.com.cn adidas.tmall.com google.az icloud.com www.1905.com zendesk.com life.com.tw google.cz haosou.com trello.com www.newegg.com www.reference.com sberbank.ru plarium.com watsons.tmall.com battle.net ebay.it verizonwireless.com www.sahibinden.com eksisozluk.com kickstarter.com evernote.com liveinternet.ru cnnic.cn vid.me google.hu www.gap.com all2lnk.com www.elpais.com bleacherreport.com list.tmall.com shopclues.com google.co.il www.trackingclick.net oracle.com infusionsoft.com ijreview.com googleadservices.com likes.com ask.fm ebay.com.au scribd.com exoclick.com ppomppu.co.kr slack.com onedio.com thefreedictionary.com pinimg.com yandex.ua www.nordstrom.com kinogo.co www.lady8844.com uploaded.net hurriyet.com.tr www.hm.com rt.com www.retailmenot.com www.blogimg.jp taleo.net kinopoisk.ru list-manage.com 4shared.com cbssports.com youradexchange.com goal.com citi.com nba.com google.ie google.dz lifehacker.com www.ce.cn savefrom.net ewt.cc quikr.com fiverr.com meetup.com www.ameba.jp www.eastday.com www.lowes.com allrecipes.com buzzfil.net rdsa2012.com google.fi olx.in 4dsply.com gizmodo.com surveymonkey.com free.fr teepr.com www.independent.co.uk disqus.com 1111.tmall.com time.com www.asos.com mobile.de neobux.com albawabhnews.com www.costco.com xda-developers.com souq.com xe.com www.chip.de java.com gmarket.co.kr zippyshare.com nbcnews.com urdupoint.com gamefaqs.com medium.com subscene.com www.21cn.com www.theverge.com goodgamestudios.com google.co.th www.hupu.com techcrunch.com wunderground.com www.lenovo.com google.sk www.naukri.com intuit.com ancestry.com www.chinaz.com bestadbid.com siteadvisor.com www.autohome.com.cn unblocked.la www.gearbest.com lemonde.fr www.hatena.ne.jp www.expedia.com youboy.com shopify.com playstation.com blackboard.com doubleclick.net www.hotels.com beeg.com suning.com www.mercadolibre.com.ar www.11st.co.kr google.com.vn www.mercadolibre.com.ve nike.com nifty.com sh.st www.people.com google.dk instructables.com realtor.com www.jimdo.com www.kijiji.ca 6pm.com www.mirror.co.uk npr.org subito.it www.douyutv.com olx.pl discovercard.com www.blogspot.jp zulily.com issuu.com sabq.org seesaa.net glassdoor.com box.com airbnb.com kooora.com www.xunlei.com www.taringa.net www.overstock.com ebay.fr www.verizon.com clien.net rottentomatoes.com timeanddate.com lazada.co.id bukalapak.com onclicktop.com megapopads.com www.mi.com lefigaro.fr kayak.com focus.de youdao.com codecanyon.net vcommission.com www.sears.com www.so-net.ne.jp instructure.com cityadspix.com bhaskar.com www.yodobashi.com freepik.com okcupid.com duckduckgo.com wayfair.com squarespace.com www.k618.cn fidelity.com woot.com foodnetwork.com www.gmanetwork.com wetransfer.com www.latimes.com moneycontrol.com www.japanpost.jp tmz.com www.urbandictionary.com zomato.com yandex.com.tr hespress.com udemy.com r10.net cookpad.com google.com.my airtel.in goo.gl www.microsoftstore.com www.slate.com asus.com interia.pl pof.com southwest.com popped.biz billdesk.com mixi.jp change.org researchgate.net www.eonline.com asana.com trulia.com www.bhphotovideo.com wonderlandads.com www.wired.com www.makemytrip.com agoda.com shareasale.com academia.edu cdiscount.com constantcontact.com php.net askmebazaar.com abcnews.go.com fanli.com tokopedia.com cnbc.com food.com statcounter.com ensonhaber.com pch.com clickadu.com www.momoshop.com.tw bomb01.com www.blogspot.mx domaintools.com superuser.com swagbucks.com aweber.com www.staples.com jcpenney.com www.xbox.com buy.tmall.com twoo.com www.pcmag.com www.abril.com.br www.asahi.com gigazine.net cbc.ca chron.com videodownloadconverter.com custhelp.com yandex.kz hostgator.com houzz.com eventbrite.com nypost.com upwork.com zoho.com bitly.com sciencedirect.com www.mercadolibre.com.mx zappos.com patch.com www.cbsnews.com appledaily.com.tw gamespot.com olx.ua giphy.com faithtap.com norton.com www.eastmoney.com howtogeek.com popsugar.com www.yallakora.com theatlantic.com gemius.pl b5m.com www.babycenter.com commentcamarche.net vetogate.com www.netshoes.com.br www.exblog.jp weblio.jp www.zara.com leagueoflegends.com www.jrj.com.cn egou.com messenger.com www.58.com voc.com.cn www.ticketmaster.com semrush.com histats.com clixsense.com wp.com www.315che.com behance.net www.state.gov jumia.com.ng zing.vn www.lequipe.fr www.chinaso.com pureadexchange.com toysrus.com bodybuilding.com mayoclinic.org mit.edu www.intoday.in www.nhk.or.jp gutefrage.net cbs.com usaa.com coursera.org www.adp.com rightmove.co.uk www.ibm.com wikiwiki.jp mynet.com to8to.com saramin.co.kr gismeteo.ru www.ew.com marketwatch.com mackeeper.com backpage.com wiktionary.org europa.eu zone-telechargement.com vk.me www.cloudsrvtrk.com nydailynews.com thesportbible.com google.co.nz myfitnesspal.com milanuncios.com www.nhl.com www.qvc.com www.redirectvoluum.com www.acfun.tv gyazo.com indianexpress.com www.delta.com www.mobile01.com slimspots.com primewire.ag techradar.com informer.com www.sbnation.com www.yoka.com atlassian.net uniqlo.com ebates.com sephora.com www.bookmyshow.com www.india.com www.blogspot.com.tr disq.us google.no google.bg olx.com.br androidcentral.com www.dianping.com www.webex.com ted.com tsite.jp t-mobile.com fanduel.com infoseek.co.jp ehow.com www.gov.uk quizlet.com yadi.sk almasryalyoum.com shareba.com usbank.com www.yenisafak.com www.netteller.com genius.com india-mmm.net lapatilla.com cisco.com gawker.com android.com www.cracked.com tinyurl.com hubspot.com tomshardware.com drom.ru www.as.com clarin.com www.etao.com lifebuzz.com ampclicks.com getpocket.com mega.co.nz prezi.com www.thehindu.com www.welt.de mysmartprice.com dreamstime.com gamepedia.com www.argos.co.uk agar.io cnblogs.com google.by www.allocine.fr www.tribunnews.com united.com tutorialspoint.com 123rf.com adme.ru www.audible.com google.rs sfgate.com www.sky.com www.intel.com www.rakuten.ne.jp nbcsports.com rarbg.to google.lk www.tesco.com ebay.ca priceline.com roblox.com breitbart.com thedailybeast.com vodlocker.com www.banggood.com usmagazine.com www.digitaltrends.com kotaku.com www.masrawy.com www.fandango.com deezer.com www.mapquest.com www.2chblog.jp coupons.com 4pda.ru elfagr.org facenama.com tagged.com prntscr.com carview.co.jp thisav.com dafont.com google.com.kw walgreens.com ultimate-guitar.com ccm.net xing.com www.sammydress.com vine.co whitepages.com digg.com otto.de haberturk.com weather.gov www.bedbathandbeyond.com www.mackolik.com google.hr www.blogspot.ru www.match.com bt.com n11.com news.com.au vente-privee.com alwafd.org nairaland.com www.abs-cbn.com hdzog.com basecamp.com shutterfly.comcertvalidator-0.26.3/tests/fixtures/attribute-certs/000077500000000000000000000000001453642760600226165ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/000077500000000000000000000000001453642760600242565ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/aa/000077500000000000000000000000001453642760600246375ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/aa/alice-norev-targeted.attr.crt000066400000000000000000000015241453642760600323250ustar00rootroot000000000000000‚P0‚80X V0P¤N0L1 0 UXX1$0"U Testing Attribute Authority10U People Root CA K0I¤G0E1 0 UXX1$0"U Testing Attribute Authority10U Leaf AA0  *†H†÷  0"20100101000000Z20300101000000Z0b06UH1/0¡alice@example.com0¡alice2@example.com0(+ 100 Employees Team FooBar0ð0U#0€é—ÿF‡fô‚xXýû4Ô}L0 U80ÁU7ÿ¶0³0° `¤^0\1 0 UXX1$0"U Testing Attribute Authority10U Validators10U Validator¡L¤J0H1 0 UXX1$0"U Testing Attribute Authority10U Validators0  *†H†÷  ‚g˜³1¯Ú{ŒT­:齂ëºwÉ—ÆRÓs€#Ü~O(T¿ÑŠHþÄÐ<èÍàÈÐmI‰ÂÌÏHí°³3y<ØV¯ØyVLtûÌg†+¹ö©Ãƒ= ‘ ”5$rËìÊÔÆ-QxŒïBa›mB ߪeã™Ù–¶’¸mÚ‡2>´oŠ)<=zÇÁÝj±ñNù O#ìy¾äv°gïHMTVë'§6bûwQ—&!üåDeÜÔ8&Œ‹~›óp‘4†Üp,d…Ô`S)T÷툷Þ:ω|,Ydƒ»Ò# e»ðÐ0< : 8†6http://localhost:9000/basic-aa/crls/role-aa/latest.crl0G+;0907+0†+http://localhost:9000/basic-aa/ocsp/role-aa0  *†H†÷  ‚œûÐy6ÖqEœVÄÉÁqeœ~|:‡·pàt)0f•2€H“ñãþ- »Kh(Õë¼í=ÎÚÓëÈ/!ÂS+Àˆ »!5H?Ÿ‹¯/˜°”(Qâ…²iÃÌΉϨü˜øô¹û¦æy15ÅB_A‰1c ๠èuuO F½íNu Š‹„í:üfë&ÐY¦¼ñeJc"Ï2èM¦ -ÅK2Õâöðm±eO¯EãKõ„Ì*ñ-pb›U¢”þÞ÷ò@™éH;ÖU¹(*Õ|`½ì·^D7Á4Þ‰TXþêç†)/žÉkù€Ñ:¹z_ÎÌ›—( 9¬Ò3certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/aa/badsig.attr.crt000066400000000000000000000012171453642760600275540ustar00rootroot000000000000000‚‹0‚s0X V0P¤N0L1 0 UXX1$0"U Testing Attribute Authority10U People Root CA K0I¤G0E1 0 UXX1$0"U Testing Attribute Authority10U Leaf AA0  *†H†÷  0"20100101000000Z20300101000000Z0b06UH1/0¡alice@example.com0¡alice2@example.com0(+ 100 Employees Team FooBar0,0U#0€é—ÿF‡fô‚xXýû4Ô}L0 U80  *†H†÷  ‚fåô˜FÔSmÐð,þ%-J³Qò6hk«Tç}»¥^±Yþ2ƒ·ò+=ù|ϱË V·Öóm(T—úÄï¨JâûE4žkéPëô¨óø‰çZpˆwå†û¯yËë†È—ö‡qœÒïe÷êæ †_öŒȺ@S¡ÊóêákÑlbJ“¢¬ë±Û-ØØŠiw^ÂVÃÏÉ@ŽZÃ4¢™tþé'=³½ÐWö–A4‰1;Ôÿ¹†FPæHE8MËó6zd`€]{Ý&gKÒx(­ë—ôYìp»t!ž"t³µÓHQy‘ TÉê}³ÎûFšZ.Ö$òšýÔ½³certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/alice-all-good.ors000066400000000000000000000030201453642760600275470ustar00rootroot000000000000000‚  ‚0‚ +0‚ò0‚î0­¢é—ÿF‡fô‚xXýû4Ô}L20191212000000Z000W0  `†He ´îyÁ\ÚÁï9&Wœvu[#ùÚ+]XÞ{±ýJ v‘JìàfóL¹·}vÞò'ôì©=:v½›ÞóùI€20191212000000Z 20191212001000Z0  *†H†÷  ‚ÍvÔ}–ÎRªHl*Ë `ÚyqÓl‹!k ƒý—ƒ»7P@ÀŠÌ ¨ˆ˸Ôw—Þ’à½.Ûn¢[6ïçYL°]‚rÖ¹ÒUœsÁ§M(rsZ/Æä¢Bì5Ô‰+ºªÿÞMïVMâ’[¬ ’_SºxÚ}Ýb5ÙýÕRíÝ>«°üC ’ar„™ß•çfŒ‚þKkBÍ+T¿n×3ÚÎeŠiïg†]x¯^º§œkX¿Â̵¸1@Iáµ{äüÐF3~4+µDiÿëKæ6û]ÏŽ/¶öÅ$éãJÍúlºšþë5S;‘¥{žöØš¯ØÉÕ`ð´3Mocë ‚&0‚"0‚0‚ 0  *†H†÷  0P1 0 UXX1$0"U Testing Attribute Authority10U Intermediate AA CA0  000101000000Z21000101000000Z0E1 0 UXX1$0"U Testing Attribute Authority10U Leaf AA0‚"0  *†H†÷ ‚0‚ ‚×9I]+ct†¹‹:$öÇ’PÑíÛ1!䃳¥*ùSÓ—$¸€®˜ |ËåïŒù#… ~ုV-lnfŸNc¶þB–Þå–²¥Õé{àF ,!] _ªŠLú¾x¯!–íæáÕw®^ŸKÿM!m•&î¡ÑâÌþ˜Pd¥6—UzW˜ê!›y´“Ö¹÷G»tQëÿ]häŸû1²”Ê[PÁÓ=ë ~ᕇÖìÃm ‘g˜xeˆ¿¦£X˜é±‹5 ûé r¦Ü*oÃIU:Kò9(Š¥‡fû„öõ‡òl\Ê2ep)IÂ9Ý8NóšN³Ûô¨£‚ 0‚0Ué—ÿF‡fô‚xXýû4Ô}L0U#0€0ô=σÉvÃÚyh²mìâihÏU0Uÿ‚0FU?0=0; 9 7†5http://localhost:9000/basic-aa/crls/interm/latest.crl0N+B0@0>+0†2http://localhost:9000/basic-aa/certs/interm/ca.crt0+ÿ 0  UH0  *†H†÷  ‚:Jæà&•¡mZw) Õ(eËðþ,–zi$$ó‘ê[ì[—Øó;qvø§£‹Æ©`‘õz]%Ø‚¦éSšÂÎY¸¿-Ê°âcû äá7›‹.¬”òȽdÉßmëI-{¢Ú:%©PÒu/°fÁ‰¢;£è–W÷cÈ«iÿX^Éi¹ òI’ùŧe?H“yXýyH6:ÓñÓÊ; %0[Žý‚áy±” îtŽ³¾îïÚØpj%.›Ù=oy…¯õgA»@^ôœ§Å3®uÇËeÅ>š aÃ+¢ÅbÈö®}×þö«Ü€áÚœ»†´*¦¦™Yigªé´·4Q_SÜg†ÓÃ3%certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/alice-revoked.ors000066400000000000000000000030471453642760600275210ustar00rootroot000000000000000‚#  ‚0‚ +0‚ 0‚0Ä¢é—ÿF‡fô‚xXýû4Ô}L20211212000000Z0˜0•0W0  `†He ´îyÁ\ÚÁï9&Wœvu[#ùÚ+]XÞ{±ýJ v‘JìàfóL¹·}vÞò'ôì©=:v½›ÞóùI¡20201201000000Z  20211212000000Z 20211212001000Z0  *†H†÷  ‚¢§úÖÂø˜©ŠÀM5 M0DŒ(ò¾£l¡Yôö'ÊÑ0 Z‘deǃaBéœ9EÉvб‘Ö‚G[ QòÚêùÏ“ýa fÅÿBId§‚ó`ðgÆ<¿©7W³Tñ üSë ²p-zWT“oi´”vˆ±!ÔcÒ“Ì ÚÊžÿãÁu¨ƒ'x ¤©Q9„ˤÄ;àœrZK·Ï¢Ü œâ’ÆcšÝ?,?1VÌ#XDâ÷dÊHÑÏC[«œëàÞ¿¢¶¥âRh>¬áš°êVeeÙSÚSA»ÀSW8k©CKJe‡$>øm­½üÚÏó„–ºV$õÇ¡\ÁÛ_ ‚&0‚"0‚0‚ 0  *†H†÷  0P1 0 UXX1$0"U Testing Attribute Authority10U Intermediate AA CA0  000101000000Z21000101000000Z0E1 0 UXX1$0"U Testing Attribute Authority10U Leaf AA0‚"0  *†H†÷ ‚0‚ ‚×9I]+ct†¹‹:$öÇ’PÑíÛ1!䃳¥*ùSÓ—$¸€®˜ |ËåïŒù#… ~ုV-lnfŸNc¶þB–Þå–²¥Õé{àF ,!] _ªŠLú¾x¯!–íæáÕw®^ŸKÿM!m•&î¡ÑâÌþ˜Pd¥6—UzW˜ê!›y´“Ö¹÷G»tQëÿ]häŸû1²”Ê[PÁÓ=ë ~ᕇÖìÃm ‘g˜xeˆ¿¦£X˜é±‹5 ûé r¦Ü*oÃIU:Kò9(Š¥‡fû„öõ‡òl\Ê2ep)IÂ9Ý8NóšN³Ûô¨£‚ 0‚0Ué—ÿF‡fô‚xXýû4Ô}L0U#0€0ô=σÉvÃÚyh²mìâihÏU0Uÿ‚0FU?0=0; 9 7†5http://localhost:9000/basic-aa/crls/interm/latest.crl0N+B0@0>+0†2http://localhost:9000/basic-aa/certs/interm/ca.crt0+ÿ 0  UH0  *†H†÷  ‚:Jæà&•¡mZw) Õ(eËðþ,–zi$$ó‘ê[ì[—Øó;qvø§£‹Æ©`‘õz]%Ø‚¦éSšÂÎY¸¿-Ê°âcû äá7›‹.¬”òȽdÉßmëI-{¢Ú:%©PÒu/°fÁ‰¢;£è–W÷cÈ«iÿX^Éi¹ òI’ùŧe?H“yXýyH6:ÓñÓÊ; %0[Žý‚áy±” îtŽ³¾îïÚØpj%.›Ù=oy…¯õgA»@^ôœ§Å3®uÇËeÅ>š aÃ+¢ÅbÈö®}×þö«Ü€áÚœ»†´*¦¦™Yigªé´·4Q_SÜg†ÓÃ3%certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/inbetween/000077500000000000000000000000001453642760600262365ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/inbetween/interm-pathlen-violation.crt000066400000000000000000000017611453642760600337060ustar00rootroot000000000000000‚í0‚Õ 0  *†H†÷  0Z1 0 UXX1$0"U Testing Attribute Authority1%0#U Inbetween Intermediate AA CA0  000101000000Z21000101000000Z0P1 0 UXX1$0"U Testing Attribute Authority10U Intermediate AA CA0‚"0  *†H†÷ ‚0‚ ‚©D ß×=-úÓ@q]ÿ¬1øUËuèzBŒ ˜7q!–A4‡…ã“PzÓxÇ+F*Æz_WTò–…‚€ëûȃ&áEïü§…µÝ0Bè&ò¡kß™`uw±f“ÉŸBà—† ©B²*±w•Ì°Ašõ /± &Lk‹;˜Š¯uªBß'pÙº5ˆ›JðìÜåŠEÒÜ@L ãdk"G:*8žñÔ­Ä’ê Uº¢Tñê#ѼBÙfÃ$§”¹›^¿%äÀ[óríàp[¡µ4†92n÷ýT ;¹•ˆ½2xkËfê~ Є»žàL¸ëGQµ¬>¦LÔG5£Ä0Á0U0ô=σÉvÃÚyh²mìâihÏU0U#0€e¾U(1Ñ]Qb§S’qjŒ ã0+ÿ 0 UH0Uÿ0ÿ0Uÿ†0DU=0;09 7 5†3http://localhost:9000/basic-aa/crls/root/latest.crl0  *†H†÷  ‚†úþE1ÄÊì>n ¡R"ÐJÎ(<αÝs JŽ[•ÕÐ .èPÓ `Ïûæõî ¹ï'÷ך­­‚õ6€µ $A #?õ¬LÄËd³z¤IÀ¸Ô%ÛGýcª¾L“Ábh í Ɉ+»=ëñÒýÓÀ¥^õ1:2øY|¡·ÒØ™Xù-Û—ã‡[RÌât0ÐC æë>êBŽøgWc¨‚ÉCÍ;Ø/>ÌíȈ¤9°&aîbìŒdz͹¿%p!h %»¡¿!Ê7Ó8\Æ™'–÷Fãþ–¿|Ê¥¬Ô.åª|D¿3×T PSki?Ñ&8þ$t 40d#êHcertvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/interm/000077500000000000000000000000001453642760600255545ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/interm/aa-unrestricted.crt000066400000000000000000000015511453642760600313620ustar00rootroot000000000000000‚e0‚M 0  *†H†÷  0P1 0 UXX1$0"U Testing Attribute Authority10U Intermediate AA CA0  000101000000Z21000101000000Z0E1 0 UXX1$0"U Testing Attribute Authority10U Leaf AA0‚"0  *†H†÷ ‚0‚ ‚×9I]+ct†¹‹:$öÇ’PÑíÛ1!䃳¥*ùSÓ—$¸€®˜ |ËåïŒù#… ~ုV-lnfŸNc¶þB–Þå–²¥Õé{àF ,!] _ªŠLú¾x¯!–íæáÕw®^ŸKÿM!m•&î¡ÑâÌþ˜Pd¥6—UzW˜ê!›y´“Ö¹÷G»tQëÿ]häŸû1²”Ê[PÁÓ=ë ~ᕇÖìÃm ‘g˜xeˆ¿¦£X˜é±‹5 ûé r¦Ü*oÃIU:Kò9(Š¥‡fû„öõ‡òl\Ê2ep)IÂ9Ý8NóšN³Ûô¨£R0P0Ué—ÿF‡fô‚xXýû4Ô}L0U#0€0ô=σÉvÃÚyh²mìâihÏU0Uÿ‚0  *†H†÷  ‚¤EHä´Õêü»ŠH?L°E8|¬¾ài–t%GÌ]T[}ZyÓïg¿Ñ«$m´o>ºÈÑýPaüÈr…’#[Pÿ0IJ•V÷=¦!ÂC°>õçõÞß'”Ùç!Tf÷å•(m<¡º%â+ß[+n›«Õ¢ wúSîEŠé,»(ÙêáZæÖ>éx_ŸT;J"´øQ ¶¿¯‹ŸX«';Á¬šxô§,­Ñ=«nÌäØÄ£û¦ƒøÔËYˆú©RUm¢B* b°»”cETÚ:—†÷5*‡ÿµU”×â肋›o3¨)-m7˜²•*\?&æ®òxð°„,Àwcertvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/interm/role-aa.crt000066400000000000000000000020421453642760600276040ustar00rootroot000000000000000‚0‚ 0  *†H†÷  0P1 0 UXX1$0"U Testing Attribute Authority10U Intermediate AA CA0  000101000000Z21000101000000Z0E1 0 UXX1$0"U Testing Attribute Authority10U Leaf AA0‚"0  *†H†÷ ‚0‚ ‚×9I]+ct†¹‹:$öÇ’PÑíÛ1!䃳¥*ùSÓ—$¸€®˜ |ËåïŒù#… ~ုV-lnfŸNc¶þB–Þå–²¥Õé{àF ,!] _ªŠLú¾x¯!–íæáÕw®^ŸKÿM!m•&î¡ÑâÌþ˜Pd¥6—UzW˜ê!›y´“Ö¹÷G»tQëÿ]häŸû1²”Ê[PÁÓ=ë ~ᕇÖìÃm ‘g˜xeˆ¿¦£X˜é±‹5 ûé r¦Ü*oÃIU:Kò9(Š¥‡fû„öõ‡òl\Ê2ep)IÂ9Ý8NóšN³Ûô¨£‚ 0‚0Ué—ÿF‡fô‚xXýû4Ô}L0U#0€0ô=σÉvÃÚyh²mìâihÏU0Uÿ‚0FU?0=0; 9 7†5http://localhost:9000/basic-aa/crls/interm/latest.crl0N+B0@0>+0†2http://localhost:9000/basic-aa/certs/interm/ca.crt0+ÿ 0  UH0  *†H†÷  ‚:Jæà&•¡mZw) Õ(eËðþ,–zi$$ó‘ê[ì[—Øó;qvø§£‹Æ©`‘õz]%Ø‚¦éSšÂÎY¸¿-Ê°âcû äá7›‹.¬”òȽdÉßmëI-{¢Ú:%©PÒu/°fÁ‰¢;£è–W÷cÈ«iÿX^Éi¹ òI’ùŧe?H“yXýyH6:ÓñÓÊ; %0[Žý‚áy±” îtŽ³¾îïÚØpj%.›Ù=oy…¯õgA»@^ôœ§Å3®uÇËeÅ>š aÃ+¢ÅbÈö®}×þö«Ü€áÚœ»†´*¦¦™Yigªé´·4Q_SÜg†ÓÃ3%certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/people-ca/000077500000000000000000000000001453642760600261235ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/people-ca/alice.crt000066400000000000000000000015641453642760600277200ustar00rootroot000000000000000‚p0‚X 0  *†H†÷  0L1 0 UXX1$0"U Testing Attribute Authority10U People Root CA0  000101000000Z21000101000000Z0T1 0 UXX1$0"U Testing Attribute Authority10 U People10 U Alice0‚"0  *†H†÷ ‚0‚ ‚º¿åŸ/-| hbÑOúÒMiÊN>Y–DW_%·ÈñÑ#ÀG?pWuº½FG={ad«‘f< üˆÿÍ'a ¬uœuZáô5«ƒ×Kó"†Jªß¾×U|LŸx[ZƒãûÕEñ$Ú*½15›Ø1jÔŽè¹hYüצ–N¡•Ö ›ÿk%Œåx£àµ*}@‡éЛÕĺ·3kã†8;½ÖÉÄvÂÀ; >ßRÆà„—m›åpP¤T×xlé-Ùvªë@»ã¥hsª„}6ùæƒ8,úMFî=msœ, d¦`Ü|‰ÄÇŸ_þLëÕiÜ™þôáA„ÏØLzÙ£R0P0UZDÔ[]ˆ{ðësx—6²ÀÙ¨0U#0€ÔqFIíºûgü¾ð˜gÎÇf„£0Uÿ€0  *†H†÷  ‚GÐ&•ØÈò¿ÅUVHñŒR¦·~Š„Œ¿uÒ’ ‹À¢‰Ð¡g(Žö¨‚€û•:{×|â™ãqAG0}®+‚#¸5Ž=š%Š^ãî%{ŒvŒ tó’vÉ+fWFnѦ¬dLuÇU~¹ð ÆTj"Gx5Uâ¬Úüwð4àgA–b¨øÉPv5†ë]+9Û²Ušÿï¥ar©R—qk;Á‘_“V¸Þû©Ê\ùΡ·ÀîBù.þ9L'„äX?Â#Êô}E‡À……î²}ãšÂì&Aé SÛŽïQg||6Ú®?½7laÜqÇí7Íö%»%úòX\•Áccertvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/people-ca/bob.crt000066400000000000000000000015621453642760600274030ustar00rootroot000000000000000‚n0‚V 0  *†H†÷  0L1 0 UXX1$0"U Testing Attribute Authority10U People Root CA0  000101000000Z21000101000000Z0R1 0 UXX1$0"U Testing Attribute Authority10 U People1 0 U Bob0‚"0  *†H†÷ ‚0‚ ‚Þ =qx‚Z<è™q즶Ë1»ÃÚjÏ‚û‘]t+TîÇ°_Âàé]ì¯;ˆ§ÊêÍO„pö‹V%Lª°QÉh`8BBÂ@xOþÓöd5$»}J30 :ºÌ}Amu…09ÕjÜÌcæï8A—£„’«À·p3hõÙO 7ñNˆÁƒ©ª7Pÿ÷;Q^]¨§â\÷½U‘à»'š%ÚóÌy¤ ½q°êÁ½ðÓš“-lë$™@ ªR§W·i·î¥–sÒ@„K-ätØš.A Ïæ«"5’Dw¶§¯kŠ¹ÆDýï÷ø`zÑ ôóÆ+ëò({7Òå£R0P0UýkÞXRÁ$ÈЗ©¥â±dÅ&€0U#0€ÔqFIíºûgü¾ð˜gÎÇf„£0Uÿ€0  *†H†÷  ‚_ Ô…±p©IÖãf?øºè(·:­ 5ãIgŽNÉ_﬈¦7‰9ÜóüØ8íý¸Ðª‘yfB!)Õ1÷…»7)´7Ûh÷É‘ÈK뮂:«­“mK<ð™ÙÝÒèêgçÊH®òý§Ázê€(³UÔ*PЀVÏæ×퉛“CtùsSŽšÛaðk~œX²'Es.fy…F I«û3ôÄ1ƒ'¼€.-Yqoþ¹;8›ÈØb¡tžL¶Ú«\¡ý|ªŠüQwæ"ǃÈr–îíÙãýÍ!V] Vå;á ІÿãË+z¼bQ½x¤¢—ùDðº.ü:certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/people-ca/people-ca.crt000066400000000000000000000015751453642760600305120ustar00rootroot000000000000000‚y0‚a 0  *†H†÷  0L1 0 UXX1$0"U Testing Attribute Authority10U People Root CA0  000101000000Z25000101000000Z0L1 0 UXX1$0"U Testing Attribute Authority10U People Root CA0‚"0  *†H†÷ ‚0‚ ‚Ë†ðˆ ²:!kh6ööèAízž®üß“êðÁ@=Ï¢¶oB¨ZcqÇÑ‚â<%õõ@Ü=8Ѫ‘Êmú‹¤A(Š* }’ž›ÝìMFš@5s½ß"éš“_aÒ¹Kû€íÄ­Ì<Š¬(<øDÕ“îÀ냾ÝÓtÎ Cš ®â¾A?Ý^‡rŸ”»U6¤-ÒÑþÉëÞÅåÜ+Í ¯ƒ¹'Ó„ Üì£ Â ¶þêÂs!a§ÇƒY¡®—KÏ„ƒÖæCïWÎ8­¦>c·RN#TñÂ#`é9!{¡ý^ì-™Â~µÈzª®^;ÑŒ{™´ ÆH Çí£c0a0UÔqFIíºûgü¾ð˜gÎÇf„£0U#0€ÔqFIíºûgü¾ð˜gÎÇf„£0Uÿ0ÿ0Uÿ†0  *†H†÷  ‚¥…‘Â-_w;h?^g½^…¼Xûv"HEå%Í3ožó˜`Ô¥öQL¨tTÄ\”â’h¯t(˜×@gÔE^–+ù€ºº¢5átîÈïw£:ºI¢©x¡ætxÈŠó‡å[Xm–­t ž©ÕV€ Úß81ûfT3¸Ò)ªx˜•X)¯NDÑÐþ[¹ÛÑÉ!‘È=u…eK×Ö"~ÌzdeeIèw ?Ý4™™Ã[Ec—¬fµçá¶u¾^G0*»}OîAGeŸ£4-ª™·ðº5J<Þdµ>ýä6üQ}ÝŠäãhÚÃÂZÐ÷à¼ûª·>-%!·Î&´certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/role-aa-all-good.crl000066400000000000000000000010271453642760600277740ustar00rootroot000000000000000‚0ü0  *†H†÷  0E1 0 UXX1$0"U Testing Attribute Authority10U Leaf AA20191117000000Z20191217000000Z0 }0{0 Uò0U#0€é—ÿF‡fô‚xXýû4Ô}L0KUÿA0? : 8†6http://localhost:9000/basic-aa/crls/role-aa/latest.crl…ÿ0  *†H†÷  ‚ï*6e2ãO‰Õï‚tÝ $Ãö ¹˜ó¢ Ε^ÆêÈʗĵÈ\ZfªVO!NÎ>‹ÌÀ§ZÙ˜íJ³P]^ùö/4!ª”ýí” ùÅçßá‰Δõxñ–oÕãìµ2jÒî¯âµ|>ÓINÙôýÄ֪âbWqáɔɋÙôñÀdˆÔG¤CÞÛb»w¦ %^ßKcertvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/role-aa-some-revoked.crl000066400000000000000000000010751453642760600307010ustar00rootroot000000000000000‚90‚!0  *†H†÷  0E1 0 UXX1$0"U Testing Attribute Authority10U Leaf AA20211206000000Z20220105000000Z0%0#20201201000000Z0 0 U  }0{0 U 0U#0€é—ÿF‡fô‚xXýû4Ô}L0KUÿA0? : 8†6http://localhost:9000/basic-aa/crls/role-aa/latest.crl…ÿ0  *†H†÷  ‚Î X´Þ‰Ä1”é÷ôˆ†|Ô~f_!(0™½‹_­Aé.zË8¾j¹q¹<<~y¯aŒWŒ^.ÐöúI) 4£0 @ÌÐ úOéðRq¢è8>y^DÞÅÌH’ 7.̬ÖÓ&…ØóWáK´ò‡‡b1鞉I^ŽXå(ª”ëþPžÀg¾´ƒ:hÄm*<ìèE·¦’] 7$¼‹z ÕC`|ed–"GTE©_‰+lS/T,BŽô[qh©-É·°×SžÆ¯å+¶Rìü’€(ÌRn‚"HQ¿ðßgJèl/;áœÓNôNŸ¦>5‡certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/root/000077500000000000000000000000001453642760600252415ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/root/inbetween-aa.crt000066400000000000000000000017541453642760600303210ustar00rootroot000000000000000‚è0‚Р0  *†H†÷  0H1 0 UXX1$0"U Testing Attribute Authority10U Root AA CA0  000101000000Z21000101000000Z0Z1 0 UXX1$0"U Testing Attribute Authority1%0#U Inbetween Intermediate AA CA0‚"0  *†H†÷ ‚0‚ ‚Ö¨ä7{ùšR›…ÄZþ)ÐyÄ‹¥N/†¿o#ÉKæ¸\³7þbÇ»a‡»ñžì0X'7& 0~à ³ÎŠ^²¯r§”Ÿ=ÄÒ8X=¶52¡kûœÀä…eâf¼Ó4| ã°TÚ¯Kµj0 à ø߉øgÁk[ÞŒüü£°¢mè蝹N.Ò½7–‘ðɘžî‹úilN%R˜è¯¾ÄÊ¥¸³òËä2L÷q`˜•CLZ/§Fà`”ó(…™ÅtGwžr’šãy¥þ2óÔ›¡È<Ñ „'`µL®gÉËøCV+êU\Þ¦I{æ3nç¤û¾†RØiC 2å£Ç0Ä0Ue¾U(1Ñ]Qb§S’qjŒ ã0U#0€½÷ÿHýXóÜÔ¡^6a ?0+ÿ 0  UH0Uÿ0ÿ0Uÿ†0DU=0;09 7 5†3http://localhost:9000/basic-aa/crls/root/latest.crl0  *†H†÷  ‚ œ‡µÇ0Ï Ù‘‚¾™4-ä_Av¾wöxZ—ÍÕ 4g’­01*6§5›5$ÆE™NÍç1W‚ª˜Çè¯åè…ÌÎ#C²n€þO²ëö&{þª7D¯#±ý;ƘYì¡cÖ&õaºwo:›ÙY§¬©-ÊjÏ‹4lŽ`xÌù9ݨ>sxMñç:ã…m’/ͱ߱wòÝl(´’Ð4t¤t'¿;)#Sâ/Á_•£Nw·‘• $wðŒ`Km‚u‡¦'[ÒϼsÐEÐ_Þºˆ^(¿nefîåu¼ãg·ä‚Ds+ ÉhOp±èÓñL´—¶À.÷m–Ó‰¥&8certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/root/interm-role.crt000066400000000000000000000017421453642760600302140ustar00rootroot000000000000000‚Þ0‚Æ 0  *†H†÷  0H1 0 UXX1$0"U Testing Attribute Authority10U Root AA CA0  000101000000Z21000101000000Z0P1 0 UXX1$0"U Testing Attribute Authority10U Intermediate AA CA0‚"0  *†H†÷ ‚0‚ ‚©D ß×=-úÓ@q]ÿ¬1øUËuèzBŒ ˜7q!–A4‡…ã“PzÓxÇ+F*Æz_WTò–…‚€ëûȃ&áEïü§…µÝ0Bè&ò¡kß™`uw±f“ÉŸBà—† ©B²*±w•Ì°Ašõ /± &Lk‹;˜Š¯uªBß'pÙº5ˆ›JðìÜåŠEÒÜ@L ãdk"G:*8žñÔ­Ä’ê Uº¢Tñê#ѼBÙfÃ$§”¹›^¿%äÀ[óríàp[¡µ4†92n÷ýT ;¹•ˆ½2xkËfê~ Є»žàL¸ëGQµ¬>¦LÔG5£Ç0Ä0U0ô=σÉvÃÚyh²mìâihÏU0U#0€½÷ÿHýXóÜÔ¡^6a ?0+ÿ 0  UH0Uÿ0ÿ0Uÿ†0DU=0;09 7 5†3http://localhost:9000/basic-aa/crls/root/latest.crl0  *†H†÷  ‚U¢þ2rÛ—àóßù6ƒ•Y†%¿u,ÉŽæ €ý{ÀH¡ÿ-23ÔFúâYãaÊRÆã²ò¦6‡iÈ7‡/F%–]Y„F²÷ö•e »¼×Gº,Á–·³Í$U0' ƒ÷Æ‚<4ù[.Ú=;žxbi×Öæ^Ànƒ—õ©ê²åè¤_+²T×D¼n}[ïi ëækƒ]!j\¤jʧždfv²ß‹€ý©Báùi;&f’Wˆ{PÓÀ’æðtM)ÇP>D‹4SÍÕÿQŠ^cïÔ4çy@ÖÓ}´ÑëÂy'ÿ*#Bï{½[%t’Òþ¶äá±%certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/root/interm-unrestricted.crt000066400000000000000000000017051453642760600317650ustar00rootroot000000000000000‚Á0‚© 0  *†H†÷  0H1 0 UXX1$0"U Testing Attribute Authority10U Root AA CA0  000101000000Z21000101000000Z0P1 0 UXX1$0"U Testing Attribute Authority10U Intermediate AA CA0‚"0  *†H†÷ ‚0‚ ‚©D ß×=-úÓ@q]ÿ¬1øUËuèzBŒ ˜7q!–A4‡…ã“PzÓxÇ+F*Æz_WTò–…‚€ëûȃ&áEïü§…µÝ0Bè&ò¡kß™`uw±f“ÉŸBà—† ©B²*±w•Ì°Ašõ /± &Lk‹;˜Š¯uªBß'pÙº5ˆ›JðìÜåŠEÒÜ@L ãdk"G:*8žñÔ­Ä’ê Uº¢Tñê#ѼBÙfÃ$§”¹›^¿%äÀ[óríàp[¡µ4†92n÷ýT ;¹•ˆ½2xkËfê~ Є»žàL¸ëGQµ¬>¦LÔG5£ª0§0U0ô=σÉvÃÚyh²mìâihÏU0U#0€½÷ÿHýXóÜÔ¡^6a ?0Uÿ0ÿ0Uÿ†0DU=0;09 7 5†3http://localhost:9000/basic-aa/crls/root/latest.crl0  *†H†÷  ‚ r=G<þ2=K\›ºàÞ;Z‰ZˆdM{§° kõNݾâ)ÛW]üí•×D¾Oíwà¤òÛ¦Ô,’Mô)¹b¶Úþ\é…‰g„>xW+I';¦T X(쇉¢¤|¦°Iô‰nñ~ Á×w= ZŠiu#Ú{˜´ŽJìîM²dCÍ<œ «k±JJ"Bv{¯N€6±bdÁïßß mHpKçηšj°œŽº{¸Sul]Q)°ŒV‘Ïë7ýàTêá­Hyÿ—"0ˆ€Ø©µ0ãDèÓxRŽí<þ½ÍTMÚø>RòÒ{'gæÎó²sí•#(žÅ¸õ¡Œèæ.certvalidator-0.26.3/tests/fixtures/attribute-certs/basic-aa/root/root.crt000066400000000000000000000015651453642760600267450ustar00rootroot000000000000000‚q0‚Y 0  *†H†÷  0H1 0 UXX1$0"U Testing Attribute Authority10U Root AA CA0  000101000000Z25000101000000Z0H1 0 UXX1$0"U Testing Attribute Authority10U Root AA CA0‚"0  *†H†÷ ‚0‚ ‚­3ÈBÁÄLRÝšû姿D'ÑE‡*=ëõÇ$o&Ûè¹T7>qkdb××ñ2gétWéPGå­ÿsêXŒoþÂÜ 7߶¤ç$‚Ý´a¬VüÕ2ˆ¡ú}@/™5+ô«!^f-7yê”çþóU¦œ/­{¶42´‡U~ oNxoä:aÀêá<ÔÎãîÈ¡Éæǵè'][1õ"G÷ÌÞ‹B×E"jº _‘ÝÏ•BŒöü(R’µÇr´¼±¤½o##k¾‚äo ‚Êx£pœv-‡ÖÄ¡ÆXÓeø_g„¢ÑÕ3­Zû”ÎŒÿµè<ï_f?êóst[£c0a0U½÷ÿHýXóÜÔ¡^6a ?0U#0€½÷ÿHýXóÜÔ¡^6a ?0Uÿ0ÿ0Uÿ†0  *†H†÷  ‚­ò×/‚qÍ™3MJ5£† ¯×ÜñY¼™£ék¾K£þ¤¶¯ü*¾ŠÝcëÒpÏ ªX Q %K³?ï21U³\ç0<‚Ÿì´epÙØ>`_¡Q#£åæ„£ x_7뽦ò¬²ÿiç{†%VBåaË°±=ÞñyÖ:∧&| õy”ñ3VŠ0©@)¹Ä•ñO0ëºLYäU³`ƒs{%4h‘MÊîHTô1Ô*Èñ…S.$¹—ÊF :èÊ-RëƒvôáÐŽÝDŠÌ7,7(‡ü÷ßâ(Qö~jC¤­œƒ*9"£;Ü%Èò žvj‰všÊò³\3M<certvalidator-0.26.3/tests/fixtures/attribute-certs/certomancer.yml000066400000000000000000000202411453642760600256420ustar00rootroot00000000000000external-url-prefix: "http://localhost:9000" keysets: testing-aa: path-prefix: keys keys: root: path: root.key.pem interm: path: interm.key.pem inbetween: path: inbetween.key.pem aa: path: aa.key.pem people-ca: path: people-ca.key.pem alice: path: alice.key.pem bob: path: bob.key.pem pki-architectures: basic-aa: keyset: testing-aa entity-defaults: country-name: XX organization-name: Testing Attribute Authority entities: root: common-name: Root AA CA inbetween: common-name: Inbetween Intermediate AA CA interm: common-name: Intermediate AA CA aa: common-name: Leaf AA people-ca: common-name: People Root CA alice: organizational-unit-name: People common-name: Alice bob: organizational-unit-name: People common-name: Bob validator: common-name: Validator organizational-unit-name: Validators validator-group: organizational-unit-name: Validators certs: root: subject: root issuer: root validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2500-01-01T00:00:00+0000" extensions: - id: basic_constraints critical: true value: ca: true - id: key_usage critical: true smart-value: schema: key-usage params: [digital_signature, key_cert_sign, crl_sign] people-ca: template: root subject: people-ca issuer: people-ca alice: subject: alice issuer: people-ca validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2100-01-01T00:00:00+0000" extensions: - id: key_usage critical: true smart-value: schema: key-usage params: [digital_signature] bob: template: alice subject: bob interm-unrestricted: subject: interm issuer: root validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2100-01-01T00:00:00+0000" extensions: - id: basic_constraints critical: true value: ca: true - id: key_usage critical: true smart-value: schema: key-usage params: [digital_signature, key_cert_sign, crl_sign] - id: crl_distribution_points smart-value: schema: crl-dist-url params: {crl-repo-names: [root]} inbetween-aa: template: interm-unrestricted subject: inbetween extensions: - id: aa_controls critical: true value: path-len-constraint: 0 permitted-attrs: ['role'] interm-pathlen-violation: template: interm-unrestricted subject: interm issuer: inbetween issuer-cert: inbetween-aa extensions: - id: aa_controls critical: true value: permitted-attrs: ['role'] interm-role: template: interm-unrestricted subject: interm extensions: - id: aa_controls critical: true value: path-len-constraint: 0 permitted-attrs: ['role'] role-aa: subject: aa issuer: interm issuer-cert: interm-role validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2100-01-01T00:00:00+0000" extensions: - id: key_usage critical: true smart-value: schema: key-usage params: [digital_signature, crl_sign] - id: crl_distribution_points smart-value: schema: crl-dist-url params: {crl-repo-names: [interm]} - id: authority_information_access smart-value: schema: aia-urls params: ca-issuer-links: - repo: interm include-repo-authority: true - id: aa_controls critical: true value: permitted-attrs: ['role'] permit-unspecified: false aa-unrestricted: subject: aa issuer: interm issuer-cert: interm-unrestricted validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2100-01-01T00:00:00+0000" extensions: - id: key_usage critical: true smart-value: schema: key-usage params: [digital_signature, crl_sign] attr-certs: alice-role-with-rev: holder: name: alice issuer: aa issuer-cert: role-aa attributes: - id: role smart-value: schema: role-syntax params: name: {type: email, value: bigboss@example.com} validity: valid-from: "2010-01-01T00:00:00+0000" valid-to: "2030-01-01T00:00:00+0000" extensions: - id: crl_distribution_points smart-value: schema: crl-dist-url params: crl-repo-names: [role-aa] - id: authority_information_access smart-value: schema: aia-urls params: ocsp-responder-names: [role-aa] revocation: revoked-since: "2020-12-01T00:00:00+0000" reason: key_compromise alice-role-norev: holder: name: alice issuer: aa issuer-cert: role-aa attributes: - id: role multivalued: true smart-value: schema: role-syntax params: - name: {type: email, value: alice@example.com} - name: {type: email, value: alice2@example.com} - id: group smart-value: schema: ietf-attribute params: - "Employees" - "Team FooBar" validity: valid-from: "2010-01-01T00:00:00+0000" valid-to: "2030-01-01T00:00:00+0000" extensions: - id: no_rev_avail alice-norev-targeted: holder: name: alice issuer: aa issuer-cert: aa-unrestricted attributes: - id: role multivalued: true smart-value: schema: role-syntax params: - name: {type: email, value: alice@example.com} - name: {type: email, value: alice2@example.com} - id: group smart-value: schema: ietf-attribute params: - "Employees" - "Team FooBar" validity: valid-from: "2010-01-01T00:00:00+0000" valid-to: "2030-01-01T00:00:00+0000" extensions: - id: no_rev_avail - id: target_information critical: true smart-value: schema: ac-targets params: - {type: directory_name, value: validator} - {type: directory_name, is-group: true, value: validator-group} services: ocsp: role-aa: for-issuer: aa issuer-cert: role-aa responder-cert: role-aa signing-key: aa is-aa-responder: true crl-repo: root: for-issuer: root signing-key: root simulated-update-schedule: "P90D" interm: for-issuer: interm signing-key: interm issuer-cert: interm-role simulated-update-schedule: "P30D" role-aa: for-issuer: aa signing-key: aa issuer-cert: role-aa simulated-update-schedule: "P30D" crl-type: ac-only cert-repo: root: for-issuer: root publish-issued-certs: yes interm: for-issuer: interm issuer-cert: interm-role publish-issued-certs: no certvalidator-0.26.3/tests/fixtures/attribute-certs/keys/000077500000000000000000000000001453642760600235715ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/attribute-certs/keys/aa.key.pem000066400000000000000000000032131453642760600254430ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA1zlJXStjdIa5izok9seSUNHt2zEh5IOQsw+lKvlT0xYclyS4 E4CumAp8ywHl74z5I4UEoH7hgK8fVi1sbmafF05jto/+QgOW3o8e5ZaypdXpe+BG ICwhXQmBXxyqikz6vnivIZbt5uHVf3euXp9LHf9NIYFtlSbuodHij8z+gZhQZKUT NpdVelceDpjqIZt5ErST1rn3R7t0Uev/XQNo5B0Qn/sxspTKFB2BW1DB0z3rfwp+ 4ZWHwweW7MNtCpFnmHhliL+mo1iY6bGLNRQL++kLcqbcKm/DSVU6S/I5KIoZpYdm +4T29YfybFzKMmVwKUnCOd04TvOaTrPb9AWojQIDAQABAoIBAA6Y7xXnpHY50QnV Zr5qKM1cf7J3MaJLHhxW+k/g20Oc41GJBwcjmjPrui0Wst69hARZuEeec3MD7a8t o4YVZcLx6SdvusIFdk0gDetqfjFrQcvKGVeDRrwFsgWebx60O+mBS/eOQhJ/zLg5 iNUYHsMpFrUoDyOnoVXOY3x3XeeyKiEuSqUX77APICsXPrybCT+jnq7+A9Xho5E5 s7pp43siXvkTL5PSin2Hgb4eSGXkp9gKEuo0ce47MUNxkYpGR/DicQHjUvAOKATI ED3U1I/TyTDvCFRXyXz5xYTYArjLDkvB2bp7Cq29hJeckcIR84SAhpuDToKezXaR z9gi/00CgYEA7tz3whqlmacwrmEvWtuBHF1nuQ975ZpEBhhfepwNZtcNrcbwzSSp N8Xf6QVPpSrYj0YhvZ6He6UfCJrqVuM5mLjQ5v43UeuA4qzhjlJ/7IQTIuic8rYo ONqskIC7xxf96VFS6tN9plRfQHiSq/8ePCStOC4JCzcS1GMJj+0ARQsCgYEA5qom ngftFM5StkYRKiZEaczrvAvLlaDxCmyeQoPvRpXLP2cOKAYcC/AE2bmyLhko2Gjy Qqgqx0El698TQZZzJvspX06PMcuIsLZUGrllRv8Z3eaT1N84+sB7tl8F3LzgyZgZ NzLeh7NnkTts+Bg57EnzYgRYwOFvT30DfAFUF8cCgYB0APSCXBaYrM3DoocxBPGL KQG6qn5tX6Ixo5ybGzaW/1IxVzCTMH7OC1dW/7FScaCC1HiGcnsx3VtY/oNYdzn9 paQuyr9rFYiejX9tczuVTf9NMNMoPLcEBY9RDnQjmM9DhK9URCn9oXQxB12UEm5I nzdQ1Wqm+7Q1WXPHZj5/SQKBgQCbYyJSsTo4GunDWp4zi8XolCB19Gg4K0xV3mga nPBy13QtCQqTUdJRBGbwGVV8EnzelIwm9UykIDIgnI1HUMfQCcCMMMrsG5XAnYM4 4Y3lbvKI9sy9yYaD/WkZqRe05RR1Gd5avg0E04nAX4z/8KoMkKDBdfYoMXWf0bKo NejlfwKBgDlQY0X3oGyh8wHW852oEX8rE7tZ99n1SdQjVaRvOijzjv56haJ9tSvZ eQ6/s9/I6jhM5WKHgUUGwZ83aSsj7BqxwMbgO0+s/QOyb37ZN+YirbiPcSiyrIuz G2bdGb4ejY671K/6FaR+TRM+EhnU8pxpXl7Jh43nEV2rniqSBos2 -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/attribute-certs/keys/alice.key.pem000066400000000000000000000032131453642760600261370ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAur/lny8tfApoYtFP+tJNacpOPlkOlkRXXyW3yPHRI8BHPxtw VwB1ur1GRz17gWFkHquRZjwfCRP8iP/NJ2EJrHWcdVrhAPQ1B6uD10vzIoZKqt++ 11V8HUyfeFtag+P71R5F8STaKhS9MTWb2DFq1I7ouWhZ/Nemlk6hldYKm/9rJRCM 5Xij4AiPtSp9QIfp0JvVxLoQtxIza+OGODu91snEdsLAOyA+31IQxuDChJdtm+Vw UKQeVNd4bOktBwQA2Qd2qutAu+OlaHOqhH02+eYdgzgs+k0HRu49bXOcLAlkGaYY YNx8icTHn1/+GUzrB9UeadyZ/vThQYTP2Ex62QIDAQABAoIBAHk+n2EjKx+uTili BdAte48khnoaLctHoYYnodO3k/XnHxqMwPnrVYQg4KDd/PJ5/Zuf/i1m+StWq41y ropTiQlL7oGOuCh7ZHaPV3CPYdJXZ+DalTeOy57mIV7tyK16dgTeu8AdEftiLZbm XEEXjGlmQxgk9M+gXwqVEHmMVqUCKm5vivVU6QYyYv4qyf0XiyhMdFs2MrynOn2N qdEMW588p5HHqsO/xU7YRxZG5HxIzix7y70SKe+lq6WHXPCpKdFoH/QeB5eNZHLp f+G8UUvSPcl18u57VherbdALsphcrcv4uQaLUv4Jes1ZWgHpA8TAyr//Zibubuna WrX9sjUCgYEA2zF1lEu0Pq5VJ2fm5Z0A9wmLVkdFfm3WrVmN/4Mml63tJAd4MryZ 3y+ZHbEpmjuxkePK2SDc89/hOfzMWkxYWrx8Qku/f3856AwW6HiBoCxCvcV6iXdK 35ZGG4pzYesQFqP/bPMtIw8QtW82MGaPPupyG+AE5rrR8XTsmWBYs9MCgYEA2hvF tF+NKSwGUinW8yVWg2Y946Z5IFUrbbALzXt17Y1Ljkex0XeaQ6hM7ArFenC1OrtA L9o6iLInK0eoLsPNlelRn6VqLDbpSXSPtrjf1yHAv9V+8Ya8si+cGKX9VGhWuKQp hkfIylxGT7JhJeNJ5Z9umdIntT/oyAD0k3umZyMCgYEAum+8IbGuku33UfgnRcAg NP8yO+WNL3c/dNzKUb180uDF5rJPw1/1xQcYRlANIbmKVJubSsmQBgKz8H2cV2W+ dRcC3eTN8iUF3OCDj6IIJ3PeJMnWaxxDXB/Wa9B8SZoFaix9sm64QqyqupfoUIy7 ZHlHK3yEzreyoJyiLebsK68CgYBWiCgy/KnTiNzlIiZehxTAwwKQ3A44TrIRLYQx POc3nRQ52aXpterlJtOF3mwkvKyaJYo8sfcBHrU9jYtjKlnZPR0eGpF6Azsg4nbW BpkAECsZsMlRZ6RbiVoDyW8tWsv1K2QyGy7FYkCfA+VZE8jQqiVGL8ODPFzNZNuj 263UQwKBgEXtI1kpfEGMp6EVO2v7Fh2cH50dQWxlSMpflz2VPY/2Trcm2aGrvCvf AObSlgx1Yh1nUu/pHJyAVLFnCyTuxYG+NSPcnUyvATginEtjgASdkcFouKUBdH5V gMHjwfe/P5gdoCgrhPx2w7GAuwT8Y4i5X8RbETPlY0a3ej51o8FD -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/attribute-certs/keys/bob.key.pem000066400000000000000000000032171453642760600256300ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA3gs9cXiCWjzomXEU7BfCFQGmtssxHbvD2mrPgvuRXXQrHlTu x7BfwuDpXewGrzuIp8rqzU+EcPaLViVMqrBRyWhgOEJCwkB4T/7T9mQ1JLt9Shgz MAk6nbrMfUFtdYUIAzA5D9UVatwXzGPm7zhBlw+jhJKrwLdwM2j12U8KN/FOiMEV gxCpBKo3UP/3O1ESXl0cqKfiXPe9VZHguxYnmiXa88x5pAu9EXEDsOrBvRrw05qT Ai1s6xQkmUAMqlKnV7dpkLfupZZzCNJAhEst5HTYmi5BCs8V5qsiNZJEd7anr2se irmBxkT97/f4YI160Qn088Yr6wbyBih7NxHS5QIDAQABAoIBAQCXKKG4iKh80/Ao 3UG4A+h9MnWTBTq3miaXn5UK/0WTkEz2Ri2Txa87VK+p388hJe8/AzXbdSGdYUmz 6IqLvKLA8Qxn4DvgT9FX7AvSNZ+0FOsTMOxP7Eh6LjudnZftpBWzTfXaoF4HNDQD UZNaETsdomjYDJ1eAcMhTHfpaxRyxc/hbQ0LQZ2AkrSAKt3yKKd0iLar/jDTm+xV ivXHKgd8QH+L8wYkaDFGNb3QniV9LQWZFKR+6lyPCimxjcVzo53kTmAYwsbte+Ct zOe3MshUmH9y5FQ1yHLC2l3PSGcYEGMxpT604govbgOyOXob+OKthD5ZpY/jESan WONEgxVVAoGBAPHlMV3BY4OGDBuf+UsbNkTI+oJMHtV2bSc5C+lZE2EBapf5hB+j HjHf9W55+e3xmbgsOjPBJ/HOH0xVhaSsjbe3H6Oh7Nd2e1wnfn4G7hRx5hUVMGVH sTYAUhzJM8rI1bwwUikdfubTcquX6k/2n4xAr+5FCS7cXaza85TO+xmLAoGBAOr9 uQFvqlSbqvX4g3Gwjg7wJE9uTQmzLSe4sq46h2ZUMngmIn3qSK6QzU8MbCojYn7n QBHW9h4cEBoKaKbEpy0DPpLuzja8VIInUNMcrnvf6EgfOtXbbjQFyRAcBNWdRwaa PcntIr2Y9TmeHPQSfQWcbMFxZ8ykbwryyC9JwvNPAoGBAJ6lOHlK6l9KPQqpIrDV igQW4+Us01QgtXnx+hPyrbkDWsuNg8/UBWukfK0WJoqd17lomEt1NSNrki9YL6xO 1ytUWNXSzyiItmM8K8Ov+9lA0iull/X0zQ6jqzbh5qvqh/NCpb/9bkspBp3vpmcH UqCDlF7qvBkVwgIqH3LLRPf9AoGBAMygxrK+d1eX+saYcnXU5c+SRDw687DHq0GU r1vSscdk+FHx+0Ukd8gzZeU5DxOeno2deAhQ5R8RFuBmQf0+78jds2alt0Kouvpf nB1KM5LBRvdO4qAJpax9gTma/Ia7n3bbZ4ToD8GEab6TtejAFMiHD5lf1KC6a8vf 4Hx1QeM3AoGAGVyG0jTe7P5D7/RupaeY7rjTxXc9r6OL+BF2Z2NI3jtgUmDOonMd NzMQQcEbGO0qCc3ZZUCoBUnAAK6lAVfRBxxJAhA3NdPO2TFcpjDS5kVcxKGIr5jW g+T2EqCbIeMKkZFVBbrRBEb5XLKpNA1o2+pcuT2WU+y/xVbo/Q7M13Q= -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/attribute-certs/keys/inbetween.key.pem000066400000000000000000000032171453642760600270460ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA1qjkN3v5mlIPm4XEWv4p0HnEi6VOL4a/b50jyUvmuFyzN/5i x7thHocRu/Ge7DBYJzcmoDB+4Amzzopesq9yp5SfPcQBAdI4WD22NTKhawj7AZzA 5IVl4ma80zQTfA3jsFTar0uNtWowoOAM+N+J+GfBa1vejPz8o7CibejvqrVOkC7S vTeWkfDJmJ7ukIv6aWxOJQRSmOivvsTKpbiz8svkMkz3H3FgmJVDTFovp0bgYJSd GhHzKIWZF8V0R3eecgCSmuN5pf4y89Sbocg80QwShBgnYI21TK5nyQjL+ENWK+pV XN4DB6YTDkl75jNu56QZ+76GFFLYgWlDDDID5QIDAQABAoIBABShuQWoMc5mUr+0 9LF2OliiS4TMh55DykSVCup/FBbmOgeIuL/Pv77qZob06zxyTRa/00OURa2M4S5Z 2E4+VLvMqh2KqDoflXDNxaSJUEB0ZYO7KEMOm0NOcpmuKK1EvHynOzmb/mvQYAom XrjQ63bnqgyCkPpmGnY1NPdxaw+yHjwrqrynnZmIEB1d2UZrNqF9o20OB8gV4AOF b3+upHh2+8eAnMXITOSj/ECgsmVGPwcokDY9T05KAdGlg+yMrSocBPvAabVzOsL7 m5tOE91ZryXLrpU3SogNJJYljxNUnzeaeV3P+2+Pen4UVNagK6XL0AXjah7aehH0 WK/ODoECgYEA/ir6fcoTEKGQZRqVxSo7oWuHamnlHZDaUV1yGs/X6GMFBicaksUR h29z8gfYpvWH8KowGD69mpWY6Cs2LNeu6E6mUtsF7wUjrRtlkovdSnjBdS9iP/vF QDPiN53cpQMRP6/oLAMNm2NmCPCzm1N/lSPHMZ2BYZI70u16Zml4n4UCgYEA2DUB +x6IiAF1qZCxENdmIR81hoMZe74kt6c1OJbBnfUomZV7x3YWv2V8zjcD3rFQN4zK 4SlMj7MuXPkaske6VgerFLg1bhqJUBF6rPSF/JGyBtD/sXd7sjUjTB4+G0xX0kdu WZ8DHX1cHtxSlBZ2JVwBaTai6IK3RhlNFUiXkOECgYEAxD4Y5BCnAbtNCtMo+m+u VOb6Sk5y6Y4TEqmM1WjO8o2prmN44AOqkiCarDAktlxzVn2A3udqa7W/ttrOXHc3 hARd5TFY9oDIV/sERM8a0EpGTJ2GRZK2bOjibEDFwN6Kbdr67yh4VBa+DH8UngQt SNC0FvnekKBg8m4LiJE84iUCgYAqdU5sSDS7sL2wjO+YxRQTUROr1Lb+a/q97iIv eLuRD4Hnl0l1hCU3dPCrdnZWFzAPmKCG0xtr5N4n9+tcM2XOWzcnnH0xoBhzFtum d2aQkPQLDqQH79TkzDagThgYOEfOzaRICUgNVH7wuIem+To+X/EO/mHDk1f2diWD FnxdQQKBgQCds3ZzDpVY86/94Xh+Saegw5SunpAkObp257Fp/X9s3ZBKApYoIlqo 7MIu3RAQ9H6jH6o+TmbVXsGm5QFZ+52QyGuN7txp9ZwpeHNnirauyseOreBT3vMi c9ahJWA9I4WV4aPogxh74fYUKLfhxfhsTTLzq8bBj2TpEKev0Bb7Lw== -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/attribute-certs/keys/interm.key.pem000066400000000000000000000032131453642760600263600ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAqUQg3xjXPS0Q+tNAcZ0GXf+sMfhVyxgBdeh6QowJmDdxIZZB fzSHH4Xjk1B603jHK0YZKsZ6XwdXVPKWhYKA6/vIgRmDJuFFB+/8p4W13TBC6H8m 8hmha9+ZYHV3G7Fmk8mPn0LgjZeGoKlCsiqxd5XMDwGwQZr1EwkvsQkZJkwXa4s7 mIqvdapC3ydw2bo1iJtK8BIf7ATcCOWKRdLcQEwg42RrIo9HOio4ngfx1K3EkuoK VbqiVPHqI9G8QtlmwySnlLmbXr8l5MBbGfNyEO3gcFuhtTSGOTJu9/1UIDu5lYi9 Mnhry2bqfgrQhLueE+BMuOtHUbWsET6mTNRHNQIDAQABAoIBAGcOoezzlOkcbUAq KwyBjITizBbImoPDI/CEERw/YwAYkXrfnxUyCCs7O6pPz9i9qpZAYcZXfd4p/BQu d1LmeFQ1wohH3kBn273PckcU8/uuDK697BpvXIbvZtUB7/kec9P7XsSa1VmgLknX hFIyCEdFHy7r2kK3dAuZBj6FyZg0snkPQcsNgocZGA9b6xqC/T0V0b504csmpz26 0SeP2NuBa1vDk8AnY5FXWWuBm4QV9U6qoE3dJG7gkNE2OvybksCPSEGnVXuFHEjB kCacMMQRUEnY0kuy7ZXb21z9bwCBNDgauR+kw8d2Uv2deb0cLxyEMHGaBAMivBvP r7KHw6kCgYEA0UDjHVnfU15iZyAWv6xNG/6grAPhN7KjtJ/1U8Gje5TvikO9aF2u YO78jb3wZAAARItXUoMArivdKG13OddvRtPBgJljaAYdNIM4mbfyQ8sm4FtzVOtE fwL9oMJgEnNH1iwSPSXh30nZ7uC44xSXgaFe/2ix19qNLPmer5xt/T8CgYEAzxRi ENwQcs+/c+lVBDuKR7F0XDKHakH5RKMxU6q8s0uPdaBdbPa4qXfM3LubC0XauNSR jpe0kAlhir5uPjCAd+gWBGu0SUUJAZnMEGxiD+YeVCvk7KO3vcJx0vBVDdmNrmjk a1L01oQuNPv5fAr6f1JkeffWpg5Lfh0UXFnkuosCgYAFNFXxvvB9BFXyNqwaLFDm p1ibrqUFW54Suf/CC4jjY/rpN3IYjGvv4UHKzLST6CQZkFWlqbh0nIatoLtcZu1P l6iyaB4+0hgb3D+mIxsVcJIQ9nVR4WAcwJhKTUtSaieZPhNeDfkmMpIHDPPMQhDa mobgV1xFAByOx86Yk41wxQKBgD2qWDmlDtDhxKWDymlkQZ1v3rLF6UVfOBeUcU/0 /BR4X9QrWSblob/1iPACff0xZBy+UEoiKwbphD6IztN+JgOO/V97o0heYnwzjG0n mVwartVp7NX7OvArQzIJl4p0Spixa7P6FCb9XbUxg+3IZygbJQidITJ590kq57FI o7BZAoGAI+JNLXIinUrFMhQYWxi4h0IDyI6nhVpazu2+Q6tnfHRKItP2e6X6W3Xs 7FqDqpHgr0b29m9fLXwGK5eZMtqZ26zrr2uNgKNsUhh9XeDq0F/KECh1aTdpUDeq /X1Ytv9OsTKyxpzXzP+Pj641jrgSgGCAaGIy9F2c4DkeFuHynOM= -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/attribute-certs/keys/people-ca.key.pem000066400000000000000000000032131453642760600267270ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAy4bwiAogsjoha2gFNvb26EHtep6u/N+THup/8MFAPc+itgFv QqhaY3HH0YKd4jwaJfX1QNyNPQY40aqRyo1t+o+LpEEoCIoqCn2SAwKem93sTUaa QDVzvR/fIumak19hEA/SuRFLE/uAFO3ErRTMPIqsKDz4RNUWk+7A64O+3dN0zglD mgmu4r5BP90AXhsQFYdyn5S7VZA2HaQt0tGB/snr3hHF5dwrzQuvg7kn04QK3Oyj C8Igtv7qwnMhYafHg1mhrpdLz4SD1hUZ5kPvV844raY+Y7dSEk4jVPHCI2DpOSGB e6H9XuwtmcJ+tch6qq5eO9GMexSZtA3GSCDH7QIDAQABAoIBADREHPTylN7wKrDo b55j4ZhXheLdaVarG57u3Zg4KIU3EzPmPmpBzaSIDaZyApWclaJ1/VuAyAyJ0oGV agc4NqwHvPabfOpkgNNc1+hJ/e1NGmfl36rpjyVcT/MpRnbeIZD8X0MDe+JPzd6S CNXh52kMu5VBwwf6KOgoggZ5OMTCGXNOXMCXXwPBQO14hg62KKEf8JrJqipqEPNN 4J/XkkGBbFcGVLwRqw0JlifLebDU3jAOTtG/QDsrgGmGl5jpEs7DWwfKxXghylya eFy6dtFkwktfzQJ1veapyhX8SRY+nPR/u222Czu5xbTODFwY//zghMxBzP3PRi7C RA3F3gECgYEA8C4GlJGuvp4Eq/exfMWl8VOh3T3xcme87wczi4R4iKbralnY+CmR ORDky+YvSV3w9M2ftfDbTa9ILen5rIbap+H0FrKzNkefNbEnIX8ihdeq5oVLVrCJ EpZfgx0jfEDkbFVURBRDgtSuuDaFcy7EBczv4JC31b4iSppyba+FXMECgYEA2O7d 5x21odLh2e7cFvh+/KKNurKtdjIO2nXzuRDcqzQZEgN3YpVoUZRhfnERQQ1Hp6UP TwB2x+t0uoSWCTMDtGVXZl5199sUksUeU48Xn4gs//Squek6mAFtkJ1whuNfggtu UyIq1qFn/zhogAp64zVKYCW4zRqkTrQ7/djb+i0CgYBdrBW06/yTK133E+uNFija Lhv7BaWdUQhG0TAxQcEgyrkWCWStpMiW0RfqziOzIYhQccHQW9esPKiR/6b4ur+c qmtgTuHGUbiuYCE61zLHsI1eyq3PaZqMPUmTAVJNq6Fq/vyWcLDD3d8myVzSx3J8 MKl9k/Oe0UDeh84JKWOCAQKBgQCCnbB2i+jk+riKI8vY+N5c9vMnSpYu6I0Q9Jw+ /ewgGUpPEk87yIH7PMBHBYVCCeDvC+9fvgPG8/pgo5xDBbhhUfOB67ZT+lE03gMY hLvQjompw4NYVRm2lIWH4YPzc8v53TAcViI9AQpBHZGuJqE/VMLniU7wD+6GhPbq LTymMQKBgA5ST+G30w51sFRJJULSfB2kXCeRs6dDDuLwZWLXAtBfyUHypx+OcLzR 49YBt8cE/IM6UvvMGCavucU9FOgfk3JQEg9uHd7ky3z5vc8g9XZ7f/cURbix2lPZ mhYZPLA+/xQdxIk/zOs8MV/QLja/YetW7kc657iRMnlbKBjgTeCT -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/attribute-certs/keys/root.key.pem000066400000000000000000000032171453642760600260510ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEArTPIQsHETFLdmvvlp79EJ9FFGhsHEocqPev1xyRvCCbbkOi5 VDc+cWtkYtfX8TJn6XRX6VBH5a3/cw/qWIyQbwP+wtwMN5DftqTnJILdtGEdrFb8 1TKIofoCfUAvBJk1K/SrIV6BZi03eeqU5/7zVaaBnC8ZrXu2NDK0h1V+Co8Cb054 b+Q6YcDq4Rw81M7jHu7Iocnmx7XoJ11bMQb1Ikcd9xrM3otC10UiaroKX5Hdf88I lUIHjPYZ/ChSH4GStcePcrS8saS9byMja76C5G8Lgsp4o3Ccdi2H1sShxp1Y02X4 X2eEotHVM61a+5TOjP+16DzvX2YPFT/q83N0WwIDAQABAoIBAG8fXOmvpcCOHc20 tWhFZ3XgZuRT2NrDS4/E1sA4mN/zBkXXeigU9YQRMavU7Z+7Bj4avdhcAHTUiKMK 4ACF1pjTSF0+jrwLv+xPqlibeaCj+kS63qXuMQky/OvdBQ1/OkUESdMz7fNfKUuX /IdH5FjcZiWNdnz+dSzSJ074w9ADWHIjEg9ixmw0xU2QbulOgJabuwuri20kVyuO cDrl1zW10e7iiog85HHEIFwTXfen+wb0QgH/mt1/BS+3ch0dmP0i8Dx6wZMqh7P9 RQU6N/947jwgHMP3HV4SDcHLSznIB+G/veaFotL0IDKHbhdQIZTGfIUJXIx5RTTD 4XTF9hkCgYEA2Eg/GNtOwtlQILGpkBLvEgq9dlttQYjBeSBnXbNhI5NHMuYq0piF xki+Io3zonLKMJ5LZCMLYesJm+WMGVLZ2d0F7NSfvngI1nApa70Nsux3EeZrcFTs u88vWJCCXR8++x21iUk1M0SHxdXfPc89l+a3C30XYTD3MTEgkdN3ChcCgYEAzQJI ZwYV1JH/jE6AIil472YIBQXBB+YI6Dx2V3H7XDzE7G6IKU7VuxrvZA1i/ODKzPSD tBeCrhnUdqTOwb/Ba7CRL/a935tYiOJRQb8fM0Kyy0cO33cPBsbjOeZRMNdyhVKF 8eg2qCMPuEYLVdumQQl2wNbKcEUbgxgd+Icxxl0CgYEAyp3EHrE1c+zJ2BcYVtSm CyzsmXjFPeOz/JmSvIFTu1Q6G0DtVSV2DXAQT6bUW5dWO33P+xupii36boX5Xa/0 Ttl0t43pqTIidWHWLAyMTNaiJa7LcAzfSoKqRDn9JugixHXsn5RptoG5AGmAHhOM DEYjrSufP3nz2a3AaVzF5DkCgYEAqpVvsWn62DnzrcfUDpj7rBf2LFexWuUqHDPT NMf/I6zdHu6KFfUnGt06vMH2z/wsQ4Zh4IR/lGahx2czMzxfsT/mT0a8j0cv0Bah Dlf9miWxqDukQIVM15K+l/rxK/bZr94O3k8ey6EA/5Ao9nQiTpOVYLhZEjouvlJe /eFgpXECgYAviXclHhkyJ4movlUrbwlkE5/ezS90jM/1Y0iinCxEfjzN+p0YmlGR rbtAahdSHVr5YeB2d5aBDWhFv4GJifhZPUR2Gy5Zqgnl0UQWyVSWx8wFDe36Cjku eDS/6nCP0f3M3ZHbRA/Xm0mBnc9uI4yD9bTG1ly2KE9Tpu+gggYEFA== -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/attribute-certs/regen.sh000077500000000000000000000010501453642760600242510ustar00rootroot00000000000000#!/bin/sh certomancer mass-summon basic-aa basic-aa --no-pem --no-pfx certomancer necronomicon --no-pem --at-time '2019-12-01T00:00:00+0000' basic-aa role-aa basic-aa/role-aa-all-good.crl certomancer necronomicon --no-pem --at-time '2021-12-12T00:00:00+0000' basic-aa role-aa basic-aa/role-aa-some-revoked.crl certomancer seance --at-time '2019-12-12T00:00:00+0000' basic-aa alice-role-with-rev role-aa basic-aa/alice-all-good.ors certomancer seance --at-time '2021-12-12T00:00:00+0000' basic-aa alice-role-with-rev role-aa basic-aa/alice-revoked.orscertvalidator-0.26.3/tests/fixtures/certs_to_unpack/000077500000000000000000000000001453642760600226605ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/certs_to_unpack/acserprorfbv5.p7b000066400000000000000000000120511453642760600260540ustar00rootroot000000000000000‚% *†H†÷  ‚0‚10  *†H†÷  ‚ú0‚í0‚Õ  0  *†H†÷  01 0 UBR10U ICP-Brasil1402U +Autoridade Certificadora Raiz Brasileira v51604U -AC Secretaria da Receita Federal do Brasil v40 170328190719Z 290220190719Z0‰1 0 UBR10U ICP-Brasil1604U -Secretaria da Receita Federal do Brasil - RFB1-0+U $Autoridade Certificadora SERPRORFBv50‚"0  *†H†÷ ‚0‚ ‚¸¡÷Îëñù¢ºÖÛ݈2\ö†/žh­g–j¦s¾ÂIØ°„3H(B<-LkQÙs-µcRPnÎû%k7BE'†íydâ•ú¸I:dÀIv)~½ÍXìF¬­ÊÙ?×nÁ6w'î3ÝtvtšÒxC6CÕIß›P±$J½.©ù»Á²–Ýa<‚ºÚ?È?iQvÑÜ"jlŒËc-šæ¥ÕÇJ'Ö`’DÆå‘ö»p1oѨ"o_R°p^ú9‰_}ºÞBøXlõ-³n‰)ªWŸÙJ0YÇò8ff‚" 2ļ’ É ;>^2•)ákШv;‘Óǯõ¥Àμwz cU6#Ž\SÜUdŒzÐÒ»`“üù/ƒ¾#[uO`MJ f÷¤„R·a0]Å®Á#ªÍHäé´k€2ò‡³yÞõ½ùV{åNéBî@8ö¼±à ³ãI?âå2)Ê 1ÑA@›Ô¸9ŽËpZÇ}û5úͦ *é £}Á,ΈG¡ÿŽ™ë¢ ʆÞjèôëKàgU²Õfb’‘¯-{Þ—tÞšÚõëDtõŸ‹ë&»ƒKm›Þœ—è•h¼5Ÿ‡]úStm¡ïõw:S¾dá|dšõá`"Ÿ§b»4ÌG¶=Åë²8åí¾1!¥…£‚U0‚Q0§U Ÿ0œ0L`L 0B0@+4http://www.receita.fazenda.gov.br/acrfb/dpcacrfb.pdf0L`L0B0@+4http://www.receita.fazenda.gov.br/acrfb/dpcacrfb.pdf0DU=0;09 7 5†3http://www.receita.fazenda.gov.br/acrfb/acrfbv4.crl0U#0€˜æCÊÝ’ž™cEZ*é‡ Í50U€-~šEÀñ[?Õ@°o/eàé0Uÿ0ÿ0Uÿ0  *†H†÷  ‚'1úÙšéÒT>cÉsôÕö!° EÚFEzÌq q÷âÚ* ¦mìÇåËdÿi“ ‚®sVlHî™Ö]G8à6á,…Zß·ÁÚo„óýxhS4®‘°OΕh? ˆ’¯ŽL3}ÇxpÎËý¹M]žè&¡QÓ‚?Ýv ©÷ÿ®rÎ6hc z§ôe•ÁMã@iÃ`ý’üo‡,"M0Î:EΰàÕ‡.q˜íÁóÖÝ°~_å“SNÓŒ1ÑlÊh`!.]ia ± @$<3öûôpTòyšOéŸ@¯9i Çõ4:_Çéé¾´Tí·­”3y“sŽÍ”¸牠ÉÖ|¡‚ HÊ5¸˜•óÇû“i@Gµ¬øŽ<âñG‘aDáD°åòœÞìf×µ`í8E7Žú+ŽEnY¼§^†Ý©¢ó.|˜4Žé0¸“õÛå§ÆýL¥èêgØ™PmN°ªvOà(Äwç~>Qš¢3KÈØ]’'¦âa#WÊ¥ãùèF¹Ø¹H'Æj°ñÌu®ÝiW>!2ª×èÌmˆÄë„Q ˆh `ÖR:@¸0{èÛò{‚î~¤\¨¶ímÇË6¦£õ0ò0NU G0E0C`L0:08+,http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?U80604 2 0†.http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0U#0€i¨¾uÙÄïlçEäanåhø¶@^0Ui¨¾uÙÄïlçEäanåhø¶@^0Uÿ0ÿ0Uÿ0  *†H†÷  ‚mÛòbYª^º?¦XQàüršS§ò^g‘tWiù˜¦^`ê”hZÈDÁW/!!– 9Ô9"|‚sÔÝéEã–ÀI7?-¯Ê0ð׎TX±³?NfÄÿÓî›aM‚ÉÔn½t¥û ýLòRôné†Kžá šÀdìôÌî’!k0è—èfM§A.t£˜òÔrN“&3y~çÏH-ïîÔ‰R¤ê£œû®ƒg$G1€c,ù^é[9ÎRÀþÙ>(ÿÜ•¶êwøazù¦t—%.¿jY–\: îM˜²ë¢ÕnÑñM\jú(¯_»Ž)8v£˜Ë\­×î¿ÏÂ}ThÑwEd.‘{F }x~Ê™ÔH,Àúâø$ûG l¯‘µ¢ºY.²ÚN)D•Àó¼ ¬AC¯©ÖÀG°¼ÁØ“.+aÙ8»§Y¦ÿ4«pì–àãš³¥±m„ßUîÞ¯2wK.üÇ„m{!ïc,³ÐFý-L¬Gg µkß=N¯žƒàbó†;P³‹!„²”.@‡â•‚]`Bâ–;…zò±Vñ¯ã¾­¼±¶>Ëð(ÐŽh†™Áq€k…o>²&Ó›j6 »;C ÿ(c®zë‰\a¸  <ûX;`}_|è‰5L¶ÍÒ ün~MuEüPÃWÖÁáSqõRš0‚`0‚H 0  *†H†÷  0—1 0 UBR10U ICP-Brasil1=0;U 4Instituto Nacional de Tecnologia da Informacao - ITI1402U +Autoridade Certificadora Raiz Brasileira v50 160720133204Z 290302120004Z01 0 UBR10U ICP-Brasil1402U +Autoridade Certificadora Raiz Brasileira v51604U -AC Secretaria da Receita Federal do Brasil v40‚"0  *†H†÷ ‚0‚ ‚`wªÊð/`-åõµqTýËÛ#D9Rc¯ôž¹+ùlM !ÏäR:TÓ.Qï‚L?‚J‹{ª¾Ã²ŸcŸÁS.p ®~£ÖÆÛ’€øÊÔÈÝaÔº'ŸÏú¦ÿ‡ç3ìÂ=É©L—h®ÛÌÞ@‘ÍÏ4U3E½þQ»Xg׊p@{ k¥˜}ú*ûê«N€=8¨õ%’„f ‹8é‘Ñá5@?Ó ]öN$ŠS­Þç°DþÄ(ÌŒ<=ꃵ`–HŸîöb-'+)&7—ng opTß*CA¼˜œ LXgµ—ÆïO|‘t|…@²Ü“à«2Tƒ–‚?+Ú–}×|‰~†ÌDì¥óÕù•äv÷È3À8MÙB‰\yŸíqs¨äàÐyxt®KÍ(4í¶ª(oÆ0W•g@VDÝfŽe3‘P¾n41r/`ÐÀ;f¤ÊÐí Õ‹]ü°ÅŒz]´²%ü·fÎ…ÇsQâPßö<çIÜê=uÝ”MK×ñ¯ ¡7àŽÜ»XY€ýrPªö3Àtت¡îõÀ9 ¥1ó÷Õ&xl¡Á€#ø¨ÁÃ* [Reˆ¿u@ä÷<öz˜û’>í£»0¸0U˜æCÊÝ’ž™cEZ*é‡ Í50Uÿ0ÿ0Uÿ0U  0 0 `L00?U80604 2 0†.http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0U#0€i¨¾uÙÄïlçEäanåhø¶@^0  *†H†÷  ‚kBà é5›vs©¸Ì}>G>¾¾nMÞæ—Œ_<û?#àMdýC£“Çýº›ª½¬êåëÿ@&—¬‹ei?4ß¼ë—xq±žÄLv1 ژ䳻¥—®‹e$äsŸŸ¹‰Š5…<¸éF ÛÃ×t¾y©9cŠXø.çT˜­¦õZ5¡JÎý}nÁPZv þ/ytS6T£ÿ ÿ±¯OnJ·$"uÐDôÔiI:튷û<ÜnOHcAOP°Wo›…L~Xßë^"é‡ðÏ¿.àƒÈkŸ‰•ó諺±~ûrÌ2pCJ^¹júÀظü†JÛ} x¥”3Oî§,äŽÊ£ÛZ¥ïÍ^²rKtGÒÝ=fÜÅþ'èD÷ce”’ÐQ¹ïôÝ ÕbÜƈŒ_é÷pfoþ6Åù ý1¿[¡"p.k6IN)Ü>41LCVÄÒP Òv»â@TáåÄ,G8-á#d2g’eõhTS(aâVK “ÐÜòŸG£‚¡0‚0U#0€Ï•v-Ô_›5‚îòÈœ¸ Ñá0UÛƒiIÎÛm}ø@Ë $ŠÔ¿’up0EU>0<‚:digicert-ecc-p384-root-g5-revoked.chain-demos.digicert.com0Uÿ 0U%0++0U…0‚0? = ;†9http://crl3.digicert.com/DigiCertG5ECCSHA3842021CA1-1.crl0? = ;†9http://crl4.digicert.com/DigiCertG5ECCSHA3842021CA1-1.crl0JU C0A0  `†H†ýl02g 0)0'+http://www.digicert.com/CPS0~+r0p0$+0†http://ocsp.digicert.com0H+0†ÐÚ>õ52çW(¼‰kÉÓËÑkìëiáw}m½ne‡eqG0E!¨ÁÅú‚ÓÛôøã…i†Sê?y\-Ïô ïô*=ïn ¾&F2? É@²ÄÈ a§Ûçgà—?/DŸhOM÷ uUÔÂ6Jê ›Wj´g)]ϱ $Ê…†4ëÜ‚Še‡e§F0D XÂèà8÷vÉ©Pî×ÜšeFßKÒ1B¥¶~B\DÌiÑh´]Kà!lKâmÌ±à—¦S ͪ*eå9Oƒ¥n\˜¢$&æû¡í“Ç.ÆMJ¿°BßxÚ³¨ùmÿ!…S6`LvÎì8ÜÖQ€ðÅÖåÔM'd«›Ç>qûH—¸3mÉî–¢ö\L@í³ÂìÿqÁãGÿÔ¹´7BÚ ÉênŠî®}¢Y˜ˆ¨o-ôòÉ_&Ï,~í7À©Õ9¹‚¿ ê4¯!hø­sâÉ2Ú8% UÓšðh†í.A4ï|¥P¿:ùÓÁ æíŠX%ä¸w­-nõRÝ´t«I.;“4(xΔêǽÓÉmÞ\2ócertvalidator-0.26.3/tests/fixtures/freshness/000077500000000000000000000000001453642760600214755ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/freshness/alice-2020-10-01.ors000066400000000000000000000026001453642760600243120ustar00rootroot000000000000000‚|  ‚u0‚q +0‚b0‚^0­¢ÔqFIíºûgü¾ð˜gÎÇf„£20201001000000Z000W0  `†He hFóRñ”%œy©„~ý-ÓŠ ƒe¤—8zróm ÙD;ÛWŽ—V³9bá:ðX¤Ý[ yyYäìa\Ñ T’îE?n²Ø´Xój§‰ L¾D‡ÔAD<ÅxÀrù05? ‚–0‚’0‚Ž0‚v 0  *†H†÷  0C1 0 UXX10U Testing Authority10U Intermediate CA0  000101000000Z21000101000000Z0R1 0 UXX10U Testing Authority1'0%U Intermediate CA OCSP Responder0‚"0  *†H†÷ ‚0‚ ‚Ë†ðˆ ²:!kh6ööèAízž®üß“êðÁ@=Ï¢¶oB¨ZcqÇÑ‚â<%õõ@Ü=8Ѫ‘Êmú‹¤A(Š* }’ž›ÝìMFš@5s½ß"éš“_aÒ¹Kû€íÄ­Ì<Š¬(<øDÕ“îÀ냾ÝÓtÎ Cš ®â¾A?Ý^‡rŸ”»U6¤-ÒÑþÉëÞÅåÜ+Í ¯ƒ¹'Ó„ Üì£ Â ¶þêÂs!a§ÇƒY¡®—KÏ„ƒÖæCïWÎ8­¦>c·RN#TñÂ#`é9!{¡ý^ì-™Â~µÈzª®^;ÑŒ{™´ ÆH Çí£{0y0UÔqFIíºûgü¾ð˜gÎÇf„£0U#0€0ô=σÉvÃÚyh²mìâihÏU0Uÿ€0U%ÿ 0 + 0 +00  *†H†÷  ‚…K•c4Z «ÔjÊ"R£e’^ÿ53’Þ`7/áø%ö^0vm¬¹‘X$Ьþ÷Yñw!¢Ë›xêŒÄã@·àM☗b…+ÏV Påþ«øîšá‰ŸçÇ)Ú/‡MshŽ1ó7„M8‡/ü&)J軹°ØĽ-÷ÊËœ¶ù©áñ´›WUæ„ÔžŠ¥y€(ÉUÄB2ã#ÿžø M?î]øJj¬ùÇ;ÁÉ[È{]ƒñ3ÃÌÌ7`y#¡ÍΖÇY†Ó©Sðã¯"aøØMðfc–HࣅäE$ ÑYWhCE<)ȇpVpmïØÆ×åKDÂjFpþcertvalidator-0.26.3/tests/fixtures/freshness/alice-2020-11-29.ors000066400000000000000000000026001453642760600243250ustar00rootroot000000000000000‚|  ‚u0‚q +0‚b0‚^0­¢ÔqFIíºûgü¾ð˜gÎÇf„£20201129000000Z000W0  `†He hFóRñ”%œy©„~ý-ÓŠ ƒe¤—8zróm ÙD;ÛWŽ—V³9bá:ðX¤Ý[ yyY’£Ô:—ºQûÖ¬ËfǫιL¾„{á–sK§9]ʦ'Kç!œ 1Tý{ˆÚÂl‹SlJ#ƒ,a¾jºWаa»)ð… ‚–0‚’0‚Ž0‚v 0  *†H†÷  0C1 0 UXX10U Testing Authority10U Intermediate CA0  000101000000Z21000101000000Z0R1 0 UXX10U Testing Authority1'0%U Intermediate CA OCSP Responder0‚"0  *†H†÷ ‚0‚ ‚Ë†ðˆ ²:!kh6ööèAízž®üß“êðÁ@=Ï¢¶oB¨ZcqÇÑ‚â<%õõ@Ü=8Ѫ‘Êmú‹¤A(Š* }’ž›ÝìMFš@5s½ß"éš“_aÒ¹Kû€íÄ­Ì<Š¬(<øDÕ“îÀ냾ÝÓtÎ Cš ®â¾A?Ý^‡rŸ”»U6¤-ÒÑþÉëÞÅåÜ+Í ¯ƒ¹'Ó„ Üì£ Â ¶þêÂs!a§ÇƒY¡®—KÏ„ƒÖæCïWÎ8­¦>c·RN#TñÂ#`é9!{¡ý^ì-™Â~µÈzª®^;ÑŒ{™´ ÆH Çí£{0y0UÔqFIíºûgü¾ð˜gÎÇf„£0U#0€0ô=σÉvÃÚyh²mìâihÏU0Uÿ€0U%ÿ 0 + 0 +00  *†H†÷  ‚…K•c4Z «ÔjÊ"R£e’^ÿ53’Þ`7/áø%ö^0vm¬¹‘X$Ьþ÷Yñw!¢Ë›xêŒÄã@·àM☗b…+ÏV Påþ«øîšá‰ŸçÇ)Ú/‡MshŽ1ó7„M8‡/ü&)J軹°ØĽ-÷ÊËœ¶ù©áñ´›WUæ„ÔžŠ¥y€(ÉUÄB2ã#ÿžø M?î]øJj¬ùÇ;ÁÉ[È{]ƒñ3ÃÌÌ7`y#¡ÍΖÇY†Ó©Sðã¯"aøØMðfc–HࣅäE$ ÑYWhCE<)ȇpVpmïØÆ×åKDÂjFpþcertvalidator-0.26.3/tests/fixtures/freshness/alice-2020-12-10.ors000066400000000000000000000026271453642760600243250ustar00rootroot000000000000000‚“  ‚Œ0‚ˆ +0‚y0‚u0Ä¢ÔqFIíºûgü¾ð˜gÎÇf„£20201210000000Z0˜0•0W0  `†He hFóRñ”%œy©„~ý-ÓŠ ƒe¤—8zróm ÙD;ÛWŽ—V³9bá:ðX¤Ý[ yyYXz†½“ñ‚ uHÓZøFÝ›cýYË50â® U¸Ì˜—3F:hÒIÿ TÈ—[@MñúB%…EîZ)æÒrãÜ팠‚–0‚’0‚Ž0‚v 0  *†H†÷  0C1 0 UXX10U Testing Authority10U Intermediate CA0  000101000000Z21000101000000Z0R1 0 UXX10U Testing Authority1'0%U Intermediate CA OCSP Responder0‚"0  *†H†÷ ‚0‚ ‚Ë†ðˆ ²:!kh6ööèAízž®üß“êðÁ@=Ï¢¶oB¨ZcqÇÑ‚â<%õõ@Ü=8Ѫ‘Êmú‹¤A(Š* }’ž›ÝìMFš@5s½ß"éš“_aÒ¹Kû€íÄ­Ì<Š¬(<øDÕ“îÀ냾ÝÓtÎ Cš ®â¾A?Ý^‡rŸ”»U6¤-ÒÑþÉëÞÅåÜ+Í ¯ƒ¹'Ó„ Üì£ Â ¶þêÂs!a§ÇƒY¡®—KÏ„ƒÖæCïWÎ8­¦>c·RN#TñÂ#`é9!{¡ý^ì-™Â~µÈzª®^;ÑŒ{™´ ÆH Çí£{0y0UÔqFIíºûgü¾ð˜gÎÇf„£0U#0€0ô=σÉvÃÚyh²mìâihÏU0Uÿ€0U%ÿ 0 + 0 +00  *†H†÷  ‚…K•c4Z «ÔjÊ"R£e’^ÿ53’Þ`7/áø%ö^0vm¬¹‘X$Ьþ÷Yñw!¢Ë›xêŒÄã@·àM☗b…+ÏV Påþ«øîšá‰ŸçÇ)Ú/‡MshŽ1ó7„M8‡/ü&)J軹°ØĽ-÷ÊËœ¶ù©áñ´›WUæ„ÔžŠ¥y€(ÉUÄB2ã#ÿžø M?î]øJj¬ùÇ;ÁÉ[È{]ƒñ3ÃÌÌ7`y#¡ÍΖÇY†Ó©Sðã¯"aøØMðfc–HࣅäE$ ÑYWhCE<)ȇpVpmïØÆ×åKDÂjFpþcertvalidator-0.26.3/tests/fixtures/freshness/certomancer.yml000066400000000000000000000055041453642760600245260ustar00rootroot00000000000000external-url-prefix: "http://ca.example.com" keysets: testing-ca: path-prefix: keys keys: root: path: root.key.pem interm: path: interm.key.pem interm-ocsp: path: interm-ocsp.key.pem alice: path: alice.key.pem bob: path: bob.key.pem pki-architectures: freshness-ca: keyset: testing-ca entity-defaults: country-name: XX organization-name: Testing Authority entities: root: common-name: Root CA interm: common-name: Intermediate CA interm-ocsp: common-name: Intermediate CA OCSP Responder alice: organizational-unit-name: People common-name: Alice bob: organizational-unit-name: People common-name: Bob certs: root: subject: root issuer: root validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2500-01-01T00:00:00+0000" profiles: - id: simple-ca params: crl-repo: root interm: subject: interm issuer: root validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2100-01-01T00:00:00+0000" profiles: - id: simple-ca params: crl-repo: interm ocsp-service: interm max-path-len: 0 interm-revoked: subject: interm issuer: root validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2100-01-01T00:00:00+0000" revocation: revoked-since: "2020-12-01T00:00:00+0000" reason: key_compromise profiles: - simple-ca interm-ocsp: issuer: interm issuer-cert: interm validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2100-01-01T00:00:00+0000" profiles: - ocsp-responder alice: subject: alice issuer: interm issuer-cert: interm validity: valid-from: "2000-01-01T00:00:00+0000" valid-to: "2100-01-01T00:00:00+0000" revocation: revoked-since: "2020-12-01T00:00:00+0000" reason: key_compromise extensions: - id: key_usage critical: true smart-value: schema: key-usage params: [digital_signature] services: ocsp: interm: for-issuer: interm issuer-cert: interm responder-cert: interm-ocsp signing-key: interm-ocsp crl-repo: root: for-issuer: root signing-key: root simulated-update-schedule: "P10D" interm: for-issuer: interm signing-key: interm issuer-cert: interm simulated-update-schedule: "P10D"certvalidator-0.26.3/tests/fixtures/freshness/certs/000077500000000000000000000000001453642760600226155ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/freshness/certs/alice.crt000066400000000000000000000017731453642760600244140ustar00rootroot000000000000000‚÷0‚ß 0  *†H†÷  0C1 0 UXX10U Testing Authority10U Intermediate CA0  000101000000Z21000101000000Z0J1 0 UXX10U Testing Authority10 U People10 U Alice0‚"0  *†H†÷ ‚0‚ ‚º¿åŸ/-| hbÑOúÒMiÊN>Y–DW_%·ÈñÑ#ÀG?pWuº½FG={ad«‘f< üˆÿÍ'a ¬uœuZáô5«ƒ×Kó"†Jªß¾×U|LŸx[ZƒãûÕEñ$Ú*½15›Ø1jÔŽè¹hYüצ–N¡•Ö ›ÿk%Œåx£àµ*}@‡éЛÕĺ·3kã†8;½ÖÉÄvÂÀ; >ßRÆà„—m›åpP¤T×xlé-Ùvªë@»ã¥hsª„}6ùæƒ8,úMFî=msœ, d¦`Ü|‰ÄÇŸ_þLëÕiÜ™þôáA„ÏØLzÙ£ë0è0UZDÔ[]ˆ{ðësx—6²ÀÙ¨0U#0€0ô=σÉvÃÚyh²mìâihÏU0JUC0A0? = ;†9http://ca.example.com/freshness-ca/crls/interm/latest.crl0J+>0<0:+0†.http://ca.example.com/freshness-ca/ocsp/interm0Uÿ€0  *†H†÷  ‚h4á»'Äìß`ÉÕVæ‚g÷½ƒ]©EæŸeCßÖ´ÈÏwž\xRG7© “h¼ƒzÝÏ;ßs˜}e‘:ߢàqåÁÔî>§T¢zƒïßwÈT·o)ñ+0Ë8Ïæ,¦/.ö t?è=j~ÞNÂ(2Œ9↰\ž1êÐø)i9¯‡%aºFg1L–Yš„É–n×BØ&·q•O$»‘e£ð\ 4às¼Rm)¢*‰ŸbøEÚé8ÑcZ]ÕP¬ÖbÿÔè‹ÃŠ³'{LV½D„c·RN#TñÂ#`é9!{¡ý^ì-™Â~µÈzª®^;ÑŒ{™´ ÆH Çí£{0y0UÔqFIíºûgü¾ð˜gÎÇf„£0U#0€0ô=σÉvÃÚyh²mìâihÏU0Uÿ€0U%ÿ 0 + 0 +00  *†H†÷  ‚…K•c4Z «ÔjÊ"R£e’^ÿ53’Þ`7/áø%ö^0vm¬¹‘X$Ьþ÷Yñw!¢Ë›xêŒÄã@·àM☗b…+ÏV Påþ«øîšá‰ŸçÇ)Ú/‡MshŽ1ó7„M8‡/ü&)J軹°ØĽ-÷ÊËœ¶ù©áñ´›WUæ„ÔžŠ¥y€(ÉUÄB2ã#ÿžø M?î]øJj¬ùÇ;ÁÉ[È{]ƒñ3ÃÌÌ7`y#¡ÍΖÇY†Ó©Sðã¯"aøØMðfc–HࣅäE$ ÑYWhCE<)ȇpVpmïØÆ×åKDÂjFpþcertvalidator-0.26.3/tests/fixtures/freshness/certs/interm-revoked.crt000066400000000000000000000016571453642760600262730ustar00rootroot000000000000000‚«0‚“ 0  *†H†÷  0;1 0 UXX10U Testing Authority10U Root CA0  000101000000Z21000101000000Z0C1 0 UXX10U Testing Authority10U Intermediate CA0‚"0  *†H†÷ ‚0‚ ‚©D ß×=-úÓ@q]ÿ¬1øUËuèzBŒ ˜7q!–A4‡…ã“PzÓxÇ+F*Æz_WTò–…‚€ëûȃ&áEïü§…µÝ0Bè&ò¡kß™`uw±f“ÉŸBà—† ©B²*±w•Ì°Ašõ /± &Lk‹;˜Š¯uªBß'pÙº5ˆ›JðìÜåŠEÒÜ@L ãdk"G:*8žñÔ­Ä’ê Uº¢Tñê#ѼBÙfÃ$§”¹›^¿%äÀ[óríàp[¡µ4†92n÷ýT ;¹•ˆ½2xkËfê~ Є»žàL¸ëGQµ¬>¦LÔG5£®0«0U0ô=σÉvÃÚyh²mìâihÏU0U#0€½÷ÿHýXóÜÔ¡^6a ?0Uÿ0ÿ0Uÿ†0HUA0?0= ; 9†7http://ca.example.com/freshness-ca/crls/root/latest.crl0  *†H†÷  ‚Ž‰åìÃmPHà—Kö&‰R°F!ò®ÄÛì“McÏÍop<ú·¬<ÖhÞ?é ˉoɈœ>M»EQ%‰ÒNËgeq›‘j]Z†áÍOÓ{‡¶Ìw`Â$ÂV[aN¡Ùú’Ùæ:÷NQ(¯"î÷Ú…xGšl-À‡Wtà¤(OÞGÑ×,p}XO–>0¨í×CxùòU"æ6'VÑ؛ۤT<Êéyæ®(•2™´dPÜwyœýyÆz¥™¿OSŒ„lœÅ9mž"Íäõúéõ5ÅÊñ ?–ʺ|']P®$ú) Oil8Ì&™HÄC×Rªcertvalidator-0.26.3/tests/fixtures/freshness/certs/interm.crt000066400000000000000000000016621453642760600246320ustar00rootroot000000000000000‚®0‚– 0  *†H†÷  0;1 0 UXX10U Testing Authority10U Root CA0  000101000000Z21000101000000Z0C1 0 UXX10U Testing Authority10U Intermediate CA0‚"0  *†H†÷ ‚0‚ ‚©D ß×=-úÓ@q]ÿ¬1øUËuèzBŒ ˜7q!–A4‡…ã“PzÓxÇ+F*Æz_WTò–…‚€ëûȃ&áEïü§…µÝ0Bè&ò¡kß™`uw±f“ÉŸBà—† ©B²*±w•Ì°Ašõ /± &Lk‹;˜Š¯uªBß'pÙº5ˆ›JðìÜåŠEÒÜ@L ãdk"G:*8žñÔ­Ä’ê Uº¢Tñê#ѼBÙfÃ$§”¹›^¿%äÀ[óríàp[¡µ4†92n÷ýT ;¹•ˆ½2xkËfê~ Є»žàL¸ëGQµ¬>¦LÔG5£±0®0U0ô=σÉvÃÚyh²mìâihÏU0U#0€½÷ÿHýXóÜÔ¡^6a ?0Uÿ0ÿ0Uÿ†0HUA0?0= ; 9†7http://ca.example.com/freshness-ca/crls/root/latest.crl0  *†H†÷  ‚ï‚:͇„± r¿ñSmñ\Yfé-üq[(´Ë”Óv<ß@R†ð°XäšQ r’c´—jGAü”Kíb¡A‡GËòºD‘ºàN4ÌŠü¬÷yêÆ{zßODþ€lú-Pð›.¤ ª{ôëá(A'/8¡±£‰–Ýdçal^ å4ÿ¯‹MIþHE²ÉÎüEIŒ Ÿd¦U3löŽ Ö¤¹u1C‡£$,t’Z~^_&›ðÛÄŦ…YÍÛßDuûv"ˆ?&É&™FÉiŠ FPUg›RÌßnv¦åp;ß4pcDñBÛFä}Ç¥Œœcertvalidator-0.26.3/tests/fixtures/freshness/certs/root.crt000066400000000000000000000016471453642760600243220ustar00rootroot000000000000000‚£0‚‹ 0  *†H†÷  0;1 0 UXX10U Testing Authority10U Root CA0  000101000000Z25000101000000Z0;1 0 UXX10U Testing Authority10U Root CA0‚"0  *†H†÷ ‚0‚ ‚­3ÈBÁÄLRÝšû姿D'ÑE‡*=ëõÇ$o&Ûè¹T7>qkdb××ñ2gétWéPGå­ÿsêXŒoþÂÜ 7߶¤ç$‚Ý´a¬VüÕ2ˆ¡ú}@/™5+ô«!^f-7yê”çþóU¦œ/­{¶42´‡U~ oNxoä:aÀêá<ÔÎãîÈ¡Éæǵè'][1õ"G÷ÌÞ‹B×E"jº _‘ÝÏ•BŒöü(R’µÇr´¼±¤½o##k¾‚äo ‚Êx£pœv-‡ÖÄ¡ÆXÓeø_g„¢ÑÕ3­Zû”ÎŒÿµè<ï_f?êóst[£®0«0U½÷ÿHýXóÜÔ¡^6a ?0U#0€½÷ÿHýXóÜÔ¡^6a ?0Uÿ0ÿ0Uÿ†0HUA0?0= ; 9†7http://ca.example.com/freshness-ca/crls/root/latest.crl0  *†H†÷  ‚y² ¤9ÉY[BžƒP°žÄpVªðYò,6Ž˜^3ÿxj™¼}ÃÿKø® Zó¬:~eÚi´®Ml‚r[Ž7Å¥ôŽ`o…÷ÓÏ_…ç‘$D&A7šö =Aùà.+ZšW D;wß“%ß0ôÝùøJh‡|ü@†7‰Œü²Ž˜‚vº“= Gĵù3é©)’î¢6<œU0&Û’‹Ëu>0Q žàd®AGͱÄÆrR0˜ýbã®qš9›úYˆ¿­Pž€ÏñˆïµÁ¹ˆ¤1æ+I|7[&EþÞÕ\!”¨ÊÙð"R[VË‚ÌåÙä°%á²À÷öcertvalidator-0.26.3/tests/fixtures/freshness/generate000077500000000000000000000007431453642760600232210ustar00rootroot00000000000000#!/bin/bash rm *.ors *.crl certs/*.crt alice_ocsp() { certomancer seance freshness-ca alice interm "alice-$1.ors" \ --at-time "$1T00:00:00+0000" } root_crl() { certomancer necronomicon freshness-ca root "root-$1.crl" \ --no-pem --at-time "$1T00:00:00+0000" } certomancer mass-summon freshness-ca certs --flat --no-pfx --no-pem alice_ocsp "2020-10-01" alice_ocsp "2020-11-29" alice_ocsp "2020-12-10" root_crl "2020-10-01" root_crl "2020-11-29" root_crl "2020-12-10" certvalidator-0.26.3/tests/fixtures/freshness/keys/000077500000000000000000000000001453642760600224505ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/freshness/keys/alice.key.pem000066400000000000000000000032131453642760600250160ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAur/lny8tfApoYtFP+tJNacpOPlkOlkRXXyW3yPHRI8BHPxtw VwB1ur1GRz17gWFkHquRZjwfCRP8iP/NJ2EJrHWcdVrhAPQ1B6uD10vzIoZKqt++ 11V8HUyfeFtag+P71R5F8STaKhS9MTWb2DFq1I7ouWhZ/Nemlk6hldYKm/9rJRCM 5Xij4AiPtSp9QIfp0JvVxLoQtxIza+OGODu91snEdsLAOyA+31IQxuDChJdtm+Vw UKQeVNd4bOktBwQA2Qd2qutAu+OlaHOqhH02+eYdgzgs+k0HRu49bXOcLAlkGaYY YNx8icTHn1/+GUzrB9UeadyZ/vThQYTP2Ex62QIDAQABAoIBAHk+n2EjKx+uTili BdAte48khnoaLctHoYYnodO3k/XnHxqMwPnrVYQg4KDd/PJ5/Zuf/i1m+StWq41y ropTiQlL7oGOuCh7ZHaPV3CPYdJXZ+DalTeOy57mIV7tyK16dgTeu8AdEftiLZbm XEEXjGlmQxgk9M+gXwqVEHmMVqUCKm5vivVU6QYyYv4qyf0XiyhMdFs2MrynOn2N qdEMW588p5HHqsO/xU7YRxZG5HxIzix7y70SKe+lq6WHXPCpKdFoH/QeB5eNZHLp f+G8UUvSPcl18u57VherbdALsphcrcv4uQaLUv4Jes1ZWgHpA8TAyr//Zibubuna WrX9sjUCgYEA2zF1lEu0Pq5VJ2fm5Z0A9wmLVkdFfm3WrVmN/4Mml63tJAd4MryZ 3y+ZHbEpmjuxkePK2SDc89/hOfzMWkxYWrx8Qku/f3856AwW6HiBoCxCvcV6iXdK 35ZGG4pzYesQFqP/bPMtIw8QtW82MGaPPupyG+AE5rrR8XTsmWBYs9MCgYEA2hvF tF+NKSwGUinW8yVWg2Y946Z5IFUrbbALzXt17Y1Ljkex0XeaQ6hM7ArFenC1OrtA L9o6iLInK0eoLsPNlelRn6VqLDbpSXSPtrjf1yHAv9V+8Ya8si+cGKX9VGhWuKQp hkfIylxGT7JhJeNJ5Z9umdIntT/oyAD0k3umZyMCgYEAum+8IbGuku33UfgnRcAg NP8yO+WNL3c/dNzKUb180uDF5rJPw1/1xQcYRlANIbmKVJubSsmQBgKz8H2cV2W+ dRcC3eTN8iUF3OCDj6IIJ3PeJMnWaxxDXB/Wa9B8SZoFaix9sm64QqyqupfoUIy7 ZHlHK3yEzreyoJyiLebsK68CgYBWiCgy/KnTiNzlIiZehxTAwwKQ3A44TrIRLYQx POc3nRQ52aXpterlJtOF3mwkvKyaJYo8sfcBHrU9jYtjKlnZPR0eGpF6Azsg4nbW BpkAECsZsMlRZ6RbiVoDyW8tWsv1K2QyGy7FYkCfA+VZE8jQqiVGL8ODPFzNZNuj 263UQwKBgEXtI1kpfEGMp6EVO2v7Fh2cH50dQWxlSMpflz2VPY/2Trcm2aGrvCvf AObSlgx1Yh1nUu/pHJyAVLFnCyTuxYG+NSPcnUyvATginEtjgASdkcFouKUBdH5V gMHjwfe/P5gdoCgrhPx2w7GAuwT8Y4i5X8RbETPlY0a3ej51o8FD -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/freshness/keys/bob.key.pem000066400000000000000000000032171453642760600245070ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA3gs9cXiCWjzomXEU7BfCFQGmtssxHbvD2mrPgvuRXXQrHlTu x7BfwuDpXewGrzuIp8rqzU+EcPaLViVMqrBRyWhgOEJCwkB4T/7T9mQ1JLt9Shgz MAk6nbrMfUFtdYUIAzA5D9UVatwXzGPm7zhBlw+jhJKrwLdwM2j12U8KN/FOiMEV gxCpBKo3UP/3O1ESXl0cqKfiXPe9VZHguxYnmiXa88x5pAu9EXEDsOrBvRrw05qT Ai1s6xQkmUAMqlKnV7dpkLfupZZzCNJAhEst5HTYmi5BCs8V5qsiNZJEd7anr2se irmBxkT97/f4YI160Qn088Yr6wbyBih7NxHS5QIDAQABAoIBAQCXKKG4iKh80/Ao 3UG4A+h9MnWTBTq3miaXn5UK/0WTkEz2Ri2Txa87VK+p388hJe8/AzXbdSGdYUmz 6IqLvKLA8Qxn4DvgT9FX7AvSNZ+0FOsTMOxP7Eh6LjudnZftpBWzTfXaoF4HNDQD UZNaETsdomjYDJ1eAcMhTHfpaxRyxc/hbQ0LQZ2AkrSAKt3yKKd0iLar/jDTm+xV ivXHKgd8QH+L8wYkaDFGNb3QniV9LQWZFKR+6lyPCimxjcVzo53kTmAYwsbte+Ct zOe3MshUmH9y5FQ1yHLC2l3PSGcYEGMxpT604govbgOyOXob+OKthD5ZpY/jESan WONEgxVVAoGBAPHlMV3BY4OGDBuf+UsbNkTI+oJMHtV2bSc5C+lZE2EBapf5hB+j HjHf9W55+e3xmbgsOjPBJ/HOH0xVhaSsjbe3H6Oh7Nd2e1wnfn4G7hRx5hUVMGVH sTYAUhzJM8rI1bwwUikdfubTcquX6k/2n4xAr+5FCS7cXaza85TO+xmLAoGBAOr9 uQFvqlSbqvX4g3Gwjg7wJE9uTQmzLSe4sq46h2ZUMngmIn3qSK6QzU8MbCojYn7n QBHW9h4cEBoKaKbEpy0DPpLuzja8VIInUNMcrnvf6EgfOtXbbjQFyRAcBNWdRwaa PcntIr2Y9TmeHPQSfQWcbMFxZ8ykbwryyC9JwvNPAoGBAJ6lOHlK6l9KPQqpIrDV igQW4+Us01QgtXnx+hPyrbkDWsuNg8/UBWukfK0WJoqd17lomEt1NSNrki9YL6xO 1ytUWNXSzyiItmM8K8Ov+9lA0iull/X0zQ6jqzbh5qvqh/NCpb/9bkspBp3vpmcH UqCDlF7qvBkVwgIqH3LLRPf9AoGBAMygxrK+d1eX+saYcnXU5c+SRDw687DHq0GU r1vSscdk+FHx+0Ukd8gzZeU5DxOeno2deAhQ5R8RFuBmQf0+78jds2alt0Kouvpf nB1KM5LBRvdO4qAJpax9gTma/Ia7n3bbZ4ToD8GEab6TtejAFMiHD5lf1KC6a8vf 4Hx1QeM3AoGAGVyG0jTe7P5D7/RupaeY7rjTxXc9r6OL+BF2Z2NI3jtgUmDOonMd NzMQQcEbGO0qCc3ZZUCoBUnAAK6lAVfRBxxJAhA3NdPO2TFcpjDS5kVcxKGIr5jW g+T2EqCbIeMKkZFVBbrRBEb5XLKpNA1o2+pcuT2WU+y/xVbo/Q7M13Q= -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/freshness/keys/interm-ocsp.key.pem000066400000000000000000000032131453642760600262010ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAy4bwiAogsjoha2gFNvb26EHtep6u/N+THup/8MFAPc+itgFv QqhaY3HH0YKd4jwaJfX1QNyNPQY40aqRyo1t+o+LpEEoCIoqCn2SAwKem93sTUaa QDVzvR/fIumak19hEA/SuRFLE/uAFO3ErRTMPIqsKDz4RNUWk+7A64O+3dN0zglD mgmu4r5BP90AXhsQFYdyn5S7VZA2HaQt0tGB/snr3hHF5dwrzQuvg7kn04QK3Oyj C8Igtv7qwnMhYafHg1mhrpdLz4SD1hUZ5kPvV844raY+Y7dSEk4jVPHCI2DpOSGB e6H9XuwtmcJ+tch6qq5eO9GMexSZtA3GSCDH7QIDAQABAoIBADREHPTylN7wKrDo b55j4ZhXheLdaVarG57u3Zg4KIU3EzPmPmpBzaSIDaZyApWclaJ1/VuAyAyJ0oGV agc4NqwHvPabfOpkgNNc1+hJ/e1NGmfl36rpjyVcT/MpRnbeIZD8X0MDe+JPzd6S CNXh52kMu5VBwwf6KOgoggZ5OMTCGXNOXMCXXwPBQO14hg62KKEf8JrJqipqEPNN 4J/XkkGBbFcGVLwRqw0JlifLebDU3jAOTtG/QDsrgGmGl5jpEs7DWwfKxXghylya eFy6dtFkwktfzQJ1veapyhX8SRY+nPR/u222Czu5xbTODFwY//zghMxBzP3PRi7C RA3F3gECgYEA8C4GlJGuvp4Eq/exfMWl8VOh3T3xcme87wczi4R4iKbralnY+CmR ORDky+YvSV3w9M2ftfDbTa9ILen5rIbap+H0FrKzNkefNbEnIX8ihdeq5oVLVrCJ EpZfgx0jfEDkbFVURBRDgtSuuDaFcy7EBczv4JC31b4iSppyba+FXMECgYEA2O7d 5x21odLh2e7cFvh+/KKNurKtdjIO2nXzuRDcqzQZEgN3YpVoUZRhfnERQQ1Hp6UP TwB2x+t0uoSWCTMDtGVXZl5199sUksUeU48Xn4gs//Squek6mAFtkJ1whuNfggtu UyIq1qFn/zhogAp64zVKYCW4zRqkTrQ7/djb+i0CgYBdrBW06/yTK133E+uNFija Lhv7BaWdUQhG0TAxQcEgyrkWCWStpMiW0RfqziOzIYhQccHQW9esPKiR/6b4ur+c qmtgTuHGUbiuYCE61zLHsI1eyq3PaZqMPUmTAVJNq6Fq/vyWcLDD3d8myVzSx3J8 MKl9k/Oe0UDeh84JKWOCAQKBgQCCnbB2i+jk+riKI8vY+N5c9vMnSpYu6I0Q9Jw+ /ewgGUpPEk87yIH7PMBHBYVCCeDvC+9fvgPG8/pgo5xDBbhhUfOB67ZT+lE03gMY hLvQjompw4NYVRm2lIWH4YPzc8v53TAcViI9AQpBHZGuJqE/VMLniU7wD+6GhPbq LTymMQKBgA5ST+G30w51sFRJJULSfB2kXCeRs6dDDuLwZWLXAtBfyUHypx+OcLzR 49YBt8cE/IM6UvvMGCavucU9FOgfk3JQEg9uHd7ky3z5vc8g9XZ7f/cURbix2lPZ mhYZPLA+/xQdxIk/zOs8MV/QLja/YetW7kc657iRMnlbKBjgTeCT -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/freshness/keys/interm.key.pem000066400000000000000000000032131453642760600252370ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAqUQg3xjXPS0Q+tNAcZ0GXf+sMfhVyxgBdeh6QowJmDdxIZZB fzSHH4Xjk1B603jHK0YZKsZ6XwdXVPKWhYKA6/vIgRmDJuFFB+/8p4W13TBC6H8m 8hmha9+ZYHV3G7Fmk8mPn0LgjZeGoKlCsiqxd5XMDwGwQZr1EwkvsQkZJkwXa4s7 mIqvdapC3ydw2bo1iJtK8BIf7ATcCOWKRdLcQEwg42RrIo9HOio4ngfx1K3EkuoK VbqiVPHqI9G8QtlmwySnlLmbXr8l5MBbGfNyEO3gcFuhtTSGOTJu9/1UIDu5lYi9 Mnhry2bqfgrQhLueE+BMuOtHUbWsET6mTNRHNQIDAQABAoIBAGcOoezzlOkcbUAq KwyBjITizBbImoPDI/CEERw/YwAYkXrfnxUyCCs7O6pPz9i9qpZAYcZXfd4p/BQu d1LmeFQ1wohH3kBn273PckcU8/uuDK697BpvXIbvZtUB7/kec9P7XsSa1VmgLknX hFIyCEdFHy7r2kK3dAuZBj6FyZg0snkPQcsNgocZGA9b6xqC/T0V0b504csmpz26 0SeP2NuBa1vDk8AnY5FXWWuBm4QV9U6qoE3dJG7gkNE2OvybksCPSEGnVXuFHEjB kCacMMQRUEnY0kuy7ZXb21z9bwCBNDgauR+kw8d2Uv2deb0cLxyEMHGaBAMivBvP r7KHw6kCgYEA0UDjHVnfU15iZyAWv6xNG/6grAPhN7KjtJ/1U8Gje5TvikO9aF2u YO78jb3wZAAARItXUoMArivdKG13OddvRtPBgJljaAYdNIM4mbfyQ8sm4FtzVOtE fwL9oMJgEnNH1iwSPSXh30nZ7uC44xSXgaFe/2ix19qNLPmer5xt/T8CgYEAzxRi ENwQcs+/c+lVBDuKR7F0XDKHakH5RKMxU6q8s0uPdaBdbPa4qXfM3LubC0XauNSR jpe0kAlhir5uPjCAd+gWBGu0SUUJAZnMEGxiD+YeVCvk7KO3vcJx0vBVDdmNrmjk a1L01oQuNPv5fAr6f1JkeffWpg5Lfh0UXFnkuosCgYAFNFXxvvB9BFXyNqwaLFDm p1ibrqUFW54Suf/CC4jjY/rpN3IYjGvv4UHKzLST6CQZkFWlqbh0nIatoLtcZu1P l6iyaB4+0hgb3D+mIxsVcJIQ9nVR4WAcwJhKTUtSaieZPhNeDfkmMpIHDPPMQhDa mobgV1xFAByOx86Yk41wxQKBgD2qWDmlDtDhxKWDymlkQZ1v3rLF6UVfOBeUcU/0 /BR4X9QrWSblob/1iPACff0xZBy+UEoiKwbphD6IztN+JgOO/V97o0heYnwzjG0n mVwartVp7NX7OvArQzIJl4p0Spixa7P6FCb9XbUxg+3IZygbJQidITJ590kq57FI o7BZAoGAI+JNLXIinUrFMhQYWxi4h0IDyI6nhVpazu2+Q6tnfHRKItP2e6X6W3Xs 7FqDqpHgr0b29m9fLXwGK5eZMtqZ26zrr2uNgKNsUhh9XeDq0F/KECh1aTdpUDeq /X1Ytv9OsTKyxpzXzP+Pj641jrgSgGCAaGIy9F2c4DkeFuHynOM= -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/freshness/keys/root.key.pem000066400000000000000000000032171453642760600247300ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEArTPIQsHETFLdmvvlp79EJ9FFGhsHEocqPev1xyRvCCbbkOi5 VDc+cWtkYtfX8TJn6XRX6VBH5a3/cw/qWIyQbwP+wtwMN5DftqTnJILdtGEdrFb8 1TKIofoCfUAvBJk1K/SrIV6BZi03eeqU5/7zVaaBnC8ZrXu2NDK0h1V+Co8Cb054 b+Q6YcDq4Rw81M7jHu7Iocnmx7XoJ11bMQb1Ikcd9xrM3otC10UiaroKX5Hdf88I lUIHjPYZ/ChSH4GStcePcrS8saS9byMja76C5G8Lgsp4o3Ccdi2H1sShxp1Y02X4 X2eEotHVM61a+5TOjP+16DzvX2YPFT/q83N0WwIDAQABAoIBAG8fXOmvpcCOHc20 tWhFZ3XgZuRT2NrDS4/E1sA4mN/zBkXXeigU9YQRMavU7Z+7Bj4avdhcAHTUiKMK 4ACF1pjTSF0+jrwLv+xPqlibeaCj+kS63qXuMQky/OvdBQ1/OkUESdMz7fNfKUuX /IdH5FjcZiWNdnz+dSzSJ074w9ADWHIjEg9ixmw0xU2QbulOgJabuwuri20kVyuO cDrl1zW10e7iiog85HHEIFwTXfen+wb0QgH/mt1/BS+3ch0dmP0i8Dx6wZMqh7P9 RQU6N/947jwgHMP3HV4SDcHLSznIB+G/veaFotL0IDKHbhdQIZTGfIUJXIx5RTTD 4XTF9hkCgYEA2Eg/GNtOwtlQILGpkBLvEgq9dlttQYjBeSBnXbNhI5NHMuYq0piF xki+Io3zonLKMJ5LZCMLYesJm+WMGVLZ2d0F7NSfvngI1nApa70Nsux3EeZrcFTs u88vWJCCXR8++x21iUk1M0SHxdXfPc89l+a3C30XYTD3MTEgkdN3ChcCgYEAzQJI ZwYV1JH/jE6AIil472YIBQXBB+YI6Dx2V3H7XDzE7G6IKU7VuxrvZA1i/ODKzPSD tBeCrhnUdqTOwb/Ba7CRL/a935tYiOJRQb8fM0Kyy0cO33cPBsbjOeZRMNdyhVKF 8eg2qCMPuEYLVdumQQl2wNbKcEUbgxgd+Icxxl0CgYEAyp3EHrE1c+zJ2BcYVtSm CyzsmXjFPeOz/JmSvIFTu1Q6G0DtVSV2DXAQT6bUW5dWO33P+xupii36boX5Xa/0 Ttl0t43pqTIidWHWLAyMTNaiJa7LcAzfSoKqRDn9JugixHXsn5RptoG5AGmAHhOM DEYjrSufP3nz2a3AaVzF5DkCgYEAqpVvsWn62DnzrcfUDpj7rBf2LFexWuUqHDPT NMf/I6zdHu6KFfUnGt06vMH2z/wsQ4Zh4IR/lGahx2czMzxfsT/mT0a8j0cv0Bah Dlf9miWxqDukQIVM15K+l/rxK/bZr94O3k8ey6EA/5Ao9nQiTpOVYLhZEjouvlJe /eFgpXECgYAviXclHhkyJ4movlUrbwlkE5/ezS90jM/1Y0iinCxEfjzN+p0YmlGR rbtAahdSHVr5YeB2d5aBDWhFv4GJifhZPUR2Gy5Zqgnl0UQWyVSWx8wFDe36Cjku eDS/6nCP0f3M3ZHbRA/Xm0mBnc9uI4yD9bTG1ly2KE9Tpu+gggYEFA== -----END RSA PRIVATE KEY----- certvalidator-0.26.3/tests/fixtures/freshness/root-2020-10-01.crl000066400000000000000000000010131453642760600241720ustar00rootroot000000000000000‚0ð0  *†H†÷  0;1 0 UXX10U Testing Authority10U Root CA20200922000000Z20201002000000Z0 {0y0 Uõ0U#0€½÷ÿHýXóÜÔ¡^6a ?0IUÿ?0= ; 9†7http://ca.example.com/freshness-ca/crls/root/latest.crl0  *†H†÷  ‚‡ŠßÆ@H ]Þ±Ó«7¹ÎÝv¤]ݬ6Éê¼7ú%Qµü{ÑU“SºMž4NŠW2Â…EÝ×î‹Õ‡F«ËÉ낲ÞücÌ?éå ¿å˜ËNÄ¡˶š’ß<Œ$ühαýÎ9¾ÒHƒ¬|‹‘ØYG&ËMHž{VZÎ|Qß8s´Þ„_ÅêÝp£KŠT0"²¢ ÍñN(l¹{t›’0biürVz÷˨À‚øQ"n„ªˆ´O ´´{iKÑ«˜ÚT¨}ûÛ»À3'æR¬Ôú²óZ·ŽS¼s(hO û•Bâ×-è >Ýs# >Sm9¿ï»certvalidator-0.26.3/tests/fixtures/freshness/root-2020-11-29.crl000066400000000000000000000010131453642760600242050ustar00rootroot000000000000000‚0ð0  *†H†÷  0;1 0 UXX10U Testing Authority10U Root CA20201121000000Z20201201000000Z0 {0y0 Uû0U#0€½÷ÿHýXóÜÔ¡^6a ?0IUÿ?0= ; 9†7http://ca.example.com/freshness-ca/crls/root/latest.crl0  *†H†÷  ‚vc˜Ê5ñßÁèø‰˜&Æ.Äù6â4,0«?\ž&?y_v,¸o7³óoÕÖN«((™{‰£r®º ${GîªäS¯ j÷I+ìò™bß— Vµž>ºKg ®&?º¾)æ>+Ps¾ÉbùËÍ“ŠßÆàI¸íÖ¡Õa¤}AÙë5êîãíôZ]q§n›ÙY¿ÌUkmÉX™4ÊhËâ4]˜±Üí®böˆ¸{?‘=‡Ç5 …<µ/èìˆe‚"_šÏþ´ïÛ߬]Pk û1­÷Bÿ[áÚWlX-rÄ}#/SJ¹õ_Ï«TGKÔêðQÜßs["‚ð­fcertvalidator-0.26.3/tests/fixtures/freshness/root-2020-12-10.crl000066400000000000000000000010611453642760600241770ustar00rootroot000000000000000‚-0‚0  *†H†÷  0;1 0 UXX10U Testing Authority10U Root CA20201201000000Z20201211000000Z0%0#20201201000000Z0 0 U  {0y0 Uü0U#0€½÷ÿHýXóÜÔ¡^6a ?0IUÿ?0= ; 9†7http://ca.example.com/freshness-ca/crls/root/latest.crl0  *†H†÷  ‚óÏ[bøXÜL‡³îµ ¼ÍÍlTZ—lN#7Llç/›VèÔ)§uê^bÂ*–·î¼„dò_¤g°ÛÉ Šî+„s52²™~Öd¯S®úÁA™°hFPàw)8B!PÓš³Ù6ímÝC,C[cЫ;ÀB@²‘O:^« I0Ý”nª¦ÕrÃØ“R¹b–F¨P» $kòàe£­ýÑöιÑ]øòõÑñµ–%Pþ™G ¹áKÊŸƒ/7â FbN-¾rÉØã/{ÜHâoµнo׶â%qM»NÅCQPh‡`ëx›—«ê¥îÎ)Mºß*©ð'certvalidator-0.26.3/tests/fixtures/mozilla.org.crt000066400000000000000000000042741453642760600224530ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIGRjCCBS6gAwIBAgIQDJduPkI49CDWPd+G7+u6kDANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA1MDAwMDAwWhcN MTkxMTEzMTIwMDAwWjCBgzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju aWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29y cG9yYXRpb24xDzANBgNVBAsTBldlYk9wczEYMBYGA1UEAxMPd3d3Lm1vemlsbGEu b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKruymkkmkqCJh7Q jmXlUOBcLFRyw5LG/vUUWVrsxC2gsbR8WJq+cYoYBpoNVStKrO4U2rBh1GEbccvT 6qKOQI+pjjDxx9cmRdubGTGp8L0MF1ohVvhIvYLumOEoRDDPU4PvGJjGhek/ojve dPWe8dhciHkxOC2qPFZvVFMwg1/o/b80147BwZQmzB18mnHsmcyKlpsCN8pxw86u ao9Iun8gZQrsllW64rTZlRR56pHdAcuGAoZjYZxwS9Z+lvrSjEgrddemWyGGalqy Fp1rXlVM1Tf4/IYWAQXTgTUN303u3xMjss7QK7eUDsACRxiWPLW9XQDd1c+yvaYJ KzgJ2wIDAQABo4IC6TCCAuUwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG 2eIwHQYDVR0OBBYEFNpSvSGcN2VT/B9TdQ8eXwebo60/MCcGA1UdEQQgMB6CD3d3 dy5tb3ppbGxhLm9yZ4ILbW96aWxsYS5vcmcwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRw Oi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0 cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUw QzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl cnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzAB hhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9j YWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5j cnQwDAYDVR0TAQH/BAIwADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0 GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZuYWiHwAAAQDAEYwRAIgZnMS H1JdG6NASHWTwD0mlP/zbr0hzP263c02Ym0DU64CIEe4QHJDP47j0b6oTFu6RrZz 1NQ9cq8Az1KnMKRuaFAlAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16g gw8AAAFm5haJAgAABAMARjBEAiAxGLXkUaOAkZhXNeNR3pWyahZeKmSaMXadgu18 SfK1ZAIgKtwu5eGxK76rgaszLCZ9edBIjuU0DKorzPUuxUXFY0QwDQYJKoZIhvcN AQELBQADggEBAKLJAFO3wuaP5MM/ed1lhk5Uc2aDokhcM7XyvdhEKSHbgPhcgMoT 9YIVoPa70gNC6KHcwoXu0g8wt7X6Vm1ql/68G5q844kFuC6JPl4LVT9mciD+VW6b HUSXD9xifL9DqdJ0Ic0SllTlM+oq5aAeOxUQGXhXIqj6fSQv9fQN6mXxQIoc/gjx teskq/Vl8YmY1FIZP9Bh7g27kxZ9GAAGQtjTL03RzKAuSg6yeImYVdQWasc7UPnB XlRAzZ8+OJThUbzK16a2CI3Rg4agKSJk+uA47h1/ImmngpFLRb/MvRX6H1oWcUuy H6O7PZdl0YpwTpw1THIuqCGl/wpPgyQgcTM= -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/multitasking-ocsp/000077500000000000000000000000001453642760600231525ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/multitasking-ocsp/alice.cert.pem000066400000000000000000000026301453642760600256670ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIID9TCCAt2gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCQkUx FDASBgNVBAoMC0V4YW1wbGUgSW5jMSwwKgYDVQQLDCNDQSB3aXRoIG11bHRpdGFz a2luZyBPQ1NQIHJlc3BvbmRlcjEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMB4X DTIwMDEwMTAwMDAwMFoXDTIyMDEwMTAwMDAwMFowYTELMAkGA1UEBhMCQkUxFDAS BgNVBAoMC0V4YW1wbGUgSW5jMSwwKgYDVQQLDCNDQSB3aXRoIG11bHRpdGFza2lu ZyBPQ1NQIHJlc3BvbmRlcjEOMAwGA1UEAwwFQWxpY2UwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQDhc4JuHi9+Lr1GK1+GpMhAYvrJ9IAmKPFDrYQKX5bs ReHHGhoQh3Y2WtT8EaVd2wxhUKVG4TbtI7ggZGG0RsWrEDp9QlAxewwgo87TRHe+ /VsEZQOXZ6ljBVOSI7aGr0mJfggNQLHtnncau1IxGa+JCJuwA5VFaXSsSyLSRRD+ EDo6r+bBDbohgiqTKm/yRpr5y8UXr8Q2UPISA1drNO5KwqIPIUQoYnt/ZgzZmf0R /yW4DBOphmPfWwwJ4bvMR+NYgaPBnphJphXrMfGD6zIr3Fx5N0Dbdi7CggBmZRud X7K7Ygt9e99ltPnXNPT6CE0tDTLz/P9/HUJqHd5LSQbrAgMBAAGjgawwgakwHQYD VR0OBBYEFF7Hp7rUCmetna56Pa0Uaji1cwq4MB8GA1UdIwQYMBaAFO+/elGLLqQu Sl3SzudheM5qNklPMA4GA1UdDwEB/wQEAwIGwDBXBggrBgEFBQcBAQRLMEkwRwYI KwYBBQUHMAGGO2h0dHA6Ly9jYS5leGFtcGxlLmNvbS9jYS13aXRoLW11bHRpdGFz a2luZy1vY3NwL29jc3AvaW50ZXJtMA0GCSqGSIb3DQEBCwUAA4IBAQCFJ0rhyGs1 BX+gE/JZeGXxMi437ZuprOfSv/uZiWYe1EKPztfKFHZqiFHfFLOMugmkhNKeEFjO RbHYeiiPCWT+2jdATPk6sbC06FR4epmkC2c+4XbGSGmShmlZ/crcS8objgGTbhZn btrqjEcgK0wMs/psm+hYrF2ZAymRwS5OoUncJEuvi72hpgpMtEuSb7yzZ1WiEwea erQUfcU/mQMmbVXO6NtyQWCxr+n1HJYaYTp43Fsqjqg/yR/RAtnBHmiT4C4iPf73 KMZ1MmoH1GEUb8xv9YwAyhw0RLJboFFqtHb0UWfnQDE5kRkGiHT9jENgHWuQRvin JlE7hW5d6/ku -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/multitasking-ocsp/interm-ocsp.cert.pem000066400000000000000000000025671453642760600270630ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIID2zCCAsOgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCQkUx FDASBgNVBAoMC0V4YW1wbGUgSW5jMSwwKgYDVQQLDCNDQSB3aXRoIG11bHRpdGFz a2luZyBPQ1NQIHJlc3BvbmRlcjEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMCAX DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjB3MQswCQYDVQQGEwJCRTEU MBIGA1UECgwLRXhhbXBsZSBJbmMxLDAqBgNVBAsMI0NBIHdpdGggbXVsdGl0YXNr aW5nIE9DU1AgcmVzcG9uZGVyMSQwIgYDVQQDDBtNdWx0aXRhc2tpbmcgT0NTUCBy ZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4gXqgUVYZ +FZcPyXedGfVRyKdrrB3u/WFo39tSIdbabmR6kpHk/B5HFPPKbZn3kHmXXL7z7BH jNqN3sZMniAf6gVi870KVklAgcOXtjlBklnMHwV2yOZLKwiO/tIljggQ7pfQ79II qjQclKt3UlhlnVoAnBC+nNaGAbfrPuhadBlK+nm7H33xB9qsLFKexHmddOaP/A4c CCzXaMr+72mTMG4i2FIolWDNPNXJHBOfx7F9S3xBQcZAJ5Dt8hzv1pimOZCPKZie ctHKtxl21y63yinkqNEe9GFNgweuhX29Va6GwEyYH2+qe/6jJA7dh7VxZnUtr9fZ g+kWuhXh96O1AgMBAAGjezB5MB0GA1UdDgQWBBQ+8fy62NfWBdTHEttKUV8ebHN0 CjAfBgNVHSMEGDAWgBTvv3pRiy6kLkpd0s7nYXjOajZJTzAOBgNVHQ8BAf8EBAMC B4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkq hkiG9w0BAQsFAAOCAQEAGacwon6DYXP7lUFHrZ9NDC2YiqsFwjdv7HbmZQHPqsMB X/Eu3lBooTZjbyQR0LFVbDb9g7QjKyumIMYktwt+/EshGEf0fM3DRPnXght2X64a N36FgRFMCNlZkblmPyPfQSz7aCXjjjNZhtL72mOFHJnMlcfwzyTkGmcSmvMphydo zREIUkM5NMUNhDSGh13fwdG/7B5XgLLWizuQ2PuVE3HNBz2F6TvOK/tgbGMKrxb2 Cj7Bvk3/MSYsZYYeAQpbtdGt8ZLWDdr/efEiNF1LSYJFDyZ1/1nEaDJHeYGi2vRu 7t6ErYJgE44e1cCmJz6pDq6iGnJgPEFkZX9VaYlHVQ== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/multitasking-ocsp/interm.cert.pem000066400000000000000000000026701453642760600261140ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIECzCCAvOgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCQkUx FDASBgNVBAoMC0V4YW1wbGUgSW5jMSwwKgYDVQQLDCNDQSB3aXRoIG11bHRpdGFz a2luZyBPQ1NQIHJlc3BvbmRlcjEQMA4GA1UEAwwHUm9vdCBDQTAgFw0wMDAxMDEw MDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowazELMAkGA1UEBhMCQkUxFDASBgNVBAoM C0V4YW1wbGUgSW5jMSwwKgYDVQQLDCNDQSB3aXRoIG11bHRpdGFza2luZyBPQ1NQ IHJlc3BvbmRlcjEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwenaz96IFfFJ2NmDNBkRD1AghHuxV/dOfznJ djI8j8od/72n+eNixkFnQtZn93zULDLtnammU8FEKyicCLNO0Fe69Z6MN6ylDRvG MhrXWXysreo4DrH2meSgeeLFLVhsuCyk+HD6tLxFp5vJRaPdZLyalToxV1qVEisE z2CVfq4gZioNuQvvA9i+aCnTM0MXfKPStJACNHwxdQj26rQgfxiM8DdgqttG1/Xa c022TpbyLp3QOIS2ATXH154oDy8pXN8d2McqaAaLUOS/TMSnHgYK79Un4LRAKsXm IFGXv1EHRBu40ctCSGBSkvxFrx3CeowF/r+uISniALJTv+u02wIDAQABo4G+MIG7 MB0GA1UdDgQWBBTvv3pRiy6kLkpd0s7nYXjOajZJTzAfBgNVHSMEGDAWgBTxtHmV ArK0Xzly/bCPwl+vW5pQtTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE AwIBhjBVBggrBgEFBQcBAQRJMEcwRQYIKwYBBQUHMAGGOWh0dHA6Ly9jYS5leGFt cGxlLmNvbS9jYS13aXRoLW11bHRpdGFza2luZy1vY3NwL29jc3Avcm9vdDANBgkq hkiG9w0BAQsFAAOCAQEApOiTiSklkQzyH7SVg7UFZ9G5ORr/rE3i/0cd8LTki1WX 44oM+oeuXmNYps7sRr2WLEkuPopT72/i/r35P8y4/ZMY3vEXH6uJnzFW+qiLmZBw jfDHaqDr4r9zRWwmkJ5icQoBITnq2f0el55UXs+crh69VN9Ud9v9vSnvekb4RQLN 4oIKLRUGdnK4LCz/IHaqNNJahO6z+L4uSlvBxSG5nwcwOJlEf7u1PfNd1Cg+fFSS br8CeQztq5TUBMFeU3FH/qLGLN994p/CH2b2D2WcJ/16gDTw7To2Z5ARiz7k7VWt 1I+ii8aXqPkCWS5ChrjNfGX0yf54Os8M9pTEPoz0Ww== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/multitasking-ocsp/ocsp-resp-alice.der000066400000000000000000000027521453642760600266420ustar00rootroot000000000000000‚æ  ‚ß0‚Û +0‚Ì0‚È0Ê¢>ñüºØ×ÖÔÇÛJQ_lst 20210819121804.364362Z0s0q0;0 +áßýýçù[*[¥KŽÂjðÉ] ®ï¿zQ‹.¤.J]ÒÎçaxÎj6IO€20210819121804.364362Z 20210819122804.364362Z¡#0!0 +0D=a!Mwäüq†¹nÌÔ0  *†H†÷  ‚:åÞØ0á’»ÿÈfÜþoa}SbÆÖðò­ÿ´ÊŠ‹Ê\3#ëÍ ›å‹„e#¡—ãA™º s0ÞqLóÖt·±ˆ9\\s$BÑŠÔý*{"‹§Úí„%׆Z‰V[XlâèZ>Žmê)#Û+O™mŠ c»Œ¥¢Š¬ß'3%ßYvR¨pë. Îý~Q]$Âzà±Dèñ‘VÃ?j7ñ; ìKv’ËÂö…”ñE‘®`Öá·¤¼hgš¶3áçÞ¿á~ìÞ’¤KrÊ¥mBÕð‰ä%uþhë ¦•m4žÑú31\ Wu€»Äj?b[a&ú3g¥ ‚ã0‚ß0‚Û0‚à0  *†H†÷  0k1 0 UBE10U Example Inc1,0*U #CA with multitasking OCSP responder10U Intermediate CA0  000101000000Z21000101000000Z0w1 0 UBE10U Example Inc1,0*U #CA with multitasking OCSP responder1$0"U Multitasking OCSP responder0‚"0  *†H†÷ ‚0‚ ‚¸z QVøV\?%ÞtgÕG"®°w»õ…£mH‡[i¹‘êJG“ðySÏ)¶gÞAæ]rûÏ°GŒÚÞÆLž êbó½ VI@׶9A’YÌvÈæK+ŽþÒ%Žî—ÐïÒª4”«wRXeZœ¾œÖ†·ë>èZtJúy»}ñÚ¬,RžÄytæü,×hÊþïi“0n"ØR(•`Í<ÕɟDZ}K|AAÆ@'íòïÖ˜¦9)˜žrÑÊ·v×.·Ê)ä¨ÑôaMƒ®…}½U®†ÀL˜oª{þ£$݇µqfu-¯×Ùƒéºá÷£µ£{0y0U>ñüºØ×ÖÔÇÛJQ_lst 0U#0€ï¿zQ‹.¤.J]ÒÎçaxÎj6IO0Uÿ€0U%ÿ 0 + 0 +00  *†H†÷  ‚§0¢~ƒasû•AG­ŸM -˜Š«Â7oìvæeϪÃ_ñ.ÞPh¡6co$бUl6ýƒ´#++¦ Æ$· ~üK!Gô|ÍÃDùׂv_®7~…LÙY‘¹f?#ßA,ûh%ãŽ3Y†ÒûÚc…™Ì•ÇðÏ$ägšó)‡'hÍRC94Å „4†‡]ßÁÑ¿ìW€²Ö‹;Øû•qÍ=…é;Î+û`lc ¯ö >Á¾Mÿ1&,e† [µÑ­ñ’Ö Úÿyñ"4]KI‚E&uÿYÄh2Gy¢ÚônîÞ„­‚`ŽÕÀ¦'>©®¢r`ñüºØ×ÖÔÇÛJQ_lst 20210819121745.842539Z0s0q0;0 +ù+Û6ŸÕCÀÊ÷€Æ©…ÿÑñ´y•²´_9rý°Â_¯[šPµ€20210819121745.842539Z 20210819122745.842539Z¡#0!0 +0œß“:«WÜsd¸£xMdOÔ0  *†H†÷  ‚IÏQW!0É|1bé5H€wlåE$¦S%íÐðÓùƒñ¨Z†,Ïò’¹âº—w¦JúÙ¸}núI©f_Ï0€l³fsX²»~Ê› 2_zõñÍËþ¯¬ëRÚµ½àœaþAuÿ|Oç'Ü·âþæf€ì¶åN= lnÏ_Œj4iû­ ÉÍ­\NFC@Ï —þ(IUñv$) ‘ŒXä»_½Xø0~XÛ†ÏSí5×÷9¬h„ÊÃ+"·‰f6†ïϧ«é¯{èX•CC~ÍU†&ò^ M%OÃÿo8d(0/²|1hfÙ*fPx$ø¢Èñ=#èZtJúy»}ñÚ¬,RžÄytæü,×hÊþïi“0n"ØR(•`Í<ÕɟDZ}K|AAÆ@'íòïÖ˜¦9)˜žrÑÊ·v×.·Ê)ä¨ÑôaMƒ®…}½U®†ÀL˜oª{þ£$݇µqfu-¯×Ùƒéºá÷£µ£{0y0U>ñüºØ×ÖÔÇÛJQ_lst 0U#0€ñ´y•²´_9rý°Â_¯[šPµ0Uÿ€0U%ÿ 0 + 0 +00  *†H†÷  ‚U‚tFì m¬w™°)ÒéX…:³J8-¤ËÃ>™i:ÏûAí s¹~²E„Z¡¦8/Ño×­Ázßo מöÃeÍj¸€_¥UëúÑ”*JVð‹ÓZÕüý?oé½g µ ªêW“p”vº,â˜Èp5©/áVf(îÛ[¨oÛ‡¿jÛhà>lÑÞý°,îíffv™úùâ9{ü›¨k5[þܛƱ «§\ XZ*)(¼‰Ü#ré]ÌfÈ8;ú{ÑÈžT2Ç´_´îºñÜÖèT) Uv±x\°MEòR#»›#­ÒŸ<ùƒ B)’¨oÄcertvalidator-0.26.3/tests/fixtures/multitasking-ocsp/root-ocsp.cert.pem000066400000000000000000000025531453642760600265430ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIID0zCCArugAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCQkUx FDASBgNVBAoMC0V4YW1wbGUgSW5jMSwwKgYDVQQLDCNDQSB3aXRoIG11bHRpdGFz a2luZyBPQ1NQIHJlc3BvbmRlcjEQMA4GA1UEAwwHUm9vdCBDQTAgFw0wMDAxMDEw MDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowdzELMAkGA1UEBhMCQkUxFDASBgNVBAoM C0V4YW1wbGUgSW5jMSwwKgYDVQQLDCNDQSB3aXRoIG11bHRpdGFza2luZyBPQ1NQ IHJlc3BvbmRlcjEkMCIGA1UEAwwbTXVsdGl0YXNraW5nIE9DU1AgcmVzcG9uZGVy MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIF6oFFWGfhWXD8l3nRn 1Ucina6wd7v1haN/bUiHW2m5kepKR5PweRxTzym2Z95B5l1y+8+wR4zajd7GTJ4g H+oFYvO9ClZJQIHDl7Y5QZJZzB8FdsjmSysIjv7SJY4IEO6X0O/SCKo0HJSrd1JY ZZ1aAJwQvpzWhgG36z7oWnQZSvp5ux998QfarCxSnsR5nXTmj/wOHAgs12jK/u9p kzBuIthSKJVgzTzVyRwTn8exfUt8QUHGQCeQ7fIc79aYpjmQjymYnnLRyrcZdtcu t8op5KjRHvRhTYMHroV9vVWuhsBMmB9vqnv+oyQO3Ye1cWZ1La/X2YPpFroV4fej tQIDAQABo3sweTAdBgNVHQ4EFgQUPvH8utjX1gXUxxLbSlFfHmxzdAowHwYDVR0j BBgwFoAU8bR5lQKytF85cv2wj8Jfr1uaULUwDgYDVR0PAQH/BAQDAgeAMBYGA1Ud JQEB/wQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEL BQADggEBAFWCdEbsDW2sd5mwKdLpWIU6s0o4LRmky8M+mWk6z/tB7SBzELl+skXC hFqhpjgv0ZAfHG/XrcF6328N1572w2XNariAGx1fpQVV6xP60ZQqSlbwi9NaABvV /P0/b8OpvWcMtSCdqgYfGOpXk3AHHpR2uizimI3IcDWpL+GdVmYo7ttbqG/bhwS/ D2rbEwho4D5s0d79sCzuER4a7WZmdpn6+eI5Env8m6hrNVv+GtybxrEdDaunXAkM WFoqKSgcvIncI3LpXcxmyDg7+nvRyBueVDLHtF8ftAjuuvHc1uhUKQIMVXaxeFyw TUXyUiMTux6bI63Snzz5gw1CKZKob8Q= -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/multitasking-ocsp/root.cert.pem000066400000000000000000000024561453642760600256030ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDpzCCAo+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCQkUx FDASBgNVBAoMC0V4YW1wbGUgSW5jMSwwKgYDVQQLDCNDQSB3aXRoIG11bHRpdGFz a2luZyBPQ1NQIHJlc3BvbmRlcjEQMA4GA1UEAwwHUm9vdCBDQTAgFw0wMDAxMDEw MDAwMDBaGA8yNTAwMDEwMTAwMDAwMFowYzELMAkGA1UEBhMCQkUxFDASBgNVBAoM C0V4YW1wbGUgSW5jMSwwKgYDVQQLDCNDQSB3aXRoIG11bHRpdGFza2luZyBPQ1NQ IHJlc3BvbmRlcjEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBANB//m+farVsSmZXTNIJCmQcieVlbHkf0dXe+Vw27S2Op5Fi NkDuLNJCCNsqhE+HhITzPjiv+BsUlJTzOssGqm7WhuNQCaKmtuOH701HImMdoJ4E cLXWycg2rJiR3R83BsyT+FJaGuPFGDc3ljzrG6ChzT/ZrgmjIaSStWX3JQDJhK71 NUTWTzX1gzF+aitx5UZ5CewBQkeUD/EWcwhrBB6/xIrNMxsVPd6Ui6kOowfISQor usdnpxSaxeYeGY2f6Xdc5JtR9EIlY/ErJmAasmQlowXEVudFupX+YG1cGWK3p5NA oXGc1VS7jqNSyqXaJe+D4l6y5AhE4i5A+JcSrWkCAwEAAaNjMGEwHQYDVR0OBBYE FPG0eZUCsrRfOXL9sI/CX69bmlC1MB8GA1UdIwQYMBaAFPG0eZUCsrRfOXL9sI/C X69bmlC1MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 DQEBCwUAA4IBAQCxHeja9Ec3zsylwS0Cc+J9wz/zvaY18vT+gfvtywLhBUysqfCZ xHIGpkBnrGNl2wLlwCneeQEPP+HP4KZigtXG9uIz0ffAc8dIh7RRfPKfqIz+DQBz s0sK28/UP60WylBX4ToF9nJE2ImtJ0JE7u+YTZtW7lyQkoq5HrAt/3T6NK10b9WF 6U3lNOK5X7KobAJp28Or4f67lHsYp5dZ1y7etQgtR03bsmCNsdZQ7rRXvioYNtG7 D39yZcYdGzqmq7Y+WT/7Eg5/oyYEf2hDUNN1rILFwu/SNBdjQNq6D1KPT0S2n8Bc zrpU/PLWstS60n9mEleBIpB2hzLLSo8MsPtO -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/nist_pkits/000077500000000000000000000000001453642760600216645ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/000077500000000000000000000000001453642760600230045ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/AllCertificatesNoPoliciesTest2EE.crt000066400000000000000000000016021453642760600316740ustar00rootroot000000000000000‚~0‚f 0  *†H†÷  0G1 0 UUS10U Test Certificates 201110UNo Policies CA0 100101083000Z 301231083000Z0j1 0 UUS10U Test Certificates 20111:08U1All Certificates No Policies EE Certificate Test20‚"0  *†H†÷ ‚0‚ ‚¾–!ñ„¶iˆ/<·ˆ97 E¯õož]WþwÖ ÁÐìú;£Ý>€jFÌÌŽ'ø€Ä¤PŸ*CätI59HÁùw› S¨m½øî!½LÑX©ÍÚ[ÐË0øL„»Ný“ °«µY¹}¸Äõ˜ ² 'ŒŒµÖ!¯®°]+Ö¹´/¾ÜŽEsìt)öÿT„¡ÿ.ý5®:ú ƒÄ%ìÉ´ºþÓýY¼ƒÝ£ÒÐ_×ÿô3hðmU\ÂY.¡ÜJ¬\ù £—+ä×CÊ6çw½NQqºòîA‹‘ogæ^Ø@MÊ+¯âJÖêçRR©šì7CìøHÜÇ£R0P0U#0€B$í¥Kvœ—˜\tê:ü5äœ0UÚM¯ô¾dYT±€X‡$XêÅš~0Uÿð0  *†H†÷  ‚Ó…:G‚·l¼,L)}“MêªhFrE€û¾f”érPí„Q@•yò¼yŠ1=Œ n ®M‰8ÔÓ‡¾Êôâc‡JÁ›±t_°eÊ÷L°VìQ$å  ŽÓFq¯d'Ú>ù½ ä>9ëÁ<$PÄ}Þ\‘<&¤»(‚ÿÓä’@#a©ÿÅŸÒŽ¥Ì!A™\· –õF´ ¤{Lñ“V¹"âvÝ@z(nuý!ýлƒ÷ñ51Ÿ„¯ ¥r-Àu§P¾ÿB{yv!ÏÔÐÍÖ˜ý>€Mœra"E'7!q‰Eãƒ,ìQrµÛÕÄc×ÎCÏ'³´K‰øw$x6/ ( gÍcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/AllCertificatesSamePoliciesTest10EE.crt000066400000000000000000000016551453642760600322740ustar00rootroot000000000000000‚©0‚‘ 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UPolicies P12 CA0 100101083000Z 301231083000Z0m1 0 UUS10U Test Certificates 20111=0;U4All Certificates Same Policies EE Certificate Test100‚"0  *†H†÷ ‚0‚ ‚Ð"ûŒxØrÀƒ¥i½H“Jؼ3óþ¦ù\u¡¹öTN«):8¿´ýv×»á-º› k›³ ¶Ç2P 7E µŽ<ê1C2ÇÁÛïÇøão•Þk4Ú ¦Š1O½+Yl‘»@sO=moHY‹Ho¡Ÿ”jÕäÅ/0@p®eÖ?Çå㌄§î„ŽŒö¦}Ú*O˜ÄNçHóÄumon58ið0@öòÞŸd'B™;[™Ü!Ñ8e] j4µ9¨}ªúÇà…df¢-[‰\Í©ïMöܪÃÖgäçÌliÿˆœ=™‘²>ˆ\¦mòEžàƒeÀqÕSÛ£y0w0U#0€Ø_5âšÁ7*&΃Ìsp*:â10U –Þ`^EšÅG3µ8ôþ ·0Uÿð0%U 00  `†He00  `†He00  *†H†÷  ‚+¼’ )óK£p‡jøׂŸ‡¥TN¤sL²›A&ú)çD±>»ròã¹6Lpù°`yÔŒ?(grŸÒ0zÖå18÷†çŠ7r)wØ`Õf]Ê<úM5ÃÞàF¥öÚzV߃t 4ˆ!<\÷\” 3y„Ça™Äy¡ {S%Âýœv 7M¤¦2?(g÷r‘4Ž›»î ᙑ]œZï"ßœZFºì×n‡=*´™ûˆ†•³º.{2¤¼MTŠp˜Ú—Sds³ÂÒ’PDü‚ô:<*¦ß5›TÈ¡9£-2¸4ÔOí¨mh¾Mn?'UA¥W„‘Lµ‚7»9Ó°òcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/AllCertificatesSamePoliciesTest13EE.crt000066400000000000000000000016761453642760600323020ustar00rootroot000000000000000‚º0‚¢ 0  *†H†÷  0I1 0 UUS10U Test Certificates 201110UPolicies P123 CA0 100101083000Z 301231083000Z0m1 0 UUS10U Test Certificates 20111=0;U4All Certificates Same Policies EE Certificate Test130‚"0  *†H†÷ ‚0‚ ‚º‰ç|ßmá×OgèšÛ¤U˜Dì,¨!‡+‚‡Ï;7²ÑÓRó;ª‘ÅaÒ1W}Æ­ :¸ªÝ}l€“OÁäí³LÌEi üâlTEú `ûßD@8ÄãñgÜÔÕz-¯ëØ z·ý-X˜—Ûi>ù Âñ$·¯Œˆ Y/ã`rvúÈëÜ•­A¤æ•S]°×¬WŠÁá:R’j½U ² îÇéÜÈ{­Õ,RSwå7°Ž‚(ú-ÈSÆ*9÷¨ž‰ðËÑöŸ¯ š»N8å ®'ºˆ PjÈBo ²Ñ®m]k½ ¤Y&CûZ Ë^ÿZè‡Ã£ˆ0…0U#0€Œ( Ú bî==–¸q“‰êèc0UäˆôQZ¶a .6+FwÙ¨j0Uÿð03U ,0*0  `†He00  `†He00  `†He00  *†H†÷  ‚yµ ÿfþI̾›Âè:U’ËóS, …·ït¹½&Üæ.º3êKèðâº":§gn‰5h”(µ~Ñ¡‘Ñ?Ÿ/ÇšmhändtÙöjÝ}FÁ¼Ò¾ä<C dù±ý¯ õí-¤”Š»u¬ãdð<‡Ï®.ë-–ôÙ÷kÙVoáRåRÒäÇg ? ù’‰øPJÓ¼ÿëÑ+ gZ‘ö‰¨À#E{¡]ºÜ ßž¬x+R±‡$E¦9èôX/·ÑÖbeû!‘:ê¸Ö‡J"‰EF¦à¹ö0T" ‰¯Ž™>° áv3YïÖ‡ÂS;› ¡•³yw>Š ñ¢±B‘–dù¿ fŒ–2’^È\Ã7‰kô|W‘ç+ÑCZÙmâÞbãPq´'  ³ØJýò¿ÅÒÉíMÔš= ÐôÂÌ·Ô*WoЧfg…hŽ”*Fª¯´L¾¬¦tŠR?Ès·Ñ÷¦Y Â_qg™8«&“ î,+å2¶˜trÞˆü\yÑSõÌAfUŒ±ò5P4©£e0c0U#0€»ÉÞÈ•çB⢎®\«$`~…0Uý1î¨oò8H?ŒDË fm«Øé0Uÿð0U  00U 0  *†H†÷  ‚jP©\Y”ºâÈJ§B5nàë8Þ–Ç"«47^|Ƙ t\œJežu™ë1„±Á¨ä&%—Äe ›Ý9ðÃ7d¡š#½±˜UªCÙøó.ÜÍa5Éî‡#Níy嘢³Yp)jËÌŠòý¨Î™5­2BØÚÈ òþ’ø?]æë çA‰¾Å®/ œà8¦\|.™BÉ$T8ºO•<eÂZÖÀ³Ä<ÊØ{Úí¨j3â’ìsüIb6Ï9!!’¹uUØR’~¡´¹Šº"'ãØ…a@ÀÖ-ɧÞÔýzâØÞOòmCš ÍÇ¥›4dñ@ÆøoÕüŽ¤<ä \jcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/AnyPolicyTest14EE.crt000066400000000000000000000016071453642760600266500ustar00rootroot000000000000000‚ƒ0‚k 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U anyPolicy CA0 100101083000Z 301231083000Z0X1 0 UUS10U Test Certificates 20111(0&UanyPolicy EE Certificate Test140‚"0  *†H†÷ ‚0‚ ‚ÊWŒ}a,b¢+yçÝ w PRr0¥ÃMå>f>Í·ڢº.øòQ?áOT*gV—Ø3†; œ ¡è;T·¸4.X3¹fõk,³ý£'iwyßÐnÕ-8¨m_g@9ñ† …=døˆ™_~q„ÛM ¦â îêæ7œÀ ‹ùîRŒ;£8õG$7‡¦. [‹¹øÙIvñw:×ùÙeÊ'ª–L–"áf½I#QEKõ‘ªwÓú"û)Kcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/BadCRLIssuerNameCACert.crt000066400000000000000000000016171453642760600275700ustar00rootroot000000000000000‚‹0‚s  0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0O1 0 UUS10U Test Certificates 201110UBad CRL Issuer Name CA0‚"0  *†H†÷ ‚0‚ ‚Åìo 7aüÆ·©P¾µ_¶á‡'ayª'ñþ©GêA8h‚ª#¾ìä:aüäUöQD•Âõ,jÔ~„hÔ”g0Wˆ9„1ÑÍœ2 ­xûà ŽdŒ3åAÚœÏs¯ˆÎ3˜—ôF[zÎp±TîöpF'd3—/‘*Y ûûŠu¬¯¨gVŸ˜Uü« ¸-í·êî˜Í]*ßKÁzP9»×öÏŽ¯¢RX ³…šóÃÆ´Öàò0ÉÛÆæxZÖEºˆd‘¾_ 8 ϾqoÅ‹åÕK„‚Š¬#šw2×ç¢Å£jV÷’aÅåИ¹U_¤Ñ¸éRÔʺçBé ¸Mp í£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Urò5]ÕJ A(ý”pq0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚+,ô«ºØ‹ƒY«€×øÞ„u•²å­ó}4U£µÛörÓ»õª—̘y”ô¨…C;#ùÎô23 î±O&L³ŒK£‹gyÿ…^†½Â äjŸÅ¸8IŒ³hÓëOÕ.þø2¯ã³›ë è ͉Șj®?2âsìÎ+>L®¾X‚ó¡iØ÷¢certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/BadCRLSignatureCACert.crt000066400000000000000000000016151453642760600274540ustar00rootroot000000000000000‚‰0‚q 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0M1 0 UUS10U Test Certificates 201110UBad CRL Signature CA0‚"0  *†H†÷ ‚0‚ ‚¢˜Â¯dxP÷€«C±Yü,NÞŠe+DÆÛÈBú(½¾è¼dä4£Á õuÓîFf-¦LÃuüBnXÊ>Ÿ”ÛÌ¿ôÐF\†/ƒ¥_ §ò8,ù„(›±=`ºnqÞRñÎA…û•É‘L,0@`ä6>5ÉI_ŽðY©rº[œ¸'m·¬9Òw K(ÖÀå‘Ÿ†týN= N©þm#ÿL×ÎwËîf^ûÞÞ €õý*`[ [ÁÕ;Ù§ŠVCªƒ¹tyñóNX)œ©«— ë>G=Ú©³8³…<3çºÀ¹ø‰n“É£ÃØÍ2zcm'œõÔÿ4HÞH>:­JSo£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U1‹5žDa0Þç .H$Ûù½0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚,4X@pæýŽIØU™;ÅÌá‘ôƒÿL^ ˆ†ñ°B *³­©pÉDZW&LS”¡Äãjoâù‰÷êí_`ŒyfÌo=é]‚Ø]: A:¾Ëžt¨åô›µ¦ôëÅy°–àŽ¥™uï^³fùM)&ÁQA½½þž¹VÝòÅ° Ÿ‹_´?©b@=ÔÐÏs$ISþò°Ív¹œÚïse& àˆ·ú${çì—tÞã¼,ɪ£%øàéŒØ‚S"àN(¬$¸AnA„@BÊÏwˆú—¸›ž¥@Ú D!/žeÿÇ{ÿÐŽNSIK˜N¡©æDö›uU A/certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/BadSignedCACert.crt000066400000000000000000000016061453642760600263630ustar00rootroot000000000000000‚‚0‚j 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0F1 0 UUS10U Test Certificates 201110U Bad Signed CA0‚"0  *†H†÷ ‚0‚ ‚ßï¼ë«÷w¾z½‹ÊüN¹þlËàY$O°AÍRy:Bvwf/vö€Êþœ"JÒ½é%üöäpqmák*Î\E/÷÷)Àˆ h>§Nt(²è@„¨ÌXëÇE9÷´0¥ã ñ¦Â鶩çêAÑT3ªÂ„&Ø¢‡\ò8C< +Æòý™ÁA7àZœIˆÛ^Õö*_°Ñ„Äâ¨Ñól>k‘3•ØÄo~ÜI¹>Nå¾Z¬ì½À\Là»â´‚¸Y¨¥î±OÔz4ã¡™ 3‹å9×ÆÞ“ÉbCÚ¢©-Kê…ZñÙд"`Á!¾Eûb ™OÍ<pLÐ!+y£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U{Ý;JàÈÝD…Nˆ2'¶VÀ“¸(Íi£0eO–'¿k¬òF0e…vcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/BadnotAfterDateCACert.crt000066400000000000000000000016151453642760600275320ustar00rootroot000000000000000‚‰0‚q 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 110101083000Z0M1 0 UUS10U Test Certificates 201110UBad notAfter Date CA0‚"0  *†H†÷ ‚0‚ ‚ʜʞ3 ô9Û ËvÔÞçŽJÙ±Õì©5Û»ž)úѨã >2ÑñšŒ$W¯§¼‚O–‹„4¿°i¹„nüeGw"q!`ãKjß<œ±V|×í”0`ã©V%J*4¹-yû«hÞÕUÜSÜÚ¤ÕÒÞ#qðƒ gùÉÐo\#-;Ê*}¾HOTÉÑl¸Ý<‰/[½ô˜Ü¨,ƒŸoSÒfÖ¹‹TšÆa‡H¼OuæÒP'^I¨{œ5û¼^N»©-3º¿7>úY˜JEIA„ìg§Ø)8 #.9‘SÙÅúvwÄŽV^Z‚ ¶„šè“½KÖ®FâAÁš&:t>$É“£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U,ý÷î<ó¤fì矈³âÏtFØ0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚¦ˆÅYÃ"K‰9æÀ’ßžc}ظœ×'Km6ª5%â{øÝg¤ÝÊÈú”{ËÃíFû%ˆp-Lè/0 uŽé}z*mB (%ÁtªâÓ%îU”eyØÚJú¨É§r› ݳîhé5_X¸U1Ì^™;ºëÑ9Xd+Èaü¡¾Ä°úD7Ä ý}M±«ÂŸ;¡m•];ÁP—¢ôAXHj@¶Š9t¿`À²I/†õa×AÕ¸ øû”ö®/ÍÿìÔŸlιŽå ®©› ¨p"K8÷qhj£¸È%—òCÖâe•häÙÑàIm¥ëôN_¸góªfÞ"³§G(€Öžó{‚ªf´&certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/BadnotBeforeDateCACert.crt000066400000000000000000000016161453642760600276740ustar00rootroot000000000000000‚Š0‚r 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 470101120100Z 490101120100Z0N1 0 UUS10U Test Certificates 201110UBad notBefore Date CA0‚"0  *†H†÷ ‚0‚ ‚§S—Z¡Ç˜Fà¯yuPuë-‹×å ù£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Uc>¼žû¡òY¡/K•þæÞV¸†@0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚¶H,ÎÂë©!ÿœIÃË«FÀ7{Xè:¥WËxåHü£®·ƒ7h_¬# Æž×qÒF3ô–>\ùËk¿ª1\zûíö~H"Û—7Á½"6’³äâ¦oŠ­ÀC©(¥$¢W—¶Áã„ÝjÉïÚTy/g±é8—dÝÿL8¸*h›­¤úŘ߯áÿ2¢XU¡œ…ª¤v2`á¡c4ÌÒMZ>‡ÐE„ X6ÃYa=ßÛ#8V»£â¨T½“5ÈéÜøÂ-öå:ú‚ÅÜíP±k_5™÷øèÃÔƒµ6WК#°yl±’(®;íÀ_[ªÄNãÈï-Úcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/BasicSelfIssuedCRLSigningKeyCACert.crt000066400000000000000000000016351453642760600321060ustar00rootroot000000000000000‚™0‚ 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0]1 0 UUS10U Test Certificates 20111-0+U$Basic Self-Issued CRL Signing Key CA0‚"0  *†H†÷ ‚0‚ ‚›Ë‡‘è[ɆG5ž%¨”.ÛÁ7£%Jì’¥ÞÖO:Óã¼ h³[”©°ž\ž0S;ûäv>nÆ° ü4á1ÄšK³ ®éóÞø,ÂËì¥fß*ÿy¥4>sâå‡õÿlQ+ÿˆF¦œžÝªYÅr‚ƒ×êZ2!)}Ç@½[Y$X’Y\ÌÂ¥Yº¼j:©KVE÷b%®)ÓøwQýØÜÌ &:mÞ*`çÇzDå¿ýyú%_T=­®À`\l\!*ÜH“õrë*ÉÖ8s¨PdÚ9˜ÁÇ…ü'Õ»œŽ/èmü"Ô¦¼ l»AfÁÔÏ_¾ÎÝ)÷£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U)šE.6•ìò^TœÕÙöD‘,0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚•†i;*s3ÛÉƯ†2¢Ÿ ¨ì]j>2“CAßÔÌI«aÂd¸Uðé•»?s°ùé=â‚ÆQ+á æ?‹„ÜkÑ0!Ü2_¨#¶‹RV¤¾×Yk#ÖNdƒÌðÓl è¤‚‰D/JJ³ß’º÷¥U Nþ¿?ì÷½WÉÉ/Òñ±·CÊÏQ»-Ž²÷i²®"»ÖG̽‘Ž'$8Î×O™CóÕªha‚$£Úñît… ÔjµQf,››Ž7ßšµ;ŒâªôE~Å @.eÚ9Šû‰UG³’ˆ6»§ †~gá—Iú—DMöÇ0#Pp—HQJJ0æzVcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt000066400000000000000000000020621453642760600322360ustar00rootroot000000000000000‚.0‚ 0  *†H†÷  0]1 0 UUS10U Test Certificates 20111-0+U$Basic Self-Issued CRL Signing Key CA0 100101083000Z 301231083000Z0]1 0 UUS10U Test Certificates 20111-0+U$Basic Self-Issued CRL Signing Key CA0‚"0  *†H†÷ ‚0‚ ‚À{$ö:+¿±ï—bç¤`’òÉÜEj+ðÈA±fÁúéÅ•šÖ+½ì¾è8ˆíý%çñþS{øÓJ½´Ïpœ²µY†2KT÷/d¿šœl°é;æ²"Ž¸0$þ7\Ï@Ã#i4ÓÒžÛ+Á\Ÿq}ÖD7x\!éGøµUÒpS=×3SEÞ¼a =7†N ©p¡j9qH€±O$$ڎ;„›é†÷“OšÒõ…l°xXßuA=…¶Ê´Öùáu$ÏlS“ʸóñA ôA^Ø ‡.;“ƒì§Iœ V„?g©®Ì8æ Ÿv•}ZZŸ†!ùAX¡Ó\½âA£ø0õ0U#0€)šE.6•ìò^TœÕÙöD‘,0U$ÁUqúžá!…*ð­a§¹ÕMC0U 00  `†He00Uÿ0‰U00} { y¤w0u1 0 UUS10U Test Certificates 20111E0CUxkžV.åNYp@Á5é®ÚÀ-UÅ”Z!09ó M¡”6<ñ?DÎþ”;VÑ‚‹ÊVLœdvZ±»#†bŠEJ<6certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/BasicSelfIssuedNewKeyCACert.crt000066400000000000000000000016251453642760600306770ustar00rootroot000000000000000‚‘0‚y 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued New Key CA0‚"0  *†H†÷ ‚0‚ ‚¹\Ñî>¢eckm>]Ó3lýR>ŠeÆêê $À]j“¥Ñ³ËTP"‘Ú}|1ë~N´©b4Ø0_€ÍÉiá|×H¾\ß¾Z(‡ŽDª£äÜ·+¤ülh.±˦@r=mï^ò]¼ÅNÄ›+ΰŽTsªÙ ™,PV[Ô»×ÚZWéÄDO±)½†,ÕŠÚþ Ç7yøî¿«€™œé±Ä4³IzÀO5Mg©‹PÐÚÐt+`Ä÷ðÈJ}IÎ a77¶ å¾Í}§^Yn<èï(Bú3ol7nüŠPŠ{gE\ÞÕV†'P¿KµYCG%zLâtZ;£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U üÀ,ëUî’l©é__¢Ÿb#•0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚Edû7ZÎfŽ±F“ÈSüÈ­®°Y $BJ–³boNnNo`ˆš±PÈùñ´üz6Q“×uÎT×BÎèî$õ¸=ßsm:¿®š'W+»Veµ¼ &»×©Sx}U¶ê“º¥úÞ`d!!Ñc´Û;ò©/·%kÁ Èò"ŠtéÍ£n«T†è„>È/-r`ÔÄn-ŽŒ–¯p}yèVDGw- >ÃKž±—Õ±^¬ 0ñ/Äl)†ÆÍJ˜x¨ò3I¯ÚËáÖ7èGsîpZ +ÄrÇþÅbGK¹Ú'Iib"Äx è®ù5Dõ—{`…E¶§&õs×Ô3§¥Æcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt000066400000000000000000000016451453642760600326460ustar00rootroot000000000000000‚¡0‚‰ 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued New Key CA0 100101083000Z 301231083000Z0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued New Key CA0‚"0  *†H†÷ ‚0‚ ‚ÊæZJª ¤6Øu8æ²,VE ›…eÏ;‘ƒíL¬iŽâ–ÑO^Ê•¬ Ï G€«¨¬îÞ÷‰‚‹7$\m¿ze§ ’?$´Î¥#ÊÝîÆŠ…šÞåR¤½9€'é‡ÄÙX4ëÚþl ‘F—ÞêÄ›‘ª]üW나'ˆÅ˜±æéGóçl'{ nüv!™‡>÷&‹Ü ½zy§<Ämª¯Ó'’º0z)±ôä¹/{¬½iì¼/ÎÂë—Vßnõ#6úÌÕƒkiƒØ %í䈧ßÂ7»PŠ!¶IÓÉÁ} <’/°Iˆ®ýî] e •£|0z0U#0€ üÀ,ëUî’l©é__¢Ÿb#•0Uv|Ød4 Oßq!t ›6¨‚×0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ «᭣qËv×bN…P£½Â6 ÃÑáÊÖ W½ÄøÍ”z‹æªc¼-;çGšô@^xqŠîMlb¹`ÞæwgX*HC˜c¿'?‚kî’ßúL¨ 1¥ißKÈãkY¡tXh#¯ž¥gØRQÝ Ø80g,ÿ…#¼z5šó:-j°|‹fÑCÑTŠ'Ó˜¨]5}5 ÛY˜'OîƒÚk2p&Ž:èµ´#u}H@,Ô Ž¯³X ¤[«hm8´ Qþ*°ÔV"$.`Iå ìáëø9÷V©ŽÕÙ 9Ç“úÈl-ãMÔ©D¼WÇ U¯lÌäi9õê{”certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/BasicSelfIssuedOldKeyCACert.crt000066400000000000000000000016251453642760600306640ustar00rootroot000000000000000‚‘0‚y 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued Old Key CA0‚"0  *†H†÷ ‚0‚ ‚Î7ÿ¸… ¼ŸÜ§ÓìÎ Á†„è‰LilVñywv›¢¤{# ¢†hŒâ’_`æº {õ³Ý•Ò¯0¤\ÇîéîÈhö'Ž ,œÄçÖ½ Jõ&–imÜicuéj«Ø_þU6öÂ÷ltÎüw|BÕ†X^*×Ú+œÛZ@b`ã‹‘Šr\XYûˆ£0-†ûŠ–¾<@,!u®ñ6Üw£,×Õ$ÓôÑÄUÂà¥våá‘–Å.öš“ûŠÞ÷ à6±Ân8u%þAa¥&’lF&«§0}Ñoè‘VWþÅÔi¡žÈH z„ÿßõ£B׶_P1n-÷,Yæéè£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UÝ uShÄË@À†0¡¾¯0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ p­7ubÚWáÖ!jÍä(7Ò|÷ݾ9l $(BÃCi¡{>ñªf\ÓšyàPT)]qžKø¿Fæ¬5ÐƆš…:AëжËÝr…_‹Åç8žH³°p±åú2fZ=—Ù¤{ f- LŸÈRs¤dèd?®‹‘ß/”ý¯bï@nWÏL=PçœCkÎßúx2a`™¿ð‚õ̧N€à0gÚ}½È<8l¢TKUÊIÖD+cÜÀNªïmgtDç>ÎM<Šæ5Ò÷'GÄÒa›Ä”O] ÄåXÒ*1Ù|DX¿ûÀh·±•j-ÕƒCW`)ðdz8Ècertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt000066400000000000000000000020531453642760600326250ustar00rootroot000000000000000‚'0‚ 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued Old Key CA0 100101083000Z 301231083000Z0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued Old Key CA0‚"0  *†H†÷ ‚0‚ ‚ÂpO0óͫňD¯<‰Ê´'j†8A1ɸÇÅÈ+%›H§ª( Ñcê‰ «qnO¥Y!$ë逗WK9Å[¹žDôp ŽB2bÒì0%µ4Ç»ÿIyÃUì}%D¯ó"w˜l©]‘€* sÞô-¦F÷or‡ÔT–$9$¬‘7ëŠøô± ݪX›D1ÿºßÑp5Ç)Þûß°”à-oÅü±Ì ®q´:å ô RÔ›üÏ»…¡L$“É Š¬yIÖ÷I‘°üã·‰Ú—¬áµšìnµ{dýyhj=qhÃ!—Çpu©47"!³ ¼«ëÓíßY £‚0ý0U#0€Ý uShÄË@À†0¡¾¯0Uˆ_¾?59fšëMÂ&&±*'µ*0Uÿ0U 00  `†He00Uÿ0ÿ0€Uy0w0u s q¤o0m1 0 UUS10U Test Certificates 20111=0;U4Self-Issued Cert DP for Basic Self-Issued Old Key CA0  *†H†÷  ‚k-ÂTMõßÿ(¨¾ñ#b ¢áˆ[’Œnc@§÷ÛFéw€œí‘6a{M¢N Ó3çPUM’`’7‡hȼÿ^)êÏ‚’Á•ð}[™þñìÜMk &NÄÔ²ìy“ñdW"ì „&“Âú`… ÔP¨º}Ä0R…g2ô :tZ>f}ýW*Øt #Ãà¢åþ§ü…ò0÷í˜ Ú›ÂÝYvŽt—µUr*Dq"[Í°‘)MF%íÇ~j&zìkr¥vE”ÚyŠ!±<úÙ;7¦ÉnÕ­›X\’+–‰ ë>dY™ƒWTŒíà%`P¿„5certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/CPSPointerQualifierTest20EE.crt000066400000000000000000000017631453642760600305710ustar00rootroot000000000000000‚ï0‚× 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 100101083000Z 301231083000Z0d1 0 UUS10U Test Certificates 20111402U+CPS Pointer Qualifier EE Certificate Test200‚"0  *†H†÷ ‚0‚ ‚Ƶs –5"ÃÅÜ«:,i$Î4_i²›…¤QšïtâÁ 9ð÷‹«_pl È&dv¡R£"®K¼öâ¬Äç „8ÓÐÂ8´ä *`°H#cÅO½æJð¦ýBêøV«óØpÖÇ«SDzÛù]Ý]Ïì.ðWsÅ°þŸ(A¤„^çŸgçÜ,4`ß‹aØg³>­;C³¬DáËû~I«LLø›¦ÃRHÁkÀç´Óñ¥ ®,TúR^ÚÜ+»gÑÙa‡ºRpß9 õ_j™¿Qß)Oî }ZUÀ±§zfx[EÅg p㢠ªMšS0‹8&d¥Gu¹8§ `³?£Ï0Ì0U#0€X„$¼+R”J=¥rQõ¯:É0UîBÐZv©fVˆÁ‡˜­ÄNH½Ãã0Uÿð0zU s0q0o `†He00a0_+Shttp://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/pki_registration.html#PKITest0  *†H†÷  ‚j?M¦äŸà*À´·=ô%¡‡i†¢˜.çSÇÍ|ÿÏ“­´;}ºPf¼sXrRÙÞ¦{cÄÿpÐ/–Ôþ›­Éïùñ†Ò+¾EÔɘ–H]ºûdqCÁºÃ0¼‹Ž{™ÆF‰ºca™È³¬$;›¡ôV©0d³Ú²+mØɤPÁàÄ"2‡áZÓã¾FÞáÅÿ¿‚F¿mO¹¾.ýá C^³ ßÆ ™ÇöÎ,ç:!ŒC_kÜÊž³¥.2¼W6cV¹:©ŸE«órDjf´~ò.ã4Ãú±”ˆ¡Ûü³¾Ÿÿ†(˜\ÜHr"áî•xx†certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/DSACACert.crt000066400000000000000000000020251453642760600251460ustar00rootroot000000000000000‚0‚ù Ñ0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0?1 0 UUS10U Test Certificates 201110 UDSA CA0‚·0‚,*†HÎ80‚ßå>Úé¶nÖêâ:°G½DÇVÈÌnÐ3„VG5=öTÈã­»ºuó/3 ¦ù1ìgãå™mü)nªWˆr4âŽà£¬dŽÀö<´ÈJH0^ªœv& Ûs3ƒ—Àųæ7õ>ÿ Ô¡.º1ø«‡Ø Ìw˜Bn¬“˜Â½.{4 ÏØÿ‹ëéö\–sý–e:/Ìá|°Î’_cì8»DºÝ’4¶^¾e{Øqwìf|;ζóRþ’UïN«]š./nVópìjí›"¸¨Ë œêÁ Ž!&D¥ ù ìbàp1Ìhõ …¤JnyôÁù6Z8oNï„SßgýÌ÷YbœœÍ\¤œ·ì`ó¾¯~9˜„€&ò¾¼F¹äy¸%s‘Ö,' ¨œÉïÚÎ]ò½;»"‚0¸Èù¡/aåÌZïÁKÏÑO§|kg߶©÷2raôǨ¨b´øðˆý»ã=kÛ¶Û]T:…¶÷=o‹7Gó͈ýlDRLXŠ·”Žqõ¡>*þp?%Ÿ@«q%@›§¹Ç£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UÆŒtè{ ÈYÇ}<[TY`% ±0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚NBŸUƒht5¬â†¬´¹]*6œé^MÁˆ¢Ÿ”ÏD^âlÊHºë®£ûÊÿÈ 7™Ó·8Äq)cε 9ð\Vð¾F~,0¦¡eQ;ÈImô•”½$¡¯± .U3…ë@¦àQ{7­éè(Ëûežørü3j]ØíHw„òòžv†èÍ©RÖK…•Ó3›vó\öôÛÂÿ…Ë—<¡lI@Y/@{2j»’éI.W)/#[º¤“3*žXù'egó$møÌ|ëÙ†àÞ(‚ã•ÚLǨº_ÆLJ5ᶖŒJáõF%ˆQ '1| 8^¾œÌ‡ëãè5–gq™Tô5ÙÔæ%èQ£k0i0U#0€Ø«, ‹Ã’ÜÆ­j?¿óƘåÜý0UÃoU¬6NÄX `À¿"–È]û“Õ0Uÿð0U 00  `†He00  *†H†÷  ‚£â#Vbº2·/Þ¦³ß±Xfâ !!±&¬r’ƒY¢.Ãú,dl~Å=é4î(<ã1ú­!ÓJƇèž³VÌ2XÖ¥èÐܘ~’…ô^‘¨Æ§{q}Y_GVGcnkÜN Ò®7`õ^ÿxǼ*#›Á²×Úà®h_Sk†Æ øNý©ú}R˜ð­*øal£ËóÇq P²´yãq¯Ï䟽CϳÙKìÓ))N'JÆ]£7 £ì™J6ÁĤ ÕןVǧE¤‹ÇŽ/± a=(–‰è8ÉÿøŸ[0ÝÜËv0Uÿð0U 00  `†He00  *†H†÷  ‚bNP̬Pp»G)RçÉxÏ\§P¢˜ “[`Àý?±ç½Q‹1à·Ù$Ž¾âZŠ©°Û+Ö»yÌßØûáÏ,jkஃŽtŽ#ŽBîâBÓWîõx\áwh4yܲ¡H&ÏÁŠ:%÷ƒç=ˆÙMþ±QŒ¸¤?Å®së(Ç~dOJx§²[ѬUO è ª‡œ„ÝíXaþl„qô)¦†E(¹Š?ç|Û]°8A?éËi+%|Œ·¸ÙË’•€qPZ †$hÉ/¨írï\*>g‡{—å«4rk„’y˜öqñq,{åãµa#°÷certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/DifferentPoliciesTest5EE.crt000066400000000000000000000016251453642760600302570ustar00rootroot000000000000000‚‘0‚y 0  *†H†÷  0K1 0 UUS10U Test Certificates 201110UPolicies P2 subCA20 100101083000Z 301231083000Z0`1 0 UUS10U Test Certificates 2011100.U'Different Policies EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚×;ynÊ ®ÊQ£«ÖªVÍŒ–É×À¼J£—F‡é'C?Ú|14 ¹‡â(håaÇ$\¥Yœ þö±Sø$éw$\u †[ñäMíR¿¤‹¨(jÓ=¨¤Û œ¦Á_á›t‰ÑŒ5U“éèÞ·Øâü·F ¾“Æ2,_ßYÐ{à~3 óןVËP¢·'U/n†Ã'zCœ§‰ã˜9ˆÉU«äðñ>¿î = Õ½çBNÑ×PwŒº.š-‚ÃûÛ”×/©›[T½¶bkCö/}Aà d+|îíì̸õ÷ ,¶™¤ší^¾oý‰”—ˆpÚÚjÍŠŠ]õY£k0i0U#0€,ê¸w=e¥¿3ÌzÒ˜ü¾0U˜”˲:­ñFÄZ‹2+1µ-Rù0Uÿð0U 00  `†He00  *†H†÷  ‚¼ŒÌõî›üÛ =ê’a»dvXxË0OðÌž]DÜËg‹\¬ëjòâ9ROíà­–r¹N„û¬°UN.íe¼¿#±œ,™Õâ²h”ci™‘8öÈŽRûq˜ ^V|,È „±Î5c„«ŠÜö² ÂÚsm¼oŒµQ¢âÖÆÀÛàŽU†J¨ÜæpFíSÄ’ýsbigâçòçiíÇ«òàVGOÈxþè+Îí{YhÜ„öQ0—ÑlaÑ?èv”ûÓýú©áœr`.jµ<þ¤FÎM¥xïÒ纰«D(ËÂ7¸_]÷¨õ!t7ßú'VÓ8æAÐIcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/DifferentPoliciesTest7EE.crt000066400000000000000000000016571453642760600302660ustar00rootroot000000000000000‚«0‚“ 0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UPolicies P123 subsubCAP12P10 100101083000Z 301231083000Z0`1 0 UUS10U Test Certificates 2011100.U'Different Policies EE Certificate Test70‚"0  *†H†÷ ‚0‚ ‚µù¨„*wõ0ìÄ`Ú#„Þï~3skl™€ $‹ãÙ^Ú¹Ætà°X5­f‰QrLj¥Û=;Å–»Xºî!0>ÖE5Ÿ;ÍŽ‰ñFýkà"ÕņÐÁøäø‘! f#V:=÷ 0ºë)gG&î'`oø '©[xŽC7N(Ú#Ħs,¢ËÄ´&…­W cêIAÎ$·Éõý„IOž³‘$hç 7§ù|x†ÿ'Ë>/Ú,¢¤7ër¦ó~Ûw¢¡‹øØ>rò”½½;±w´vߊ“ Ò{Œä ãô ø4€ï 1öuØ”oËàò?à,’^Ñ c.Å4jÏɨF·æÈ©ØíÑ3áñ]$Â0U™øzÅBÃÇs¸«d©â]5þŸr0Uÿ0ÿ0U 00  `†He00Uÿö0  *†H†÷  ‚6åÔç+  ûHgˆmá—çæ=bŠ&Ïé ôÔFR+¬quûËÕ‚kS–8ÍÊŠÐí©aë) óQ$áI1P(;<®¸Ùddˆ„iLˆ¦•Ï˜:HÙD®ïæ¼ê̾ëÝ÷ñ^*-Š¶¬±4p‰‚=Ùö—X=K÷¥§{qÒ-Uwó`ô¸Z °B„ ß·Ðþc×1#á¼@M|Ó§ë#ƒGU〈¡»¢AïüÐ¥w‘Ò&ÿHïI+þòmû,ɱÎ6¬ûHg(6€3øRu</’]2x î‚"çtXÞVP¥e%7°—”bª$8´ðí£ÕÙqxKiÇ%certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/DifferentPoliciesTest8EE.crt000066400000000000000000000016551453642760600302650ustar00rootroot000000000000000‚©0‚‘ 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UPolicies P12 subsubCAP1P20 100101083000Z 301231083000Z0`1 0 UUS10U Test Certificates 2011100.U'Different Policies EE Certificate Test80‚"0  *†H†÷ ‚0‚ ‚Á™À’Xa]o,ä·ÙÖ…8Æ,M|šˆ|ž¥ëCÚÑì¦]ä;Š<‚cÓ8o—å!åìÄõ‹§'Q° jå< È\v½nœ?[“Ó‡¥.V'Ô”ïS=‹7Ö(¯*`dýÙÆ¢&&ž Ô¥˜« ž€ºÂï¼&™…ûôÆFfÌõ8¬ÆÙ?I2&ºq*Ý4“9v”nk ¥ 0»;ƒŸƒméÓ¥¡ñí¦ö¬ª)‚²ÆAKš¿8a°ý¦½ýÌË$atMÿ®!Lžò•»FQâ­4¡Ú2%Ôï~¦Ólaĵ‚„âjŒµ!wqŒ€ª‰Ç² Ê1½¹%‡£|0z0U#0€Ç¥7§Ðú$å|ßÛò]iÛîÊö™î0U¡oªlS ]ªìô–çô0Uÿ0ÿ0U 00  `†He00Uÿö0  *†H†÷  ‚€¤Ì†‰"#^5h,Ä4}PŽ1¤PDe¬#±O·#Ñ°µHv‘ BªU¼„ÏD0æ¼ `e7úß±Ämam95åSW±Ãö§ÞÅW]uý5†¬‹)nˆAF]ˆl¼–3vžâÍæHë¿¡†Ûr·à’´¢WM2ô†Ñ™|Í\ |æ|¸ƒYzºüÆ™¾¤Üî…êÍM8ÊI¹JG–}z5‘ºÖúX #ÎIßvëólxr¯9íÇ‹=òk 7F\ØJ†Ò+«­ó~B/ Ês$—7qíÅÁîíóàÍëT€úµU øú“ú‹^¸jú¶§‰¥œ ãdõV›¥kâ-certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/DifferentPoliciesTest9EE.crt000066400000000000000000000016431453642760600302630ustar00rootroot000000000000000‚Ÿ0‚‡ 0  *†H†÷  0Y1 0 UUS10U Test Certificates 20111)0'U Policies P123 subsubsubCAP12P2P10 100101083000Z 301231083000Z0`1 0 UUS10U Test Certificates 2011100.U'Different Policies EE Certificate Test90‚"0  *†H†÷ ‚0‚ ‚¾÷¬yÑK‚ÿ/–í,Ä$é—}î}6|}¦b„~AX‚86èAÕ!¹ë¬>©ê>/T *ûH]å H¾h§ ?´ˆˆQ-ûéÊ<5ù¨£YŒõƒ5`æI2À—Ö•GX’r]0ãšÀÐúê*vÓsÒºÝDßìÉtÏä`»1èÀ˜‚Å "wb÷ œ3L(ÙxªaÕ<€ çaŸÖŸ_HiZë<ÕXˆäV–nQ‚ßq Ro#¨Uø†[òƒøCÿ[UIyð×]rz¹+K­ŠéWü¯ S.wŽ£Yt ~BöV¤}°oñŒxÞÏNÝxˆ½£k0i0U#0€‰ „û¬» ×Þ^^žhö9P@ˆ0UãWwóT¾5-V˜ÁÏ©¥Sè0Uÿð0U 00  `†He00  *†H†÷  ‚;ÅÆs羃oŽaˆõ®æÈ)wšÒõK”û(è.®ø-4Šß®šd{Iáâ‘0É…F\jlh„S> ù×_zÁùkñláÚcS>Ñ-ó[ëîõ0Òf4b'„‹ó+FèAÓx!?N¿Hé}$wŹ‰¿`ꯂ‡Ó%¡µJ!,'BÞJ¡S¥y­p “ï‚`NË ¹ØølÝ.W¨]0—ÔÜø«"^ø[YÛ¬)’÷Ƈ´³§ZTˆœÖ Žž™Þá®Ä¸—M©e^žEÿšÉë#%³Í4HLãU@Ë}bRÍoà;‹õÏùoärC¯]|²µ“&¾Åcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/GeneralizedTimeCRLnextUpdateCACert.crt000066400000000000000000000016301453642760600322130ustar00rootroot000000000000000‚”0‚| 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0X1 0 UUS10U Test Certificates 20111(0&UGenerizedTime CRL nextUpdate CA0‚"0  *†H†÷ ‚0‚ ‚ÈcÓ‘‚èÚ.'íöØ@šÒÚ–uŸ?œ@÷O¦ý Gˆ¨{„ ÙʨÅä,Ñghš¢—BÒwP 9}æ=P”üy`óòPûõŽxÑPœ!|Ȧ’—Ð×{Uy±‘[`óa.lqª’}ÆÇ\+šP¡Ëô¨Òû“Úýw›Ý @.Õ½ûá¡jú ¾Ãjˆ˜5v2oáÊ•–¥i+ƒÕÄZNvײ$âèŒ5ï íb¢ Í„™ÊŽ`ÄøÙ,”ªJ‡2F¸‡wŸÝ®“¼Ìü¬Çˆ’Póu‰¶UkÆN£Ô%ŒÓLcÝ’_9²pC¯vŽ‘ÿû7£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U~*uï 6ÇKç ÙaHGŽƒ,0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ªA~½W~ñ¦Œ\“c†¨Kð}<\"*Û‡DCßæñÿÖA,ÏŽCÂ6ˆn]x¥¯òú‰ºõctÚÛÆ(k%üqÐ7I ¯!ØvÍ8E(šÕ\ çü7Áó¢Xìã5 \·&†ö W* ÞÌÝArkðµí™3!â 3†j q)UÑèfÐzè”h»oðWƒ«™ìý‚ýó¥ý}Fìá.lö^ Ê\óö}G@7²¾Åq$!º‰ÿãoƒTò†¢£2üÉÜ^‡!?³ä’,qãzh˜¿xÚ~^.gå„”½ƒö%Òۭñ-0æQšNœªÎ(llcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/GoodCACert.crt000066400000000000000000000016001453642760600254250ustar00rootroot000000000000000‚|0‚d 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0@1 0 UUS10U Test Certificates 201110UGood CA0‚"0  *†H†÷ ‚0‚ ‚XšGbû]öû ”{å¯}9s mµYÌÈÆÆ´¯æòg£ 4zsçÿ¤˜Dóœ #,^¯!æEÚj–+ëÒÀ?ÏΞN`jm^arØC´ %­§ä丢 óé=\b¬úô\’¬:N;FìÃèön¦®,׬Z-Z˜m@¶éGÓÁ©ž‚Í–RüI—ÃVYÝÞf3e¤ŠVÑçPiˆb—Põÿô}V2i #œ`¦ ‚ºe ÌŒ¥„”S”¯|û…g¨H_7¾VdIlYÆõƒPßtR]-,JK‚MÎWáU¹ýy8“©‚q‰² >e­×…]kc}ʳJ–‚FdÚ‹£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UX„$¼+R”J=¥rQõ¯:É0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚5‡—æu5ÍÀÿ–\!B¬'k2»-–±pAªOZ>æ¶ô>h±¼ÿsd®Ÿº6V|ô=|QG¼=î=Fú„ˆÖðÝȧ#˜ÆÊEN+“G¨ÝAÍ |*!W= ½²l•ûG øM:êøµË+êV(ôb©>P—À¶¸6Žv ^À®ÀPBu‚¼Ö S¦iý˜s2ffµíÌ\þSÕÄ°¾€ú¸’ Èþ%_!=lêPmtt–°ÕÂ]¨að/[þ¬ kÙ ^f'Tš¼âTÓø G— Ú$S¤ú§ÿÇ3QFAŒ6Œëé)­X$€èn c0*9$òtž‘Å«3certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/GoodsubCACert.crt000066400000000000000000000016161453642760600261460ustar00rootroot000000000000000‚Š0‚r 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 100101083000Z 301231083000Z0C1 0 UUS10U Test Certificates 201110U Good subCA0‚"0  *†H†÷ ‚0‚ ‚²˜–È#âqyBÐùâûžñýÝý¯>s•ÊŸÁg.˜òÔ8Ô“Ìg93Ý!C*“lOµ8k€ÕøÎÑRY퇯*Sº0y a> æhÙ›±1o·æˆYÛpÇq¤×¾c¥|—‚jí¬×ô‘j1j}˜ÞÏ dZ4Pô(‡&]+´`wÚe競ìò@Ž m*1 å¦Å-oe>~c·Y2td¬¬ã®ç¡\i»p¶BQàó& ZÂw¿Ÿ@ð<L³ò•¹ÇE§n+†•rþ¹º‘Ÿ žï>²Mé}eÝÀB¶µ`+qU/ßzŽjÁ P!Ü}"^ÿÄL+÷pGcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/GoodsubCAPanyPolicyMapping1to2CACert.crt000066400000000000000000000017101453642760600323770ustar00rootroot000000000000000‚Ä0‚¬ 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 100101083000Z 301231083000Z0[1 0 UUS10U Test Certificates 20111+0)U"Good subCA PanyPolicy Mapping 1to20‚"0  *†H†÷ ‚0‚ ‚Èr1.HÍS´Ü+‘BÆÁJ²Ó{‹röÔtžßA§óà]Uþ ¥û ~'àn™ó·5o€ó»}ŠéÃh í°€Þy¹yÄxFÎêã4Ò‰TcŠI4T8;QéY;âÐá•6>6šJã_s†OÏ_ŠìŒ±ÓM⪉±«ä;ßld¨|¶é^‘D00<.²[B ½X+;oÀb"0>"ÛIê„ÛÜx8ÿç=­_in£æ º7ÇÖoáúÅšÒªºÔRÌ!Ó|õÏ°÷nFŒäCÙ%`c°Øñ‰gãA2XLDŽ|™.aº/ðžºyà“¥…¶Ç·ùT“A£­0ª0U#0€X„$¼+R”J=¥rQõ¯:É0U[sy™ã®ÓŠ¦3Nxä ±äÉ0Uÿ0Uÿ0ÿ0 U$0€0U  00U 0&U!ÿ00 `†He0 `†He00  *†H†÷  ‚"#²[Œ4³±£ @µ†~ØK¥!³n ”Ðñ;§þºë=N²zéq®"­û?׶_&td?—= š†5}+o“]ŒÅu0Òm¨¢yß=xl,¾íÞ[¡$Bi !óù'ܯÛZúõNxýJ`_Èf¡6C¥´¬M¦¬2ô ²†žžþ2´yȶä^øDξD¢J†_6’¢¨âëÅìsGB¿‚ó£³uM!}ö ·rðQ‰ü0â"{uPIŠÀoÖJŸÝÈhha|D7Ìh‘M¯àcFåJKª¶Þwã^¶}4õf ; 1ñ«ÿ»°TsÁû±certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidBadCRLIssuerNameTest5EE.crt000066400000000000000000000016421453642760600312120ustar00rootroot000000000000000‚ž0‚† 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UBad CRL Issuer Name CA0 100101083000Z 301231083000Z0i1 0 UUS10U Test Certificates 20111907U0Invalid Bad CRL Issuer Name EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚ÛQ?h7ó£;‹óÌã¯Á·aâïÞÞOÁcª> FÔ«Ä D§l.¯Æ‡Ü’F_¡÷cŒOž)F$›vIE 9œúäm‰oÌ”f³¶E"×pd³/Ÿ ÈÐ×zϽàç´(ròˆ‘‡T>BÌ2ÕÒþ,šñø\x8íéˆOßîü,ÃhòwLaùìˆÎOfé%aÏôù¸?OŸq¾<©“Z;]x\Jd§ò*„Ý\À­eˆ"€>6 ¬%ôÑ—¬—ó3ËjIÅj—ÛVó+^[¿tÐH0w’|™*s}ËzÝ[ ‚â¡6Š¹;]}ÄÔ†Y¿Fʱã2­¿3£k0i0U#0€rò5]ÕJ A(ý”pq0UÉ0jymûé(ºhìÄTº`ÝVc0Uÿð0U 00  `†He00  *†H†÷  ‚RÞîÅý2ÙÌM DEâó”1øpÀ¤œíìtŸ¸ã7éŠóÞaª~òwéÝÈKCa¹øñçÙϧûe4l({ƒÚóx×ÚØë5‘5^,ÆÈôº›»ÈÓ³¢Vbð#ƒP—æ8¦Ã ‡ê/¶XÑHÿ|Pg £Çÿêæ,Èõ3+È€Û_É°Xf- ßNÓ‹¹ÜLµ¡—fíüDõyÈ7Ìá‡(ÕkБe |vÉ«›ô^PAÕÇž«Ö?×{üö%È=Ê‘ÎÆá‘,=g*ò¸­Nïf]uÏh¨o<@õVÁ»&발ɠ™EŸBÓÕÔ“ ^äÏáï6n KK(Œ³JIcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidBadCRLSignatureTest4EE.crt000066400000000000000000000016361453642760600311020ustar00rootroot000000000000000‚š0‚‚ 0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UBad CRL Signature CA0 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Invalid Bad CRL Signature EE Certificate Test40‚"0  *†H†÷ ‚0‚ ‚ª!ÚQkiÿãû&r- ^Ô\Piö c}nµ¬P©kE>Í×ÏùõvðÒÉ÷•±Ú: M˜g ûp¥ ÌÐÌCG~÷>Õð}™jIJ¹û® $¥^û(Á3ÉAC þJñŸ‘úÁÿ Ý5P‘`™š«A&)oç"ª:¥8Þý3é—æ±²ûÞOãØêέÔ}îÿ~´7·³|¼¯O^¾_w«^)×®C8šŠ¼gÐ žW±öã$jOäɈçñà zmšœŽ]pvvëI) UDé ¤ÿ)Åú6öZµd8Yâˆ÷­JK· ¿Òà6üÑÇŽ<ÀÏ/ï“ôE£k0i0U#0€1‹5žDa0Þç .H$Ûù½0U1mâ!~T Õ‘,Øí&± Å0Uÿð0U 00  `†He00  *†H†÷  ‚%ñÕ4¦ölp©XÙïYºªy,ÿ…8—.ÕŽº.á}µú2¡8jîJgm&þ횬ûx÷!Gw>DëçZ„¤å¾Ë±ã¿Ê)¡–%Ó gŒÕ!úÂV£ôŒµ®¼E2vÑ3fMúgxH2g*c3mGõNjè‚ åyYÉ̈8µˆŸû—õ#šzˆœíš@^D“ÍWÚëLÚ\«Ç¡tóš ¤O´‰qG^?nR5ùcu°•eÈ ¡Ä±~Q]»ER‚J¬ÙÿVÖuÞe~ëï$«ÐG̹|Æ"ìx½ÎMí¨~wÿò« ¤IkþPܶA‘¥=†“¹$certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt000066400000000000000000000016761453642760600335410ustar00rootroot000000000000000‚º0‚¢ 0  *†H†÷  0]1 0 UUS10U Test Certificates 20111-0+U$Basic Self-Issued CRL Signing Key CA0 100101083000Z 301231083000Z0w1 0 UUS10U Test Certificates 20111G0EU>Invalid Basic Self-Issued CRL Signing Key EE Certificate Test70‚"0  *†H†÷ ‚0‚ ‚ÀMsäõþɇ¼xõ¯»Ç)GئÙXÜsAïé³Aú;KµÌ‡pj:‡o…µ”ì­%'ó§bâ¸}ÝæÕJôÊøÑMŸõléÙ²þ†GŠ¼ZïD1u ç^‘ÍÄGuËòAÌsGÍ©¥Õ¿¤}8·|è8…íäNÊ4%Dl4ÔÌ'å½î©;V×yE,‡r…¸Eør[¾cjœ²‹Ó¡úÐ猉°ã°žv<¶ÇMŠúþ$Q)y(°¿-.Aø„WxY0–®ð%_";·'}‡›Ç“·0]™‰¯ÅÍ•ø½Ã5ÄûhжÃÕ÷’¡A‘`æ«£k0i0U#0€)šE.6•ìò^TœÕÙöD‘,0UW‡êW0õÒv­V áÂ$'70Uÿð0U 00  `†He00  *†H†÷  ‚L§9‰VÜüÏ¢cîÎØ ˜,e8·º½Y1ŒÛ=–»©§zÌÖS¼1:Gèÿ~€GFV™Õ›[I½á52»Ì2awit1ÆBFp€?ÎœÕAf ÷®®†°Ís ¿NÝ“Ø—{•ïžsr9«è &Î?•ÝuUß½ …#Wžlƒ8xеƒ{¡Ò®Îg&€¬Ä @z ýô ½"± )ŒÓ3974ë™´¤ó·žÂ~{·Tö —$Ùcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt000066400000000000000000000016761453642760600335420ustar00rootroot000000000000000‚º0‚¢ 0  *†H†÷  0]1 0 UUS10U Test Certificates 20111-0+U$Basic Self-Issued CRL Signing Key CA0 100101083000Z 301231083000Z0w1 0 UUS10U Test Certificates 20111G0EU>Invalid Basic Self-Issued CRL Signing Key EE Certificate Test80‚"0  *†H†÷ ‚0‚ ‚¢^(üö¨Pwæ}«‰HÐnvš“%/Ô²dà¢Æõ7[ 0± ¨ÒA˵§\ÜVXéBÊ>×w'ŒOúN)ŸC»€¹›¯ŒåÝæÖ¥'èÚ Ä+š€Ãr_ÚÎz•C$‰Ö2Ò¸2‹©!#¼æÚ¶²ïÊÚÀÁúö.žŽµÙaíؽ$Æ0í­:š¹P¤P; +„á@i¢vªžuág”¦·•…IâĶ}¬BIW“ø ÇW ÷‰Â¡FĽ`©Þ:s”Ÿ°o¹1ÅPH¬ÏNÐïiÜÖ­²é±ÓÊ&؇Ä–m|òÜÉ¡'Gñ! 8öÐÁS5«£k0i0U#0€$ÁUqúžá!…*ð­a§¹ÕMC0UhÕNåTŽ&$k^¡œÆŽží0Uÿð0U 00  `†He00  *†H†÷  ‚˜$ŠÝ-ˆÊM7íúe’fx‡‹9ú!ûSRçts¨=ŸHG º³i~K«‰'š´)çã(r,6[]!žd~O{Ìo§ {Ýí§k¶Zbclu2ÞIÕöõq&õ†á«ž—íÔ•´¹­­ÚªîV"EîÕ‚6ÏØá^•šx×*ÎxNŠa÷Å(³0sªåçgFK œ·~ <ñ܃t@Á’–­r*1?³@øVÆIݹ¸ëد–‰méÃ7ªpiW‚ýd=Cl‚—µ­˜¸ŸŠI•×]“¢»D˜|mË­_mGR³‘p<Œ92HçT%ÔRªâ¥O¢þàçücertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt000066400000000000000000000016631453642760600331470ustar00rootroot000000000000000‚¯0‚— 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued Old Key CA0 100101083000Z 301231083000Z0t1 0 UUS10U Test Certificates 20111D0BU;Invalid Basic Self-Issued New With Old EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚§A§ñÚŠtŠPŸ\YÌ¢kP¢ÍžYC¨Œ½)kL‡í\¡Ïì$ý‹†¿–ªøÌ£î¢e Pok >=o9©°‡r;2XŽ™¡"¶ã¬׿œN¿³Ë ””€Ÿ Ë˶mŽÓÅô¢8Pª ÃôÀîR‘ño¡Ñ~pÛ:‡Å2o´6ô8[Ô3ê€!r±› MZ>¬#k¶óž2Nw¶¤~æ¸6•"¸©[b ¨•bñÃ=yÀÛÒ“Ž"æÊÞõoäö+{Š·EÒà ä£qÉ¡GJ Í‘UËPßhœo˜—†¤> ‚¬ÌTåè˜<•a©õê=¼°·ôE ²À‚Ñ£k0i0U#0€Ý uShÄË@À†0¡¾¯0U´*Ú¼¦NH·\r ê¹`ïØÜ0Uÿð0U 00  `†He00  *†H†÷  ‚yk”gáÚ† ®þ¥½ž €É‚ ]±Þxò¬©ÈÒÈ»”Š?Š žh1,jñУÕ#ÿ²8°9”%?Éõt÷7ŸObåk  Й]’ÀyÚ–j¶ Œa²û5MÂÃ/ݳ¢‘š¸SÊÅv\¿BcÝW ¾b]þÒº\<‹!út“·3)ÐÒM«]Úâ²Òyý™è “ÚÎØŸËqEaÏ"=y6„ãÚýMc%å,>Ùý*\Vïal¶Ç_K‹5–Ô~ïÕâ½ú5•,iØ=öƒt[é©QéG =ƒy½›³MíÉæ~t‰1ø¨´]m6y®Á‘G Z¬ú¯certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt000066400000000000000000000016631453642760600331440ustar00rootroot000000000000000‚¯0‚— 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued New Key CA0 100101083000Z 301231083000Z0t1 0 UUS10U Test Certificates 20111D0BU;Invalid Basic Self-Issued Old With New EE Certificate Test20‚"0  *†H†÷ ‚0‚ ‚ãEµ [æ?µý¶â·€`÷ÖY(HšÙFÉRŒzŠ‰91 IwÉ]ï%§Þ)iÖ~l áªG̓uå%F6p‹*Gvå|åóøVßÁ` ¥3|YÖ×?=àZó“¿ÿùìå3¡v˜  úeoÇù^7\=vŠϘ6»eŸ^ Ë½]ágìû?ØÙFu­Ÿµ@yQ5ES@xA3»þ²ã}Z &ˆfQ0ª®èbyE}"üëgŠ]NhGéËHÒoáOã„5 ”çž–ìG9$«5×"‘²ÔÙØ;dG€‡ImòBk!Y‡Æ%Àˆ£\xì:µíÎ×e=+÷$£Y£k0i0U#0€v|Ød4 Oßq!t ›6¨‚×0U`œÝvÆ ?÷³2’^Wƒò¯u0Uÿð0U 00  `†He00  *†H†÷  ‚<ú7xƒ›Ê¡¼ Uœ¿v¢;t;|$ºž+D„Ìë]g¸8yçî[†ˆ¼´€ÿšv|H=º°O_!ñY›?¡öÇÔ#þ•mÄ躳ÍÐwc70 Ú×ÿ w ­x4Ò <Ã<¿Ú®bõY$Ö„˜9Y¨-ö‰µxÌVkŒº§*˜ ¶"µBƒKöÌB™“ŠÒ³ª4—ý":ìAH/$Çõ Uq§¼× 2¾¬ úfæúPWœOÞWî@vb³sÄ#&“õG ÑÆðPY·+î¡´©|ª¹L'ÁC;~T€·@çô†¶ä¯³Ê5óÊù\’Pm^certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidCASignatureTest2EE.crt000066400000000000000000000016031453642760600303260ustar00rootroot000000000000000‚0‚g 0  *†H†÷  0F1 0 UUS10U Test Certificates 201110U Bad Signed CA0 100101083000Z 301231083000Z0S1 0 UUS10U Test Certificates 20111#0!UInvalid CA Signature Test20‚"0  *†H†÷ ‚0‚ ‚šm£¥þh¸Œ.áïòÔžýš/ÿL‰ØBš?p0æ»2¼ –ÄÙ…øúJKàêããêAÓ;&7ÔßðÕ@¬GÜGÀ«²/¼;U¬<ú#’ѱCðÁ¤qÓô¢ÒH¥´Ó*A“ Ýý_Ûâf‰+-àGZpx/¬ÄáÝ9þÖ‡Ç*Pâ*4P—ƈª?0>˸2UBâ9Òa4:ÀGzp à% qE¤h¶••æ•øö2R ûñ~éßèµê­CÎ K÷%Ô?Vô®Þ²v§¾BµQ-6¦¦Eìð’$?6‚Žð#6ûZý¶êþÒj³íiΧáÝ+NáÔFà’ YzVÊîk ‚~‰ká·ž§•0ÿ3•Ø!:<|¼8ÌÂ]û´à…vt š_ˆ X½áŸC׮ɞ´ð~r¹ÊÔ›Ïá!g.”ªÄ½Ì@'=¸ßnRl —ªü1øÇåE7à‘àD½5^:ö^bæjëÆ´ :˜YÚé¨;Õ­Ëû£ÝØûðÛGî]V›Û_8«· r‡³ýÎÚJŸ´z¾”‘"sdd’ÔQe8áÒƒ ÒwcåÏXk°†|Cw€Fcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidCAnotAfterDateTest5EE.crt000066400000000000000000000016351453642760600307550ustar00rootroot000000000000000‚™0‚ 0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UBad notAfter Date CA0 100101083000Z 301231083000Z0f1 0 UUS10U Test Certificates 20111604U-Invalid CA notAfter Date EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚Ü'Ð:„ôü:?B=÷7mçrèðó/®$†#e–fûXÿ—ž'ôÓ\äl2X%ìiè —¡×û¯¿° 0õ’‰þš77;‹J¯DGèÙ®HÐzÉ!³TÖP åG¦Q®ë­¤ÀwÖxq?£?VR× [[QNØ6ȃJ©}°E“ ðvuf¹[ôP¾Ã*O} ¡z]Ÿû_¬–ɉ‘²"ý8”aÓ±1±PÙÿ«H^µ©ƒ$D’'Ê ÂiM7=‚g­¯ÝåíüCÁJ¿, ¹˜¤2:1blÉ›áש@sv_êÌuQ.JRWÒ]‚W®^³âÜEpAƒyßvÛK_]@η™Yý_j–óŠ"zjÖ£Ø/&’qÃbnºãr8IçâøÌ93z!=ñ,ó-@tL(ÃM‘ïMa­¼îßOA¦:ò…ŠÑÅõÞÌݥч;ÏÆ6l„—r\w[gav§€Ž{Ôa6ðI„öÑ*å¾É”ž<Œªø¤ë.@î;g'zˆ¿ „ü儃¸ÿ£‘*ª‘¹Â»Öcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidCAnotBeforeDateTest1EE.crt000066400000000000000000000016371453642760600311140ustar00rootroot000000000000000‚›0‚ƒ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UBad notBefore Date CA0 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Invalid CA notBefore Date EE Certificate Test10‚"0  *†H†÷ ‚0‚ ‚¼ÛA Àåð™¦ÅR ³±·cq*>J­{%Š…¨Ì¢sŠ+SvŒqDq&ÌV(¢S§4ÂI€Ea'€x›!b*éof#œYö^öeö±´ÒɶR;ñl 'êó`ƒ"*¨8!&Û¬„WS<: Eïàݼ¿=É'1uËwp»ÍƒòœïÄÆqÔ~#ßNÊ+`$Ä>ªÿ§°ìÈhÓGMl_]ˆó›¢žÛÔÙjvwƒ•äçôÝ$ÖŒ¶x±uÙoVä,øX2ÀŽdÆÒ·\×^à«¡L`]ÐPËüû³Ø¶7U߶3Rþw‹¾’(¬ õZÛREå¿AZ÷4ÑÉ£k0i0U#0€c>¼žû¡òY¡/K•þæÞV¸†@0U©ø¸{Voqùÿ!ÙÏ=%H%÷¦0Uÿð0U 00  `†He00  *†H†÷  ‚J8–c˜jx±iÁCž5P« ̸_Ϙ£ÀòÑ© öc,ñ¿¼ð«Òh§¤o¢™Ý {)åüc‘Íí§JÃ3Aú²JkÀ`Ç¿Ž5ѾjMÕ\Ð=< ᆯB¯ìü¯‚,ª·`Qœ2Êuc¶ÒvøY®j­*ïPÛ)YvР9_7Ž…Š÷ØÒçó|ÏŽÍÈ0xqËT¯èQ L=æèá®ÎÜéc;Éz–nÅ¡kÛÎzüR›áåâ´¦»c ²¶[qd›­Àm©Åt5öÂÇvk*ðs`jIm7QþÎG^sÞ‹‡ð=Žä‚œ÷1î:¡q¾¤certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDNSnameConstraintsTest31EE.crt000066400000000000000000000017251453642760600317650ustar00rootroot000000000000000‚Ñ0‚¹ 0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UnameConstraints DNS1 CA0 100101083000Z 301231083000Z0j1 0 UUS10U Test Certificates 20111:08U1Invalid DNS nameConstraints EE Certificate Test310‚"0  *†H†÷ ‚0‚ ‚ų>L\úÓǑþÝ×eS`ïAž±ÊÄ“^O•ã@§Ñy°¬gl«å%y=.¢™§êÚ˜~ µÍt?Ó“¾èOnˆù„þäù è.BÈq kQ,ºKïò¹ÚÕ ±B "ãzSPSÕeýŽ‚tò ‘ú~Œç…($]¹FB3›H^$ƒ©ˆ,©µ Ïý÷é#R®ÍB”ú›g ~žç0 Ì×åõëôjûœÙ¸ésmxOƒ¢^è¶0•Ø$¢"™t¶«î­Oß`òl`UU>Ýœtq&Š ùÑø‹/&-OÈùëšt¶Ê¶”ñ NÞ¥{ 0ª­R=¤ù£›0˜0U#0€±ªðãÏÌÒ§‰¦ƒÝÿnÚãI0UrØw_éìÒu6(xNö*‚?ms0Uÿð0U 00  `†He00-U&0$‚"testserver.invalidcertificates.gov0  *†H†÷  ‚:ºòë:ç…oyü¦ÀP³TÁâ¼Kû<ùMbÂ<…9á’•ŽÈ’Û³\½@em}Í€'×­Þe“¿¦¬°u¶Ø$^rýLþ„…cem5Kõ;Œ¬#±â°'M|=¥Ì_<WFªTë㛸NÁç>fþL¢Â·Ñ£äÔ²ðaÎ7…úÛšq­ìïÃÈY‹rJJXFd6"°×¡¶¡À7µú’o…>¾8< žDÿÄÖ.JÕdXå”îJ}§1-ìø‹ZÊ+á>…£0·ø²*¾VLÖðz´D*ßZot–?H;r_Ht8²EQvs¢³»¶q*ÝfvÂËuñcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDNSnameConstraintsTest33EE.crt000066400000000000000000000017121453642760600317630ustar00rootroot000000000000000‚Æ0‚® 0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UnameConstraints DNS2 CA0 100101083000Z 301231083000Z0j1 0 UUS10U Test Certificates 20111:08U1Invalid DNS nameConstraints EE Certificate Test330‚"0  *†H†÷ ‚0‚ ‚Æ[ý”Hýjér˜C'AµbSCM5Íæß Ê’;ÛíÄZç˜-à>–d"l:R'‘@üE6ÄÚÜçífÌ/«|õ3gյƓ5óÓlv†éíCü•¤Æ¥ãõ¨ùm‚°½ð¦ƒØžm|ôwòMÅ_8«oŒ÷â¢&|’¿± +qèàųÀè…:n{ä5¼Ã´0¶„xƒË[ ‚ÜSQZíeûïÕ8æDwE£0Œ0U#0€±ªðãÏÌÒ§‰¦ƒÝÿnÚãI0UÎ@'"¨Ö&;‘þñíPFÎKw0Uÿð0U 00  `†He00!U0‚mytestcertificates.gov0  *†H†÷  ‚EgSÍ{ÎáÇ aMs §Lž¡`ñ|Ùlý µ~_râÅy‡U½s2ñM¦ýܸïQtX\þ¾Ôj3KÆÕ³þ¶ÎDf·È‹‘à"|G„Ö+Ï9„Fœ:ÇÅš8äàjKÎt(Z’ÜZå€àzåzüf”‡äžLÄ»P!©Aß… Æa½Þ #s8gÀˆ‰É¾gùr²@°„cÕl²Ðgɧñ"Íß’K1útNúñ6€Ê›!§×®«*ÕÎ(šÈ{îõï.‡#^k  -ç<[ë°•Vè}–_¦d÷ØÍê«Ò¼@û¸²…m÷ՕЛlÙ;certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDNandRFC822nameConstraintsTest28EE.crt000066400000000000000000000020311453642760600331110ustar00rootroot000000000000000‚0‚ý 0  *†H†÷  0o1 0 UUS10U Test Certificates 201110U permittedSubtree11#0!UnameConstraints DN1 subCA30 100101083000Z 301231083000Z01 0 UUS10U Test Certificates 201110U permittedSubtree11D0BU;Invalid DN and RFC822 nameConstraints EE Certificate Test280‚"0  *†H†÷ ‚0‚ ‚¸½ºP‡HÉ«sc‹yñá'Ýá¯D“†Æà~£/ c®Ì¿² ë,üžuÞÿH†þ‘¯>ö#yÏŸÕ#ªñÿP£éj-DHšDaÇœÊZC=Æîè°) §$0`&³Êï é‘ Înn·ƒ²9Ù1Õ#^¡¦Ù¾p1£›iXÉ‚ñ"Á,¹c$ç_øHli7K[œ¼–àÿSâÏiÑ‘juâ2´§ Ÿ©@i_?›Ú·µ[:L²# bLÃíи¹+§µøÍ :È–' Rò‚ð ìÓVWÌ^¡ö^cvI@œ‰ ">/½,ûÿ]À|^]VÁnA›£™0–0U#0€'IäÙEúl˜”lüí Ã$RmUD0U¯ ݪÜzq—)£S§G¦Tb0Uÿð0U 00  `†He00+U$0" Test28EE@invalidcertificates.gov0  *†H†÷  ‚†dæm!ôå‘yôòÔN¼hm㈒¦ø‡r#6&Å\*"…¤Sp(׉æ&L£Q·†*jžeĬ–§ æ¿Õsi¯&éù¿ë5FY 2ßðã U–h2‡Lþ'|X_Ë€*`ÂSqŸ‚ãZæwbŸnê±½í2acýÀ=äùVã¸ý“/nb<u÷Ï…çsd8}w»Èé˜Á ÖœVâ VmÞš³ÀSäU~ôšð¼ügh†®F–ôí¥¨¦÷%òõå§u˜íˆÀ¶YÇðèÝÜ2o[ø´ȇÍQ)B´Ô d«•}ˆ ³«HÏ/Ö‰?„ÑYãE¦˜Ïcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDNandRFC822nameConstraintsTest29EE.crt000066400000000000000000000020331453642760600331140ustar00rootroot000000000000000‚0‚ÿ 0  *†H†÷  0o1 0 UUS10U Test Certificates 201110U permittedSubtree11#0!UnameConstraints DN1 subCA30 100101083000Z 301231083000Z0Á1 0 UUS10U Test Certificates 201110U permittedSubtree11D0BU;Invalid DN and RFC822 nameConstraints EE Certificate Test291/0- *†H†÷   Test29EE@invalidcertificates.gov0‚"0  *†H†÷ ‚0‚ ‚žÏPÝ›ƒ¬‹ pXLeE„Åî1oK¡ÖŒ‹yÊàNªÌãyæé„I L\|B>áø6ˆ…í¤-9z€?Ý!ê>ê)×Å™;Ô\R :°Jé5-ÔÊ„ôò×y—jËî.d8!8›M=Æ¡œW¤àî<"yXèlM—½Ø ììs X»4™W«–µ£/°ä¸KŽìÄüÞ¡¥k&¦-x©š(µ‹áf+ý.ë4|ýÙÁÅÌãvиRé?Úú]Ì ö[^kº+›ãü°Æ)ãևl€¹’ÒÖÏÆã.=—쮑°ì,>~tèqCÓ¿\š²~:c8@×£k0i0U#0€'IäÙEúl˜”lüí Ã$RmUD0U*ª(F¤Šz7¤¦DŸÜ`è#]ð˜0Uÿð0U 00  `†He00  *†H†÷  ‚ œÃ–g›f#ÎHOúc®vÖ’—±¤# W­Ää<à'‡Ü°Ê1Z¤oü4AÝØ}t´iÄÕOÇž Ècbè ø¢µ |Æk-§oƒ¥Ø]<€Á_]½œªéjçkDN蜧Bgçxdd€8.Ï£0v#@,qƒ™§ç¸ýŽbhîø}§å”pæx÷X¾~… †ÓhêæMæ·^"]{Â}Z!×%Ìä(2ïÒAEîÁùT 6Ã{nui¯ÔÓ¶m ùû€aÂo±wkOCß¡£•y‡z$MíŽsG¾ý»¸Ÿ«lPŠ'¸è*”2ϪTÇz€ ¡ûøÞcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDNnameConstraintsTest10EE.crt000066400000000000000000000017321453642760600316350ustar00rootroot000000000000000‚Ö0‚¾ 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN5 CA0 100101083000Z 301231083000Z0 1 0 UUS10U Test Certificates 201110U permittedSubtree110U excludedSubtree11907U0Invalid DN nameConstraints EE Certificate Test100‚"0  *†H†÷ ‚0‚ ‚Ë\8‘?Fv•‚Ã}›G•HL×åÀa¾7eTi7y"«Ô.Ie‰Ô²•WIÿ>í;\LÝ£°—üš”ì0T`í³;SÓvÒ¤À®Iœ6ÞžÕˆL\Õ”ë@ÿÚz¥‘ª<\Ÿ,(‡·ÌŸ‰=LÊ%#¨²Ýå¼áž×•\¥$µŽfJ Ê.6×ý[yy ®„xÉ{Á4.‡ðiu]Ž;ŠÿSåÎxxSMËF«/¦ù1æ×ÿxþðÛÕæÄ=ü\\és–{"ämRróè¶ÖÍ"õò©æíÅdNyyª•Z±¥¸Wõ@Íq|Èë>} l|æk­FVH=ùnRI£k0i0U#0€ºŸ Ê9œNwZëû•¬Ó§J]'0Uø|÷ x2S‚×å˜߇ªûóeÒÐ0Uÿð0U 00  `†He00  *†H†÷  ‚ª¡sâ5 1–žÆõ‚¹‰³ñò×ÛßVßH[¨Ò%¨(‘Uçŧ©™˜ÜI]`Ýå)¦`—°¼ÌÝï ÀsÅLJ™ô%þÒ€)×–7„ãu¨F@×UP&‘–‰êCÌCÎE„‹˜Koâ×gvøš8?mXÆà•ÄH§ (øšU=Œ)ÜóN¯›g°‰Q¶CIu@F­^ÈЮ$>¤a{ž€ì€^ô¶ð¿¶Ô˜#+!Á¿Û6ÁìR® ¾ÍÛs[¼±4&&þ_1ޑͬÚË,Ûª˜í™dÌÂêß< ¢³ÑV¿ÃyÅù¡WÔ®f€y ïœcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDNnameConstraintsTest12EE.crt000066400000000000000000000017371453642760600316440ustar00rootroot000000000000000‚Û0‚à0  *†H†÷  0o1 0 UUS10U Test Certificates 201110U permittedSubtree11#0!UnameConstraints DN1 subCA10 100101083000Z 301231083000Z0…1 0 UUS10U Test Certificates 201110U permittedSubtree11907U0Invalid DN nameConstraints EE Certificate Test120‚"0  *†H†÷ ‚0‚ ‚±¦7böPÒÜ0I¼ .Á3§“èØÎ.ŒÉûQûØtÑËj_¡ 0Þ<­öþDkZœ®ÀÛÍ ­WbI LyŽkwÿó$¸’Í¥rQ‰Í€g2¹ÌUäú1Î2N vòÉô8î­ ^6<_g9õü‡xÅÁágòbA³LQïd¸‚|EK}W(ñÕZ9Y¹r0öÔ[ ~oÌXïEØÔ)5¿ƒ§›LjËÓ’9ªÚ5”>˜´UPÓ6§ð¡Ý *9´¿Î‚>h1?y¸¦íNŒ½lÙSSY‘µ˜ÖxÓêKeeòŠx62Ug„Ž¡Káv~MEש‡) sØDÉœÈý£k0i0U#0€á8C\ÎçKbÇÁ’öf‚ê0U… „ä²® K ÅA´‘½žþ90Uÿð0U 00  `†He00  *†H†÷  ‚}ˆšw¦v9[" ø<© ËS…°>?ôu¬ø4žò]ìÜhOÉøƯå¢ ©éŠ5>·zñl;ݧëM]2 ’?È&µž–ÏIÇôáažy<ŸÎ“š Øñ8"†áÜ$äã­ç•ÚgìÁ¾b9Û¼doö å6aã!è;D&åՅά˜ýEWÀöa Øô1D“Jé&ÇÑL(:~ú¾>ø†ƒêà¸`Ç·™Psøv"‚Ôãž·‡B¡{ ",¿Ò|±æTTÔ´–8%Kcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDNnameConstraintsTest15EE.crt000066400000000000000000000017021453642760600316370ustar00rootroot000000000000000‚¾0‚¦ 0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints DN3 subCA10 100101083000Z 301231083000Z0„1 0 UUS10U Test Certificates 201110U excludedSubtree11907U0Invalid DN nameConstraints EE Certificate Test150‚"0  *†H†÷ ‚0‚ ‚®ár; R$õû‚¡‘sº])èáYᦵ´b uTf^+¬n°CJÑå;†Ã·òŸ®ú”\›æô=h&3×Ú±:/­2.Z—þ_a=­J/ïxò)¾Q ²å¤Ç(î»–ÿ¶Î:ZF*¡„Á B@³êar¹ý™<‚pºõI_)çþ¿Ñ`ÙdpE¦ûtbë{´ɾ¬Ì>˜Úó‚V«˜Â¼ÎıٖexQ¾€ë©KZ§æ¨¶gá¦Î» О‚øÁ¢ δ×Ú £;™ëeSïÈ |%„ÙºÒÕ,fKÉo'Ämݬ¤èê¼wo^km9ÌYj±£k0i0U#0€€¼Ç.÷Žñ8{ô5ëÝéXÆq:”ªqæ¢TZ”ôRFÊnÚ¿x#Y[DX‹[!{›Ú1”»q¨Ö:[Og¡˜ h¼·]ƒ—è!Êú`ƇæíÁ`vó0eæpñ certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDNnameConstraintsTest16EE.crt000066400000000000000000000017021453642760600316400ustar00rootroot000000000000000‚¾0‚¦ 0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints DN3 subCA10 100101083000Z 301231083000Z0„1 0 UUS10U Test Certificates 201110U excludedSubtree21907U0Invalid DN nameConstraints EE Certificate Test160‚"0  *†H†÷ ‚0‚ ‚Ö`ðì^~¶r¶—ô;(Ñ­LÏÊ ›Þ^Y¸p{©pô*Öý9Smæ“»>è¬Fï4¨ä¶Gß”fHÚ]<ÙMj¥sf01`ð-9­KHrÉ?‹° ÑÌ&°ÞjîåŠÙ:¸S?¥DìYTsôCf„pN™‹¶0 ÿ¤Í)^Ûë²ÛZ OtËKµÞôÒõšþ÷}‰Ç¶"I̵Z> "¿íyV‰gÐM¿]-Ÿ Ú â‰Cî_gJ4Š$2j~ê¾yÉë×ÅlTií£dÅÉðû…-ÍL`Á„!D¯-m[þÅΔô°(ß±ù Xhëu­"ߣk0i0U#0€€¼Ç.÷Žñ8{ô5ëÝéXÆåLl[‡ý<öõ#e_Ej0Uÿð0U 00  `†He00  *†H†÷  ‚8ëâΕzD&qU]täóÈ@ÕÇ ÙjQ šO°–ÌÌn,(û7¨ÃD¹\T[ðeÚg=q{þ„±#0ÈïáÍ!œ&`DwUo•¦ØЂ< ¹¾®W¹ 4±fÖD…á· Ùü€}/ ºù¨Â£¼çJ Eüm/°I¨øZRN΢GžçØi"Ž:¨iýÿ6üc¬^¥£à qªzñhÇ$b,ñ'©,ñ-»!K’ŠfÌü=nƒ8I¤×»ßx)N0ÇòßôAEÙJšz¨bþ\äelâHwü!Ž’ŽêL· C-ÀDtPƒ¬þò¨fµ<’&¸š˜ËÿyÈ ±ÏÎcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDNnameConstraintsTest20EE.crt000066400000000000000000000016101453642760600316310ustar00rootroot000000000000000‚„0‚l  0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN1 CA0 100101083000Z 301231083000Z0O1 0 UUS10U Test Certificates 201110UnameConstraints DN1 CA0‚"0  *†H†÷ ‚0‚ ‚ÔLo©†ôdÆ›ý*Ï pÚ­vI×›˜:W®òwÌröù2"Ï"e°` â=$¦…¦ÈrðôÞùqm(¾¸PE’ÙÔÇðJ¡. (!ðAÉfZ‰L_êHï;¿„Öy<,ö&°r×"[apšcø†Ù”õÒÖEÊI÷îQbx­™øŽK;¨siPêYÃŒüCÅßí‹-)h€È&ܔƓ6m?ß œ6C¦w2bÈ·ó5¬s!»Ï¼òéǘÉeœQ²˜RÈù±eo´y÷¸:IépÛ²&ÝŒj€G·Îþ.)5}‘f™¸˜Pø+ÞÉuïIh·2 ü9Æç£k0i0U#0€AxBFÍN¨‚çá9ß÷©À üï†0UXJºà€òÈC<–²÷J²•ÖÂ30Uÿð0U 00  `†He00  *†H†÷  ‚Jõå£f3.'JnU’Gű×%sC@Ÿ\“bD€ºE‹•ŠUШ~%_Wÿ –7}Ð~ÕQœ2zŸiÂÎÈœ‡,qY¿æÆlDiL;Þ_ €ÜlÚã"œï„l!mgR¬òS"ë%F¢©Ygþo`´ 휲zÿÙR¸wòæ´å$€*vŽ²£ùÒÐù¸Öz.8zï¦hsåê{É›8õ×ç¿üRê27±íDÒÔZZêÑÓí=¨:[4•Uú¼N­ºq0‡“jÃæ‡,W5pòzž èû[x÷~‡ Tè~©èÒޥʜdš–„d^í‚#3€Êµ‹-Å certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDNnameConstraintsTest2EE.crt000066400000000000000000000016751453642760600315640ustar00rootroot000000000000000‚¹0‚¡ 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN1 CA0 100101083000Z 301231083000Z0ƒ1 0 UUS10U Test Certificates 201110U excludedSubtree11806U/Invalid DN nameConstraints EE Certificate Test20‚"0  *†H†÷ ‚0‚ ‚Ä„qí!’›K$Ù!QS[:G‹Y‚m-iû&uCƒ ì׶}F°@W¥+èkúC3@“oê 2LÙ|û`:0ç„~ÙÛÞ¸1¦O:_&\Xá£:Ýpg…¨¥vâ<ž2b¥ðŽ×ÒêŒç>P¡´e*NÓÚssÌ\…ãÇÚ wžíµ¶Œ‰=#—úí>zËÔºxE(áû8V{’ot® DÀÖSÈ$à5YªDÿG—€í•ÜçÛ’Õ0Õ"l›e¯ c¿B–òt.zšûOž…/:™‡ä»Iá8ë²ò憣K©6$L<ãµ\În0)jcreêÑð‘îì‡vê{£k0i0U#0€AxBFÍN¨‚çá9ß÷©À üï†0Uüsÿ¤âZ÷&˲B;ö µ§ÙÕ0Uÿð0U 00  `†He00  *†H†÷  ‚VêXñm\Zk®xBQA¬µšÝ°Üðµ–væFÖœäp†ìæ²gB\)Ë‹=HÖ§~¦ìn"¹„¦wfsS´pD2ª÷‡GÛßH<]ßôzSlWÚ×AÕ49¥*¸ØÈŠ¾ ZÒ«÷ª}ÖÚ' YlÓ}m÷oº¿Ÿ,w`ÅÄ´AûùP7'Õf½lhQõçs=/LÇBxÓŒW@s—¶H¹Zov[_2L¬—h¹ LJƜ³5e¾zZ½ÙŒjqg˜[‰‰ávD½E\ 6Õ_ øAõ6nT¥C-oÈüü¸˜^W&§áçÊ>µÁ¬æ\íuéQë+È2Ê~¨À~•6²8êw¥È#CK-EcÈÆÁ¹#ÞhN®]>tîJùCtPÞ@ö÷ ’lñ¶d£U"Ë•!·wªZ² È©ÓKÃxsQ¤ò:J¶[²=è‚iѬm»H¨Ü¥XY‹â‹ÌéëÁU6ÿ£‚0‚0U#0€AxBFÍN¨‚çá9ß÷©À üï†0U8©ÊâxK“ûR‚.TÝÙ®AÊ1´0Uÿð0U 00  `†He00”UŒ0‰¤†0ƒ1 0 UUS10U Test Certificates 201110U excludedSubtree11806U/Invalid DN nameConstraints EE Certificate Test30  *†H†÷  ‚¾2ùÊ­}h¢“ÒCáLÜÍýKüC8Žn1 hÑŸÊ2ÏÄ4¤ùIZŠxá®4â-¢ù4¤ÚA~³«ò1®eµ¢UAR­Gîú”‘× Ï•©®´ÙA䯞eT=õò±AÿÍn^D„SmNVæÈYz=zyUîÅo˜+ ©¨jO›ÎátxßÆNºu£¹tߢÇIЋj³X9)¸¡J›f„BÅŽp¶•œƒé옾—ym*R1þ>¤3©Ó§¯_Ëf‡Ò¡–qãË´DÜæd• l]:†¸n¾ `“?|ðˆ}UíÒŽ"·l•ñÙJ8b –qk冋ÿÔyt¯}certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDNnameConstraintsTest7EE.crt000066400000000000000000000016751453642760600315710ustar00rootroot000000000000000‚¹0‚¡ 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN3 CA0 100101083000Z 301231083000Z0ƒ1 0 UUS10U Test Certificates 201110U excludedSubtree11806U/Invalid DN nameConstraints EE Certificate Test70‚"0  *†H†÷ ‚0‚ ‚žƒD8Ræ|ÿ˜lS³CÖhˆúl¸õ^¥IÀ× °™Q4ÑN”J†Œ¼v³µŠA þ×7^ÓÐç±ÿÖæÓe%i# äÒ…æbÆ®Þ8êû,Ø29}Âü!‹/Dê( â+½ö œXcÈö5´0bGÎñeùÝÏ[ö ™d¯Ä,ǺýšO&?5ÐB–9dÙ*¹MvÅ®ŒœÂv%ÔíË#É"@ÔQÇ#yü Oþ~/Ë2sÝï«¥¢ß¯òår”x•ou„\âÂ/¦2†kŸ×h‰KÛ‚u”°©J„<åôeRSô0îò-‹‡)«\$šœ¾Àâ4V¬U£k0i0U#0€Ü[¾Ç7Y¤Š@t| E¸í"Õh7]ñé5ó-±0Çùsí¨ÐcºäÚ^âX$±?gQZïÂh¦.b¬KbÑÿmGǺ$­§…ODg%1«¯¿nôÉò78ÈP,šë¹*Ã3Dë„=lú´ø×’- ½†HŒs„æÙÁ@ŽŠ&œ"Ñ×£k0i0U#0€lI6­.X‰6QA;TR&$ÓÊu0UˬÍywÓêê箋 È5¯?rd<0Uÿð0U 00  `†He00  *†H†÷  ‚&¼³’ÝuÅ}‡F:ª v¯`gRÀºÊðó²[”ìÒ¬u¯wp¿òLr6®v¢PM>ì:+–áDoo†ü- AÀ‡–Feÿ¤Ö}·¦q„߃âüqÚK´œSMO‚ÖN½îµÂBðXYc⺈|{ùío¼gîPX¦+!ú•mˆkŸK ÄÓc”þëýß3â‡6°~ða_S…D|Üú̘ﷷDÊú¼".q&UrW©T×…JGÖêqÌËŒo.›EWáœÿ”lcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDNnameConstraintsTest9EE.crt000066400000000000000000000016751453642760600315730ustar00rootroot000000000000000‚¹0‚¡ 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN4 CA0 100101083000Z 301231083000Z0ƒ1 0 UUS10U Test Certificates 201110U excludedSubtree21806U/Invalid DN nameConstraints EE Certificate Test90‚"0  *†H†÷ ‚0‚ ‚²>bÏÓ¿Ž€ó¥gy²$·ª¹‘ÜðÂ)å&QƼuP®‰ŸWÂ~7Πçƒo •óB Ëò‰j¶ t\2îDâc<·¨Üþ„ïu~ ŒÉ/b†Á)ĬFèn2@§Þü¸íî4{Éñ†ea;÷ôr±,™a„àFª¦zÜ=Ø=Kioö—ˆéôNœ .›¬øÖ1‚0¼È(8yÊ`cØ°Rûñž÷ˆ¤8 åoø îW1é'ý.ü?ÃZ$ £c÷›éáþZü^™ú¥;ˆÕ¦}Ý(œé—ÛwXÊ4É…͉kRXâL]fè_níëe™ØPîA~Å£k0i0U#0€lI6­.X‰6QA;TR&$ÓÊu0UP¤16Ž×ÁÐÍ©àl«xν¬ï0Uÿð0U 00  `†He00  *†H†÷  ‚¨›”¦?ʬA)AÌ3IÎ2Æ >Õ_?“üTó_8í¸£…³I“PP©òstÆ –õÇ‘ü¾æKÂõò›<°º®ï7æà6±{hÆç伄G©J‹f9 ìjAã÷Á^•ž¶nÅã8BG˜='í¾UÅ7?A ¬"±\»›̵딾ïò!-~›ñ™?Ò,E6^Ã×5~aÎ\Ù ã7x Õš Üá#^öÁvíUOGù†ÔØ]/(å¿göýXûÊêq¤Æ”êé5àïœn®Ž+jò¨V»¤ðÏ11Ù›€Uš“&0 X.‡ÁöTŠ€ã„qYcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidDSASignatureTest6EE.crt000066400000000000000000000015231453642760600304570ustar00rootroot000000000000000‚O0‚ 0 *†HÎ80?1 0 UUS10U Test Certificates 201110 UDSA CA0 100101083000Z 301231083000Z0c1 0 UUS10U Test Certificates 20111301U*Invalid DSA Signature EE Certificate Test60‚¶0‚+*†HÎ80‚½°z<´I}æÉ‘Íc*ÏEhey%©e¹P˯j²ýÁsÞ™¬eÎ'óî> 1êØ¿{¶(ÿeFåÍ¥)ø/Á€uppA'6[:¡{K²¡VýªðÎBå6ï4Tw)š®cªI÷>®áÂùö‰2ÿ™h{ùÎ4]ñ|)d{4d­—c BÊŸ¸ ~:å3¤.[À`_mCF<‚ð~ŠÂF½:@ë§n-Õ„fxí0¬®M×hñ ønöó:¥•Ù)¼‘A¶n•õ¡;ò¦‘$Ttƒf NþKâ€"õÚ’¹ÉÍÜŠøû}©¬•øÉÌn"X±µ9,÷ljÂS÷hñŒ¸!ÌI“7ä/ó·XMJ„€Y¹¤Áú0þõMÞ&SçžZ—6ô‡RG6ÒÃ53êÔΣ´Àý_qÝAÏoúÌ¡É‘D®9ϵ<ëäß埓)RY†{´‡¾<ó)Oè1õÄyH‹q×Ý’|6]»°²‹çru¥©Äûø!÷/±u\òP„MÐÇìµààÎ\ø–£k0i0U#0€ÆŒtè{ ÈYÇ}<[TY`% ±0U†hú*IkIðE^¿b¥RÝ… `E0U 00  `†He00UÿÀ0 *†HÎ8>0-?¤ä똼s†Éu»±›?Së^vˆêö«}T ȨêÁsŸ˜¢certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidEESignatureTest3EE.crt000066400000000000000000000015751453642760600303450ustar00rootroot000000000000000‚y0‚a 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 100101083000Z 301231083000Z0S1 0 UUS10U Test Certificates 20111#0!UInvalid EE Signature Test30‚"0  *†H†÷ ‚0‚ ‚½!+792±X9¸nå‹»kŸ2 ÜÚù‚ß:µÕÖËÔÆÚf„â­ŠgÅå˜w¹Ú“ð\±³cÆÑâ‡+ºtýOÁ(Ž*¸Úcƒpýžu°ëmA³n|{ãrPþ®>*ÄXéPøC4î!”/{Çà7=L­ŽÔ|öæ#±ÂÝh/žÁO?B©‡U"gQˆ5¿éX…¡Æ¨.×êŒZï ¾}}øB×ßæ^1ûënÂ.LoŠO0Š®¸Ð.p ”†n^lÚ~à¦Ñ¤¼5ͦÎ@¯fãîÒjè”/Í´ÄEÔ1¹Xk53QC“áIê,ï|áÿOg†¶£s£k0i0U#0€X„$¼+R”J=¥rQõ¯:É0UÁƒÏ’A>ŸðRøáìnSÎd»â¼B0Uÿð0U 00  `†He00  *†H†÷  ‚³ðeÁÁ­(ò<…ýæÅt-uÂÿÓ€-ìñ·TŽi┪sw­ëOÎz÷þ¯V_žj“V{Û¸’ËÚ× cáã[ºÔè{üïž)T3í¦‘ô ÚüšxÉò%™Ð}èG°+W»ËlÌ+ ú@0ÎO‰Tž+Uµ· ‚&=âÆ‚áöwÃÛ´Kö ›Þx÷‘%¾Mº7qWwdLÉ਑°te&]÷mh¶ƒIöŸ“ý– i–Ò…^ñ‡h¢ë¹ˆ|¢G‹?1Xx(»8Ø¿F¦LtjjÝ5ËѹïÃERwÝ®Q¢‡‘ɤ» N¾Nà÷š<•k”Qâí;certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidEEnotAfterDateTest6EE.crt000066400000000000000000000016201453642760600307560ustar00rootroot000000000000000‚Œ0‚t 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 100101083000Z 110101083000Z0f1 0 UUS10U Test Certificates 20111604U-Invalid EE notAfter Date EE Certificate Test60‚"0  *†H†÷ ‚0‚ ‚Õ…Âq:ˆ J:¢Z#ú»üÀV»Ë,Ó"å.g ×iË–Àdz²šÏvëy6táƒI¾·¤¢B‘j%Ê)Xv‹ìüü5}ckÔ~’„ Îïî¥í¨æ”‰{—S¢|‚رË= FÄ+ËêÏïç1È€ö+ykŸÌíU"—#¨ÚœЬܱaíŒ\UY³ÙØ¥iÛ!%YBqQÕý­IÎaPx¥JˆU@VëýAž@ÏRVªÏ¯t ÃUu–Ø_ù![&$÷=U|T,jÛvÍËŒ3‘•x2X³yH›ºÈ£OÝìûË…UAi¬@£2/·Æk9â6Å@<ÎK£k0i0U#0€X„$¼+R”J=¥rQõ¯:É0U%èËwµÕ¶¯#_V#º¯­¤¡0Uÿð0U 00  `†He00  *†H†÷  ‚T_'éЧEUÓ}Uñ°=‚x3BÚÄ#N@kE[;÷oµJx‡ ÂÅ xØî%žaSJo>Ç åí»áñXo²Ù6 7ïã¡šìö®äþpj ù6ZY•¢ó)÷lÛøb9¿"ÅœGMc|äNÑq ¶,C:Ôc ÍÄEæ’†åÏæ~»³Z-n(`Œ­?q3ƒD|t$c ËïyO*êÖ€Â|HC¡jÁÿ8¡uVóZœ!ÿ Þ/™ÎÓ Ù­ìÀ@ØÔ,žJxýXø’Ý|B‹¿`ý¡©Rq“EÀ_«&ÒP싻ɛbP@ƒAïD‡(¬¯sˆ]ͺp9certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidEEnotBeforeDateTest2EE.crt000066400000000000000000000016211453642760600311140ustar00rootroot000000000000000‚0‚u 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 470101120100Z 490101120100Z0g1 0 UUS10U Test Certificates 20111705U.Invalid EE notBefore Date EE Certificate Test20‚"0  *†H†÷ ‚0‚ ‚µÍ´`ŸãÚ´”b'Úê³JÁ Ãùý¥ ÿrW©èÀË _‘)j*[oq¥¬xÕßÊèªÿSˆ¹m|ΠÚë7ÍJøV=ÿÿºN3?—ÁL*íRüùJéd ¥´ÚT‹ÈxçÓ¦õ«ö¥µ7Òuh}äVÁlw:Æsºãl;Ûݼöo)¤ ¡–Ø Wœh&"N‚á.`ÈjàmÔ4p AÀ×KÙbÿñÎÞùXÊ$X¿!g“·fåÄ6×ßæ¿9kÞ¬½“G®,Oû¸ g$ÿÙ!Þ¬lÃØJDrv½q9}ÇŒ aI{žý8:eÿßt¯.—£k0i0U#0€X„$¼+R”J=¥rQõ¯:É0U™t§=Bl/n1x•\tÕá\Áör0Uÿð0U 00  `†He00  *†H†÷  ‚=+³¥IA:òTógjfŠ9p/>™/ƒvNm6‰Ó¸ìÇr¥#@ÂYiJÿ‚ÉëÑÐËi.‰O4Ûò[.⌱“Ê †µNÖª=­ô æ]Aùkaö‚›ÊϨע´ÐÌ9ÙÕË3=غ†Ôªñƒk­,4²Òë¤Ë6uìK«¦ì·Ú¤pxÚõ)t ágDak8S3º07Ì(Œ%f-‚Õzh+}·úµ’ÝM)ð,Åv˜óúóâšàSpyxSù²µ<ÇÉÈ ÷OÐcz.TÇÆì}QÐc/à e&>”ûüô4‹7 ÚÖd<0“.î~ªcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidIDPwithindirectCRLTest23EE.crt000066400000000000000000000016351453642760600316440ustar00rootroot000000000000000‚™0‚ 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UindirectCRL CA10 100101083000Z 301231083000Z0k1 0 UUS10U Test Certificates 20111;09U2Invalid IDP with indirectCRL EE Certificate Test230‚"0  *†H†÷ ‚0‚ ‚¶nÜh}e¤Ð²nÐæ:ôõÖi D4ñÇIíè·B‡M¾Ä7Ô\áŠeô¦ Z]Jc]KËѪ™Ö@“Ÿv•…Ñ.¤J[¦Y HÇd€ÜŬsUÖåŽö°ÒnŸ…4<È¿øKÞì¶7É‚<%÷±´±w €Ãy3QÜÑåzuý#Ú²†jBøÂYò„'ëîÌý3[¢QèüÉveù\ÎÛqÄŽ•¶® ºÇè«g·ÿ½a9tÜoíkD·JÇÿQYlÔ½SXR&Wß÷¯}Û™?-œZ´‹ßfdŸõÜKmc‘û•;`8—Ï©‘ê§`+îD(šè#ç¯Ö¡ú÷mQ\à3²-0Ï£k0i0U#0€%ø¯ü¯¶©yKÛËd,‹K±Í0ULFe`ôbù#Nˆ#d´–¢{øCU0Uÿð0U 00  `†He00  *†H†÷  ‚ue»ƒâ|ÊA©xPqÄöœrGü÷¹ÕrN a¤v{.iExË sÇ â²4—+.w’½¾z™ºYÂè„ÂÁ"ƬªÇíR½ËPLJÂÛz•Û4j´»L‡8¥KIƒô\ÜR×+½ë²ï^ƒ¥€^Q¢1:Ù¦‹| ‹Òüø3rR!LÄÏ2˜£«Ü¯€šFÔ÷³ï}Wûz«í©Ä$9OôºÏOo—P³¢ƒ•&·È9Žòâ_Uë\©ũ˜RLV"qUkRÂw«16©™Cñ7ûLÜÂö÷1ö7 n¹„ºç†éëìIIÉ¿“A?"r§P³Â›”K@ïcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidIDPwithindirectCRLTest26EE.crt000066400000000000000000000017731453642760600316520ustar00rootroot000000000000000‚÷0‚ß 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UindirectCRL CA20 100101083000Z 301231083000Z0k1 0 UUS10U Test Certificates 20111;09U2Invalid IDP with indirectCRL EE Certificate Test260‚"0  *†H†÷ ‚0‚ ‚Ìš{2oC*[‡´ß‰Õ’f•k1Ð1„ŒÜ€{aì!âîÃ{?A“ŒI'ЭtÇ._,ÖÅSÓø~Åi@8!ÙNŸííуbß:ö¢g×ácá üxDíȦ®r±ôYçM©1¿¥Î*wû}|ö›Îd1£cÚ0{¿Û$½4{/>ÓTý}§÷Çô˜ú#ð~<“4»öhP©ŠÌ–z3mš ø„‡Î+·¯zzŠÏîH^TØy{6ü Ê !#~îÀ}1Ë Šêú,CÓÖØéõCÀX$ÆJ¤ì³ ê`»úÖgô/Ù¡Î;T0µ—«£È0Å0U#0€ˆ#á³³òlþ1©¾‹aª;’‡¤£0U›½Â)¨¯Æ µYƒtà¨2¸,0Uÿð0U 00  `†He00ZUS0Q0O¢M¤K0I1 0 UUS10U Test Certificates 201110UindirectCRL CA1x0  *†H†÷  ‚þ¸Ê·‡jÙÞÌÁåe¸5ô²žØ´G¦øò^]t ñ¡ù}WŠ3ðUõvBoù„<:z¡·úìÔšÀA ë/ŽÙp Œ›G[=‡< [pÎÚˆ+YÖ!¥¼ƒrlÂm7ë­©_ë'ZÚœð|óWмÀ2Ý…øsŒð¿5+8ƒ µ1v;0EécåS8pþÎ œKBÑ’E€¼g·XÑÎ/Oâbo]½•E®Ñ~xÚ «‰¨o2þjX‘]Úzµdf6JÙ¾‰ª£(/moÏo.·¯»´OôìÈSßÇx›VËŽ—_k=°>¶UFsw>P(¹T—m¾certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidLongSerialNumberTest18EE.crt000066400000000000000000000016641453642760600314670ustar00rootroot000000000000000‚°0‚˜  0  *†H†÷  0N1 0 UUS10U Test Certificates 201110ULong Serial Number CA0 100101083000Z 301231083000Z0i1 0 UUS10U Test Certificates 20111907U0Invalid Long Serial Number EE Certificate Test180‚"0  *†H†÷ ‚0‚ ‚Æ3 ELÒ€ª.!®€ÞµDh·/\3Þ¡Êó+Š¼[ñwð9CÚóødð`5Ë I»>_›Ý«y“”g¡¤±EZ)—„ÅcA›b =Á¼Äj!„ç·˜ zœå}Ø»£užÊ@µqG‹´¥[È '<5žÊÙÿPwQJñüùÛ5*‘¦Æƒ`Ê­+¡vM§\ö #ëvAí×0M™GmQo)à½y!è"5#XµF‰?x)QíœI®^hû¦É^†sîó΋BÍTUBèéݹ®êU¹ôFcaN³ÈzÓvc‚ÍcvÎ8w×½êc6åº*ÞMÐð‹K‹ál">«ó¢£k0i0U#0€ c·G®Â2oã:¸ê ÿ×d¤0U¢ T~÷pµ†ºmVu<¶ÿX‰„t0Uÿð0U 00  `†He00  *†H†÷  ‚Yµ›ÿæÍŠ›m cvJ¥Va÷Ùü„È¢;ªp‰Ó?©l«ëSçà$›n«=÷Ö'¸’1ʯ›é2”œ3 `",ô¥¨Jký ×™;ßñ³ÌÓ6%‚„]U–%™s 'åÁ„†wC øK6 ©ÚWilòŽ}¼Ƕ͘žT†Ð¼HêÏ°|ýH™æ€õ>fÜ1Ž&ñž°š8Ìu0ÙÏl Õ«Æ¢}î ˜Ÿ Ã…Òž FÈKýGâ¿A^¤ç[`‘üž[¯Y„Ð<¿î °|yC¥µªAIqí¿:ÔY°îªC9Ã+í²ïyi0ªÙøSñKñ£`(xaâ±Au:Æcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidMappingFromanyPolicyTest7EE.crt000066400000000000000000000016501453642760600322770ustar00rootroot000000000000000‚¤0‚Œ 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UMapping From anyPolicy CA0 100101083000Z 301231083000Z0l1 0 UUS10U Test Certificates 20111<0:U3Invalid Mapping From anyPolicy EE Certificate Test70‚"0  *†H†÷ ‚0‚ ‚Åõîj£ZµUHøçÅAmâ„«—pær°’sõ&ç8Šq¹þ,)s]`Å)Î{$D¢ndÔ47å¿Ê|‡ßY[(õY¼“þs † ÈV®½ÕÝÎ߈‰モÀÌ¡‘¦ Þ® ’ÚH_—ç™-½=p`Eˆ@«ðŽGg ²ò‹ð¦NºÚ bҜʹ§a÷X‡ J«íßÕ§¼žQ+–’ðb'Ð.ÄóG=ê< ã=;â®Ñµ/(‹û¹Œ1ý6˜Øê§]<¯‹¤+Ú”“aYÁ~Óù4^vmac#FŒY¨æ_³FAˆðº#ŸKôíC&Œ¹¥£k0i0U#0€hsà 4Ïr@Ú”–Ö«z¤o.Œ0U1‹ˆ“nwÎì»äG,«•¥,úÒ³u0Uÿð0U 00  `†He00  *†H†÷  ‚;ßD}`=©ìP¦dˈMæm‘B&Ë";µ0ÑúƤÑ>Á’®?YN¬ÙnNçîýapºKÄ6CBvYÔ y$ØË3 ¢rü},Œ©]q^fÜTî‚QÍÙ•4üS™ÉÏ€· ›«U‘歹Ø8a%˜W€¸{.mY—¬xk2yxé çuÈÏZ­¯ôOéF˯N“Óîúü©°®¿¤çÇ^Fù¯Ë§S}¥½*H¸¢±“(ÄpÞ€ÖÏ`èE‘úMW6T¹zab€2Ò‰d0 ÔZjÀxÌÿŒÿY«€f«Å,i…2ççáèåwDTC“ps_Å®+—15!ˆecertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidMappingToanyPolicyTest8EE.crt000066400000000000000000000016361453642760600317630ustar00rootroot000000000000000‚š0‚‚ 0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UMapping To anyPolicy CA0 100101083000Z 301231083000Z0j1 0 UUS10U Test Certificates 20111:08U1Invalid Mapping To anyPolicy EE Certificate Test80‚"0  *†H†÷ ‚0‚ ‚ÊõÕêÏÃËÍç¿}ÚÑ5¬U¼Þ|ÆÖAçés I™‡I$;öQy8…¢ÝW‹âº>N˜fÜI.\¼VeP¤áò0¦´1M‰›.ha]áÚƒšÀT®€›†%9°ֿsW¦©>jy Ë°ÞÅWG0¬Z’銔ìÁÚA(FQoOÁr¿ ÛÙ&1±uUÍÆ=kèR¯*ÂX® ” ÏÙÓ¸m9ëÓÕÃgvfÇéÅn)Zp±†{ï)'€ÿU}4uxr ôkÂ: æ5äq×òÉ=sŵRë ÃéA‡|$ª4„•ªÑ ©ìd$]=›H“2=o…¶¬ðB<5£e0c0U#0€,í“ñp”‹-“´˜Ò·¬0U¢ä|Á:1QòJrn±ƒà^’KÚà¨0Uÿð0U  00U 0  *†H†÷  ‚M£'ãA‰wû~ >Ö0ZÔÕŒN/Å’»{‡~I‰Å¯¡†±ù’ïm”ì\ž«1›mšªí8‰]ön¯ç´ôP[ƒÃn…3zý°õÊEøèn~§{(¢‚—Þ{š“¦µöÌƃqÔ. & +æz‹,lnWó_P¡öF{ÔÙÕ5LŽZ(¹¼Ó´GŽFµg.¢!ñ w¢TÚÕÖÖß›gšïëòUÞÚ+à—Cø’ %i_ê ‘¡Û­Î-q¬ž%ÊÔ ÝgùŽQ.¾ZQ¸¦±YýÈ ú^Ñ^óÛ‚¸ ½x8œ6×EŠ¬ß× ¶«&OH%áÿŸjã¯Í†}certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidMissingCRLTest1EE.crt000066400000000000000000000016151453642760600301350ustar00rootroot000000000000000‚‰0‚q 0  *†H†÷  0B1 0 UUS10U Test Certificates 201110U No CRL CA0 100101083000Z 301231083000Z0a1 0 UUS10U Test Certificates 2011110/U(Invalid Missing CRL EE Certificate Test10‚"0  *†H†÷ ‚0‚ ‚° žäГgãö6 ¶…{3‡®2‰ƒ¿°çmézàùy×’«{û+ &`¯ÿø–© ²èåa•dë‚–›Ò¶d„ëûz J˜Ñ"¼9:FÜûªrT„—*¹ö±e±èÐêÿ`ã7"N¦úÃöne\æ3*Ê[ÅÙ‡ÝÙVJr’xÛv®ŽžMÏ›2Úƒû¾©ôˆƒœF¥úß“ Sûô›˜äÆÛ FÒæûŸ[Itž!>}ëB¾«IZóû´U»æ“É Ÿº›ªO½vÛ WÔJOŠÏª­¬ñ¡\ìD9bX]žS¥ecÏ8À7m#–ºFVp³¡É£k0i0U#0€n®EÓùýÌ®ziý¸ÒLì0U€¤ÜÑ13çx)$Í™Ú0<U5Invalid Missing basicConstraints EE Certificate Test10‚"0  *†H†÷ ‚0‚ ‚ÏD;Uçü£õ/‰Ÿs'6BÌþ$5ņWijٕR¯”¸E»:E¿#á5wgß"Uƒªô¦onþG£*ËL\ZÉ0›½ƒ®nU[¤DCׯ" ñ%]±ÿŠ`î¡ÄÖ)=r(+… ÖUVäbyÓJDG¼Õ0Å2iúœä3ºø˯ÇsöÒ5±Bã?ºr“»Ã¸M†Êa[äî%¯M…¦È;iÉzðÖŸ¼Ðî%2‚Ëg¥;·9(¬¡­©“‚©+ùÅ ¶HT2 Ùq YšúlK¬ßšÕš±BŸQK,eÃÌÂå‰Ãí¹½çÙEJ»fÅ~š`¯b£k0i0U#0€0V¼OÆ&Ƶœ¡p’ÒùO y0UMððÈEPŽý(mmT¨$v„0Uÿð0U 00  `†He00  *†H†÷  ‚Vv p¬:¢+ƒ\³ÍÓÊýÔ’”ˆâÍ2?ÀZßNÝÛÂúEVͶ¿J+]8ØôÎܳådÜðÜ€Ó¢VJ}&ã­0™ä}Ì-ZGÕ—cξØá³i¤½ÚÏŽ6ƒq:xxºAYj…ý}:õ9<\Èé³÷¯á,Íly‘ O®Åcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidNameChainingOrderTest2EE.crt000066400000000000000000000017471453642760600315070ustar00rootroot000000000000000‚ã0‚Ë 0  *†H†÷  0“1 0 UUS10U Test Certificates 20111#0!U Organizational Unit Name 21#0!U Organizational Unit Name 110UName Ordering CA0 100101083000Z 301231083000Z0i1 0 UUS10U Test Certificates 20111907U0Invalid Name Chaining Order EE Certificate Test20‚"0  *†H†÷ ‚0‚ ‚¦{dˆ­MJ· óe«e}ÅæaÊ[†ïUV¶ã{l®åü³IÚ° ­NÜ[ãr4¿»=f"{‚ð™œó|ø;¡4ï0ÄFï$ËŒa”Lÿqªý¾L|g6I#âLw#»!S£Á­†µ€ ›µ·œB|Óÿß‘Ô[ÎïVaré(gñ}ñ«ˆü&4f ;g²:b -æ?QÙó7âÿ ½»€¯5(jÂ^Æ€°²YX÷Ž{ïvŸÝUÐ(Ì—ÓÌLÇDuŽ¹Žp—È`j_KE"ÀÔ\ Ó×K,G }!´Æânê qr, ¶Cg ó*6hŠ»ÓDñ»Ï£k0i0U#0€¿J‹›MŒ1Œ[éÌÝ/èyQP0UW!&ß(„Á/¤Ý"FÛÎEØ(X0Uÿð0U 00  `†He00  *†H†÷  ‚2çê§ôԌѧFõ&wMþ€_rîÞZ<ÑÓî1“ù;€“L{–ßEáp™Ê2À{˜0Û¹Åa7v—›¯‰…ÓÔOÓêZOIe‹Åbå ª˜‘µÎ}ÈeüdÚœ¹œkgC‰f¶hž`e3&Jà!c\nêÇ‚ΗØ$§SË"6YqÞã©·ÇQd‹¿>$ôÞÔÍ:“ìüð¡ýoi3êr@¿w¿ `œ‡1ÄxÑ/…Rƒ†|Èx‡ДAYz2<Ø6ž˜)ÅOúáÅGlâÍ ¥ô±ElOÒ_ ßäΡiÁ:'ÒÎ7ªUy­y[ÿÔ㈘˜àcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidNameChainingTest1EE.crt000066400000000000000000000016221453642760600305020ustar00rootroot000000000000000‚Ž0‚v  0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Good CA Root0 100101083000Z 301231083000Z0c1 0 UUS10U Test Certificates 20111301U*Invalid Name Chaining EE Certificate Test10‚"0  *†H†÷ ‚0‚ ‚¿§n`B`¯OƒÐá·ÄÁ¿˜uön#”dSï=âÍ\ò{gòÆŠ™™º:rX¡'¸¶^zñÿÇz¤9ˆuœÙ$Úç¶üV’Ÿ¿°Šï¢6r \Å  Aµ˜ƒ¿^²²Ï{b»«¹Õ°e®TÐŒªšNY}‹•¯v<® mñÎzR’§È»XþŽ©ònà‹Æ#-ÒTŧ-ùeŽܸ%pHJsžãƒCwnÏ@Ùäoµerû)/Î÷Á©å‚J[›o ó-g Ë a”ß[5<Þ\~ü-bŠÐHûëÛ‚ëηRž[;KÅîX–ü’ì%Ú2c]Ê‹£k0i0U#0€X„$¼+R”J=¥rQõ¯:É0UÀ;zµù·~à*C‚½3~^uä0Uÿð0U 00  `†He00  *†H†÷  ‚y˜.'Œ=b€pƒ. }Jr?w§Â2…¯59w±‰a,Áö›)ÃòüÕQ!®”œ´Êý¹iß'4~+e!`ÍNû¨¹ÖRpŒ)¬ë4¥ 0<:]š-¾gfFÅ¡&ŽŠÃïúÓ@Òóíõgói‡ŸGH¬”œy¶ç¦9’þ»*y-åmuµ¬éÜpÚ{ÛS”¨8K‚A€¯kªw*b•§¶íhn‚—w•lÀÞú¼îÚ.ÚJÃþ›R!+ø^õi AÝJÃZ©)Ë™^–Ç^›SBrÆÏ>X©1­7š’Åcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidNegativeSerialNumberTest15EE.crt000066400000000000000000000016511453642760600323230ustar00rootroot000000000000000‚¥0‚ ÿ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UNegative Serial Number CA0 100101083000Z 301231083000Z0m1 0 UUS10U Test Certificates 20111=0;U4Invalid Negative Serial Number EE Certificate Test150‚"0  *†H†÷ ‚0‚ ‚ëb[ÔD}î¡Irâ_:Î5õ†˜¸zA÷€ØÍKHa©9å;~G+ä64AR‰ŽéšsS 9-ÚÇ7 còíò]·>´Gêµ[ç©mŠ¼¼Woe –h#GˆUŽþ±YË*N[<‚8å8Av51™èhâF–®YãÕ¼wÙ`çËSW¤Ç¦v÷MDxZÀýkNÿ$ž?¤2¿6ÙôÿB,Yˆ º&)¦î6´6Xÿ•ñÿѯü³ü,Ã'Cg¬(• ˆ°YómfܬÕά@†¼ÑM•uyKn$ÙÚÖ%u+*rÆ»XWÐÇË– ŠŒ/½"š©šœ~¤ÝT%öt+£k0i0U#0€bä.5ÆÅè‘Ð ÁÞ¶¯ÚˆÙ?0U‘ô1÷²â˜I”i[£r¿ -«&©0Uÿð0U 00  `†He00  *†H†÷  ‚Ij•U›õ2-¢½nP+œ< ŸZ‡1Ñ€"{FôÒäî)ìºb«F£;ðÛ` óšãymÂà®9åWÒ±µ¹íœÇ˜rK2±¢gû˜þót´>†éÊ/¼±6²Áªº@5¸kó5Bëpz?’‰@³’?ßÈ–0 Ѿë$Ï!— ÅMÙîV…•NS@j3ÞÈÌÊl”IYm=ñ¦,p¥¡ÆÄËÀˆFÅâ¸_r±j«4Û=Ÿf'é/4ç# ù;ƒX8~W3ðe‹ 8ù†>ËqxßY”¬~^¢uÊõh9+¥0g'ÿñÙ½"Ùäž—3§_­åÿncertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidOldCRLnextUpdateTest11EE.crt000066400000000000000000000016411453642760600313640ustar00rootroot000000000000000‚0‚… 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UOld CRL nextUpdate CA0 100101083000Z 301231083000Z0i1 0 UUS10U Test Certificates 20111907U0Invalid Old CRL nextUpdate EE Certificate Test110‚"0  *†H†÷ ‚0‚ ‚ÅC¨mœÆ´gÖ#).y2göþçQ `b· mŠÉU¨ ヌP³e âÊtþxuÉ›•bÏt;”Ó“9„!`šÿ[Š!ã9UQ{-*¯Êdh]q Ÿ`œºmvú6Ê|i:ÈI/„Œ„lÐs}äT4ËXI³à¢Ì”tÊoªbÅ™˜QÀ¡)Ћ›]=$õdüÔlÇ=•Ôt,éæ2µrTÖ—ãFKÞ|.yÎâ1 ÷zzäàÿ¬¹­Ö„Z#ço¦¯’âõPøÎ oÄÅæŽ_Èàt`·þeVÃ]_ÕA·1‹#cþ¾K1:g]4?M´ƒ£k0i0U#0€ÎÚÚZÌŽ—ú )O¬–*Íx0UVvß  LÏL¦—LçhJT¥0Uÿð0U 00  `†He00  *†H†÷  ‚­hrŸ;H(äÿ°V}ÙÌìã êØ¢>׿•h Ôä9lûy»yçYªŸ»sdùV˜z3"ŽÞj}€±0òƞɗv‹AŸO>t°ƒ;%F¾˜Ó„CJ.@p pÁùñi;bº&Öè gnµá±á¯X×=§Qëó6Vd`BµÄoî9 Îʳ­P°)œ’ÆZ?²3Ò^ ÄÉ@‚"ôT툎D˜&YOMËa®z{ÖÊåG¥où3qdvB=Ï£0aÜ ìÃÂL€×líF¸zÓN·ÿx(”:D‹çªyû-ÀÓ;ü^Ü/Áˆò®Úÿy5ï÷ ÀTíŠ#©certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidPolicyMappingTest10EE.crt000066400000000000000000000016521453642760600310170ustar00rootroot000000000000000‚¦0‚Ž 0  *†H†÷  0[1 0 UUS10U Test Certificates 20111+0)U"Good subCA PanyPolicy Mapping 1to20 100101083000Z 301231083000Z0e1 0 UUS10U Test Certificates 20111503U,Invalid Policy Mapping EE Certificate Test100‚"0  *†H†÷ ‚0‚ ‚¨®Í›§jÃ¥>™]΀#1_–4ªH+÷Qëe ³4zÄÔü4.v"…˜øÎé a©Øk%ö›˜ÀסX‰á×ÜAð$a´ùV›Êm]åÔíÁ ‰/K½¡™®XT}´÷Ýrß…™5”Øׂô“èçÁ¸¿DAú¸î¹’%‹ËR¾áðEŽ6”~Û¥,cf¤Õ·GO˜|Ú%>E·ÕŸ\}4—ËL.`mš²k›>Nªaº{-a3”çàKè¢ì`A*§¨ê6U=µ`ú¼¨Œn`ÔRð~º4~v+¯š‹ÕÇ[6myöi—NÄü½ýÍ£k0i0U#0€[sy™ã®ÓŠ¦3Nxä ±äÉ0Uñ¿þèÝ臡Î8w‚6!P}$0Uÿð0U 00  `†He00  *†H†÷  ‚¯z—%âcÎsiIÿ퇟a¿&íýøˆ!(ªòÖâ·+*Ì–vºÐ/è³ìv;“!ËÎ(ÌÈà†Ÿ6]–R|˜ÈïŒ'ƒ“qÈMµyyVA,kM½½ó 1eŽË^‰ÕÌJØ™ëà~i8P{ûùæ1ìë 6z«n3èµâ& ,ÖŒ0€ $£#K¶Ð* œG˜ÏùK ×ßïê”ÊÁrs>®¶Žžè¿¹Cú;˜Ì@+܌ˆ÷G%îmúá¿L¥Œÿr+€‘Œ¸’Nf1ÒÉÃK=ç¬o£¢k›Xoç%åmP"C³ cá}0ZÅïnWÎmcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidPolicyMappingTest2EE.crt000066400000000000000000000016261453642760600307410ustar00rootroot000000000000000‚’0‚z 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UMapping 1to2 CA0 100101083000Z 301231083000Z0d1 0 UUS10U Test Certificates 20111402U+Invalid Policy Mapping EE Certificate Test20‚"0  *†H†÷ ‚0‚ ‚ÏÑ™ÉÁRýTÝ9ÞW*Tò Õ“H s’ÿ]ÍJ÷AâŸ00™ñÓÊ2ís§lÉQÓ|œÃüø/Ï/Òì²l ð³1öIš ²ž–§Ÿpž…㕘fÑÅ1åºÈ%Þ´NÖò«  9U4ÄL)äû„&ð¶sÔ+O&P`¨/ìh÷ÍظèË¥–È›»qNYõiÁCdÇ›Ìô¾¨‡ïäŽTV7œï#¡&6å¢õþðËÂLåL+>1‰xfö §ŠÕÉ®1ÁæN¤=:rv)lú‰ú£Sü x„€Ò^2ˆ²Ò~’‚”d‹–:*SG’¶œ32ÀÚKʱðtŸMÃ<-£k0i0U#0€™ÅxiË=3v™¬Då°þ¹ôÛÇ0U÷z‘Ÿ°™7žtÇ0u¬KÖ!½µ0Uÿð0U 00  `†He00  *†H†÷  ‚ÆÅ ˜ÑšÎÜ<'K]lîù‹á(^cãñ'kÌKÏK† œ+·K ¤?i|TœB(tíÞW‚QyLs¨nò²Ó,R†ÍHãúyǂݦ[”7(Ðs†È/Ï^‚\­Ïqã¸7ës$QÚjx…ÂNžºzÆ3­K±ÒnÛ¬bY2ÁŸÐàÔ|p{›…À3è€ÛÏWŽç%t0Ê^KÙq­*—+tx§VT ‡aál:rõ9RuÉq§8 nK=™çgmBüF¯½Ÿ ¥—Œ/ë®"ï¡z…9ÖÝÌ ã%“…†{) ¶p­9€a‚1M¹Si• ÞÙ¾÷9@ Y¡]²certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidPolicyMappingTest4EE.crt000066400000000000000000000016401453642760600307370ustar00rootroot000000000000000‚œ0‚„ 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UP12 Mapping 1to3 subsubCA0 100101083000Z 301231083000Z0d1 0 UUS10U Test Certificates 20111402U+Invalid Policy Mapping EE Certificate Test40‚"0  *†H†÷ ‚0‚ ‚¸ç zý¯ñ–))OÅ1€œcÞ’"iCKDA ¤É’'¼z¸ÕÍŸ€Yäñ YùsèèC§jcSèî×€çÖØ?…ŠÝ}B¡íHÃߣOB|Û}NUI•’Æô“Ý'G ˜àe ŸK~ÖFê {¿—©LÚÝ‚àc}²ÔX}TóQÊ~öáÉ‹øKdþª»¯s½ä‚Á”­ù׊¶ êž>ì6DdÞ¡Ÿqü žðw<$ÔË‹†©!ß@j G³ oIÂ6Üøëw"ûñ!p=Ça˜¡º†Pú@åoó@뤆w›•/ÝVj௕dôk ht®Pg RÉòuÏ£k0i0U#0€]9>åª*^-ö®h*­3›=›s0UòžQÊ[ºÇ¶Ú̶zA®âR×40Uÿð0U 00  `†He00  *†H†÷  ‚muƒ ·;„–Þ¡bÜlï`W߶»cëÆœW¶~&­ ‰ný:*ÓÅ3™ÏÚ¦®AâUŸŒ—‘ÉaÈI°*Kkƒ5ÔŸõ 6kŸÓXš ¸kK¸¥s÷[¿Lü' î)Ò§Éu#ñFÅâr@¾B¨ŸZŒZ ”\`¡H¶ãó¯qÈ¥Èêj&Sú‰\"ÎB¾saÀ ëmýåvrÞ˜*‹Îéˆçv3yð[ñ÷A"C¢2certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidRFC822nameConstraintsTest22EE.crt000066400000000000000000000017261453642760600322100ustar00rootroot000000000000000‚Ò0‚º 0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints RFC822 CA10 100101083000Z 301231083000Z0m1 0 UUS10U Test Certificates 20111=0;U4Invalid RFC822 nameConstraints EE Certificate Test220‚"0  *†H†÷ ‚0‚ ‚Òú›3}‘JíŠ'ŒiDÓO*ñ:äøA1zè*XdÔ ÿë¾QS9Œ5Ÿ Ä-|÷?š,”÷%åêw|„°.¸³ÞT’AmП”s`—i•8j8ªŒŒÔê·ßöT,F#÷µÛ2aÔmOÔN¤ßy ¾¬ˆI¶©V¶¯ˆœoX¯l‘ââ$ä{!ž`œ›ç¬þ¼‰°(*¸U¯EycÖá±+y. ¤Gr³xöø7Z‘4UaÜûªÀSkç—V°OøGŠå†ifîëè®@×Ûã Å/ìêÞ/3t:€ËcÊ?B7áDAd»f¬)ÁzI¯'½£–0“0U#0€ÈjŽ±Kª¥ˆ¸§‘Ûê3JèÕâ0UÏ„??þCÌ0v8ùŽ,žŠÁ0Uÿð0U 00  `†He00(U!0Test22EE@testcertificates.gov0  *†H†÷  ‚Oû-â³'ÇWÆ|ïVûµ‹iìPµÇ¯–…¢”Þî‹ìv ÆöIH{böø`¨à\ðœ²"û¼@²¨@ûKOÕ ©OÀ,¬­° Ô߃vjiN§ØØ°`¤Åo°lfxó£9ï*+óïFåEµùC›Z»n„Ôãæ³ûÐà_å#Õ=ªœ2ýôæ’þÓ›× *Õq{tœ]OÑ8·ó’ÚQZˆzJñŒ‹Vd…<”À`±µÕÖ07£°ÒFÈ¿Ñ9èÿØd@â>øîòφäKË‹ñ°L¶ø•ÑoÎïÏ3©¶SdÉÁä/¢ÁõdÆä)èUY êcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidRFC822nameConstraintsTest24EE.crt000066400000000000000000000017411453642760600322070ustar00rootroot000000000000000‚Ý0‚Å 0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints RFC822 CA20 100101083000Z 301231083000Z0m1 0 UUS10U Test Certificates 20111=0;U4Invalid RFC822 nameConstraints EE Certificate Test240‚"0  *†H†÷ ‚0‚ ‚íЮ+p5˯6‚¨‰]4@°¦,£5‚ ’¿ìmÆPžpÇ-5þ*ÓÓ&ä2:±u¦ed"X ý7žÐ—;›a¿WÙõ9y‰l*+ÄþìjÀ×b0B’³µ,ÆŸÃùÓ†NËù_ž~¯+Úºð'7ýŒð¨ÊÅ©æ&J‹B ºnî.ŒÈ·cWl”öà[éȶ†èÿ©øyz»Ð?Gé.; ¶“Û&½è—î=Þ)@ÂÜB¨\š:? <) O£mÅ¥ýèܨyAc›ÉpàØÛ¶F ¯Âì7ÈXq¦a#éG#ŒÜêQ{AJ‡©tÒ¶s™l«Â‰¼ž³£¡0ž0U#0€Q€ÍúIrH<íN ÎÎ@ep 0UŒ¤:£L·æM]÷ƒèrÁû8Ð0Uÿð0U 00  `†He003U,0*(Test24EE@mailserver.testcertificates.gov0  *†H†÷  ‚0øÞ‚Ö¡¥d} N¥5:45Œ%/N´.|ë鉼Í~($`´×r'Ϊ >É¡ãÏ&ì.{Jy%ÄaŠ„è'K/m4jc±gÎF2§›Ò Y½ö“Ô9\±”…WŠeùØ eɺ˜–¢þÞMwÇÇ TA–Á˜òRš°W4¾æ´qÊí.bòÝýAòHj×L­y¥xõ&Œ$¡˜ã©ßé1E–%NÔ š&ôWp)F}†ÄÀ¿)O¾rVK¾ª*Ê‘þç‹SIä²´$ö¿èë–û8® ªlSÑ2Nô#”:ƒ·>Ëöº·ìÅå¤#½£ ; ´Ž.ìôÍc Œ$LK÷‚;ð_u›yóÄÛ>ª² 8Io^ò'Ås\í’Gñ@µYò›¯ Ýལ–0“0U#0€šº9MÚ!u¯êAÃŒ±9"NÑÊ%Ïæ",ršiã  >öÈï”û×FŽyÊf­$#)wÞlÿF]ÍcC´´2˜¦þ¼ õÌÉʳ‚KÆ%~Ü"Aß}&,Ð*q½n«3c ŸT±”s[öȸ“¯V@…kƒ8å¾uÓ/êN“åNµ$ïÄ^! ?#; Z[­wCJ0Óm«á¾éO%<€¬ƒ‚-,€^¤Øbþp?PÓêÜüÃC—)êç#=ŸPé€u’WYi&<õGŸK_XûìÑh8CËcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidRevokedCATest2EE.crt000066400000000000000000000016151453642760600277670ustar00rootroot000000000000000‚‰0‚q 0  *†H†÷  0F1 0 UUS10U Test Certificates 201110U Revoked subCA0 100101083000Z 301231083000Z0]1 0 UUS10U Test Certificates 20111-0+U$Invalid Revoked CA Certificate Test20‚"0  *†H†÷ ‚0‚ ‚ÙõŽQ dÞÖGÑ@Í1ó[0æ…˜6!ŒÁRÐ~óP!žFþqùþP‹ì]…A  ¨˜9=lÚçð¬c#¬î"F¬LöE-|b‰E0˜”èîXA?7N[v¶döNhÇ@ªM{›B/>šL*¢Ú Œô‚¬²Î!&iqèW° 'Àï;5©O:"{,!y»—Þ4xeS”lùy@ý†?á¶!òŠ£Ò?|,ÞAS½…¢/D­J(¡/ ­®–¾6Á¶>O¥;f^tg ,Ó1|ƒ€Sû¥˜#Ên-AqÌá)FTÉÁüKÑK?qŸ®J,s‡ÛÑ–„äî£k0i0U#0€–o’™ évt»_ÔøûÙÏ ï0U¬ç&šÓM†ô`‰êä±ã‹hƒÆ0Uÿð0U 00  `†He00  *†H†÷  ‚rûw¹Žs÷%Ŧª/.HȈ¹H‡¦Ë .(o×ÓBèCèøTäSA1žˆ ˆøÕ‚¸@{Ó`}h¯ÌäEt8ÿ/î~Ð/Åź~!¿Š(ï|M!;Eý 7#‡í{fŽD¿KíK™ÿ|ÚôàÃû9u»ÅO´»¤¹i°„ËçœÞ5‚$”_Í–µÏ•.ŽÀ¸à1mz„ýüºûöï•Û3?Jr åcèN§W&„46‰{·–fËyr›÷NX’¥Ôà}ñ²Ì`A[^CHèkÊUê,r ú–»÷ë£/*¥ÃÕóöÈPAçKÏŒ¸ÿn9˜kùÀcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidRevokedEETest3EE.crt000066400000000000000000000016071453642760600277770ustar00rootroot000000000000000‚ƒ0‚k 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 100101083000Z 301231083000Z0]1 0 UUS10U Test Certificates 20111-0+U$Invalid Revoked EE Certificate Test30‚"0  *†H†÷ ‚0‚ ‚· ¢øÚ¡1ÔõŠ^ÞŸ`«SÛ"Xž†RÒ:‹}ý´Ù4¡jƒÉí]µ¤Ý•íÑ0 :žË¹èH͉6ÖA¥5DUaÂŽë/®Õ&]}dt‚2ãZá•vV¹ TªV\ÍKÙ¸€åbéáìÉDT‰A_ž+3ëü„Ý;^jÎ ÜîØÝLÉAÏ „ÅÌÍ7–HEkê/'yÛ4kêöû£ƒ<¡”ÀOe;Û‚~êE¡õï_e¡Àû Ècë»k,Û°{‘œý€=ïô¾æŒîcS”¼Ô¥¿fçÒ(æßwßƦÖ]™ÜÁ »¸bÞ¯5ßW\ÍÍòèŠëÖ¥3£k0i0U#0€X„$¼+R”J=¥rQõ¯:É0U¼½œÞ!õi ˜ÍhZË|0Uÿð0U 00  `†He00  *†H†÷  ‚‚]î& Ej½6Ê™Ç)` Â"1YhxYé}˜”€æ$”ô/;#ÄS Ü,MƒhÔ§Bzÿ)ÛÕ Ê;ÙžgD´ÃQèó õG}ܯ£BÞgq¯rYê¦~í»Œd2¶Tl™ÃQhR¥|È6MRP7¼ãP“Iö³Ù³Íy¡·¦º„ð Šo®ŒpT„H¹!GXNC´°mžBH^ë`eYi¸äk°Û«š‰Ê$âéÚP׼ȑè‘Nì2óÖÐH)6ªOŒÒÂõ± Ÿ*Õ·certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt000066400000000000000000000016271453642760600335130ustar00rootroot000000000000000‚“0‚{ 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA20 100101083000Z 301231083000Z0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA20‚"0  *†H†÷ ‚0‚ ‚±x`­ËZÒb%å9÷ü ¯Zñè¢TòÉ¡þ.Fž™ P0¼1§¼Œ]+DJï(9C€y‡ŠÄ^†zDଫ¦Ðð˜pÍIÎH6Ý3}Íý(Áðñ"¶‚, 0MYèX¬0§D¼÷€FÐêÈô.£a íɯä˜TûË“øé7§3+׌þ¨•U* ël¤7g½Ðïýo §`u¡"änµ*ú–]@¥–£ðò6€ëñ‘¶Õ¢8ƒVÔÁv˜\†Zôzá[Ç@ÐVOÖM³LüYyRÇJ’{_eºS€;¨*z}í|~ Ë•^G:¼ÉØ]+& übêÉM£v0t0U#0€ŒÜß~dÛb¾ÛKQdŒjfØ\££0UתãìxŽÓµÙ$ÄO©F‘8’0Uÿ0ÿ0U  00U 0Uÿö0  *†H†÷  ‚ÃìÖæv ì»¥©>ÏE§Þ¯rƒN–6[ù絨}³ìP¡Ü«‘Ù4u*aEá°côñÅ9lŠ¶ÑêJÆà#߇ƉâãR n¾¼¦A¸Þ áî*v§tã •œútVxo?f‚­'[¹\áî©¡q|Ÿtü·K¬áÿ‡µS£tבv´µ@H‡­rÎjsz`…b¶œˆ#{7˜›Ãªì¶d*P:IK§h~÷¨jø“€·µƒ_IXÙ†ñÐýaóLšÌßê®úPq4@Á¢ëý*wÍŽm§ƒìx‰†,ÍVðA ‡†Ê´ŸtÇ©Ï©U´¨{Žƒ”âvƒW;öŠcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt000066400000000000000000000016601453642760600334370ustar00rootroot000000000000000‚¬0‚” 0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UinhibitAnyPolicy1 subsubCA20 100101083000Z 301231083000Z0r1 0 UUS10U Test Certificates 20111B0@U9Invalid Self-Issued inhibitAnyPolicy EE Certificate Test80‚"0  *†H†÷ ‚0‚ ‚ÚÆ^ú}‹”Ué-›&H½`œ:¶‹)îÔ¾ ¡%Ï@ÊÿÏŇ™T%J®ò^Rs^Eö|Ð'¾zlMŒ‹À W FääÿµŠš&wZîxØž3 „ÉñQÓiêeiv¯4zÂü•ÃÌzWáMÅÍÂèßh×ßBeÒÝpI%`¹ô˜Ìù³¼Þ,žñ¾+õ:ÀŒÕ˜þo0Óå…52ö)o£¾×ñwÖ‹¸*5F–v©,‘$Í' (®F!õ±n”*c jI+c\,]ÒRÜX°:¯: åà½8hAÑàÅ°-ì•‚F¬2 y¢ÕÂË›" b° ÜXí¸¿D§e£k0i0U#0€}ÀœŠvùI3÷¤KŽ0u•;èˆ0UŸç2õ’f‡µ!(CË‘9×Øã>0Uÿð0U 00  `†He00  *†H†÷  ‚˜ëÓjþªn*ùq¿ :,GìßjCô¥ÀÆW Àz‡W¨º…ýöˆàÝO.ÍûqŸ[Îubu¢Sñ6×pÏóÉŒ –ü=­puæ“y’ÄÅš¼¤.RÉÌW^ JÉD©¼g^Å7€Mð0û…­´ýÔÓÛHÓÇŒ{²KÏÿÖNñ eÃÞíÐ0@ðmRõó›I°’<îSR¬Lv°B†´–¤µ#ÆE …ÕÑ3‚yäȮ䘬nñáÑ&X‡¾>H}ÅU…ªÊ€'*«³êIY¸ûº¿aÐ^V5{Ò4ã7ä~'~žˆïÜ)ù—ÐæÌPg78Ct±Þæfù×ã~7¶InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt000066400000000000000000000016701453642760600342760ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚´0‚œ 0  *†H†÷  0W1 0 UUS10U Test Certificates 20111'0%UinhibitPolicyMapping1 P1 subCA0 100101083000Z 301231083000Z0w1 0 UUS10U Test Certificates 20111G0EU>Invalid Self-Issued inhibitPolicyMapping EE Certificate Test100‚"0  *†H†÷ ‚0‚ ‚§”wë¿R‹;\™©#1Ke …øK±vgÅþ–„Dâ¾bfœÍ-01' Õâª'Ô¾{kØñ@ûèÅ#qÕÜK®Ãèðæ]Ùq-på±8ezŒm¢ÁÀ§UëÛ ŸÌ(+iŠ éńеÁýú€yöS$ R“I4ôÛÖÐaå ¾²æ`@qߘ“ð-~Z+i™Ü )Rê74Bv)ì­ ö7%Z¹#ÜZj l(´ÅÿÙtÎÏÒ¡Eƒ5óò´TuOaðy‹Ç–Aèå||]ò4ÇþB}ª­ÌàF»=º£k0i0U#0€Y¹ldêó®–ê¶Q\%;Ïíõ“0U*yxÈÆ#]ÔÁ0FZ:ž~ÏnŸ¬Xúê±ÔDMó¤û^>R•EÃ.âÚMtÖM)¬¢öŒŒgkÕ–°,Fƒ»;i“ñ ë¦ëÅÕ¢ÊTðr60È«2ñóÕpCí©TŠéK¤”¨óòe(÷Õ]Õ+þs úZJg¤ÌfEŠÊòORŠª­ªŒ8–'A©ŸZ§ì¡ýLj>–Ë”V57šY|Ö¼p‘ïÙµ&Í’$ÃhºO%HX3¦· ÅšµírÖzòÍhìTìÄD­WÕÙ ‘¬bmWß Žqš¾–B,‡InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt000066400000000000000000000016701453642760600342770ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚´0‚œ 0  *†H†÷  0W1 0 UUS10U Test Certificates 20111'0%UinhibitPolicyMapping1 P1 subCA0 100101083000Z 301231083000Z0w1 0 UUS10U Test Certificates 20111G0EU>Invalid Self-Issued inhibitPolicyMapping EE Certificate Test110‚"0  *†H†÷ ‚0‚ ‚íFëY?ã\̆ÚÊû§ë-åíñ¢ ÇÎMh%JyØ(å4Œ67b}X6æâ·Ö±» “];­MÖ €—pж ‡GëMh;‡Æ]NÞ› ]œr“j;BÌ«_%¼DŒ/š‡Þ ¼‰> w»²RÐ=áçÝKÇ'•M«{hùíIpMF¹­è'íVÁÕ Ü¨˜f ° ‡âFN·D¿×ÕÂf½‚©§†.™žü( Rk¼<4­‰Þ¦ñc%\4Ç{Q('%P+v_¾'öL̤óؽ¦Nš¾X9V+)¾ôƒÆu²8wi6ë›ÚY£k0i0U#0€Y¹ldêó®–ê¶Q\%;Ïíõ“0U°IŒì÷ÍT|pЗo0à«¡Ç0Uÿð0U 00  `†He00  *†H†÷  ‚J…ÛÁ'SjÜ‹ ™Ë<5ïrTqLÆ[Ã7tþXîŽÐôÄ"ƒc2ûd5™"jŽ(¼A…”UXd¿YFº\z’›ÂÿßÁÁÑëyƒ¯Äg´ä ÛË銀ŠŸo»ŒnýIDp\bÎöNµ„V¶ÎÉ ¾’-N¯†T  žÄׄ‰%c¾ ~úé+Kê] «çÄÙtLª ל>­Ãâ–@ºM¢¯ÿDnwVoOë+£Îé-þ¥”’Ö,ê¢×òî8Å=-ÎòT;âë´ÓF_ûÏËÓ(õ† ëçç¦é…ohåøo1 ’5‚ò<]Žõ¥(÷¹jd²¯ÈÙ»+InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt000066400000000000000000000016721453642760600342270ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚¶0‚ž 0  *†H†÷  0Z1 0 UUS10U Test Certificates 20111*0(U!inhibitPolicyMapping1 P1 subsubCA0 100101083000Z 301231083000Z0v1 0 UUS10U Test Certificates 20111F0DU=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test80‚"0  *†H†÷ ‚0‚ ‚¶ÔÕ›ÀŠÃ&˱pîM.F`/`x£§ˆÞ:K$#6¸ Ç0ÎЉ¿®I„t;ðÏÓJCóiö ‡W‚ÑŒÍùl#;J£Kj…÷¿Óbýð«Àd0³ó×%j6KeP¸÷ÿ!ó£­Ë;Û9Çp-câ¾F-Žû×Ä`Å|:5âCIs±À›EŒòÌ­qIS¢>/mì7Íqö'ª&¥pq&¢JW¨†°o\Íø¶R¤îÔ•k¼î9±|ª°Ý†GMQƒ„͈ÎåU ë$¢ÓÜÁ°Ä\4Ù×0tZÆ䆗o é„Ë’1A| ÊûÐøoþL*7ë£k0i0U#0€>Et¢‹ÒñVŒFfxp$Æ"Áž0U²IŸŒ_—ý¥@òU$Ce`º0Uÿð0U 00  `†He00  *†H†÷  ‚Ý×Ö´ tÍ[‰»È-ãC†ÇµZº*>‹þ—a6©ëߘ:ÒþåÂ8Ô\³¬%貃åþP|Èм*Dô Gµ=:÷âðõ4ç.ÝÙEЛ*¨6Y/õO°M?¿ÑOC¯jr7­v’nOêaÂô\Økï']RoD%pçmO¸|È_ jl%9ïËú9ËXç¡ÎxŽÂ1ª¬uÚj$Jº-žh|å{%¡I3,rèý˜´JqtÀžu”§ÿOε#¬+Õa¹9Ñ7¨ïl»„zY,ª+† ÔIzšP¿'ÊÁßÍè‡ØË¢8’.]šÿñÎInvalidSelfIssuedinhibitPolicyMappingTest9EE.crt000066400000000000000000000016721453642760600342300ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚¶0‚ž 0  *†H†÷  0Z1 0 UUS10U Test Certificates 20111*0(U!inhibitPolicyMapping1 P1 subsubCA0 100101083000Z 301231083000Z0v1 0 UUS10U Test Certificates 20111F0DU=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test90‚"0  *†H†÷ ‚0‚ ‚áì6ˆS´"¶˜%Àd0Txƒ8 ƒ e‹ø7Ð…¹¯\3=p´¿"€G+}ÛK±1 …êæGåD)Cúë2õ¹1Ã< 2 w«£ÝL{l³?"}#œ‰Bëß؀œôk£Æ¯øÏÿÿÊæmâ’‹$2a[£qŒ¡¸è| Dî£v0ý÷&C•ö3Gìwè5â¦öšÏÔA=Ìî­Š5ñ‘Eú.¥ IxïÞ&ž/¡ÜЩÄoï,!‘h¥ì±Éai‹á—Eè3•bK’*/l†ë"`¶¹á“UêôѯJY”{¥Ô³ËUÿvÀaÆ{u]‰tAÀŽã£k0i0U#0€>Et¢‹ÒñVŒFfxp$Æ"Áž0UP“ìÖÞGýwdi Éo†îd~f0Uÿð0U 00  `†He00  *†H†÷  ‚]áúkÐQ.é_æ§i¬§G¥pfx)V´IS“½@óGðm$'#C±èëò¦x¬ç9¾ó\˜ô¦ævU/94Ð;]BÄÅ­1á‹õ³ü)ÜULß$s•wÔP><ЊŌu¹M‘{–Ä„ÝáéÄ©%ïJ ‰ÙmÅTl±Ñ›_’ñPÊПY ¦súÕDIf˜ \Û ˆ³ˆ­ý(œMŸÂ¹åâT²]•µdbž.èZﳨî÷{É0ò-[Êíh鈎™ˆãÎVÂzŽxn×g{ߥU1ŸßÊ '[âée–¤))À;§ìù¹YC $QŸÊÕ/CHb{Šcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt000066400000000000000000000016601453642760600337000ustar00rootroot000000000000000‚¬0‚” 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UpathLenConstraint0 subCA20 100101083000Z 301231083000Z0t1 0 UUS10U Test Certificates 20111D0BU;Invalid Self-Issued pathLenConstraint EE Certificate Test160‚"0  *†H†÷ ‚0‚ ‚Å%¤¬hdªª4¬dÀû¡òÁ[ I•8ÙûApkz¦9„ÿîˆ~-ÕX!ظ:¸*áFó£ñyp7!µü´b¤µÀSÓ¶ï{†*ÆK2Q-Œ¡/ëñÛû¶î$fLÞrWÚ{q/å<ŽËph@ßü‹\ÑWØáÁ#³{ùT¬~ðítÝKI~=•ðŒYsâ´Òx%»FYB~.£÷ÉJ‘)hÌ‚~‹Õ!xàð’ÙÚ-Æ%ÛÖ~Üæ 6Ýæ]ùUë]bv¥e.Š±Dà %µáôãÓHn âÖ³Ê7…y¹Änö\iv“¥sÞàA–â‚ÐCŒ éùxPA£k0i0U#0€Æ *û¸é>h`zǗγXQ{vÞ0U÷Ç›Žñ¤Lû¢t±ó{U”é‰õ0Uÿð0U 00  `†He00  *†H†÷  ‚F•êXgœ®âlfãEÙI]¨Ç‹´ö\‡ .¡U´ËôÕI^€òL Ÿ >º\æ9èã}„|q=\ld@J¾;4XQ-yÔZv¦±–}š?½JK¡êU§hwŒ¡¼~ăóRŸE¢MsøÛ˜´¼ª"U¼ïô‡“Pv°Þ{ÀņÕÝwÏÕPº·à:õÛ‘ÌS‰ ¾ü2üv¥ý퉀yr¼ZRò»›7i:Ë+(e„d‡¨\câÍÇ™Ôk¬pS¢æÀØ:V Ç»†‡ ¸Ü¡ñCp_VÃ<^+'º£±Qñ€ÏÉ91j¢»é|y ½bÎv˜ùêëÇûƒÜhÃûNInvalidSelfIssuedrequireExplicitPolicyTest7EE.crt000066400000000000000000000016351453642760600344410ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚™0‚ 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy2 subCA0 100101083000Z 301231083000Z0w1 0 UUS10U Test Certificates 20111G0EU>Invalid Self-Issued requireExplicitPolicy EE Certificate Test70‚"0  *†H†÷ ‚0‚ ‚ÊGåŠhúù×$šáýfn|a‘^\?9¬%·Ÿ¬®×Ô5ýà€¤Îýuý?é!ѶgmÖã^% ÀÛsÒ@R%믪»Öß:ñ{Ü »¨ ؆!l éd?l!xÔ|æ5·ƒJêä]4ä¨ÊGéV¬Øhl#c_V̘ø¶þMœ©Ã”MÛ<ÙVÜ8s=gÐ_¸Nô(ê,Ðy 5uNíX÷ùŽ \nAm Ó O[c3†JŸ\ö÷ä΀è`?j3fFTÁ¡ ¶¦Ûã—3÷ÿw ·yQŒÎ0,öÇ ÄƼÓ±Púv6 SìÕ©¼~·Ãk‰gëÙÌ?A£+£R0P0U#0€ wþL0â³Q°÷ƒ˜G0UiÝ8<¿B9aBM÷‰¡d}`+0Uÿð0  *†H†÷  ‚½„Í, =¿¦÷·€¡4Š˜jW”«9H-'?Ã9¶UªCI £·S±,M- ¾×)ó·u|»sOá'¼Úza ¡CÙæ”q–pP£ëN)~mú²mŒ]fZ€Ë¡Ð?jŸçèá O’Ð ª”ì%’>0TEe¡ÐÓPœžSž$Gf”!s³óƒØûM'îðÑ)}RÊAH¢'Þ¸B/Œu”hêX Ú½V Sp©Qr.oåæ³n×›ž‘K„+Çhß|Ê)¶­ë®f?Åá£âUôè¢d8&ºŒådHå8ð×XæmÇÝç£ ¥ˆöH×(Õ|&#Í\w†ì„ž?¨ÌÀ§”InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt000066400000000000000000000016351453642760600344420ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚™0‚ 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy2 subCA0 100101083000Z 301231083000Z0w1 0 UUS10U Test Certificates 20111G0EU>Invalid Self-Issued requireExplicitPolicy EE Certificate Test80‚"0  *†H†÷ ‚0‚ ‚Ì¹é ®X¾3á?áZ÷TäTGƒxeoÖµr$¶\çXÌàˆTæ´Ë*0€¿MYr@•qqµ4 í5r¡\[VPãV} ÞÑö¼b ¥òÍ4#!QwòsäýÝì­äçe)(yvXñ´²8/uºvwÖ‚;Ý7Sí.שfx~ +øà V;Ý:6:_½˜~ õ$æ³çf2 4JýòóIëÈžž •_XJ£Þt™á"µQˆÂJç,a´ïÚkC=Ù6 C%¿ŽÃV€Öĵ€ }âLâ_•©‹È—¡½ó_|Ø bÃ7@ÔûznË„»NI¬¡£R0P0U#0€I gaVGÒY—¯"f0QwPªÜ¢0UÈ.•`´àâ`¢ù6Êz,Ìn¿«0Uÿð0  *†H†÷  ‚=xènàâc öšñü.n •ƒZ{Æñ)=£ã{P«#—ªŠ@òúá dyó|;lÆb(×͵÷Û)ð¸@Ђµé-¤§C•]Á«ÃepÑI¬ý$¾äEAÙîè¾gÒšþ¾ý:£V» ÅÚîÐ+a|`-jžÎ¤Ùq¶œ¶úü_£2áäI{pàø›Ñµ¸Øò-€‚Ô»Ããœ;¡QÕ‚t%‡É‡úd¢ªËšxëi_¡LªÎÓg_ºWê•÷©`Ù<×kÍð ¤Nÿ ;¨“:†Ÿ…ôÒ /»¨¥CÀW;8î FQçJ è]ÿF…S,vòÔóq(‚InvalidSeparateCertificateandCRLKeysTest20EE.crt000066400000000000000000000017001453642760600337470ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚¼0‚¤ 0  *†H†÷  0^1 0 UUS10U Test Certificates 20111.0,U%Separate Certificate and CRL Keys CA10 100101083000Z 301231083000Z0x1 0 UUS10U Test Certificates 20111H0FU?Invalid Separate Certificate and CRL Keys EE Certificate Test200‚"0  *†H†÷ ‚0‚ ‚²öï;r&aÚ´˜ú9o­y}øâ¯F1Šèˆ5cRyCž÷RѲ5¼6ùu°.´O.Å.®»¯6¥=y`•Æ]@Õ®¾ü‚‡P5ξ…Ëø+ÊBP¿a/ä¿ÿ« ÖoW°)dûå‡qšûЦWÚïY ;3˜Ø—Ë‚µ¡[ٳğ©Û?°qùùOG¸9V\ӌ碛©‡ÞŠ¤ôåô#ÕņJɉ" $*?¿[Ò8q»g` ,KÏŒ%À5³"!>K^sÉ¢±¯÷_m°ì§ˆþ×…0b]óÐ6³?JSÉxð³.`I¯ÿ%%ÒÆg¡‡@:ؤC£k0i0U#0€ðeÚ?ZÞÕ¶H™;×L¤0U&©7Ñ<ÖzáK(84'BfÄyÔ|Ò0Uÿð0U 00  `†He00  *†H†÷  ‚få§ ‰ô ‚ÙJU-ûší¾"sG‹ªV/S€Ôd+K]:NE¶œ œ$YE„óÕ­'Îî ‘Þ@ž¥›²InvalidSeparateCertificateandCRLKeysTest21EE.crt000066400000000000000000000017001453642760600337500ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚¼0‚¤ 0  *†H†÷  0^1 0 UUS10U Test Certificates 20111.0,U%Separate Certificate and CRL Keys CA20 100101083000Z 301231083000Z0x1 0 UUS10U Test Certificates 20111H0FU?Invalid Separate Certificate and CRL Keys EE Certificate Test210‚"0  *†H†÷ ‚0‚ ‚¸zÊ6Õnà£YIH”4«ÚsƳ6R¬s¦›éýL®„€°Ä·©Ê4]‚ıãHQ LÕý…•!ô‹†p8'¯9=Ä°jDQÓ´oL‡¦·¼x~#Î÷DHÉaö4Sã ÁYZÍFt•%² ËÐ: ]FtHGƒÖy7·C_׃5núáŸ%žPΣ«²ë7ç¼é5yl‹4&ígôé“ô(€âÄ-áÉIQjJIñ=ÚÓ7³B$˜@¬ÛŸ“€‰Q[+À{*\©‹`ß'¯œ È&™?í&êÞ™‚ÈcUKÜ—œƒÛ @Ê2_ägþ)ùËÉ«`:4§£k0i0U#0€8£8ŽNEö¢â@g›tà0U\|ÎP$¯¥wé+U½¹}0Uÿð0U 00  `†He00  *†H†÷  ‚S-Ïâj–žnµ¥ÄòOWv¥„Oçü¶N„°Úì,-ˆQk\j[ͱòPêìQÎà¸b‰š—ÿ|pT¯šSJsåÏäèîÈsªÉÕBkÁæ~êÞ7û/¥EO™ xgª³·~’&•͆@_BüæhÆ4KÑ[È ÜeG@‹%r/$nf¯L©©/ó›E;ÐpÕ-Ù…ÿ¹FÏÚ]«eAv®zUV0w— ÷o‘ê’wœ ÿ‹0«CÉf(Ãj:ðÙPP ÉuZ‘u`°òg÷mäû|¥b˜E-r«§7ï²v°Yb‡ø?VMB¶Íy»LX:Õþ‡ÕæÚcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidURInameConstraintsTest35EE.crt000066400000000000000000000017331453642760600320030ustar00rootroot000000000000000‚×0‚¿ 0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UnameConstraints URI1 CA0 100101083000Z 301231083000Z0j1 0 UUS10U Test Certificates 20111:08U1Invalid URI nameConstraints EE Certificate Test350‚"0  *†H†÷ ‚0‚ ‚°< ÑÏŠ.ßÃo–™¸}ÝJ×>¯8“ïê›Í'½gj 5¸°ÊçkùMÉiÁ•9 tÜ‘} ’ÎFh# nS ârx<äîÖâÀNçLVȃ3H&Ìtzã7=Ú—ÒÎsT­‘×Üe«´ÇŸK×SŸT´ï§è •9—~‹+dñIý¡,­ÓƒQÿ¼2Òl¦Ö@¡Å`º¨ì tá”ë&®OìZzØ‘ª¼1‹Jx¬ØäqVœåý]z@"o챌¯è8v*¸ÏEÙJæ3 \üÙ˜Vªs«a‰c! ™?)³Aê Elá½à…V£¡0ž0U#0€ú(­AÞ*hÈ#?&Þ0U¢Bà•2íåí¯ v¦}( æÓ0Uÿð0U 00  `†He003U,0*†(http://testcertificates.gov/invalid.html0  *†H†÷  ‚XúëZõ¡*êÓ2úCP¹/Ôã‡Þþ¿ööºH8¦À´í7ãÓäçè=° ¬-ÄM7\"WrûÄnâÜ»oæ£4|dñ;ê’ÞWMïïu%›÷¥üÌ»L¢ Á´¿üœfÿI Þy/67ó›4c * ˜Ä>£ª%†EÝNI¼‹Ý·ŽÌ€n®Öž"‹##™QuWÕwì³åï ź{k¦¶ú6Bº—Ö%°Ë$x‘2± î)ƒ¡&ä:L j:í™ä²ä"Õù?}¢_?ÎUH¬Ç„øó%y|´¦.é;¹fzîn¾Žé± kRG´ÆðûÖ*€­·ˆcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidURInameConstraintsTest37EE.crt000066400000000000000000000017331453642760600320050ustar00rootroot000000000000000‚×0‚¿ 0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UnameConstraints URI2 CA0 100101083000Z 301231083000Z0j1 0 UUS10U Test Certificates 20111:08U1Invalid URI nameConstraints EE Certificate Test370‚"0  *†H†÷ ‚0‚ ‚ͱºÓ¶+g»ï‚2‘ú¸þÃnm2ÍÏ®%Š¸líEØúwg¢·„…·™–O®Á§èã2¦ªïæ:úÇ›œ›õ¦«gGóB‡\~_Á3Ó 7…Þa8Œ(@¹¯E9ð» ðаHsrük&íë~ñëã{R­w@ ìâÄùÓ&+’dœõı÷:ÁŠ~òÕq³+Üżê÷ÚÌ\µl¥Œk¯#ê§Ïí ˜ø¿æ ¦3mví#úáÜÔZ©‚ÓöòÈ2®»æjìgõV_D2±Úû=5Ò¸[ štöD*/Óý†|Yo¼Ì5š9Ê~=Lç‰Y;I‘g´µ£¡0ž0U#0€Më‰qßð²úv:X±º`ÝŒÓÃ0U´ŸP6|ØT[yðŽv©%ò¤¹ 0Uÿð0U 00  `†He003U,0*†(ftp://invalidcertificates.gov:21/test37/0  *†H†÷  ‚Aö½”*Eê1V+…âÇ÷~þÑ ‘ü“­+ê%Ì>˜NÏ-lƒÎîoN%’ßÏI£ÂÒòº&ß÷6gÐÕÈQ?zguùðì=¾=i°S\áÂ}qGúYÏe€|T+€–K¨ZÝüÆøJÁ› …†B²Ri»I>½— ò„é0aTb×,^&¹Ï$b/Ç8@”zÁ— BžÁ|7=°¦—nƒ¨ÏŽ.Ê+Àn…'ÕÑþþ;ZÝaVüZÙa{øvgð§e/"J÷8¾x!¼O»Hp0¸^çs>2YGK0ýçêîîÚ53Çõ¸†æ1(ÐE¼¨EDÕÄ}certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidUnknownCRLEntryExtensionTest8EE.crt000066400000000000000000000016621453642760600331130ustar00rootroot000000000000000‚®0‚– 0  *†H†÷  0W1 0 UUS10U Test Certificates 20111'0%UUnknown CRL Entry Extension CA0 100101083000Z 301231083000Z0q1 0 UUS10U Test Certificates 20111A0?U8Invalid Unknown CRL Entry Extension EE Certificate Test80‚"0  *†H†÷ ‚0‚ ‚ò”$ÐŒ4FÚ2ù‹ù¶ÁÌQ ]~ˆž¬ù›±Z}˜æF.AÀzó¡6û§ R¼5áb\û4Fˆku°©Ä{=÷ñ¼ž8¢Ó|(I4Ç+F3ÈMç»-o´þ¨ €MÿîÄ›U{=þ™¯ºÞ¡_ø£…ƒ7À+jÿ Ñ‹è¦k7|ÂŒóv\ G!Ò¡´;wÚÖÓuXBûœ±°à˜ 6¨‚ä`3­)÷PT(þj,÷öD$(:m)§É²g…Ñ#‹.<âIÃ]]‹ »¨¸‰ieË€y­^5VÃO•/¾Â5f^ _ s¿ìðÓšD9u£k0i0U#0€¦Ë¡-M(/"óÒL7ÏÿL0Íê0UšáF%e†vZ›M"ÉóRWÀu7¬0Uÿð0U 00  `†He00  *†H†÷  ‚†‰»JÑ¡M‹.×ÃûN†Ž Ä­·©NúF- 7L³_”œÕ½ÑòÔxÌž‘ hœÁ«qï,×gñ×r#ùôÏ܉ũï·sƒS`€TÍ^Ž¹®ëÈiSPèÈ6Ö—X´Qq¡WátþŽÿdýìg–ñú}rò‹jÈz ) c=º¨âêz»ñ%–x‚fÌt¢W²<@ð*mKÄ‚*±Ú>·îË3å 2*Ês1ŠaÎÍA‹‡ÁûY(£Áôø£B ¡òcµD·ãî[ª7„=JïÔwvù¨Ì>UºåE‡“ó\Ÿ½˜¬¬Je? sD tëF;bö‡·ÇÚ×ealcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidUnknownCRLExtensionTest10EE.crt000066400000000000000000000016471453642760600321450ustar00rootroot000000000000000‚£0‚‹ 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UUnknown CRL Extension CA0 100101083000Z 301231083000Z0l1 0 UUS10U Test Certificates 20111<0:U3Invalid Unknown CRL Extension EE Certificate Test100‚"0  *†H†÷ ‚0‚ ‚¬oýÚ]©P Ãmƒû¸ ê0W.™ãbï%ãq\(àôîS:|ñ)ìvBüÌ\yƒ-èmIø‡Bšå{ìÛäÚOYÛÓéÿ$6Åçbf’,š ù-9Æ|Ä:ZXt.4`\,f¦œUܺÓí™g¾…êĹ'”å“<’5Oµ˜>‘Ṉº7ERz‡®ŸvLOŸß"òš¤†§vô¥Š-¯gÖïÐC¼HbµÑ%ùmˆyˆ^ˆçÉå5cjAݶÊö\C]žÊÚºÚxßyÄ ÜwâçýÓñ;Q€o·¿fï:Nê Ömì3'ÎjÂHÀtãk0i0U#0€ýÿþMÛ Å¢Ø‚Vë°Ùaã10UëéVw[³5ŽÀi¬Ï&TÛ@0Uÿð0U 00  `†He00  *†H†÷  ‚+Nqé³Ó¼ü^l×C˜¥I!W9ïl­Æ*øN°m­tâÙg¼(F,X&4‰®Y„‡¾•=î¶Uÿp[Ù’‚?V’i-AV^˜¹Pß®’³£”Ìn€R©¨ e+Äwo×”ÅÕ|–œ¨žI0ìNÎîmª~ì^dQ¼ÁƒØjr pꇔ×CÕÿ€G¦ø¥9J£»Cñg…Æ©þï×eþE¤ƒp’Á”u:çÍCT`9…ou0=+Ý]“.ÛÖ³ñ‡*o‡zE YòÞÎø°e#â£í†çUÛ²: l]Ö±é•ꪂ»™LyM¬J™ÜïÍÐ-certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidUnknownCRLExtensionTest9EE.crt000066400000000000000000000016461453642760600320740ustar00rootroot000000000000000‚¢0‚Š 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UUnknown CRL Extension CA0 100101083000Z 301231083000Z0k1 0 UUS10U Test Certificates 20111;09U2Invalid Unknown CRL Extension EE Certificate Test90‚"0  *†H†÷ ‚0‚ ‚±—kÇ7 ‹BË\fÍ_q˜%¬­í…Z™»ñ(ŒÕÁˆæ®H›…'ñ£“¨§ .›vfžÈÈœ/ÿÌY‡4p–õ幤˧ãyÍü6ÏÚK‚ŒD_a7·÷䔳¬™…" Þ†Ð<ŠB³ÐÉ¢ýLÄ?(+ŠbwÍ$Õú(g-‘vmjcÚD6m ”'¢ZÎôØê°3i3ž¨îBnä¼”xc?¡hÇâ¹\Tô*Ø°w´Tªãt³ ‚e¦àtK(ªC»UߊM* ø3}#wC·¹o}bÄ‘áò‡–¾2H„™Z "cÈn°»K£k0i0U#0€ýÿþMÛ Å¢Ø‚Vë°Ùaã10U¨‰ééîÁ¦f_ Áoõ+ð¦X0Uÿð0U 00  `†He00  *†H†÷  ‚+B{rBm\ªª#<âZ©– ]ÈðÑè½ÇÎ÷!…]šAª] 9•sW9ÕÁ­ó\Ç —¤Â”P©ÞVÅÅÖcVvÁ&îñQRžó†øQ'kï©åÿnfo¥-ôÂJ.C…‚5gIê&J‰w³Z¤OIs{³W4œFx†—«ŸŒ7‹Õ2¹¿¤oiåÉÔ0Ù/°Ï†K>øo8¹Ù\i oKÖ)Gø³º-Z‹øµŽJb;óy->è=>¾¸…vgÔ”0Ò>oßéc<¸®Ä|ëñ²JBïÝž¨,ÏÕ@à/«1eTÆ„Ž^'&Ø‹†mÍΗInvalidUnknownCriticalCertificateExtensionTest2EE.crt000066400000000000000000000016721453642760600352620ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚¶0‚ž _0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0u1 0 UUS10U Test Certificates 20111E0CUì¦ÅÎ]&l[OéfO[~¥ôÏŠ6"àMÚ[>MÑùÅHø€°hpBûÄïtÙC°¯ÿèþM¤´/&OnŽNÖN›{ø¿QÌëâO¶„má³!÷|±—,JÆbålMMçÇ·WE—$Oû6;Ä29 Gb–eÓÖéý}¨óZ€Ó‹ÎîäóÊçKø` H´nñ"6t X³E£€0~0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U ÑŠØ·H§žÀ&6Ä«w+Uy¼ÚÌ0Uÿð0U 00  `†He00 `†He ÿ0  *†H†÷  ‚’ó+úùZÈVYsþ©'T©>Ö9øû…Ð |ГâÃkGFè9ºf^ìªBUVô` ±«Å6^2ŒCŽv<³ÿÜ3³O`ê‚vêWúú:)%2䚯ÃË£./ØI’œÑ- „­°-.ÿà+¹Jb?Ñ«r­É÷l®{Çi¦.íàÍk˜v½KaxHø$$Óˆ8äŸGUÈÊ/ÑÛàz6mûÓ鯎ޞʎîˆ*4RªÃÊ…udV´Ó)dàH(zzL~ÅÛ@Å Í/æÓNâsÀÙŒrþ¤ásý<=£a<©5‹ÍN¸Kœ*»š\»ï€D·YïdÓ£EÉJŸÓO‚õcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidWrongCRLTest6EE.crt000066400000000000000000000016161453642760600276260ustar00rootroot000000000000000‚Š0‚r 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Wrong CRL CA0 100101083000Z 301231083000Z0_1 0 UUS10U Test Certificates 20111/0-U&Invalid Wrong CRL EE Certificate Test60‚"0  *†H†÷ ‚0‚ ‚Ä´”©$>}þ`oðõ†àÁGƒ’*cÍF½p_B+× Z{<Š“)td}1èBZ‡]Ø>íÜægtËÐÙðQÃLbµb)•4ÛNã×Ó¦9ŽéV`r-®Å8x­?í“D<5y._­X,ì¯ZnbÛ¿?¸a–9lðVÛr:|4‡‚(GíÇR¾ì_šeG4YFõËÞ +"5…N­¥þÓ·ëV~Þí jŽô6hIðî1Û##æÛŸ<Î@fN1—«-Ü/k×7™åçaûˆÙ>áGÚI¨c8÷ÜÐÒAÿíz"ùYÎÒ`Œ2©Ä8~t ”¬ŒgÎ×£k0i0U#0€ %Fà‰zQJ¯5¯ÍÄr·¨0Uƒf³H².}¬3¿ˆöÙ;ò p¼¡0Uÿð0U 00  `†He00  *†H†÷  ‚".U|ûèè 쥽#8 žMIˆÜQÒ‹iRŒšll¼ x3—j96¨'öIøŠ°}À)ûËápͺø—G;ß ¢ØÛÔvÁã¿eÞ–€Ñ ×Ù~€q”gdxàÜp©%Å2Dïl¥W£k0i0U#0€pßD/™sò6<4Ð Ñòí0U|¸{˜ì"ˆÊ‘PÚÄÂ.|R0Uÿð0U 00  `†He00  *†H†÷  ‚b¸PÐè­ÑS»ÛVhzìý½•ošDÉc¤^ËlxÞ(€Áß‹ëzó5“HŒÅLÈ{xóµëLUXâgJ6Ât±¸ó&Õ²äæt憩ú>’þ¡eÛ3À„ú.ÐöÒÙßw×:s*¤j»>çJ7ƒËÞU ùõl_·òFz"+QåwÞïŒÔg²-¨ï žaTÐäSâI,3ßcC¶† [ÂÀƒÏ×PíK J'Ä‚IB*ž õ}œ=OlÑbiµ` @X´á;LÀîŽ!Òͦ:•œÎ¥»)bàŽÇ&¼pÝÙƒL„wÄO(ã‚V±v‰în`0üÃHCfZƒcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidcAFalseTest3EE.crt000066400000000000000000000016521453642760600274640ustar00rootroot000000000000000‚¦0‚Ž 0  *†H†÷  0b1 0 UUS10U Test Certificates 20111200U)basicConstraints Not Critical cA False CA0 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%Invalid cA False EE Certificate Test30‚"0  *†H†÷ ‚0‚ ‚ã*95Õºé4 m«™%¹53Ž[±ùXü€AÑß QØhµh:m:äb÷°t’Y#û V•î´}LA¾vnñz—åŠÐ{ÌÅå’šøLUÆfv JeôöÖ¾~æxM#èsµmeÿ­ø‡±kº™Š¼Â!*t}ÝõñhP€Ê±š‹§©GäP=v{U Ý8Î<ªˆíæ$‡ç „k aOžgq5éæW„£¢Ï¢YˆbªSÖsçÕÏÝZÕ‹¹.(®®¹Pj¯N ç¹£Ä&ÌZvŸ@¹†9Y“àtö›Ì'zGgä÷ˆY‰_ÂÒˆ­&VÚ½‘}ª×ÂÁ£k0i0U#0€9Л·O)7¾Ó°ŠvêjžÍïF¾X0Uø[hýˆ)mÉ¿J Ž›ò­uÂw0Uÿð0U 00  `†He00  *†H†÷  ‚m¶A 9&i‡¶¢ÃDð"$ÿˆŽÚFÊ#‚²!ÈbÖè¤óÇ#Ü^3Nº;Ô„Ý«a:á@«/§;uBƒu)­¨›¯uÅ9ç3Üä~IÝß“ªHÊæv$]k:ü[_À7‰Jјm˜§ø #lÝ‘(o}ÜNð!©ðòuI¹×M71Ä¿ ¦?ºÇ{5Ü-¡¹‡?§ÇÙµŒÐlÆc¬p°±.9®«},­Q¿Œ{?CKË' 7•fR=²WqJ39nß’+?Ý‘ehí+õZwn‚êæ¸ÓÕÇ0Ñá}å¿Ôçq_eÏs¾Jš¨‡Ç_4dÖŽÚ¶%áá‚]ûÙcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidcRLIssuerTest27EE.crt000066400000000000000000000017471453642760600301340ustar00rootroot000000000000000‚ã0‚Ë 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UindirectCRL CA20 100101083000Z 301231083000Z0`1 0 UUS10U Test Certificates 2011100.U'Invalid cRLIssuer EE Certificate Test270‚"0  *†H†÷ ‚0‚ ‚»ÉT%úaW¾©Ä_}ÏJĈT䟳NEª;>^6d"é¢#Û†çg1ª©Û-b~-ÝÄûà Gå7?7t¨~×?g[pÄâÔµ‹²™–^yáÏ–:6ʘ ¹¿—™@´NþJ盼kL~{@nx3Ñ>13)'_×½| ’¼Ëó¯»oבy÷>“¯R¦XbL—7÷ƒØSt,GÌwN–ÅíX0†6g·Aº©þ'£EºoH3£h[–†$k ¬þQð3e¹´úrÁT`ú òÙµ¯¹gRÔ~÷–l ’ Çðõ0ÚÄ ŽRCm”ïMIU¢\Õ²·È>“£¿0¼0U#0€ˆ#á³³òlþ1©¾‹aª;’‡¤£0UU"pJöCÈéïÀÀRŽRv]Ïk0Uÿð0U 00  `†He00QUJ0H0F¢D¤B0@1 0 UUS10U Test Certificates 201110UGood CA0  *†H†÷  ‚_ßr§\u)ˆAp o#X¡düÎ ¶Ö¿õv }Zê/»à"iÌZz£ŸºÇAð{©<¹Ù–8Ò­ÙSˆ"W—è¸k„jDäÀeÒt ;gë׆ªÿmIÝV|†¢Ë‹¢L0þýïÑôò‚ÉbaéAÆ©hªûkK;5Ó1%D;EWyXªe朮™lø¾;rHÔv«ùàµ^½–D?ÈV €œònÅcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidcRLIssuerTest31EE.crt000066400000000000000000000021601453642760600301150ustar00rootroot000000000000000‚l0‚T 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UindirectCRL CA60 100101083000Z 301231083000Z0`1 0 UUS10U Test Certificates 2011100.U'Invalid cRLIssuer EE Certificate Test310‚"0  *†H†÷ ‚0‚ ‚çY•„b%F§•˜]cT)¨B+Z».ÏFHk3VÆUßS±ÆkIV¸º,PñÜ/¾¥C¯ÇÜ2×v}G¦ë×Qpôw·a"züÛÖJÑàG¢ˆ{ò~m„ó³8™,Ð7Õ`ü(\ηìõ0ß°Ò;’tÖåÉ6AàŽèU4ÆY6Ry&¹hh"ð6PQqô´ ¿‰×ÑgæäåîIOÎÖ#Å?ëŠóg¼K*4a.±ožÅ¿ŽÂÒ»6œêîA"½æŒni$ƒv´ýM1R€t7<妩¹¾ÁÌðÊeƒiŒÿt%€Ïãµjìê×Ç'ç¤4µÆÚb¡£‚G0‚C0U#0€É £l-wOÞBô ¶Þ*v10U‘ªíu’M“V³—Ûr8©!æ0Uÿð0U 00  `†He00×UÏ0Ì0É y w¤u0s1 0 UUS10U Test Certificates 201110U indirectCRL CA51)0'U indirect CRL for indirectCRL CA6¢L¤J0H1 0 UUS10U Test Certificates 201110U indirectCRL CA50  *†H†÷  ‚²]É Z×S–¶#Ãõ²ö2î(®©±³9þÔán¬¶ö4ÁYKù ÿþÂtcÄ»àë‹Å/‚^Dy,žJõläÒ…A!-öB¤•eþÿwæžk„)AYÊ©Üè¨b~©õ¤k%ã5mäÅ¥Üß{õÙÉx áæJY¿°¦íEšVîöÀfÛgˆè5ÎPWJ“O #¿æhšhø‰ Y‚Ò^sÜ?·s— c²¯‡ÁšuƒkîDæN—Á\ðK&¬m€'’½Ÿ©ãbË~9‚ÒÆÛ#gnÎÓZ‰’æ^•œ¯Ñ—Nšª ¬qxÉ™ê„]â&Iýo¸±_¡÷ÅÜ"#certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidcRLIssuerTest32EE.crt000066400000000000000000000021601453642760600301160ustar00rootroot000000000000000‚l0‚T  0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UindirectCRL CA60 100101083000Z 301231083000Z0`1 0 UUS10U Test Certificates 2011100.U'Invalid cRLIssuer EE Certificate Test320‚"0  *†H†÷ ‚0‚ ‚Ô‡*Pw–_d?ã§Òß‘³Í—›çŸÄ_ §F'^“'®˜ùùEºÁz ‹ ÃL–{’k*Ÿ#ÇQ ÛÖ\ ·èò5jìx!—å žà«© ¡Ór›5ØBÜNü£Èdºÿ:GNî €û¼¸éGèx¦Š†Ø{¦]rcUx%Ý„ÔzçÔŠ|ÜÝù¼ÙÖiÿX"ZT;¹³ƒq`ª‡|¦IG°†›70çjNÞTØäÉ{9±wK>¨ŠAò‘6LáäƒHö+z6ñÇ´'QGíGÆï{ÿ\Ô˜. %;Ŭ< ´ÅØ Ъ)³¹¬±× .ÈÊÛM¶Q„„+IÙ£‚G0‚C0U#0€É £l-wOÞBô ¶Þ*v10Uó,%1¬A@<Ÿ\üò+:¬Ÿ?¨10Uÿð0U 00  `†He00×UÏ0Ì0É y w¤u0s1 0 UUS10U Test Certificates 201110U indirectCRL CA51)0'U indirect CRL for indirectCRL CA6¢L¤J0H1 0 UUS10U Test Certificates 201110U indirectCRL CA50  *†H†÷  ‚~˜É¡Âe|~=es}#P$)iA³ÙÅ{®7Ñ ÑÍuêv5‡Þœ¢ ²ÿàˆÍÙØ Q&ýC2>a9ƒa­L-Lj‘¥I=uƒ…AÀ¨Œ~œ¯çi?¾8úì„æÆ{÷zc.»\‚wÕKcß»½v 5»g7élË… ñ¯UêŽ ‡»A˜åT¹÷UZýóV/[ýónO‘P”ëYéHQ}F˜HšJŒø<íMÌeDY(Ø{˜ -ÿ8ÉÓ”¨ûÄÄkìlmß KA›6ê>åx!*ë†Ö[k_Å®ÏV°É<áË$Ô6Q’ì4d‚ì¦3R¿â.9Ùœ&certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidcRLIssuerTest34EE.crt000066400000000000000000000020241453642760600301170ustar00rootroot000000000000000‚0‚ø  0  *†H†÷  0H1 0 UUS10U Test Certificates 201110U indirectCRL CA50 100101083000Z 301231083000Z0`1 0 UUS10U Test Certificates 2011100.U'Invalid cRLIssuer EE Certificate Test340‚"0  *†H†÷ ‚0‚ ‚¶LýH”<³‰Ñƒ2»ÐA±0åÇ d9"ÐàbF½“»zÌáZwôîakŒÓ+ÀwÄÕ 3Ý‘ óÑ×áº3˘¢Èv²–ïÙûö>÷9UYÀT±÷8â˜)°Y®!] áíI]ƒ"z¦a·Öqç»f©=Žk¶óD ׫ŽEÆuô û™²×¹eµO.d›fgþqc­G¥ûÈÐì#Ë 2´pŸ÷òŸÙeÇ>Ï[W“w µG8€nBíÔKbdRAØIÈn.î™`ôS«W¶ü®Ûý„‡«~…Ÿ¿'úÈž…ÅÜζ@•Ü°bÂ8^­±7 ,e£ì0é0U#0€÷ª½HuY€°Ïß#Ø“F‚³0UŠ#1ÙñÒÝ@E“AI&‚€þ0Uÿð0U 00  `†He00~Uw0u0s q o¤m0k1 0 UUS10U Test Certificates 201110U indirectCRL CA51!0UCRL1 for indirectCRL CA50  *†H†÷  ‚mTœWsœvk×ÇÛ²'?o`?¼˜ZµI×tëÈð®Á_iÓ­0q€d’øFÇÇ(Œ/œáh×—Ÿ»äÛdPÇ2ÚþT¬$]F„‘Ý\"¾FÚm³äÌc—jO‹Ùª‡ á>?]Ç«®d[3ó ¡_wJé÷|¤C ÜKXà:zØgz½Þ.ßéè_ÞÉ@ Zȉ\.MLºÙÕC7pòÒ°ö”ZÙºüÌÚùa•vEÃå+Æ¥÷Ò¢‘8º—ïR¤â)P<y³£é k@Õ#Ð ú”'iÏõ–w—ÃÀ‘Àç§h9°ËAèY½ƒ#Q0—?%Wcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidcRLIssuerTest35EE.crt000066400000000000000000000021501453642760600301200ustar00rootroot000000000000000‚d0‚L  0  *†H†÷  0H1 0 UUS10U Test Certificates 201110U indirectCRL CA50 100101083000Z 301231083000Z0`1 0 UUS10U Test Certificates 2011100.U'Invalid cRLIssuer EE Certificate Test350‚"0  *†H†÷ ‚0‚ ‚ÁÞøÅ’~FÐø[ôkŒ»Ž¾½]–œŠA…Ù¢“>±“¸¼]Kj}‘úúÞ³$Hº cåÜmÁùÍÌ Ö¼%LB,»lL(µ^h®ˆL¾ýÄÒòM+AÿÀÿÛŠfú§ (U ­#…l¥wJ#³ö|ûw›ok¬Õ£)Ë«M6àôéÿ·«^ož´¡ Éþ›ç‘å9/ô*Áç´çâÉJ¡ÊÅÓK…t(ª˜HÔÖÿ¬nî€PoWyÒ£¶Nü»‘‹»÷Ž3xP=._£¾œ`”í²}ÀHXí™ËN‹Fá<`?‡È{.÷öèÇÇy"b–bm¹Š ª³˜øR(”×á¡p‡.)ÿ.o5ä–Ë]^;‚+ijª?Áú>o˜-JVÔ@¸W$ Û‰öGŒ'„"sÒ gV-&´¸ !ÝV¦certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt000066400000000000000000000016561453642760600325470ustar00rootroot000000000000000‚ª0‚’ 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UdeltaCRLIndicator No Base CA0 100101083000Z 301231083000Z0o1 0 UUS10U Test Certificates 20111?0=U6Invalid deltaCRLIndicator No Base EE Certificate Test10‚"0  *†H†÷ ‚0‚ ‚›‡ ¨èâsIÌ£ê>ÓGUü'ªršâæw~Ý&ƒé4ö§Ñùb*Ë€.j•ôL—_Æᨘ÷úçáΈd¡Ê½›í«žYÙ=­ù¯7y×!ƒuýŽÍÖø÷°¢Íñv ,ä.‹)u’—Qùéú¸$ÿ¹ [§LÓÐO„ÛìAf Á^ÇBã¹W~Þ‡LLÜ?€šdi™•5°Üè!Â]/ÅÄú3Iv¸êë°¬8 XȪ&6¼.#‚Wz6ˆãöguö⤂í³ù¿‹Ò°ûc ‡§±ÀîBäÍfëΕ‘Âqö_›"”/q¯Œ@È ^"Y“4ÿ~ü¥(5ç£k0i0U#0€ô8v%«¤ãÀÈuŒkc#¶Š0U^^™Ü t€ }ö%Ê㲡¬çä0Uÿð0U 00  `†He00  *†H†÷  ‚Iýåo;'ï=n“!¶Bó~œõŠèqÖÉÜ~Eši8dCÊ¢«X.8fShG'1F]¼dûÐ3Ó)¡Õµïa;4ZUÏ ™i ô"{in/ˆ¿ê¯‰p­ãlü?­ìJÑ êÍà©?•PÑÌ,]B%§ËY¿<š÷8d”ð‹Ë…¯‚tì4CC05vÌü"¤@È„bVþ~õ®B»Û©†¹tÂFOš"@ͬî£v3 [†ŠIì,&}ž¼TmÜuéç“j¡¼ÀI"dÿßò¨¨Ü>'Gv›‚vÁù–ÇH€dÝ™øó8‚&ÊjxË‚˜®C̲ certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvaliddeltaCRLTest10EE.crt000066400000000000000000000021061453642760600276710ustar00rootroot000000000000000‚B0‚* 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U deltaCRL CA30 100101083000Z 301231083000Z0_1 0 UUS10U Test Certificates 20111/0-U&Invalid deltaCRL EE Certificate Test100‚"0  *†H†÷ ‚0‚ ‚¼@.xÚyCŸ\ eþñ1”ëç't¿“®W u’„™¼V#Ãy»BÙeÅr@¹D9¾µá0Õb {ì][÷*¡ÒÿÅ`œ[s1ñýn ¸‰k> ö÷¿ ¿,¸ÀâÞ€IFÑt­2­‰¾bêèÛTôÐ*ÑTÁpn-±¼I€ŒßÔ­/;jjb(°ßR·«ÖBŽ¥2U’´º²üÂ2O;%rYzŸd,èûí8£½’ÍÚùýãnµQ›‡J‚uT_a³"Žê9ÕÀŠ³ ÅΣFŸˆê}ŒUþûÌöEóµÉÚZ Š¦ˆLñ¶Á÷Ž«¯1§ZU?œÏ£‚!0‚0U#0€ïcÓ¨N±ùßaâ ã˜Ò“™ç0UÝYêXqt¿ÍçTЈšŸ”»0Uÿð0U 00  `†He00XUQ0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA30XU.Q0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA30  *†H†÷  ‚ªG—³õ jË,e?£î>!¯Ö4; •Ø’í²¶¯êxx æ\ö€W6sëùXj<6‹æøyT1›z³¥¨Æ)!²ñSi3ÿÝÁsüì¼0“œµÝ__-ÑÒ{[>€ E§ ¬Ý-4%ËDºˆu 0OS“v䔪 md)öx•Ï§•µ6Øç¿zk!á߯ŒXlètÈ”*6é·ýla~ÖãÓƒ`ÂRö1ñq7³‘DN.ÅïÆÖšRd³l[_çè*Ç;«iª .’ˆkñÙ¥¾Æð²ùȦ°?ËŒŸ!"@ÒÈmã8£&ê|¹ÜBÒ–1}GϬ½Öcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvaliddeltaCRLTest3EE.crt000066400000000000000000000021051453642760600276120ustar00rootroot000000000000000‚A0‚) 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%Invalid deltaCRL EE Certificate Test30‚"0  *†H†÷ ‚0‚ ‚´¶ö¸r—B)zAb…=´Wži|%5ï¬`Åñ8l_ëR¢ ¯T-à£íj«®ÎMžmw’¨XÌšJhÝÎô‚O|4mòžu7É‚§·ÉgxåUcä¼É÷1æÚê¾·ìÂ͹5,æ)Ò&kmdÞû³8eÍcBê—X}G~B­£äVXÆe|ÚNO‚Ù•ªÂœlÒ“ ªÔ?Rù1ÈÌÙ‘bæVÁà8æΰb˜(ˆ•_îé$tÔÒlù¢¹-ßë¯cЂ_†·'ëÝNx½YNpñÿ(Üкit$/ÐC.@ŽD8TŽO¡ËºHž&W[5Ûºßæ«£‚!0‚0U#0€w#åv„È”?‚Ðêt±à¤/30U¦Áå8e¥Å¾™ÖÆ}Yí¡à²Ø0Uÿð0U 00  `†He00XUQ0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10XU.Q0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10  *†H†÷  ‚`y 6áuºq[Á‡Ò« 3ØšMïmq^q3ËÐCØ™¢ôÅ ÄT¬Ó|õ2bÈ“ªuœ¶Ž­zr±ˆAÓ’w~‡U†ŒÛº€ËÉ+wI+¾¯i`ïã Sgyyù’ú_;ÈZ1/ ÝÇ%@%‘yÛŸ 1\É$Þ4?ïÇ­&·î¼:+*a³€&?oÀ8Ò&»pA]ã(zú æéŠá|à ò]·ûÖ.ÝQSÀD_£Òu½9u׎U¬_¬ Ø®·(Ú]wrxr+ŸS!€ÚHåEyV+[c´à É䈢ù3㣱÷Ï0ÔœÓè›úcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvaliddeltaCRLTest4EE.crt000066400000000000000000000021051453642760600276130ustar00rootroot000000000000000‚A0‚) 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%Invalid deltaCRL EE Certificate Test40‚"0  *†H†÷ ‚0‚ ‚™ª$"ćNµRN‚¨ÂG[ÀAÈÓ!ù”è­lQ¹€œ˜W;T¹pV£µ°)‡ñlSä<å™Å››AVMul৑mcKÖóEsèB:3íh]¥T‹jÁk 5;fU ¡ºxù5£GSx7V¿/Ž¿þ|‘êæQ-í… ~›)Žýˆ†¡ Ÿ#°`„žnhÀ‹‡ÝâÇ5_Âjp¯… ÜÎÕ&GÖ¿ô‡èÙÎÙì†99b»sì0ù+C:"þä(aÓܨQâí¯ÙsÄqØtæ4ÒÎ2?G6-¶"­å 5øäô.o‘LFèOø§£‚!0‚0U#0€w#åv„È”?‚Ðêt±à¤/30UÈÅ…3ŠúÃX¾%zO`š6àœ0Uÿð0U 00  `†He00XUQ0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10XU.Q0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10  *†H†÷  ‚X†vœalü'i¼7<6]bÐ{ :öãøë5jS4Z¿æÀW–ÄÕñ®Vß¹ýH+h`o˜§Â뾶 Ô-#²í•¶d„H„äµÎ0ÒéΞjo6Ô{=«gH%pYÊ[s*¨}çéF›žŸ1Úï¾ÿBYɳ½–kÑnyîâ‰Iú+ºúØ\‰=øû@t_ǨHB#Źòl0׆Ž}xJy×ËHîWˆgìä †‘$yAA‡™ÐI¶QÛ«¦»–Tðd뎭 í ù0vBž-èÆ”S³ìŸµpéµDÓ1‡1ó¨÷ŒGWÍÀûÝáÿô>çx^LÐß´R“þcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvaliddeltaCRLTest6EE.crt000066400000000000000000000021051453642760600276150ustar00rootroot000000000000000‚A0‚) 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%Invalid deltaCRL EE Certificate Test60‚"0  *†H†÷ ‚0‚ ‚¡vWâ*$Te³Ô’Ï‘ÿgäA{ƒWHLÂK0Jýõ-,·tq¿ô]“c9ÐIÁõªiŸ#,'±õ—cÈW—Õ¼Ôîq üèªVln” f¶Ô‰:¿#šVHw3hQ€Å¾x+ÖÊÄ¥ßö>¨ :ú¹n½§•§¹h a§ ev9Y|z¾hŽËhW^!o¼£¢(Qήtî]{kïNw­Ê0à´ôÜÏ:¤báÎBŽa3jÃlÑ·(¼hfEòôïÇ¥‡Åk›/Ùsx% Yÿ*29ÓüGáCÎG¾µáP˜€&B.QåTL Zéa»ê|6¨~Q™£‚!0‚0U#0€w#åv„È”?‚Ðêt±à¤/30U²’)õ¸ëç ÓÆàkk°8„8?0Uÿð0U 00  `†He00XUQ0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10XU.Q0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10  *†H†÷  ‚52rï¤åà̓úÊYk;ÑÒnx@GrV5¬Ú¯¿CÙÙ8†/eý¹í }*ä_¤} IŸø  ~gåFÓ ÅMînúɆiâ·î¨p7}">íe`õ WŠÁ¢ÆIÛŒVm5=¸ã¨qµÂê3^9ÛŠ¢¯úƒN=s£ftê•K_×Bá#T­SúmtaK=X^«ƒã"˜÷…Äò>—UPÓ¸^*f¸û7 u/œÅžjW¥*6Aâ}hà ñ ;!¨î8 ²l L(€T)ùT¼¢–Šœ™ù'«’³óáH ¦ÄäáFª ,°ùvˆRˤRŸÚÉøÿ['öÝžR, åFÆç¿J'Ç‹pPÍBkF<ìË\–4™eoÊAŽ4QÉ 3gºÝ˜ys[vZf¬¤¥O÷§4Æ9yf¿…G?uŠÃ‚€J†=Ÿº0·ǘZ”ÉP|?4_ª¬&6’dŒÄóÅR(ø{(!gg˜ Ý&²ÖñB£H8Å<*Ócí@LÈj'é(3u©ÜTGÝúj 7ÅðŠº6Ñ„é#mæ€UÐef°—£…z‘ŽdÒ°4¼ü#MÊèKúÕ¿rê?Ö…?)Ó¾ö}ò )#n%!¿îá8íLŸÚ˜S«E£‚!0‚0U#0€|Øö¾LÎÏ·?¡»3«µ×ûÄ0U”w¤C±U¯›¢ Ùjn™$¹ *0Uÿð0U 00  `†He00XUQ0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA20XU.Q0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA20  *†H†÷  ‚I{=V@0<òýqƒðâ@—úÏÉò°f¬¦].êoIÖVî6!¸&qÏF¼MãEéJ8DŽ+<'Í2… Ù‡ˆŽdð ¨Ú˜ àÔìË}äƒà¥N«˜Õ<,Õ•¿Õø º­3AЛΪp®\ŸOcÕïâKp<Æ[î`̸îŽjýÉŒ ½¡²x×y…í(ïœ+¿þ}GÅ•SÒÃytÔ}’7¨ºwaÜvpþ-¸+Ó«rDákòΪ4Qì`ÿ¤€,@rØ+ËçhŸ<†_›Ÿ=H‘¢y¥ø‚r[Áª{ƒ‹sg&«‹W;ÂMíT‘ƒiìcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvaliddistributionPointTest2EE.crt000066400000000000000000000020571453642760600317160ustar00rootroot000000000000000‚+0‚ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110U distributionPoint1 CA0 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Invalid distributionPoint EE Certificate Test20‚"0  *†H†÷ ‚0‚ ‚Ó`ﮊ9 ¸Pé?øÝ–Ÿ– gþo%ÿ7é>œ²ÊËV¹‹YD–i*7ñ‹´vÖ±¿† ¶5©VÑh Ý/Y6¼ÒbnEÏj,e;ºº5è8&fDÒùlq¢Å1ŽŸX#Ý'W9p•s_ö;XëÚèæû¢±ëpšOFE¯¢vÆÍ°ŠŽë0¾EÇ›0»Ä:Œ´H-jȶ.ÝSø!P18ݵ¥‰~¼›|É'µƒx)ÈoáNE&#ŸI¬ &¬t,ñ]4Ú¹”›Ô`"úz¿Ûîp7 : Yàƒ”t3gÀ9CîÉŠÛz£f5ç:§†ö'Ë'Ëh_EÅ?‰ þû.üwÓÿ‘«¬ûK$ê‰<'tp îþÛxâiyÇ’Iö¶ëqd7±¿–òXÃø~øQk¨Ù:2ÚmÐô¦ž1¯¯Á€›ž|>æIùÁüœcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvaliddistributionPointTest3EE.crt000066400000000000000000000020571453642760600317170ustar00rootroot000000000000000‚+0‚ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110U distributionPoint1 CA0 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Invalid distributionPoint EE Certificate Test30‚"0  *†H†÷ ‚0‚ ‚ÂLGþø§xi&BG¬ÎÏO–¯†3é ô÷ÏõwªA:§µÀQxXjnCu Ã¥ÈD¢Ôºæü[ã$çÏ0kéÿ†½Så¼'ØGòͲË$6î4N ½ §7vò¾pTÃ\Éìá`ÌŽPQp·ì:Êß_Í‘8àÛ¥/,­Á*oÓâÂÀ×|uÚj\Æ€(L£LS 'H¶<ØûßÞ>Z?…ü—/×’À œó¢Éýkîð·Ž|‹Ç©8 6JÞ ôŸ ž×„nh¿ª¤SnDÑH›Uƈ#`÷;û;’ÑﻹZnõx¶mïeyøò©g°Â}ò£êÔu¨W£ú0÷0U#0€0s½p(‚ÒoÏÒ7íÍë#‘Ûï0Uf¤²$ãß´t±ÄëÁìR­çIé0Uÿð0U 00  `†He00‹Uƒ0€0~ | z¤x0v1 0 UUS10U Test Certificates 201110U distributionPoint1 CA1&0$UCRLx of distributionPoint1 CA0  *†H†÷  ‚j ‚b“*¸{>š3hÔ ôáX{³¶íiL0%aúy²Œ€ŽîUHýì¾Ñ<žÐ-h–_èIÆÚOÃAÊYQlµ¼~¸€Ëß:Z+™Ó¯£…ýHãDqüwìâ#‹§yŽÑFÙŽyp2Ám\¨p˜uÞ’Ê;ÊÓÀ­õìð"­¥{ЪfÌ!j³XìiÇGÓ‹ºØŽ Õj…OR€7Yx§in½•Ïç,¢5º•¨I%< §ã½§£7CoA ´¢lçëÆãy —ÑSß«$¨ qÙªLfí 1±¤´€˜µÀzÐãÒßE©^ÎaP_Ù3µn¡©Dcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvaliddistributionPointTest6EE.crt000066400000000000000000000017301453642760600317170ustar00rootroot000000000000000‚Ô0‚¼ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110U distributionPoint2 CA0 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Invalid distributionPoint EE Certificate Test60‚"0  *†H†÷ ‚0‚ ‚•àˆ#~Y­ÕÎγ—!vNå9ïÏpª B%?VZ·¯°û?-¯aE£ŽÑ†¶ $µ‘’­B£g×ÎÖ[ ,Þ,œ2HÁøxd‚þA¡)§±—’r¨ÿ{eÂçm~”}cÊSò)*Ãǜֲ»wyf>‘~W/Bëö.gÔZŠÈ`/ø¿•Ï7M¾pg¦íb¨݀íŸm?ˆ7ßØÉÊà.þ¡·ŽÓF(ä†1’)ə˕‘Ü7£ƒ:pZÐ͈Mâp0&Iß”µàù(£O¾f€2¹ýZ¾flÇBÿÍB-F_“Œ–®—££0 0U#0€DlîÛoëNIxþÍå ì»`k0U{/§WÚE78N‰–õ§Ù³l<’T0Uÿð0U 00  `†He005U.0,0* (¡&0$UCRL1 of distributionPoint2 CA0  *†H†÷  ‚MêDæ&ÐäÝ9b!ŠÂqäW·Á@0,ær®”¶ \«äÓ}6Ú¥,ñS( Ê¥‘$é`<5tÜñQ:°k†×3(gDÚØ«õ±ù7ÏpÕ“½-  ø@©wö›ÕˆÇ¨Šâ²¿àyÔñ.Bb¹¶ÛWf–ÏÂÔ>˜ÔûÓqRnwŠ;\Ø:õ˜D©M_ëTº“´f㋬ŸcBðøŠ€¶+Ïð}Í™ MBY1§¨õÆjio§ë¥-©Ñnq“ª÷ó ìŒÒkXwa±êÂæŒ úÚ>FL6ŽêAȼEE‰qò㙨ûý/nˆ–ˆÃ¦›éøÏ9&z¦Z^Kcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvaliddistributionPointTest8EE.crt000066400000000000000000000020041453642760600317140ustar00rootroot000000000000000‚0‚è 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110U distributionPoint2 CA0 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Invalid distributionPoint EE Certificate Test80‚"0  *†H†÷ ‚0‚ ‚¶ÓzNÂÁYƒ‹Ÿ¦ÄýÛc(ŠóÅ–ù„Àµ(§jPì)šÐ€W3þ)TõK¾ÍÑ+4‹r¶ße—7ƒŸ‚»õ`Ë_K-¸ÔÙØn-©x¡¸v%ïe‡>E¿©¡ú_ÜÏ»Ðm¨¤`¥*jG´?wû®Òi¥¦¢—E3?¢MDÅñI¢æ÷ K"Adfìö†û©¹zºo×þG‘ÓËiÚ¹…†¸=œÍg™î&! ÍFíж®n}«ÂóI$N¿8iëfªž¾pRµ9DÓVmOú®K›!Æ—'çA#¦ZçZã×óBƒcx)½õÅÙ-‡ïßh»^·ê8Yu’ÏÜÓW£Ï0Ì0U#0€DlîÛoëNIxþÍå ì»`k0U„#øx¨ùT¦:ìk½«®~ÅY0Uÿð0U 00  `†He00aUZ0X0V T R¤P0N1 0 UUS10U Test Certificates 201110U distributionPoint2 CA0  *†H†÷  ‚Q^åÆcL*,[QnðuýY.š5ŹºÌ‘FúŸÄXtÙA‰Z;Ô,az}vÍÈ[”y¢ÇЄ B°J I”u«=ÜÀ Øãx´ì<ÑKaAˆ«ùˆ%”€»šÁb ‰^¼¾ Z$õG­Ûýä½{–‹1 î®™n ô+™4n%7‰úÎÅn¿ˆ‹'Ѻrw—Å^K°ïF#â&0 Æt>*1Ñh£ÒÇÔÏTIt|ÙL×±5ºE›såáÏ ˆÿÿQº¬å”îR(ÒLæç—ÅWÎHS7 ¿.ÈŽõD'«­jKOeìÕÓú†Š5Õ¤5] ¡ˆÂcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvaliddistributionPointTest9EE.crt000066400000000000000000000016371453642760600317300ustar00rootroot000000000000000‚›0‚ƒ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110U distributionPoint2 CA0 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Invalid distributionPoint EE Certificate Test90‚"0  *†H†÷ ‚0‚ ‚Ë+)<Nž=ÛA6}"BÃ>7þÛfíŽ*€´’û¥¶¹\rS§e‰!̳RTã¾ÓÆ ™›\DUC®Ì<æuEnbàù¶Ð‚_ùe`˜U îÝîË–âK=ßLÖË©üˆõâ«Æ&½z=!S[Ý'‚µ/EÁH:di÷¼nø»“fk–pù4ÉûRƒ‹³ÄJL'ÒE–»·bCø#M³ú‰e—…{PÒUɲs‚ÝJvDãè¡ÉgpÌñ©üN)‡Qº”i—ÖIò ¨i /A[ÝžÜ3ð;0U@×n¦‚#ÙÞsäÜ`U^«¦6Œ&U¿>+é Ð éåõ¤í£k0i0U#0€DlîÛoëNIxþÍå ì»`k0U„ª^#½0à-T.èõÈ‹ô 0Uÿð0U 00  `†He00  *†H†÷  ‚*Éx …jN¸ xKÆ.!z†gÆê!\¯ƒýq X²ôšÞ˜Ú³®ëK…l bÃ0uÛ ?Aݘ8ˆPÆÚ¥zãbçã¹T+ ø¤øݦy;ÃQ¡;ØÐö«Ëá–ç_í)iñR¹jëîÍ„îçÉ¿:-t‰Â#ùJÝž¯Î'Oã°Ê®±$M¢X›e„"XvÐ4þ•žK‹^`ì•<4es†@ú‰Xã;ËŠmå-K²< '|*Û-¸8”ȇUËS â•^´„å˸‘–!Êß~sôÏqˆÏ=ÔÿÔâ2ýðRཙyÖ,é„!kØs 2Mcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidinhibitAnyPolicyTest1EE.crt000066400000000000000000000016271453642760600314440ustar00rootroot000000000000000‚“0‚{ 0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UinhibitAnyPolicy0 CA0 100101083000Z 301231083000Z0f1 0 UUS10U Test Certificates 20111604U-Invalid inhibitAnyPolicy EE Certificate Test10‚"0  *†H†÷ ‚0‚ ‚°ÕµÁ;b|ÕàKþÿèäÁöt›H¤°Øâ‰ÚÌó'аQ¾µf«É0êÒU.gÃ9*år¨ ‚æèSkŸ3þ ƹ-àŽÈñ^Æ"åÌU#’Ð㮇¥$4ß¿óÊ¿º™]%­÷¦¥D\Ûµù ð*c6ÚÀ¢_2°ŽÈ¶Ù9už§•L :É‚ü÷¿÷:ëžßŸÜžQ,ªûÉÑÿ5×ø–΋ØÙk2ü‘oºQçïK»út%u–˜úÚëõ&-&¯ c³w•úó›nkœäY[ “>?1Ûnîyú`ž±ÖâAù"¶!×ïc‘.*èŽòòÛ£e0c0U#0€  zjÿj…‚$ÍÃ&…ø¿Š70U¤³g®á(H>˜(öR8ý—0Uÿð0U  00U 0  *†H†÷  ‚D`÷’í“NèÓ^U©÷N:ôs‰—ï9ør ¸V©ûðεAWŽ&×Øg‚£Qt}Í¡Üðä!9•¶¡`€hL‹Ñ 8Šm&äµV¨e¢bÔá2OO~.êm±•DTÂgš)þ §/x÷1úÇ”…,PtT%”‚ÌR€ˆ#G—X'wÅ„æ{ß% l/õÇD`Œ}òÑADó‘B~G €:¦µ·d7ÛÇQwé˜ó`ÓùCà «Ö ÛÉ@µ3LçÅ;dóGDôV¦ñ­ÜP9aãM8F#„‘óò¾n±ôÃñ×ûzärz ¿€÷^þø©„á°%©@ æžýMkó4certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidinhibitAnyPolicyTest4EE.crt000066400000000000000000000016331453642760600314440ustar00rootroot000000000000000‚—0‚ 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA10 100101083000Z 301231083000Z0f1 0 UUS10U Test Certificates 20111604U-Invalid inhibitAnyPolicy EE Certificate Test40‚"0  *†H†÷ ‚0‚ ‚£³ok¬EªÌ„lL0+H—½+_I!É©y^ÆZÕÀY²ÅûŸ`TcSÞ{[»î~c×yc£¥¤5˜eß5FéèbÍtP×Ò ãl± ®¢¬_Ó¥þ àÜö†žÁǨ“ä>™Ù€,Lô¨Ý,O^=S0Þl×n±^ HíS‹:gxx TOL:j®\äõ§4èeä²ÅúúÇ…ŠrY T¸¢ð$ç%¯H7ûªÁæŸµËЂŠ—Vž-îšv_r.æ-Ê)mM0n†xÜ£³öuþÆYçlk°`­ê% g¨¾(¨*ð„Óÿ4TH<—7y¸öVB_ɇÕF£e0c0U#0€t ÕXÙ+SÒ+°Í]qÆ¡¿C§È0U$Ç°õ8ƒ~OÓ ^8gB²0Uÿð0U  00U 0  *†H†÷  ‚x[&UVöw#ƒÓ¹¶[&Tø ²W¾§4ÙòŪ!¹þ×°LÁˆ|>ž.ÿ]0õ)uIœd8Ð /¼ò™fm™u²¯®YRèí™ü »^ÖF¹v.XµàKÝqƒâOùù€¸©©ˆ'o’r‰æê\?£ÂOF½ UôS vX¤·é­ªÂ,ƒ*GrðmÇ9vï uúŠc_t¾Ó&8¶Ü0æNRu–Þ·#™ZZ=†÷’*c ’=a0aç;bÜâ-×"tÐîX^j ¹|’§ÙµH`•é±®¼´ÌÌÚÕý<1º[#"±2í0ÄMgcÚׇ«zΤcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidinhibitAnyPolicyTest5EE.crt000066400000000000000000000016351453642760600314470ustar00rootroot000000000000000‚™0‚ 0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UinhibitAnyPolicy5 subsubCA0 100101083000Z 301231083000Z0f1 0 UUS10U Test Certificates 20111604U-Invalid inhibitAnyPolicy EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚×ÞEŒÜö*jëó_' Ö…š<6ÿL„Z2û†‡øîÿžqÙ,q yÜÉ+0Ý-p¨Ÿ€ª#®QD s²ŽF}©Üä#‘Çæê4E…J)V¸ª´Š!.xºówÒBÃ>sîÃb9¸LÏYVc¨'cz~™QÂE~®žà–M#3” ¯'¾ïbQCÁóÊÑÂY¸à,dóÞþÝ1_fyÝÚ6ó’´ßÉÛÏí¸C»ÌxáYgå&Ë|WéðõtÚwvž©Ò†”ìÝLÊKžsûë-ó¼}£ÿR ÌÇ;¢&þÞVÕ¹Ã÷_ð˜ vZŒ:´º\Ê ‹ØFlE»é»£e0c0U#0€1á?übn€eÍ©y+n‰ZèÃ0UíìÅÙ^+šNwPw~—:{o”0Uÿð0U  00U 0  *†H†÷  ‚.ûHÏä/&Œ:{̾‡ {àFä<œy“4ÎN©zħuC(%•yBmäOÕªAÍK¹«ÙÆ.d¬û`{Ô T6ÕÍþ® ¯|á×(ʳ¾Ç4¡P:•€LIûS‹Î³e¬T2b_+@Wk¥tà»3(Âs$"J„†¯Œå ²%uþ|m‚ÀÕ©‡ÅHŠ]¹gŠ]ÝW˜}ûá*¿öÂŽê5gÄ=l‡:âr÷五ÁR‘î.™>gÎùß2ÚJàh·¿ünÔ©*Ë]"ߣJ`Ï1ÍèÆ•¤Wät0Ø ŒYëX›\IHÙ†A•Šã p¡certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidinhibitAnyPolicyTest6EE.crt000066400000000000000000000016361453642760600314510ustar00rootroot000000000000000‚š0‚‚ 0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UinhibitAnyPolicy1 subCAIAP50 100101083000Z 301231083000Z0f1 0 UUS10U Test Certificates 20111604U-Invalid inhibitAnyPolicy EE Certificate Test60‚"0  *†H†÷ ‚0‚ ‚Ä%YI%»»QmÃêüÊøpN^RÓÞÙ1qí{ÒX›*b-ë*/_6œå³ÊMTü19ÆN¡Þ³UåÍÐämþU{©­òprñÓ襟̇¡RŠT.(Aþ‚n1­¼ôÍ*TXRÑp!Ì´|(üÍ*„{`ÛK¸ºúCdÐ8îBÉòtµ ’NÀ+Á:wKŽ ,á„NŠÕJÖï4ˆ§dYÕÓqð›y{´)~Æ3*^Ì{e¶©r`øŒµì™yЉ4º=üÉ–”·B͹×DAª™Tl!û_neÖãóúBÜË·Ž²«°hkÇHx"obéî±B©£e0c0U#0€‰Tt`³÷n aŽû¾R&0U—ð¿›T–Qѽ!íT…ÁDÌìL0Uÿð0U  00U 0  *†H†÷  ‚Q]~ÿÀ9Ư Ut:¥0|ö>Ýdéé0ôWæÉ^;4«]X&•V»eY&í¨Ah.Ö|ìtBvGÞB4Ek†?ãä]Ttò®Ýì@å¤?øyºð:›k¶‘7ûÕÆ8òļ(myáÓHØ™ŒÂÕ²¯(ÃÞzéšIfÇÓ 4uÓSßø}«IË R¿7Öv†¥åâ v÷ŒaÃ/Ú<¤Ú!°,˜‡×ÐJ GlÄã.1ÆJ´¯²õÌ–}é… èc½¼Jš«ôü\Ã\Y¤èméM°3 (?Feöµ YáÖ¼½îÜö¢¬r¦‡èŽO .„ëìÂÛ+‰Ócertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidinhibitPolicyMappingTest1EE.crt000066400000000000000000000016661453642760600323130ustar00rootroot000000000000000‚²0‚š 0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UinhibitPolicyMapping0 subCA0 100101083000Z 301231083000Z0j1 0 UUS10U Test Certificates 20111:08U1Invalid inhibitPolicyMapping EE Certificate Test10‚"0  *†H†÷ ‚0‚ ‚ÍІ‘³•¶â>E L¹ß«k®·­¬Ž°G¥y¾ÿ@ä€ÛŒý×èÆ/J|i÷ª £¨âêHX¬+QÿäŠ"êÒó;‡øÜaè‘g]ˆnÔkÏñ)áÿ¹ÝÿÍ8€ô,["yîˆÿ¨t‹M¯'ë”ö¡ïUÅ“’{,Š¬h ™ Ûy´´ýQñ’:ûåÄE^@f³ ßö kæßÜ™»ó4»m臎¯ »7¨hDIÖ†%v›äöØ‹øÆ•##KÝùŽŠKV@å›uÍWØy(&ñ[k’Øç˜y@8Í×LAQRMõk>B×ÃàäÑ ÃÌÃAx}k¯£y0w0U#0€ÿ´sbR\–:Z®¼¸,‡äÞšltLÎÏ’Î4P\çŒ4²üë' ”|bm€òÒƒvßÉff€#¿“ZTÃûMÊ3+9h¯acvÀ2ó8ƒàhüÚ 0›ÜšYGˆ,A»Ä9½B™#óP&ÿhÃ&þLyª½Ñ6áþ?HŠÙ(UûQB\l_ Äš±øàn>дLåéXðH•ÙG`´"=Â8φäX-"Ï&Y03UÛœ“²ÿ¶Õ´Ñ@XÉhÞ“ÁÄéàäL‘oWð97Ø΢Ÿ K¬XÒPúÃú‡ÁéMz‘zZÿvÒoBé¯?tF^iÈZ(&Ö‚h, YZÑcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidinhibitPolicyMappingTest3EE.crt000066400000000000000000000016571453642760600323150ustar00rootroot000000000000000‚«0‚“ 0  *†H†÷  0[1 0 UUS10U Test Certificates 20111+0)U"inhibitPolicyMapping1 P12 subsubCA0 100101083000Z 301231083000Z0j1 0 UUS10U Test Certificates 20111:08U1Invalid inhibitPolicyMapping EE Certificate Test30‚"0  *†H†÷ ‚0‚ ‚¿a AYA+²¸·ã§îtH¡q¤ ×”×¥Ÿ°[Òa÷¢ë÷»b.¯AžwU¨VîŒy|1š?â]£Šdÿ-`Ú·õ]Þ&9®_÷Ñnu“»ó¢1ñF.§\Ïrêx‚¹8àäc"hu8 C@•Ã©MWª,wã.7,d’ç:'¹ÉwR…Ö‰\æpæ#qÆF¨ ¢¥œèxQwXÔ‡à?läÎ<7:Ñðò —wïö©Ìû@Ré†@Õä×{—Â4œÛmqÓ  äüwpjxN9!Ñoâö«…HÜö•ÀšzĤ+á~Ù 7µ Ö¿oô…UèÉýg ‹Ä½:>Ý|FÇüÈ#–¿ÒcBÚ¹ÏW†ýv¹fÅXÅ? £UÓ+„¼L§O==Ÿ¼½ë\²øcjf¸Í°}ýÁ¸]+Dc™"]ƒ¯€ð}Ò±VYn¤_,Él3N>,Q‘T:•j”4³ú£2L becÐO±qZahÆåþ /0w}8‹aééïá§ê-ø‚rJžò"“ÒÞ`‰ßhÔ¾Í4‚(AQ|­¾a}˜9­Ç€ô‚¿Èm:ÉŸ\fZË~aúïþßd"ò»:š}Řê†NòÌcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidinhibitPolicyMappingTest5EE.crt000066400000000000000000000016561453642760600323160ustar00rootroot000000000000000‚ª0‚’ 0  *†H†÷  0Z1 0 UUS10U Test Certificates 20111*0(U!inhibitPolicyMapping5 subsubsubCA0 100101083000Z 301231083000Z0j1 0 UUS10U Test Certificates 20111:08U1Invalid inhibitPolicyMapping EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚´‹wéùwÙ=A½ $êÿê9®¦Ã_©Dv9[±º\¨ ž*(¨p¤šà]ü’Œ%ÂP r¤´YöÿèÙø™¹UeLCÓy¨I ií#»Êÿ«Ú¾Øç1ÌX®»Jˆ‡og ЉÖ‡â®zŠü£>bq9´öܤûþpÇTˆ~¾D>@ým±ÖãD¯9BüµmBQ âÖÞÒ¢ébÍ5ÝD Ñÿ4»‘BØ3È`)~+€ÙEÍÉð6ÖÃÇ°@„ÞൂÓ<9àÇ·9ªvôI¦°ƒÝWÉx;nžp: sç"Û Ù¹E‚°<âå3™ÿ½K]QÌ¡£k0i0U#0€®cË×âÃqãôÎnü5ô›ÒM>Ü0U •N-óE ›Á¼îéë[­QŸ0Uÿð0U 00  `†He00  *†H†÷  ‚.l×R°. áp@æ¯Cïx-¸ä:2üÊk]„‡î” @Éhµ"ª’â)…ÒA¿kø= l|€,>"€ÇHÀï ï6[ ¯y(i³½´¥ Æ#¤ú—²¶N­˜ØX]ÉI(ÈAUÍh3šFnÐ'D?°E| L¤S2ªõú¤U,k=Ñ,ZGA Îo´×)!¹‰yØíë<|ÜuÄä*üT*íåk­¼KŠ ¯ò³(ª#Ô&Å©ç\Ñà $}2ï—C³ÜS¯Â>ÐÀdJ>·JóôÁøn&A<0`ªÂçCWÔÔšê¡ÕGißÚy]B=gÓK2sþ¶certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidinhibitPolicyMappingTest6EE.crt000066400000000000000000000016631453642760600323150ustar00rootroot000000000000000‚¯0‚— 0  *†H†÷  0_1 0 UUS10U Test Certificates 20111/0-U&inhibitPolicyMapping1 P12 subsubCAIPM50 100101083000Z 301231083000Z0j1 0 UUS10U Test Certificates 20111:08U1Invalid inhibitPolicyMapping EE Certificate Test60‚"0  *†H†÷ ‚0‚ ‚Òô\OúA’Ëcø争6ê¶<òúy RxA÷`¾BÀüý ›‰éãRíºD›DbÖÁSßÀÞ®Y”oeÈøHìa! ½b¸Z¼ ¶ •ÀcDÞ[|â|ÜÑT²¾CjíͶ<ŠN AÐ}B?&3H:;Ø#zˆdÅêR°/«¾r0ѱîÂÝÂÐ8Í–dß9¢ób¸G'ÐgâÁG„‘Âø˜ß/[Ë¿€.èà¼^Z³ÉY('Ú1T—.ûÖ_›ƒž{ЛG~ÿ$×÷ÛÇ%Àr« SX)ØÃsëò(m;ÝH¿[ÐR6ð¦0§Ô+n7ŠxêÝ£k0i0U#0€‡5g𼡠6º¨)í›[p0U“œïv ¯¹-fR"xK±Gû±ª0Uÿð0U 00  `†He00  *†H†÷  ‚¥ Á1¯ÝÙ®e³’Ò7€UFÝ+` ãStNÏРùhM½‡‰ÒsvÐŽËï1ËÉôö­‘nPëcªiß—°;ø4„è—£7ÔçVó ÞÍ·6ïk@º@6*¦£öxïÚƒ^»•å »›_û³ÿÀÇÏÅmVD]-Ê“*k–ßËnÔi×°jøBÏ<)2ÅÜ3'Lø5äëÿÑ!- ž:ÁÜ»W€ûjŽ{]îWjOPyzÙ¯€+lq™©ý>½ÀP¿5’Ï°RAŸ0”Ùý.Ëÿ•ñØ!F§DîóÑQ-£X~â‹^0ÒYê'vÓŸ¾T铺!ÞˆL¡)certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt000066400000000000000000000016721453642760600336160ustar00rootroot000000000000000‚¶0‚ž 0  *†H†÷  0[1 0 UUS10U Test Certificates 20111+0)U"keyUsage Critical cRLSign False CA0 100101083000Z 301231083000Z0u1 0 UUS10U Test Certificates 20111E0CUÔ˜áT¤ÈaÇìÇÓRöPŠZ°Û"0Uÿð0U 00  `†He00  *†H†÷  ‚b†Gä(á'è¢I‰{Ò"¬°ë™N8»ë—ñ_±xÏدwÝKçvtüÌÁ> í®Äƒ> ¸ÒáºÿÈzb)ß–"Úòû&k_Ü4ÔÈ™¤ÂÉ»]£ìüØõÏóêi®»eØQNÙ@MWä¯å´É!¯—¨·¦Ò ‡/y$Yq@W%”Eäñwæ{s DÓ†UÞ ·•¾©[$$i[ݱXxt5’q[Ì.Py©¯´‹Vsœ^«·r= #PMQ÷ òˆj«ÀÚ_¥Æ’$/eœµß‚ý8¯Ï#ûtÅ“«dg ý)£k0i0U#0€4U gü±ÜÂr ðcéÔ›ðcù0U„$âº×Wò®Õœµ(*d0Uÿð0U 00  `†He00  *†H†÷  ‚™£­c´T椽 æª,ôª¥’ 3X¶5*~2riß2h¯d§Èð“) H­€¸¢Ÿ ³¢Å+éÒæÀ¹ ®PyW›æ5UJ¨Œ?¯7dˆÛõ·Ñu"LÛþóµÓÍõzì¼x¹8r·GwG©ET9‹D´üž6•½$õ´G¡ãæŸZ œ˜Y@XÜÎ6Êú=\| 0Ü“=4¶¸LH$bÕºuŠÒI:ǟˆ!øEÕÀ“à'÷Å唧á¬;—yâ/q‘„3t¯†¼Ñœ¸l$¸Ú/ªš»üÆ”ýÔinoE#ðWsÉ}–ï¾¹®m9•?и`)MŸŠ" InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt000066400000000000000000000017021453642760600342130ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚¾0‚¦ 0  *†H†÷  0_1 0 UUS10U Test Certificates 20111/0-U&keyUsage Not Critical cRLSign False CA0 100101083000Z 301231083000Z0y1 0 UUS10U Test Certificates 20111I0GU@Invalid keyUsage Not Critical cRLSign False EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚¾¤cÙÎð+ÉØøÀaÞ¯Þ— ¼øʸ‹‰ŽLIsZééÿü§¿Q­Z<,‘ˆj'Á÷<­–ÿ™Ô~ªSL˜Ùƒ(Û¦—÷z‘¬’/½¿Õ‰í2»­Ï­¢È4… Îy2˜+·ƒŸ…Wlh° tp«-FïpNAm¬±èØŒÌb뿱–Oüﺻ‘±¨O·eh8JÐêÕL¯ ¿Ç„HÜkŽ?²»íó/Ý#x£áŸ’G§ '`NX­û§ÈyD •[X²ñ\rQô°%˜Ä9ù+¥ÑeŸ¸8ø(æm+¯º†T)>ãÓÁÚ¯.À€ o£k0i0U#0€ù~R yfDeyÝæCñØ0UÿÎ2²{óVßvò S°6³f·Ú0Uÿð0U 00  `†He00  *†H†÷  ‚‹èÙ·|-zeØxF˜\k‘:£(ù–¦™õ!þÂ/,³’~:+öò¶aZ˜.y÷ÉÏJ½Á .i¿!·Ò5eÈ~ÅÓÄj­¤3u¾ÿ¾ê ‹dÇÄ8,UÞ»Vk þèùÜù€¡bÅzV@KG‰hò“¾­?éK„D6[v†vN„Ýv3€ 2±ÆÍàbâó sգ،žó›Bñ‹ÁM´šc-çå¬GÁÙ¾%æ:|¡ŠFÿ¥¶¹°¸E›ééVhg‡Œhb#nÏhèì„ì±.GÙbÂ[̬w‹«uþ{u £eÞ"g;×hwÑ+^²õÏd_©×yC¹¬¬“InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt000066400000000000000000000017031453642760600351370ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚¿0‚§ 0  *†H†÷  0c1 0 UUS10U Test Certificates 20111301U*keyUsage Not Critical keyCertSign False CA0 100101083000Z 301231083000Z0v1 0 UUS10U Test Certificates 20111F0DU=Invalid keyUsage Not Critical keyCertSign False EE Cert Test20‚"0  *†H†÷ ‚0‚ ‚œð3mmOXi¼G…ªG$q:ñT¿Á!=áÆܳâÛ$ºÝô§P˜l*Ãô¢2Ÿ¯ì©T1F/Í°ƒÍÚVL?Žð«ÇÚ‹‰6©c PáŠ.ñ8âº}2ûrýv#%¦ÇëÇfRt3¾Y·‡¡Hè½ß³íE:Lx¬ý²ˆò‚ >”ŽƒoV@ ò,0ö4’ÿk^–¨­Øû¤¹ÖEÓ® ×¹Hu^º§1ŠÁœeþþn¸vš£,C^¢Ì²’µ®[û0GGˆB^}xËƧµ¤¹ÐõwÖe2+Ù™üüzW@ËÒ‹d]HCŸÑŸ¥£k0i0U#0€²%Ò(0ÐUhnLµÂHóÊ›ò@E0Uó²NÕÉ\¹Wd ¶åÿï­Š·d0Uÿð0U 00  `†He00  *†H†÷  ‚xxYµŽA çvÍ %Î¥­•ˆðìXÝ>¶º¿1£/Ñ%n!fQ‚HCY+“}óbë0´p…ÎøÈ”à=¤üýyÇôTb‚–e{)|ýc1ôG„c:Rð^è²Ù‡Éóx¸±vwߧÉj~(yB0lÐĸ>Õî» ôR½Å]ü—BB«7‹(ˆ|;Øh «ëm— — 3xÁ§?•–Dªh»Ë*×ÛØtûG©êÖ¦8.­FþÆσ†´ò–²Ùt×÷ócªëHWÑ:‚³Ë‚_™xêùØÁàÎ8ý×_,qæ}]p˜ÄÙ‘\ó[ý ¸*â®óÙ ܘM/ì¢certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidonlyContainsAttributeCertsTest14EE.crt000066400000000000000000000016611453642760600336150ustar00rootroot000000000000000‚­0‚• 0  *†H†÷  0V1 0 UUS10U Test Certificates 20111&0$UonlyContainsAttributeCerts CA0 100101083000Z 301231083000Z0q1 0 UUS10U Test Certificates 20111A0?U8Invalid onlyContainsAttirubteCerts EE Certificate Test140‚"0  *†H†÷ ‚0‚ ‚®¤o™@Vµøw¼¢ Ò&P¦¼n¥~'ðˆ#—#™7Ë® c3±”þ4…ãqË™Hò$§ÓbF¨&l«ÍZ‹N9Š¦Q(Kž‚ü­c}8•JÁ¤rÞ)ö‘…Š<è‘_ ‘çÏà‚1nÙn•Wþ®I­(Ñ!¬4kŒu3a6Czv˜eü’»O[ D—ë7¡€6(ý¾y„©Vk^×ÙÅ­áYÅ~Ç¢v˜@–2´(™2Æz/ –Ð1 V"ÐèGÿEÐtâ/~v=‹êá£'xÊ¢9hgË91{oã¨wO:M%qå“…O£k0i0U#0€Mþö-¼µPMß™zm3pN0UÿÑA4 A¾¥Nå$‡Ö¹¯Ã¾Íë0Uÿð0U 00  `†He00  *†H†÷  ‚Ž>J˜²È²A]Ž‰uË4þ¡á`"£Pk°HÍ1Wë¢ÿ]Qã_jM™CyQ$RqzÃ1ÚغïìP¹ÆqnxéÄ«ŠvÒ"rÞ䑘ð†äÎàgëY‰ }ðÔ<ÇŽ[G Sˆ~ÍÙ"íž@-'Q…1]pˆù·¯kñƒ6cðÃu×F‚ÜNÎp'\îhQ/ >Ø^³×¿iÝ?-cÙ—œCSóµÒå[uËÜ!qõ2Oa5¿.6L†ùãà4nþWC\åؤ)Ÿ°„Ö‚*fš@`;V÷BF®üÐýs)1l¥ V£†j4噶¸í«CT(Ë;V¤½wšö1i7CñTcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidonlyContainsCACertsTest12EE.crt000066400000000000000000000016431453642760600321330ustar00rootroot000000000000000‚Ÿ0‚‡ 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UonlyContainsCACerts CA0 100101083000Z 301231083000Z0j1 0 UUS10U Test Certificates 20111:08U1Invalid onlyContainsCACerts EE Certificate Test120‚"0  *†H†÷ ‚0‚ ‚Ïþ Ó3hÍFYêà䮡;ïr¥j„퉩ûÙp$?îÛR¾ë»¬$ayœ_ñ2hßÜ݃4b^˜É Hº¼w¯ì”íLék× b„Ûj«\.f=‹šTªFVjp÷6ÂÇ%. ›OŒü›úµ=Ås»ú‹LSv½ ø›»¦vD†̯h«0L•#[FJùÐ%gñâí¸·#e‰Ä¦‰£ õ«Ç˜>¬nŸc)ÐU/jѺê—Ìs*ïG_N_“ÓMOâÔÙÅ£±ôøUyé’ý½9³É[†‡üØ0%@]ü‚ HÇŒ52¬µÀ`xž70HQ ³¬ì¸ÚZÎäöeñÚJ_2ôšjÖ Fã1Öiº¡º:$«+ïà٤ؘÜ#±Îë‘*°ÜãêµÃdy9g·É®áçZ±Š/«Lîèqt$¶1ªü3£+×—­û(“òÕ»?Fcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidonlySomeReasonsTest16EE.crt000066400000000000000000000016341453642760600314120ustar00rootroot000000000000000‚˜0‚€ 0  *†H†÷  0L1 0 UUS10U Test Certificates 201110UonlySomeReasons CA10 100101083000Z 301231083000Z0f1 0 UUS10U Test Certificates 20111604U-Invalid onlySomeReasons EE Certificate Test160‚"0  *†H†÷ ‚0‚ ‚ªð¨¯†´¹˜±N–·Š‘“Š=/°lÛ8 ÖÌW\sÆôrWê‰.?²ü‡‡EkÈpV˜t] [‘²è8äÎ`¤ã ÛýG´HŒŽVÆ¿×t0nÌ,óºj)½JZ Î Q~r,À O–f? M>X½¡lÀÂ9ÇìÂ-¬HÁà•Š³¸&ü¯‰ò6䟑µ²TžGÍMhôIÒ”E” S ¹¹®Á×ÙÎb t'LaQ¸Tpiecù}¬Þn5:ñ1ÓÕί†æ#Å«ûw¯½±¹bˆ›?lJÆFŒÝ2/¢ŒÂð0\_k‰œ€#ν ¼ú®D5†wï×ôwk£k0i0U#0€PhÑ A'‡ç N·xVûŽîq0U©™#bÒçûpA–ÀOM‡Pžcd0Uÿð0U 00  `†He00  *†H†÷  ‚q ŸÑL<þ&Q°©§k6•š¡‚+e%÷ÉU ±hÿR–°ÿpœÛßcINŒ=þ We £f‚j"ú/\1ù®=ð«Ãìbˆ<ÒÂ_ hR®†Õø'ê\È䢹4·8šS%õçKÿî¼P÷<‚û“ËéÆfQvLÜtº¿_CFÄs¨‰ÑÌRòTC§^!=ßKÓ>H{Ø8M@I›0ààB<‹o!àÎNgO”“¼>xHG‡Ì‡ :{íS1¸s`,'‘«iÒ|°Z"qU&¾X3ÿÜ£")C%N°‚‰¤ˆ°tt† ®î¦@¶PÅP“certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidonlySomeReasonsTest17EE.crt000066400000000000000000000016341453642760600314130ustar00rootroot000000000000000‚˜0‚€ 0  *†H†÷  0L1 0 UUS10U Test Certificates 201110UonlySomeReasons CA20 100101083000Z 301231083000Z0f1 0 UUS10U Test Certificates 20111604U-Invalid onlySomeReasons EE Certificate Test170‚"0  *†H†÷ ‚0‚ ‚Élr´×#Ýå>=eÚc%Ž•Eƒn´CîÄÊ! ËK[³-Z&QöƒáŽœö»ý8bŠ2¿’€È£ý ‰=‹øŒ F ükp\¾ƒßpÈ® ûÎñ¦!~µ¡ –·iž€C/ú&“ ìV;ÂÖ6„SXžÌZ[5g.½`IFÚ´Õì¬x9ÛgdbšËdîgcT¸Y«CuM•2 6É,`Ü\| ÷E²ü}'g¾Ù9iÖUÞw ªûöÒÿ‡Iúh¿> ¢Q˜®¼« 9ÿ’­—SO£éŽïV#L SîyÜ¿Ýï‰)î¿d\Ää ‘ž‡%‡–:o—£k0i0U#0€`cßÒ#¤)ÖA¤¬Ê†y˜¦eH®0UsGíëûGêÔü©uÇÛŠc0Uÿð0U 00  `†He00  *†H†÷  ‚ÚS³JhÚ-c1 lsqýÆè ¦šöu±P'Ç‹GçÞ•JÙŽkIÓôã3y–€«cè ¼þ!¸«èj—oL´ðT(ñ\¢-ã×Ø$ü»²„®û`ÈP¸È}ñ)OµK?G4÷ÜÇ`­v%Z0ZpâM RYòò¡ó`ojT•ØWe€žÿ~3>_>;#zÏ—²g‘Õ!ÔµhQÜG¢^ÓÅ‹ëq>š”Ã-¹ 7?ä"e^þâL„/ß;6ÕÞ¿êò{ ‡ÔœÊØ5Ÿ¥”YIŽjK÷ºKéxø"÷ý8â…#iuæÎä0M66'—?sÁýPcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidonlySomeReasonsTest20EE.crt000066400000000000000000000022011453642760600313740ustar00rootroot000000000000000‚}0‚e 0  *†H†÷  0L1 0 UUS10U Test Certificates 201110U onlySomeReasons CA40 100101083000Z 301231083000Z0f1 0 UUS10U Test Certificates 20111604U-Invalid onlySomeReasons EE Certificate Test200‚"0  *†H†÷ ‚0‚ ‚âDËDÙNº2p Y®C›¡3 ÛãÍ·äÇ„=-Ε"ñÍHa¬œû33)nm+NùZˆW†ÿ¬Ù*‰Ú¬y‡Ã œ×ˆd™SÕ…OO,gü?ÍDê±òmŸR¶KžX“ ×UÛëIQ2x:n°\¦“_Â¥n’ºÀjêìz–ŒÄÎ!\á0~µöÏ‚>ŸÏ"œÛO7§bR kƒÆ¶   u=ðû¸6QÒA˜ ¡)4q伃„›`¿tI1ï¢VØÇÖ)âíQ¤Uô¨B´’‚VÆ\M0· IÃë™ð5GLëq=+ºÈåOÔ@ùÈœôƒA­LíäÎFÞx*GZïÈè0ß ë°¸²D[ЈCf¨certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidonlySomeReasonsTest21EE.crt000066400000000000000000000022011453642760600313750ustar00rootroot000000000000000‚}0‚e 0  *†H†÷  0L1 0 UUS10U Test Certificates 201110U onlySomeReasons CA40 100101083000Z 301231083000Z0f1 0 UUS10U Test Certificates 20111604U-Invalid onlySomeReasons EE Certificate Test210‚"0  *†H†÷ ‚0‚ ‚è­/óΛ&Ï´†@,sb žì÷iLšì«Â˧ªû8ùáU«8$_Mô4ÛpWÁ§_r~Ù¾ü&_§ Ë˲†X¢²óááo{à¡s:’é‘â8˜©_Z¹7¼˜¨ÐfïCèCO¨V‰K‚ è .Ñg<±Ï½Ð.=a`šÅö %¢}ÑRh`Æ(Û¤öÕ2®Š—qÆ —  o¥€»:8žqËØ.êà1'^)}›òÆÌñC`Ìs7ÓB©…iÑbpœÍÉÑo™ |`ôUáéÿ€²©CÏ3•¢)tiuån[j‘,‘;³dž´F)£‚N0‚J0U#0€¾fÜ ;öÓˆ4‘S& hnÉ0U'7eïéÜö‘Á=ëš©züiº%0Uÿð0U 00  `†He00ÞUÖ0Ó0g a _¤]0[1 0 UUS10U Test Certificates 201110U onlySomeReasons CA41 0 UCRL1`0h a _¤]0[1 0 UUS10U Test Certificates 201110U onlySomeReasons CA41 0 UCRL2Ÿ€0  *†H†÷  ‚-ž³ÿ„«çÜŒ $ãg8þ¿ +EY–>u½cf죞\S#jeuœÎ1!üxG1êïRªO r6ô½æ*Ì€ï’_Q†(¨µ÷¸k!*Fu@ˆp¼toýŽÇ-tÁÉ R¥CA|FÏë“èyvö§UuÕ6<Ç ?J|èoUÓ‰”¡® wJ«|˜¿ÿ|þšÌ ~™à…“ç ñ¥¡éš T5Ë^ {­ 0-³P ŠYƒW·-MÏŽŸó=ÑÀ( ôié2ácertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidpathLenConstraintTest10EE.crt000066400000000000000000000016711453642760600317050ustar00rootroot000000000000000‚µ0‚ 0  *†H†÷  0V1 0 UUS10U Test Certificates 20111&0$UpathLenConstraint6 subsubCA000 100101083000Z 301231083000Z0h1 0 UUS10U Test Certificates 20111806U/Invalid pathLenConstraint EE Certificate Test100‚"0  *†H†÷ ‚0‚ ‚—ªò_Ñ&íËV"†{<| Éå”Ðú)JÄ9·ßØÄOœÞƒsÃ$ׇIäÓšÜÀ°ªK%Æn¢YgáÞ» O³[(ùG¢Á´û+a¸'g¿÷Ç|EVô”¸Mëß]‰fø÷¼ÐÕD5*rààbRç6\È–’Ó•þÉܼøÙ8xg-"]Xd¯¿Šÿê¦Ðø˲°¡ù<X4×:k'”¯jŒ\ös·(fõ»Óg öÓy3õszñ.e1cArv]ÿϾ! oÁürä´#˜(eš…Ö#ˆƒ.<23¥è ! ¯ÞÓtbÑ$œuÎäÖVZ£|0z0U#0€º¹âˆ÷ÔY%Šã)ßO 8Ýqt‚0UØÄ“û@æô&|#Я®zÓ0U 00  `†He00Uÿ0ÿ0Uÿö0  *†H†÷  ‚õ« bÇqI|…P¤$:dŠ9+YÝú¨c,ož)ßì¶Ê®éÿJQG|6Û!ÎCjV8‘ée‘iAÍñ·HcÜ9[à‡« \Õ¶ÁZNæþÒ³‰GÜÅÓî£ÐœKµœ´à Mö8u K4æ¥c¼üÈ$8uÞªºñ©bg”•F…²­%$í—mÇÚÃ0ö"¿k)þ êV磆+`Oü¾_ÈlN00#µMïø5/#ÛñYF»¦‡ɽO;?ø©ŸRhúq™ó!„S)}s Kž»w¢mÿ%Öv­Ï†0U´´µs>Ó†ÆÏåíãåÀ­ÛaêKÑS+’öÁpuT–3{i}-y9÷GHº™1)¾£ÅPRQF³q`ŽQÛ¾ô¡\œå±F‡÷ Íê-ÜNšßŒ+9Éx, YùCËmÁNfœE­­¥„G˜ÌU $ëÓ}oÞ`¥;¿3çÉÎؽÁT`ì{0P˜üCHåÀÖΨ0?t¬\¿g=#W·R“OkbšÉx ßH3˜î„73V|†tƒ¤Íôê¼+éaGÄë£k0i0U#0€ƒÚ¸µÆÈ‹|‹?ír%â¯ê0U9Wùmû·Y£:/±t8Û¹§0Uÿð0U 00  `†He00  *†H†÷  ‚¤GUçÔk„HŽ}Uéˆ&9šæŒ»V½R³~°øÆ;:¢yÍÖ#“äýÀÖrßÅ“õþ‹½ù[<Ø×R¸*²ÜÔ5d~´òDòÇ E™®`ÒžNQ@ï¡ü£æ 2æ/ßíåðka¢rVêj –>¾k?å‰8‚.¹J“Œ9â7Å—ê»Gá}dËɱÆæÌGör„‹°ÍÕ»·0YYüÌÏm„œ@l¤ŒpŽ±õv%RJ,t2½”TˆëÉ‹‹˜¿k8e-½ˆû r)"\®¾)Óé HWZü}Mº÷à'^sMð ÏëèO'J°)Z¦æ¢Dñ¾¬ÂXQ¢`hcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidpathLenConstraintTest12EE.crt000066400000000000000000000016751453642760600317130ustar00rootroot000000000000000‚¹0‚¡ 0  *†H†÷  0Z1 0 UUS10U Test Certificates 20111*0(U!pathLenConstraint6 subsubsubCA11X0 100101083000Z 301231083000Z0h1 0 UUS10U Test Certificates 20111806U/Invalid pathLenConstraint EE Certificate Test120‚"0  *†H†÷ ‚0‚ ‚™Ym³sx¸soîQŽO‹h_­°ûÝÖëâEϪ!Ñéî¦M8ÕtL*ö*ße+Ó´ÍHµ!®²þŠ(*èV ŸͳÄD¡v£/zXxᵨUÁéC#Ê:å…F<®b„Åy¤(®d†ë(Nô˜-²gÎ $£-)nò+à2( Ô$þn幬٠n|s2y/¨—M/ç*&v.ûàA~Ù5=@u¿Ùaúqè€s Ëô…× ‚A‡Ê}I%RÜÜ© ¨8%F)ÜfŽ‚hêË'æ¥Ê¥ñf%mJp8rã`}·y*ÿ$W¥¯ò¨'ά™›£|0z0U#0€ƒÚ¸µÆÈ‹|‹?ír%â¯ê0Uö<= #ÀdŒ>3¦C ¬`»³0U 00  `†He00Uÿ0ÿ0Uÿö0  *†H†÷  ‚’E"k&ñ—´ÅMS/^ÑWc÷º0Ž }˱*w\}ô4(¬J¢­GÞ;\9™…ê˜Jd“>®«½lŠRÇÌpŸˆ\”¨…B&{q¶Š){…;0Þëú:C–º*);1ÿÐJÎL³G>? ñì Â,`õ:žÉBâk¦ u5¬2qcŠƒDE¤çïg¿Œ^ˆ¤«Õ.ƒÛE¦)Ö¼\嵬ýbœK-æ«Ë¬ü¯/ŽE®·Œ#‰ßži¬1 »Mr¦—GkÞ´85ihE)Øfpà"®À¸ÂË’å]!LæÈeÝÔâŠÕM¤`™÷Z…Éœt"Ù?ˆ·¿°Øj7‡*CL$‘™Qâdð O¢"{2ƒVÁ.â¦YÙã|»/Y¸¨pNƒh·vw`»,Ú†h’{(8skF ¬UÏ<Ä6³”艸!ˆ”Sážïí`Ù­9¢‚4¾B“£k0i0U#0€bg}Ò7ÅrÐ޵ʣs^0U§#ÁzÄ=¥ƒðª )ëâjãÏt€0Uÿð0U 00  `†He00  *†H†÷  ‚çÉ8)U]…i¤Èâ‘`eBÜ©Ã#s¬7dI¾{Åœñ^·'ìßôÀb‹bïÃSiK¬~ºÕµà ‡(\䇙<ÚÆ8½bt(ô1îCÖj@õÚ}ÈçÉ;¶-7¾Ñ«4F=ÖJÂæ¢n΃xcñâ¡V€ýaB΀þF®Ö©¦àQUc£ ËS4¦á§j+Üt¤l`À\.c¹Ž + '-J[ A6šBîº!ÒÐbïK úLþ_Œé̓–Cò7*óñŒ*ZSÕC¨—ðì¨q l̪~-fø5g‰¦#¹½ ·hà­ÞÂÈZ=R°ÞßÛÐ(!certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidpathLenConstraintTest6EE.crt000066400000000000000000000016631453642760600316330ustar00rootroot000000000000000‚¯0‚— 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UpathLenConstraint0 subCA0 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Invalid pathLenConstraint EE Certificate Test60‚"0  *†H†÷ ‚0‚ ‚Æ Þ›¹5Žk¾–•S 7/ M’³M=ì)v¦Óû‘™q¯'‡šO´(8‹ µ^ÙÝ·qPÁ]Ä·Ÿddí­ åÚ3Yí.ì>ò=œAN¤î’ÖÒ‘=5vþ|@×z@¨þchÉ+ÀŸo2‰ñØú²#¾áNÓü„|Žã&i KLë`þÄÓµm‡ˆÀ¯-³ß\à_ÍH‰ KÈ鄆Ë^Ƀ×–áꌗPÒErcʸò·g™ïóÉ©Øs0Ò¨Ê 2Fˆ3ˆƒåµ\¦tvi% Ÿ\­þQÆ7 \ã4$‡ v êÖƒæ¯àMü3 Å Nm Wò££|0z0U#0€bg}Ò7ÅrÐ޵ʣs^0Uý‰éN¡¿„¿¤ÔBæ¬Ã¼'0U 00  `†He00Uÿ0ÿ0Uÿö0  *†H†÷  ‚ˆ„k¾ œ)ÏV51gM¤±:aPKxÍ ‚Á-x-·º[yÉJ•öñ‚ÌZC+-†vçWêGºÆÕmaÕýAˆ¡Àð𨠷¡ ºõ» 2a’i½¿Qãr•hˆ;€·«b¸XÍ|M8WUåÝuL|VÌóªC¡‡…4>àq‡Â«mÏDÜ‘µÆZD4¸û£ƒÿÄ*¹ RJŸd™ãnø²Ô åGž&’âöøòM–J€‰ÊØ!8ΔY”íG«Ý…î´\fî]qÏïd‹[‰Ð]ÈßM¿kÞ'BlÅÚ`ÕY?*DwA¶kË8ïé ¡¹•åO§¿†e¿bƒ±î(certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidpathLenConstraintTest9EE.crt000066400000000000000000000016471453642760600316400ustar00rootroot000000000000000‚£0‚‹ 0  *†H†÷  0V1 0 UUS10U Test Certificates 20111&0$UpathLenConstraint6 subsubCA000 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Invalid pathLenConstraint EE Certificate Test90‚"0  *†H†÷ ‚0‚ ‚ÒÆoš×=ÑÕªÞwɯ\0Ë0`Q'¾Æ¿Z½ÓšA„öZŠ«, F°Åç‚G[®/Wø»w 4N\¤4q®ŽJMÅ3þ´´ãÍ"Pæ±s#|*b(½ðÀ¦ß£/Ë“a<`Ž¹ 煮¬¼«UàS­û9EeXœTB‰¾¿n¯À@€<©ó¥1³º4ºh&ÐÝJNb…3*ö™ú(>t,ÞðêçÅíßK£kž{ËX¤ôÍð"7«`Öj#yÔ”îV·›IÎïæ<=­ ê&¿FfXõZ ·kO³lxâ-…P™u\ÉûìºÐÍq®Ç5X ¨ä¦L©èåœàyTìÕóEk½£k0i0U#0€º¹âˆ÷ÔY%Šã)ßO 8Ýqt‚0Uy#Æ" õÿ„H8Ÿúb‰Û„"ùR0Uÿð0U 00  `†He00  *†H†÷  ‚PÔ­Ì}®­h+¶’*UN8`'ùDÀ%º,þéø>bD–l™zWŒ7aÁƒ—%qóP\Þ¼’.ïåAö›ž­pµbZ"ûâ$ª¿ ?*mKÐv‘ÖÞod_÷GäÜË·ÕZȶħ¥?‡DYcÊ$gùcÐ5âmÛÔ³Êïúu‘ôõɽÿq;f–!»Ã7±ç&+œsÒ*Ù¯,.Ÿl–B)³˜>–2h€r„˜ÝœZ /»ZmåÐàa»,‘¡—®3 ä þ *‚lDÝB›½4Õ£>F)˜¹ñEñh§Ú%7ɃÏz--a¶FÕ€:¸T'a=|certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/Invalidpre2000CRLnextUpdateTest12EE.crt000066400000000000000000000016511453642760600317400ustar00rootroot000000000000000‚¥0‚ 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 Upre2000 CRL nextUpdate CA0 100101083000Z 301231083000Z0m1 0 UUS10U Test Certificates 20111=0;U4Invalid pre2000 CRL nextUpdate EE Certificate Test120‚"0  *†H†÷ ‚0‚ ‚É‚ gN'7ïýÄ eŒ=pälD*0ò[x—gKÔÅO§[Ƕʪá>ÈÏH•.íÆø×&àh⤬ÖÒ)Dõ6§ÃÀPRÑ_¹iapŒÂ?r‡îôHɪ”Ò7¤]Àº_`ÔÓ'SþtW-0x,ãŒg©ÁN—Ô|Sw…ã&E£Ñu§âà33 oEh€¢œï9ž% ¡¯?aN ðisŠ—$Nj|ÿ“ +QË€I_>à«XSle‰nxÎA)ëoBÄ 2pùKo×Ùg¸ºp·Ó‚Ð8oèhÀiN7«‹Zc‡èðC{Mm³Æ0ø§°»Y,ѶÌÒ‘}®Õ£k0i0U#0€¨Gœa€h(±Bš)Œæ()’Ì0U(,ŽQü·œˆ*kî,k?ø{by„0Uÿð0U 00  `†He00  *†H†÷  ‚¥Ô à‘ú™_𸅖a¥¹˜û$ÍžÕŽ(ÙúZ_N1¼Ã':8DéZk°&övxÏÖ6&©LI$a3 k—Üa¸ùŒõ]£‰Áïý §ßKéB09u*9õäíSª"u“¾eWá€<(î¶ÔÓþ[f˜í]Ú•-Îýa!ä¹c3.~rSnÛôÚ/’cNHN#tm6ˆù´§DK|ÃѦoëwGPÔ!éу£T6¯œ[Æ0>ÊÞ5ÄÉè—xýaí/…_C ˜7c”OHA^ßlâDu/ôÑôñŸf|hA£’U®°×æwn"èf=˜ÌDÝr:Êl{¹I ûU$ibTë»certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt000066400000000000000000000016361453642760600323530ustar00rootroot000000000000000‚š0‚‚ 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 19970101120100Z 990101120100Z0r1 0 UUS10U Test Certificates 20111B0@U9Invalid pre2000 UTC EE notAfter Date EE Certificate Test70‚"0  *†H†÷ ‚0‚ ‚Ÿ$ç ÄïÂS¡É—1oß”bã^Ë«á¹0Ð@fò´k™)„ßí†!;¶0Åò:Ñ8`àeBÆl=DŽ ›Ú^,Ú¶Çí^Pô\Ç÷ECŒÊ¡{È!e¹»+5¦‚Œ©uC/ ñƒ|¬/i—üÎFjˆÞ†æzÚmDPtw¾#ë&qT±;Ó4b¬±ËN™ G›Xù›m쟬1Îpþ•ðx)-'n•¬ÐÐB°Œ7fY.ýÂ,‡‘0ü$ä’Ç tsÚ_1y_¸,¸Àglb0tb#âèºðš©T_— ëO=W|¼×Ý) Þø.-¸“£k0i0U#0€X„$¼+R”J=¥rQõ¯:É0UÕ…žS0&Gˆ–~O#“d”ó¯0Uÿð0U 00  `†He00  *†H†÷  ‚‹(šÇú& <Ä›+ô‡›—ˆÚìÂ9¼ƒ‘¶ýG®Å°¯}I·Ç[ØnÜ·Ñ §ëX$À8v±ÔÕÂó„ÿ­56º¨ÌO:dâ–-‚;ÁIÌ| ÓL-9‚“F‡HUžc û n]û¡u„åÏ:5éfjò W<ðK3› ¨~½¬mhµé¾³íp o&î~!¯Þö;üÑ3BÖ6îŸí¬RËè)!¬Ý^¬óKÕcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidrequireExplicitPolicyTest3EE.crt000066400000000000000000000016271453642760600325260ustar00rootroot000000000000000‚“0‚{ 0  *†H†÷  0[1 0 UUS10U Test Certificates 20111+0)U"requireExplicitPolicy4 subsubsubCA0 100101083000Z 301231083000Z0k1 0 UUS10U Test Certificates 20111;09U2Invalid requireExplicitPolicy EE Certificate Test30‚"0  *†H†÷ ‚0‚ ‚ÑéGö!,û.HTþB7R ¯vª÷ó Ù!•?MÓ“M·­µ‘?„ÐE%‰¼ö{^(vÿtA‹´ m­}5ªzÁYjóYƒÕÀºLÅ9 sü±tºÅ’T‹Eàd^óÒ'ÃdÞyÏÛÛÉÉ.Z…õÍzÞIŽUpí`.ûP~™RS"ÌíHù°ö3Å‹ï,¹˜Mç ˜)¡žÇ¨Æþgèqú‡ïCì­v!•Ô-(â²Ô{ž›Ã„[iuWçjßyáUýŒÓÕÍò¨ö¶Âvñ³iÖäQ„,D1aõÓ¤)±–¹[JÒiÿ7y9(ÙÛõ£R0P0U#0€»Ñ&ôž<‹ÏÙ{²,Ü£!0U²Jah©¯pù°/þâšr~0Uÿð0  *†H†÷  ‚W=ú¼ûÿQ̶ծ¬nEøö¦”~¨Ò J݆12ÝaŸfYב·<Ù)/3ÌÀD i±ºÂîù×mÑ¿éÜêí†Ñ¹â‰¬Öîêp¶†}øÛ·ÆtõëE”½ôE‘ ÈÇ]¦‚A¦E/ɧ+43.(ŽÁ1ŒBu„—¼g*˔ִÚ†Ö/T¬Æ̉Eó RüæÇöóso¨£QÌOâ4ö˜ª<èñ‘|f¼ìkwçú៖«4wŠî‚e*‚Cac†ç¿\ÄÕÅ`2…'u …q•¢tb ü[oòÞ²å®ú½?Ö]ÂA¿ÆK‘#b:›_vÈ|£–i;öI’certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/InvalidrequireExplicitPolicyTest5EE.crt000066400000000000000000000016351453642760600325270ustar00rootroot000000000000000‚™0‚ 0  *†H†÷  0a1 0 UUS10U Test Certificates 2011110/U(requireExplicitPolicy7 subsubsubCARE2RE40 100101083000Z 301231083000Z0k1 0 UUS10U Test Certificates 20111;09U2Invalid requireExplicitPolicy EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚⨃}íÇ/(·BÐàÇ¡sBÓÁÛ·÷‰ãÚ0e¿),ÓõxŠ¡žíÖÎÌ> | »f–¨íä’—4CžáûýåÓÐSݲ¸(9a‚Tâ1>ælï=±úì|›Ìç†W;È{$WãùŠÈ*C(N÷2[Z·hǾ«MB¶.ÅÎd¦Ød dJ­!KQÇyÐßÖNL`æ¡6RŸUâ…áuúöÁÿ¹ŒiÖy(0jaÂÞ¯}ë/Bà…ÏìeZ_¬"tûe°’;¾Ì_o^"º.ƒ¹›xNË$TÔ¦ ~>½ËÙ~— ½™õŽã (à³W±Ÿ£R0P0U#0€{,Qa1­¬,k©¾;;’ªD0U¼» n mÏè­Áêø$«0Uÿð0  *†H†÷  ‚ŒÂZ ¤ŸdÆï-¯¡€Û¹(Ëw^à5ÿvR:kôÐí‡)`§x5ün6¶½Ñì ¼ÛžFÒÑLÐXqÞ~ŠÀÔßÖr-» öÈ‹cCñÀº‘Îi¢½_)ÿ¦hÑ–©ˆ4¼Y¦¯hóÞá_ýô!S¥/’?T`2‰ÚVxäGì¿Z'pR—O‘Vk™s€hÏ+1+ÈÚ!¥¼y,—ųO“ñBV·ØMé åš†Nñ}ôvS&äVi!^%Ã/‰P×W`6œ[²`M€Ê7ÛnÉ—Ý‹‡U²C*\©ÒWE‘€}Ï9a«´Ú1Lt¹Í§Ø€¸®Á©%+ØQ# ÒFãÓä…ý¬$'b6^®FÒÓ d Nï¾÷ä[ ‰hºjÒd¡¶!MH#&(ßùÔè*:úç¦ʾï½'´ŽX§D¬ÉâÂŒöŒ_¼ù¶;Ù ˜yÒ(av‰zT0}Guž.Á €g:´ñ%¦)sAÍWyu'ÆÄ‹±ÝPyâ8þŠyßýÁM7Q]}certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/Mapping1to2CACert.crt000066400000000000000000000017001453642760600266370ustar00rootroot000000000000000‚¼0‚¤ 00  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0H1 0 UUS10U Test Certificates 201110UMapping 1to2 CA0‚"0  *†H†÷ ‚0‚ ‚àks9çtž?uQ¾jÉehT¼µ,!°FG³›_K£p™3%]‚¹W¤GtMàEZ}ÎmjfgKÅöµ+D)®0‹“û^¸®”óLÀ]UI€ú!l¡r²HZоjÜ8Âù›©’šŒ¿áB>™²¥¼›Ðû]ðâËÖÆìØ ¢íìÈ÷Zã*1n÷ËÂœ[×®‘[<ÌžjÒÊ'üt’ß= ê-âˆÒ‘ ›“4Úe[¿â%… 0²NrŒ øL!î¦pÂøMípkž3½b¨Ò“Ý.|ètõy®¾~²7 ±o2g`·Æµº-/Ö€ÜCQÑÙo¢lTs£³0°0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U™ÅxiË=3v™¬Då°þ¹ôÛÇ0Uÿ0U 00  `†He00Uÿ0ÿ0 U$0€0&U!ÿ00 `†He0 `†He00  *†H†÷  ‚£¤½=$( æÿ»KÍ…ø®%4õÆ¿\*D‹Ã‘ø ³qx‰GåîB)hf?ο•¥Õ3/ÝN>müèêûÇù>£[9-;ãBKˆ¬¹3! ymÇ´ûQœ¡W´c°›^ÂF,\¹b¡pœU>+Ò®«RÂ"¥Éˆ{UîÈXHSI$Õ³¥3嬼׻á|Æô’€>}Ó=ÖŽ43¨óÓð ë桲ÍE°*ˆF,nÌ–^EYÇÜìvÒSßžv­<[¦‹²òº‘ÅÝ&+L4vé6—nu¬ƒ{certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/MappingFromanyPolicyCACert.crt000066400000000000000000000017011453642760600306460ustar00rootroot000000000000000‚½0‚¥ 30  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 UMapping From anyPolicy CA0‚"0  *†H†÷ ‚0‚ ‚«§¢õ ª\ßÀð0Í?òeÊW* 0yÆ4X Ï Í ÂþÑD3PH±‹[H˜,›evµ»l¡bIjÄì’»6°Ký ^º\Íí ºt¥¼Ú£º·ØÚ¦k0gŸü—hS‰­ìþÍ“Ù\°âøxÍ ™‚V¥oø½õ§±lNÄ’Aùt êÅyy*Y,qNî¾Ä.m0f5¤°:ñ¢¤€^sÇr³Q·>Dšž…½€Y-&¨­§ZBüÄRmÛ«xzCÔþaCN{eg<5U½Œ^ù³Ò–u€ï’ƒí$©,Iy%ð<³ýAæ1•¡©[ ÐÉIîe¥ÕI3£ª0§0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Uhsà 4Ïr@Ú”–Ö«z¤o.Œ0Uÿ0Uÿ0ÿ0U  00U 0 U!ÿ00U  `†He00U$ÿ0€0  *†H†÷  ‚ K”•NN.pOõtÐ,—BáÆv/RÛh+ÀDƒå•5S À|¾ÀèT ˜°ŸšPõ‡!‚»'1û“šžk~âDÖد{ùÄp›ùŘ,)”¸uERÉ'lÙYu´¼Jì1õž¸Ò¾'ƒ;Y:‡£â|võHÐ*Ï?èð¬÷T–Z}”Ûú#*ð;ˆe3V.ªq¬ ÀìPËÄ¿0nHÞµ‰ûU 7}¿!™Q¶ýìæÞæù—R×'TãÓ¶b°«rÚ½p1;>ÚdæØê èâohЋV!oH•›¥]£ʇQÝ£°0­0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U,í“ñp”‹-“´˜Ò·¬0Uÿ0U 00  `†He00Uÿ0ÿ0 U!ÿ00 `†He0U 0U$ÿ0€0  *†H†÷  ‚1îØiÉ€@]Í~='äË;ÀrÙ•zÖd´E¡Ýü¬ÂÓ@%<xºÍP+µ£Ò­;ë,VÏ7ws…æ]×¾C¸ŠQò½>‡ÏÆÇæ•ìÉ—©‹›¬’7•ççÁ¨„sr @Òñ¶ ·µO ÿ·ÅF„¼¢CP’w?òªþ„.ŠP{÷€L3üâz{®Äöáw,äñBexAÒ Á+ÁD~Å×c›x÷|¤B[I£‰^Ñ»Žn³êyc çëbÁ¢Â {§ø/¾±ÜMU·:ÃN"¸ªÙ¯B_ ¤9gê$`Ÿ9œ8ƒþ3!drúŽ´¼Zrè3öø#–º4à_›5certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/MissingbasicConstraintsCACert.crt000066400000000000000000000016031453642760600314030ustar00rootroot000000000000000‚0‚g 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0T1 0 UUS10U Test Certificates 20111$0"UMissing basicConstraints CA0‚"0  *†H†÷ ‚0‚ ‚´VvZƒ”µª±(›ë ‚dq„ œÉ)ÌT¹ s6?2½ûÇ#éJšÁ/2KA'ÎÙ6„’·‹¡$ØñÀÀ«Uô:‡´–VdÔ–‡çG‚Á’t8ov=–CitwßJõHJYêÿÏ™pȉ$·¾Ñø§Û§ûpÌMÛ‚¼ñê&à°ëÆø:ú$+¯ùF|ŸÇåhÕ?OÔË‹b@…81u66xP¦­Í]Z¹˜a âÙí§û’~¾é«”Áþ5øûócDé3‹®ë‹†Ñ„Á´ÃfLõ»”¨NÂàÐ ¨] 'ð&‰æÞåˆA L/ ÷3£k0i0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U0V¼OÆ&Ƶœ¡p’ÒùO y0U 00  `†He00Uÿ0  *†H†÷  ‚X'>ÌÏQ³ût„¸û+ìø-Žð(æÑdx/”_ë¬m̤Fõlƒ ~wd™> ›q„:ƒP°ÓR÷÷Dú ]íû–@kÞI„Ûùv6b qÔè}¶ìÑ„ƒÙ·$Ÿ#H‹¹jPw¼GêâNRxé"ÄÕÝqsÒÀ Q‹wäQ.×ð01z¶ŠhNH¾ðëJó4“œ³ïYSeŒ6ƒÏ67ú<¹øá@û3"ØC&Ý‚ÆÏÌg»)½RÀý›¢{ˆ“¨?jîÂagêæ=©certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/NameOrderingCACert.crt000066400000000000000000000017241453642760600271160ustar00rootroot000000000000000‚Ð0‚¸ 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0“1 0 UUS10U Test Certificates 20111#0!U Organizational Unit Name 11#0!U Organizational Unit Name 210UName Ordering CA0‚"0  *†H†÷ ‚0‚ ‚¸#96º‹?N\L@ŒÓo@®Ö%˜wHc Ø®ž —Ó‘Mò¢² ¼àœêÀ“þêè¢à­œ¾ƒ0ôLl}ôÀ¢]†tZjCùÊ eÉ9ºñ³ ê³·Ûç’}oî,(Ì=渇°¥*]žOÝö†?B ZsOùºf. HÍŒtÜ¢d|8|R 7 ŽlÑ÷ÐK®6˜ãAü|ûyÜpÇQÀT4 Oö¸ÿ‘`—a梬/ëà†E˜!}jptPrÝ%Õ׌ªzós˜¡;Шr!;(øçB'Vp‰swö´ýyì‘ÊÇEO²Bomö¶™ÏA]¸ÒŠÇR+£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U¿J‹›MŒ1Œ[éÌÝ/èyQP0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚Q|ÒØÐøp¼ðŽI…|<À:=¯´ôçUÜâ•…µ+» Õ—:¯!ÆÌo¥ÚKÌ"VñXÐJ_ü;µC~ˆYêHÓŽØë‹0k ÛAäQ³>È6îhòÜ\óF<Ë,M¬jó´’NÉq¿Ù›ã:Î7|*N{¸´-ýê|øeØ>>†ÛÿyI0¾¾C3âÞÓÞ0¢ô´,Ó@Éc±…]Þàs¤Í;.cR"d` ü‚Q ^¨hŽ#cEø] îàUï~OmuÕgºB@ãñ ­“©ž¢o¡ñÂ*»{€—dº¤$ML9!Ñ]Ë#);×úMù¨–_µIbJ" Ÿöx‹? ÷Ð)W@¶D«§Ë~?‡=åE,ÖåÀ«'ÜÚ·þøu¼V^WFá0gÁ§níºU&\™f)§Q÷aŽõþY!¢S@æGß)^ˆ°ÔÄ¢§À?A¹Z20d2*7™6‡{£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Un®EÓùýÌ®ziý¸ÒLì0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚gÙµÃL a»ÛÄ/P¼<¿Î~G²ŠZ*†åPñæ˜G´,Õ/©¾>ÞJ«*ÿ.X_næ‹9éghrzIv³×¶+êÙì—Œü‚úW*•2§yPÙbøç!³¹‹ü\Ç{œ&æTî^b+#Ipà|>%œmUmL*>u%XíYjRl\©–©W”¤]·8üÀ8F¼{²ò_s|s%šˆAĬ†MKîšçù4¸eUëŽ07>5i×ùRãC•­K‚¥Å:7.̾úÙtî‰ÚOÄ—Ÿ-ДñÙ@²d€å[²ùþxˆ±O6ÙŽµ‰òIe›R Ž certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/NoPoliciesCACert.crt000066400000000000000000000015561453642760600266130ustar00rootroot000000000000000‚j0‚R "0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0G1 0 UUS10U Test Certificates 201110UNo Policies CA0‚"0  *†H†÷ ‚0‚ ‚Ö±‘FÙ%Ôd Ï#Ï=R+†ìøÚ©„…컺Kú è"Qp Î 1š…ªI²oºXƒÊïN g¢.V™&Õ=]1¸ùWU{X@ÓØã*fçôT [hÙ ÿú­Œ Ä‚ˆ‰¹:Fn pŠ¦PõN±IüÀ¤n íùÙ“f*K%@È= 4ÃØ$ÞƒÅC‘H•5þéãÔ* 8÷ÿû«¨]°ã¬º}}üw;Ìgã#éí¨ZG\BùÒÇ$Ì¥L;NEö¬ƒŸ¸kvË×t5ïTª!¥ò‡t¶RKÒ¦É\ÿ]Nh™Œž†V±yþA´t€Ú”q¨¨êæÎüZ¥£c0a0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UB$í¥Kvœ—˜\tê:ü5äœ0Uÿ0Uÿ0ÿ0  *†H†÷  ‚T€…~ûœÚ©O ÙR"®.M:>é5 û®ÏZK¨_\*†~TPç ôVø•¦«ôkbÏr1òú†?¨£š~›)']Õf©îµfàÐÈuäQ¨Hï—¥™yXÝ"÷ѧ¬lèwOW˜5 0‰àYV/FhÄ’á ‘5{4¿4ù#„g=Æ0Ì´,XÓï’ƒLö’0ð"B×Ø}“¨ÉøØv[ˆ" èe⧴»¨þúŠ{o[÷º…%×:ßœöx]ùŒïlî¯UXÓï»3Ð~ÊY³òI÷Ÿ4ØU.BÚ­dªPïS2r eâ¬-øòJ¥certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/NoissuingDistributionPointCACert.crt000066400000000000000000000016271453642760600321360ustar00rootroot000000000000000‚“0‚{ L0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0W1 0 UUS10U Test Certificates 20111'0%U No issuingDistributionPoint CA0‚"0  *†H†÷ ‚0‚ ‚À«ûuj÷Î^â ¶çÛÃ?±ÆWºøAÝŒE r#ÙÜgýú¦<´ð*ʘõ€~eY©'9$”uÿGÑ…YMïGkÅ*Aè¾ågÕ´ê)Vö¨³ÚE¹ú°÷Ïò=V}£ 9šéÖf̓¢[.;`ºxhï›iØͽîIºãê*•5ÈïzÂ)>–Y:‡\¹ô ­ ÷÷±4š³j%»õ»¦iô͵UùYŒîZ|›a ,Ñk#@Œ0°yæ2Rv„Z¦Dæͪx\ZRºy!Y»Øù¬‹Ïö±žaZþ_Ã8èKÎ,X(Vq®}w,¡è>&^ËâPÞ%£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U³ËT¿jüŸÇ1’ §Gk™Ÿ10Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ ܾ=óÉiž^„–!3Šzi+Å^-6§Âf—ÝDW¤fíáÂ Þ ÚLúõ7«ç#~½œª0ê_º¹O(Îà¸æføÊ¥€7:”–ÁòsÄî}#'!$ýô÷•g6æÛç[á?ø„$WǵË~9Qi4 ¼páæ¨Äâ5‘«‹2È`æùœ¶¤#©?h‡âW] ˜¿Ç5®ñ0jùuüºÎ̵ùÒAåß-Òú yŒaY„ýñÇÍ~Õκoù°¬‡ôïnUÝH]… ¢ýƒ%e«5•¡K lB–—È«ÂGt¥þÒÑ"„ ¸„”JÒ"zY̺»œcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/OldCRLnextUpdateCACert.crt000066400000000000000000000016161453642760600276650ustar00rootroot000000000000000‚Š0‚r 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0N1 0 UUS10U Test Certificates 201110UOld CRL nextUpdate CA0‚"0  *†H†÷ ‚0‚ ‚¿](㣞­zÛÚ¯ët WQj¯‹‹‘rWc)ìû?Ä‚ßÕÏuÒÌê„%QT¢<¤.Ú6µƒ´ †LøQ§Ÿ¦øßʬ^Gˆ=O–ý^6¨»2m&‰Oþ$¥ç3ø ¾ŠÿRhA»¬lTu­øTù­«WŒnw%@®’r½ŽÜú¸QÜg[VBûJå,ÇÔ#Ìþì24m‡ÎìSIÔús)®:¦t´"¨<9¼Ÿ{å”ÌFÛÕ@‘ ¤{ƉðI–ò7 {Ãð³ë hç‹ý3V_ü¶d–lF¥-ÿšÒà*ÍܯVÂ)Œ+$ýGó››N‘Q¨ÍÃ~aèÙ£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UÎÚÚZÌŽ—ú )O¬–*Íx0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚¹$¶•ÇpóZÃ{HJüñX}†5þÂKÛY>×Òý£s.)ð)ÚwûÈÝ,æ4ëT‹ó{M&(4xŽØ 7‡•óÑdO¡qÄßÃÝJcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/OverlappingPoliciesTest6EE.crt000066400000000000000000000016641453642760600306430ustar00rootroot000000000000000‚°0‚˜ 0  *†H†÷  0W1 0 UUS10U Test Certificates 20111'0%UPolicies P1234 subsubCAP123P120 100101083000Z 301231083000Z0b1 0 UUS10U Test Certificates 20111200U)Overlapping Policies EE Certificate Test60‚"0  *†H†÷ ‚0‚ ‚ÃÑP·f†p;ÈíN6@*Œ€æá:I•‰J:”#Ò¾Ô.”© zj‰ÁÎb¼éãÌI=OÆ5j .ñ3£’?´¬â¦Ÿ5HÉÁ­Ä %`hü? ¶ñ*ýò.y²Y(Jþ0«¯%FœEà•”6¨áƒHTîÐcöTŠ8á÷‚©ö²`ä|ùfãoD²ò‘‘䗲钺ªª1IgÄ®¹ÓA%³µj'Œ¼0œ%ÃßjßåÚÑ¥Nˆ·¡ÃÌš+´3t¬vÏïî-5Áì"9ÙeÔ¢A”Ÿoý%¹€' Íw¨o´ä¶žQŸþ¥(Ï#ÿÖ"bÆÃ#‘£|0z0U#0€Nô^¡ù0{e¬’À ,Ó´–0U’¸3ÜuBpÍí£' ­ønçXmA0U 00  `†He00Uÿ0ÿ0Uÿö0  *†H†÷  ‚b%ÚHâˆa+1Ý4*é3D ½·öŠ‹=#p¸›ü,Uóù¼E«îñäl“Äfw(¸Ò© »º3¤_F.§‘$œ.]õÌëòÚê‚£HG“ðÉj,:­eþ¿UU9]Þž–{Þ0MÇ '¿l½Ì>èO^W2€¸Øv ,ø@ìr*`=“kžž¤¸wtjí eç–-Ϧ.È {sLt-D{§6í 𣠨dËJ}ãmO²ÿÙNI£J@*’ž÷R’g'5ùì¢[ýq>«¤xân¡Ù'!5È>RñK…ÖvõÈÁæîzMT¦ Ðþ5Q«Ö=ëQŽ°ûV²u<®‹× ³è®\»=£Á0¾0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Uüôa32€|}5‡Þ_RûiñÁ0Uÿ0Uÿ0ÿ0 U$0€0%U 00  `†He00  `†He00&U!ÿ00 `†He0 `†He00  *†H†÷  ‚‹†(é(Þ mdþ^ÓÆœù¥Ú˜•| r¾¯ò~‘|#~ÔÚ ]µ×Ö-‹MÎBÅ> Ù¤Aûax×m7¶¼I+­*Ý>¢ë0½“Šß÷¬-@ÄŸÌ 3$ä‹ã‰îLÒ@‚/,…¬]˛顭F¤nÜ+ѧ1æ87Ý‚<2lözëpq;¿,û¯¿®[|ù{‡â¦ûûÄ»ß (¤‡ÞtÝ}P¥¬†‹u¬5ùØî…ðsM}};õ[éŒGŸ’émî©ðäÎ#>MWüÍ™›w›§M× ÄC@lÝÎjïzæ·‹Ûqß0ùúùüIˆ.²E­ð­certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/P12Mapping1to3subCACert.crt000066400000000000000000000017501453642760600276420ustar00rootroot000000000000000‚ä0‚Ì 0  *†H†÷  0L1 0 UUS10U Test Certificates 201110UP12 Mapping 1to3 CA0 100101083000Z 301231083000Z0O1 0 UUS10U Test Certificates 201110UP12 Mapping 1to3 subCA0‚"0  *†H†÷ ‚0‚ ‚ÄD`ÏéR-6I±·û”OúÏœglϵ“”¯8”&¸£Dd]Ù…+6çùøΊjMGlOÒ–»¨¯JÄ?3Wán3]±_y”s.֛ŋÉæSUâ‰È!7ïÈ“dC"æëro>­‡[×ôÖçñKCûmÍ\çIŸChh·„O¡gÃdgÙ{¦üó°Šp ¶fyûìøÙBoÛô#jSäJ·]Z¹„EPrjGb 0‰Þá/óù<ÍÛ×€:>sRf¹+ŒçR;Ͳ™ªÇ±á/÷1(certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/P12Mapping1to3subsubCACert.crt000066400000000000000000000017241453642760600303550ustar00rootroot000000000000000‚Ð0‚¸ 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UP12 Mapping 1to3 subCA0 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 UP12 Mapping 1to3 subsubCA0‚"0  *†H†÷ ‚0‚ ‚µ!…S‰e…åõ#¼GâA·€nº’á /7'e®5—š™UÖý‡p!­%l‡[H’Œ>hÿTbÖ¡‘“ì K¦WW’5š÷ÏŸ±ÉH XÙVVñyâöŒ¬ïܼ¤Í¾ÚBÙ! O;`@*l*Àvùaã?B˜ Ùt[G›y±Wl#Ç‚ÐÂÛR QÙ˜¾KÛÉêª(دµöl7,î^‹C•x¦ÂæÆÒÛ׎Ï;ùj×°Ê3mÁáQ”¯óD7N—%OÖ¡ ªsÒst U7†2ÀÚ,&½S¸ƒ–ºŽM{ÐdÊÃew¬±Uý{XR+£³0°0U#0€¾{“¡ä›Å'<0S×¥ÉæZ–z40U]9>åª*^-ö®h*­3›=›s0Uÿ0Uÿ0ÿ0%U 00  `†He00  `†He00&U!ÿ00 `†He0 `†He00  *†H†÷  ‚'£î°œ¬®Í*ï‘rz÷!ºûÑK,™¿²n‘ÂJ â;–ö¨áíG. Ph»€Öò‚iÁb ô¸¸RKeßÃRÈš–:[;( Æ@âÔšßH×Þú}ßG[©g*J¸ô£xC[`k‰ærnéw-ÅÒjà)tµ "ÜôçºÜ0ö¿JúZ‰b̦÷hê0Ydy‰cÂ~¬+úc€‘dWV‘‘pVm¥lí=×ZÆ Í‘U"Ê?ËnËæ×ùµó¦=¿u‘¨]Õt¢•"«GºCRÈvP¸ÙˆpLãa–˜ëÏT’G¦ «ÖˆP®Ûzàê·ÉJ"ÌjIcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/P1Mapping1to234CACert.crt000066400000000000000000000017711453642760600272170ustar00rootroot000000000000000‚õ0‚Ý 20  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0M1 0 UUS10U Test Certificates 201110UP1 Mapping 1to234 CA0‚"0  *†H†÷ ‚0‚ ‚èCË{~ê91¬T@Bòígÿ½¹ѶOÎã¡ Ÿ$[-UOùãÛP@{Á‘øÃÕι$sDzüµÇ»PSìEßm¤O6ñE¼NçÝ-žó‘x «æWýð Ï0K¬f¼ƒ­riH Då0,úŠ+ÔB=ÓKæ~IAv؈¶Ú†ùòËGÇ…•ÖMµ²<4v(áõ]YúÖzpbÆVž=Ð/ÖÌŸs?Nh¬q§Lì†yoýqZùDS¨7{ªö¢‰æÝ^Öî=qÒ‰DCqf`ˆ¥4ÆÀzØ‚eÕOÃàüQ¸£Yá÷å™øké:´gõ*`Þ•£ç0ä0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U• ©IxªvÚ ¬ˆùõ÷G’0Uÿ0U 00  `†He00Uÿ0ÿ0 U$0€0ZU!ÿP0N0 `†He0 `†He00 `†He0 `†He00 `†He0 `†He00  *†H†÷  ‚E ÊInq¥õ4Tj¢Mɪñç~!€”£©H÷aslqw;a`œf/ñ>ü,7-<í„v„¶Þ¼=à|vÜÃŽ3/vÆ€˜z˜ÍY÷Ù1Ô ÅCx`•Kˆí3Æóg7âçFéàÆy:¸§¸û (ˆéöátìc¼ÓðÔÄãa—vé‚©ì+„ìÒ€¯Ú؇°Åˆ_}ˆe–j2»”4zÚ¤–hk Û&ñÑç.±ÿqÆL¶#zò?Ä 5®Œ$“Kí¾•ß=SQæÀ¸†³‡udY=Û2•Ââøz"ˆ{1g¡¨Møš“ 2ѾR,aò厚«ñ—¶kKÍŸ ‹certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/P1Mapping1to234subCACert.crt000066400000000000000000000017521453642760600277300ustar00rootroot000000000000000‚æ0‚Π0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UP1 Mapping 1to234 CA0 100101083000Z 301231083000Z0P1 0 UUS10U Test Certificates 20111 0UP1 Mapping 1to234 subCA0‚"0  *†H†÷ ‚0‚ ‚ª߂¢¹.¹<ù%¹e_ý]ë®èÈ~‚ï îæÄÌÕRÈ÷}Rƒï!´ç¢|8¶šWeúvHä"9&Æy‚†€Á5‘࣠€AJµš¡Œîp³©>[E:3¯WV웉ÈÖM:JV PÎœ5¦Y$Žô¢”Ùµºþeš™Ê!y»kA PjjÒwpŃ"eöÚñµ  Ü òNüÆ™õë3EéL.œqŠÜYÁ;Pa¸{À™>ñör„?g}úxÕ½"bŒ¾Tyñ¶‹y;Ý`úµ6ÀõMHŒ[Äu¸æÁX2R§»Lž›Ε˜ÄÝ”¬C}èï…Œ[­%£Í0Ê0U#0€• ©IxªvÚ ¬ˆùõ÷G’0Uå•ý*9x¯ËFö@˜e í»0Uÿ0Uÿ0ÿ0%U 00  `†He00  `†He00@U!ÿ6040 `†He0 `†He00 `†He0 `†He00  *†H†÷  ‚l_gæšÈÑ+¢£ÝjB7(—JF¸ÆÖn$Š[ ‘p|Ï]mƒð¾ä=puàäç»ér¹«ëzcóUp›)ês…ÀSIvM†¦*“Êm›Éó?{CëBŸ;µø·tx`¤Ç€V«8{K’¿ûStùötœÓþXi÷Òôs{Ny%Ä’rˆ&5ÄÉÒÆ 9Øo…Ž–ò:ÇaŠçFø[ŸÂ?ï•WÿËX <·`à1¾ŒWiŠVWÄü|»¯ÊI•&øAÅxgäÓMowB0€kš ]hsÊ£žâÎ.S»œ5,Á† í Ò"± õ{®¶ø P<ÇG„certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/P1anyPolicyMapping1to2CACert.crt000066400000000000000000000024611453642760600307350ustar00rootroot000000000000000‚-0‚ 60  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0T1 0 UUS10U Test Certificates 20111$0"UP1anyPolicy Mapping 1to2 CA0‚"0  *†H†÷ ‚0‚ ‚ÜÛÿàõöd‘Ëk]åÕÝi7y@Ž›ßÞç¯Ï¥–À%¯ÐjÁ‡µßؘ÷ä`Nºè‹Â‘æZ^wX€ Sç…X ÷L­'[ê-¥þ[& ™Û»%¤RD Ø+¤´)ÛuÙ…dC­”b+½‚1™®àÀz“Ç÷ÃjuÿO^f˜æ¦¢ùÕíÂy(_¦ñÕ9 As“׺¥lçò¸ Ø3Zm}~ó¥Äõºö.‚oÏóýY꧑m]OšíåU(‰Ö0ÍœÀ Œ;<ø2”ß•)7ož°ÐÆ柖¿¿wœ©˜Ð$—SªíàfD![@Ö¤›¶ †ê÷5ƒ‘£‚0‚0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U((2ŽJ„ø¸‹Añ]{è%Rk†0Uÿ0Uÿ0ÿ0 U$0€0‚xU ‚o0‚k0¹ `†He00ª0§+0š—q9: This is the user notice from qualifier 9 associated with NIST-test-policy-1. This user notice should be displayed for Valid Policy Mapping Test130¬U 0£0 +0“q10: This is the user notice from qualifier 10 associated with anyPolicy. This user notice should be displayed for Valid Policy Mapping Test140&U!ÿ00 `†He0 `†He00  *†H†÷  ‚ ã;2ö¢õÐârýTdÔÐ9Ãí'p=d9s´#gJ :ÂÔ:#mÉ=ºÐß½¤¶÷AEù =QÇÇÜë½ùäØÂ}ÐÞ£ÝÈT ‰é¨,Š"ùqZ”GÔȉn^ø wH¥×;Áø8æ ¨Ìõ§eìg‚¼F‘E”`kÖ±~àïÁ#¶ƒÐ?OÅjõ5®ä~qècêw÷æE‹g vê3¼PÇ^ Öz±?~u%O9´qÍÔã–ŠhF¼©ŸNAur!VÙ– ÑhëêSs%˜2mˆ¼êó¤-œg÷eçé”æÞ ‰¡7Tç0í.|΄us[xuä@ Ýs„O/¥‹certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PanyPolicyMapping1to2CACert.crt000066400000000000000000000017051453642760600306540ustar00rootroot000000000000000‚Á0‚© 50  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0S1 0 UUS10U Test Certificates 20111#0!UPanyPolicy Mapping 1to2 CA0‚"0  *†H†÷ ‚0‚ ‚î+y* ¥:näƒûÞ'lu³nY#ö².ŽêRŠe(óüÄGìʱº7Óög¤g©‚Ú‚Â6ÏZo]“ãÆ—æ4á:Ò§* tÐ*%” ôã%ç`X|u|Ê HèRè±'º'À9‚º§6!TªêNĵ2; ›,2+ÌË=L™½¥ó$àw¤À’žø,.Ã>­uÙa2zõ"Y~þßX†É¯žê ˆŠa<©.àj;d´m¦;'ÿàÓ*I«û³9€‡â¾[ʤ£ÐXêÐÖâAR{`ì…;è¼úu›¤š8u!RèSÂÁ1Œ·ÿmí)«ñL—†ë“#%ÜŸ;¥HŒ6àþdÍ£­0ª0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UG'/C=Å/Ù’¬ÇÒvÐ3Æùw»0Uÿ0Uÿ0ÿ0 U$0€0U  00U 0&U!ÿ00 `†He0 `†He00  *†H†÷  ‚Læs¯Ç8À›ðW^èÕ|½øÄuìC¡ï£b@p¢j`!a2k“peƒp~)Š 8Pƒ^õV² Hœ€ ðQÛ¼½í¬'M§Üs&±‚RŠ 1“NÉfêr¯ÑTq§3-é-q“­}£¤ôÕöÁæ—(/Ã&’Ü“E¼bFB$Ò’xNåÁÔ1ÈÚ0Zßß\ø*ÿϦ™ÊÂÙX–í7Á à$†§fÆ_J $ëv¹'½Uk SF‹Ø~åÒÆä;Êéš‘ô¸Ù.8üD¼[ág…5½î"*×y{ZNø„x“ã‡qmnPqûLš‰«úâ±Ó0ĺÎcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PoliciesP1234CACert.crt000066400000000000000000000017041453642760600267430ustar00rootroot000000000000000‚À0‚¨ #0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0J1 0 UUS10U Test Certificates 201110UPolicies P1234 CA0‚"0  *†H†÷ ‚0‚ ‚å›0‰øcÙÔûYO6ë?SáVVÉÎ,‚Ñ)RìW°0ãGh§w„}$ò¯Þ³:aM÷¯ÿ—kÞItåjÅóÂäÏ‚®-!‘-M)eÓ&ñ“û²ÕBx³VSÀ"4B¢p›˜Ñà™Å²‚!}¥6Äþrá‡òi(¯ à9fÙn@^Î ˆªu"l 9Fü ½Äètÿ®ñ›þ2SYX„ƣÇorÄ®WâN6‚…¢Ó:.kcâ|U›°ÒVÌ%p⛵¢,w¬šõRæŠëH…„x³œŽ˜ŒòY1âY4 l|H4óÄõÉúãþé{êèÏ/ÿG ¸ÂÐkýȱ¹ëßUÅ£µ0²0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Uöý©Œ&,´ÏÖÓëÔ­’j»$P0Uÿ0Uÿ0ÿ0 U$0€0AU :080  `†He00  `†He00  `†He00  `†He00  *†H†÷  ‚<,⥿é1ºÍ™lIavDªìE!»¨ÅÚÔ®ÄXʤ ñðÿÔ{¼B¶XPDp¸º2jÃÛ”æqÖßôî2Ò¤ý‘íXÎ}*šáír”£ì?p«ÇñvxéÎÉÝv2£¶ÙÝüÉ;†~ŠÇ ÉÐWά ,`Žö‡±ËÀÖ^=h:;žFÒ´4×OöœX¯ëZ°q»àËM‡œ5* ¬IÓ¬,‰lQ³âéJ‹ö›‡½iˆê­Ëë'Q^4mÊšZæ¨ìeü¤žŠÿÖè)¿Ûç1P;:ݧ vÿòlaÕ§;±ÆØ1N\y”MeÕm¹ÎÆée^ïÿ’^åjbr’®:чq­ 0±Ú† ö÷¬¢·‚3‹#yÊü›%®g™.ŒÎ{N^IÀÞž.\ ËGF˜Êa¥hš²y?÷ý+Ýv¡ ²/݈ûº}4n3âc–Q IÚ°µÏ06Óϲ‹¨üpý‚Æ.‰ç?#£™0–0U#0€öý©Œ&,´ÏÖÓëÔ­’j»$P0U¹ªP¦4fQhBî)ˆjìÈ|÷0Uÿ0Uÿ0ÿ03U ,0*0  `†He00  `†He00  `†He00  *†H†÷  ‚‡îÙ…!ïg ¯fÅa$mÍ'¨¢Éí<Þzý×ôeñ%À`®þÂœŸFr²ML <æÏ›I¢@'I 'xÒ}&ö8È$†’¹+â6‡³v‡ÐLJÊÿÿ‰ozñ£ŽÃlÕ¶Úi9gC€å'ÉÂÂDö˜×(yõ&7±Pp=NS½Ù‘ˆ œÜDÎþ°®ìêg¡L  €˜ÿCªjW"°¦Â¯LL«‹²Pìà]Þñâ¸$~¢‘Rò¸ZlÈ ´1Ù§‹G Jï´ðÄkÉ P׉ìûéüR%ƒóŠ“ÂèŒÑújˆl“9[>»certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PoliciesP1234subsubCAP123P12Cert.crt000066400000000000000000000016631453642760600310240ustar00rootroot000000000000000‚¯0‚— 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UPolicies P1234 subCAP1230 100101083000Z 301231083000Z0W1 0 UUS10U Test Certificates 20111'0%UPolicies P1234 subsubCAP123P120‚"0  *†H†÷ ‚0‚ ‚¢èÝF¶^üm¿Å™t7i’“Å<ßÔgk´Ný|5i=Ƀ#jGYà5p|˜/Žû¸¯.)1¸;dch–Ò¡nWGñUP%B‹ ûì#›:’[‘â[)®&¦øÚ¼B}·JÎ9xÁNùh"”ÿY¥ú'¤øÍÜ6cÃYÍ<íWÌÄÕPÇÁÀvá`g¿©#¬‘®òEý~ÄQµß—™´ø7Ë|>o'¥Ö„êt´yL7Ò—´Œ|í@.ÊÜb­Ä¤¶´V^ŠY¾:Î>$OÌå ÅÉsfÑàÖΩÀ :˜DÒ,Híh2æ(¹Ã¾H'ß(÷—eÿÐ×´<ÍÓ£‹0ˆ0U#0€¹ªP¦4fQhBî)ˆjìÈ|÷0UNô^¡ù0{e¬’À ,Ó´–0Uÿ0Uÿ0ÿ0%U 00  `†He00  `†He00  *†H†÷  ‚¼¼¨ÖÇçöj™ßSªt¥‡fÕ°¿Ð£cÃeš{2ï€r82o‰ 6 Ôè_) 2ÓéÈ™÷šÛJcîO¤ qS7,06² ÇïDÌþ@®Bb„à‹2Mº0ü‘'Iò¦ [ҞűˣèuŽC‰Û}…Ž‰†v&°ifË¿ò‚·Ò× ”Çãi¬h‡Þã üÅ-wÂÐÕ×åÙŒïø(ÓBüD¯Â¦¸¤ µª--$ѵÏ>nèV'²Ñ°ñßêȽQf~ðÞn,®hßÓ(Â~ƒÊék°lVè£,ÙrW_‹íü.0N=/eż5Îß9m2certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PoliciesP123CACert.crt000066400000000000000000000016651453642760600266650ustar00rootroot000000000000000‚±0‚™ $0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0I1 0 UUS10U Test Certificates 201110UPolicies P123 CA0‚"0  *†H†÷ ‚0‚ ‚Ÿ|àÆŠx{>¯°îhô¿$Ù‹af5ÿpâo­ß)ÖÖH˜¿nìè—VŸdù÷Åm‘ˆÎC£ý՚Ÿ˜µ[ 5hCiIFqÉxS D]hŒ3¢ÿ£!~1oc×ßÖ°–h®i!ÈÜ}.¨8o~ÎÞRyiu櫦è@uzæ’™v†c_?‡¡ž\%NÑ× »g{T`×Ñ2”ÒùÕ’q6Ø)pˆÞAD×e«Ö­²È V"Ã}dÃ8Òõž¥/©>nˆ¥ÔBí¯´”eaþ˜ü' âKòGãD¹cEVXÍVi=q‘ýOæÏÕXˇ£§0¤0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UŒ( Ú bî==–¸q“‰êèc0Uÿ0Uÿ0ÿ0 U$0€03U ,0*0  `†He00  `†He00  `†He00  *†H†÷  ‚+Eõ#nx‹9E­ke+ýv3®öNøAz@‹ÔEõX&•šÀâ g7É¥AÄG¶ùÚoSŸ¨“ÁþŒž4;Wã¥nûM¨¡î¶:ëŸâé”jùªºz™0{f-uÂùðñŠÁoÖGKœ#¡g¸¦·`^Í*›G bèhhìøGÉêu‡}WŸ«f®+ë˜ÑÊ¥yñláô»hjÜ9Ö÷þäQ=¬¹¼æ™I®Í¸™c½q>(Θ{†¸Õ6;Mí$ëSCÁÏÃÁ;îë)vô3ünñ>[EhߎÇ‹#æ,­üzá,)¿àIå™PÀ‹‰ certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PoliciesP123subCAP12Cert.crt000066400000000000000000000016431453642760600276560ustar00rootroot000000000000000‚Ÿ0‚‡ 0  *†H†÷  0I1 0 UUS10U Test Certificates 201110UPolicies P123 CA0 100101083000Z 301231083000Z0O1 0 UUS10U Test Certificates 201110UPolicies P123 subCAP120‚"0  *†H†÷ ‚0‚ ‚­D­©Ò;vÀXó"Z‘ö¸'˜õº³9èðž‚Vn4wóLƱÁôF3®|7:ô„R|–À:p({p³)»"y ‡á´-ò‰|B’Zƒ9ƒ¼þúP~Ò%½7 ßoÏ e×@XjºçšP%µÇ éyàÿË„‰–¼êŽÔ 1ãY͵Íû$£CûÕh¶åÌ_~Ìñ’ud+A³ú…ñsâ…ûÞç@É¢Þ¾é¡}õ=pƒÄETúvF[šWÓL/@Åù…ÂútÄ-ˆc¾0¼9ÉR®Ê]{áËl £|0z0U#0€ÎÚýª“@øÀ y­ÁxÎ×'öž0Uä>F·æÈ©ØíÑ3áñ]$Â0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚‰rŠ_ÓÈΖšÌOŧ£ÑDUá ¢J“èQOçu€b,¦>ê­å äõ5Fž;T@¥¡Û¾µte$¨(Ê À@nDÁÚ;Ê’ç’p*ÏT‰ü;R;LëÃwZªë/GJ¥>#·ƒmpáê´à›åê Ó¡š/alýmÛÉ!y²žŒÓÞY€qm÷W"°´ß‰îº4ð×|˜ÒHr|y€ä •zaa  ´w*Uc[ýG ­öJœv~;§ßÞ“EX0 ÆÅ6$Ú{÷6Š¬¶ù»–½YþÒÛ…9Õ’€3¢›V¸ýX–Å».à]ß?_Žâ¦cü(X# '`certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PoliciesP123subsubCAP12P2Cert.crt000066400000000000000000000016361453642760600305740ustar00rootroot000000000000000‚š0‚‚ 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UPolicies P123 subCAP120 100101083000Z 301231083000Z0T1 0 UUS10U Test Certificates 20111$0"UPolicies P123 subsubCAP12P20‚"0  *†H†÷ ‚0‚ ‚®Ùr4§¯ô_ï+Lÿ2º‰*1BÙðÉ7«1…yhÁ1³%-~Wé£6¸Þ}±+œ>•ž{ç$u6A3 ûa‡ ÃE¶`ü‚uÙK1›ªõIzG²:ð5×í?y82y§¾Œ'tõne‹­™ÿAú–¦l[–P ½È)$_¼ä+*m±ÖßgŠàb Plk†mo¨Ì•éÐ`¬Ä¿šøDŠ›s&êeˆÕ]TSÑ@jHÃÒ£yÊcÒTÑóÑúmàThΑվáÁ î/;fYW+=vc<-ú­É27;sv §ž¨BÌÚ óªÉÎÒc'8YˆÎ\(E£|0z0U#0€ÎÚýª“@øÀ y­ÁxÎ×'öž0Uéü¶^VNÑ2ýˆ`køi0Uÿ0Uÿ0ÿ0U 00  `†He00  *†H†÷  ‚MœˆIÕ¥º Ø„>+3'ƒ°h×¾h•J þîrÄ]sƒ¿ÍÐè/V™q–(ŽÔ?ì¼ G¸VüâÕ†å¢(ÒÖpŠ¾ÝÉ¢_/ rH¶ß~ÒYX¯¥ÊA‰ýlÐNM9¤tN=0ºÐ%Ó›R¡’ðÙ¬l.%-ÐwØ*Î'´ Ü$.Âm3Ìü5i–¼çX¹^°•(›Ìï}Òn%<°ˆ©Ø¶ü³/NbÝÌ»ˆüü`‰ôàŸ)Vç·sãgš1òHôÍ ¾ä2MªcéÙOúœ™!=ø°ÜåÃCêN¼qÆéAXÃß]Æû£DC‘мüÓÂBp MøCîEcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PoliciesP123subsubsubCAP12P2P1Cert.crt000066400000000000000000000016501453642760600315030ustar00rootroot000000000000000‚¤0‚Œ 0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UPolicies P123 subsubCAP12P20 100101083000Z 301231083000Z0Y1 0 UUS10U Test Certificates 20111)0'U Policies P123 subsubsubCAP12P2P10‚"0  *†H†÷ ‚0‚ ‚£Õü Úáö9±„E›o2÷e;²¢=÷–—‹™~u›H–^nH]N”oó}p¦`[ù鞦Ó_ˆ«EÒ‹n£Ãv} @‡ µ†œžøïùÁnJVÉÍùÉ}ï«4#îËKܘ@>‘šç®Ã!Ë”¬ŠÌ=ÚÆô{õ¨ªµE쓤xwCÅC^ǹ’˜t¾wQõd[<>ÿCòØ­gëIUƒ£%~ïwú;.ÀXÅH‘ßku±H’ìR×Þ¿V«rpÏŠa_c?MÝÔ”&Ф¿±að»’s­ÁTTpY…Ýóûæʼ) g|ëžÑF¿{ˆ)Õ«Ùg8™ŠCså‘£|0z0U#0€éü¶^VNÑ2ýˆ`køi0U‰ „û¬» ×Þ^^žhö9P@ˆ0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚s?¨î„Xìü;‚¢üðå2¿\Ù”µ``á÷š¨ê¤ý+’U»™¤…›Â(Mºm¦êôä>[¦3eÝ¡p“€A:ȱìÛA,ÞÆ$úÅ©vä ,Ðé „ìñs‚ô5¿ îLM”ÒÐrƒP¬N`=[4¹æf[ÞœlÖÖ äCN,‹ó \Ô‘{€¢EMëzHR§Vè)lô©Ç±„›]Mn=.òg_Ç&W:ëò†>ð÷/§Ïú˜å“õ–÷ÚCÈ×­¢¬/mßî!?ƒõc¯² ƒ­âçàØöÁІG%jûçã/rwvþœq›¢¥§˜8ö7Þ^Ó¿;Ù ¶Ê¥>Ncertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PoliciesP12CACert.crt000066400000000000000000000016461453642760600266010ustar00rootroot000000000000000‚¢0‚Š %0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0H1 0 UUS10U Test Certificates 201110UPolicies P12 CA0‚"0  *†H†÷ ‚0‚ ‚ÔmÈJ¾®_…„ïRN$ÝŽˆ0Ö7ghïF×FÒDÏ¡ÊÛÙšm C¾·:먞¯¿ç#'Ì6I|é²Ny—åW’Z6L_cv„ZïqLÍW! O¢YP‰dÜV—×lF\ºFw0˜WÑ«‘Õ§xâçØ-/´ =§ Nÿ­(ÔžhÝ3|>ý©OÔ…™¾R#–‹i¸Z?Â-]"tòMbËÁÎ,y}Ø`Ž7èÐîlž¶0²äãÒ‹ö¶µŠù…ªO±‚•8÷‡–Ç@(?;GEr¯P!4Âfn“æ €š @Þ:ý^÷\Þéñ¼‚‹ƒç8Çu£™0–0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UØ_5âšÁ7*&΃Ìsp*:â10Uÿ0Uÿ0ÿ0 U$0€0%U 00  `†He00  `†He00  *†H†÷  ‚’jXèjsòÛWq„Õ’q´~GYàÄ#=…›íŠ3ÔX:à¸û¦ð¢øª2$V >d8èj)ÞꨰöKy÷9³9ß " ~b5žFÌØJ¿#ˆ eƒâ|ǘˆt0¸Î7Ñùhâ‘=Šdv¾¬³ª¾`óìl }ZÝzÄTÞõ×­Z<éúÁS$—ÏÍ/±´¼ê¤\MuZÙŸíäù1º'‚þWþ`ªzE£Ü-ã—4ã€Ä6ãç±…‰)ù—<öýå¯7Ø´¾.šãl b/Š»¡úN©¸x¸ÈÉW ÜÀP˜QhtÕƒ@§-äx³#)I‡Syüêcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PoliciesP12subCAP1Cert.crt000066400000000000000000000016201453642760600275040ustar00rootroot000000000000000‚Œ0‚t 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UPolicies P12 CA0 100101083000Z 301231083000Z0M1 0 UUS10U Test Certificates 201110UPolicies P12 subCAP10‚"0  *†H†÷ ‚0‚ ‚ÃŽ6}ÔSƒ¢oøIB ZŠµä»¡èÙI  ‘ÛñÀ‹ˣɜ[ÕJ2¼ ÚËÚúêŽN àX;EÒDš:õ/8Œ]˜×ó< ÖýÀˆRÚÇN?œç‚ÌY %‚ ’X˜e–T‹ìÿ!_̶'1—¡¯ÔbÇ«Vïpx¼7h?»9õ,u˜­m¤>EÍlùÓ%Ó¿¬7Œ‹ûbàº{!`¨X-[Ø,@8 ©è€K}àNÍ'ŽÇYê‰hšn*)y˹¥÷ü@žb'…u0\§®¡íó›HËÖó¾ 7L÷T{nóà—õ;éÝ0\V‚ýë²J¹;îTÊŒ©†8p|•£|0z0U#0€Ø_5âšÁ7*&΃Ìsp*:â10U"ž×¸HÎ :]¾ÖMX#VËÖ0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚Pb\ËÚz'G>ùÃÙg€ÃÑ’ "šþ2ã–¥•aÖ/ëQ'ØÞ!Œn›‡W3ùhl™CÜ»M| äÂÒ•ßûÆ”Fü¡‰åQƒ‡ù'Ç'€Rr‰~o®v pc>'°Šl *¹âË¢,$ÔˆTέÁ±ÁÅ)¬y¹ÜÕnïø‚ŒÊ}þKPrÝUf<_!­ÍäáÄvB¸Q†ŒrPŸÖ¶ë•,·WTVÐ!Ÿ$ÁI;À²xó5¹‡¹Øôü8€¹sà-î½IÜ¡› ¬>U=è _T?ž]ó›»¼œ™¥±¾nb‚Jj x·éF>¡®Î”¬ËŸ.É4h4dž]certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PoliciesP12subsubCAP1P2Cert.crt000066400000000000000000000016321453642760600304230ustar00rootroot000000000000000‚–0‚~ 0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UPolicies P12 subCAP10 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 UPolicies P12 subsubCAP1P20‚"0  *†H†÷ ‚0‚ ‚·ӽ߿Ç9%Ýr0ðÃJM­ úëôЙšgraEÛ©¡ß mŠÄÅžnææÃ=*¥ÙÌOÐÍ÷¯ïÍ=jR ¿uÜR2ƃY©¤ï’d±`™®ø@«ý¿ðüUûÇ™3%M>YÉg/rU6l暤§DÿĤšÓcÑó=éuʦjk¦à³–¾Ý$nµÅ+gÅDZ~rfovˆ –ùÌ”øY~aC+ÛŠeá†eóäLI£\F°/!b<X z2—ôQ«Àõë L—,y÷¬ÉÛ›ñ¾ •ÕƒQ‚™I‡ñœyÀ¶xÝ%Ô>ÁC™6¹NÂÉ£|0z0U#0€"ž×¸HÎ :]¾ÖMX#VËÖ0UÇ¥7§Ðú$å|ßÛò]iÛîÊö™î0Uÿ0Uÿ0ÿ0U 00  `†He00  *†H†÷  ‚K¿Kš³ZB£DKžØXéÔåfµÏTÕ8DA¹þUX.&;¥1šuj‚: ’‰Ï*MÉ>¤ dè×7ÚÃ[&cLÛ‰WLsBQÖWé÷­"ö‚ýOböp©R´ÓçØà±õrÔ¥DŠ¬‘Qü; 3´.駼!;ö«6>)¸‘OûCø©ÒØY"øP’¦_¸4xtËEÐAJ³«ÿVˆ­’Yñ—¾t}ãKÌøûfÈ37P7À2VÔ©ZÙÙÓ•Sšv ñcÇœ÷[+ñ¼â<ÀyÖÔªgy·lß Ë[kðŸ÷·ù¥,Ù aCv"m«÷?ä:certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PoliciesP2subCA2Cert.crt000066400000000000000000000016261453642760600273120ustar00rootroot000000000000000‚’0‚z 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 100101083000Z 301231083000Z0K1 0 UUS10U Test Certificates 201110UPolicies P2 subCA20‚"0  *†H†÷ ‚0‚ ‚ÀÕ|ôa\Ý|Ñ9ˆ|`Â%¬/¿°6ù?òÜIãì‡kac§3²íñ~G†BT€ƒÖðGîúõeyIØ,æ ÄÏm/v¡^<¿¬Í&:æTþ“Msµ¾2õ,KåÚpÎ>t»ªUí›Í‚^Ž¿b±QÀsÏ& —GÙÆœQ’àNYŠ„MX#^/ÚSŽ’uV ),YÊÙRq^iøØ"†¹Â‘™k _ovI|“l¢Â¯¡z9<Û5þ¨ë…P÷ë&3IJØ­hk·zß#I³sTJ‹"ÑUͼ!/Íw24ªïö`Pó4ç݇ÐÙ¥îÉÌl~O£‹0ˆ0U#0€X„$¼+R”J=¥rQõ¯:É0U,ê¸w=e¥¿3ÌzÒ˜ü¾0Uÿ0Uÿ0ÿ0U 00  `†He00 U$0€0  *†H†÷  ‚B‹š¤º¦sù[¾RŸ\ÃOˆ~0À$À?¬7/ ý2:h¡3sÕ½Õ8à(ùê~Ac;ˆýl¤l°(•Íàî?}Ô€o£—\ÙeU~½BñÍì\2òApx:duÐâ_3¿myôHsÞݯªšÐn–Ñ'¬:ˆt©xrO(8¨ˆL6c‘²ê#v暸S’Æõ5Å&”K ÆûR³"‡¯C¹o!5wøÇây®yú .Y6¸®Ï®;€¡0‡»;u@®êDæMùÑtŒ¥½Ñs^¯ìç½ .4DIЩõ5p©ÉM3·5‹O§‘&ºýMï>¼ú:³certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PoliciesP2subCACert.crt000066400000000000000000000016051453642760600272250ustar00rootroot000000000000000‚0‚i 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 100101083000Z 301231083000Z0J1 0 UUS10U Test Certificates 201110UPolicies P2 subCA0‚"0  *†H†÷ ‚0‚ ‚ãX¥Ñç~I(½¡y l<6“+qñJql†Õz­Pi –ë°q†î“’ðJ]«óãÄ,ê/·µ<ΓJFM{Ûg õû3 En¤mëÓ¯grË‹>ÔÆûSAÃÇaÐk:k‰¿ãGÔ"{îÅö×—p !:>åœzæªÜGa– m$ªŠÛ€H9rA^*‡¾s yÇË8W-bèÉÅ h\LÙÅHˆè ©^@ælX«Ä8ñ´ÚA0dSíTju+ˆ·t©ÊÞäþf[ÅSoFžtßUу"±¹xTDhö`%¾g!šÉèÌ’˜•13ˆˆÂ§<àE’M#îM…JÑx9£|0z0U#0€X„$¼+R”J=¥rQõ¯:É0U^<„sž0prq˜®6Û"|¯0Uÿ0Uÿ0ÿ0U 00  `†He00  *†H†÷  ‚tkM ±å ² ½|KŒÃ¹">äY2ü=Ù ™ÿ6kVV ~3ªå×tj=éôª'./+á@%döáͳxÓJ„7KØr¨*ß9¬GŒùš„î81ŽfQµÜü%•årçß»¶%ŠÍfž®lÞ€èÌÆ®éY"XÝ·¥D9êç¬qܯ&l5àˆe—üÅƢ✭|9“Ư~.S§Þvùš*Õe‡>$;€ˆÉ¨òßòy…‹Ôy•“ ÄÀr{ô…Ù/,##¿ðp®}.ƒQm„YP|˜Øè}— ”Œ<Œ[¤uÌCÉ<&èz÷õÖÑlËÄ%ï»ÚL 0õ certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/PoliciesP3CACert.crt000066400000000000000000000016271453642760600265200ustar00rootroot000000000000000‚“0‚{ '0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0G1 0 UUS10U Test Certificates 201110UPolicies P3 CA0‚"0  *†H†÷ ‚0‚ ‚àtÙڬХ…“Ïf:ü†þàêÉÎî!ÏÛ–ÐÃÒ´ƒw6cW ÙÊ.¾´ðJ¼ƒ#Úö½›Ñ2ç±å 4’'¤‚™j$(±Ne^SÇÀÃóìÒq.;á…û U^‰aã°Oؾà>êCBceù™ ¬I"¥Š¥oÔÔ.7C!Ù;ÉÜBé¤)e©î€ÒY.7ù&™íŽ}],P/“O:sûtÙõžÁsËŠN§4Ÿ1‚¶Ò±ÊÑQ­É1ÜÜâhæ«dŽ¿•ëŸ®#G79{×ïŽSÁ-ìPE<6ÀÌ]<µ‰ÙÅW<àeƒ[í8E*`>ˆ}ô‰óóÓLÓ“ƒ£‹0ˆ0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UØ«, ‹Ã’ÜÆ­j?¿óƘåÜý0Uÿ0Uÿ0ÿ0 U$0€0U 00  `†He00  *†H†÷  ‚]p¼C3À¼, )í×ZZìÙx#^CÌGzë[Va«Ùš48)Û¼dZ—É‹‹aÖ…'•~˳…^+çÄþŸdÆrÐ"a-˜h mNï.°Î0áQžä<Ø()6“öÓ&tÉÁ¾ÇÚaý8Ä¿ÙÔD;çÍÒ½‹›$Ùó;Ô?&WŒ«X >¸ú2ƒÞïŒ9%ã#V˧úWé9 4ªÊŒÊuVë@™IÒ w3õµYÌŸE¬–ìnÍË1ŸÙÎïøq°ï…²ž+•›1ª\øtºƒÔ[—¿]†PJ½@lCÆYƒ`ÿA°×Oe`©ãF_”'ÐÇ“ï€certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/RFC3280MandatoryAttributeTypesCACert.crt000066400000000000000000000017241453642760600322630ustar00rootroot000000000000000‚Ð0‚¸ `0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0“1 0 UUS10U Test Certificates 201110 ’&‰“ò,dgov1 0 ’&‰“ò,dtestcertificates10UMaryland1 0 U3451 0 U.CA0‚"0  *†H†÷ ‚0‚ ‚Ô41%0aÇüïá€,§W.Ùš‚Lª‚@_«Eô.Øns_2|¬²—¡ü‰ÙÚTH±`åì$„a>šQÍ·Lpþ‡¢öƒÌJ´vÓæMøzš'›8ÍÅ6r#š˜”ãÖ¢Lê¨"}Ü®ó"‹ýÁan%Òa ?ÞwQjz%®½ðÊɬO´mÛa­ «˜Œ¹§_ ëwr<¶ŒÞ®«6@̬[DZwá:(Ŧ­½Ÿ@ªa½©œý6©M“Ý*ÑŽÀó²ëÒi¶"ÇÏæê“)žw)]2êV‰²4;±|…3G̶ ®¿S „NÌ7²Äv‘lá/1~I £|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UðQbïÎAÇ·°gtk¼2 3™ë0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚'eY?vZ° ÏÚPhÈIïÿ8†ï Ý6²¿ œØ/»ÐÞÕ«uV H{‰Ãr‰ðŒûˆëRbfþ¤Kpl##V­. F`ÕM’/ß~1ž¦CÈV¿c®]QØTÕ 0(E4ÙU£gIDŒp-R[Ó ed 9<³>*²°&»‚— l©.§ßq.Ä^~ߥyKâ3<Cûÿ°5-°rê¿ÒþÄ´lJÈ¥+5¢UûäPråáRz*§×$pÝ–XçÈ‹¯#æ¢òÊIoÊz9c¤êˆÑJßÓg“`P¹®ESt ï Rjfd¶ÅL0ì͇á"?Š¢eƒÃ£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U›no?Š§ô経1[ΙK‘||½0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚úˆ0Âù¥Ku—¼ÿ‘*»e3iXö?ËÏÿ6³’¬œ‘hx·8#½Þm툞Iø-“½ cÉðG´.”‡:JmâÍWO.ø•àæò "ÕÕŠø>…:⢄…˜}8¢ö…RˆÔÁÚ¥REIfSȺÈd’̬‡èÇ1ÇGq"¼s>Z¼÷&ÿ,ßìëwUMðÑŸüÂÖx#RöÚAÍW’¥ê{‘DÈ,ö y"j#µؒjx 9(?üXSKËP>¶ÕqÓñ®2Œ¨üuö=y}—S}ruù>Ÿiq÷Ò´PZæå<»møK‚2¨h…*8‹P2óAÚW£certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/RevokedsubCACert.crt000066400000000000000000000016011453642760600266470ustar00rootroot000000000000000‚}0‚e 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 100101083000Z 301231083000Z0F1 0 UUS10U Test Certificates 201110U Revoked subCA0‚"0  *†H†÷ ‚0‚ ‚¥¥¢ ¬Ä½ Tõ|Ù)b^Y¹­4=è¼ùÁŽ°Æ®!æì íe*ܶcð ¹Xo„o^É$Ñr†·¹óÓö3Š|ÇjRPÍÕ‚F¹n7êH“‘gLîL±]) 0žÎêëTbó½ÿ_uÓHûÅwØKkÒ[é ÐbìÑêˆÿQn°üPprôvÂÐäç²âÑ,xx^¨y°¤wp(äB•hj©g–Eü~F^gJãR!J»iÍÍdùLË ÎÖ£úÈÜÒþH¯Dqsí¹ _’¯1„éÆ€¡—ŸðI‰_ ÃWò¡DCá”[Þž™’wƒmA5Î(ù£|0z0U#0€X„$¼+R”J=¥rQõ¯:É0U–o’™ évt»_ÔøûÙÏ ï0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚‡u" þ½nÈ›žC²³¡j>c[æêÇûÒôœ§EØú#sD©PNãùÅ6H¯Â-mN}²†“ľ©}uc½ œ ¶¶Å;?Ô?–ãƒf4ˆ–ˆÐ_L\Á 4pnO^÷,n‡Pp¢ç©×œ>~ÉEAQî“zée.£¸< RÏÀQ8wûÂz[ã0æõ[ž2þõ?ÀÔ&¶‡­—¨«9ÕD®õÅæG˜Ñˆk\=‚í“ ù¬aV6€á€Œ}3,x,¸ë|© p¤ÇSN‘ü"½¤è(6ÝY{< 4FŒÿ¶ ¶.åkžíPVi͈Z¤µÉ|RolloverfromPrintableStringtoUTF8StringCACert.crt000066400000000000000000000016471453642760600344120ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚£0‚‹ c0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Rollover from PrintableString to UTF8String CA0‚"0  *†H†÷ ‚0‚ ‚¸Aéûç$óÉLi˹!’¹Ô–=‡MŸb-¶¾’ äÚPÃ00²c)ú¦n/K;J -?ú,ƒLá»P†zÉ›;ÝnÑþ>ßOÔM0ÐôLœ èAºFxHÊYMþ(XЌƽA„ ƒWÊ6')0N×±«°È&ͶO0 Òè?­ P,ð6ÍnÔüóflX|;Õf7‘¤[:ÄTÃ"¨@-ôÿÙ˜ÕcLjæt3œò¾!ÅÁËXg|éÙ×f(«¯F +-Ò̪¡ “L­šîd.Ù•DÚvTˆ{ÇŸ¡“Tœá *„D¯£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UµmO(?Ç»±˜¤©¥Ð¨[^Jt³ç0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚B)0ˆŽyLÖÍyDLaK»2Ö¤qPN8åd¥NãV¾A)£¨[šÞ‰G‘{wmöaÊkoë­2ÍÞ8!y˜¿Äú~ÂÖ<åÄäåR±ëVÿ‚Ð pãv–Ãjý›S‡/ÇŠÀµ¡ Ú´ ~Ħ|à0™SümfJŠ h6™<µÚßÒ¨Y[·ÜLQ\rnN–ŸàA/¨X3¹ö–VTÚH`&Œ¹[«ZJ#Tf†þ¥oj̆˜¿Ð*yƒƒMØ`¦tíÚOzØ€›élêoÔÃ@nDkXvË}BáF˜å>©üfÁ4õ°ˆ€Y¤Í5š9l9ªcSeparateCertificateandCRLKeysCA2CRLSigningCert.crt000066400000000000000000000016151453642760600342150ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚‰0‚q h0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%Separate Certificate and CRL Keys CA20‚"0  *†H†÷ ‚0‚ ‚Ö˜},WMì”›Ìu†Ö‹fŽ^‡ vŽc>«p;Qšöðž›Þ/‹sDl=ªš(FQˆ´Ž}¹=À{Ö˜Pr,,ìêÒöñšÎ©˜VÛýÏë=ûýÁ×iüÌt ò’¬‡ß¯¦øØÑxùâ '¹IªJ{½µ–ðSÂOÁ¸kåÞÆ’‘"ÇåH©k=gú–¿_òCôÓ{;±L9"ÐG¹}Q=ü5}™š uSÆ7jíe½F;dŽH³»GÓ=xáƒ6: Òí1QXN¯*ÈJÔYv‘cbŠ¸â ¸™âQÙ®n†¼ù¦Ëa¨¢Gý<£k0i0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U„=„ª|w_1ÝÍ`ó——Ù±0U 00  `†He00Uÿ0  *†H†÷  ‚„›ii˱™Á÷–ª¤u‚°R‰;‘ ²£1ÕÏÑŠSüÖù·ö$å3ô¡ô²3Œ7pþÃ"gÒ„J…˦Oo £fGtòÕWäqoÌ#½guÍ®¨Fï½59 7^CKûhbܬϬO­è¶ùõÉÆyÍÌ×åP×Yf¤¸õwC•ò'¢…\o«êÇðÝšÿâWWðê8#Æ–?w Þ‚æ  ñQ‡r›À‰ŸAÜÎlåhjÂMÕ[´Î>@QÞ&º°>ü½oò,Òá^°0âOñÜ:Ì’ᥭòhá0e¢Uq+]wpeHSöDƃÖíÖ©ÈSeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt000066400000000000000000000016361453642760600362260ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚š0‚‚ g0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%Separate Certificate and CRL Keys CA20‚"0  *†H†÷ ‚0‚ ‚ÅbÆõkìÖÉœPµf¥?šµ l3^¼1šf{‹ÌŒ˜©Ëyi,¦!êœ3–Ñ¡ßÃkF‡í_#M(E[2Õ{{¶=y¶ðOãòp7½±¾ÿ5rY€~7;¤ó‡ZÑ i£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U8£8ŽNEö¢â@g›tà0U 00  `†He00Uÿ0ÿ0Uÿ0  *†H†÷  ‚@KçÈÑŸ0Ì’Å  ´Nl*;}9¶å•%AD`áR†,jJ Y]2P”^:Ã*û¿Oñ¾œäó¶b0ѬÀÏæ ÈÐ3Ü€ÒúÆ-»âw®U vwW¤™17B±|ùÉ8Õb#† ³ù¸–Ycúg††AZƒáyRfêg|†ún‰ÁVN0f_ÍQyQòšõ¹ÄŸÈ´B#èÆß—ŸêÁ@½H¦JLEí:1r˜ÚÎ, Þ(®”®ÓþG7¿× 8Ùu,{%À_m´£³E§z·«¢ôÆ£(XGOÌåyËjÀ l‚9Lù& Qÿo…»tn|L certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/SeparateCertificateandCRLKeysCRLSigningCert.crt000066400000000000000000000016151453642760600340060ustar00rootroot000000000000000‚‰0‚q f0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%Separate Certificate and CRL Keys CA10‚"0  *†H†÷ ‚0‚ ‚­ÜHs£y0fâV¹6æ™°«nÿºÁfô?àGT'»³¬IÜONůÆ[!§ˆù,<6™È"àeQwtÓ"õÒ+›˜›‰rÜ?id¡T÷p2P–þø EÚó>ùÜ{Æ—Äíçòmñm~¿æ^躦dûGP ]ÊSv‹› †] -i`(E¿Âܧ}#wŒª€×&þž lIhã\@u˱Ái·"hÚ@pÔ«}ÈAt&:BËx¡Æä†/Spl˜?E*;4¢{·ÈUÏtütawí‰Àb9ØJMÃG˜¶U—;ç/;Œn¾‰öÆ*ÐVþ%צäeū˶/a£k0i0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UrŠC [==ÄUáƒÆŸßÊê÷^0U 00  `†He00Uÿ0  *†H†÷  ‚!ôÁâuã-Ü4FzHÀö.]»b·Õ0í(Õi=VÂfLñÐþP7šj!» ùŠRÃÿM†i=L@/­þÆ'~ =³ˆåÏ…åߤ¢æK;›q¶w~@¥/âiå‡X_ Ž±ÓˆÄY£ 6Ð0—‡;»ÆXó¥(§ õ)Ñ[”“ªrè‚íZJS{àÕ•2Ÿ/‘ÉvÍ4îs¶êÿpËk³%[lêÜ{ bØ’ ¶e§žyŠÆ´w[¥MuþVùÁ-çcê*½íßÓÙú4ÅpV[„ª|0;}Ú;xï¯ò)T9²©ZÛázA›…¬^h Ô©EÉ|³ërjYÿ>ã7lSeparateCertificateandCRLKeysCertificateSigningCACert.crt000066400000000000000000000016361453642760600357400ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚š0‚‚ e0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%Separate Certificate and CRL Keys CA10‚"0  *†H†÷ ‚0‚ ‚Ð ;KÓÌ2ÚPê+½Ù­ûâ}]KÌ %9Ap($z˜]¸¬¸-N”JKrÕ¨Ð0•¨f Ö¯ì8UçÍJKýä· 8 =òýäB~iû¸¬‚û’ÏÜ/jaR³P!^RÞyWÚ=Û÷ÇáܾòV½‹²wÜs^ˆ“ñOÈvá5f3äË3ÑÌ:3Uhò‘¯±C«u”6tTóc-åó n-A·í0`ûo?Ùô‡­&»˜sÁfõ¥¦ô#Zˆv$kV¡2¯‰Só> ÍP"|Ë‚4Òi(³êz´D=€  Ë€YË:¦>+<Í_BËõ ã@Øí£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UðeÚ?ZÞÕ¶H™;×L¤0U 00  `†He00Uÿ0ÿ0Uÿ0  *†H†÷  ‚FJ‘BJV¤Ô±Ïõêi;Æ¡&öT…=Ÿ6ø¢8YΑè(¢âC¯á^Ü@ÏŽËŠ!Y%cæÓÍîØï:am&‚Ì$ˆ©öÒ|³["Š4Æ`[è:žBPþ,ôJ7X'ÿ9g+b¡ )@›‘˜Õâ,ö_«V¥àðÄÄ+ùºø+nÂ"&\$© Ëï ¬õ at†+b­º‰ª~aAVj®|(væ#|¨þ¡œÌÁër+וÌs")ÓYMÝÁLž òL}{£´4µôÈøÜ%m¹>}söÜvÔ`uÊàrƒÆT *ÄÇQ•Ô¼òO2T/q ’certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/TrustAnchorRootCertificate.crt000066400000000000000000000015131453642760600310010ustar00rootroot000000000000000‚G0‚/ 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0E1 0 UUS10U Test Certificates 201110U Trust Anchor0‚"0  *†H†÷ ‚0‚ ‚¹™Q‰GàÍE¹„'‚ÍD9ª¬Û ÃÞâ,NÛ¤WŸ”5(5Âkdö[ mÿ'ãŠ#cΚéÅ \¨†XŒ”•µÉÔ€Ö±^¸e¾:ÏX âÔåH°M«Ö.>‹ºŠñƵøØm\1rêŸZc&ÛN<œ.Ï¡£WösÁk*Z£°Æáá²!è ³VÚjZQþYÍ")«ïþÝÉá¹ðã¿2æX>s !³ øŸ‡A35 î „Ñ{fÒ®)&uyÌóµpý5IPl7/:K –³Ïra•Ÿý¥|Åcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/TwoCRLsCACert.crt000066400000000000000000000016041453642760600260360ustar00rootroot000000000000000‚€0‚h  0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0D1 0 UUS10U Test Certificates 201110U Two CRLs CA0‚"0  *†H†÷ ‚0‚ ‚½UpÞb ¼oH ÍŒiZBŒÒÍêôÒÐÅ÷æF¸]Cˆ¸ÉËw4Ï¢^\IÞ¿âÉŽ1r™h P"¡Ï®hZßjÜ ð0â _ÎP§ C¿`FŒo‡CË"|8âÄn ÚnÜ}ü_Âèzس·Æéyö*^ +”÷}1×7F¡¸öe5w'΀C†m¯oaöµþ8ëç0®háb#yˆ5"Ÿ!mÕ7¼‘v3{zlèlg›Í’ôW3\K#¬ÿF’v¦¬Ú7ב›&ƒ»[¿Ñºþm)ô5Ýžµ¨çjvãBnÉ mTøä"„Ï&æ¾YÊ£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U¡Ö™€ãmýçîwK_ñIÙÆ”ZPgùæ䕱ž¨]…&ÐC͆‚ë‹n9°W©ÖxkÁ~Òl´­í]žÝ¨¢`z‚¶«mÔ^cG8¯hz#@å O˜Zg/ZõÐiÄúŸë×K$ji° ÜV¨“€ð6a¨>&þx4ã(~¨Ð¾éâ—ŒÒ_ÚqQä,ÛÇ™”àŽ¼ý!þ8Àt…›#‚˜˜*ÛñRnÛ–IRթʪ±Çj¤al‰|0vcˆ¯•ü©<óóMmn5Ïr\5ͬ¥certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/UTF8StringEncodedNamesCACert.crt000066400000000000000000000016061453642760600307260ustar00rootroot000000000000000‚‚0‚j b0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0F1 0 UUS10U Test Certificates 201110U UTF8String CA0‚"0  *†H†÷ ‚0‚ ‚éÇhpØfÇÿ&^>ÜšDÌš°ãõµÓGPd͈ý÷yûZ÷@…±› }‘vÐ'ŽT‰ªL¨á†B—|Ä\å3£-þ+q 1ÿ#b¦¹7ìÈ`q!Yí0eŸ3åå«/"e‰8Çfrs—ZîÌì:{ºÞ£uæ@ Eþj-42VïªI¬ä _HJ¸Õ(ûQm©º¦xÑö×ÛLòÁlL‡—ݵŽ(œ•ð‹Í,ÈÙÜ+ÖªÑ.z>– Çc¤ï¾î߆¡IÇ÷¨y`±5þ½D ˆGG’/Ú'Å0Š½—fu=|N6.ÉêÿÌ°RÆR­£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U;g[Dò §H}s)Œ“ŸÕ$ã`&0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚þKÒ¥ö‡¸†:èúH9ä«2†¢©ZªÉIíþèQÔÁR†Ç¨q“_-P`‘âºüšK>Ÿ‚Ü| ­zþÞý–Oåú_Ô%%mѦ¢Â!ÁŸk‰4-ÒË †«·c7Égþìã¬V«Á,ee!ð¢‰'`Ê$ÄÊஂè2F°Ë˜H̲( ÅkIt!êþT±.{Þ×~–¸b¾OÑ z2¼ÅH‚žã%@0×–#µúnÐÒtE›.äÛµ×lCÌ.eGÜ£—œ_-~XõQ Ï]C û×­È”(éËNýo\?t:”ÒõŒ§_ ¸T*‘D„ˆ¶u’l²/­3ƒæ+Ucertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/UnknownCRLEntryExtensionCACert.crt000066400000000000000000000016271453642760600314650ustar00rootroot000000000000000‚“0‚{  0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0W1 0 UUS10U Test Certificates 20111'0%UUnknown CRL Entry Extension CA0‚"0  *†H†÷ ‚0‚ ‚š¶MXÆ!÷‚Е\èÆp ‚q Tn ô 86¿45ÞWMªƒ.0´§†÷³¸§/Í-Ü>¶Ø‘×fõA¬66™ßs’ EÓ<¢c͵¿Ÿ7Û$¨˜½SòA ì\¶íÅž¨¶Æa{+¦¯Àlvq°ý Ý.ù!`dP­ôÉ'ûáþ¸åìˆyâC²çî”Êpia€°ÌÄbNI¿[¢~Š|nÏǃ”Ø‚Nîõ¨Þ"+`Op¡ãª¼<%Ú“æ¥éw±)ÜŸbM¤RÝ\Û¨o¿]"[gáF,z¼œÂý.Ev °Zlp§£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U¦Ë¡-M(/"óÒL7ÏÿL0Íê0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ŸåU¯.¼ìH¬’³——}ðÖ°SÛòT•&gÂÎ!F]Ó~·RÈÝ ýðU«4¹ó×K‚íaì”ZNåCãÝ¢F“Àjöß·óó泧M¢‰&nù]{Bhƒ°©Í-Z½;"¸ê|ÌæhׄP=IÔ{T¥5;ëýŒ0Nò+ʲ#R7âÐwî-I8B·qO”5vƒ#?._ªÕÿ[®¿…¡ãÜk¾ã÷±Îºë†—ÄÖš:˜ÃÄ£Ð-#†œ¨­vº¶K¤8L&¬´^–Ú ;-áÌ £§f°ý\:7³3V»pÕ^¿ˆï¢m?^F)a38certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/UnknownCRLExtensionCACert.crt000066400000000000000000000016211453642760600304350ustar00rootroot000000000000000‚0‚u  0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0Q1 0 UUS10U Test Certificates 20111!0UUnknown CRL Extension CA0‚"0  *†H†÷ ‚0‚ ‚ÝþniS±€U’ñÕ\Ð>H }ój‹Œ†@½®Ðù\m»icyJ]Õ‘|ÜÔÀ™ê‰)ë¼’¢r˜£l´­â¸vUYkÀ1Ø’þDv™*&Ÿ/ˆÐÛ=P9*%Bp+ЉONõYûoÙYí:éѬäS@јä½aPL[ØoÙ‹RH“ûDÈm±]xÇrKš†XÛ–%6§[¤.æ›4Dj~ò»ù¦f•»c™õ ¢ä‡0›Gêyèµ,£ƒÔD–bæ*ÌÜÿÒ$põTp‰+óšÕrä“];.‰ƒ„1zb«Xj‘Ί¬èålÓ° éᶦ¥ º¸ÿˆýC‚¶âU£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UýÿþMÛ Å¢Ø‚Vë°Ùaã10Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚8ÆD©éJÕ²Ùª67Ÿâ¾ßóKqBeY¢Œ‚WdÁ¯PÚéå'O—×ÿ#D™"k3ŒìXê»Pžc)Ÿ¬ýëÌxØ©´%¹ëOÝŒD@«_µäœMÞ„ê›mgß›•)EB¢÷D”_—ËCoL—ÙSSH8uù³jãËÄV&¶ Nùâ A?M‚Žà¶ i®âäÓ6vÚÕ†ñ±žòø^ˆŠx>N|Ik-ì” Š¤—˜è)—Ž”g–»8{ÆYéÅURæ‡çÐøâ Þ7¤’Çè¡°WÇÍéF~¸õ´i…¡å_Q@ìbøN+Œ›ª[ücertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/UserNoticeQualifierTest15EE.crt000066400000000000000000000020021453642760600306520ustar00rootroot000000000000000‚þ0‚æ (0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0d1 0 UUS10U Test Certificates 20111402U+User Notice Qualifier EE Certificate Test150‚"0  *†H†÷ ‚0‚ ‚¤KÉÑü K3­Á<€sñÈdµ­ ÄM—ƒød‘|÷vìû%WJ»KcI!¿F'ÒÖS¾}¸yŒÁ¥aeµ·@ÉÝÚ“ê¼&‹Æi ´¹Ïô çnìésÇUc-b®+Ðôe2Gýt§¹Ù&Ä-”SØoF:v)£^·Øåšíò‘OÚ¿U  ³¨'ÿü…taÜÖž#§?Þ/ÙäÃÛ«x"™ùìûÇT-8ðßÉ+è³Ð§_eÅcë–¡0I¡Y”AÎ}j.èVr»qÂ6¥³\_›!TmÓ„Úg¥hbê<«÷p’»)ÔXÆß`ESWžØH?EdôÉè!˜Ù4J U%I½&DzÅË cP‡Ø7VtÚr@"Áó®O5òé6m8©— L`W˦nxÛ“C÷Qç…¦aÿÜ­/\NѺývÜ*ÐCXÁ OðZü¸^n‹FÕ…a×xßF~¤î 0„PvFâ—¬…h±„˜Âs©V©ƒ¬È¯VòÚ©J3‚Åúcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/UserNoticeQualifierTest16EE.crt000066400000000000000000000021711453642760600306620ustar00rootroot000000000000000‚u0‚] 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 100101083000Z 301231083000Z0d1 0 UUS10U Test Certificates 20111402U+User Notice Qualifier EE Certificate Test160‚"0  *†H†÷ ‚0‚ ‚ºVÞ¾Îî÷iÌœ ¯ÚŠp>|i¡«\(Sá¾zŽ]ç §³&}(.0ÍïݺœÙ1äjßÿ\÷óÀ‹½CºÛób“³Ã—\åe/% ¹„#¡‘À¨{Ìòá€?.î;¶]½ß®A!\ +j@ýÚå¦4+-tG –âEëé2ø…{³:Ö ¤˜D ŠßK ƃ9ïæ ®~üŸ¨/’¯ÑèAwÒÜXûø›šÝcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/UserNoticeQualifierTest18EE.crt000066400000000000000000000023301453642760600306610ustar00rootroot000000000000000‚Ô0‚¼ 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UPolicies P12 CA0 100101083000Z 301231083000Z0d1 0 UUS10U Test Certificates 20111402U+User Notice Qualifier EE Certificate Test180‚"0  *†H†÷ ‚0‚ ‚¼ðB²»ÐH&|  hL”|‘Ô:M>¹!àC¾Mtx5•`£^=ì)üÐMî£(PªN"†K:`8_Dd_dÙ¦O·ÌÃ]Boèì´Ü·ûbC—yËg¿"y$f2MV¥qr›| Ò`VI̹…$æJƒþçþ/Ëx žâ= ” ‚ÅÆk‹ÍV—8tb¬9SAPf‡ÒrdäI8Õ…rûñ u¹÷󩪾Õ}rN˜Stz55·VeÒãŒW¶Sv/Ø1RUoöùÒà‚“òW´Q‡•\øç„þø7œÜ_é±r 3F%|ßÑc-K+—V¤õk£øFÎ £‚«0‚§0U#0€Ø_5âšÁ7*&΃Ìsp*:â10Uà;ò“¨æŒ* vk ohq0Uÿð0‚SU ‚J0‚F0 `†He00Ž0‹+0}q4: This is the user notice from qualifier 4 associated with NIST-test-policy-1. This certificate is for test purposes only0£U 0š0—+0Š‡q5: This is the user notice from qualifier 5 associated with anyPolicy. This user notice should be associated with NIST-test-policy-20  *†H†÷  ‚ƒ6]I¼àÆ?æ9±o¼I'O\(/à›?ÇjÜ\lÑg dÌ䨘Hì¡°ásêé×™ /±ôÇ'`¦ÂÞür„¯º¸.{¦*¼8׿9ŒÏpšö$Êñ¶›pç–žŽÙ=Ô£E~—¬Iõ-F0hùŠàåŽF{ÒdT· >Òòz-0×O+öd·~PÊbë?ý¬39ì\á÷Ûì{lø.{¡aK>'k؉BŒòœKÔtŠEo›a5Ù–+Ÿaºvn¥¥DGÈY6rY!@¶#{rOvL¦lvvý͸){çÄ»;wœ^7ê ßR†8Tcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/UserNoticeQualifierTest19EE.crt000066400000000000000000000023571453642760600306730ustar00rootroot000000000000000‚ë0‚Ó )0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0d1 0 UUS10U Test Certificates 20111402U+User Notice Qualifier EE Certificate Test190‚"0  *†H†÷ ‚0‚ ‚÷ó™ Ö¸EÂ%ËX¶ÿ(ƒ@µiIFDD|~j,µè^…äu7Ê £3î7­•<ªµ¡µ1'ín\QhgºñßÖIË•‡¢¨~ÿB•GÍ™C¡EÐÀWlp®‰xiº ô:±â…w,äØŒÿ¼u裊A±r>+†ü-é=̈˜œ×äöó–„ôDqº¤Ê‹O‡îùå Ú¾ó§+î¥ðG ž´²)™ÝÓh6iT[AÃ{Á˜&ùûâT®ê·Þq£b….r¯-j©iQ/”:¬Ñã\ÿ[@·ì;«NN ÎàÒñоH*G ¼Š+ðaI£‚Å0‚Á0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U M “;‘àÏà'×7[~é›0Uÿð0‚mU ‚d0‚`0‚\ `†He00‚L0‚H+0‚:‚6q6: Section 4.2.1.5 of RFC 3280 states the maximum size of explicitText is 200 characters, but warns that some non-conforming CAs exceed this limit. Thus RFC 3280 states that certificate users SHOULD gracefully handle explicitText with more than 200 characters. This explicitText is over 200 characters long0  *†H†÷  ‚k, ¾¹dûdg%D‰ïaH å/I2‰z»Žu©éÀÃUï~m-*­X,ëHeX­mX'Lß亜 ¯¥=RÄåu…Lvw!cóñfK´•Êê5dŒ•<Åyš)b>Ø0¥Ù±GýÓRc)kï›7dÛ›‡PÆ< æóyÅ鮶Ü;!˜R@ìûñ¹½Ø¤S”!Ïâí®nMuð»öP+¬ °Hî—˜¢3L•àqΖ ùÄšXÏQÛëÍ!içyå¿Øs~†cé›D½¸;ðpƒ AÍÞ­|”3k„Ú% PðÐSQâø} ì ‹K(certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt000066400000000000000000000016741453642760600332070ustar00rootroot000000000000000‚¸0‚  0  *†H†÷  0]1 0 UUS10U Test Certificates 20111-0+U$Basic Self-Issued CRL Signing Key CA0 100101083000Z 301231083000Z0u1 0 UUS10U Test Certificates 20111E0CUÌÂi*,Šžîdò²›Ô÷Ö·lå-Qøÿa³ï½V$[‰Œ2ÕG üC€–RH/šØÆܬ"GLlÌn±¡  R°¯w”…íýŠ)æ«veØÛ­Ì*u,(?Jàý´ãõ5ë’'#NºGçò#š”ƒòFBñ£k0i0U#0€)šE.6•ìò^TœÕÙöD‘,0U2½°m`idvy5í8r¥¿ï=0Uÿð0U 00  `†He00  *†H†÷  ‚'ÕÁfï¤×DקΪN ŠF‰ùÈ˳{TF"ª;!nÕ!÷ù?Eš‰ÐÚ·»iyåߦMãDè HbƒNitz”€0—êgL€?±CÁŒÅ$i”;Ù¾¶Cþ¸åª0µŽ» ÊNÈ廢Ϩÿ¿çã#½Å?€‹8Æ '÷½©0ôF¥ «‘&ºO%Üâ}Ÿî5ËO»7_†X¿'±Ža4õI¬8šm@8ü¶¾;ˆH Þµ<ËKîÒ„Ôãç´‹ß®ÑÐõ«Ì&;êt`¹;VóñüØk%ϼ£×— MÖ'ZÄ H±‘‘™WGÄà»Y¥Ucertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt000066400000000000000000000016611453642760600326140ustar00rootroot000000000000000‚­0‚• 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued Old Key CA0 100101083000Z 301231083000Z0r1 0 UUS10U Test Certificates 20111B0@U9Valid Basic Self-Issued New With Old EE Certificate Test30‚"0  *†H†÷ ‚0‚ ‚¯Ññåúo²gòÅœ€»âU¹¹dl’dÒp•žg~Bìê•bÉŸ¢wÖCZDùPZýÝÛéX³Ó#E \nt @8•‚Dó·äÚ\ˆy=ÃimowªØ×N²Ø—nO]sêáº×IŸï¼F¨ ]cdDÊÖ½U=ÎÛL-äËË=*¥Ö©$Ržß ÿ®øÇ!Ü7мÄ=ïHjt2~ðÝÒä‹m“§Í™.uWák@ÌÒ\YFpÍ}hc¡Ÿéò^¸”û²_T—·ÈmI´ îQꃥº »_¨ÿÖ|ÞˆÜpˆMðü®½°hï^Â{Уk0i0U#0€ˆ_¾?59fšëMÂ&&±*'µ*0U&ê¢g´b¿¿ÔÌýdÛˆÒo'‹ë0Uÿð0U 00  `†He00  *†H†÷  ‚3âç\ÆV¯í”Ì+ÌðÏKZRY!ÊYM0̲* X÷3ï2=OhT¬»ë!“+I•=oêS>ªIóø:¡’)Ó ]° O` tÔžð™Ó#]Ù°èå~éî³P:)rŸóž}oz`ÄÁöÉhY.˜/lX†Í­U¼À§°CNHÇŸ<9º9"Źª¾¿B~‰‰w‚à‡ÍóL7O&mŠ&`,Œè¨¿a(ë"U§íxú›ßÖKÍÚq¹¼ÇØèžÿ³×‰¶œ 7‡¢0ÅÕ¡ÿoo’ßi׌¶{30*­3œû$or[¦þk¯Ñ&U£a„†§®GnÞ„çf— Ucertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt000066400000000000000000000016611453642760600326150ustar00rootroot000000000000000‚­0‚• 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued Old Key CA0 100101083000Z 301231083000Z0r1 0 UUS10U Test Certificates 20111B0@U9Valid Basic Self-Issued New With Old EE Certificate Test40‚"0  *†H†÷ ‚0‚ ‚µ†êE$„~|ñÇmÿ*»½ëOØçö­è•ªÍ.ë³\LÜü õgNš‘ÄÖØ+‚sރ‹q4ÆuîÌÚÆàsY Cóo¾eA®:Ì£íTæš{žvÚËÝc`tJNÇ#Z{//JŠÃ{û–ÓR7’…5çÏVd#ðÂÍ]°ûbÞcn|£Ñ¼›áÙ7»ecNô»a¦““ɧ•EuäÀßc¶n.sêäC÷'D £Ê¬¤dÝ?Èè‘þüòu™­ºœñáX+ÙÅ™&‘BÏoì ·ó5h׋ºŠñ™AŒû–f¦Fª"ON•$œgz(Ö…ŸtAi£k0i0U#0€Ý uShÄË@À†0¡¾¯0UtÄEóì50o“„Q—S‰H0Uÿð0U 00  `†He00  *†H†÷  ‚‰Jœ%œ+oª¥ÚAÃB`.G÷ÑcléÉ¢G‘‡"ôËÎZ ~!Œž/`ñ¡’øï·çìÔ²ryü™½|ö  ߘ+Ãy¿¢šÖ %®£™Œ[j#¯0¢Â±­ ƇåI2D(Ò…ÄtÏã…­çd§½½¯2—cÓì—ˆ»m#\L”v-@B‰L"¬ÛÒ \µ$Ä4‡ó,ŒƒlD¨dk XëêÆW簾kÕí+™•Í®L^í}¼s†¶Ýþùr¯þ¡0*—ïHeQ5¥„ÿ>À{ˆŠ¹ÙÙOðV|öÓd­b^T´ÎÅÌÀ5-é­¼íÛç_v‚=ÖD|certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt000066400000000000000000000016611453642760600326120ustar00rootroot000000000000000‚­0‚• 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued New Key CA0 100101083000Z 301231083000Z0r1 0 UUS10U Test Certificates 20111B0@U9Valid Basic Self-Issued Old With New EE Certificate Test10‚"0  *†H†÷ ‚0‚ ‚Þ¿D-€2_¼÷Ï †µèê€I0 9·©á(¯~ éSâpš³ÿ§Qú½1¤g¤ix}ÅÓ¸Zž¡s•‰¯Þ†›€& ˜0@ÄArÕÊmN! ÛQš«»]îÿ8sèTwžCHù‘0™¶öæãŽp¥BrMÂ1L‡$¥.ã¤È¸ÎB Kkõîp$>·àcÎ7 ~Ù ›+ÐÆQ$7cÇ¥Ú0m×­29[põÙÀy…åFô‹j·iÁ„¿ï“s%–ŠÒþã4˜Cû’–ëH¹]\{›id}D{Jjöÿ2¢@8héD§ex‚™¶ú£k0i0U#0€v|Ød4 Oßq!t ›6¨‚×0Uݨä"÷=‚”KCw.ÄÏ'æÿC0Uÿð0U 00  `†He00  *†H†÷  ‚ qþv{ß8 ¿î„e$gª;!l œ¼á\¸êë¢ /fþ‹€ÕuÌB†~·°yn·ì~ü/×VBÿöÙŸÿg%C|ÏõoÄ|'”Ù¾gH˜rZòªìæ[Ö å4míeãeïµü®‘¥ÂœÕ&Å$}÷roQgÌwtAG'ZŠúòr¼@]ÿ[@«‰ãS““úp_ ¿á]ƒÝ6媲WfgCú4‰÷wKŸæúx­¬ýXàç ¦FŒ  Ì6S«€·ÜóÉá|†l²¢´¬K ÝjÉ[ætÁŸK?râ­´/Ga —q¦E,PCƒœƒ}†FIj dëecertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidCertificatePathTest1EE.crt000066400000000000000000000015751453642760600307000ustar00rootroot000000000000000‚y0‚a 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 100101083000Z 301231083000Z0S1 0 UUS10U Test Certificates 20111#0!UValid EE Certificate Test10‚"0  *†H†÷ ‚0‚ ‚ÙÜw`Aûçxø„wpï-nU;¦™R?mô½¡—ú6nDBÈSþu†›^7ˆ¢}ÙqÔI5qÎFÏ[ÐYŽeëB=ÊÜLØTiÏ^8² `݃Q.ßÛÕ[8‘Z-Ïš3´o–åvbCi„ÏTAù5êžÔZ—^Y½àäÃY‰×Þòy°‡kÀY¡*‚okS4t=ôáÌVb¢äeè#±ƒXS²3-–¾å}3žZ'sSÝ]˜âKSX‘êrì»”ò P­òµ$1彪$±¬Ý Rð‹j«¸÷íßc´Î”h¿^–ÐD–ñøôz: yS£k0i0U#0€X„$¼+R”J=¥rQõ¯:É0U¨< göØGº¢ÐürVˆ@m••0Uÿð0U 00  `†He00  *†H†÷  ‚ZÙ¯b¥¹R¼¼ì aˆª  G£ž©²ø£Ù,Ò8¾;²ÏÔ1ˆÏÎiôŽÇ¹pQÀ‡Æ•´öjú1ž-ijíåzanŒÑäÚ›mlî,ÑyXØ„Í›AÓâþ‘Æ_'e{ú/½¨¿4Ž-ÏLX[0.ifE&&!˜Óó®)‡ZNƽè(~ ”æÿ\µ\OÝŠaYÒÿÅiÀÓ‰JÑÂåÈôÈÃý*#O„\,D-ƒŠÂ="Ç<`òŠxãFeÚ™øcÁÔz p¦z§›¬¾ðD#‡X¬èó ¿%Ë6«iZ®ÿÀn°Cžž<§0nÂcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidDNSnameConstraintsTest30EE.crt000066400000000000000000000017201453642760600314300ustar00rootroot000000000000000‚Ì0‚´ 0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UnameConstraints DNS1 CA0 100101083000Z 301231083000Z0h1 0 UUS10U Test Certificates 20111806U/Valid DNS nameConstraints EE Certificate Test300‚"0  *†H†÷ ‚0‚ ‚ÄÝçÄNL†1{NÏŠì“×#_>nO >h㦸;õ‚KÏ¥XÔ$y½²ØGjh¬ÓÚ6x¼+`¼D)H‹F;z+¦„ÍÇö ìf~¹>é=ý4 †šµ<èNF©yűUúnT‚XÔ•èßÜ'j€ƒz5ý¢NƒÎì]m*í{÷@¥Û›9QÁTwñ ÒFM¯àHqž«ö™Wðýà„qþÿÑ~)B‡±Všºîý ßà¹Ñ4F3bnóéòáû6[Í6–ø[B¥³XŠ§c™=Uø¨ÉwHŒð}”y…°º«Ú&>N†o<äù9\Ûz PýJß?† £˜0•0U#0€±ªðãÏÌÒ§‰¦ƒÝÿnÚãI0UE’Ïo“µn6‚飡ÄA:q°r 0Uÿð0U 00  `†He00*U#0!‚testserver.testcertificates.gov0  *†H†÷  ‚¦ ŒH¼oyŒâú{e­×‡.ä´`‰”¾Oϯñ&&O/"dåJómp¨£š`÷ÛÓZ_Ùì„·9âV_ªô1XÞ;[¦÷‹â™Œ‘4Åq ‹„Ç>ktF ÝŠÁOÛO|$T#w>y¥n €mº“n¶3& m{eS¢@JU­ÑaFrk\©Ù8k™F·qr2/‹º‚ª–l«_=ÙÆõÐc´F!Ëõ÷Þ(il%Å2ÎÞæJ˜kŠD’"q',ø*… ï|˜iÇ¥i`!±È«ôv·¡œ^¬+߉.²jŸdÌ2”¹;d&Ëöå|î1§úz&|EFáƒcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidDNSnameConstraintsTest32EE.crt000066400000000000000000000017201453642760600314320ustar00rootroot000000000000000‚Ì0‚´ 0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UnameConstraints DNS2 CA0 100101083000Z 301231083000Z0h1 0 UUS10U Test Certificates 20111806U/Valid DNS nameConstraints EE Certificate Test320‚"0  *†H†÷ ‚0‚ ‚ã;}P»X'#ȸөîÎî¬ÊÕôMy…¯/¶’æÛ,þKŒ wµ… :î ýþ¼½>ß퇭Ÿ\1ÿ°TfŠ,Ü×ßvô¶ˆ £ÒÏL¤e»G9š‹m¾Ý ?g¸JñM¤vÇÜFÖJâq†SÊ7‚=_Ñu°>o’æ‡Á #QbÀÇsÔ†kq»y£";Œæ,¼ýö2_ìBkÊA¤Øo¿d"b­wA(‘Ï¥ZÕ+ˆƒò98줻u@—iìVôwº.<+E ÐDÇ[A³êÆ÷ •Ž‚Út˜Bé$CkuRÉz ÛlDŒ4Ï¥ó·©O¼¹Û¤óñ·ù~íu¹¾L«Ù²#ÆÀ!2°`Ñøä¯ú¹¨cT͇Ï<4sC Ü_ƒÓñ?Œ& fH k80¦ZNý1‘·ríÒp×]å*“ؾ™fšÇâaÔŸQyׇ^Ê„-‘<÷Yïd7e\wK²‰D¹^ªK†certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidDNandRFC822nameConstraintsTest27EE.crt000066400000000000000000000020241453642760600325630ustar00rootroot000000000000000‚0‚ø 0  *†H†÷  0o1 0 UUS10U Test Certificates 201110U permittedSubtree11#0!UnameConstraints DN1 subCA30 100101083000Z 301231083000Z0Ž1 0 UUS10U Test Certificates 201110U permittedSubtree11B0@U9Valid DN and RFC822 nameConstraints EE Certificate Test270‚"0  *†H†÷ ‚0‚ ‚ጠ¥®ˆÖÎ^ÊÙt‰ƒhü£÷á$«$„w%P]#Åm,îlD'‡×ªz NÛ ñ‹’Ö‡ÝÌ><†3,¬ÍÀ ¦ZjІHmQO €x¬U¶|©¾Ž5¦<Üa-g$@÷\IØÓŠG/7€/Ðz¤gîA¶Ÿ¶çü³(º‰Ô›'°6Ó!£¯úk Úm]^\ø‡H`ààS¦Râkì.¦yÙiÍQ—åÒd`·HÄ2}X:bך:B’-[öÆ&zº‰Û4 A"“’lldR̳Y%¸‹W™B sÊ?ÆCÜŠ´“žAlu’8øc búNO£–0“0U#0€'IäÙEúl˜”lüí Ã$RmUD0UÑL€FÊ=Ç>7cNËk35ä½Ãx¤0Uÿð0U 00  `†He00(U!0Test27EE@testcertificates.gov0  *†H†÷  ‚y+—B_ŸŽåÙ |³4°J ¢ÆHJB¹A&Çä<Ç6²yúÖ5E åo/É®8¿aHÓÁˆáÁ6uÂöl©£^ô#‘c.o V%©v†9~~´ä0g©ŸHÀÌ”÷¿L6ÂUSóóM©j²U2ÛŒè²ãa¡Ñõ •ÍÙL~Xã;ø TÜ[…§t¾H¨Äã‘H -3úæãðÍA%½ªtƒ¤Öý´³)ü¯Ö­ˆßþHÀJR}T{+ሾ1J3¨|­™# ~iBÚå&én°‹íÚ×=ìÚ\¿b‰Iæ|Ö7¡{±EjWðà;eȯ+ 梜yÙ³ŸjÇ– certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidDNnameConstraintsTest11EE.crt000066400000000000000000000017311453642760600313060ustar00rootroot000000000000000‚Õ0‚½ 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN5 CA0 100101083000Z 301231083000Z0Ÿ1 0 UUS10U Test Certificates 201110U permittedSubtree110U permittedSubtree21705U.Valid DN nameConstraints EE Certificate Test110‚"0  *†H†÷ ‚0‚ ‚ÓVŒ>›­õÓm€ úà¹ä¥AÚ}A‘·M6œŽ®¯^í‡&Ñâ!€¥r ·)Áä­M-xèLÜà¸ÝF¢‡çRëÿ¤ }{òÈ™~°#lnÏ y²_UÒÖv)w ÞB¸<ãü$˜;I/Rß_ŒE†HÉËa»øCRœ¯i-+B&$k9M–1)‹…jÈíx£ ²c›¦-”7¨·=¬©ŽæÇÒ«ª¤ÝÕ=h» †RHTë»h)gb0WÒ˜‰¥dDŠi¹±Æ4Èi©/GEס L‘ ü¡9]ñ8Ž0V#C8E t«¶]ºé°ayö‚ û÷£k0i0U#0€ºŸ Ê9œNwZëû•¬Ó§J]'0UËf9 ê³ÁØ$K¨¿Ëi(4 ¤0Uÿð0U 00  `†He00  *†H†÷  ‚Êg ½kFí|,.Ôc œˆÝ ½“Z¹ò*#îc¦#tè0ÔÀa-7¬Xr,LkPÙÀ†"¼\ô¹.› ž¤×#k/¨Âù¤A•öÜ ¢ùÔ[Å·w Ã©´VK«o™Ww׊IrpWݾðò¨g‡Žþ Nk¯eç5"¦-Á€mÛó,ì;¼nï¨ K@Ç@çµeIªÇ¯ :Ñ^X,ùÿŸ6)†€…·]SÌ#ÇdHßoEanøg×~Trú§á|¸nñ{ðó'ëç~aÒ‰e3§MÜæ’ <0ßð½¾WXtŽ‰N8 =Scertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidDNnameConstraintsTest14EE.crt000066400000000000000000000016361453642760600313150ustar00rootroot000000000000000‚š0‚‚ 0  *†H†÷  0o1 0 UUS10U Test Certificates 201110U permittedSubtree11#0!UnameConstraints DN1 subCA20 100101083000Z 301231083000Z00‚"0  *†H†÷ ‚0‚ ‚Òøâ4ò®ÐW¢qª®YFe~ªN žFæjwF®–× Õ:f„´„Ö˜$6ÙVˆ"îþ!¢£r¡M,»ä[&æ ‡ˆþâ8¤Z‚»Ò'éIl>c¶RÜ0п wH÷n'½ì¡Þ‹Ø©a¦mM@ýD=‚)'R‰ò8ïe9ÊÛO+\´Ïf‰š`Š}—…ª ,‡UÜ©ëc5µ‚èzÄò““®Æ 9Dr• à´›Á­OBóᆠ“P`z’CÆ ê£%y=õÖ ¯‘£~.·Í"¬ËÛ±*…ÞcÔZM{j·ÂynKöhÒÄ~±ß¼ÔÈ”ß;…øÂ%1=‹Ížøø±_£¯0¬0U#0€¢/Xƒ[L•—·îö‡´—àà—0U_.•0ñL.€~óê­]y¢ð8·0Uÿð0U 00  `†He00AUÿ7053ValidDNnameConstraintsTest14EE@testcertificates.gov0  *†H†÷  ‚ÍôOIâ ÜöŒIN`¸¹È‚Ò€çÍ£Âøª¨Ê<†™–ì/†ÎŽ›÷ùï¿w’ä$ãÖò‚ߥ&ÀèœBŠ`ø/Hçæc w|Pû¼ÒþçR@uË3dï€ÓšÍ·?ˆ¨·³tFÀè²}…»Š¾ï°ÝwIbŸt]ø%[ZWX‚¼3 ðx_ßP >ÎaÚ¡‡+±„žlI:°BT ‹Êë!\l®‹îä£4ÉÀÇ°2dѺ‘…I ªàî—¡<ÔA= æCM*ï ÔA̧ô¯mÁ`"Î5½ Û›ð½0³+mÉ¥ÉöN3#¸Çã‹›×|æá7㟠¸UEcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidDNnameConstraintsTest18EE.crt000066400000000000000000000016441453642760600313200ustar00rootroot000000000000000‚ 0‚ˆ 0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints DN3 subCA20 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Valid DN nameConstraints EE Certificate Test180‚"0  *†H†÷ ‚0‚ ‚ÀœžAå•Þ¾ËkwTs1÷4`×<˜š“ª~ŸòMöÒ@¯gZ)•ÇâÕ÷fa:¼Yü—Ì_­~¤þúÌÐÅHP› o Â:3ó½ü¨3úôº‰ÚF TïŠÁ/ù6ÝÓK£FÜrWë"ÿ³7·ø8}e\Ý‹¼  ýŠw—zâÐ2† оÊ–ÆËZÐÛbÜji1…ñA%j}Í©f×^.ôÒþ0ÒEFÂi…2}t&ÂdöJû½טî;¦á†û"½#0?ƒëÐŽÈàºeÒMw*ÅNòäoÞO8ŒÛfº8ómîOí}FG§R µGךØ¿£k0i0U#0€Ìíj(~Þdêˆ*ìu¿¥.g0U´’¡ÏªtWó|8Gç5*…×x0Uÿð0U 00  `†He00  *†H†÷  ‚R&†eáëÜ2æ8’Ä3Á_\‹ãâ:PþǹÐuÚˆ²èö Ù‹v˜NÓ?£‡ÜÂЈ… M”OA(Ã\Or,^v_W¿î£Ò• Rño; Re>ù³™'˜+Õ*¯ø}EéË}2½üFlFÜu æóÞq|ͤˆ¦÷Fy‚Óáfe².úY¢Åòí{wØY£÷  ×zé<»¬.*›]íÔÎú+‘·uE‰p•-—äôﯗ [’å’øîo7мùôŽÂg_â~艚¤JD}+‹>Ò  äܬËìçâÉ´H~Eù24+'â  2ˆý÷åœFmüÒØ…ècertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidDNnameConstraintsTest19EE.crt000066400000000000000000000016751453642760600313250ustar00rootroot000000000000000‚¹0‚¡ 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN1 CA0 100101083000Z 301231083000Z0ƒ1 0 UUS10U Test Certificates 201110U permittedSubtree11705U.Valid DN nameConstraints EE Certificate Test190‚"0  *†H†÷ ‚0‚ ‚Ù CxÚÍŸ·àÂpÔóc"[®â¾øž0”õØÜ• à ˆí¾yŸoi“ïrûZtp¡[¼ ¹½8MkqòüzÔÒr$Ș7J­²–[ì즚­Ð/œÜW6À’\UC7L£¾)ŸùªP¶’Ø­…C©¬ªeMw ±Àƒ¿1$Óž K•ë?€°ÜµK,9í¯v]¹ãˆ° (E¡Ãeðñ ÐÆõ²£ €3ï¦Ä®4ᤠՈ4¥K±ÍáµXzØÆü† #Ž>©J« u X½² üKþ±‹^sFç¯Ô£ Ôx¯±ê¦Ÿ S.êü.É ¼Þ3ÔNˆI£k0i0U#0€EîÅÿãÄÇ08L[Ç]T™rÀ¸0UYC×âµ’Š¸µ)­æZó?4:ú0Uÿð0U 00  `†He00  *†H†÷  ‚ƒÀv9ýæôJRÅ8Í™Õ&8Þðr~À”ôë JNíA½ï±Ù®‰]ÑîIÖ…aLV XzQúô€Içé_ ‹ ïuÜS›½9Di®²Ú 7ßQÀqÓ8¿‘å¿dкlóÓ+w5Éì2e¿ÿÜV‘Lßý:ª'P4ÿßBÔ>Ït§sáQæ°jTõü—:oóežJÇeaßÓà ç~ˆ˜r#ÆuL¨µVRãïµ½^ ñ­ÇP oÁ?¡K6¶,}pÞÓë3)Ú#Ž•X$]Ÿê8Óqè-2_²°þd°ƒq[´²õ¨ä– +¾ê¼öš;殥†›žª–{Ø¡}certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidDNnameConstraintsTest1EE.crt000066400000000000000000000016741453642760600312330ustar00rootroot000000000000000‚¸0‚  0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN1 CA0 100101083000Z 301231083000Z0‚1 0 UUS10U Test Certificates 201110U permittedSubtree11604U-Valid DN nameConstraints EE Certificate Test10‚"0  *†H†÷ ‚0‚ ‚ÄUÍÇ›Ž‰=M¼»¥¿Ú÷™ÚDŽáL¹(Hác^I#ÇËc2‡BÔÎÅjh1˜ö]w€2“ù/ß¼ñHÅKt«]º©\‡@ƒÏÉ:ûFI©ê¹Ê7µ—Œª€Þóñ†‹sÂwùÍÜʞ׳¢ón™dˆÐž]ý!t”‡¥©WIéÖGÆ¢ž÷ᦂ©„ÿˆû†YW T;šW4i|b¾‡Æb8ÏÉf…Ö”Ôpºeþ 6^’™) ·ÚlŸ_„Žn•ÙÐ5,ÓC͈¬^ß(6 ˆPUiòÏ#¯Á]2jÎ%´Nª* ¾I¢¯·Û8Ø?MÅÁ£k0i0U#0€AxBFÍN¨‚çá9ß÷©À üï†0U]þ õ¨ò ”Q:94ÉE ™’0Uÿð0U 00  `†He00  *†H†÷  ‚LÞMC!A¡*yý‹,ÛãøÓV@ÁÐUr>ض/Dœ‹Að%¤KX¾þ {KÃ)jà› BïwV<’Ö¶E?çwöÓÊ1 –8 âì57ÖeYéŒÀ=îý+ŠÿÊg<à Û•ˆ³{ÊÔ‹´µ¶˜.Šÿª Æ ±õ|5+êð*U}Ä;èDº2Ä‘x"ß230^Eì"ÿéxÎŒ\ÃÐœuJu‹z³K.-ÌíKËÒ$¯ˆÓùIþ\]ÃÁZóÇ‹\Û^ø‘ô9Ì0À´ >$¤`®ó-Üû%÷}=úJ_æÖšL¡x:àÛwa¤f¬?Ó¸àÄÏscertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidDNnameConstraintsTest4EE.crt000066400000000000000000000017701453642760600312330ustar00rootroot000000000000000‚ô0‚Ü 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN1 CA0 100101083000Z 301231083000Z0‚1 0 UUS10U Test Certificates 201110U permittedSubtree11604U-Valid DN nameConstraints EE Certificate Test40‚"0  *†H†÷ ‚0‚ ‚ÌkPÈ"ë¿ö;ÆùPÕ+ ÉëäLâ¿œâJäk ±  MÏÅÁv~èJç#_9L*y½¢¡ùïß@¦VXœ¨ª:‰’àªR‚ãqŒÖSî2§Ã¤à’e‚sÓÝ ÂðlJ¼–v-´šÚ ÙQ9C „(Co[mI±w´ùöÂÓ5pØÀYâ,>Ôl£_}?ÉîÝ";¦¶¶;Ö —QCo æëDÑ{²-Æ=qÏR“üiœ‡oÀà« ¡S¤Z\•?(<û"G:†ëîå#²ËHÔ8⧽Ý0+îû&×öaf’ô¯ò̱™(·‡£¦0£0U#0€AxBFÍN¨‚çá9ß÷©À üï†0UÖª»(Ћ$‡¦=•¸…Óp0Uÿð0U 00  `†He008U10/-DNnameConstraintsTest4EE@testcertificates.gov0  *†H†÷  ‚Âí3—=Uy·¢Ò ¡b­‚F¤¤æ!~n”Îÿ&¨Ý!ÒµÚ€×G[Âw<°ä·ÀaPÜj/‹x¼1· m¨ßþN¢„=®ùH¶´o¬†HŸÕ=dˆu_í écg¡Ð ß«ƒ¾¨´¾2Á&جÅT~²=Þo¤î¡²æ!wdî±³‰#JÃg¼ªÙ‘ènzƈr¿ !6覄AdLN)_£UŽy?Tív‰Gáüœ²uî«wLz^»ÜKÐJŸ`(\˜ô¥$´dSÎ.–%šÌ“;ñ±Ô¤UëÒ{ÉáÌÖÀÙõÙVÍÿó–é:–H`AKÙaLSv³certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidDNnameConstraintsTest5EE.crt000066400000000000000000000021251453642760600312270ustar00rootroot000000000000000‚Q0‚9 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN2 CA0 100101083000Z 301231083000Z0‚1 0 UUS10U Test Certificates 201110U permittedSubtree11604U-Valid DN nameConstraints EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚ç}&ºQù]µ îÉB!—¨.Dvóýõ¨…ë!Ü㫱Oý©oâ|ü‡æ„N_n³Æ ¶{¯WцXÒ–Ù³“¸•â8 ¢ Ý™ó0ˆŸÕèد¬eþà–û½ZÁ+¢#]BébIö1aëëPñò·ƒ“3Ý»røßU­¢þˆªsÚßQL•ïJñ=«8S¨Gª âš÷‚zk*‰¦wTGó 6… ÜËt?ˆØ&*Vù×EÙ^àN¹Ò¹ª0×åµõwÛqr¬8)kC¨y7£ 1KŒP²‡­±u¬û6$RA»/~!ªtGk²²›½ J ‘å$• zô-£‚0ÿ0U#0€£WÙ[]³`ök‰Q+‚à s¨{0UÉÙ€–¯R+)~, GZ(Ã0Uÿð0U 00  `†He00“U‹0ˆ¤…0‚1 0 UUS10U Test Certificates 201110U permittedSubtree21604U-Valid DN nameConstraints EE Certificate Test50  *†H†÷  ‚~¼ÅqV¹ž§ß´ñ Ÿ9U$¡}Y®[VÅå$HG³D@ˆ—9 ã½½AR®¾ž‚”‰M¹s"½Á¸Ñ2—7ê§ÝP ÑzåfB \‹âÂ.dTd1‰+H~WmH$øÁ²27iÝh¸X'KïÚe6 ú`JÙ°ñËcH‡€TLÍÆ2þ*í›3¡}®0 )´&ïlA£ã“ƽ÷”°gŠ<¸ä$3â#âUäL“=ëjì„=üØ·˜/Fž³AB!õy‘w‹5’Ökµíû¤uT©é vD*MáÉ« ýÃòw‘Ù¸;ùYÚ0g Žõkî;¯0W¬îlcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidDNnameConstraintsTest6EE.crt000066400000000000000000000016741453642760600312400ustar00rootroot000000000000000‚¸0‚  0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN3 CA0 100101083000Z 301231083000Z0‚1 0 UUS10U Test Certificates 201110U permittedSubtree11604U-Valid DN nameConstraints EE Certificate Test60‚"0  *†H†÷ ‚0‚ ‚Ïø‹!÷Îô¤„¶U¡£4)ÄîáÑ4UŒ&¨^Ü‘Óè 7¡rZ¤²€ˆž•‚0©ó{Nütz ºšÛØW.?b|ͼñnS‚#Ýwù™-Ì„}¢X’2|~k<Üáÿ=¨{”UqBKî«Éh±:Kö^U튋_'ÊÉyšnŒ힊‚{wÿ[òwˆÐÍ?Ù¾wx ê%I¢'¨¾«, 6“éüà"¾éÁðÙæT,†üѬ%¢\_— |ÑñÐrPŸÑå8E»—Š^–'‰w Aɇóì9ê&-ħ… ´^BIWȘmË_áx…aþ'Ã[rôJGîLéY£k0i0U#0€Ü[¾Ç7Y¤Š@t| E;nÃõMƒ¿«§j×—9wþ#Rƒ’©N¿S‘*'<ìÛ„d…Ý"’§•/«õ‰Tle*‰ˆ SÖy{]üpÔ£¡-ÀÏø£ "€£ùó—LdÓªcy·Uy”®(@|c'\Ø£k0i0U#0€eŸp:Œ­öCÈçUŽèKÛ‡â0Uo¯pÓí $Þ9¼Öl²ØÌï0U 00  `†He00UÿÀ0 *†HÎ8/0,_Õ O\E&e1¹,‚s–v gK½nœ?ë’oô»É€=¹*ó«¦certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidDSASignaturesTest4EE.crt000066400000000000000000000015031453642760600303070ustar00rootroot000000000000000‚?0‚ÿ 0 *†HÎ80?1 0 UUS10U Test Certificates 201110 UDSA CA0 100101083000Z 301231083000Z0b1 0 UUS10U Test Certificates 20111200U)Valid DSA Signatures EE Certificate Test40‚¶0‚+*†HÎ80‚䋯@Œ×=|î–hÁ èÊžteKšT—*x3Ú¥Årê4³”hBÕýwð¨Bžd“¶Â1Fzi̘-V^#_(¿­Ði•b\*^ŒsI~ý"ŽUåVé®r)–‡'×wCð†¸ ¥ææEyMéúS_Á ½~ÅÀ?äüóLå>Ë *TlÐgl ;€fÔŠ ­þÑ2Ÿ¥§³Ðêw?ël¢ä)Øؼ!Ýš÷Ìå´wMßìÚ¢ŒœuZþfÓÂï„C쩈nLºL?5–Çgü™½™)‘NØ®þk¯PVª/µ*Èî"G%xk!Ý?Îð÷–œA»^D’].ƸÍiÈ?;>ÐO¢ÎÙ„€,¸ì‚4a·cn=í/&%ÈÂs>Õø‚ðÐ/„Y`RFS5¨Sd8ÖðM1^•±ÇLãå|mYW!°ÁÏj¾|¹_Ä_aôɯHިݺ㟘²{qDÑøslw[dSȘL6€"B—~2Q¨ˆê÷ª¬¡l£k0i0U#0€ÆŒtè{ ÈYÇ}<[TY`% ±0Uœ{ÂOXƒõ†\*àvm¨MÜ60U 00  `†He00UÿÀ0 *†HÎ8/0,yµÒûeßÛÕÀyb/Ô²d<ÖK‡ uO»”‡òº}¦È|’mè„certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt000066400000000000000000000016651453642760600333770ustar00rootroot000000000000000‚±0‚™ 0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UGenerizedTime CRL nextUpdate CA0 100101083000Z 301231083000Z0s1 0 UUS10U Test Certificates 20111C0AU:Valid GeneralizedTime CRL nextUpdate EE Certificate Test130‚"0  *†H†÷ ‚0‚ ‚¹Ý¶ óÁ<¥"q«Ð ¹{ç-­¹iÖ°ô\h±hiÎy>{€<<¾n–ÊgpCá0î])´Ÿ~|y&âM’8ëª8j÷a4üHY~dË=ûû#É£PàØâÑë^åŒ4<©eÍ"q MQzZŸž:ç]d¸:yUˆ‹ov‰PX™¨¸ÖäØ©`™ÛÎó’êµå•6Û¸N¡Hh"ÞÁ çsòB«ß­Z' ‘¦ÍýZ¼OœVßÕÀ'Ô *¥êþ!‹zJèF¹ÅiBz<ù®¤óÆè^m¶, {Ah…Qí^̱Ùåˆx­{Aj`ØÄç@“Q˜Á€'Œ›¸eÄÖ_£k0i0U#0€~*uï 6ÇKç ÙaHGŽƒ,0Uãß{³½Oä¸ú±]ÞÙ© !Ð0Uÿð0U 00  `†He00  *†H†÷  ‚9¡ì-ÐT~`'èqt{çkâ¡hÄay1ÓlÏ}ñŃ£8 –ø¸¡¯=åÛ6wyûžÓ €ÜŽ¾‹úK-#ª}Ü>Ô·Ð`\îŸ,Yí+ï0Ã×Eº¦+Òút»'¾-i´ímÌU9çFL½ ࢜÷‡?¨ëpz|Cþ'=b­Ã80tx®Ö™B»¤»P%¬ÿÂ)ˆ†Ï$Eú`]eeÅÅ1é¯ MBû_[?4$éÆ$:~.òÖÃú­ÙUÛÚU=ä4fê¼>Œ–°/jÛ,Í€+JA,T.LcÛeyK‘7y£'WÊcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidGeneralizedTimenotAfterDateTest8EE.crt000066400000000000000000000016351453642760600332160ustar00rootroot000000000000000‚™0‚ 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0  100101083000Z20500101120100Z0q1 0 UUS10U Test Certificates 20111A0?U8Valid GeneralizedTime notAfter Date EE Certificate Test80‚"0  *†H†÷ ‚0‚ ‚Ü›*W<‹8.gB@æ#KùlÅÿ÷O(Ž¸è´Øv”jéøâ[ÙÁëýaífæ"NžâÓj\U>Rz%-ãáìP²Ÿ),-&wçª Ë£ ?A1›@'óÚÈ›ÿSzé™ÂE\\B÷/"”Ìî©‘•ÑC‡ß»UX£Ö¯(%Ú§BáTJ`S´–¬zë«lV–ñ{¤á ¯³/ÈÍ­©¦¥` z&…jÅíYJýŸcˆë{ÖŽ~ë½N2§xq’Q_/¦G¥C0Ë» ~¤fä¯êÉ€&Œ19s7×@âÇ­b‰•{'¿~Ë&ô‡§É£k0i0U#0€X„$¼+R”J=¥rQõ¯:É0U1=æÉ GëÀSÝ€Â;-¦¢Dî 0Uÿð0U 00  `†He00  *†H†÷  ‚p1/+øÿ‚ÄÓh2ÅÆô‰¹f2ÐÁ Î¬Ta§÷)_>;Z§}T1*“éò êQ\;¶xè[9i ”ÛÌ5öE¤Ë<ÙÖÚhà´£·ë¤Éºtvßân;³§·çù\£¢Èû`½W^í^™3bÛ wýÇ_”ux@ãôù¬:þ™‚}BGÐÿ|Ï4€üG7|„vÏ×zωEýÝÌSÊ5 Çô·©úâFï˜åÙÂ?IFBw†ä Þ‡üF³Fʤ:È Ò7³cg™åÚ#àÙ51¦˜fi¿fyüÝó-^ᜆ}ºbPÐßÜìÊœ„äcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt000066400000000000000000000016361453642760600333540ustar00rootroot000000000000000‚š0‚‚ 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 20020101120100Z 301231083000Z0r1 0 UUS10U Test Certificates 20111B0@U9Valid GeneralizedTime notBefore Date EE Certificate Test40‚"0  *†H†÷ ‚0‚ ‚­^ ï0Uÿð0U 00  `†He00  *†H†÷  ‚uŸ%&^ø<J/ŸÃ/| ‚9mšë‘eäýß|ä$;Sk>5TD ׫$×o6ãÌåo¤'¥ÃÚ2o4$MCd|‡Ulm_!ð3Ï„FO/ÚŠ†-‡Ö­ˆ–u+ º‚RåÀqü$;$ 5JrŸd)=ŽíÆ3¯óÄ•ËOÛ¾‘þr¬»Üçôû)²Ø&?Š´Ìÿ…ûX´¤HlÏÔG‰?‹¡ž—Ÿ^rTCÅ—ƒ$è‰8L¥ÛW"•0Sëí  ܼ9©Ï¬×iP Q|OÝ7yþ‚ï·O9ƒÆpƒÙiA"s’¢«† þ˜A‹&å:=“êD]ŸÆŠæ®certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidIDPwithindirectCRLTest22EE.crt000066400000000000000000000016331453642760600313120ustar00rootroot000000000000000‚—0‚ 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UindirectCRL CA10 100101083000Z 301231083000Z0i1 0 UUS10U Test Certificates 20111907U0Valid IDP with indirectCRL EE Certificate Test220‚"0  *†H†÷ ‚0‚ ‚º‰ÚAWÞ¸]f”à?“®«¡Y5uTðwÑaã…*X+FþʆF5…Žà~ùq…QÝÆý–>«_>UƒOT$øz 2ûÝ£q|9tñõ«ªÓ”¤JºB±–‚«a‹Ïd{Ðn['ÜHvév©n«­¾ùk§  {¨uýzêê‚5D @®˜ŠÛ@aƒåµ'-K”б‹Æ?ìø\ßk’Ë?Ÿ=pZ4mL›–A>õ ¹ âß Ûj9v]ÙÜz‚ ñnRuªšøúQ‡»…„]¦4Æm£k0i0U#0€%ø¯ü¯¶©yKÛËd,‹K±Í0U ®Uµy÷ñê ]qKˆÃS0Uÿð0U 00  `†He00  *†H†÷  ‚RÉ¡ë(xZäζŸÓÌ{•N®Áåͽì…î$hÉ(Ÿ¿b!Ü•V¾)nÁÙýÑ‚S²Îy4\•3“ðû¥î°6è1¿ ¸y°}5fW˜ôZ½ã:jq•‚îc³ˆ cY ô]«Î„¡É•O„tõeò‘-ÁŸµêh ý£Ç0Ä0U#0€ˆ#á³³òlþ1©¾‹aª;’‡¤£0Uc³åæœObìf ªQÛþI0Uÿð0U 00  `†He00YUR0P0N¢L¤J0H1 0 UUS10U Test Certificates 201110UindirectCRL CA10  *†H†÷  ‚%—ˆI"MYw»3]ÿGµcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidIDPwithindirectCRLTest25EE.crt000066400000000000000000000017701453642760600313170ustar00rootroot000000000000000‚ô0‚Ü 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UindirectCRL CA20 100101083000Z 301231083000Z0i1 0 UUS10U Test Certificates 20111907U0Valid IDP with indirectCRL EE Certificate Test250‚"0  *†H†÷ ‚0‚ ‚Ê{ ƒ9/Èþ=}#[xÚ:aTІ[þê‘ì¿ø#ÙJmØ7±ï‹ñMP¾øqðóY@‰ú×/ë!¿T‡ÐØ0ûo2Á°8«e–ïßý'NãÙÿÖrï·îÙ-£+OZ_]ÝùõÙ¾îü d/ÆrpÄ~Ò#ÆV†çŽ¹»iDêQvÖ«¾Û^Á8ïü؈pTÐ âYµ¬Ò0ú{§V>胑n¤6aw¦Y¶„ÌˇUW¥~Ñ4kU.‹‹RÜv¤,»6Ù[$æ2nÕÒ9?°qÚ7\®]ê§"|É£ðæeÛUçûaûådp8CËcAOS´N|€¨ ÒvZªðêfM‡^†Í£Ç0Ä0U#0€ˆ#á³³òlþ1©¾‹aª;’‡¤£0UµŽ@âfÃc¼£‚ê~º\Ý0Uÿð0U 00  `†He00YUR0P0N¢L¤J0H1 0 UUS10U Test Certificates 201110UindirectCRL CA10  *†H†÷  ‚N­ãŒžEÍý‚Lkó‰2S!;“ÌøÓx3½0ͳ¶”Ú4ñÙ[Ï–Ä™ùÛûšØi¡wNù+EÀ,ö¦zWÌÕòWŸ——Šã¿tZfKž(M+†Nƒï–=}︵ڕ‹šÑNÈLC5­)Á€2AËðÑ+° u‡¹Ùæà ¥”ñî7ã™hÒs$žŠ# hNjBŠ³ˆ`OO¶U• m©'fjTŽ´ß!‘_¥âÝI¡¬ÈßS jJ*òçwºðì¤]±ýˆA~²ÙÞÉǬÇâ„øê0ÑþãðUu€v"áž÷øÐé/Å5⻤Méa"certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidLongSerialNumberTest16EE.crt000066400000000000000000000016621453642760600311340ustar00rootroot000000000000000‚®0‚–  0  *†H†÷  0N1 0 UUS10U Test Certificates 201110ULong Serial Number CA0 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Valid Long Serial Number EE Certificate Test160‚"0  *†H†÷ ‚0‚ ‚ëI~S?ÇήI”͉÷ùÀÞ¾¼zó53»Õ5ÞÇöYü:‡­4på3á½Ôd`êîgL©33{SqÂsÐU”C‡¿*4Úܤ e4¬R€ÅAvTýÿÒß¹:!ñ{NôJ_=3c9ìß+¢]Ûe½ÃÈm¤Œ[ra‚wä:J•§!¸—„ÿ«%t‘¾ád-Lù¹ÓXˆÇ8ß#"‘Uð™‘ÂU/脽öK?¤Òåƒ+ãnå¤> ”ÅÒ5«üe{-mæ*•ð›ãYÓ«iGÄÅè¤UD´8^øwØÈ­ê¶!†èZFs¹ŽˆÇ¹J¦Ã½ò>×pŒ¸;½ºúÔ¶2’dÃúJ k,Á²ð ¾À÷qe_&º7ûÅ»¿¥Oò£„”ëxÜ&JÁ|CÈÂx. v¨O¨g`Ø)w8Ì­[C,ŒŒ ý­×Kœ);Ù^Þ»†ág‘tðÓöï1Ý-0UÙZ- o"2dYŽ iį¼SQ¾!}Þàr’ó¢)ÃéD…+×û…EÙ¯Žl$™íö©Iúg Xæ®Ku”hOü` ´CzÉb ,¥certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidLongSerialNumberTest17EE.crt000066400000000000000000000016621453642760600311350ustar00rootroot000000000000000‚®0‚– ~ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110ULong Serial Number CA0 100101083000Z 301231083000Z0g1 0 UUS10U Test Certificates 20111705U.Valid Long Serial Number EE Certificate Test170‚"0  *†H†÷ ‚0‚ ‚¼Õaìáì·‹¼'D±/vÙÿ1Š5›-Þ9 Ñå}ÊÕ–ã­è£~q_ÀëqüÒÍh̺¯…mªýq=.(7E Ç/n£±µIäqÊEqõy¥Ç#-Q'1ÆÂ].˜G'¬9ÈA'C-‹~ú4P1ŸVÂ0²zåÓ¯l3_Ù lp&;×5G>†ÆR˸•ka¬+þ>€£Û#ž% ZÄt¯òlŠ_À Ž>KN¢›™[‡Ój N~ÏOÆBÀ˜i¸}4—£€ÁúîqV)*+m¹`ªjÊŽ¶É9…o0`^á¸8ö!7R~å5 •›ù+;£k0i0U#0€ c·G®Â2oã:¸ê ÿ×d¤0U LSE=¦”ÎÇ1tgºŠµ» w0Uÿð0U 00  `†He00  *†H†÷  ‚©ë  Š³‚þdÓhÒµºÖ¸etÁ ïî§%ÓÍzøiü;<^í7I3µeT€Ã; Êw©}œáÉ¿ù˜«ALhÊuÝxfë°Ò.VÆü¾çAèâƒà@c0ú0‡i<ª3q¤Ñ`eYôaˆõƒíEû00cdøçÊ:û˜PëÏ,›x= RŽ‡»‚•ì ¸ ”¤0(ÆúZË¥Hì­THzV–Þ–iŠý!Ã2Õ0ÂÈs©Á¨ ‚ Œ±URäÇ}ícertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidNameChainingCapitalizationTest5EE.crt000066400000000000000000000016321453642760600330540ustar00rootroot000000000000000‚–0‚~  0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGOOD CA0 100101083000Z 301231083000Z0p1 0 UUS10U Test Certificates 20111@0>U7Valid Name Chaining Capitalization EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚îàAm.,´z&ž/XbyÖܶ-b$º~˜ÜÐ#ZüBøðãBû ɆÉRt0»p.ÏÐÜ*±ÎZv¸Šx{aþ!'ЃâéÕâ*$'vuIò‚œ"í¨[‹(4¿f<ØÊeÙp uKµr÷Ïú-ä¶ÁÀSï< (ç£k0i0U#0€X„$¼+R”J=¥rQõ¯:É0UxÞšC«gxR¬ àµ#“à'cÂ0Uÿð0U 00  `†He00  *†H†÷  ‚n©[ò ÔÚÃ×ióqÆÌã\EƒVÇ‹Ý@L­5ç€tP­ûõ_ÂÆ„þ*åë×¼²ÚS^¡ç8ìjîi#-Å2Ô—­CVýžÛëúx³s_}ˆ_Ñ3*¨²Ú´Ž·"&À)ñÇ‚MæùüˆÉ7Hx,úï6uššŽZÓºÔ˜]Aí~ öË šäì#n7Ý·ißêsñÔ}9 R«jnÚÇ«]«ÂN„²šÊò4:¯ÿ1‰ÉK¾Š+wÌO‚,ˆ„‰ê5¤>8v…Þ–h\ÿÍn.oN ³Ý¸ ö·Ư#b@àðZºz¨gT²^ŸS‚Í…š•ãcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidNameChainingWhitespaceTest3EE.crt000066400000000000000000000016331453642760600321740ustar00rootroot000000000000000‚—0‚  0  *†H†÷  0E1 0 UUS1 0U Test Certificates 201110U Good CA0 100101083000Z 301231083000Z0l1 0 UUS10U Test Certificates 20111<0:U3Valid Name Chaining Whitespace EE Certificate Test30‚"0  *†H†÷ ‚0‚ ‚±ÃÈI¨­)OÛ¾.ÿ_P|Ê‘ÏR#?³Á3Ÿþ™Ë‘ùYVtˆøè·$)›Éቒèvb{#^ É•€$d”wƒ](Æ¢Ó×AÂ8Ž›VN(†ù£Sí¶Q¸9ãNÌ.‰mÄ,zˆÞ|tµ,“ôjqUi‹{*÷ó‡5¬SÛ?KjEPáÌëø‡s¡ýg/ÂÅÇ“»}@Ü¡ÑgØ¡0k°ev_f~ÇÐîTÅÛt„h>Ì †]½Êƽ¨ÍDˆXšHžDƒÆÊ$²á @×%È[oØì[ˆ>¾¾Mˆ&‡äµ´ÝlD~À …ºéúR¯õ£k0i0U#0€X„$¼+R”J=¥rQõ¯:É0UϸŠìÝ ºOá™^ÇÚBÐQ|値 ïá:┸LJHÝ”¥¦qkˆØâ*ÓM>o¥uœßHºЮ§¯_\7¼ñ‚Pâ¥DÚǶèßüøy?ÞQù²8³Ýœ:/C'&Òm!5 »éoà wqP阾¸;œU ŒØG‘Çgêà £<ÇúÈ8ÒÿTï‡aúV‘^ÝÌ6pcÙ„ðÍŒïðàÈÆMøPŒûÌ[‹¬ÁgBÉö^`8ò‚bH2æn›~“ËþQ‹(ºwÖ³;!’›¸ðøOËÈ”\ Ñú£åp§ÛCé?ÊÛÌ17µÈÃþ‹v9ßw½Þ®¿+HåÖcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidNameChainingWhitespaceTest4EE.crt000066400000000000000000000016341453642760600321760ustar00rootroot000000000000000‚˜0‚€  0  *†H†÷  0F1 0 UUS1"0 U Test Certificates 2011 10U Good CA0 100101083000Z 301231083000Z0l1 0 UUS10U Test Certificates 20111<0:U3Valid Name Chaining Whitespace EE Certificate Test40‚"0  *†H†÷ ‚0‚ ‚¸-¯óça˜¼ [Àð£†+ؤy[1kTîËÜòÐDG­­ëZâp·Ò-Ýp¨àˆÊ ÍþïŽb^Yã!AßB"&mNN>È=ýÁÊúDÆóéus°1Þ @a!HιÜ9–Å™VÌË×ì>„ÔàÐ(‘3úʇ'Q‹Ç—ø&ê*öeŒÛ|¶:Ÿi¢Îâ÷akoÂ=^Aˆ`z~³iË’>’ö¶‘v~D:{.‹¨i(òZôÙ ñúã£k0i0U#0€X„$¼+R”J=¥rQõ¯:É0U›+¬ýy­þ‹å—HÀΩf0Uÿð0U 00  `†He00  *†H†÷  ‚Œc3½ûÀLP­7‹ð F Œ©º¬Ày$oÑÞV5ÇËãs7µŠï®£•%¿¹44•vu;ÌúP~`-mÔÓà„OÛØ—5R¯rŒ ·ÔœqNK" öòãß~béDE.dèc›ºmb®ùt»´ÚD¹ä˜ÌhQ ð jdÉ¥U•ùŽüRYvIôÀ™5¨R‹År›éƒP žØÎuâûjÁ¯ÜTAÓ¿ uÙ* 6Ÿ•+lçæ«})Ö/™5ɱRKª-ªnvãÛj@ÆF“ü¾Èý@Õ’˜M¡Ñ’C­´UŸuÛZ¡¿ØožþD—+ȽÚ¸:i7ÝâN¦¼üÌ.*certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidNameUIDsTest6EE.crt000066400000000000000000000016051453642760600272450ustar00rootroot000000000000000‚0‚i 0  *†H†÷  0?1 0 UUS10U Test Certificates 201110 UUID CA0 100101083000Z 301231083000Z0X1 0 UUS10U Test Certificates 20111(0&UValid UIDs EE Certificate Test60‚"0  *†H†÷ ‚0‚ ‚¾5ÓNÕIÝ »+Èm(³ïõ° çÏj*;à“‰wü“è{zY©3¶.¬b~evUý½:Jc_‹o …ÔU‡hxó]{•“nŒGdΟ˜4ÎÐ¥@C€:Å)8íBt ~Í!%ÆË5 êu5RY@_ÕÚœPëS3¹Åq`ˆ€ ]aÏ$ö§–b",òãa:5xÉ’¶ªsþe¸/‹ºß³ØQZ¸Õ7™ø"£à¢PìÉÅ÷íñ7E^Q’#æ¾›õª]ùõbRÙðÝôÀ–ᙣEà,0š@SÊFó·x÷j°Í(Ò 4S3—x[E¬nÃî,4Ôi… £k0i0U#0€?Å0ñØC6…y\Œ‹î/©0Uµ"þ#÷|PøgOÑÕÅìúxK@™m0Uÿð0U 00  `†He00  *†H†÷  ‚U™®—Z5¢x¨F®Ì‡¼Ìg±wÍ>¼€F·Î×çgý ­úÚÕ¹.Uª§Ñë]ÿº2Ñ‹%LGCoÇ*ÉÍ4¾¨Cd7`Õ–µ(©Ìüÿ½ˆ /ze¦œê8žÃ@Ç`x„d~®Þ°éñµ_HÊËÚ ‰q1À­w ZX–ÆFGÿIÂ/âš8•Â Ùçe—b® y¦þÆ—z7ô¢ù á© ¥¹ÌsèÆíjy6ÑB‘§J›i´€â ¾Ñדbˆ»ú ­·5ßöjÄLç$Ó™CÍó¦7¡ñ´iNE˜=ŠGz–*µ…p÷T¾¿úÿÉö&×A‡–Ö‡ocertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidNegativeSerialNumberTest14EE.crt000066400000000000000000000016501453642760600317720ustar00rootroot000000000000000‚¤0‚Œ ÿ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UNegative Serial Number CA0 100101083000Z 301231083000Z0k1 0 UUS10U Test Certificates 20111;09U2Valid Negative Serial Number EE Certificate Test140‚"0  *†H†÷ ‚0‚ ‚å!5§ÁÎçPÇ[=+÷Éy¨[ |÷zÎ=“ÉF–К á^6öz¶(®K½Ø;Ð n0’"§,î¡„¬‡wÇÔé?‚·Ï?YBBÜ#`U†%éÙ6ˆV=Þðbö[`Ã>:žéB©Çß‹ëÚ‡òelc¦ÀïC¡OÜJb!Ð3öÏ]¯%ŠÅ<1›l·«Ïî¼ e L2 °|N©"™ÎiTBö:ó´ žqÌj]‚ÓÖÕ“µªîöF?që\G#Ý9¥{ßÍ…ß,Á“‡´¦µ:¡;4óì&Ñy6²ÞoJi9I ·©¿ ãQú§Íœµfä±jLöÑJ£k0i0U#0€bä.5ÆÅè‘Ð ÁÞ¶¯ÚˆÙ?0UdŽã"ºÆPæ›™¨&Tt1¡0Uÿð0U 00  `†He00  *†H†÷  ‚:#³qìÂ@º;¦r>A—xgx·bŠáÂÂ#µ*ƒý6x5ZDxU7Valid No issuingDistributionPoint EE Certificate Test100‚"0  *†H†÷ ‚0‚ ‚Øœ`8¸#af°p‡/ u…O#rsÆ9‰Ì…;‹VŒ¦½Á ð&ÈrmÂ#-R‘–Ì^š¶#f%”A$Ñ[ÍÕ'"¼O Øk'´t‰ ó…êæp3ðÉR+/Ü_1¶gô_O•¯h Œò8¢…÷Êpf«m{GM­—‡ÄIÜJCSb“ƒá?fBRa™Ngûœ÷«Îèk››8–+‚òÁ«ìú>¼ñ[ Ëžìõ”;DJ‡<¿³F±ÕûÀžŒ•Gkcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidPolicyMappingTest11EE.crt000066400000000000000000000016501453642760600304670ustar00rootroot000000000000000‚¤0‚Œ 0  *†H†÷  0[1 0 UUS10U Test Certificates 20111+0)U"Good subCA PanyPolicy Mapping 1to20 100101083000Z 301231083000Z0c1 0 UUS10U Test Certificates 20111301U*Valid Policy Mapping EE Certificate Test110‚"0  *†H†÷ ‚0‚ ‚¾Õß„ïHd@i£7~fÔHÒJž¤•È¨ÓNÛRÝW1kšW ©F—Âáعf¹ lù8>tºb$Ùú±j†#ÿÈîgG òDóÌ=ícgè(í÷®70`¤˜RÚm5ÿ¨ßà›,Œ¸m©zÏ·_­Ø>~Ç“*M‡úkh7g°zWLTXT_Ⱥø9Ý°1…N\KnÉ\(÷F©ÌYu3´¨rlk!';;Cñ7qÙsaÅÉ#²`$P°c6¹·’«ãT2à 0Æ*ì?Ž"ã¾^™gHˆß”PÃblwÑB=ðcÖÁjxr0‘ÀšŸ#n¦îÞ®ô_Å÷£k0i0U#0€[sy™ã®ÓŠ¦3Nxä ±äÉ0U7þ Oy×qÒãõ» ³L,Ï"}ª0Uÿð0U 00  `†He00  *†H†÷  ‚ªIuâkÀ½¢»èn H©—­bÑTŸîª`B¢ŠŸ-ì*=liÔ…3‰69õî`&Rû>‘.”ç”gM¨‡¥ŽháùÓÂHæ<…x,Îm*/¼àÜ ?zMç\“®R÷.?«*é2¥P²P«$f?;í£g™‹zQw½«û?ú{³¯Kó|•QS¿{{ÓÁ¶ÌÖØÁ—='W'³ÚÝ£Íq?¯#x¤g½ä²}QDŒ.tú¼–Ó(e<Ñ€ÿ—§I€¹ªa‰8gn(÷‡¸Í sG~¦(ÁÇ ¹¾êó_ˆÚ#–“,!œŽFµ³¤BB{œ=XÇ µÉBcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidPolicyMappingTest12EE.crt000066400000000000000000000024731453642760600304740ustar00rootroot000000000000000‚70‚ 0  *†H†÷  0L1 0 UUS10U Test Certificates 201110UP12 Mapping 1to3 CA0 100101083000Z 301231083000Z0c1 0 UUS10U Test Certificates 20111301U*Valid Policy Mapping EE Certificate Test120‚"0  *†H†÷ ‚0‚ ‚¬Gë¦ÚÆva O$31=,¯OÎÚÝø •×¼ûŽ']èËÏ0a9ôõíô¨ ¦è¿ËŒÅ(Áïm’Ð<1#í/Ë1ª×-ûÚ y‘\?m(œ]}Çñ~¹¥_g6!£î”LÔ׌D Áç6^ ‘ \5k­×¿é¾vø7·Ø$ó’èÇtÀ´ozZ@HïßýBÚEš¯ª"(…kuŒ3ËìÌŠúÒµKm•êJ½3=D–h韫<Û"uÐ`mèô´³>e ññCI‡Ræ"æÉå>?[?ž ¡äQ…mŠ ´ŠÓÅžS¶W¹“?d³‚oí…rª¶½¨1K`„…„Æ{x¥ I‡Ü,щ‚žÏMàWš”ÁõŸ¿ûLZTÈýmЪ—Îò„Ôñ¢DÝ’h™7†dÁˆ46Žv+žû)±ÂñyG£÷éðÄ?JaÊ8zªþc_}ìÒöcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidPolicyMappingTest13EE.crt000066400000000000000000000016411453642760600304710ustar00rootroot000000000000000‚0‚… 0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UP1anyPolicy Mapping 1to2 CA0 100101083000Z 301231083000Z0c1 0 UUS10U Test Certificates 20111301U*Valid Policy Mapping EE Certificate Test130‚"0  *†H†÷ ‚0‚ ‚¹é³ýfÝVŽ¹bT³3©ø –4HÀ—·ÉÐÿ+/6Bìnjj†y«§ Žg-µX‚ÄØú25@¶uR4ˆóô1ûsD[ÏÕ‚˜ÌbIô}NÅ©ä³Qòb9òä&ôE¤©2å#Æ ‚*AášH¤¥TÿJê]<á8rÖ¸¢‹çXê¡n+ šÑ„Çe<žUj+½›S}¼ò·‚‡1•ÞÝqòïüOŒlyÞ™Êu>ÓœÓÂ|Í—Ù®ÞeúÒWÑ·’Qã§}q¨¯,ò8w<ÆA¥Ý„y=¢_Ãß>ĸí+_ Û¯£©'ö÷ÔT8­l$1"ïIeê©íU¥£k0i0U#0€((2ŽJ„ø¸‹Añ]{è%Rk†0U<@CÏé ì•¢q¢qݦl}P0Uÿð0U 00  `†He00  *†H†÷  ‚Jí©·î|YDËŒöõ¥~%Cã`Šcñ~Ðuæ#Ù{LËþElRN”EÝkq-T Z9jĪ~U7‘‡s€ÅDvãlÞwä+É Y"†‹šŸIßëσõ€È`Ù“Ëúpª³‘DÌ…¥ýש#ÒÀÆõMy€±|¯PëLÁðlþôó6KÏ‹eEž¸…wlãX(sqxönåžÂƒõ³ ðèÕ}äÓâR»È,Ò䧙è3‡¶uz7ù™¾pýîóä\8›¸™&Ü»ho9Gж uQŒæüUn ÐÔÇy-Ï,ÙPxäÏÚÃsˆl厖üø certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidPolicyMappingTest14EE.crt000066400000000000000000000016411453642760600304720ustar00rootroot000000000000000‚0‚… 0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UP1anyPolicy Mapping 1to2 CA0 100101083000Z 301231083000Z0c1 0 UUS10U Test Certificates 20111301U*Valid Policy Mapping EE Certificate Test140‚"0  *†H†÷ ‚0‚ ‚Òi\ÀÜHìÏTƒx"š°3„‰X§R²Î||4Ó#Jì}&20kœ‡>ÓËùèmÇgQÙÙçE(túÕ ì¿ *òúìx±•Í¢ Åâ|fHڱÿtê]«Të×= sCšéäÌ=áÐÿð§ uvÓØG^—'k¿q ! ‘Üë/%œgù&Ãq+ŸÔ.Z{ ·¯S†ËÕ ˜®ŸmÔ(}¥À¤Fð”éL—1§iþtbï—ÙÞì^ífžþ[¢l€îHƒN‰2£ ø++ŸèàÇ C¬ „Y[êlˆåùsÝê'lô¤Ð"¬Âp“5λ£˜ÐA6„i£k0i0U#0€((2ŽJ„ø¸‹Añ]{è%Rk†0UþÛhÊÂ3Þ=;@<âÝ ø ±®0Uÿð0U 00  `†He00  *†H†÷  ‚­øîÈ®oؿ̵Q­™!üR9£©7ô^ÊðÙ²ÝÚ20{Ôž“¡X•Â¼|ý¾W†¾j:il}Å+ÈêßÁP‰J•ÀÔö7ÓRàD‡jï†ï¶>ìiX鸲>ìUÐÃ*_\Ë–~iì 53SÍO‹úCÕ­ ?¢< ð’ˆV:³—Ë4~¼ó—½þÿE|"ò¹ÓîàIMJK˜'Þ*E/£ýä YžA÷X‡[ÊêSš‘K’ /n5ðNÀBVŠ68–üOdˆ°sË. eƒ©sÉ‹šRt…/Œò 8¨ûɧïA­†êF€§~SS, FÙü`ë¼ Àø3ž#îScertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidPolicyMappingTest1EE.crt000066400000000000000000000016241453642760600304070ustar00rootroot000000000000000‚0‚x 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UMapping 1to2 CA0 100101083000Z 301231083000Z0b1 0 UUS10U Test Certificates 20111200U)Valid Policy Mapping EE Certificate Test10‚"0  *†H†÷ ‚0‚ ‚Ö¬8Ÿè`žÄf¤(oG' ×\ÁŸZþvy6Š6‰Œƒ_Mj) &?â=ÃõÁÒ#dG)Ó Ý;’”^ˆÕä¤^åWŸÎëx~ô0GSé¿tk M¸6$ö¼L†›{Þ{e~¬W€—éí:dXàæ‚r º—ØôGGØ-ÿ þÃ@oQÞÙ¶7Xºtï!L@È›Œ<±5{6f«éêäËÖ•0%Á´DœµàHµZ/DXÔê A»1Nú%¾ª*Ü”ª„…ä®yz3ØlžìÃHKïc/Ìm¼áaª×^F“–Þ]žr~¥énØ ý£k0i0U#0€™ÅxiË=3v™¬Då°þ¹ôÛÇ0U•¢<ŸÁÏŽh º|ª@?WXÞŠU0Uÿð0U 00  `†He00  *†H†÷  ‚«½¡+ðªQ >Ÿw$$™­R»³™Ôdz¼µï³ZBoÄXd].‡NŒHC cm3FGÍ|µQ*oõß;Ë©Û(5Oh$( *SâLËUy0õ«95x5ÊN-)qðÉè³îLsYô')”™ÌàúJ„)= ÿïTëÎY¹¡Y°ëô 硤²§êJ VbšÒ› p‚°gÃV´à?ºAÃC²V®bÉ_»HövEWöµ[«‡»þf!ÑÉÖB|kþÜêÞÝŸzüûURTž0.ŸÌžÅÓÀ@-瀜D™½ÚÚR先ѱ @xÊ• Y¤Ï}-ÁÀcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidPolicyMappingTest3EE.crt000066400000000000000000000016361453642760600304140ustar00rootroot000000000000000‚š0‚‚ 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UP12 Mapping 1to3 subsubCA0 100101083000Z 301231083000Z0b1 0 UUS10U Test Certificates 20111200U)Valid Policy Mapping EE Certificate Test30‚"0  *†H†÷ ‚0‚ ‚Ðh~¢PÉ´2†ZëÅå– »÷œƒ\-ܹN×ÐÃa¯ Ãýê¢W.ÍÅÙE@†Hµâ—WXæ‚Z"ÉEmÝ r50 leïà»qâs¯®}iä‘6}Ú«kàxÌç¼ò‹øê§<š\?pü(¦Ù %czŽÿ£¼_œR#u f_¯Bžii,•sGtdNˆsTc;6 1¨ün² r|¹o×2“—È Xù¹véßNE-P XQ KB'6&e´ž| ×]ÂÐPŒM\Iƒçê®jÂãAÏS5ÖðwL!S”’ØÈÓþIùéï?GâÄrÀ£k0i0U#0€]9>åª*^-ö®h*­3›=›s0UWr¿^¬ÆxÀŸ”F¤þS¼Z0Uÿð0U 00  `†He00  *†H†÷  ‚M>ZIµ©Rhm.‹€.Úñ7Ø+„/Á÷:-ã½ôD!üÃ!db± ÙÕ×"ª1¦-¾|qëe5´ÂJÁpÇ`Cm‚· d5e÷EbócÝU×÷–Éád[²§ù(“¢“¬ñniÔ…÷õT(2 Úð •ÃÚi½(¯`G¤rPŸÌn4’°ê ·»°ñ²í¶Ê_¼ÞÞõsIp%*]Ú°Ø ÿË*­©ŽqGF:ÞaÜÐSª•jÍq‰åô9ÚÑ€`âYGO¹åæéÑ5 >«j!`‘³c /÷‰!0)U…6•ÿ…ÊGPòUmw†áô#±¼kŒAJõ¥ vãcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidPolicyMappingTest5EE.crt000066400000000000000000000016341453642760600304140ustar00rootroot000000000000000‚˜0‚€ 0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UP1 Mapping 1to234 subCA0 100101083000Z 301231083000Z0b1 0 UUS10U Test Certificates 20111200U)Valid Policy Mapping EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚¦ˆc p6Š0¹ŠÓ)%UÓluá‚àðe ¦q&9fvœûŽØiÚP:ÉA»|+±L§‚Öa’9èøÔüüÍ9%ÂýKC˽òBI³~9ž€#”Ÿ-ÙÓ)s:ÍL( œÁ[ö¯ûÀ»c*¦:4µ£k0i0U#0€å•ý*9x¯ËFö@˜e í»0UK‚0õ2©ýúö†Âmä×3¿ªíQ0Uÿð0U 00  `†He00  *†H†÷  ‚Rú…Þûâd’¿“Z'2 ÚšU«v ãH s/ûj.LëRÔÈke°-L>Ýê)OvOÆj`«VxóyX;™íc¯Ùcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidPolicyMappingTest6EE.crt000066400000000000000000000016341453642760600304150ustar00rootroot000000000000000‚˜0‚€ 0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UP1 Mapping 1to234 subCA0 100101083000Z 301231083000Z0b1 0 UUS10U Test Certificates 20111200U)Valid Policy Mapping EE Certificate Test60‚"0  *†H†÷ ‚0‚ ‚¯†â±W£¯À†¾ùò–‹nˆ|Wvhc t1Óýbã ÖÿùÒÝ&V)œ†A«¹u” È@X˜4†g©Ý#ðj™6Å·£ÑBýZîngÇ¿˜ž° §ûø#k»:~Q¯¶äcBmà Ý:¨ÄÔÕÖEþzôÎâìÝ€UVtÓX¹«OÊë«Ž,—#žmðž]—•bí Ë›i‡I–Ž $óÄלë\ðq/‰´¤UäÔpLƒÀ›¥R1f_óHA{Ë+ç.ZK qEK08mR·JÈÙT²Ù§5‹3 ÇHž){ )¡ø$ÄŸgš7%'ÊG´5\L¤f¦Ï£k0i0U#0€å•ý*9x¯ËFö@˜e í»0U³_ÛAž ÛQzÕŒ;ílÿ k0Uÿð0U 00  `†He00  *†H†÷  ‚iRy(DpfXFº`é`$sÁ®;$š˜¶ɉƫ"Q>™:§âdŘu!#Ÿ:Ûß‹Ð),Ø;åkØÍOw¹Ö}ÌÛYÉŠi­©ÃíÏëø¦Öî$7]2U¼MhÒI;l*Ž“mê Cçk$ì,fh›«¸œRYšºøB²èÌÞf%Ô<箌6±¨íê‹ Ö*a!“ 2‘|.Ï©õÊgs8µ-x«Ø ûC0) }²fkŽ¢»4¤s>¢ŸQÚ5R=†ÿª†s–ùãW•UÄ‹|&û:¸œôs¼.íÇ&Â=}J7}„Ëw§†TgÕÞÁǯIR𠞊‘à~~ߣk0i0U#0€G'/C=Å/Ù’¬ÇÒvÐ3Æùw»0UdN¡wrj9 žÈ½w|?Ê |0Uÿð0U 00  `†He00  *†H†÷  ‚LI¤¨ ‰¾Ç–š(£/ƒ»±™{Ò$c*}\HbºŽÔ3t=;=.$QHã¶?þF0$öIré5ô1š‡>„á™ý_¦ÅcÀ³dp!Å{ "êõ›çN“ZÔ5MØe ¬ yÉñêe¤\»¥ï—¹%÷ø®À|q”$Â÷ é}#øä!3†é®BÜtÝ.'þÆ(>a>Ô 5Ó3Á[Ÿs€¤¯“Ý´Q³‘]þ¾{ujÁæUó&Yõ¿ðÉV7Nnái¹*^ÆÆæ¢ruB÷8ÂÓlR_lÖjÙ@ Úð÷›©aÝ4+|kâ $/¸6· …#T³÷‘certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt000066400000000000000000000017631453642760600333650ustar00rootroot000000000000000‚ï0‚× 0  *†H†÷  0“1 0 UUS10U Test Certificates 201110 ’&‰“ò,dgov1 0 ’&‰“ò,dtestcertificates10UMaryland1 0 U3451 0 U.CA0 100101083000Z 301231083000Z0u1 0 UUS10U Test Certificates 20111E0CU"R›c³aÃÚÅú¦Õzð4h´ÇJÊoçIÉ~G - ÃS`ŒŒš ·:ªÌZÂœmJ舮¥p ÆR$1æ¾N±\&Üîã"ç ÍÓ ôóºrúh²–'ë5(¶Luýù=m¢.‚©7šÒWž™8Xþv Í·Ú˜ÓR×®ˆ·¡¸Vsl ñ^¼â,;qO q>›ºrõgÿCôFmQÚ‡£ÈA.5†µ §gkö´×à–Úk/!ƒÑSὓˆR'ƒ¼C¿ Ê‹Œ­ÇGi\O2certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt000066400000000000000000000017761453642760600332210ustar00rootroot000000000000000‚ú0‚â 0  *†H†÷  0Ÿ1 0 UUS10U Test Certificates 201110U Gaithersburg1 0 U*John1 0U+Q10UA Fictitious1 0 UCA1 0 U,III1 0 U M.D.0 100101083000Z 301231083000Z0t1 0 UUS10U Test Certificates 20111D0BU;Valid RFC3280 Optional Attribute Types EE Certificate Test80‚"0  *†H†÷ ‚0‚ ‚¹Öwj–¤Úùý}8±f0MŽþÃ_h$gÈóE­8¬Lmʈ.²ãE4Ÿ ÅsA3À‡V«l }úŽ!¦x›`QÉ°È£cmocÇë=m=×ߌ‰úOn@QD¿`7$àÁš„6P膾gM%Rs—÷²¸"ûD˳…´‘§–Þ]hR&(ðW NƒÂ«ó‹cÖ˜®ý3z–QWºC¤ÏÇŠü…ëN<ÔÉ=Ä£CòÁùd)$6FÅe¤ˆrÒ×õ>iZ·=&Xñ×SÒáÂ'  «÷*;Óqdz4Ý« ¾ðœ€Rûš‡Ú±îÖB—ZÅŒÆM£k0i0U#0€›no?Š§ô経1[ΙK‘||½0UZ5´‹eoñŽ­S`ª#ž¥e(C0Uÿð0U 00  `†He00  *†H†÷  ‚"ç, ²»çåÿ>‚ïuD—¡Öý}õÀóU¶6:­}§zòOC;eXUwʦ7†[LŽ•4È‚Ê]r…m}ÒÌ~ŒáæNb.ƒ¸l¸ëláñ›¿L©°rÅ!¨Ô‚øD;ߟ­‹­œ¬=DÃÍñ„éü¬ú‚|¨üqZs^_ç 9L‹`KøþV…1 ò\¼iÈ–]’Fè6Ú«£9¾ÙšÓ$’Ö½ž¨,Ö¬‹ ~î„Æ'VEMX*aMZ³õ8G¸Y{Ò…£\bèü‰dÃÇI í°Ä¸$µ¬Ä—²§ÒóÂLyhÏØÆÚV×¼1FO.RhßG÷G:Ò½certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidRFC822nameConstraintsTest21EE.crt000066400000000000000000000017371453642760600316620ustar00rootroot000000000000000‚Û0‚à0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints RFC822 CA10 100101083000Z 301231083000Z0k1 0 UUS10U Test Certificates 20111;09U2Valid RFC822 nameConstraints EE Certificate Test210‚"0  *†H†÷ ‚0‚ ‚¹Êý˜D!AýrŒþðýΈþZL+¦‚b’­áô€Ýuo½ÃRxf,Ù£¸ÌR·„’–~²j®,¢&pœÆÁý‡óIØ(?œ(J9¼X†ö©æîn¬£k >Xamp¬aÃ;z‰6\ÅÝ\3fþ»Rª'Œ¥Çø4 ^È' ./¯ëˆ€&Ø›¾¶@ Çñ‹ñ5£ürüBU¾‘;0Ì‘= =>óækÝEJ†ƒÐZÃSëÂE-Gx·ÉLÙá¤#ÓV­S‰k«Tøms¸Q,8YF ÔHô«Ó}A”‹ëZAåF¦ YÓkR¥ßJºõµà‡Ïp* “£¡0ž0U#0€ÈjŽ±Kª¥ˆ¸§‘Ûê3JèÕâ0Uf £/ è×Ê-ìî¢BÉgcÔ0Uÿð0U 00  `†He003U,0*(Test21EE@mailserver.testcertificates.gov0  *†H†÷  ‚=/‘{Ϙפì Nì¿DË*Ó…ªÖQ¢ ÑÚÅ¸—7Æg=!yhÀ8`?áÅZUªÐ8Ù7*ÅøDœ§ojz.TXf`~«ŒS‡k|Dó5­E¦v?n锓…£?¹ÍRŽÓ§ÓZ¯ü‹þEE‹±ãòõ ä*‚ I•<ê²>Å<Ôxxeq½‚b@ßкu¹Š_àâ&17ì¤oWU5}ŸˆmÕzÄÉæ2 ] Ú(ÿëÙ˜Hû^àiU1Ót[F ùóÍl‹ƒ‚´'íY"Á׶+áž´˜hÎQÒq;û8WÔºSüÑëd둺hÊ1ÌÞÙcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidRFC822nameConstraintsTest23EE.crt000066400000000000000000000017241453642760600316600ustar00rootroot000000000000000‚Ð0‚¸ 0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints RFC822 CA20 100101083000Z 301231083000Z0k1 0 UUS10U Test Certificates 20111;09U2Valid RFC822 nameConstraints EE Certificate Test230‚"0  *†H†÷ ‚0‚ ‚Ç÷³›‚í“\¼,é•ÓjÞéÈw7Ó-ú[·mNxŽÄk2í)jƒ¸Ç¼ 6w›GÅ †ð[š(–/&… pn'6¾»8£Ù›\xôøBW™î&®íæ/‡ÇØʤA±­é:Ö§¥¤ö¥Â¾ôòµDòbŠøKÁÐ]ƒ›¼Mtµï&–ïy<þŸwgxÐÞlòÃÀgS‰ÃÅw±øʱ¬Äw›¼ù¢€äMS–ÜéÎô“i¸R³FÊ ¾§|ÆK‡Õtª’6P@»ò¡†ùÒBbkö¹ù–9Ýiœ#²4£L ¢<úèb]LÕêÜ8êÔnvÚBi£–0“0U#0€Q€ÍúIrH<íN ÎÎ@ep 0U¤8nÁ/]®õÇÅîÖ IK0Uÿð0U 00  `†He00(U!0Test23EE@testcertificates.gov0  *†H†÷  ‚Ù4–H% Dž¡Ýï+¿ªeÂ1ÇqÕƒÜù=© §Šú~+Þà·FDÎ8ðæéx-¦È@RÒÚSÐ]cs‹c~)!3è°ÌžØ±[ ŽÞv÷_¿àHþA›îñ>™=y‘è 1j(©×o7³+ñŽ"9Êã:õ»ÜU:¡iÕwoCQ/'I¼Ê»Ó˜ägb>q=Ê×C,ù¹î¤¸³¿±Âq D°]ÐyÏ“-ˆpŠ;¼¨œñ¡U…IŽV³aÒÊeåD|Í™šß¹r¼œ†WÊOþ ¶F­³yÔþxFöÝ j!¡Égz í¦ÚæþWÅúG>°«!certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidRFC822nameConstraintsTest25EE.crt000066400000000000000000000017371453642760600316660ustar00rootroot000000000000000‚Û0‚à0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints RFC822 CA30 100101083000Z 301231083000Z0k1 0 UUS10U Test Certificates 20111;09U2Valid RFC822 nameConstraints EE Certificate Test250‚"0  *†H†÷ ‚0‚ ‚õàMŒðÏNAC02Fj‰µÜCsûöæ‚Š\7 à„åU+BXˆ°r«rB‰Ë¨×VµÕë#ý¸!ˆ` 2/륅Y«Ë0øMÜ>}9aÊfâ†éÓW°Fò!£ç=£ Ð~D¾µ\î«Ð S•²èï=Äg”“Ó ç¹+TRt2¶¶°Ïͪs7úH=)îføψ]Si9|G|ÈÖ!ÈŠaO–ᛨèS˜œ§^ÕÓV´ÈG|RÆZÛNßxd­hÀ¢7–/öÂáfgþ%£(”PûËõžK/·%ñÿà 7¶s”M”–2Úòrƒ}ú Ne£¡0ž0U#0€šº9MÚ!u¯êAø÷þ¸Ìí}\Z$œóß²t å`’6ž|X>(î%<¢ Ð@&vÅŽ1·x"Hgh«|Öá°yn”8As¸ýwoQ~@7)@ãB’e Iµë¯N“°ü!Á¶í&[u ­ÅƒEÉy*ån)ö7†öX´Á9-"i¦ÜValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt000066400000000000000000000017051453642760600355560ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚Á0‚© 0  *†H†÷  0g1 0 UUS10U Test Certificates 20111705U .Rollover from PrintableString to UTF8String CA0 100101083000Z 301231083000Z0t1 0 UUS10U Test Certificates 20111D0BU ;Valid Rollover PrintableString to UTF8String EE Cert Test100‚"0  *†H†÷ ‚0‚ ‚ÓþÌ);M¤¶£nî? ;΋$BEÕ‹ð㊪¼Jû.µÑBÄ[¿«qdÝ_»Ü­éæ”û¬-M¹$µöŽˆIY¨#† uª4êD·ßƒðÔŠz¯(pýò/ïsVhÎá%̆&1õ¸ &‚ou7ç좉^¨¸ Aüp@L›¨‡/¢QIN®í¡èµŽÒy&Ãáž!˜³µvŠ\©¨WäF|²L.K}ìjÇ¡½ƒŒpH€½ ÃôÜ3“µm$ü‘úØÛ©܉Ý>ù#·—êØÌ ô‡[ߺ»S4GR0L‡ÃX¦iï+n E„ @-ÓiFÚϨ,× `ÁbÚß:ÿe©ßÆq-certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt000066400000000000000000000016531453642760600331110ustar00rootroot000000000000000‚§0‚ 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA20 100101083000Z 301231083000Z0p1 0 UUS10U Test Certificates 20111@0>U7Valid Self-Issued inhibitAnyPolicy EE Certificate Test70‚"0  *†H†÷ ‚0‚ ‚Ùô¸¯0òŸšþ×ïiÿ…Qçö’)³pV_KðçoØ2WšO!©V€*ü´<\æ^ú€åêÈB³TÒ ''ÅÖwX9¤¾ÆÎønÌæ禾U{¬ôWL94â ø>‚Òºú‡$á“™xO—äJkoÒüÔ‹­xäÖ‘ŽŒ¸(QW²íD‘-*ô þ‘û¡4Ú9LÚÈÔ1Tž¦Ž9Ÿ2ŒR³?Êõø`¥Q|§‘iøè×sóz(œ;,W‡»ìðõ—РÎç5³“²Zfõµ¾8Ò¿¨÷ásGžtqƒëª‡™zrrrïº#BÁë1§È1—ÏxJ1Ö*…£k0i0U#0€ŒÜß~dÛb¾ÛKQdŒjfØ\££0UÙ¥ Åé·ÑÎöC×N“\óXP0Uÿð0U 00  `†He00  *†H†÷  ‚#—Ï?•hïR=EÛŠ y^TºxôŸÛT¯ÖBfk|{=%Ñî«{Ç’ËôPþæVdòs6ÏÒ”¤­È6VŠW¹ Hëì“ ÃãÂ>»Ýò_2EŠ­ÌçšÕ(Éä Êß&×7eÄ‹`ì-:-¦èÖ`DV(-,ÌEŸƒ.×J2XS!!¨›uléhÞ9Ë…Ã=¹¾ýXEvýõ°UÃso+ûï*ErRɺÇ|é«èQ»@•¸‚Ës‰°³ûf˜¼jJžjÛâ` Ø…4©y8€]”d ‰.¹³XxK$‡Õü®TܼoSî_cÎ5Ù-T²˜èFcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt000066400000000000000000000016531453642760600331130ustar00rootroot000000000000000‚§0‚ 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA20 100101083000Z 301231083000Z0p1 0 UUS10U Test Certificates 20111@0>U7Valid Self-Issued inhibitAnyPolicy EE Certificate Test90‚"0  *†H†÷ ‚0‚ ‚ÒZOÅR Ûmð¾Í°y‹HÖUgh˜Þ®9=BV"›âÞ¸kߣ\2Т)2°µâ´‚1/¸-Uˆÿð·XÏÇY‰Qà¯,ﲑ%‚z1£ˆÝ¶V³2D(gü£k<ÆášoãÕ¼ŒžS\z£ÃÞ®çqéÙºf•åyÐ sã:óëÊÝO_âEݵ)Íq5äPqéUEŠgØῳó¬#¶¾î»%*XÕd‰ÞÉ]ÎÆÙ<ûÑ.as$b(=¥”ŒTÅ5žÇþª~iý÷n±ïŠF‘ŒØÝÄy²c0.(Ž÷ÖiœŽkE#Œ",ñ"âV uÃ~¥A‰ƒ¶Ïu—£k0i0U#0€ÉÌ?ú[ð¡ÚÕ7 ›Î˜Æz‰+Õë0Uå:Õº©™Õôª–ûÝ8yÿÐ{%m0Uÿð0U 00  `†He00  *†H†÷  ‚0Ùw(¨7Ã>Üv1¹„¾ªq‹:¼E÷…éNP ãÐTaù‰še¨ýð5ÙŽAÀà\ ;t0t¼ºj`‚ÆèsBËuøÎóNäþWv³°¡éuû7ââ÷B‹BhŒœ¶<ݬø™*dÚq?®ôþÚiç Ô2ÍÙ±è”ÞmËúoIÞìT—£¡Z`î”J~“ù¶¶…™¬(ÆdB$„ÖÂ< ¨×Ñ@D/âPÓß›³"?ÆËþNGpU\@ŠãÓ ¯¨=•OpcÛ0Ç•.w?Øë-Eî/Mp÷ÐÚ«¤þàýU¤Ì‘zŸs¹Þ÷²ñ-sóÉzîLcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt000066400000000000000000000016651453642760600337600ustar00rootroot000000000000000‚±0‚™ 0  *†H†÷  0W1 0 UUS10U Test Certificates 20111'0%UinhibitPolicyMapping1 P1 subCA0 100101083000Z 301231083000Z0t1 0 UUS10U Test Certificates 20111D0BU;Valid Self-Issued inhibitPolicyMapping EE Certificate Test70‚"0  *†H†÷ ‚0‚ ‚ÎT Åä}™–v ûå°Û •úÊG\º–8}ȆêÀ½„AîÊšûyFêœÃž?õßÌöï9ºIøÀ,= ‹•úC—sõ¼±¶¿À²®›4pXžüîõR5ÍE—MƒŠbj¥¥`*Úo‡¾и¶C7f3ίpŽ¾+Z•œ³µÚÒ¥ yEÃôjNµW1HR­:Yù)”‡§:%Á!YNåý²5œ¥¢pÛßHÒ¾îþ/B²mÜu¬å Àâ'üÕ,B÷Ö<¾ˆmˆRæÊBD ¶M¯¦ci?°¼˜£ýGWI! mPäiÜ4÷Tä2sŸÑϲyq¶ßK'±4Õ¥_+£k0i0U#0€óÍ?ƒ0ÓÇbÚæÊl¥±¶€Ë0U-„„ÿl\‚D>S†GÓP2äý´0Uÿð0U 00  `†He00  *†H†÷  ‚D¥Ã¿BlŒ >²öÅRÉZ}ÅjWâ)oÙsãsnSÙŸwœÃæ¿}+™ßJèÂbö`YÖyCÞ/²çžDÌy#ûZü‘Iÿ~ ¶º³S‚jÐlÍCÕ#›í®-éfí£=K€•Ý£<›Åg‡MýËE½][Áz¸ 6J·ÙuáB·× bQ;Œøp%²DãccÇJ³ 4vÉaj窥ˆ™Ûüëó2ðÃ_ÎW"«).ÃáL†bG €ˆ ÑåTŽ.Ô÷"'ÚQ—6Ná*qKŽÙuë4ÄßPBOoÛQ×nƒK„i†Ü ÒÁŽ0Ò’Ã]Ë‚¡^[’³†°certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidSelfIssuedpathLenConstraintTest15EE.crt000066400000000000000000000016521453642760600333510ustar00rootroot000000000000000‚¦0‚Ž 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint0 CA0 100101083000Z 301231083000Z0r1 0 UUS10U Test Certificates 20111B0@U9Valid Self-Issued pathLenConstraint EE Certificate Test150‚"0  *†H†÷ ‚0‚ ‚´ÏÔé‡I/¢ô›ßZQbß^ƒ#¾w±*ôeHX™åL˜T aFp3ø·9æȺV~2gú𨃠ÉN[‘·å¹ÚÚ_VÿQÍd9´NAó  Zrne%c\L ²ˆÌÈAD®GX ×3>þ4ND6"4ùÊ1ßZT{l¯p+ ?–£·~ücµ(°µò:w—Î&ñ=& ˆ¾ —.äŸ[2m éÓå _ê WJëP•˜¦ª²Ó[ª¯G ?ˆ¥S¯ ÿÊÏ î%ÈêE°¢™ÚU©‚ê¡ý½­0YȧuªKfæ}ðÄ8…k¸AÆü£ßH/©¾MÎ-­Å™£k0i0U#0€€ës¾M™ž”½KZ÷ÏWwtÃ_w0UÈëÙXÀîëÂWmš}Ø¡·a›¸0Uÿð0U 00  `†He00  *†H†÷  ‚‚ªF;vgÓUÀZ÷î:zäodýœ ÷ÇîD*å'ØÈ[dIʤĺt29Ö‹y€®Ï·—°ð#Ôêðd¥NT2Ê^(¬¸½ìƒìIàyöÎL,Ë>Ê[”{8»Š<µaâ—2ž+KŒ‡šLCU ±þûÇu=ˆÓÅ™Ge7(öB8sfÉCøSA*yE+F®Vc¢±b.™k-`Ý¡¿Ö§¼½`jŸw¹5"w/xÃê kÍyHF%÷P;¼LMØ'%j¢Cx­ÌhèLê[íðQ”7‘ST"â[2“hoÊqùò¸L«xÙHø°certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidSelfIssuedpathLenConstraintTest17EE.crt000066400000000000000000000016551453642760600333560ustar00rootroot000000000000000‚©0‚‘ 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UpathLenConstraint1 subCA0 100101083000Z 301231083000Z0r1 0 UUS10U Test Certificates 20111B0@U9Valid Self-Issued pathLenConstraint EE Certificate Test170‚"0  *†H†÷ ‚0‚ ‚¦×]Cƒ©€¸|ó]=ÂûíbPÕ̺÷Ùø>íätU@î’³j›âÁ€`g†zÌL¨„˜þ:ÏáŽ#6sWSú¦ZúÇþjõϘ h‰f½¯Òß÷ b×Ǿ„ Ãñ;Ú öVH’QÉo§Œõ¶aVø•5¶f’”Ñ[î'RWË 6K%§ºÞT¶Î ø™ÈZ b58jCW±å`Ž}¤óßv†™¦~ùÕ›´ÄpµöË}j8'ðþIØŽÿn^ìbÛ@ÆP ¹Fï8ÂüàŸ{Ę–ó£“ÜÿÒjâ4ÌYñ’Öì¿Z‰@RÊýs¿¥†û9|ý£k0i0U#0€y‡S):¾èÔå4ƒ+ÇÖ0Uçß ðÐu© Ú¾-Ó¶6’Áù“0Uÿð0U 00  `†He00  *†H†÷  ‚VŠ!ågö¾I`š©­'ÿâ „dä>aŽœ‰¾RCݨrχ•iãe¯é,L^o•äì¡„&m5XÈ+Þn%ïÕ&|™?ò*Qø…c䂃…üljÓ°Z~ïVZc.:ç=O&ÅÖ(ÿ‰Å­OÔ@P;î‹Å›êoEQ9*įèV5 Mñt‚Â?ù]± îéƒxšôG´CÌ59îãº3ªØO¤âÀîÞÛEÏÖÇ,põ‘S¾°î¨ÑŠ8(“ý^‹âç5§q¹w«E· 3ú¸l ýåÉ‹˜@1}/!#ÞýJ·°¡w[_²Ï1WD A¯w†.certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt000066400000000000000000000016301453642760600341630ustar00rootroot000000000000000‚”0‚| 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy2 CA0 100101083000Z 301231083000Z0u1 0 UUS10U Test Certificates 20111E0CU2~DãmþO9E·¥Ñ^Aˆ]O~Ž ·t¿ˆÛá2j‹~!!É*±Žð¿ŸdÅ DþWÙQYÅKc<9C‹ôopC%•w-®µWPŠ"ÔõÓ*©’èåR½±õ¼y¡}_›ã– 0¤Vèí»àÛ8׫Á× ž¥)FÁb{MÆ7· î IÒÐ{v_îcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidSeparateCertificateandCRLKeysTest19EE.crt000066400000000000000000000016761453642760600335230ustar00rootroot000000000000000‚º0‚¢ 0  *†H†÷  0^1 0 UUS10U Test Certificates 20111.0,U%Separate Certificate and CRL Keys CA10 100101083000Z 301231083000Z0v1 0 UUS10U Test Certificates 20111F0DU=Valid Separate Certificate and CRL Keys EE Certificate Test190‚"0  *†H†÷ ‚0‚ ‚èíh·âoä°£°›1D]¡u~àH¡7a}5kYæ¡õèž/ÿ0ª/bÉÏYRyg‡q÷üIÆÏ *­Õ=š&–†gO²scêà㘸kŒ­ú˜Fª±· á¥mµÑëìªö)û Ñ)‡ú°kÂШŸkjúƒuÖ¸.ÞµÔÀ)À¦×@CÔçLÆ¢ªSÎte™½|A^Ú™\Mæ'I™F8 fi´'úkYFWÚª_+«* íÄN4Lw<¬ i§ù tv*¨ÀX­½â7Þ¶,SZ°AÕë÷ôqé8™ eyÚ˜"mo8¤é©ËÂÑ–“à:`phoØ›h™£k0i0U#0€ðeÚ?ZÞÕ¶H™;×L¤0UëMÇ)2°ìW{¯—p äàAã0Uÿð0U 00  `†He00  *†H†÷  ‚ ˜aP·íjËÝöÄá¡ÆLË54ˆÐGA’ÔÐQÚF ì¯sÏzFëIÖÖ—ÍmꨙÑÔ©†õå%窥ëê)>G­:˜<™‹‹0bx7ÙŒWŒ??^NpÕ|ˆÊeÕ×¾êKCÙþ)[h0ï0Êë½8Á1ÞÐ0~ÊlâYL’ ™œ´ÌãüQ›6Ö9Ê(?»IœÏ›Ðpkâ*certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidTwoCRLsTest7EE.crt000066400000000000000000000016121453642760600271340ustar00rootroot000000000000000‚†0‚n 0  *†H†÷  0D1 0 UUS10U Test Certificates 201110U Two CRLs CA0 100101083000Z 301231083000Z0\1 0 UUS10U Test Certificates 20111,0*U#Valid Two CRLs EE Certificate Test70‚"0  *†H†÷ ‚0‚ ‚¹&ê* 9œ}%B Ÿ)·ªÔï®UÝ£‚5J>–Q?²¢`éÕ¯Vbp1àd£Oõåàmƒ•ýÕuž–»VDÌ ÁRxÑJ®%D:ט]0·ÉŸýÅkü¥1bZT½åäuI†È}/l 1J¬k•eÑäˆ ÉWòΔóÞMXÌüÂ’În”N²»"Zó"‰@ÂNì¦ Š$ƒß}ÉÝâ}›§€°í8u|J)½"pŒ†‹4üý¡@àÈ÷{ … #Ôe§<—Òx™À³LÑƦ̡§8—SÙö+ãµÇ¿`©Õ= ýnýT^œµÖpæÙÁ~¦Ú<Ö]lJ}< £k0i0U#0€¡Ö™€ãmýçîwK_ñIÙ aœdK¨ëªYÞSv«Âs·¯-—Ñkõºáe؆+au(³HŽ2„ê?:9}½g 87¿êÐtRK*Ÿ1“>¢? ÇÅSo£ª0§0U#0€ú(­AÞ*hÈ#?&Þ0UÖzì1Òš¬¸ÿzßÝ2/_”v©F0Uÿð0U 00  `†He00<U503†1http://testserver.testcertificates.gov/index.html0  *†H†÷  ‚PÀ,zà•nÁ³‘rå  ?$*\ÆS '¥áçÔ2€lðªà牔/„2~f¬àXþOÔwi<úm¤D;QþÁ<ÿLømÄËôæ~Xq¹èö¨e"¾ >`MMp7‘îÀÎÔŽÇ$÷¿ØÑÊT:*Sk-™=Ð}ÈiÈ ÔÍiÛJfÊ9M~Ç7cÅyV¨b7÷NBu籩ò+†~£hôèÂ/lJ3W# Æ‚%¨wn‹wב,ÉcØÖ§# *!ô­¼“3YQþÓÔŸ¥rö¢üðOsˆÈ»\fõ†«ö€MûÔÚ yòTE‹NáÏvl*¦&certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidURInameConstraintsTest36EE.crt000066400000000000000000000017451453642760600314600ustar00rootroot000000000000000‚á0‚É 0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UnameConstraints URI2 CA0 100101083000Z 301231083000Z0h1 0 UUS10U Test Certificates 20111806U/Valid URI nameConstraints EE Certificate Test360‚"0  *†H†÷ ‚0‚ ‚Ìl>뜒“§âéÛDÅõuÍ~¬R .›Öé‘Nì²ÀK B7|Ó3A35‹ém ˆ.$OÓ:¢þ‘2ð´ÙdÝßðoŠ ø°e¡Žb0`!T{óŪ8¬þ¾tÇ8ï{Æ·Ë`FÒ†íl!ƒÓy7k\îÜAú_¦W@syq`Á“ŸÑ¬ÝFû$îHSÚD€âqÚ*~å™53!¯š³Ü¬‡³‚Œ–2H zï­,EÅ=Ý.âJPÏíYp3~¨2FNQ±÷'. pýžU3„ÞQHlƬ"‰²åç7„CÄNe»‘PÍÑ]$„ŠWî`÷~¹¯üuŸ6’S‚£­0ª0U#0€Më‰qßð²úv:X±º`ÝŒÓÃ0U]ÜË“3š´"?¿CÀóÂ">ÕÆ7Å0Uÿð0U 00  `†He00?U806†4http://testserver.invalidcertificates.gov/index.html0  *†H†÷  ‚\u} Õ瘚…ˆd/± þ2Ö÷ÁOåmoìþ>uR-(* òpŽ±€AcÊ@ƒQßèÌ>%"”ĬI‡ç|2\¹çº™n sØj´Ì*ŸBPcýãºÑ.èàÓ‘ í\_zõŒõÄiPHiÌ0\ÙDQJþ>Fhâ¡öFÓKLƒ1ˆñ¤òf(-µ\t7¿|ìdøì0OmÝø ­½ Y' ¿øƒ|$ “zгD73Ì·¢´3@‡æ@½?(g°$­:1GhÐ)„.¯®â»*M—ÀMÿ'ù0!@–EÔ5§ßúoïùº©xZW.cw@Kã“)Ócertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt000066400000000000000000000017021453642760600336210ustar00rootroot000000000000000‚¾0‚¦ 0  *†H†÷  0b1 0 UUS1#0!U  test certificates 2011 1.0,U %utf8string case insensitive match CA0 100101083000Z 301231083000Z0v1 0 UUS10U Test Certificates 20111F0DU =Valid UTF8String Case Insensitive Match EE Certificate Test110‚"0  *†H†÷ ‚0‚ ‚ݽ̒º„RFæp.Ê‚H³;]$V;‘B‹ µ‰Þ•äBÙ¨7“íc¶s9Ô9G)¨ëEžÉéÙ‰`Ôæ!óaŸ¼¡»”´Åÿvy½âÙ±ˆnªoò‹·•öæAõkà~çUÁIðu o^5Ï, V /%ŠòºÚ‰4‰÷U~Ax%¹öÊydsT­L'”2uØOn—Øe»Öm!Ÿ”lJ\k*6uT,‹y¢<†¡«B$Û7I&=r‰A<ü©„GÕ—Ö[à¯w- nÏÒ"cs˜ ÚT„Éýƒ,è4:ÈCßÖdªðÅó¦‚ ‰ÆëÕWX_@Hé‚”/Ú±¯@È{Ã¥£k0i0U#0€`ßÑÊ©P’!DÒwõj­¦¾x0U¬îut¢L#=ÜÒ˜¸@kôÇ‹6j0Uÿð0U 00  `†He00  *†H†÷  ‚Kú4Ê©¿Ÿ9Óš iÏõ»êÝV¥&©SœéQòÎXå#4|[ø4ÁdŒçk8yÙÖˆŽ¬DA¶¢:#ß‹%­r ­bó‚‹£^Ãø‡ñø¨¹î¢¨é%ïcüú„€ä™ä²4È^Ù³Ñì’œKŠé8e­tOñoçU)íŸAPÛõ@å;vRÀ#×*ñNæâ³6ç ‰Ïª }ÕÃFÏÁØà&æR“öMx»EßJ24ñÏ¢]¼Ûš¶¸.9(]–æ>úEª yU1ëHËœIãù÷§e·Wä¹ê<0¢OºÛµ( …*K‹¥BرßI\Z-ŽùJ˜€YÍXœpká£Îcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidUTF8StringEncodedNamesTest9EE.crt000066400000000000000000000016341453642760600320300ustar00rootroot000000000000000‚˜0‚€ 0  *†H†÷  0F1 0 UUS10U Test Certificates 201110U UTF8String CA0 100101083000Z 301231083000Z0l1 0 UUS10U Test Certificates 20111<0:U 3Valid UTF8String Encoded Names EE Certificate Test90‚"0  *†H†÷ ‚0‚ ‚âC!Þù pòFžŽ.uÕk¯ÏÀ5¹œÌ …5cÿRU³…ÙÃŽ´T¿¤l=A·8Û£I›Š?KD˜tJFeÊrŸe ­j%pè1¯Íâ¿ÀRþ:¼ææ\OråFóàõÃÑ쓪#ˆ°„w»Ñr3”ZÐ¥ Ÿ¼c.¥l1BZ"ÿ½ÿ”KÉǯÀÑ—|¢-5zû¢†‚<-ô/˜Að3F¬þ{Öd€ZÈÈl† ¶}¥ÓQ>%·óCÈÒlz~|lß"äc #Ž+QV8¡Ò ìgx"ØÒËd§cì+æw`ÁKÔëZîòCMµ£k0i0U#0€;g[Dò §H}s)Œ“ŸÕ$ã`&0U¸¨á½î!’¯M*œÛ#rÁš¿0Uÿð0U 00  `†He00  *†H†÷  ‚k"'eU»^†“ÔRkÍíÛ0ê¿À¢¡9ìêT™§r^LÁ´Ê>‡›F4»ƒ4ÌÜ|ß<¦$;±ûÍé\Y½ ÁÐvu“S„ܤÔ’7'}¢ àfþŸ! \h¾?b6´q âËó˜õwz.L Ì>µÞT#½ž ç/îåÒL§¢ M­˜•ŽFHá<oÖü…dêb3u碮£ÝÕAÐÔIv]lza×h²—'•m_CŒ/1DÙ¥wªq»´: Ít¢…žJZñ›Õ£­iÜgȔݤ¨ž–UëµÎvk3qÀxÂ÷!‰=F¡ÀÒe ÀvValidUnknownNotCriticalCertificateExtensionTest1EE.crt000066400000000000000000000016701453642760600354110ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/certs0‚´0‚œ ^0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0w1 0 UUS10U Test Certificates 20111G0EU>Valid Unknown Not Critical Certificate Extension EE Cert Test10‚"0  *†H†÷ ‚0‚ ‚Å»/ g¶@0øY“:X lGh†Âýêü>@•wz×ÜݼÀšZeÄùÞ©„£¯‘U”h¾“„†&©~6WÝ–-GLóqj•ÍNSôq¢ˆŒá ª´å•Kló¤Ö=ü„áÖTAR()üÚ7sá ¾µŒŠàq¶2Ñ=Îhõàvêø®^Ž†§‚!=•ÂTW“I¡ô®„Ø¿*¡Vb«cþ"*hñ|ؘ*D&zú™OE´‡ÁøËX …€l1ý°h…»a£}0{0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UN  ® Z2ÿÖX´“ò®®T0Uÿð0U 00  `†He00 `†He 0  *†H†÷  ‚0&½„ŸaöÒ´Hñ•#žËŠ›PĬôq£ßF+ÚH´å5 î™’d %^×ä ·Ü{AÈ[e"´¿ž·]I§¸þ÷ŽX•±«_ Åà¡«¦=Ò±ð˜ªSí&°Ä^;éªÇW¦LÉ"€¿U0íúlºL-”u5 ܯ¡{?^Å]ÉbKìM¼º[ßÆ¥?ØŠ’?È2nÄ)%3q°škBY»,®{Rè–cnÞ r•4anÑ_Ê8Î+Cû*¾Ñ¼]\$|xR‹¯ï°æøj‡…­3WÎØúsoÐô¿Ľ_ >ê¥ ©ªô2¶Äå+åqÎ#Â9@˜™ÊÒû:¾Ê„³³qPe -r)û¡‚«¢÷ “s¼¯Ë±ëžÆÞS‹èC)UÉLÆÝL·›X†õ.•¢@Žpß yH@RAC å¿ ¤¹ó»Á9†¹\À 6”‘'Ì"î®—£‚]0‚Y0U#0€H“T}Äm0ÿ-WEq$ßLŸJ-0Uƒ{™Sfd±¹iÊìšØ 8pË0Uÿð0U 00  `†He00íUå0â0ß „ ¤0}1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA3 cRLIssuer1)0'U indirect CRL for indirectCRL CA3¢V¤T0R1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA3 cRLIssuer0  *†H†÷  ‚m¨´€p¬ô±JQ3.4b¡e2”®JUÒgs–YEø/‚o^HËA òFr‚à‚pàd_ïrVüèoò¿¶ÁfíÁ­¥e Õ.öË?ƒ—Quûx8l6$&¢Œ €gú?Fñêuª( *\÷†ÿÇ 2(OßÊx8IÁ¬{<Ûˆ0E·é9šÍÃH¶n>Gò´ë„™r)Ñ—X¶ª"®‚æȦÑ@œg”»‰ƒ üsY! À­Ýˆ¢´­›"6•!‹r±¦$%šªLo›Z·éùÑæ´4í¸E¨!A‰ƒ’ïzu:é¬åÒÔd¿‰šôàØá?¹ƒ¥Âß$0^certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidcRLIssuerTest29EE.crt000066400000000000000000000020511453642760600275740ustar00rootroot000000000000000‚%0‚  0  *†H†÷  0H1 0 UUS10U Test Certificates 201110U indirectCRL CA30 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%Valid cRLIssuer EE Certificate Test290‚"0  *†H†÷ ‚0‚ ‚«Ýá‘úÀX/ÎTLé9×øç.+¶%ÂH†J¢AÑÀòl4èÅKÓÁI)Ñ.ßÈè“ uñíWØ€¢–ô°±½ÁÑàÏ6¾ˆš·®™Ø:?ˆ¦ýû<4š±`sÇLÂôPšc 9Nüì^ì}Ù`ࡱn4Xÿk”œD[ÍN®â¾+—M‚ŸéÖµz˜EIüXtM"f˜ûó¬Ó‘Ê0Uÿð0U 00  `†He00“U‹0ˆ0… +¡)0'U indirect CRL for indirectCRL CA3¢V¤T0R1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA3 cRLIssuer0  *†H†÷  ‚2ˆ;G$ÉÎN"ÃKHꙸô½: ÝûÅs£iä ¬?vtmŠ}—’̇ ×ùà`_ÿšß¹›ÌíQ¡šó€\¬Q%#ÿ¦ !v&¬16vÝóäR\cÞÆ7« ¾™89g¤‘zÙ:2o²ñŠii¢¾´M=ø 2Œ4ˆÂÏükÒòÙKFWá:{a¡GÊbì`eZpïÈõÁ¸÷„Yv«F[“Xˆ/ QâVéNÚîèµsÇ Ff0ûæþˆÄ‘çÅDÂ/Ü¥ü4CoŽeªŒ Ïj A Ä´Ë0˺Cj¬£Jã^ë† NcÖ>9Â(Ea °î=iòt뼦¾certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidcRLIssuerTest30EE.crt000066400000000000000000000022041453642760600275640ustar00rootroot000000000000000‚€0‚h 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110U indirectCRL CA40 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%Valid cRLIssuer EE Certificate Test300‚"0  *†H†÷ ‚0‚ ‚ÒΊ în%ºë]»Ô @9cB%òzNÊ“”J¼"ââ©Ãc–…Dé?”<ùmè׬®¾Ç&° #¥{®.iÑ×;ýÉ•²k`©”sÈS4`á‹W‰è^HY»¹õà·XŠÊ.T;ß9£- c6¹xlÚ.ÿ:èLnÞw²:‚+|vg”–û«2V^@ú×Zšìé?ùPŒS@‘*ARCXsCE*i±§÷Æ| j)¬Ï sUøn.†TIþCÜ%Ÿ–ÍûûÆÃïgN˜ý1>¼ZìÜ ƒ>î stq—½ïäSF\œ«Šuw,{ËUè3$$sXq£‚]0‚Y0U#0€ Z2ê” ¨ª/Éã.A‚è·0U¤±E¶ ªá‹F^UåÓ|¨Hd,Ë0Uÿð0U 00  `†He00íUå0â0ß „ ¤0}1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA4 cRLIssuer1)0'U indirect CRL for indirectCRL CA4¢V¤T0R1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA4 cRLIssuer0  *†H†÷  ‚>Kžõ§ÒB÷ÎåŒl3vún£ÐéÒ¸„ªu~¾–${-$Aù’0ȯ ìc¼zäûctKÙ£HQ oL»hã[§O€×f@ï¨ Ñ{jccHË:œ J®…¿ðÂþâUƒÚjjõ º ¯g['¸È±˜O˜¼×Mg]' ÏŠy?€f.fâ8“ï‘‘þ©Û%]6Ó­…Í`@¾°wkµ“ÿOïÃÏžba^^/>‹†½Km/ñ‡7k0 ,¯F¥1ÿo vÙ/-Ú¹%íÇÅH%QüN$Ù3ÁvRÝÀå7J2ˆ=<Þj×Î1‹ië;§ØAâsСcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidcRLIssuerTest33EE.crt000066400000000000000000000021561453642760600275750ustar00rootroot000000000000000‚j0‚R 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UindirectCRL CA60 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%Valid cRLIssuer EE Certificate Test330‚"0  *†H†÷ ‚0‚ ‚½ó͵áÈu7QFÌÛøoç†i`6´ãZ Ó¹——W¯ÃêŽ#çúKHÜ$d¯D¤pÎtøשU}~{ŒBåš”@hj°£jŽ\’ÆJÛ¸Ä:ꧺ# ¯x8÷þ«;£0ÈÌH™Ù÷Ó|Í£Õ*ü¢˜m‘HåG\Þ)™0’ž_£Õ§ð …Í´N­»"/9D‹ê2+BãY…¯Pr}p*nÜÙÞ]Ó.5kàÅA)‘ðGó8–bÆÚüèšÞR~ÝJɆ ðà;ÏIUʱ@Üm$PøkÁsrá̼jžâÉx”æ—jd æ¼ó‚Aq˜dñyå+£‚G0‚C0U#0€É £l-wOÞBô ¶Þ*v10U–èsËÑyþ‰!¡,Ř˃'0Uÿð0U 00  `†He00×UÏ0Ì0É y w¤u0s1 0 UUS10U Test Certificates 201110U indirectCRL CA51)0'U indirect CRL for indirectCRL CA6¢L¤J0H1 0 UUS10U Test Certificates 201110U indirectCRL CA50  *†H†÷  ‚~ö¯“Fv)öG±Åu¶C/áS+ÌHùõñÃÑ}Š°y¥ñ‘#Ùƒ„¾{‹–6ô ÍTªr ì‘áö…« ‡´¸pÿ•/`„N‡ߨ­* §õ¯ŽkJâj ½ÃÐDUyÒµîWDî†%AG_À÷νw螣™‰¥e8+vO‚ÆÜÞö·22¹šø ¹i<_³ÒK×:}í“ØëœgÖµ„yØI lüXôKúEѤù©}³ÇOÕ33ô߀Èæ»#„ôœBÎèI›)]c’Q0º NÅ)RcWW=ú¸ýÇÞZÌù=ù¨=¯àcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValiddeltaCRLTest2EE.crt000066400000000000000000000021031453642760600272600ustar00rootroot000000000000000‚?0‚' 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10 100101083000Z 301231083000Z0\1 0 UUS10U Test Certificates 20111,0*U#Valid deltaCRL EE Certificate Test20‚"0  *†H†÷ ‚0‚ ‚ÁÝAC¿ð*0CpÿCæ>[ܽëIDLçJ!Ò?VVu¹ŒPÖ`Ï&Ú©p©´&«òB=T5ª:ôˆwL;º¤ˆV³ÛY5Ð'0@Òò¼]ÅÄó½Å˜‡­`~YKê‹Îg \0~®'p•Ì³žÕ/Üçš"[ÌWQ¨F‹5osÍ»+óÎ]€üö/‚¿žNù'€v—âÏZp]~ï°#É ·EB¸+~üU*õi5…Áf}—Ü-`ø£ï&”JñB¡U€',µÇ‡[Øé­ íó`ÒuDÛ!LÄ"Ub¾ˆô üA¶Ö…Ü‹ÀGh©¸¥œÕ]Vú+N¥46/gÞA£‚!0‚0U#0€w#åv„È”?‚Ðêt±à¤/30Uú¥@Ùîêß/åÝɇH$ 0Uÿð0U 00  `†He00XUQ0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10XU.Q0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10  *†H†÷  ‚£ï£»lPÔ9lžæTøFnª-_2ÀO\›…Pu. ؽ—áÝF¢ ó¨@]°Î49ZûßTÄ4Ó}š^¤6˜¦Oæ}ÍhÆ(Ÿ™xdÆC¶aRÃi*eKå7Ð6£ºè€ƒâNø°L­í˜R"¡š&ÿOSÿ[€ç˜Ô*ìé–RÕ,ùCùrBAÞù'zmc%+‰©AŒ(­¢‹¹t~áRjJ/¯ã¿óNeæA?£6Ã`ØæŠ{ÐYRá7O{ÌK÷œ@ù Rú,Mê•n ÐÞw*¯g¢#ë átDªé$z±aÊÔ ËJ7¹…"}å]EÆ1] ÚIÂðÃ;)ý»úcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValiddeltaCRLTest5EE.crt000066400000000000000000000021031453642760600272630ustar00rootroot000000000000000‚?0‚' 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10 100101083000Z 301231083000Z0\1 0 UUS10U Test Certificates 20111,0*U#Valid deltaCRL EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚¨‘D Uc¬¾ îrÓ‹…µ¤¶žº\¡Gïʦ=|©ús M¬t?ù1d<‹’"ÎýœGƒôŒ”¼Uˆ´µàû1Û W?(=ÁØÎ%ìD¿do™ûfŽdõˆan!j¯¨þã厔b~ž¦_˜ë©*½ÅN%–(ölJÂÑ_CÀ_«Í^ +;5á—+Ùc0#§¾«ï @hÐ"|¤e£nÄf#'„ e½S…/Àt~8]– Å%Oâƒ*:¯²e £¨•íÓ åÀ/áË-ÎϬX¸ C•}¸€.[$õš“¿xqZ\ ñGž$Û Ö‰ÌÉ==IÒ."£‚!0‚0U#0€w#åv„È”?‚Ðêt±à¤/30UIeùˆoYG“Œ»ëû•è‰ZÂZ0Uÿð0U 00  `†He00XUQ0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10XU.Q0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10  *†H†÷  ‚|éÜ´v)ðDHÎñ[ÍÓøÞ2Ù»¡†w6Äé÷Ò®C†yj ô¿ÞÆ€W«P2›÷\¢)qa?AX>СûQÑÅæå!Už¨[­ÂGêÌ逼Y‰Þ 6\ðÆeÓÒ4ÒbBxÊ–…Pq¢Æ*ËxžAçÍIß°ùY#Š¡Ù¯´–5ûu뎳ãÌÆPgöìŒ7øÏÎØl¸ÅJ©ÆŸ¬$ÑÞyŽÍûñWÜá¼gÈ0½ÉIðöcãTg¥2ÄêáÎÓÄÁEQ)®˜;ÆH€X™yŒ,_—m­÷ÄéngÂ,U2Ų·W—ŸùÝj,«*¹wÜW%Â$‘ܽÖ#—ÈƳcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValiddeltaCRLTest7EE.crt000066400000000000000000000021031453642760600272650ustar00rootroot000000000000000‚?0‚' 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10 100101083000Z 301231083000Z0\1 0 UUS10U Test Certificates 20111,0*U#Valid deltaCRL EE Certificate Test70‚"0  *†H†÷ ‚0‚ ‚ÍÈŠPpR½² ]^;¬VNÿÖ˜Vúù• nÈ*ÿ|±EN#y&Cq˜Ì\“ײ´u„µç×$iVŽ’õšBæž|Ciý€HÓŸ`LÐBe…dEý@* šVy½]ö°$scrÜ4Wƒq1W;½|ŸKv…wP‹˜}ë™û8©}¥]iYíë„ÿ(ØLühr¤ûZ©¨puYs¼QHõ^¡­•„N§q7™œNsl‚ñÜý¤¿elCÙiþòà™BM”c>‘•ÝœÜk° éÆe÷ìý̆Õb’½çä§^³>¿º'åþMF.UbMA£‚!0‚0U#0€w#åv„È”?‚Ðêt±à¤/30Uå¶öL,—|¢„èX¯z ^@‘0Uÿð0U 00  `†He00XUQ0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10XU.Q0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10  *†H†÷  ‚ 4¡vÀñ;ëLÄÕàè.,˜¤K~²¢•DÀô9‰ø_ý¾1ëïd=n˜ì¨ª(| )ËKï.>À$\ ÕÈ©,ÎÔIé…7¦âIx«Fì D«$’ü\EÃÝ[Ž,ÆΫƒ­ì0:<~ÏØ^•‘ö+)rDµ¦áEUÐ¥‘#–‚GÞ)<’¨Ïk©Û×Ék -w\x…J7ÚÖo¦2ýš_Ùeö³r©•ß”U!1L·mÜ'E½Fü\s"$MÓæ·^¡øᎠˆíXÀS÷€a ÷HÍޚǔ§j¦ãñaê9u-—ä·eŸ»cØ33{ ÊÃÛN certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValiddeltaCRLTest8EE.crt000066400000000000000000000021031453642760600272660ustar00rootroot000000000000000‚?0‚' 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U deltaCRL CA20 100101083000Z 301231083000Z0\1 0 UUS10U Test Certificates 20111,0*U#Valid deltaCRL EE Certificate Test80‚"0  *†H†÷ ‚0‚ ‚ñÃv±a.Ÿ5p‹Êðv/ôQØ ßœœf’€ch8Š5…È^ŽR(†z`*ŧ+¨ GôÆœ°E‘t—ÅÅl›ô­õ*•Q3rxþùÿáý1ú1j+µ£kœ·%W&°÷:[Ò¶=xé ¸l—˜Åúñãá%[8ñ¬WX«`eð87¶Ð·TݪrR9„…WCQ«Ðj½¦KiºpN]Ø`šóÓsP›C`Ý)ó?4hÈkzªýÛì¾'uã}—˜¢‘{­”ç>¼ÿ7‡Mô…aXÛ`\WB©'¢O—Qºê1ÆÑ IL?0=*å˜f·œ7ý;ÿ£¤ }ÓFøÕL!¢  á¾VÞa:_\Æ£  Ô<$x­¯^ÅQÁT—Yð"É9üŠ>îÐnàí©AʉàGÑ")œð¦idåÀÙffÁêºk ð‘certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValiddistributionPointTest1EE.crt000066400000000000000000000020551453642760600313640ustar00rootroot000000000000000‚)0‚ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110U distributionPoint1 CA0 100101083000Z 301231083000Z0e1 0 UUS10U Test Certificates 20111503U,Valid distributionPoint EE Certificate Test10‚"0  *†H†÷ ‚0‚ ‚ÒÃÓ“T¨O-7äeÉï\¹ ”GŸKTÙ(Th4ñ1Œ îÿX€ãá@^ì@ñ1R“©Ö‚ŸBçp’ø&¥úÒ…9¾Œ»6@%¤÷§3}T6|¨©«°¹ W1‡á‰BþEŸœ^ÞʇGM7ÚY±Ê ¾ì0‰ü ©´Zí¾è̹릴¾6à%;mfBzTx=¯îlZ ü˜\O*÷úÞ·eñ8רIg»iýpg¬& ·ü¡2žçW)A]mSÇô1Šf]À$§–s.n`´v ™”%JN†«Gr4Öpiȹò’t…æw\<Ë^µèÀ²‡ŸV>i‘£ú0÷0U#0€0s½p(‚ÒoÏÒ7íÍë#‘Ûï0U²è‘bo5Ãl*yâ3Þ ©†q~¼0Uÿð0U 00  `†He00‹Uƒ0€0~ | z¤x0v1 0 UUS10U Test Certificates 201110U distributionPoint1 CA1&0$UCRL1 of distributionPoint1 CA0  *†H†÷  ‚7ƒdä% ú¤ê¦Ð]äD« —äQ›Þ̪:³S3G7ÙÖxÊ(dÝ4€£¨z° Ïá›­U”v¾c©~qzkæŠ9 SÎ*Ü:;ü“2QN nïggIå-‘0ضôèôáÓ¿YD¿#3¶Ð å`‰’[ºŠ»Hõ¥à|’º¼ä$: ñCh„& YYìo{yC‰¾Lÿ¨:ñ‰<Ž¾x¸.¤³¼~œ+µf»R½e›2Á:AS¿ÛoŒÃçÌ~˜Bsru…§­ÅIÁ åcÆñÎ ˜_¾õ¤ÌÚS Lù Y~õ tr)žË£y«(v¸Žeâ/ÊEÕIcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValiddistributionPointTest4EE.crt000066400000000000000000000017261453642760600313730ustar00rootroot000000000000000‚Ò0‚º 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110U distributionPoint1 CA0 100101083000Z 301231083000Z0e1 0 UUS10U Test Certificates 20111503U,Valid distributionPoint EE Certificate Test40‚"0  *†H†÷ ‚0‚ ‚Ê¿+eP÷ê­8M>`ËŠ­Úw¡c®[ccŠÒ‰ÉÖ0z ôs„SøüìÇŒÎ_¼÷Å0Þ F ó[¿¯œt®9Ù3+DŒÝ¤Úˆ2ëÙà\è Ü|РªH½jù6}¯ÈO>ö˜¼%cMÄa̹±Üó÷B$c­ž”œRcñK•›ÓTxö€˜9ˆ'˜ _ªGÑñJ{,%p?MùhØ o’÷ßÒäíŽØO™±U1(Ë­M:U·=ÆB :j1‚"ñ³"A<§GÆÙ”_cáÁŒ¼ì_IˆöÊo™ÿC¨z—°Úx¢ʱVÔVÉTT»Kÿº)-3¬w½££0 0U#0€0s½p(‚ÒoÏÒ7íÍë#‘Ûï0U­¼®;ï "7"™E> ‚qÕŽ0Uÿð0U 00  `†He005U.0,0* (¡&0$UCRL1 of distributionPoint1 CA0  *†H†÷  ‚–+Êjé”­.QtLý0s.’÷çå û7JõQK‰7ßÝÀ¨1ùÐ;òâdüÞ@'ÞòDB*#ˆ½ñîv‘MH:,?k²,™€‰½æ\M¯VùçX,ŽÐqÝYxbÅÀ›neõ§ü¦SÀYdQWÌ @ÎÀPR €Ó˜„†g !ÐE ·FSQTH)b4Kž-$æ5‚ux?G€¯Þ:»u±ÚÃ)¶|ÀgŠ79.1‡†bŸ%Ü“hWªv9®³V/­ýírDÓ¡˜r’$z.Ô\¤a¢8fÓ ‡rcÙiÿËQò "¬vÆž£AdØ™IëöâG`´¥ƒ-7øH~certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValiddistributionPointTest5EE.crt000066400000000000000000000017261453642760600313740ustar00rootroot000000000000000‚Ò0‚º 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110U distributionPoint2 CA0 100101083000Z 301231083000Z0e1 0 UUS10U Test Certificates 20111503U,Valid distributionPoint EE Certificate Test50‚"0  *†H†÷ ‚0‚ ‚¡È/awÛ4T ¡ˆø;Ð¥gþ!OÌÎ’ ÃCvÉ0½Ÿ”P©êK|vλë=dFñ³î6+^KZ¤øÉÞ³ÿc6ƒŠâR‡Ý­~ˆù†ƒÌÊ& ßñiøkm*¹[[%çÌ~Ò]¯åNM Y}±*õ,iTËBŸ'ë¿ŸÀ¢Ç™›¯¨ŒÍêƒÏÍZŲ«^½Crgå¼™r,B¿xÔk;6Ð×-§!ì|d%r¤ýÝ`¥ /t¸¤ „‚˜G×ô†gkÅl=rÞtSŽ$®Jšú[&@ºWÁ4œQÞà@¨ç™Ûž n.¼C™= ܤ}Эù5Å£ë`¡óP¡ŠÓÖJK’V´˜&vÊi££;nrŸ!Ä|LÀ´s³ì‹$ä@öne®ˆd<徭i[渆A) ö·iømNË|u­yaå9Âü`œOAd^,ēѽXãFƒ3ÑœùØòžÉ² »ñm†ë¥U‡X­certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValiddistributionPointTest7EE.crt000066400000000000000000000020551453642760600313720ustar00rootroot000000000000000‚)0‚ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110U distributionPoint2 CA0 100101083000Z 301231083000Z0e1 0 UUS10U Test Certificates 20111503U,Valid distributionPoint EE Certificate Test70‚"0  *†H†÷ ‚0‚ ‚ªµ¾™LºsqÅ=‹LfJ:ƒì‹ŸÒÏ Âÿ¶ò|äÒ?:à<å®Tæµë·ÍÒÑ–A…÷+á­¯ÎgóTxA#¾3‹z[ªn዇wYIJMÇ0ú%uó³­åÔÇù¨Â"Ää¬È#àa_\‚ÅYêwî f3kÍü; M¥xº;¾]Wˆ÷¥ý¯§ ZÚ:ðúÂæÞp÷Ì1Góß^¤·PÖŸ•Šu™ç:aGœkÕšW)N';#Ix«”éKÞ9-ŒG,üD;Û”½‰jÔ*‡XFX8jP'JÓÛ>ŠBèÿ‘ˆšsÒߣú0÷0U#0€DlîÛoëNIxþÍå ì»`k0U xg»a°jG·‘ý o“1È÷ì0Uÿð0U 00  `†He00‹Uƒ0€0~ | z¤x0v1 0 UUS10U Test Certificates 201110U distributionPoint2 CA1&0$UCRL1 of distributionPoint2 CA0  *†H†÷  ‚Z/ äw„â“xДò—\_Ù`öwDiøA‘<Sè›ÑšŽµV&æ¨õØø©°˜é÷z{pÒ̘Íp‡Z\ÔV¶Þ›9…D¡”üÓõ,ÎþbœI˜bX ‘Ú)CGâ<'»•[.Gš¬¤Š¢X]$ 9Ô¥—@fõÀñ‘úîhXèOûQ;õ`\®©Ä~%@â aô„v"ÂE6€·Õú:`¾‘PÁ¸+´ÍKJT`÷íŠQ·)]1_O•Ïê#/8JÛXûº˜Ü€™ù¡”Q3’Cçµ{ùÎ Ç{I?hRõ±'mt Œ¬sÁ<5 a&,´¼­Áæö«e/ü3ézTý>ÕÈ—ýO­EÚ¬Ïó£s0q0U#0€  zjÿj…‚$ÍÃ&…ø¿Š70UÎÁ& ŸÈŠw««‰'tå]‘,Ê0Uÿð0U 00U 0  `†He00  *†H†÷  ‚ŸÎÄZæ<ÓF±RÙTÒ]FÿÜãçÇW‹Ý|VŠc—ðp1Žñk¡Ä[,Î;´(_fzð¿Ç­ÏÔvcÛ“¤k>®A2É©,Ì"ªœcª£{'¼ÕÅï+gûW…òÅ\:¸‡X¯·§D“@évIîˬä½ÚKS“©Ï+žÝ•º$òߺM.¡*Ýë<é½é“ÄÑô@ ™Q´ÜŠ³¿”Šà@ü)Îê9Š“UÏIì.Ð_žÛ˜t/ÍÖÅøÆY/¶4» ¥K¾öebÍœÚj牒Y4Œó¯ÝÂÞQã G§ø/Ò¨Þ×)€Ý¥}Ÿ É·•®›Mõ—certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidinhibitPolicyMappingTest2EE.crt000066400000000000000000000016521453642760600317600ustar00rootroot000000000000000‚¦0‚Ž 0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UinhibitPolicyMapping1 P12 subCA0 100101083000Z 301231083000Z0h1 0 UUS10U Test Certificates 20111806U/Valid inhibitPolicyMapping EE Certificate Test20‚"0  *†H†÷ ‚0‚ ‚ðÑ6‡#2š‰KÅ×}ŠyÒî%ËòÓZÖļ_[¦ R¢×ʹÐY•WIë-(ƒVlÒÌ„LÙU¢ûG,ú­ÑÓPKzÎã!0tVŽ>zBÐbLQ°RΪFX‡$Ÿ€g0:ƒ#°>¸0\N>Ü£½bÔ°l5ãõöR>d"¬g´æŸODkd5P Jš !ümði•¸0ßÛ‹÷*¿›ünqnW@N€!7;Gëì"!µw¯Y8qÊ©V}Ê6\_•%4]Æíɶ‚Ì€¡ýZ®&ݬnÐÞÊ¢Úå!S)ŒGB1SŒiáaíë^}ï»Ì4VÛ¹~Ú9£k0i0U#0€ª&”d~¼]`Wüp•flç0UÿsjC`Ó´¹F»ªÔ¯rÄ”Ù0Uÿð0U 00  `†He00  *†H†÷  ‚6ž–L#Y í®l¨±ªÖœ4©•Õ©#w!O÷7r¤ 0ÑÉ x‰ÜºÇöó;´veyKåP‡<™s¥ëüdg›º“wø;Ü,ÚƬkÆ=qˆåeƒ˜¦”…-î‚#&&é,5R¶v=Æ=`¯¿«š_Y%—Š ´"æ _(lUií©cÐ|é¹ZU|J·#GQ,bÉ ã Ó¨È»cWæ§ë—_—7 ¼DÖÅIÒÔ– —ª»(÷6je£¤õs¨´Û> Ù|Öé C'‡Ô“⌱ô÷µÚ.KçD¾Úê'æxÏÛ‰‡göô«` ªtƒ/‰9ŠÏJ)äzçS°certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidinhibitPolicyMappingTest4EE.crt000066400000000000000000000016551453642760600317650ustar00rootroot000000000000000‚©0‚‘ 0  *†H†÷  0[1 0 UUS10U Test Certificates 20111+0)U"inhibitPolicyMapping1 P12 subsubCA0 100101083000Z 301231083000Z0h1 0 UUS10U Test Certificates 20111806U/Valid inhibitPolicyMapping EE Certificate Test40‚"0  *†H†÷ ‚0‚ ‚¦ ël®ïçÒc9£Ò}ðêá£;úØ„ü"ý@•Ž‰#ÜTú×æÜÉ; ¾ÉÆq̤|Ž ½¬hÔ”{ýå+UFàMÍȘǃ„㋯’¤Ç¡ÞvâX¸‡xN ºòL"Eþõ+‹¹G¬Ø«¿Ô¶6}¶¢çgU³,ì‘£ÓiÕ¨;3Ø‘$«ºW¤ôGR@B;HT8—'”ƒ¤t½Øç6.eï¡ µD©lôë·…E-dRU# Èt=jºvälÔâhˆËs/ºWfÛCcxu¹;JÞtKB_õÀé®Q™ÀOAˆ×šTpÝÏû~bð`_Š} ã¹£k0i0U#0€×€\‹ŽAvº µsqè£@€tÑ0Uw/z s†2Qqêis«8Âѧ ¢0Uÿð0U 00  `†He00  *†H†÷  ‚¹飈䳅oŒl`þH—µ ×âxE:‚hÇŽ˜W‹=U]¶®Ò=e©ÌM±¢8Dá ½®5 „·PЮ>Ɉ' Ãšåõ0+š÷3«ûdˆ¼²ÂûºK-stÎ)œ†âUwš^ .ýH_ÿ¯1J2ÃAÖõ! {ÆCU’“ sϪrÖ°øÆ0G_,^Te¢ѺOQ¥ªêÙ |A«xLçÿ3QcwÓ ¯‡E'ÍÃw»pt)ƒ/®¦²ÜöˆÉÑ¢QÆöDˆÍVãôðŸÄ~ÖÇVĬ^I÷sÑ)tŒÁU©bœåxxw¹KÇ-'­$ÉVì®ÁžD‘ícXò1SûUcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidkeyUsageNotCriticalTest3EE.crt000066400000000000000000000016441453642760600315510ustar00rootroot000000000000000‚ 0‚ˆ 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UkeyUsage Not Critical CA0 100101083000Z 301231083000Z0i1 0 UUS10U Test Certificates 20111907U0Valid keyUsage Not Critical EE Certificate Test30‚"0  *†H†÷ ‚0‚ ‚·³¼ÀAÌþsÍÍÄ[\ÜØ‚=ñÝ”(¦Ôç«”x]#Þ`œº(Î[ÓÌ\y@\œÎÞ!ú‹‚Eñþ,”øFW4í™xÃÿCuÿôÊ›4w‚¿Rñ~ÌéGâm©™Ëà?bê”VS¥V~…üÌL“u(O.HR‹ï­™ÝÈI à$¢Äl\øAY?mÅÉýÕV±ÒHÍN¥—$ÿ—ø—Æâ-@›(pD6×wCÚ\Ï:,Ó…÷þâZÄtqÕ»À|*®t“BaN‹Ò’|`™IØHu·ð2¢HÈö)³Ó¥f~d“+‘¼jšÄõ[¬Øù»£k0i0U#0€ÁJÙ´+Åp~ÎŒ;bXå»—+s0Už:ycÏ.Ëw%Úæ¥V‚àTKÑ«0Uÿð0U 00  `†He00  *†H†÷  ‚7Ù¤‹Îa3’pÉr¢ÜwP0,E ÆiÓ ª÷¤’!bpSŸ¼Yê+À=YJ)2à ÷}!$±Xë f7{5•ß~¤ª<•Ì,Ô¹rµ£z±;Ñ(AHP¯æÀ ÍfäE|.øVQb¿ë£|®EE%V¡$'lÐtÐkɨ=I Ü©ˆ }_ƒbÊæ+’8(YÀ´um; öue ¿üþ2'âÌMîÒAÌM:”¬‡ÕªËVA:gW&¸.´Y¡63ïdµ4(¯·0¢<\øÚ@ò¬ïF~¡ˆ‡ªzj«`@Î:üŠ#´dc¼0`°DL.b”Mcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidonlyContainsCACertsTest13EE.crt000066400000000000000000000016621453642760600316060ustar00rootroot000000000000000‚®0‚– 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UonlyContainsCACerts CA0 100101083000Z 301231083000Z0h1 0 UUS10U Test Certificates 20111806U/Valid onlyContainsCACerts EE Certificate Test130‚"0  *†H†÷ ‚0‚ ‚Õõäk—8j‘Ô ùÿq2kîdþk3TdmÆÊ/ íà‚ÔÈèF°z°½†Æ:lâüÀà =K¢ñP”ZÃRùö¤V%ÇkLÉÈôœêsK}Y©Ì©¾ÂNùS@ß:ïJ¹œÜs¼`©ð;$±êåà×÷à,¸˜eÁqôä­,NZ³?O‰{©—t·¦¥@X“ØÇDQ0Uÿð0U 00  `†He00mUf0d0b ` ^¤\0Z1 0 UUS10U Test Certificates 201110U onlySomeReasons CA31 0 UCRL0  *†H†÷  ‚L"ßùˆÙÄïš7´È§½›ÊŠ³˜}”Ì Nk§Øˆ˜¦øàö+,ûw†5k×Heáÿ{ ]Ú£!òð¨V_¬4Å—ˆ£šøÞäýwrUõ-#Ó‡‘佸h˜Ý«¿ T¹Ô@ ø=×N}0&Õs$œ ½vr ¹þ¬p’·ž#Ap”\xnsè WÈÍQTÄë/† Q…a'V¶Û1íG£†} H´x?»O:ºv×U¨ ‘Q¿A]é¤+ÎK!Àa½T‡$Iœ‡Œ ,ùZ±™MUÊRC_^ÿ?'m Ž ~XIá]…7ږŤ̩y>hÇÙrB?†bcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidonlySomeReasonsTest19EE.crt000066400000000000000000000021771453642760600310710ustar00rootroot000000000000000‚{0‚c 0  *†H†÷  0L1 0 UUS10U Test Certificates 201110U onlySomeReasons CA40 100101083000Z 301231083000Z0d1 0 UUS10U Test Certificates 20111402U+Valid onlySomeReasons EE Certificate Test190‚"0  *†H†÷ ‚0‚ ‚±†˜™ëíU|ÎIŠ Tc»n'’õƒNÞî<¤@NPeV¶Þú7t:KÚmÒ¤Âw‘bn>B‡¨o"$!Š™ ÄŽ÷.³)øBá¿Êw]Q¸%™È r<Àâæ|ÀÔ×]¬„V-Ä'ÿtÛ¯ÂCöÛ_ßÞ3¼¼ÛHeÓ:2'—÷÷ðk•¤@š¡9Œ$ŸM}âfÁ)ãw¥‚æiöZы߉|š€DÏl;Ê{ºýœNná)45ßtaeùÃâDÇ×ÊFü‰0ûa^—K¶>â8©vÞ¾lã/ÿ7±ÿî›|ûã‹%a"_ý^2FäVþA@8ñ1$œ‚¡¦^6bHf½¥£‚N0‚J0U#0€¾fÜ ;öÓˆ4‘S& hnÉ0UäCt¼ZÑ*fä,ž2“Ðl†nÊ0Uÿð0U 00  `†He00ÞUÖ0Ó0g a _¤]0[1 0 UUS10U Test Certificates 201110U onlySomeReasons CA41 0 UCRL1`0h a _¤]0[1 0 UUS10U Test Certificates 201110U onlySomeReasons CA41 0 UCRL2Ÿ€0  *†H†÷  ‚Ju¤uãHhêÔÞŽ{b‚N«ìMoÒ¤?Î1 È0S^HÚÄÂFyÉ[¹»é™ßI^=;‰Õ¶ë#ç¾nÈà)¶ó¡Ç x^ëÉfåü·åq\°v÷!3RŠ°föIžz©ï° X YŸn¡ÉëÇŠQLnMœÌû--P¢<×RX<’Æ«ÇKF»¨7Ž”ÅùëvÕ°»Oh¼ýMêY/´ôDð6EÁäÄà&+èà3qDž0ñ /ÄÐa]&Ô ŠµÍmñâ…_þ+rKÈ(ŽS¥&c=°ÿÀð} ×)Œ(Õå®Ý\ Xû(F0ÂÙ©Eðþ•J²r±ì¨¿ CæÀ×–ŠöÅ?£|0z0U#0€¡í¢ó5T¥Ÿ¼cæGjS$lJ r,0U–’ˆ·6-®&' † KðÐ|0U 00  `†He00Uÿ0ÿ0Uÿö0  *†H†÷  ‚VkæÄ4ó~ß`iö'0Þ `Ãø‡i*–ÍÍÜtÌ™Ãͧ¨¡Tå'>lŒ£’Ŷ}Ö…~š1BU‘#AÆ%Ø*{gÿA9aê(Íø÷"-ø¥6~Bn_c˜§OÖØôíNZS ª¡zŸBcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidpathLenConstraintTest7EE.crt000066400000000000000000000016351453642760600313040ustar00rootroot000000000000000‚™0‚ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint0 CA0 100101083000Z 301231083000Z0e1 0 UUS10U Test Certificates 20111503U,Valid pathLenConstraint EE Certificate Test70‚"0  *†H†÷ ‚0‚ ‚à\þïyËLÔ$çwõœ8ƒRÈk¹Ì5il’ó4)ãá.¨{;Öô^¦]œ©]Ìæ¸Q†‡oïbw"öUZ7HªÏ“fð$Ü:ö|°É’'…ðš·Î[›(gÀÆ…`èÜléu,Õ5ÂÍf]v¨6.,øÐ)ÅABéÓ–ÿ‹r€8°Høq5ZêˆÿâLk û%V°^¥<ÞÁ²5…Vô|ŠtÙÃ)½¤m87°k4”>Á¾5A«ë\#D «¶%¤¶•»’D¾{“IAQ!Flcø B¿±u-èAè.ç£ëN5ºWvx4ìÆ.:§ù¹A‹kßæUÐɱ|8Ÿ£k0i0U#0€›+²J<ÅnPÉ"½cÎ ñŒ=ú0Uy[_'6§®Gê¡Ý*ç’2+E50Uÿð0U 00  `†He00  *†H†÷  ‚n»ktºî2jE+ãjj³”òrv¬LQéGIUÔ˜Ã~®Ìoƒ«˜#®éÅfÏ¾Ä '/•U `àÊçŸj«õØÝu?µ;îÌpµàD(öÙòG€@ÌAJjÈå±ndyÏE§×e)ÿÚ1{}¤È@Ør–C[LíMõÛçÙjj£,0㑹hS•žHxb)’|S]óC©\Æ–ÔqoÒHjß´%âfXwõœžA˜)c•öÖM벱ʒÝæRl–ü«4Î=êdmb-?œW5^•»4^KÀ×)ξa ,…=£‡6\µŽB¶jï°$eÀç܄ɧ×ÅÉcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidpathLenConstraintTest8EE.crt000066400000000000000000000016561453642760600313100ustar00rootroot000000000000000‚ª0‚’ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint0 CA0 100101083000Z 301231083000Z0e1 0 UUS10U Test Certificates 20111503U,Valid pathLenConstraint EE Certificate Test80‚"0  *†H†÷ ‚0‚ ‚½á?V«Ø3˜ˆ–"¤5•¶Ì¾-*›5´×ڂС$U<Ÿ,†}qurWRŽI ÊÃo…äVP(P-@)øþd6 øh<òc)cìàkZMjÕ¥"£íÞþvn¿b•xr½ð†ºÒ\Ò*Š!+'%¥Ùaiñ°¬Éú:.Zzòjâ•ñ{-ý謆Ê$ÇuM€œxññKðÁÅ3bQ‡ïµY œºŽ·¼å‡^cÔá×_@VÙÆ (“)ìTê°éýD\de—EIr¯aTgÓ­&™Dý`RƒŽ¥certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/Validpre2000UTCnotBeforeDateTest3EE.crt000066400000000000000000000016301453642760600317410ustar00rootroot000000000000000‚”0‚| 0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA0 500101120100Z 301231083000Z0n1 0 UUS10U Test Certificates 20111>0<U5Valid pre2000 UTC notBefore Date EE Certificate Test30‚"0  *†H†÷ ‚0‚ ‚³˜Ö-} »1ÅìQyKê‡,ôES‰åo_4)ƒÊn¹¬uëÍëÊŸ„ßÆLÌ.gxKùé›%ÖH(Ê„:N½#hh™Pbi£ÌGDB²VX{Òíˆh©7%€ó±hflÞIqF¦`ÜrÇÙòAY£åÓj”žG96òT…{sÄçŒÏ_Ðžë¹ #G¸Õa±u ;9œmÁañÏ,7yƒbE_É»kj“7ªC¢5}Š(àŸ`;:ïVÛ‹!BAceû³¤×Ú”Tè/ø6 5`Ûîz"¼ÓQGïéÏÂŽX^EÈåÑ <Ãi-ôô¶÷Lß]Ý­äÓ£k0i0U#0€X„$¼+R”J=¥rQõ¯:É0U@o¨¬ÐêüPÙ]ûVu%`Ä›0Uÿð0U 00  `†He00  *†H†÷  ‚ç´ÊÚ \Ò’5™Öá#éuÂ,ì M½7üx*ò˜ÃÄý•4ñ2õx`3‡h ­îžã ƒ0Õí4§‹ÑÞF#o™;bŒ!ä$˜ Ù ÙòmåÏX$Žª’Ð)ÚÌO2îß›ƒž¤:ce˜º+¨Wt&eÖEs1¶.+[>&%û–»3ÝdDDõ²u×È£~KŒgî¦:‹†Û…§qüU‰ÇõèÛÕZ=/Ä@„5ég”ßÃëŸP$lø@£¥5‡þìsçMâO1E]!LNÚí ¼¼0>2uIÖ¥W vkº»‡P^Ùq~ì/Ū¶ÆY¨–k¨è®Ë 1x <"{â¬ì7y…˜5!+¾Â(•ã8hI€â×9Q ••Þ$ß4^Üóž_F^Û™¸éxÏÕHËœKvEø¯Í7Á[ `S¿Ò¨Ë#òòz¾©qˆ“žàŒÅÿb•¯)û‡certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidrequireExplicitPolicyTest2EE.crt000066400000000000000000000016251453642760600321740ustar00rootroot000000000000000‚‘0‚y 0  *†H†÷  0[1 0 UUS10U Test Certificates 20111+0)U"requireExplicitPolicy5 subsubsubCA0 100101083000Z 301231083000Z0i1 0 UUS10U Test Certificates 20111907U0Valid requireExplicitPolicy EE Certificate Test20‚"0  *†H†÷ ‚0‚ ‚ÎpnÃå¡Bç¨p X:Fé@¥(uoPiŽ5¦hÍÐz†9­~[£/ܪÞ±&̾çý¸éc…ŽŒ2Šƒí-ìÏKžAç˜ïù´IÂ¥†Ú"MÌrºÆ¦ÃšáÉU³Á{ÿ̾á÷&°)§ÁŒáß‚ qL­”·~©Ol½'°|Ý­)üFUp%TUP†u5þùŸòô LýÖ0FÊï¼ß=¤lËPõ‚ÆxGââÀî$Ȇ£5©V±yaMãÎÑ»î‰ WñôQ³Â‹::I©´×JG‚pÞD 4]ªy|-«ø¡ZŽ5}ÈZ7üL ÀýØo£R0P0U#0€úbº½~^_ߺ¾y7‚Üü(0UÓümô\KqÙfèµã:b'èÄ.{0Uÿð0  *†H†÷  ‚)ñX]fÉMXm¼ñ°í΋vFìD“Îr:DË;ÑïÊh,’ù{6 NÄûÄþV…¾]ÁŠ¶¬ÁiaÞVïÒ誻ÍÎÌmáê KíÉÍÕˆÁW“µ¤Þ ÞèÐqÂv¬„Ý´‘Ißâ–b^Dxj~¦2èê,FEžÎß³ù:!Ý„ù÷Ý}@*'®—¥†)Gó#:t0gä–‚ÅW$n¤Ì1·–Ì•4Ó23â„Çu¯a ²ª³ÕÌ*UŽ¥E`—Å2ÍEÄ͸ð轿²ÙÁé1`ç%ßN…v£˜­¶!½~o±u˜Œ$q'dh€MOÂ!4Ù(WÛ^certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/ValidrequireExplicitPolicyTest4EE.crt000066400000000000000000000016561453642760600322020ustar00rootroot000000000000000‚ª0‚’ 0  *†H†÷  0[1 0 UUS10U Test Certificates 20111+0)U"requireExplicitPolicy0 subsubsubCA0 100101083000Z 301231083000Z0i1 0 UUS10U Test Certificates 20111907U0Valid requireExplicitPolicy EE Certificate Test40‚"0  *†H†÷ ‚0‚ ‚ÞÜC,<¹œãöÅCý,e Ow±$k^NÈ f³© ;Ï©©Ï™ ßúÆ=o­[Š#WtçÆlú]æwx}â“ísÊQ&¬«ØëÜø—#Güú!· Zþ…=Ó°4Ú&¾ãæÙÓØV"©D8•àÐä;+-$kü­8R"é¨Y(Þ¿N‚ý9:~J?˜à02Æ_ vd€šsšŽ2x:è 8R.§LÈp­¯<;bîò•^®@*ŸP£Ô¶Å—穬:õ|íŸ?Ü­þ~Ј:)ÀS'‡.$ê~N¡U[o†ô Öò§i°¹™©Kcþ’Nå#ßI±£k0i0U#0€µÛÖÈ /ZAÇx£D‰ÚÎ.kº0UÒ(ž‰+€oôÈ›ÄÅâ«Ó 0Uÿð0U 00  `†He00  *†H†÷  ‚“C®¿$¹{מ¾Õ ²0.—Ïü6ŸûÊ3ȼµ îð¥ÿn9ˆ¨´¾½@ ½¼ì²bò®I¸¿ó=Xì h+ΰ7™h½ z·‚ÿÍf íU±áõ[AT+ªÇ²ª.1êZŸë—ïˆn+m^X\.x©‹€ï`ÉÐ;¥suô³©Pè´˜ý07àêb4á‰R.ìX[DÍÅ먛#¶ƒb‚ÚWyRÒ{}»ídäSƒí.Ò(‹²õn7¥XS¼ÎÚ¶ÛÔ¶É6½t•r›nÊÉSï—T©^ͪ¹&jtŸt"”ÜS»•Èkx‹j# uJÙËcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/WrongCRLCACert.crt000066400000000000000000000016051453642760600261770ustar00rootroot000000000000000‚0‚i  0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0E1 0 UUS10U Test Certificates 201110U Wrong CRL CA0‚"0  *†H†÷ ‚0‚ ‚·Òv¥>}öÞ!B‡ó-xÔ{‚ÂÕt¤UÛA`<—‹¥£mý_´ßóŽ’W‡y·+½Nök¢ä+ºŽ­eµñµŽŠ•‰žZÿK‰ô%²!‡n„Àƒþ.É"ƒ µo÷lÞø÷ï/]‚»oÈdâá{Ë¢è ñíUi<ÒèÏL%šé˜f¿ÉTwYR³-dœ¨®`¨À×ÍÀ˜J4qÆt¹©îó–dF}_FÕä¯ÚÁÈÔz· \I¦wÉ_5 9¤ §¾4“jÐÔ#8y Bo¨¸È7=Κä-“$¨¹û¿V²H‘”Îò0ÖÊv[ég‘>Š¤X–ª-ùTÖíûÖÀ£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U %Fà‰zQJ¯5¯ÍÄr·¨0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚7HŒ’ß<-Öýâé°Äm Ö0šÓdŽ“´SC ·W—NÍ9}*ò¯xtbe;]\7?‚a½Øb·>/Á¦!WÂÌÜ ÆáúNR§ãó:¼Miï«n\2 5p§%{E¿Š»à‚ïZß–§‘öJÞç$úxéõI1™¡î„:ÙwG|ðšp¶©èéd÷A€O S(’…Ú'Ì]j…­Žó„4P¯Ë˜:––,B…šL “„±Ô. Û`(ª©~Êç¡üo‡SšúÁò ü Ìh·mÌ@Íä¢(çtá`Ì1Œ…2_ÀD=èÕËøšmº‡Ã2–;2âxÆÃcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/anyPolicyCACert.crt000066400000000000000000000016171453642760600265140ustar00rootroot000000000000000‚‹0‚s &0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0E1 0 UUS10U Test Certificates 201110U anyPolicy CA0‚"0  *†H†÷ ‚0‚ ‚¾è'ÝO4ÍÀ¼ñ^>)³, ç¿àQÁ«©§Á›ùáyuËVÓ­|Ô¨N V¢ŽnŠÆÉÅ1Ï9Y”A£á£ô–3b{¯¸N8¿‰&3Á˜B>LWŒ×4…È¢Vœi?Z^7ç< f‹HûÝY1¡âFê|ï(ÛƒÜ i{CMnz›C9©o›Â«ü::.û"ÔÑÕNC“i‡Üt?8v zvŠá>ÿœYqÙŒP¯œÍ{w8C'«7«)#™ñEqv6-&ƒž «J©¼ÞUËëãÍüÔëwëÜڳ巟$ÒãmN”B ð[T”D7WoÉ v[ Á{£…0‚0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U»ÉÞÈ•çB⢎®\«$`~…0Uÿ0Uÿ0ÿ0 U$0€0U  00U 0  *†H†÷  ‚=u ðNv¥ŒÌ9ù€\Æ,üxÎÿRdùìÙVÝãl6ú3%f¿Ø±|”£ÃnÜù©³½›ó}É‹®{‡­Ô£¹Ý£•UœþîìÏ üÏóÛ¾Â04Q‰Jjï€TÑyÕäXMéŽâÈþ[芸¾€nK«Ÿ]ÑѱS¡€£LS;›8{»áÌ¡Â@±äM°õƒñË[Fží¡_ =ô>‘ORG æ×VÿÊœz6ìÑú^¨•´ìð¯ÑÂK¡ãè³5Ð&Žò:ÁrÙûúŠÝ3sÒóK.WMjë°f[c:ªSv oˆ.ÌÀ°ÿw{ã°õÞЫ£i¶–ßÁ›üàcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/basicConstraintsCriticalcAFalseCACert.crt000066400000000000000000000016331453642760600327460ustar00rootroot000000000000000‚—0‚ 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%basicConstraints Critical cA False CA0‚"0  *†H†÷ ‚0‚ ‚ÊÑ;—îU2q° Åög)È>G«ëYÒLö0ÖX`°É¶–-H¨ºˆ®Fé;½w„„Å-¦no¥jb9Æ‚–kx¿œc«óŽ-Ù1½eNÙþ©ý@ŠïÙ–Z·ÐÌyžåöÉ[Ú §ÆšÄI¬MeÙ¼ðæ‚M!7÷‡ôdMlâ?ܼ45â'ç¡Ò±O…Ÿ–gÛe¤á¹ Å›i 8:ðQ¶ ºÜ;]ï8Þâ<¤/E§œ’Áó´Þ å[ÆÃ:ò:ôßüÉ’ƒ’, à± qr}`fÝÊS«“@¿±w‘ ‹9öÙ?uíؤ×bƒ‘`À¿‘'þ­òšäg£y0w0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UpßD/™sò6<4Ð Ñòí0Uÿ0U 00  `†He00 Uÿ00  *†H†÷  ‚Kçn nqPPööî¿ÈÔS©õ üh5Ÿ5î$ñxÁéªú«þÖ]o÷PדöT¸ÇÈ[Çí¼']fv•†‘#(q³†]ã¨P9,ºé cmjWã½÷—dÚ³^ÿØ‘þ«Ø­› †½¨R}@´w±¥>¥Ÿx&µcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/basicConstraintsNotCriticalCACert.crt000066400000000000000000000016261453642760600322120ustar00rootroot000000000000000‚’0‚z 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0Y1 0 UUS10U Test Certificates 20111)0'U basicConstraints Not Critical CA0‚"0  *†H†÷ ‚0‚ ‚®Ä'òz¥É¿\°®swŒÆœOéS”ºO=sH~ñSHl ‰“kžø€ò„×RjáÝѳˆT5[ûÑOFo0÷c„‰í$\­‡q:[` w椺ôÂgMìÄ×um_T))ê¤ûbëÓ‘˜W`´g¾ ¾›f•éD™x Oe°òWŠZa‰¯Ed…þ°fKd¨1˜UøãUÅ€ÒMî…ÞA=!òTVÊÝ̵Êom8m"=™} Yƒe•¸¾™S Ú &W^ž^c#[6 ŒÜ^¹öxûyÑn‹ªyJV¿òŽ5!Õ¿1ò·Â/·/Õ§ßM²üˆ££y0w0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U ¤¹0C¬CÈ4ÏïUè¿pŸF¯0Uÿ0U 00  `†He00 U0ÿ0  *†H†÷  ‚R¦i>æYç$)‰ ;àVøÍ>§?g;V¸á†±á$÷¼ßn’pŒ+ïc´Ò FÞIDøNUA1ŒäNÇ>á÷†Þ  K ô ÐãYäx¸9ò°v9º«RšôòѦe3›RŽF‘÷·/¼àL^LMZÏâývÉæüé¾xSA©Û*}OÿH*/¯½Î–f¡Ak«µ-÷Ù¹\ØWž.&–cŸ¢‹ŸÙŠ%7©ô¢‰ŠYŸ5T-“jd—ÌÕE¦1Û!çÿ“†E…@xúÒªÐ9}¡å`w2ñð«Òé%Âô$ŠÔ¸kÈ!s¥ê£ˆ?ŠVcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/basicConstraintsNotCriticalcAFalseCACert.crt000066400000000000000000000016341453642760600334300ustar00rootroot000000000000000‚˜0‚€ 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0b1 0 UUS10U Test Certificates 20111200U)basicConstraints Not Critical cA False CA0‚"0  *†H†÷ ‚0‚ ‚ŸA0¨{:§R§ÐÈT=+6L.€ £ucσ.tËHó¹Hg`B!Š×Úp£–ÍX?žì»ü¢ÈÆߦèËp9[~ÙT¦²áÐä_TdŠ]û_ à¢Xº¥˜&ß8<ŒÔ  yh‚P¼Ž*¿Ä%Dˆ-¶žEÉ ; …NLbôíúè°ª]Ñè~ìݵY&ó.Ü× Ö‚ú… Ô¾1€"Ï"çM³X/Í[î¡"l-‹æ]€¡âµjÐôÓ›æõ¾Ò@|‡ÈZè7v½¿ÛæЫ¢éŠm¨¸¬Cx™þÍÎDfpd;Y\D<ÓÂ]t†èLè¸$9 o£v0t0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U9Л·O)7¾Ó°ŠvêjžÍïF¾X0Uÿ0U 00  `†He00 U00  *†H†÷  ‚u¹?˜*ƒrk¨Æ98*€MMcæGÇ—zšÝgò8œXE:¥ƒwó~܇äý éx­)AbõÜÔáêxô­©“•æ‹“Ä#ù£±Þ]3ô¨Ó¿TÓâ½³Ý1Ï°¢RbàY"‡GžFí§¶¬¼»ä‰0~îHâ¹بÀ'ÎSøUØx³†@»TYÿ–Ç‚)ðô®ŒYgµ¼)U‹ ,Zðæ°gfì¨4‡%KGöâxºÐ˜¬€–,\SvŸ[±‰fd_z %ÿ”ÉË^I¾¯Ç*væÐÙNbâ~±j,c±/ûˆ^0ÉÞÔHŒfâÐ%É`#ácertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/deltaCRLCA1Cert.crt000066400000000000000000000016051453642760600262550ustar00rootroot000000000000000‚0‚i [0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0E1 0 UUS10U Test Certificates 201110U deltaCRL CA10‚"0  *†H†÷ ‚0‚ ‚ÍC+G‘Cm #[mq#mª¦á~‚wc­ˆ–^ßm\‰\ßäÄG¼›ž]£XK§v«ˆÂØç0¥Õâ;Êp¾Víiº2îyñÛÆlä'ÒØAlÜ8¦˜ßÌá=†¿ÒŽÃ¡Š)hI‚¥¯ßÊ§Ô e©³„ºÛò¹D®³@s¶Î*Ʋž`«Ñ|˜š'뵌Ò"i ô®‰i4_cˆ%D\¨u—CÕëuä€ÕÅË*X™ àr~]íï^²!À§ž)œiZÉ»¯F+‘æ?0ïŠó¢H „g.á:ÔµÐo×<~F Šœ(w8|œæ¤ò…‰£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Uw#åv„È”?‚Ðêt±à¤/30Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ŽIj˜/ªy ð|Δ?¢]ñš.KH6z˜Fì…ÿ¾Ô{Á‚sï7˜´TUã›-\Ô€µˆÞ“å1LPÅgȃ©?#þ0ÁT‡} Yi{l¡&íÞ"\Q›Vr¾pƒsîÐ`Ì&ð£RÕ¸“b ¨š@µ·² 2¾?HqyY3þÏâ¡Â/Vs¸x0þÓO¿ h£Š(Þ¼u¹µ ò@ÿÈÏJ™i_¶D“E”žƒüÿÜ-õÚ:ÆÚºÈGèðö» øû˳̥G©hW Þ3uGÆ;>þzã ‚rT™ñÊôôØç¿»Jdâ·ß0certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/deltaCRLCA2Cert.crt000066400000000000000000000016051453642760600262560ustar00rootroot000000000000000‚0‚i \0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0E1 0 UUS10U Test Certificates 201110U deltaCRL CA20‚"0  *†H†÷ ‚0‚ ‚ù†{*Šœ s9v=骫>pB³f×vÃj9amÂCôà~‹ÝhX¯1¼Hø€ž>×®WE¨‹P˜|Îê¨ËËqE7lrO&T{>!5µtz†Wµ€£S¾¾¬´•Ê··Èf ÎïyÀÍÓ%Qú%þt†Ì­¼ß bøl·üèäéØGq@jrß6Ïó:xf9`Yõz-]€Ìô7wXó€-ÛL¢¨ãôr~¢€åœ0‰Š3f—ò0½ey£)ìžúóWgiDf€9“ÆÖÐæv5rèìÆÀ¤¿j_{[@è‹Ê8q|¦ðp΀¿£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U|Øö¾LÎÏ·?¡»3«µ×ûÄ0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ž‹}ïò¤ÞËZ+—­t÷!ÐTëÅL˜ ·Ú 6 ¿p‡~6A¦3ó¤•9DWi·¹šªLÛ•¸É·ÓMh©kî óÂ8CšÐß…L ùNé®A3ô¸$¶e˜¨6ÊÁ4£ùÿæ;W¸*îúá)ÁN^¬òJ†—_líõ‚óQú}~?@Ôg:Æ£iÓR-¼•Œé¢Ã?Üò´­Ò‡5¡}3›»«U»uš¦0ÌÐ éeä¹ zšÑ$ ãJð ä™Ñì⇚­–~é:G^ÂóÚLƒ«ñ‡ñº1HÑ‹¼ªµC½°Îòøjt ¼VÑ ¸ÝÒÌ2îÆAôŒ ¦Æ‡m}ºPÌIì”Fäzf Ãw温!l³ß©]¶]ªˆEàŽe(ªK¦¥Y2cy4›*û‹|!SzÙb»´ê1 ‹x„®hx‰³–£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Uô8v%«¤ãÀÈuŒkc#¶Š0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚)ç}¤·ƒ—å¶z½lbéôé@ÍÄõDvõÕá<£ï¸J{3 _Ð֤߰ëM'?äv>½ÄWç! œ‰ø±®¾ÙB¿†=ð0¿k©Ò}‘*,Ú'Ä4”lú2¬1´Q¦`òí]NéÝ£êÀÊ[ŠÇj^%—Ü{9]†"¿é/jŸþr:3@ÒH/¡!Ô¾nföƧ—~¡úþ„óÀœ12ƒº–¯¦ûê´銺²©åh SŠt70ò¨)7D …. ÅrÅäŽbÝËSd—j¸öézhÿ¡a„»³¢u¯¨Í¹1•édtš2^jtðocertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/distributionPoint1CACert.crt000066400000000000000000000016161453642760600303560ustar00rootroot000000000000000‚Š0‚r J0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0N1 0 UUS10U Test Certificates 201110U distributionPoint1 CA0‚"0  *†H†÷ ‚0‚ ‚Á c)Ðë¡>&5Äìžii_äHÙ !+kˆÓÛ÷ç´áˆú ‚ òþz훲d_ò ù¤`,M‚Ö¹#Ñ–;­¶Ôj ¨Úë`ÜsUÚ(YUäûn·£°Îz‰$÷½8jÉœûíFf=ô†8ÎaÁARƒK[—÷äñEf|;8.ƒ‹¿É@„þOé×åBíBœ ×¥¤C*o]ðïÕjëi¦L.ü•SxL¨ÙÈo·_ý¶,èþÙ … ªúªUÞ:¾6Rô±-æšôj±“yèŠeèœØ—iŠ CvÈgû=4¢8þÚù>oºM_¦¼¾ „ÚêzÞ­£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U0s½p(‚ÒoÏÒ7íÍë#‘Ûï0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ªñ6‡ ÇèF«y'2˜í®î“q»zê‡8ÓÙŃ|Ö l§oA¥e9¬©ø&]QVlªÍ‚Š+ýÿíÚ5¦ ½Z‘%úäBxùþr¤ äŒEPB4iÿgYú²ìŽÖâ=O–ꆷ ZeªóØ„µ8é•ä_–®º¤|•ü–qŠÝ²Íñ£ÝÕkÃôÿÖ{ôjïÝn8Í´¦J/ì‚´•HçRÒõö«‘~ñ"ïÉÏ4gÆDãíý7üiûíž&ìuŒyfëÑJϨ¶æ~€® ;ž­-ƒ½UeÕSºC ÓúÒf›K`bá´57Ø Áýi®Ê3ñUèfµ` þ?5certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/distributionPoint2CACert.crt000066400000000000000000000016161453642760600303570ustar00rootroot000000000000000‚Š0‚r K0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0N1 0 UUS10U Test Certificates 201110U distributionPoint2 CA0‚"0  *†H†÷ ‚0‚ ‚´6,è ?)çùìÜ|õåçFT! .b‡(6ñ7^fýý )ˆ Û•Þ·]—äG4~°ò¬r¼¤q;ECfîñ•&y5¬¨<›6yoz)2lj×òíRÍÒzâ38ÛÖA¬:a¢Ò¶™+³ýU˜K@\*zjb'dõý_¯,N™õJ–Ô‹ÊÔzLJ“ íxå‚ìÓ…ãÊr=„û’©›©(¢ ìâº'mÂóĈ:Ò¶·õ/ÄExCv«ÑPæö¦ÌЂ{³ £ÏïaEÃä©IˆaÖFϧ¶:1éf€øÒcJbÁ9ï~†üÊâ×á™HÑ{£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UDlîÛoëNIxþÍå ì»`k0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚R6}—ëíuŽ;ŠTEóðÞA§kÃX’ ©H€"Ïýü:„,_’75fùU2ôÅ ÷àh¿¡¿ìübïÚ™‘!Äœ,"bN]@<ÊG°ëB& &óÁ+çÉjf‡U©˜TÃWVcߦ'­I0{í#ýÀÄÁ~¤½ƒ}ôÞÝìþ<îÛÊß¿ÐQxB â~7TSϹÒÙUÒ2Rt€e¾QÖ–3Ș*óZÅg!£A²NU3‡oZA@28qÔ蟑0‰ÔŒTT²‘öçf\|éð¯öSŠÜQ¾ kÖó”Ý£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U%ø¯ü¯¶©yKÛËd,‹K±Í0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚µ–/Àû¹y@.5eçXÉpCrÖ%YK+Ôºá#r€Ð@_‡ï0E±úfŽ¡„AÄ4E91}tôz€Ñxöã:y»#Ó ôeNÆ WضC[,Ä_Ó;Œc¢çbäÚóÒ\€ì_­Š›†‘í£åKùv²SÌn ï Šæˆ mut|øCòL¤H¦¼‘À{~÷Œ!MöÅãŽñS©7»=HVõyL”r` ‚·@2))N]ñ±då\ø$< ½´û®©®û XüM‡ö! YB«C"¨ÞUyQ}u~:NØI¯Oæwh¢CnëRç„ÅÂNuðU”}>Öž2O ªPnI8¿EîŒÐrcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/indirectCRLCA2Cert.crt000066400000000000000000000016101453642760600267620ustar00rootroot000000000000000‚„0‚l U0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0H1 0 UUS10U Test Certificates 201110UindirectCRL CA20‚"0  *†H†÷ ‚0‚ ‚¶ÆúùJ>Íjò¬„È… g˜òoʹED¢4ˆ¯rµÑìª2F¾—Q²H?ïòæHõV/$šßF«¹PÌ®ÙÕ˜ˆ2¸¡ÿó ½½ý#D¤NpË£uí7 ÷ÿ8VüÐà_õ€¬|dǨ†Á¢€{êmeë"R@7ð(…]Ê`ŸŒŽ£Š[x©åÂ5+ÏdhUoÇ<=P‡›ñÀꛜ  ÐKkæ¸_NÀ÷‹¤®¶xŽjî_Ü°­Gžö2¹]EÔ5?#eZ‰žIûÇÄßEÔ³~¢\u‘ñ‰¦ƒÒ°À¾ýYϪ„ ÀÐ$jé‹_¡»7ýæœ3A£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Uˆ#á³³òlþ1©¾‹aª;’‡¤£0U 00  `†He00Uÿ0ÿ0Uÿ0  *†H†÷  ‚9wm=zhD+¸‘_S`*‰mb®‡½þ"D~±ã‚íkÆ5‘»_Çë ž£¤óÚ÷Õ¬U;F— #tv Í·Ê‹­?3E”…\¨ *)1¢b I|Ò#¯.T‚¹|¥%Œcˆ[A¿šî ëünÌS—6‰#Ü@=uèV:µÒrÏ›LD'š ½zÂ…·¤ ”=oÙа?®U3±µF*•P'”»[…&ž>­óÔ:&êp€Ù¬GºæËD_äfHöÀ¹„s#Êé95 CV$³˜®+ _ÖZìõ4jõ±Àü®ÍoK#4;çL±|#,6c°œÈ›Äç)0Þ‰ .certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/indirectCRLCA3Cert.crt000066400000000000000000000016101453642760600267630ustar00rootroot000000000000000‚„0‚l V0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0H1 0 UUS10U Test Certificates 201110U indirectCRL CA30‚"0  *†H†÷ ‚0‚ ‚Ø+yN(Ë;{q'ì;žæV˧O¦† ·ð«hsoAgs¼7%Ïy3}‚$Y/ìHѧÿ•Rk×í¦$ ‡Ö×BÐ*Z«lå: DUY[Ég­ìQñ :Kàæ°Àóþñôì=þ‚Ï`¬)“cqg!;ýXIAÒ£¶¿ 4®ZY½íKxÙNІòûè[ÛË?ï럈‡N<ØAèô9;,»HR´ÝÀ¶²«¶zºYøt®d=ð–RàlºЗíõöô‚›·qÇ|„ó¬njY†Ï.äo:à5eö¿ç.Û…eKR4ç‹èŽœØ—g¦4—éБ‰¤éÕ£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UH“T}Äm0ÿ-WEq$ßLŸJ-0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ÿkP¹òë>uZ [sÒNFÔªT×]6vø¡*‡ý ó®ì^[„Å‚Ï|¬å*ñÚÓõwES&ç d2C?ë $–ÔѨ¶’FÏôAÌ»¡©ª×jÐd²ß¯½åêþ?årÐÑô°s¶»‡‰£éeáôLm¢Æÿ›È ¬ÏiQž€1Áíy™ôœn\Ë`È‚óÌïq¦ôË1Ô~ÌõK–óx#>ëéïöîºuJƒ îúx¨Û}s b¦dóƒ» uxik‰6»¹Ž9ÛN‘lÆTV¾¿Zð²ÝFýÖ¢áÞ-sçe“W¢w¦ÏÅ Å?lcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/indirectCRLCA3cRLIssuerCert.crt000066400000000000000000000017621453642760600305670ustar00rootroot000000000000000‚î0‚Ö 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110U indirectCRL CA30 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA3 cRLIssuer0‚"0  *†H†÷ ‚0‚ ‚Äæ×䥱fÀæÚ:ét~@ ôÚY‘JÒa–nîB{XòFÆÆ{6+÷88ÐÏÙ¯#( Û°×¼fêð+Ò+ÂaÝ&=Æqg~6Ä.ñ»»lì¬9qöû<§Ò¾ò"Óa')ôX:©u^¡"§5F§ð¢ÍÝO¨‚½\ÚÎâ nhÏÊš¬8?kòÛ2û¹Kúš‚TAï «ÐL¢ J­áƒ¶ðpbõˆÎslÌûås4dÆÔxþÐ^2Ày6ÁpÞwÒ5„ä³ÕÔÚ]ú¤¹º'óÿù¡Òéó‰Ów¡qÆ,ˆq8MÎNVìÎA(NÂÉz[UPó£Ø0Õ0U#0€H“T}Äm0ÿ-WEq$ßLŸJ-0U‘Ñ9˜ÉïOTeŠR-| lw0U 00  `†He00Uÿ0jUc0a0_ ] [¤Y0W1 0 UUS10U Test Certificates 201110U indirectCRL CA31 0 UCRL10  *†H†÷  ‚>ã?*/øƒI†¨®Ý¬‹açý°Åyêp¼=±;1ÄIà½rÍõ¡»Á= Ñ‘ñw`ôhl00*R<"Ú?EG,†¿ðxJa©;›ÿ³Ó°ÔÃbq Æ~{œ¢†=Œo‹#Ä€J|‰ÉA*–&/Éðƒ¡$y{iÙH:œZv¯ªgAA‰MÂÿ =O—Æ!£?‘©²×Y¹p$ær³…,«É½4§‘¢Fg†8ë»4@×3K/¶yŒ—B²BÑè§2x¯ÏjÐzÓ¥(«&Ë ãß64þS“á¡öb„_8tO Så ³ûJÀâ'jÒÖÍ*4ŽÏ;2‚ O o'TÌ5ßRnè3¡{ÎÈÖ *áÈïž"^Ò€f‰’HïG77ÒÈDÎ,CB’¢W»õV8†ª8+ˆ–XDÚÔÞ+ˆEÚ&Б2Å=“k l•2O¾cm=3-Ίp«šÂ¤"Q4ž'ZHw“dÇw#ˆ•ï©£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U Z2ê” ¨ª/Éã.A‚è·0U 00  `†He00Uÿ0ÿ0Uÿ0  *†H†÷  ‚¦àoûïÍ¡!UzÅâ)%bì!7uΆ%‰{U‚þxá.=2#{å!»¨˜@œáeÐñm\Ùã¨&вaîù‹kb »V~b«ÈÆOJWɉh½m‹Ñ…ñÎë+¦u¢õ¸ç Zw|=Çe¦Ÿ'ûÜ< /ÐMFKúl¶K3ÏŽ„í-´F›öd‡<³«zǺͷjO\ 6 U»°Hc)` gÛM]‚Éžj×m8²-¡í¨­M`KžŠžTWÊ3˜ƒYPÕÿ©Xq½’øæ„$3·>ßAR’Ãÿ¥gøÊ©.„éU?]—éõ±g6†£Vã`>ìy _certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/indirectCRLCA4cRLIssuerCert.crt000066400000000000000000000021701453642760600305620ustar00rootroot000000000000000‚t0‚\ 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110U indirectCRL CA40 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA4 cRLIssuer0‚"0  *†H†÷ ‚0‚ ‚½Åã®´™žûÎI8lÜ4•~± ­*âý„GA¯¡añ]7xüÀ¡[¾‹›IEŸ^?¦©{KE;ÛÆEÓ±(+.\ùqw‚dÉÝHbÐ|°æ¦%6çï;Û<ž\ž™ ½<š*â»ñ§šf`NV€w},N"I7Ÿ»÷²Æ“ãZÌÊ®N'8µ'oñKH>ûÖZÙ<ñªŸôeXQ‡ÌüÅ£‚]0‚Y0U#0€ Z2ê” ¨ª/Éã.A‚è·0Uóëm¹Å ¤ÚEÿ¯zG¯À¹0U 00  `†He00Uÿ0íUå0â0ß „ ¤0}1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA4 cRLIssuer1)0'U indirect CRL for indirectCRL CA4¢V¤T0R1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA4 cRLIssuer0  *†H†÷  ‚žNväö0¡Ð¥JNôÑrnµ’Jk|ÛVË ÷{h¶Ê1ÒGGëتX1mNK±ýã«1Š !oŸ i°÷Š„ÂÿžúÎi"ê¦5¬¬Ø×FîÖ”Ó0Ø¡F¦´è£-Y;8Ùý÷4(¼=Y©¥r°$Oþ"&(d~‹ßyÇ2®›o—¡5JDCýíàŠ’·Iž^…R•?8Ÿ jTs¼Ÿ$rGW–£yfZ:1j˜ÀóѺh 2àºqÀÍC/=§ó>Ÿ hÑö┚)Ž_|certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/indirectCRLCA5Cert.crt000066400000000000000000000016101453642760600267650ustar00rootroot000000000000000‚„0‚l X0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0H1 0 UUS10U Test Certificates 201110U indirectCRL CA50‚"0  *†H†÷ ‚0‚ ‚Чœ‘Fá¾çŠZÎ.¾þcìßÆ3áòWÁÞHÑ-‰WtìpiMÒœ¦˜“L3³–’)Z¹û·M]©¿#uÏøfÓTräé¼Ó£8C†8ÙÁyœWËfúië|„ QZl ¥WºIÄ®f¿ïÒ@r…É 8æB‚·1FéT ^eXW‹*0_jyäŠnÉ¿ÇÅ·š‹MÞù"©´––Ô°¶än#N’/lŒ•ÃC¬]’¶L¢ÍN'#ÏÀ>u±Ì,1¨pï®À³MdÏTätËà»þR‘÷?ªÀs²’GK5×ÄqÈ©Ár‰ÎCkÁ¡úV‡_³ë«èVüæyÝ°ºdç»õ` yá“å.pñg¥—ª0(»ØúóÂ<ªì ¤RØŒ‘Ü~EA@°Ýظ۪üÏè }?G2Í•í|q£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UÉ £l-wOÞBô ¶Þ*v10Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚XÀ¦N)êᦘŸÏE窖‡1n9¨Ë¹ëE1 êe¬\4TŠ ‡…Ê^ܬ+ò X¸‘Ì¡ÌêGë¨ÖOk)¯ï¦³bSA²‘z“«Ü4%ÊÒÞÏ6§Õ©äöæ:+S%Å¡TÁo؉¤<£ºòy¾KEÿÆhÝ.Enð«ÛÃÌÚóáP슰ez^ UýÏÎ °¥ìEþ>H[¿ÀþÕ[h.ˆ]nÄoŠ­?;ÇüSMjóìÛO›ð :,`æ–î!âŠôЛ‡Ýu4£Ïe†à O™“›††õ¡ã/#„R9&ÚJ¾H="¤*[ûûG,¿1certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitAnyPolicy0CACert.crt000066400000000000000000000016541453642760600301040ustar00rootroot000000000000000‚¨0‚ ;0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0M1 0 UUS10U Test Certificates 201110UinhibitAnyPolicy0 CA0‚"0  *†H†÷ ‚0‚ ‚Ânј£jÌÕAÖênõÃÔ{}ôVâB¼}ªÕ˜ì ˆ›-ÆÛkN£H4±Ý”;¬rCÔÙ·Õ[ŸXk”^WЫt.íÙ«á,ç_"ðŒAd%ìw`X¿Ñ‹vLÂÿfJò)µMÇ9áò¢&£›ù$óåë!úz­'/>ygþ?2Í[FÇáž —ŽaÈ//dLŸfi(hòTcSšb×aAÏ9£ ó¬Nç²³txY¨²PŠ‰#@ü“l͈þ8rºüA O ‹£•ái÷Öh/Jt·ÚÛþ/u:µa®&N‘'Yû]Ÿ—Š™ER¦$«ëŒ !X9<›\1ëû£š0—0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U  zjÿj…‚$ÍÃ&…ø¿Š70Uÿ0U 00  `†He00Uÿ0ÿ0 U$0€0 U6ÿ0  *†H†÷  ‚`²ClbÛøZ¦ŠmíÂ>Àñs&Ùöy,Í?édÉ)ñVín¤ß’IîKæÜÝ‚ŸBðÁ%ÈÌÂz ͬ»Õ&*Œ¦ÃÅ yæã/…­¦ìê´b×xUhÜ)Ÿv(t$€˜£Þv»E ÏKC3 48-q(å£ãîKÊóý£XJ~N|ÑÂÕ_ãâ$9ª¹ÏûA ³x¥/`Ñ,Á‚¡©ˆ b ÁÎ61éhn·cûUs} Ühwÿöhš5eZ v<ºyõwÆý“OûŠã6÷¦—³!¬£Ëb¿§¯ÓéºÈÊ¥!kl€ê½ICÊËÁ‚ª=êÎè} (l^C8ŸTcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitAnyPolicy1CACert.crt000066400000000000000000000016541453642760600301050ustar00rootroot000000000000000‚¨0‚ <0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0M1 0 UUS10U Test Certificates 201110UinhibitAnyPolicy1 CA0‚"0  *†H†÷ ‚0‚ ‚ë0o—\T@ÿ›dWÅœRšè&ø/<ÆP¯ö{úB,ßDQ=ºq 2´_5y€_±PÃúÏ/Œµº—ZwÿÉãï#Ëùš|¶0 oCæåH»Mù¯èóRa±½›&L½(ŠÅ¡M„aÙÒ⬆gÖ)¹]9ªÈUX]võÚÜ‹6ûÿñRMà'’:OBÖôR¤%$Þ¹r IÖJå/$s³”¯°$A—SÐ_#Òz2Ã,q2TH0y  üúÄ“i _8'—øNÉê²ño M‹Û‹…HÎgÉØn˜µX˜;]¬‘²þ bÔšãn.xÇØá¿•ö>èÙA&]O{£š0—0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Uئž'—ÃŽÔ!× ¼œí¡{òÓ0Uÿ0U 00  `†He00Uÿ0ÿ0 U$0€0 U6ÿ0  *†H†÷  ‚4^.u{wj”¤û]«.ö]3<{ˆ=t‘ŽKÕÀ×OŽ•‘?ì3áó¢î…ô.ñª—64e4j㶠R¨üãO²Ú¬¢‹„«õ³tѪPYUf ÚŽ0†Z]Ì.ÙEG‰ Fc)ptq¸N_ s]H£ÔbïÿD èÔ•Œ&$íÇ t7½Y ²‘R9¸*Û|ÉNÆ¡[»>šl[ÃÅA\è®#\éÞ˜ˆ§ì¤I£êHõpáSN7Ó>‘Z‡/©ïOtõÊ°b0Á¸[ŸA—-&Á]¼HT;¾‡T¸úÐ{ë u¹I.„Eu½÷öxå¸ÈVcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitAnyPolicy1SelfIssuedCACert.crt000066400000000000000000000016251453642760600320720ustar00rootroot000000000000000‚‘0‚y 0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UinhibitAnyPolicy1 CA0 100101083000Z 301231083000Z0M1 0 UUS10U Test Certificates 201110UinhibitAnyPolicy1 CA0‚"0  *†H†÷ ‚0‚ ‚Âí'龆¥öߦ[õ÷:Â3ëR–eÓ.l2gj†œåi&ÜÙ£ §b¼ærÈ·x"Éø19®ÚÂPY呆ÃѤLäë÷- úÿ^"v¥á5’Õu9þ;k&“H$NªÄÓuj’šS£‘õQ‹—&ºåýÈC­óC¨t¿J“¤UÕ­–\=¼Ç&Ìô…Ô-ë"`«áÑYÅ ¦W¨6nÑ`ĈdŽoœYª§‘Ûd‹Kcdk‡¹{?°&4‚àÙ#ÝýOý÷Ñ*áOlÒ ÛYº&'…BNz‘$êÍ!lV£db¤ ×^Ãö qàÁƒ•š†^:‚9Ö )Y£|0z0U#0€ئž'—ÃŽÔ!× ¼œí¡{òÓ0U@©Èï²a4•Dla†©æA®_Æ0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚v3lK¯—ë.#:%Ko$¢e¹1ÃûÿM@b*Ðð'óÀFÅ¥õÞÞq}Á§Q)'—$ß C§Ix´ñ,Ñ Ãˆ”Ë~ËXúëÃu€™:ê80c'ïT–€\=Ô¢Ô°›¸Op:ŽC&fHÆÇ'Æp=Uû½úev.š„ÂÑž”FŠzŸƒ{Â/‰™R}§P?C¾ 6PßÃÐtb~$?âd–€þpXaP‘4§K ßv=óªÂ¹q( ø‚ÌŽUÿ¬§®÷’k£/×—¤Cç@ªßHÀ1—¨ CæÀ0Òtý:\¾5u?ÀnÓ¬à…2rÌ1certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt000066400000000000000000000016271453642760600326700ustar00rootroot000000000000000‚“0‚{ 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA20 100101083000Z 301231083000Z0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA20‚"0  *†H†÷ ‚0‚ ‚’@V‡ëUñìã›—+>€™È ÕžÚÌ_c`è©t½I¦éb—ÅQ¥®ØgDÃÊ NÉR²HÝöÃlù¡…¼ÚN1ýBâü¥Ãƒ MJQË_7Á.°m’Š.6 Á32báœ)£² `¬ƒ“ÍC½Àçid6.êN0ú;ÃÎ2ÚŠœŠŠÎúFcù"ÚØ®7• 8ͬS qV­ª˜ÈS’:†„éé¨RÓÊ„Ü3GI3õebTQ—×”}Πⳋ¿“ÿû%\æÚ´§¯‚¥ŠcIFxô¼ôÚÉ߆µØÛ›øŸLˆ`|w\ãÎZNVÉ–»å&ïS[ê>À7d¸‘cÔ!!SYùÇG½à®ËÌB‹Ó¾}Æug<\¨certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitAnyPolicy1subCA1Cert.crt000066400000000000000000000016231453642760600306740ustar00rootroot000000000000000‚0‚w 0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UinhibitAnyPolicy1 CA0 100101083000Z 301231083000Z0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA10‚"0  *†H†÷ ‚0‚ ‚É\e eqÕf“³h٘Ϫ×e )•þBÛãZTªü]Ýb¯#ˆesK&¦tÍ-¾ŽU~xŸò#ž¶)YóÆ(fÕÛ¤×-ŠZ1¯õµòœ#MEÂó–kŸ„!o‚*Cq BÒ…E_CHèàËâHéÜY·¼‹ëQÅA‘›ÌoqIÊ&;0L[³!û#Ÿdj¸1Ëï7„)ä }¹,2ÏZÐÔ¤ôæ®\ôgþÀ\)K>#MÖ³x1pª›Q¢+óÉ|ø ]0@{å|£ ÅyÈæî.ú+{ŸfoíªÄš:Äêuå©m×°ÎDÄša? £v0t0U#0€ئž'—ÃŽÔ!× ¼œí¡{òÓ0Ut ÕXÙ+SÒ+°Í]qÆ¡¿C§È0Uÿ0Uÿ0ÿ0U  00U 0  *†H†÷  ‚gÌÏ»G½ïŠÒŸ«õEÓ Â!¯øôr²Íʼޑ™ R¶:ËÝâšÞÖ]» ¦ íé‘Oߌ{†¬=—î}~zÌ·?NwL˜³Q®5 ™UäÇ@£ÀÅŒñ8ñ.Z¡(?B¾Ò»£å°‘qz‹/ñɶ-°®c(ªwü¢oò¨5#õ¯AñhR½‡{.C”•–äK·"££8fÈk‰fÛŠÿƒ¹’’ÑS­“öà£hX]2_uªaã¸ÅfÿÆ^Ñ$ñ×IJRÇ´¨Þ,äè¿ø‘Ü‹ gÿ訩† DlŸ Â%« !H~mèíß­d{ÔXÞeš93IYÑêBcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitAnyPolicy1subCA2Cert.crt000066400000000000000000000016231453642760600306750ustar00rootroot000000000000000‚0‚w 0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UinhibitAnyPolicy1 CA0 100101083000Z 301231083000Z0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA20‚"0  *†H†÷ ‚0‚ ‚×™n!?ÊÄèkÑÀW1aˆXTÌñÙòÑá,~bNiÐÝ¥|5÷XS´þ‚j`NÍBË5á´op_Áשo0ðý,ÇÚ½z¥Gé&ÚÛÛ¹su~ñÜ@aÚæ€Ò½mHäNäüÖ7‰ä7ÎÆk³™¼³RÖÛôå¯1U<ÒNŽ[~HøÊ@çºN›¬ÆYÔ°¦Ä0@´]H¨‚¥ÿÒì‘àø5¾Q¯Ðc=î÷C™†ª×}Á] dÓÛ g7i‰µÚIsÑ8sŽ}J÷kÒç/B2m­á;Á ç…é•C“ç5-!kù»Ë˜³2R“Ò>bI5üt£v0t0U#0€@©Èï²a4•Dla†©æA®_Æ0UŒÜß~dÛb¾ÛKQdŒjfØ\££0Uÿ0Uÿ0ÿ0U  00U 0  *†H†÷  ‚Ufã*ë}·-&' ÷ 8¤ûÅX×FòI¾£©k¯øˆ«uY´'E4ÈßA­uí‰ ]­¿¥fù?ÀpW%þKè¦ùöÔnùÄmu¢àlyYO2l²¶]‘˘t¨S´#ݽ? ãÆP½ÊN2iãúΛƒžO?FZXÂ&ºbz.§¼N(æ GGø¢‚™ 8x^1'cUUU‹Ù©<ì…ƒö—®õò 7µRcÒ=«®À¸X_Vi;…™–o‡cñBHSÃR:,ò)›¾FõG¯K×$¤™(j`¤én&­˜åXï™SŒ ÓLÙî]äïLcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitAnyPolicy1subCAIAP5Cert.crt000066400000000000000000000016551453642760600312370ustar00rootroot000000000000000‚©0‚‘ 0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UinhibitAnyPolicy1 CA0 100101083000Z 301231083000Z0T1 0 UUS10U Test Certificates 20111$0"UinhibitAnyPolicy1 subCAIAP50‚"0  *†H†÷ ‚0‚ ‚»]ÿ·e”†ÝPèAxÛè¶ÝQš½+SIQ•+ðâgZº1I”´&ÿ«1#ü‹Z°ø¸;•XÑ>²7iËÆ»cýY{÷eŽ­ªµÛ”õ71Ï ÒâÇgOöË[nõ£Œ0‰0U#0€ئž'—ÃŽÔ!× ¼œí¡{òÓ0U‰Tt`³÷n aŽû¾R&0Uÿ0U 00  `†He00Uÿ0ÿ0 U6ÿ0  *†H†÷  ‚"Ë.ñlàÀ ö” ïCn:ëÏùYœu»§°Ö®ŽïónƒìQÜu²§H âµã/+¸¶ú‡á©$ÂÉø@¤ˆ¤ä%j[²¾X¿MAóBÿ¦Ø‹øM°X‚1hfvÄ"mê0tG î} úšŸ‹ã¾)5kK 3žž³ÕÌðÏ”ë-逸nu–û§Ü[ÈÍÂsÚŠWÁt¶\–“Ù}ØdSXW®sÏ:O Ò亄ÍÒ×édâäØI7F6Ê:}+‘ ù íwÚdqQÑù>rCÓSÌ–·–Ÿ Y%tÀA˜Ï½q¹/M¤• 5Ïšë0ùÁxYª¶éEjW™^²certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitAnyPolicy1subsubCA2Cert.crt000066400000000000000000000016321453642760600314070ustar00rootroot000000000000000‚–0‚~ 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA20 100101083000Z 301231083000Z0T1 0 UUS10U Test Certificates 20111$0"UinhibitAnyPolicy1 subsubCA20‚"0  *†H†÷ ‚0‚ ‚°åؽ°NÔÃ%Ê‹^ºˆá2…ئPä|ZbÐ@_³Õ‹à»“ NC&®kèuÛuBÊj|çŧõ=w$c†°"qÙoKˆÈ¡ ñd{‘wè´ì¡ ÅC@þŠü«èÈsÉ抜ÂçéYŸ7y(´Ø›Å 3ܧŠÂ¨ýõÚgfä^µØÚpœóÏ»CVü¢¦3Ey3/Ù0ìz¡Û07ש”rc]«·mˆ^]“1½› QˆœøPuEH"ï¥EJ…ÙtFz[RòQåÐjïÌ-ciBtN m*ûû9`Ʊ ñÉî"ž±ú‹‘WþHÉrƒ½}F°s£v0t0U#0€ŒÜß~dÛb¾ÛKQdŒjfØ\££0U}ÀœŠvùI3÷¤KŽ0u•;èˆ0Uÿ0Uÿ0ÿ0U  00U 0  *†H†÷  ‚³­Ï° Añ¬t$OŽÎTâ@\ö$üž°âÄAsº¼Ã 4A$GA@ö ‚ì]þÝ3/æä÷¹4<ÜîJÛ!€“{g*þ+ýªš¶Þ"–ÈßrϬ@<™qvÕ6„g¾þáxUuÎb¯;žò‹R%_tRuäßMÒêðÀwY„{ @üè“Žø2x£ØœÎј¢‚qŒ·eÕæ°ÉÓöÍYj«ðÙ˜zÅ©ø±a›A4˜îxÆ-Ê”Þcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitAnyPolicy5CACert.crt000066400000000000000000000016541453642760600301110ustar00rootroot000000000000000‚¨0‚ =0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0M1 0 UUS10U Test Certificates 201110UinhibitAnyPolicy5 CA0‚"0  *†H†÷ ‚0‚ ‚ÝH '¦+î˜X .çM À÷žuí5 ê Qï´ÒÈ¿¶Ð?è¼8™cí³·½býQÅ€Ìkº°fÉeÙ ®_aB*eÞfå™ sÞ  ¿W­œ4®Þ±áæGXݲ€€ –' &ò×4Œ¦»*RÓSÜkÝÓ+¦Z òW׬®<âexÄï£[€>°u$;êÛ åç·hð\öRò<$Àøq4' še(Yuiå¥$™­NCñè:j‹+ 3 ?¥õ†o‡ú=ðËúp߶­üØG4¿µ»)_æ¡"ÉîísªÑÄqäÄä]Á²,žýÛÞBÕðL·ÈÄ"…— Ç¿ye£š0—0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UÀ&çiÖ|ð½ÕªSeùœË 0Uÿ0U 00  `†He00Uÿ0ÿ0 U$0€0 U6ÿ0  *†H†÷  ‚†Îæ08³Ô]pMsq Û8+ ÝúŸƒ:Œ®©;7Ã.Õ@m~òÄ…„&Y`C…ƒƒ× ƒã )±Ñ60çI‘¿œ7ñ'5ŸúëÙü ZS÷{ á[ë)ÚF(£ ²E–ѸÞÂ9P¦›§)øôº–B56F¡ÕŠš¸G qT%Ôöþ÷ä›ñšMùdc¼†‘Í•¯K@%y"K¬$ÖZÆ(ÂÈÍ Òm\Û£Œ0‰0U#0€À&çiÖ|ð½ÕªSeùœË 0Ul™©¶ë¾pI6LXš"舅/Û0Uÿ0U 00  `†He00Uÿ0ÿ0 U6ÿ0  *†H†÷  ‚w†‘ÚélÆ èÕàm-7‘q ž–:iM£íÞjÛä‘%G§“_:(ÉhË=Ü™õùs½ï7å Æ«-úW8ÿç6h‚›öËZPóÜ9Ê‚"ÔØyËi9@ìs9|ƨJìäј c0ÄÌaqéýÒî'O§GHò"A/ž{-äºnôFv/®ÅçÖF ÊU„´LúÐ#“`^“ÀT~†Çäp† Ø'°¶Hj[KÜ“ÍÙ‚¢%lŽæM',¸ÕŒVåv2w8k)iyVqSÀÿSãUãúóŠjð5£‰‡Æ8¸BKg€cŸªÏ5Ä´ÆâBœòLcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitAnyPolicy5subsubCACert.crt000066400000000000000000000016361453642760600313350ustar00rootroot000000000000000‚š0‚‚ 0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UinhibitAnyPolicy5 subCA0 100101083000Z 301231083000Z0S1 0 UUS10U Test Certificates 20111#0!UinhibitAnyPolicy5 subsubCA0‚"0  *†H†÷ ‚0‚ ‚ÂDeþ!ÒÞ^[ºXãµ^€jöû|¼h}‘§‰›ØûXi<øùS5ó×nm¢üy ‹'ÆYtüÎú˜•)7>»[úžƒádv»«ç-¡—Ÿ/<¬Xz¿T¤E—$*èÝŒ"Çê¨Å&î8¤Bßæ?£}Ýp À#Å`µI!®ÄØùJi/¹’äO€Oür.ƒæìޅų€Ô] 0Ŭ¯íT'3”u RÝf†%DL¸)"Cµ–yø/“gX Ñý&ÀÊ;qé@ô,UÂ%å5/.WEå£|0z0U#0€l™©¶ë¾pI6LXš"舅/Û0U1á?übn€eÍ©y+n‰ZèÃ0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚\O±fºÖþ`<+™^?–¨G×7G ׃õ‚((y©XM!+.‡u˜kr˜mú”¨xs­±¦' I¶”ÎÌ8./ÎûU17·¾?ÏO xã!ŠÜŒRE‹7µg¬r$@%×ɬ€qR˜½¦Ó5Ò6ÿ¸"ð§$Y¦‰âSÅ´L< ÙDÄIÙA l‹&2ò²•lMì21jÇÁ{±aõ¿£æÝÀñvt9îËu>Í /”|R…ªƒöÖþ¡î%óºÊu/aÄ# ™íÖ3 …ÄM¾ãÍ Ý±¦ R0ÚéË´Ä»e®€ E¨5^]Ô3'^˜ÊÑ:@ÆX4ìA–certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitAnyPolicyTest3EE.crt000066400000000000000000000016311453642760600301320ustar00rootroot000000000000000‚•0‚} 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA10 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%inhibitAnyPolicy EE Certificate Test30‚"0  *†H†÷ ‚0‚ ‚×\ùã¿ÄQ§ ‘“•Èc‘‰É¸R2¼n_M›`´@ õ𼳉¤;ÿ<$·ß¡KcªŸb`^ÉZé>ôäÃ"Ãä¼ܺ±ÏåL"‰Ú‡_¡Ús4kƒ ,IW%¤Ã+„TÀ6x<7…#é‘¥L9·LÙÛAˆ.iŠ*­5 OÐ0®Žû6½Æoì3y©:…k™Îhœ_x³<Õ Í¬ºÏ7å¥i~»v_æþëŠàïW9Ü€¶›$T©x¹š2LN Êã’E±WhÂÕsÛ(mxò…bAãN”ŠËñOy2ÃÚóŽíÛéÀ¨ý=ÒxbÂÍ=ˆ pm‡£k0i0U#0€t ÕXÙ+SÒ+°Í]qÆ¡¿C§È0U >^m+ í ãOAñcµÝÁ’0Uÿð0U 00  `†He00  *†H†÷  ‚űhÌÄ[âñ,¢Oà:*S!´¾” Ù, )ëoj3 ¹¨¸Mnï—w4a“«›ÿØ­Ï7;[µœÀ~†ää²*~6,ð-²¥¾_ß1$”x1,Š‡HLîº%D[«”*ÈMÀÌ)ll¬¥vÒeZB2ªüì‘”œd–™¥+üÿ—Û0Uÿ0U 00  `†He00Uÿ0ÿ0U$ÿ0€0  *†H†÷  ‚\Ä“2†èˆ<¶y¨bÿÝF¹ª&Ã謼ò;d»»6dn¯Cñ‚ÿ”qkBÜûj#Ž’ÄF .ã;‡„±–ždêwQïE7¬certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitPolicyMapping0subCACert.crt000066400000000000000000000017121453642760600314550ustar00rootroot000000000000000‚Æ0‚® 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UinhibitPolicyMapping0 CA0 100101083000Z 301231083000Z0T1 0 UUS10U Test Certificates 20111$0"UinhibitPolicyMapping0 subCA0‚"0  *†H†÷ ‚0‚ ‚ìqýò´&–½§›Jð¾µú惱´àt‹jåx>ø–Ò#ß^º ¥¼¿¾¡%½Q™÷òød.Iù •ÃýôNc«E«fvéÉ CºÂ{pb ù ÚÙ\ùÐëÿ^¤khWªöFoò]8äŽÖ‹îOñ'¯'‹ØW wL¡ÖžnÕ+};?¤{á+å-äêq³XñKcg¼¼ògî}` s6ëíÊc¥3‡h nž×ezì­ÍuŠJȔႃ“bJ´ön/G^]ò³qÔ­oÓ…ãUGÉ*¸„ÖJ¼»z0ŠÀÖñ3Æ¢ôXôQüˆsJŒGŸsµ¹wŽ7­£¥0¢0U#0€X7&‘„`¬îö@>¥+üÿ—Û0Uÿ´sbR\–:Z®¼¸²°X`—”)Í%àæ^:c:¬w—T=ÊPÛÕÛÙmͶc‚óÍœ¿Êz\_£¶$Èîä¿îÈbµËÒ ÅÒb“þäpÌYùo$c"¸±­ÿxã©Ç/“4“©,·?Ú™ä¶-Flópú~4­›cjƶߡq#Š­ÿÁÍF˜wcü§Ox°&b•ƒ„ ´büI´^Gjè£7caSq[¶hv’¨…EOÃRíвaC¯}ÛBÊÁcØŽ&MJ}qª$îxZcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitPolicyMapping1P12CACert.crt000066400000000000000000000016711453642760600312330ustar00rootroot000000000000000‚µ0‚ 80  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0U1 0 UUS10U Test Certificates 20111%0#UinhibitPolicyMapping1 P12 CA0‚"0  *†H†÷ ‚0‚ ‚õ#œñq㢱²Ž p"†¼mñžOZŸŠÄUö¬|.ƒ™8KW0ÎQ>Koµkˆ³°Æ«Ð0F §»w¾°=ø=#7gJ@ßq þ»ò#“-oávͲOtr£EnA$䜯Ñ‹¼–xW?VâZÅÐȇ|T9é“lŒñ‰J‰xJ7\¥¾æãö]Ï«Þ¾TÕlùڈРɽìÏ'Øœ ЛĒ䎃Dߘ¨J£ù‚Ï_áô¼œÏJ°¨å ÉT/½ò)–-d]AzOI!)^»jDj$dºUB+ÔÏÛ¥¡e!?¼!µùÙIéÏò©Þ9TÁOà ³;)o[D( £Ÿ0œ0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UMg~Ý9¯è&Þ4x±uÚ¤0Uÿ0Uÿ0ÿ0U$ÿ0€0%U 00  `†He00  `†He00  *†H†÷  ‚+25˜à›$dtu·Ê+órÿ£Ég5¤³]ç"’"úËaà‡¥Á¨dvž€2µ©ggMïþRy÷¢wMq§Î£n¼g]Îv#üd{ÕÃW¿º…ÝÃeJñ:S¼Gº¼µViÁŽ-÷p/•c/dÚ¿?[kÂr€rFCŠz;%1óöº±x ¦XTáyð1z›¯ö¦üƒI­±’.¥…k…Ù†pžð›ãü¤zb²aþÂI¤<åk.ÌSeIZ¬[iø:˜Ak5)CŽ`STpY»‹øá ‰<|µæ\¸.ˆ‰z¨Ê¦ÛmòŒ’Є‡îs¨U‚˜ÍÝ%Ï«´ŠÄk‰÷žm£Í0Ê0U#0€Mg~Ý9¯è&Þ4x±uÚ¤0Uª&”d~¼]`Wüp•flç0Uÿ0Uÿ0ÿ0%U 00  `†He00  `†He00@U!ÿ6040 `†He0 `†He00 `†He0 `†He00  *†H†÷  ‚i‚íñãù…'BWfOxã×~~1~7èóÓŸï#x€Ô'Ô HŽßò žtVÂß)7Åàlìa(ê…›'wæûRŽêz"·6¢Ï!×!s½8 `ßÌQ¤ØR¤‹Ës¥et!`pŸ×îêódC|ªcÖ‡zÑ ÉbV×À E|㈣Lì”\ÿÑ^úXŒÌ[HÛ¬[H£šIëÁ¤•x ²ÚÚ ®Å5ñJÙä<-{ŠSÁx¯/:æ`Þúl\ ïídá°úq¹Î2/∵“Òìw›Àäª Ž3!¢ä*§ï:®¾˜S~/é ”"™© ·Ò ž¶¿¾!dcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt000066400000000000000000000017151453642760600323770ustar00rootroot000000000000000‚É0‚± 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UinhibitPolicyMapping1 P12 CA0 100101083000Z 301231083000Z0\1 0 UUS10U Test Certificates 20111,0*U#inhibitPolicyMapping1 P12 subCAIPM50‚"0  *†H†÷ ‚0‚ ‚½ƒ®€Ìä‰ÁÔ+>cØ|Yr"ºpƒò]6 R‹*hø „)ÍÅäóýyˆC„VK?{%K2ªQ)k'ÝA4zµ¢/èÐÇrÌ›]Áæ…"x½ñPg%ãï]6Í´ó©Ó囎U ­YiK½FgmŸ.¤þj@sö¥¼ù¬¨T±!E‡Âè: ®%`_â|`dö(< 1qÅ$‹ïòÑH˜ó±µ¤Äõ­[=^¡e°óL„q#?ØQíŒùÈå嬚iCŸÓ/ˆí~Úr[/c£Rwôž‹—NAU‘gõðvj+ò[QKíz,M_Vh8hu“¤pöä ;ßÑ£œ0™0U#0€Mg~Ý9¯è&Þ4x±uÚ¤0UÏv'";Âô‚.îæÝ€{S0Uÿ0Uÿ0ÿ0U$ÿ00%U 00  `†He00  `†He00  *†H†÷  ‚>ÝW¡RÍVS;«4¶Öc>匢ò>;¾+Põ0 *5ÌtKñ%3¹ó“dŒS%ºýª[|M(Ö­ƒ¿Ë¢Á#=°}§-â›zjô N¶B5'RÁ“´ 𨸼è7÷kHå°Ëkbàëˆi«àbàÆ@§@àHSýAÁî!h_A ÄÐf5?ç¸IêìIˆº©©%jí¥Ù§„!®·wSÒÂU^Èöt1b¼âïN^ÞcËú«ècPÆ’•¡ê%Œ›÷H˜ÀÏ Ó|7³<  šÁ퓺ƒèí·¯£ò¯üq ŸÍÿh½ºÚ„àëü¼Ûå]AÐà,G+ ýJàºRûcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitPolicyMapping1P12subsubCACert.crt000066400000000000000000000017461453642760600324620ustar00rootroot000000000000000‚â0‚Ê 0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UinhibitPolicyMapping1 P12 subCA0 100101083000Z 301231083000Z0[1 0 UUS10U Test Certificates 20111+0)U"inhibitPolicyMapping1 P12 subsubCA0‚"0  *†H†÷ ‚0‚ ‚ãTAfÅRfÜ9o]Ç”ÈoÂlè¡¿¼9Ûy™ñïPOïóÿSôH$¤‹SømEu©Îºœ~6ý—úª4ÄuµÙžÑ]@¼wE»x|RLðæ^wö)¡‡®_ò¢7¬E›ô†M;‰N G¢â£ÒõÛLƒ…ýèZ¼ôeT¦D¡MCC2úàÒ¡ª#ÏÚ ýÞ‘óÙê‚5ÿZ2 Ñ.Ý(oqK]4°õ1WOÄ„ ß+B÷¢çIW!Eü~ع 7—·„ÛÐD«.®ý¤1S:%:᫶ð)q(ØdÄçúòŠ¸§q9Ú¤m ü °³V#<ú"•lh Fýö®z‡]£³0°0U#0€ª&”d~¼]`Wüp•flç0U×€\‹ŽAvº µsqè£@€tÑ0Uÿ0Uÿ0ÿ0%U 00  `†He00  `†He00&U!ÿ00 `†He0 `†He00  *†H†÷  ‚S&ÏÂåÊøÐ8¦CM:“ê£0}ä°TÇÆT:tÀÙY <>ÕÅsÀ¹f4R˜ÅdåAr¶–øY•G¤ÞÚàD=¬_ÿì`Q&Ѓ须Ž <˜fe~âÔ„ÇOÅï¶@zhá8k!§š;w.R+Âl&o¥Ópý~€˜ ½WP”RvÞ¥û¿·b÷’:_Ãìþ.òÖÂ:€†à]¾óöªœ¹däµ5ÂÌåå ›<—¼4KBrpçT0Q›ÊØæSyKÁ¶œàÕAq¾çÏôŸ+Kë(„Û¬\†i…es#Ÿ FÁ´ã8m‹F‚=Ž³s¼Es6šÙÑcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt000066400000000000000000000017561453642760600331160ustar00rootroot000000000000000‚ê0‚Ò 0  *†H†÷  0\1 0 UUS10U Test Certificates 20111,0*U#inhibitPolicyMapping1 P12 subCAIPM50 100101083000Z 301231083000Z0_1 0 UUS10U Test Certificates 20111/0-U&inhibitPolicyMapping1 P12 subsubCAIPM50‚"0  *†H†÷ ‚0‚ ‚ÌbvǼ«}麋$*aÄü„ú`þÜ0öˆµâñ5ÿø}¸èr'žó.8%¾<þÂë#âOéóÔy1h£"ÇÔ{=ör‡Ld|Aܦog0»Œjg.-ìÉ;¾É¥œæc½–Ý—CÇüìØòd{Ë‚te/‡'FGª´Éw}5ÅHÛƒn(¸(Ñvᵿ±pFQ¿¯#•f:ݤŒ—m€û¦?sZÇ>5ù£Ü¤EmW– ½k„s:^o³`¦[´­f¸8Eº¥Ú„v„”ùœ›¬N£¶~—A-¾¼'ác~&Z¥æOúú¼bóTÁI£³0°0U#0€Ïv'";Âô‚.îæÝ€{S0U‡5g𼡠6º¨)í›[p0Uÿ0Uÿ0ÿ0%U 00  `†He00  `†He00&U!ÿ00 `†He0 `†He00  *†H†÷  ‚$Ko Lž„5¢(›èŒ>¹éÖÅÝY$¼X¨½‰=Gnâºê×çǯ’–æèJ;‘¾Ò Ðfö³`Ð1`è /ðõC³¹¨0>˜Øk0nøõ„êË”à&éò6|o•³ÊY4fÐm;­T®gyî6þ½Ó°û7˜©tVµÌŽ¿¯9E=×Tà}1vÎE(c¥Ãê ?d®’f¡ ËÐmpæ!Á:mÄ´Š0Š?ši¢»Lñ†ðIL¥¡Äiz:,©ªà Jflìãòœ6µÂBà¯&üú8Z4LJ¨K9™‹¼hÒSxØëºEBøçxŠÈÃy =Egÿcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitPolicyMapping1P1CACert.crt000066400000000000000000000016521453642760600311500ustar00rootroot000000000000000‚¦0‚Ž :0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0T1 0 UUS10U Test Certificates 20111$0"UinhibitPolicyMapping1 P1 CA0‚"0  *†H†÷ ‚0‚ ‚Ósr•\[·<Þ•ywì·åè%þ|Úl\°Š€ÉrP„ªQŠ:áC_YAY§-,ô·@(›O;Í›¶Ä°ŒOí¶sŒr%y+4ÿ8 µÄj=%ã:í%eî/2ò.ÎfÉœŒÀ¨œœ–îN tnäüÅ3•ƒçKv_ó}”ƒÚ% j~GPáÙë™»¢.GK5ܼçÍ€Ço¢«žjæPÅŒ¸Tä*ËÁë:É^G7~äzOïh¶í›tc äš6Ç1–j«ü›ÁFg)'kÛ7½QLðÒÔa†LÊ‹ºšª*Û¼sSÂ˵ÿ$!¨ù ¼dÔÜᣑ0Ž0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U¾¶½)¡Ù‹á¤€hƒ(­Jð0Uÿ0U 00  `†He00Uÿ0ÿ0U$ÿ0€0  *†H†÷  ‚‰[f}\ÀŠ + /Kd¬[|\ÙÈ• “Ô(ù*Ò]y4gïøb0¬mÍá]¯abE´Í[~»ýùTR ûqwn´Ÿ˜3fêé—íÁ~€u«’Ë°–“+“ùzЀß$ßA&®–9ë±7 {Ôêb›r±Æ±]{Ðþ |˜¨HcsÄD+™oe˜Í¶ñ̉{´7‚ŸE LÞ Ù—ÂE˸\Àlšï,OªÍ/E88å:dUÙ A8cäÛÍ=ŒæŸTN~o=ŠÍrcAwhÀMê‡[.@ baš)$ CÐ/„‡0߸lcØ‘[™¤Tgé ·—½-ø‘ócertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt000066400000000000000000000016431453642760600331370ustar00rootroot000000000000000‚Ÿ0‚‡ 0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UinhibitPolicyMapping1 P1 CA0 100101083000Z 301231083000Z0T1 0 UUS10U Test Certificates 20111$0"UinhibitPolicyMapping1 P1 CA0‚"0  *†H†÷ ‚0‚ ‚¾!ºÅŠÆœO&¨¼¸«2¤×©L-Ü}3fx6TZF_1–·tê¢ C¯[¥ˆ“àW†eåIÐrAdÂLM-3Fö™±4Š›ÌÓw4\?Œ¢×Hûw†`x{†ÿ1 (‚°ìf!A²](òîpMê³¥#=®Y³G áþûž–)pë£zùYìËê¿çÇê#è€þ¢?3ÝÄlÀÑöžî%HÞšLuƒ¶iC/²uÃÉs§0,•r×Ý^½?¬C€ù¥¦Ñó!j¾Ò‘ä·ø÷5ì£Ð™¦•è…dBüyMÃß«VÜUhLÀ¹&ÛÉQôYþ)ë£|0z0U#0€¾¶½)¡Ù‹á¤€hƒ(­Jð0U—ÌB^×øD‹³—Q’Ýl;!Ø0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚(÷¿~8wÁX¯|ÐÕÎGu¹þ¸,Ÿ¶²‡c_ú)dì<)|óá,Üë=wôÁÓ?b<½8}T€ªj }+pÌq'Ë]áê! B•yG?Õjç¯uã“[Öž‘·mÌÐQè-‘VB–Å(E(ÂîEc‘ ùç¹Õ3Ä#öî¨_À„UdÍ•@j)E´:ÏO@R“ÓµþþC gÕ° Ec ×G7]Fh∸yM¾€qÝ®&µn4b#[gDÈŒ{˜Ì½‰(R„Rí7sôërG«²/¸¤uzµ»Ó¯^0é-õל[x~kä=Øý3kµI•m<ùiDaÍ0rcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt000066400000000000000000000017231453642760600336500ustar00rootroot000000000000000‚Ï0‚· 0  *†H†÷  0W1 0 UUS10U Test Certificates 20111'0%UinhibitPolicyMapping1 P1 subCA0 100101083000Z 301231083000Z0W1 0 UUS10U Test Certificates 20111'0%UinhibitPolicyMapping1 P1 subCA0‚"0  *†H†÷ ‚0‚ ‚«µÎÿãöô«2ÒéùO!±¾dèÖ g ‰2K§a:ªæKéPli6 ^“¤ñ%ñlwˆœŒÁöŽÿÃv·õS‡©í-ÜåÉ¿H¸Ð|å{ý\$dõ•ô,ðÞÙK°0O«§©S1SïË9×{ã>ýu1æ6 Š.3º|j b¤¢Ÿa÷àå@SJ7hY^úlÑà°î/ËÅoç"3VÄ4¦CÈÖÐd%T%Õ[U¬+:LÒ-H¬B×Û$æÅ1< hT¶%ŠôfÁõ!.V/’Ò,Ó¦9.úTïJÕJœÖáJÁrú›[¼ë§ëÙàø¤£¥0¢0U#0€óÍ?ƒ0ÓÇbÚæÊl¥±¶€Ë0UY¹ldêó®–ê¶Q\%;Ïíõ“0Uÿ0Uÿ0ÿ0U 00  `†He00&U!ÿ00 `†He0 `†He00  *†H†÷  ‚L”|„zTKñ&ô’{æ7_8ƒ¥˜ ŽÔ#¨ÈÇÒ¶fþ×ÓRÿq%]/jKýì:èE)æi&¾Ú{ʾ¡Õ™áÑH€)‘óä{¼$¢’ŠGaq2žV3g*¯û«ç*w§ÇiÒm—Ï@3.þ°fê=°`¶÷Füî¸ÁiD mº’4U@™šË|ÛL²ðÒó|ž¬âR?Óg¤»,3›æQvðÏAk{G& –x´+¶[Y°Î«ûm(?xïåÉ?§é𧋠•"7F5IÀak¬Æ@$k½‹ >R0ÔðŸƒû¶ï QŒ"ï/âIu܈@WñÕŸcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitPolicyMapping1P1subCACert.crt000066400000000000000000000017201453642760600316560ustar00rootroot000000000000000‚Ì0‚´ 0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UinhibitPolicyMapping1 P1 CA0 100101083000Z 301231083000Z0W1 0 UUS10U Test Certificates 20111'0%UinhibitPolicyMapping1 P1 subCA0‚"0  *†H†÷ ‚0‚ ‚í±÷øLÂÆ71g2Ò?ø.ÍP£ úËŒ=ibCÊ¥âw”™—"O•Ÿ¡®Û¹æP9 Cß 0Gutqg–àë¢ÉO•¸~ÕÑ!—¾8Mjèh`—6…SXÞ3ó£uÕSô>b,¶~Ò´g4•h|÷:«ùÚÇ.^na€QÒ®Ýýª‚WJågԾǻv|Yß㺫·¯bP°^ò%ÖÍ@'ìbp_Ïkžsð!q„™ÿ6³»ªƒR{R™ëíé`Bøl»°RkqqœŸO™ +Ã?ˆz/ô¯ù_o1žàG¥9®Eehw’q,_ÙÅuÎõH¿©>{{€±šU-ñ£¥0¢0U#0€—ÌB^×øD‹³—Q’Ýl;!Ø0UóÍ?ƒ0ÓÇbÚæÊl¥±¶€Ë0Uÿ0U 00  `†He00Uÿ0ÿ0&U!ÿ00 `†He0 `†He00  *†H†÷  ‚YŒ´ÉA;‘G•ªÝ4—\矲ä³ý§3þƼ—vª£´c(é£ÙÌ ·Ð{€Ñ%=’º‹}ŸëSïÑÉ'CýÒ ´p’)]Û‡§™ÂˆÊVh—je6ªXö¡$‰€ Ø;lÒÿ·Žžå¡‹õÁC0a¤KêÈÍÿ”&¡ÎHÏò‹”Xå6Ä+À\\Ç[µ+±XüȈÎW\mPô‹ŠÒ¿›qÉŸÒñáØ© ´ïµt*m]ô@µ¯m\3Ã8µ3̼ªMUð ØzþfR'¼ \zyYn=ªgZ™ˆ(‰±Ì‹ ¥e*]ŠxUúDEš't¯ùNÊ'Wš«certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitPolicyMapping1P1subsubCACert.crt000066400000000000000000000017261453642760600323760ustar00rootroot000000000000000‚Ò0‚º 0  *†H†÷  0W1 0 UUS10U Test Certificates 20111'0%UinhibitPolicyMapping1 P1 subCA0 100101083000Z 301231083000Z0Z1 0 UUS10U Test Certificates 20111*0(U!inhibitPolicyMapping1 P1 subsubCA0‚"0  *†H†÷ ‚0‚ ‚’kCœômõ>¡ïäh“Ò{ˆEÞt8H%ù!§Àèu qƒ&T„˜l‡š,,9¹…%çq‡TÐ3`EùTƒ¤XÈ»Œ`ÒdW›æ(š0dg† Ú`Û;ÚÛ\cÓZšÑ>çÞOàá[Ír—‘¿b•±oÏlÕ(Ÿµi1 (—}ŒRNÃsäÔÊU¯¥…ú üš®›u•N©¤è`àRµÿDò6l°u¤³5X—ž)ǸÕõ€c”*+ÀâäÏÓædõ)•Ça“ͺ\òŒÄkÂã~˜åšÆ²é±&Ë¿îF†T÷ nL1õ¾ÖäëyÇg=º¹ýZ{£¥0¢0U#0€óÍ?ƒ0ÓÇbÚæÊl¥±¶€Ë0U>Et¢‹ÒñVŒFfxp$Æ"Áž0Uÿ0Uÿ0ÿ0U 00  `†He00&U!ÿ00 `†He0 `†He00  *†H†÷  ‚uø¯¸LM×!Xz‰Øwª‹WÝ8ƒl$‚:",ÿ­ HK¾Elš¼œÜT†mUh”dÍãÆìè,Ö1µÅ{÷G¬<Ý»K“¦zã°¨×РӲ88ýµ{ž‰›Æ[ÿvÛ¨Õ‘߀>40•ø˜Su×B”Ɖ,t'£þßÑkD÷Ó%ÇT ‡ÒRŒnL5ráLãû®ŸÄÈ€i¢â˜@éðe =¦Zðkþcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitPolicyMapping5CACert.crt000066400000000000000000000016471453642760600307570ustar00rootroot000000000000000‚£0‚‹ 90  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0Q1 0 UUS10U Test Certificates 20111!0UinhibitPolicyMapping5 CA0‚"0  *†H†÷ ‚0‚ ‚Ög$1Ï`iƒ–ãm}–wȃ9ÌÞHêv)¢ÅòQÔ,^p6 Ü…2ùŒlšÃà]Ôµë9܈¹Ÿ“èi¦—G{‘¦ Ÿù?6 2ö5Å¥RÏÀ÷žüæÚšé»UåØŠMH¶ê ^F% Q. nð“ug/ð(ï=FàC^‘áÞ×ÒGæË Ý7à›)Ÿ”k¡y°e´`Å>”_ªm÷­ ØⲋU?î:úìåbmö»ãªø‹˜ÞæIU¿>áŠ{2»‹òe)ˆíiô_(í­4dm yÓëÏS/ˆõ€Î€\°³ß•‚Ñà”ž½Å¡e5±¡øG£‘0Ž0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UÛ€¹b,ÅÃýóCâfQ%»ÛôÍ0Uÿ0U 00  `†He00Uÿ0ÿ0U$ÿ0€0  *†H†÷  ‚ .×91G» ¾wµŒccîø¢•db©ú´½1ÅÅ+-E¶‚j%6ÞVÙTcj•»Öçź9Oª^Ûüû•9¯2c,É%²²g,§µ¬WeêÛvF’/à3ö˜ ’1ý©¬'â›Å;^@Õ(}·ÒÕ6Ã˾5³ÝL~c+@ ˜þ׊òÞÃÕ0D R‹Èœ°ô"ÙU²BÍ j¢'þÀuœ,þÆGruùŽÄÈ\¦I«Ð«Å‡õ ËŸÓ"§¬œ`UìjÙ®z\0âB|O±[—b¿.¸Ñ˜þ^\'±mŸ°:kã^¾C +A›-certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/inhibitPolicyMapping5subCACert.crt000066400000000000000000000016631453642760600314670ustar00rootroot000000000000000‚¯0‚— 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UinhibitPolicyMapping5 CA0 100101083000Z 301231083000Z0T1 0 UUS10U Test Certificates 20111$0"UinhibitPolicyMapping5 subCA0‚"0  *†H†÷ ‚0‚ ‚µ¡_Nû§0€L¥!.-uÑ#Vñ‘nÑ'ødÅ¥%š- ŠÕ Q)¶!(º ~5IfÒ.ë~8@„´¦Sa]‘Õfâ(~;C²xÉisƒÙ­Ù€û²hâIH5¨šÒ>G# 3 8^»Xœ¿·ãû‹^F¸€,Òl´ œ{ËÑ­c@ДÉýcXèn™‘ÏßG‘n —±£¥0¢0U#0€5§ÔáKtNU¨q´B2þɸ0U®cË×âÃqãôÎnü5ô›ÒM>Ü0Uÿ0U 00  `†He00Uÿ0ÿ0&U!ÿ00 `†He0 `†He00  *†H†÷  ‚‡…—Ö;-ªîBþ º@ÛÃÆw ÓuæL1g8 ~(üëm”G†*î¿vÿœÐk€´}ôÊQnø⚈õZ$áY7N#¾ûô«£wO+ðä¸.fŽÊµë7ž6ú꘬àåC@<^ÆDù/ÓĤ9ª¤M7‘±Ëϳ;ÕϬ\·|p¾Øáóx¸J_âЇ¢ Šu 䯾Ýu Mé¤P—.€øÁ-/Óc[‰üŽ‘Ç$‡¥¸ö㯲&þ¤üë–ZÀ–ƒ¹HðsÕV{Ç“Zeqrïï±'‡üa½­4^í3ý»<Ã’Æ]À¸×XÊæ »ÐW.n6fcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/keyUsageCriticalcRLSignFalseCACert.crt000066400000000000000000000016331453642760600321700ustar00rootroot000000000000000‚—0‚  0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0[1 0 UUS10U Test Certificates 20111+0)U"keyUsage Critical cRLSign False CA0‚"0  *†H†÷ ‚0‚ ‚Õ\ZIfºßtažˆ'hE¹øþ@Ù•°ÑÉçîvvÉ »9PIq|‘B²ú ût '<`¾'©¹ù³¥_Šû"´ &Ö/îdšp?jÑ\²Ëp ÎÐIY’ÓëÞàhWñ$ûÞ×SäÎ~x$㻉c ªöÂC6¬¿‚ ´™T­‘€±-µ`€G¾0nkb¶‡¬ß~O” ý\#‰Œ‹uw€Ê¾s?ˆœV½Ò8¬» æl±j÷ìÕRlWG Ú€@šˆ¹`V–CÑkƒÔ˜tž'Üíä,ïȳ ÈÅôHÑìÐ?eø÷³žÉ!'È_ä?€ˆœqóë£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UÂÊiõ´¯-ôœòUË*0³ÒZI0U 00  `†He00Uÿ0ÿ0Uÿ0  *†H†÷  ‚9ŸD[F N×Õ䱿3.™£1Žëµ±½# \$NßB¹ÂaÝ<÷¼Bq¯"ñ§9zZßX¢µP!x5ºÊ(h¸ôw_ÌZeçTß굑––Ú{¹Oe~ïÛÕ3Ç-Ø~Š(C:²Q®ý•„Ü®¬Žµ!¼ 9Gçsý|ä÷H…c2Ȉƒä»“å:0ÍÒo-| 1.Ö©R•ü6]ºÒE ÓêYCVô«= ÞÍ÷‡ÕMÒœ·ë¿)8å¿¡g+÷†›Eć„ò’ÏÇ$3¾@&zšÝ²8A÷ V…H÷$ê*c  ª„úq µ¥Œl5¥p¾ŸioFâ2 )N)Kd+u¡Buä­ç G¤À¹  Q³|áB§ÓȘ˜xßdSÿ<ò㱆Ñ43Úî bšu0Ùr÷Z¯Qk Å7Pç{›6Có$o÷@ i)yŒEþS¼3#m8Ìv!°3J^[Û!ihÅÉ•ºÕŸ<…^ á–ÉÛfŠ–á!£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U4U gü±ÜÂr ðcéÔ›ðcù0U 00  `†He00Uÿ0ÿ0Uÿ0  *†H†÷  ‚^w†hn\†goʘ9OZ“›Õ@àsÉx}< àÎržŸzª_m‹mú\Ýuùïrw®Nõ7 ¶¹Úғλ¿z.È”=×âxî|oF®óé²i»¾ 'Žyknƒÿ¾ñâeƒàt’7õä¦0.bj$”‘Çr5Ñú# Ýdå|\£­“û0´ã†£ýgQ|ÈÜzl“Ûœ')„Öî}nå7ýÁíºbÏ j2$¼9dÿ驤 î ĶF„Ú6OÏ&¢÷µ§ Y€á¯¡“õãøÀ"ºªeàÜPm3·„á#,¹KêMZMG>\Ó‘¢Ú¦å@ÀÂüý/äcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/keyUsageNotCriticalCACert.crt000066400000000000000000000016161453642760600304550ustar00rootroot000000000000000‚Š0‚r 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0Q1 0 UUS10U Test Certificates 20111!0UkeyUsage Not Critical CA0‚"0  *†H†÷ ‚0‚ ‚¯Ú‘²ƒIO£É Ši\ˆ9,õx_ü “U÷ÁêÞ ëï|£ÎA¢™okùŠ¡u3fÁ ¦ˆu'Ü#-ü•ÅûDý±cÝ ¡ÃÚ^"¾Ö{ÝK} #¬]Ncª=W(ÆC(úZ)1wqI‹²ƸҫŒ'-´ìEüe憜üÃÁ-B£ôáE¹Ôò”ƒŽ…ÅÌ 'Bgó¥—çé,ö„ õŽn7ž^±åMÕ»a gëüÀêY%ÿ$Œ;ʉܾÚ'ØɲðüÁ =¼ºÝ>´s’ìŽ)P Â㻪yÊ=èã4—ýľáã÷Ñ£y0w0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UÁJÙ´+Åp~ÎŒ;bXå»—+s0U 00  `†He00Uÿ0ÿ0 U0  *†H†÷  ‚›a[º=¶T¤>'+·ÄáͽÊçøD× œ÷—µ(3æòôŽÐý´»5(÷€\À¡Ž…ýDrŸ¼¯Ö;;÷iÈŒô”Zä’–àÐ4.P.†Àùˆ ¥ØàÚôI-0ÞO2q%7»O ýÚÛâ‡q€>w¾w¿n?…Håp‚#ÚêâóÒyå2_Mˆº]ÎÂçlˆµ±¦©º00Õ…áUÝà0Î1ó¡ÖÑÎÁ¼Ÿ˜›ºåíѤ…t{ %K Š7‹ŒQ¯~zW¯5(ÏÄ3™EŸA³ksœt-”Pßtç;iÿµn T$OÚ•÷%T–D¥ˆ„ƒàûŸÿ:žøwz ácertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/keyUsageNotCriticalcRLSignFalseCACert.crt000066400000000000000000000016341453642760600326520ustar00rootroot000000000000000‚˜0‚€ !0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0_1 0 UUS10U Test Certificates 20111/0-U&keyUsage Not Critical cRLSign False CA0‚"0  *†H†÷ ‚0‚ ‚á¨ä¬eŽKDÛîXg–¥\¢ÅÉöO%]wUôÍoíÐ觹/m|w 5Úæ?ßY¶×ñTÚ-?G—~³t#a]óCŽ˜ýØÞ¬Ïwñk0·°fwêÕÝóZûO7¥4¬‘£1lÊÎöbb,Àv[ó{€–ÕM)“Z ˆqö€Ë nuOLc)ÕRs¬’õ›%¶âÙ*£5nÝþÛ¢ âåL¾!Ü¢*ù2LyÚs‚‚9ÞU—¦¶º{¥M–›a¤x·õ„Xv^E÷Ž† ¬Ë˱âe)þ½A4.Y<Ê£fï>D%úÔzqÁAƒ¼*Ôk9v4:l7c&°ë-£y0w0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Uù~R yfDeyÝæCñØ0U 00  `†He00Uÿ0ÿ0 U0  *†H†÷  ‚W6¾Ñ Ò{4~§{ÑÁ79ZÁ·oÚG{Cö Gœ9%ô,¬†uü ~w¾`vy¡EÈç€g›cuÑÕa…$!Y Õ˜s•´rès– F\ŸÜNì¢Öˆ»>nÉÞÀ6]ÿaQÁÞqz¶tÊd’Þg7]ÌiÛõ8V½ÖñV˜î*M§÷Ëú‡YÇßó(°ž/_‚Ê^[჋ÌCéMz©q˜,žúËX$I‹8!±Ôú§üÂS³6pwëD¶¨™\ζš¶7¢ª_ãPæú!eüâÖ›îq§yÌ\_V†M¢Ì>%­©‘38ÓüG·~ט+µiµM‹k¤{·<èXcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt000066400000000000000000000016401453642760600335750ustar00rootroot000000000000000‚œ0‚„ 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0c1 0 UUS10U Test Certificates 20111301U*keyUsage Not Critical keyCertSign False CA0‚"0  *†H†÷ ‚0‚ ‚»–Û”]—VµÖ@'ÉXl dÚIðcžùû‘æ@®N“>’,÷Ö ãª¨ ÿT’÷¹ò-§¢7u Ôí+&“?4ï-¹úÝrI\b1JxªÚü8¶²æ¯!½ç•þGÖḢ£*¡q 8Óá¢úC]ºÿp“5ž¶D†sD­r|¨:\oÉ86æ¡ÐÛWø5Îú˜þù¡â&/樰ÜñQGÞë]Ç«sxèvîÄ¥1€lÚtpiìŽô®¿×DÔ(B$fŠ%Ûy¨ ŠŽ3¹dµ‚xè ræA—©t·fIÑz“xÚÀð-›¦˜ÆÅ wL¡Å©ä: /¤h»­Q£y0w0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U²%Ò(0ÐUhnLµÂHóÊ›ò@E0U 00  `†He00Uÿ0ÿ0 U0  *†H†÷  ‚,XpÈ&V¢aäÀ…@gÉ>Ü ‡ñµBü— ÿÄ­Õö?Эê’Þå‹-z_”ùo¼Ð9I–É,7ÄÝSŽb¶*À‘'›/{ôyÛ¼Èù;èÜ €XL·Z=§ßµ!ÇíPE°ñ”/°@op¨Šuü5Â$£©ÇŒì^¼ÿ8PdK†««ûŸãÛûˆ>"ˆÕkñPï1PΫüÒå7j¨-¾JZ«;GÞ¡®q{Ú™hBƒÑiÃ=aÊ œ^™|¾J’.sQ6…§~ê+ú§ëWÇÖò«;Ø»Î!0P.Ôv l!‚[.‡certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/nameConstraintsDN1CACert.crt000066400000000000000000000017611453642760600302200ustar00rootroot000000000000000‚í0‚Õ >0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0O1 0 UUS10U Test Certificates 201110UnameConstraints DN1 CA0‚"0  *†H†÷ ‚0‚ ‚È¡K…µÑáð§{&2µòN[¢0”ë«Gü,Lx­ê–úã6xÄ!íéEl÷¸¬ ÛŒŠ,)­ülrò ÿ¶.†„bŒwÚÇòz©ÞbêÓž,gTÿ~Æd”oçåù –òÒ+¸xé,‡!¶õ¦÷Rí8šv9¬™ ’GWH}U†‘bøpìMß ¯2¨Ñ³g¤È"PkF$e@æ„îu!éZÆ,š%EH°¥~54øÒn‚â4¸ „ÿ—ð%Á_tÄÚçÈ„:¹IÉ×®yàòÃ7Äî{ØûÔéÁù½R‹Ì#“Ê°:VqpL²œòÂØ(Wæ(Ñ ¶Ÿ£Ý0Ú0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UAxBFÍN¨‚çá9ß÷©À üï†0Uÿ0U 00  `†He00Uÿ0ÿ0^UÿT0R P0N¤L0J1 0 UUS10U Test Certificates 201110U permittedSubtree10  *†H†÷  ‚iL+½í®Û¨Ènq~ÊÜ Â„ýCñ?Â'9g‚ÿ"€pvé•÷¹lËçfI"‚‹%¤ûvp®/}Jßæå ˆ0¦n!Ö¾ó’6Z+áºÉ%l™–Ú¸ -›„³ Òø‚dm/‚Õ“›Ûèï ªæ·~s?Ñd-rc 6ÍÍXß…M~’‹¹gðîQ•’Aûê8áy"FÛçÑ2dñIîiùvpÄ 1T¥ãÎÒ¦ŽŽ]J‹öó<ö@b+ìÚ¾KFwMYØíÖ y‹j’#)ž°ðÙ ni&Ö Yé.–UfÁ$3·Ãœzx„¿ ç’òŸ_H{ùÒ@W¨Ûcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/nameConstraintsDN1SelfIssuedCACert.crt000066400000000000000000000016311453642760600322030ustar00rootroot000000000000000‚•0‚} 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN1 CA0 100101083000Z 301231083000Z0O1 0 UUS10U Test Certificates 201110UnameConstraints DN1 CA0‚"0  *†H†÷ ‚0‚ ‚Ê"€6-vñr$9òL©áú1tw³Ðz4ŽP¢ËÆ•ìGNçº#à@"÷¸át2Âøx&¦vÄI„nVS¥î5ôZ#¶ëu¥.iÔÈó¼¶xŸ#D‘L'ó¾S‘ xL!µÐü<ï %åvÅå\zÜD²@.$”Þr/™\Ÿ#©Ÿýù¢$?ÌâȘ *'7ؤøÄ7ñ Ïäj%É»áVYà}橯åª7ä":•ljHFÒúü«fž>RžO2¸µQäX"·ÑrPÿsÆ{ÁjÊDg ^œåƨKϬ=Ä= Ýš|Á}P™}|‹àýÆs5£|0z0U#0€AxBFÍN¨‚çá9ß÷©À üï†0UEîÅÿãÄÇ08L[Ç]T™rÀ¸0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚´#w«tC j*Ù⬯%Ãváj—ëèÊŠÞø©²ìò¸@¹î¾³kòO ß >.ƒrÓ{…â¾'ÓDÛÓ®¸ÃÌBjrežL±üfkÍ…·8ÆîãÉsÁÀHgw‚=Ž+/«Œ9 Qô×2aUŸ.°ß’J?r,—"¢^Y#õý¢ÜٞȖAŠ?aÿˆhò:ب‘Xñ@—³ÎÚós£ ª\]PÊ“@UàØ`'Êà ªìµÐcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/nameConstraintsDN1subCA1Cert.crt000066400000000000000000000020671453642760600310130ustar00rootroot000000000000000‚30‚ 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN1 CA0 100101083000Z 301231083000Z0o1 0 UUS10U Test Certificates 201110U permittedSubtree11#0!UnameConstraints DN1 subCA10‚"0  *†H†÷ ‚0‚ ‚§“ Ü!APQ‰‡ÖG.f϶ږBýŠà›qúÓ{'÷…p§E\–[Uǹ6M”;©’,ÄFIŠEÛlá_ƒ>ßüâ–IkÜ>(‡.ž•óÖË|š¿e|^GÏ]íCË‹tÀ†TQî~–}à v¥õÂ`=@Ø9„±Œ*—½“z±“Ý€õGÎØŠ»ÛŽ82‰/úýªÕûx¿´Ä 0’QdùäzîîVîYDR†bàϧ®çøÿäœÏ_oÓBÒ Õ%n³`<°_ب0|t[éþ…©Pãb™Q­UÆÞ›MJ¶ÅlÉúÆHª£Të¼9F*é£ù0ö0U#0€AxBFÍN¨‚çá9ß÷©À üï†0Uá8C\ÎçKbÇÁ’öf‚ê0Uÿ0U 00  `†He00Uÿ0ÿ0zUÿp0n l0j¤h0f1 0 UUS10U Test Certificates 201110U permittedSubtree110U permittedSubtree20  *†H†÷  ‚f=íðzÇÒöY~ë»*ýCM!“z0œ KiþÀîóÀa8Ì _¢cÈ!R3ÖºÖ|ß“µþ™©q,ž©P—^÷?Å%v& Ê¢íÁÏüº‹Š­Ø\LXÎ̪8éŽL×¹{|…‡` óe=µöƒÉØ6ø/Îr²`?ÖojPeÓˆb+A kõ‡„zÆkÑõ*»•yì“O_ÞYÏÜ£Þ ÷Ý×v­whÉzÝÐ|Í~ÓíÑ'>mÙÝMŒ¨á"°˜ï$’zvò—Å£Ý0Ú0U#0€AxBFÍN¨‚çá9ß÷©À üï†0U¢/Xƒ[L•—·îö‡´—àà—0Uÿ0U 00  `†He00Uÿ0ÿ0^UÿT0R P0N¤L0J1 0 UUS10U Test Certificates 201110U permittedSubtree20  *†H†÷  ‚ÀLô–UbPó6EC€—ÿ§ qo-r–c&z¸yJÙü›¾NîT Bh/.u­¿-L¡S¿ˆÒbWU¤ÿR~MjŠB¸ˆ‡ã‚ëï?Ýh.Hû>ûQ+N¬ÕÆìcé»›ŸàÝ; Oå{¡poNñfí]“ìÙžYñq«6¹=éáà¨ÌŽ·ùĺù%˜i%·&¨ê(µ¢$h÷Ë–ùBxN—9ƒœR± Çuû[y|RZ0ôò•›QDöv¸Ïuf­·8L«vušþ{-‚|Þþ´¶>jV2G$Ör—ž'ïåÚ•ï¾s;Àu=úlMï±Ê¢Ë}certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/nameConstraintsDN1subCA3Cert.crt000066400000000000000000000017431453642760600310150ustar00rootroot000000000000000‚ß0‚Ç  0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN1 CA0 100101083000Z 301231083000Z0o1 0 UUS10U Test Certificates 201110U permittedSubtree11#0!UnameConstraints DN1 subCA30‚"0  *†H†÷ ‚0‚ ‚Ä-T¿æ-Uƒ¬…êÓIø¢OÕ ÝlUóÙõÈçqô?§x( : -lÀŽv×k Ýg®›“-gTÄ ˆÝ¸ý§´ÜÞP~Yùišõx†])©…½®Jq`4èêÂtÂDªZ7/;A7Ä9dI’1.D“y{ô*áð(/â© 5ʸȯ 9ª%ÀEaò¢ô,"‰˜Ý5ʬ,ÙÙUÍ}0+¿§‹³‚Ž5NImÒ':°ìñÛ p X¼JŠ:8Ç`´}ûS~GKºÿaJ»‘®jïç$nVq=¨ w7¦oÊ+)å|ö8ï‘“ª‡aC”¬—£¥0¢0U#0€AxBFÍN¨‚çá9ß÷©À üï†0U'IäÙEúl˜”lüí Ã$RmUD0Uÿ0U 00  `†He00Uÿ0ÿ0&Uÿ0 0testcertificates.gov0  *†H†÷  ‚‘þp™Á!™û{z|käIÿ&ùÜৈ›4œ÷/ð„tIeiϬ?⧫Ï™¥ä·¤=‰¬Èdk á†x˜£õÁ‚ Mö,¶M¦l’Œ=Ú¨ JœWuƒŽh¸ö=€%›fSªOÙqk6I¬çÚ]úŸ:Ÿº\Çð~YѳÜ-ûa:QZ›ú=þ/y0,¬ÄO!G§-àÅùNÒiÏ[ùŠžƒ‹Éùp¹bIxÅpKÇÒÞ¤át©‚;‰KÊ:¥ý™5I­C8¨nÏÒ£{@àâÓŸ@WÍ Š7]XáO2kV‹h¦ÖuˆÃfË]Ã"€a…àE1£‚20‚.0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U£WÙ[]³`ök‰Q+‚à s¨{0Uÿ0U 00  `†He00Uÿ0ÿ0±Uÿ¦0£  0N¤L0J1 0 UUS10U Test Certificates 201110U permittedSubtree10N¤L0J1 0 UUS10U Test Certificates 201110U permittedSubtree20  *†H†÷  ‚—.±:Òëu h¦ X(,êÍ"Û”~õ"%S… yêNãnò”›«”®Ñ¨óSg±È_6ÖcÀ¿= ÏÊ!û¦!Ægø™"õGG<]½/â7ŸÐO‘îIÆXå·»<%r"¾o1þÑ@R—ÑnöIï’+c¼ú,«¢.~ÿKÒ·TE:¹@§Ï_ ¼Y¹Ã”<ðj½)¹Î2bº¬›Á|3~õŸóî6æê êtU?V;4Ù2Ú.à‰‚«RCoäUuˆ€Ï:ÉÛë2ˆ‡©%5·oQ惒}´xGíô£¨ú4——Q]+»Ø¨|QÙ$î”?w¨8certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/nameConstraintsDN3CACert.crt000066400000000000000000000017601453642760600302210ustar00rootroot000000000000000‚ì0‚Ô @0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0O1 0 UUS10U Test Certificates 201110UnameConstraints DN3 CA0‚"0  *†H†÷ ‚0‚ ‚Æs² ó6"¬ÐVÊðí`Ý3X‹„Äĺ™NÒËà`P ýªËQüoñ†µêTg,íª‰×ˆÖ5I5¸;¦ÌÝþ‹6ˆïI‹« ­ÍÅíO†üÝ&ÎéàÖÈ1<Äó6 ¡U“—Bå*à;4wý[h$O†Â¦¸1à3+Aä‰By?DiÀ(ÿõòHöŒ‚nÆ¢|­½ZÍ´¼—«ºmݨü¢³%ï¯fA/rôòh$B`F5))€úDh!ðØYúrÅëL¸hО@øxrPF¸ˆ,£TԒѹ®q€§GÛEÙ"¯FŒ½©4¤éô>ºØ ï¼Y&sÔgâL¨è¢0v¨…Ó(xñ¹GÜdÞt²4ÏåaRøìsüX,Åáýä5ä/ Š ÔQ…•ÂÒŽí¾˜^Oä¥l/à]©ÆË㸫¢,5°“Üq6Ÿ8€úÕyÕN÷r4‰Žð*Åoòª\ýí¶certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/nameConstraintsDN3subCA2Cert.crt000066400000000000000000000017431453642760600310160ustar00rootroot000000000000000‚ß0‚Ç 0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN3 CA0 100101083000Z 301231083000Z0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints DN3 subCA20‚"0  *†H†÷ ‚0‚ ‚Äédßý•û¹ªt±¡ÏÒ ë¼ßÒv¢éHMnÒäjóÞ8>YÍViÓæK Ô·3È,†ê1  ³™¼”Rà~ÓÓóŠ9Zt1\âêZ¥ FË÷Žù g$9çú‚AûâìP(;L‹³ÐôfxÐÓhÑ1O°×ÊÆš~ý×jß?vð•Ê¥ '[R° 'ǤJ¥q×¥*¶ÎâÖ…ƒ:=…Ú§-ÛƦh¾áå¦iãÁ0¾0U#0€Ü[¾Ç7Y¤Š@t| E.C‰¦Û­Òù• ®€ ñVÞ(Ðt!Á3Ž.ðÒÌ€hš^eüŠs85\*ì$ûsØ 8ù÷ ¯tµQÕ«¦HnAàZ(ôõlïÛ$ñ¥w޵Ι*ãîwfÅh/–V…ÒE¦Ÿ^+h»‡¢1 –¸j[“$™£Ã¦`Ugéÿ:9›ÆCv+ô@);~^2ëcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/nameConstraintsDNS1CACert.crt000066400000000000000000000016721453642760600303440ustar00rootroot000000000000000‚¶0‚ž F0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0P1 0 UUS10U Test Certificates 20111 0UnameConstraints DNS1 CA0‚"0  *†H†÷ ‚0‚ ‚Ç&H:ÜÀgÙþèZzP §R–X«+Â)+Ó·Eµ[ ¢u°ÉÌÐr¥ý•òþÿ i)A¸êeÚÀNj&žèâ/€V™tÕ]W$òòIåN©:*…¼â~Œ¾D*±w°¸@Á§-…Æ…ÏrH+É›+ú8NÇóÎÿ`4ôØ)t/‰è7÷L.·(Š>1ÇU¢}+0 ‡nàyw„øJ~Š¢&àŠµä7‡Š« px¢øzZ\PVB+E™bÃ¥°òn¶J/A)~G0iü³Ó#Âô >N–B½+:×vâI”𸖱yƒƒúýCÇü©„:m J©n@J@@WQ£¥0¢0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U±ªðãÏÌÒ§‰¦ƒÝÿnÚãI0Uÿ0U 00  `†He00Uÿ0ÿ0&Uÿ0 0‚testcertificates.gov0  *†H†÷  ‚6s’¾Ì»9sä |y‡Õ5ÖŠ€Æž¿±û¯Èú›$¨hÇîPßÜqßñ9ác+[P ®ÖM¡"ižà9š¶á@2×,mמ²|G—³ Ø¿žïÚ? FÔ?:Wæ­Sȧ3nÒŒ)[À!'{¬ôýõ{¦Qp½äÂì±þrŽ Zº•Dù‚p̺­0«EìCŸ§ÜÐ+èÒ}5®j´Ëh*~þUçc#u£ÿ³uO— |ôçG (I”R™”ÕU`ϼe&¥0¹k«ýR´ÏÓE—ÚÉßy‹ÿR—ý7ôŽ1øÖj- K e59Bƒ&µ\A…‡tÖtÕý²žµcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/nameConstraintsDNS2CACert.crt000066400000000000000000000016751453642760600303500ustar00rootroot000000000000000‚¹0‚¡ G0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0P1 0 UUS10U Test Certificates 20111 0UnameConstraints DNS2 CA0‚"0  *†H†÷ ‚0‚ ‚½ø¼5}N?HÝÙ½ÛJ‚22,UèO¿‘ÔkUDléE¶—‚bN^h_ö4w—¸n+wDsG“²Üi~V’½X”N§,DÂiÊìg ÔÉE¾“½>§ßÜ+Ý }0áÒ9-b…ö=öf;PƒrXÚÎEÿø¯q®Âçû•Wï|(¶,Ö(9Û“+K8Ö ÖLr»%N†ojgÇƔ䕌J«‘a§(š}Ã`‰×61Ï\Â>ÃûÁAc½E1»¡§²…¥?‘ˆLÀ1¡G{\8›-þÊQ ü%i.ÈB4ÑSe¿@ç©~Ótbxœñ5ÝΘ… w ,ÖuhãU£¨0¥0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UFHœB Ž]SpØàÁÉ5 0Uÿ0U 00  `†He00Uÿ0ÿ0)Uÿ0¡0‚invalidcertificates.gov0  *†H†÷  ‚†Ž=·ëmjKŒÎb¬`G±Í0EÙ­8¸xZvNVš$á+c8f§ç“I‡gñ”ì{#¦Yà#n¹bça‚½ÇÜ&â\’J‹#YC$ßRÕšhÿ@¾Ÿi±¾ õg*| L2_£ÜÍÅÃkËt‘¼.îmyÚ,Ð'°ÇI ¶©Ëª|múhc¥¢ì_çàÉÒüJŒ€ÒÔ¸Ï"Õ1$”DÖÚº2T;{}“Ï“åÍ>æ{ëÇ–ìØcŽÿ¾èˆµê»AI}{ H䎬Vtü8ø:æ1øÌí:Sÿ§V䥊UÈxw³,ž)È0iäMˆŸ47åÐW ÓlÅÁ¾Ç8Øùe|ÈŸ290"RázWé¶=ã%²Zh%IÇg›}ßLïw¯½Ìr™%Mñúxí¢•¬è‘$}|ÐTç¹—솊å_õ¥ÒïêÒÑG„z­ð è¨hC}+™zýM_ÿñÀ ¶É°™ç:8½¨2BÆ‚ëeZ>þa–œ¼?ÃÝô ‡SS€½ÑÔÑIY›õÝ7ge„2Ülzÿ6Nåú^ÜØRÖÓ6¯2††3çicertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/nameConstraintsRFC822CA2Cert.crt000066400000000000000000000016751453642760600305720ustar00rootroot000000000000000‚¹0‚¡ D0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints RFC822 CA20‚"0  *†H†÷ ‚0‚ ‚åfÜSáMçýâ\ÖN9P¨ìÙÉ`d2èÈš(å< o\”.9~àÕàšq^K±ÒTÊß(³½´ä”}…‰Ú8Lñ†^Øæ^A¬©'Õ˜€a_g©Yª¦ù ¯ªwwÌÓÛ9wu6I5Åxîæu6ë(¨Ì—(JQAE··åzvÄð‘sT"æDõí©ŽI¥—¦˜ùUg¹¶?=:säé/Ç,¥5Æ"ºÜ¥”|Ý2G˜î­Œ^;¿áƒÍE„èN™ë×½TÖdÏíõòqEE° n<‘ؘkÁ7:å1ЪÖw2g¢hNÔcª¤Ëmn…£¹²IÙj4Å=8þ3† y£¥0¢0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UQ€ÍúIrH<íN ÎÎ@ep 0Uÿ0U 00  `†He00Uÿ0ÿ0&Uÿ0 0testcertificates.gov0  *†H†÷  ‚$ôcùè .5tÎnɪ±Íð)+ãÕ%g×±ÝkX*ÞÒ×QÃj§H;ÿØ5tqñuñSØ^P#“G²KTî@1T·Ù'›·«`ût7“r¿¶,Pâ>År°³•Kºˆið +´¾Z&Ôªò dO‡%œ%‰÷‘#Ư‚u0 bf÷k¢ù,¨<ðT"IÓ' º»çâßÊÛ»½m?Iˆ5©ã6þ"’Ë;õ³=í¦*¨MÏì3ÇE——M’‹ £ ( ™Ú%­³'7hÔçÙ—ƒ¤AR†7w˦ûÌDïW t8ÍÁÒk°ü…ºâ§2~xNÛY_/åîDÕÓw2Tß\×ëçcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/nameConstraintsRFC822CA3Cert.crt000066400000000000000000000016751453642760600305730ustar00rootroot000000000000000‚¹0‚¡ E0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints RFC822 CA30‚"0  *†H†÷ ‚0‚ ‚¬t¾þ| àÃÞáçíxEŠ¦­n/xƒnµr[üd j ”ÜõTIL¡Pª`o¾…чm{µàÿçÓƈÅuȬH€Þ”Á8üsA…Îçͨ0ÔƒÍÜÐã r\cW‘ƒæʧ Ñ9|VžE HŸ¾C®)æ~ãuN7m)?¿¬‡½  ?$ëu3úUG¹\€å÷‹§£DŸÚhÞ£ÒZ¸™òæÜÕX2«vË4ŒËe0žÈ=x?büu8#h0öØ)Ž"Ü¸:ëvä›X"ªÞ¨ÉôdnH704K¥FqUQo|texjê1MAS…PDV§ñ>Ç£¥0¢0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Ušº9MÚ!u¯êAÃNâÉ•’[é#ŒEQ“ŽÄ)\$V¿¶¨œt³EêÐ>­ãøéØÏ~å[×6\0MŠ•c_Œ7X¸,¤Çú)¡˜] Þ~ü23n‘[øùÓqïPsæ_£H죧 H0ÆÖŠmÁ¿.È€)Ú) œkÈ‚E•W>ûjç½Qm5˜›¦ÕÕ¾îû™Ö;K|  TE5=ìˆÊeúÖ'µÿ2$!{¤Qñ_4ê_î§þäÿi¼öò—certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/nameConstraintsURI1CACert.crt000066400000000000000000000016731453642760600303600ustar00rootroot000000000000000‚·0‚Ÿ H0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0P1 0 UUS10U Test Certificates 20111 0UnameConstraints URI1 CA0‚"0  *†H†÷ ‚0‚ ‚§ç,Ý«:9¹ÛHI—°?×,b^ªUÁ §ŒB Á0tjɸÛ‘”Cê:EûÓÐøÐÞ‚ª99¾ï~í Ž²t¥Õ2¨yŠêî“UÄmûèžQ)£Æé’ª Wˆ»›j|³úø¡!Ù"” gÏã•‚x¬Õ^©6œ|ùY–ZwÏðû¿n¶’mˆ‰Š3íUH±"è‰x0DÖîê£ï@Ê$ž,þ~‹Œ€‚¿‰4… ¾¿i={JLf«–O_2»jجœâ²±i·Ð€˜ „PM_Yc âÓåMp$“ ùSŒÇù{ÀQA3 Ø1ÏvkHcc8³£¦0£0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Uú(­AÞ*hÈ#?&Þ0Uÿ0U 00  `†He00Uÿ0ÿ0'Uÿ0 0†.testcertificates.gov0  *†H†÷  ‚[麴yÏÖ%L]£÷lÝV O,eNª¥o¼A#¡€V€tù3è8Y‰óy(â>úêÔ׫aM8¿…¾Ú jû³ Ú®+NuDÚÁK‡„_Íúz—Ÿ‘’ʵ … ;Ū–.TPkøÌ¡»„¢9oZ«h¤~ˆýk(÷uz’ â|*Bë=[&µ|se|§.ÓXNÿo¬.eTxh«E2Ÿ Ý£Å5+~XVÙ®W Ó&Äåùžá9z©QKå)sncùÌ¡¸®äÆê{æh¼²{C¡©£zÛ#ÍÕØ›]’ßæ}öˆòpäì½în¶«R»­™¡àH…fcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/nameConstraintsURI2CACert.crt000066400000000000000000000016751453642760600303630ustar00rootroot000000000000000‚¹0‚¡ I0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0P1 0 UUS10U Test Certificates 20111 0UnameConstraints URI2 CA0‚"0  *†H†÷ ‚0‚ ‚¾_€'¬ÕcúhѶþý* øeêÒÄ-¡ü„X…ï8ÌC˜„-³f ±Ö›êhufˆ4[Æêå÷;t`@ýÑXóÉN0M(-ø Ft^Ë›/Žøœ äA¢!êÃ~׶øêlP5æÂôšæ“úöD¼ò){Zæ\l–`pvt~ìáÍ(C„Y¤¦bµ¬òz»˜–¯K -3%”… ˆÙéiødifŸs3¤ \@_:ƒh„ÿ&ÏÍiÐ].Uñ7"ä3·$?¹xL3ŽeÞ¤ÿ¹1 +fiP¶<'"qÁ)•éòHRê×oCýVÃT˜éäð#×J,¾Ž/£¨0¥0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UMë‰qßð²úv:X±º`ÝŒÓÃ0Uÿ0U 00  `†He00Uÿ0ÿ0)Uÿ0¡0†invalidcertificates.gov0  *†H†÷  ‚f­e¾JóLôøŠøjÁR‚ËŸŽ8øÓÅ; ¸­ˆ9$ûái¾£Ž’3¬s(¯ÖŸ»jÌá•Ãbkæ´Üëõp¼õùŸÞuW.J4Ɉ± ì…€âpÛ7áïPoné}S§gbfÑ…"ð.certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/onlyContainsAttributeCertsCACert.crt000066400000000000000000000016261453642760600321120ustar00rootroot000000000000000‚’0‚z O0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0V1 0 UUS10U Test Certificates 20111&0$UonlyContainsAttributeCerts CA0‚"0  *†H†÷ ‚0‚ ‚ØN‘Øâ{È(Ý÷M©dƒ{OˆEƒw$ÔÓZRßÜ[ úÍû?URû Ù"œÌ@ߊ~ÄÐQB¯+ß#¼tQP[ƒÌÜ}óE.}öl»÷Îq=Ê!³ú*'²e”3íseoP¿Cfiç‡Ây|€l,¸ß¤îvD:ϘPéo©‹íÝÅ}R)M<`38vD×}ˆhˆõ>S(ƒÄh&±¥¿ÍgQ‡!9Ð¥Fà£WƼý¤«vzÄŸ1_HÙÞÚ׉Øì>èö¶=ïågÑÔC2pq£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UMþö-¼µPMß™zm3pN0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚¼ÇŽ¹‘BÚt…ܦ ’ÎX®E7b”5<‡Â¼î¤ ë(a)Ýý‹ÈC›=?º×ÅîÕ,!àµmT5´šÝîÕ ))9g&þJWãnÃŒW0cgDoÏßêˆgEwŸf b*jÜ?¼ Àº} &A­òt¼Ø{½\_îî×[ÛÎòøòàô;VHÄô{½Ãƒ¶w_&€/+(·;–ƒB¬N‰4ÔEÉ«¼˜n:°¼ÕÌÁ.Á¥žª"x†—úµLȱEùQ`Úo¼ ½“=“-Q… Ÿœ R»G¾¢r ¢‡â¹ÿ¹ЦmŽ åmì_Ë·7?Œcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/onlyContainsCACertsCACert.crt000066400000000000000000000016171453642760600304320ustar00rootroot000000000000000‚‹0‚s N0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0O1 0 UUS10U Test Certificates 201110UonlyContainsCACerts CA0‚"0  *†H†÷ ‚0‚ ‚Ȭ—ÿ!’2! ½¸?ÆŠJû`eãe¶‹‘Íòs“}BòÄ™Q¹DT‰ïLmêNÐzâzÞPæõ]´dg•´YõÐCíKäãYŠa¥›º!T ¬ æ"?l€ø-/¢ ê‘Œ¸&óœaÃÛ§ƒ³—XecWË·ugßEŸŒJHÅÕÛ€L?ç–»€;Ó©™à¬ uý‰«r÷j£áÀä(²P`d9uD€ÔÜ$C3׿o33cÉ›ÿ¦%ŒÀ‰ÐÆ<øˆ\"’˜e`K©™«ƒòhÅ=Îk+`í#éÿ”=ÔJ[·²«ZNÖù‡Mœd;2øM¶éŒø<àD)±¾œÙcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/onlyContainsUserCertsCACert.crt000066400000000000000000000016211453642760600310600ustar00rootroot000000000000000‚0‚u M0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0Q1 0 UUS10U Test Certificates 20111!0UonlyContainsUserCerts CA0‚"0  *†H†÷ ‚0‚ ‚©M½0BµœîN[UÞæÞd'ÆãGß•éÆŠâ@é}ny,+–c)Óäa;t2Í;+ ©÷ð<’¬rÁOXÇlØEߖƥ﫡ò(ÚùlÂúáW(IßýTÏg4ÙÓ*æ½cùè^ÛöC€`p{à¯Q}fYãQÝK­®Kx¦y £MÞÕíàN¡6 C¦Ý@3 'ôü»ÚõFz´5Ž&ÊÎXR" zi,Ç Äó7Œæ˜ŒÝ©¶%î,;ÞšÝ+/¹ 0€­· Îp§{ Îßäñ… K¯ÿJÀàÞœñz—HßêGEš´Hâ,'ÛK ݲ€A³JBº‚å£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U¼©ÜÍþ–ˆ}µžO™Þ$Ò0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚òAʳ—¢¸höAš‹h{Sîõ꟥Ý8prãÿ˜ ú‚$÷4LŒ–tšNZ’DtKv[í®4r‹µnðÈâyÇ¥Qa `”ûœŽG5ä^WÈ9z(·Ô"ñÆà^‚áÛzVIòïFÚ@ö©ÿ©·ãqePuHïûkk¨ð¥w”þá]h=X· ™2 ŠLÊ™ØéI?+ª²ÜgXŠ6@ǯ½=ÈÀ%/÷8ÔXqiÖ(4‘"¨N£ñò%$ª£[Y¦hzPq1fL·¦aàs7È”ZAëc!3±Š ÉFÔÕgw˜`ˆ’l׉¶¦M4ÒŒóÌèš#certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/onlySomeReasonsCA1Cert.crt000066400000000000000000000016141453642760600277630ustar00rootroot000000000000000‚ˆ0‚p P0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0L1 0 UUS10U Test Certificates 201110UonlySomeReasons CA10‚"0  *†H†÷ ‚0‚ ‚Í ”S[»E¢ šñÐ6Q E.Òlº*NcNšÐ)œ¦çÜ6yå ÛÿÖ‰Õ”ar —½?FçíÎêùbÕÔÞì 3¤í®è€¨\¶¤ö˜†ààBç/ˆGâù¼ïä¨'°Gs‘>ê{F¸ì¬CîªRZ÷(µžA‡2ÑF£ïr˦°ŒÇuszûkG‚ Œå­¦‡CSè"„m Ì0KCˆ§HµF>Âr«±"³ùºvºá#u5§•z0Åç’ô3ùÓÏ´"“ÙÃX…˜®e[X}JÀ½Ô?¢Î†Uwy=‹du9Š<ûå¹\UƒS骞hö×]pcų–ÚŒ—£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UPhÑ A'‡ç N·xVûŽîq0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ žjZ µÆzl¬û4ê¥Bè5À×S§B$¤ËÂXmÇ-ócLLRˆnïu8jD|!Ê™XïÖdJUˆ."¤1nÃõìøÕ·/¨9§« ª€kvvK>’9hñÆašŒ¿UÔŸÃ} WsMÊ”´PÝ'ÿF\Êä'N^±u%z@nxGÅbýŠ©£ßhÚ^?Ö¸‘®#ªþ›†¼°ç-Œ9×ðð˜¦+!õÈÕêÓ"5o3?:º¯±öÓu¡ímÆF‚üu>zÿc—íÇéêSþaë©7 xzw±E줇€•²íö$ö24šâ6樞ÇÁ­æOor˜¹œó˜Ôcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/onlySomeReasonsCA2Cert.crt000066400000000000000000000016141453642760600277640ustar00rootroot000000000000000‚ˆ0‚p Q0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0L1 0 UUS10U Test Certificates 201110UonlySomeReasons CA20‚"0  *†H†÷ ‚0‚ ‚ÆA:T¬xg¿önwµïÙ¥ÀZÔŠf“<èîŠÐD(ùuv®Ð[*š ÉUÝlý}{ã'BŲ.9i8wòÓÕçö`NË˹Åè`ùò¼T†‡ŽÂê[ZÊŠgcáV•x 65šFÿ‘SÇí‡=ÓÌ‚ÿJ„`¡¥þ~ ¬{ý?Ä\eŒ.l6à@ï·é·©3£ðˆnmÀwŒµ?°¯(„) – øê«A‹KÈí}©»bôQ®E_ ¦k3™Ê/r˜`I,ι5« ÜÊö2hM ry…CW˜cÿ’œ7PùÏ›MÒšl”¶4}ù`èö>ÞVØg©“yf7}£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U`cßÒ#¤)ÖA¤¬Ê†y˜¦eH®0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚qƒ±–'ÝgaûÅïœ(¬rDŒ[¨—âj=?B[÷l/Ç)Å7’„«¸½9¿¯¿‘s¹ ûÒ5w_õ’ñH¸×ðÅHõ²}aÛñˉÿâAAó E 5¡º½¼B˪#n0¬†*ÒT^¢²è±œ|¦¢QQƒSø7Õ¥$ö² ïtü“·ÜñöÒ>ßëµí]ÁGtð ÍmF<ôóN`çWÌ @åÿÛ&£¢ ¥ý"–ņƒ^àïMÐÜÈ­°â«¢RþõÒ ¬æ^Á¾_¬¡=ÃâûmGÜ„¬l¸bõEŽ²[†u Ýαߛë3ɇ•.certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/onlySomeReasonsCA3Cert.crt000066400000000000000000000016141453642760600277650ustar00rootroot000000000000000‚ˆ0‚p R0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0L1 0 UUS10U Test Certificates 201110U onlySomeReasons CA30‚"0  *†H†÷ ‚0‚ ‚Öì£|ëà1t/Œ÷5‡ó¬ŒØo^)å´N.}(Tº×Ø*ÀÌÍ' ½'ì*<þ èMJ‰ºÍ–®'qnëjpb‡a%œrÏ¢:iÂÚŽ¡Õáˆ1,íx‹3kscÓ¨“Õt` ”˜'e§¾¨ãæL2rKd‰RŸÈul‚˜nßÏÔ5æÂñ‹:¦ó;)Ä„#›ƒ ‚S¡PÄIödz7¹š(%¼XœÈ“„XÝ+52¼ì]§šÂ`ܽ|v2íQlðؤY‡“¿ ·î®¡öèÐ4BóØõËñ;!Ý2z&¢×SnëÄ“‘"%Ùع.‰a¢é?!wüø1M£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U-$·—‡,îÚ¾Þ—„¯ ¾k0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚Vtզш™eW(B_­>Ai"µöÿ«È¾XÎS¢µåAQ¢ó·ËxgxF³6qR܈â*F«ö‹Tvã½n‰wð  v{êDƒ§yˆµEz—ÚÆK e›Sžïgè.!ó´ž­;5ÓôM Åsñ­‘e„ÿ`ß-Q©<Á.ÔDS¨¬p±ÎvLÅŸ€ Πï°÷Ìùùˆ×q šk>ÞϬh€<Æ=¶È€Œ^é[¡}3Vè=mî§3GÆÅŒN°’™{© …×z6Î÷,_;9N@£=¤×«*Õ/·ê—þ£"ÞD¸í§YÍæ/Îyb ³å.ßÁ²„¤“ -&&–Éàcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/onlySomeReasonsCA4Cert.crt000066400000000000000000000016141453642760600277660ustar00rootroot000000000000000‚ˆ0‚p S0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0L1 0 UUS10U Test Certificates 201110U onlySomeReasons CA40‚"0  *†H†÷ ‚0‚ ‚œR S?îöŠ ¸k²T”j¤ÝŸÎÛï;ÄWF4MøÍ»rrRSà$þŠÈÍ«#Ÿ9TÖêbR§kvðØh’¬Â ?„¯pÓ}3ƒ¢t ·˜Ø!RF0_Ì°Òâ>:xRWÚ”àŠp­®¸¢­-¾âì‘´ùמ>žFñƒD±Íœm‹GçX'Ô‘Bƒ¿ÄQ½Vé)£f%è=wv/IÒ6=K=βLðã W bKy1D?£°žxxÿJ Î°_Ó·Ë{£|0z0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U¾fÜ ;öÓˆ4‘S& hnÉ0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ ©´Ä>í#\ íä`R]ÚÖR‡•¬DOÈVƒcºã&ØNábíÏG<õ8꜒ÌSmW4n©0(¹¹…@Þ6mgŒS>£µ›k‘ÞÂN×I¨7 ôæõ u„×ÅÌøJoòHø‰WÛc×ÖJúaÇRl¼m¬Þâù)öbmò#á¸%âhiPœºÚÀF±Ê¢£O¦Ý?€ÛâÏ&·þr²É—ª ±rô/In÷ Íç­1»þú‘C=`(ÌÀgÙ‡ÈñǾÚ`»/ÊA6†ÿ½Ææzß3‹ šYñ!TÛ»+ÎàÇ^~ðLýp°‘%à뇖}çÛ¾ ÇDÁCîcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint0CACert.crt000066400000000000000000000016211453642760600302600ustar00rootroot000000000000000‚0‚u 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0N1 0 UUS10U Test Certificates 201110UpathLenConstraint0 CA0‚"0  *†H†÷ ‚0‚ ‚ȼÓzµ²Aw®TK-ïT'-®Q ¦¤éï ?·k`V#K‹»ßN̤ìHîóð–”LQc‰< iM™x$´é„W@FZÉ)|Âÿ¹§6¶*¼à¢Æq¸ÔF!œ*Ê7µ!ž/åèÓÑÂéÜy§5qjÑ„–V•Žgœ±ìªT•ÞùøÊ”B,D‰åÜ>éã.ŒŒrP¹(æ(+pk¿=Á»Ö¨Ø$v©Øo^ß·¢HôT·¥L±"ƒh·9%X·ïšC%âø†ùQWæbåd!çdåÍPò†Ü@/lý„õpú>zÔ|+’ß:nî»u°? ÂRS^Œ:®]£0}0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U›+²J<ÅnPÉ"½cÎ ñŒ=ú0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚@Ê+æg4N%²ÓÒú)~ñBRjÿ~¹úªœ~Á¬Åí ×ZGtÈ€ð]4UZý”ó{+Sæ€Êä–  ö%µ¶-ߨ³4_èÃ.°¤ŒŠrxo½Gë¯n<5Dbµ«Ó'ˆïr¶ß•æf´¾zI9ç¬ÓWù•×l<ç¬ý;$~\™]Ãœ¡Ð½î þ½æ³KÈ!/”O\¬ˆç­ÌÈß A´¥±Ko¿ÙèÂ¥s¦Ø¬†$×”g(ÅŒ¯Ý`©YÑ’è\ûʵÊÛž+‹jP$g Á§é߃u2XwáøØú\o•bHÀ]Er¶¦]_jÌ8{«ŒüóŒcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint0SelfIssuedCACert.crt000066400000000000000000000016271453642760600322550ustar00rootroot000000000000000‚“0‚{ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint0 CA0 100101083000Z 301231083000Z0N1 0 UUS10U Test Certificates 201110UpathLenConstraint0 CA0‚"0  *†H†÷ ‚0‚ ‚®¿0Ãþú.õØn½œÄë{÷M‚NÊ{/æ¡â$]ËdßØ…Üí’+·rÔ(J…›e#» ÎtÅ£kÀcòÆ›W—3´L\`l ý«Gê}©O{ );¸Üvôr…¦fhú€º÷fáÀ¼Ò9‚å8_Äl 5Qãh]wÞk/ þxšr†m’ÞÊ°§-C«B°œ¸L¥ÞxxÚY詨øeÔsìVRÊÄ~ =]¸¾¿8:­›Ö'kÖÝмlÈ—©[ÉqÉC!Q4µ„vV"¼¾2œSŽøçE™^×Ø^røVÝœA*ÊP ç66÷ŠÒ„<Ù£|0z0U#0€›+²J<ÅnPÉ"½cÎ ñŒ=ú0U€ës¾M™ž”½KZ÷ÏWwtÃ_w0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚=.LýpBÕÕÚ÷ÐîãcbÙ:Ò2ë Q’›Ë·hv>,ê ®sK§Ì(ŸhñO|ôµ¨5w³ÆR²ƒ§Ík!,ίeê5‘š1zݲGÃÎS]Ü~‘mÆaƒç°jkˆó7Mó£³ý§ç© TªDnä{ˆ:U߃ÞÒIÌW¦çAøì›lßôxkáOœQD&• µX¾2”Q„^Eä =ÿÅ«½›Z–;ËÉÞñ›&ªEWLIœ* Jš%¶ÓÁOË”¾P-Pi,'Ýëð#ð“Eæ,¸êbÄÝæp JÑòõV8÷“ÓQ¥.»‹æõœÓ‚qJî'¸certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint0subCA2Cert.crt000066400000000000000000000016331453642760600310570ustar00rootroot000000000000000‚—0‚ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint0 CA0 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 UpathLenConstraint0 subCA20‚"0  *†H†÷ ‚0‚ ‚ÃÂ;¶1~\–m¼t¥lš¨Í2©,”Ùq*\bžu¸2­ÇqÄ1»Ùuù´ ‹†;iB<†ŒõCûÇušóŸëµ»amå«U±Z¦¿KP‰¨•Œ‡Â!0Ž‘iø€3®ëx@,0fs:Ç3GtaµÉaß=µê^Ì' Ð1fVñ½½~¼‚—ÍNݦWæáÏ›,œ½á„Ûgä¹ud5@.C—´ê‚°‘$ IM¥Ñ:äjP+8v¿î,ue9Vá–ÿ¨4>gØ“r²:¶¸<í¸f¢§˜e ñƒxÅYú–®#©…ÜÄV¢áAôvõÄâ2E¹äÚüKï:Á¹£|0z0U#0€€ës¾M™ž”½KZ÷ÏWwtÃ_w0UÆ *û¸é>h`zǗγXQ{vÞ0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚–`…˜N÷ µXlPEc¾4/ôy,cs¼{«Øê7gv0ßòzñJªØÙo`2]ñCx¯Ol.ð¹q«zôÀ.T£6öT+êñ/¡“oßçæØÕBÊhÛïGZsLiªíÕÄs"í·÷h/õ[4çP̨ø½öÑT îúÖ¿ ¿…ÀÕ]Ê´­‰Ü{"ˆmçÕ¿„l^°Óüf>’)?’õ\RA~z\”Úùï:)Ø쯜®gÁLײû)Ò–öÉ£9Rs9Kf¿^ã؈ÒôTóájÀÁ)2Á]Npd;\ÓS·Ç”QæÜ—¤šŠ»«B¬QÛñŽ—)ácertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint0subCACert.crt000066400000000000000000000016321453642760600307740ustar00rootroot000000000000000‚–0‚~ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint0 CA0 100101083000Z 301231083000Z0Q1 0 UUS10U Test Certificates 20111!0UpathLenConstraint0 subCA0‚"0  *†H†÷ ‚0‚ ‚­ôüMt$ÔOÞüCz¾?ê2 ÙÄ3èèL¸ò™žîÿƒÕ…ilF½'Œ ­¶ÌšMà«ß½º:ý˜VAjýø˾9 Á{\¬¼FàKÝ…2gœÔx„Yaf#”/ ßgC Ûò?e8o÷Vm|û^öaéìáÄ›…ÈŒÔö@&ìD*¤8\V.—m(V17×Kö¼g{µ¦Á‚¦ð#^¯]ûª$ä»c~«MS+(œ… (·÷«|§,²½Õ.B𧗠e’º1‘X'½3e=ÁðD‘ƒ×¢FìR+Äð¦†ÓpœÑ­£|0z0U#0€›+²J<ÅnPÉ"½cÎ ñŒ=ú0Ubg}Ò7ÅrÐ޵ʣs^0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚.˜æÌß‘LŒïæ42‰ ~Q ×õoÇ“xmÅÏЯ9ž¼tbH2½Š öz‘ãò–öa×R§ðl¾zÚ ¸ªëòòEºK œ©!E!'"‚K™¢JPÏe±‚YƒfÔ?0b˜Ç÷«—òÄdäùêRd4¿–›—|^°ÀÖ|w@3©Þª<ÔU*€šnØ,"d¶{íT_Žá|óÙ©ñ!çÂ.m> UdPIâ߻طã^7Ù®ë Ä;[…¤"4Ccertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint1CACert.crt000066400000000000000000000016211453642760600302610ustar00rootroot000000000000000‚0‚u 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0N1 0 UUS10U Test Certificates 201110UpathLenConstraint1 CA0‚"0  *†H†÷ ‚0‚ ‚ÃÌxâG°Ezo—Ú q@zּΕtwg7ƒfÆþ†Éq ½eAœ&Ì É…nââZDÚe`ùwûf·YR«µ0HI.±¦3l‚O <&ÓM‘hbéÝ”oРE¯ô 0ÛŒB,]òÛ0K=¥r<’‹‘ϲÜÑçqgP}›N[›‰ƒ"¨œK«=÷Q›ýÌÔ=µŠG¸GIâ÷"£—”·=׋]\?ÍwƪÝF”¬“ëH.Ö‘h nQ‹ûþoÝzc¹BùÙçáè)|”¿Ì‹þÈêÖ_êâç3™cØ5f ËÖ_#ª<¶îS£0}0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Uóäq`ÿÞ&…3~üÁGgúÁ0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚6N*ˆ"(@J‚;{ÿèVŽJ×ÈX"˜¨®Tp±IÔ]½OùÞée`E‘¢z¨¡à²ãú‚Nø˜bk-¦ >:yÓ ÛZÌÁØ:ÈÿVäõjC^ÊåÓöüºÃÏÕC’f.Ù‡¡ \ÉŠKÜ}eëMaugŽ†F~4«Øcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint1SelfIssuedCACert.crt000066400000000000000000000016271453642760600322560ustar00rootroot000000000000000‚“0‚{ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint1 CA0 100101083000Z 301231083000Z0N1 0 UUS10U Test Certificates 201110UpathLenConstraint1 CA0‚"0  *†H†÷ ‚0‚ ‚»ûÄlÓ抧ó¾‰,eð6¶|×Z¦ˆõg´¼ÿ³Ð'ƒxªï\quÁÌãJÏt?NÓÐ(ÒH3½¸ ½G맼–—{¦>&ÙÖYÚ) kÅÝøFÃPøSxwÄ¥§‰ØƒÁñgî ö‚½I&Iy £_Ð$ó[¡‡¯ œß˜‡ÞxÚÊiÈ(1DŽÆÝȯ(ØcWB?Ç?)paùœúx4Yif¡Ú? ¯f‰uÂÙÔh‘)‘\y¤ˆÔºW€D”÷>d6•X/äFÚ¦XóÆw¿óaüÑ›![O’ ãÊ;'CÉu:–)§Ã¢Åj¬èM&jQ¯û»Â°ÿ¡ñÈê^— [PheÒr Þø¿óØìús=V`T°œèy¹M³0Véç [íåÁDyëN¶Â2Ûv¤— 6/ êIÖ³6y!\ÂW]ò®Cn™œJkh&a [P÷)“ÐŒ`¿ä“lOÀöÞTL\˜U„™Ñ†Îh6ï+1òp;/Ucertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint1SelfIssuedsubCACert.crt000066400000000000000000000016351453642760600327670ustar00rootroot000000000000000‚™0‚ 0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UpathLenConstraint1 subCA0 100101083000Z 301231083000Z0Q1 0 UUS10U Test Certificates 20111!0UpathLenConstraint1 subCA0‚"0  *†H†÷ ‚0‚ ‚¦Fޔϟä‰<ÈÂ-3-gØÎCþt0TH—wðç x, &kK8jv«¤+¡UC"ü€0Ó.ØÌMAXìŸÓ01T¤£LÛâÎm¬aà»x~Iù‡ûs^ýD‹kq°¸7ýÏ_3òšþkj³7%°2»J¤Pû·qêÿ\vt)ø€„ã{\¹!¸Z-R–ö&Ëâ‚Hž¼÷É*X¸qࡹ’Ü»ì{ç‹”x ŠÎˆi4Ê÷ZÿGR—”输³¸Â/’#ëd›"*Ë£8nðH3kÀäúpEEÂr_·s£@IôŸ–q'l+õ ‡Õˆ« ’4 ´°qU9Š¾¨å®jq£|0z0U#0€å™–µÇ}UB­ŽÇ%öͬy0Uy‡S):¾èÔå4ƒ+ÇÖ0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ Ÿ¤ŒðBoµ>¶›}¼ÎR!°qTKZ¾s=\i¬è?U0¼”üÒ³Ž×c`„ä¢5ßG›ÔýËj+´Œ‹³ë}™ùBÖ ­6ø™‚=pd‡œ+ê=ßLe]é¨Ä¶æLƒÚ)rÄ›•deœ›r°ëŒãq‰¡UTHw]3z¨³ãØO­X«X´–”¿Ü8ä¦8ëýõγ”ð™nˆDØØaÙϤ¾½_'ˆiX^Sb—#q­Øi„¹ø Ðé'™—ŒÛÝlë¢Öp²fà“?91‘oBìW¤kD­Z=÷™F‹ëjÉ+”²TÜ wfˆ'iܺ¿certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint1subCACert.crt000066400000000000000000000016321453642760600307750ustar00rootroot000000000000000‚–0‚~ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint1 CA0 100101083000Z 301231083000Z0Q1 0 UUS10U Test Certificates 20111!0UpathLenConstraint1 subCA0‚"0  *†H†÷ ‚0‚ ‚¾ì:o ïòšË¢íî’%¢­ÄÑùÒ&zS+°(?1†ixƒ¦Ï=_61D &ž Ÿ‚Yï>´$FÛe|E¦\΃¸%3H­‘–…ï<:Õ0ˆK¤ÁªíVÙÒT܉‚G;®Û¬:ø1·hî$‰'G`0c+ÐÊ2”!N4•w¦‹±ÚD·c±3mëû*Øõ.D[ÊA±ÐW¨!÷ÖÔÙwD‘’õ§¢BsËŒc4=¼3ŒìḎa½uoµ±|°¬öl ëšmŸ·-ì,Ý ÿû‰½³™ØFËëMP»S§¼…„1eí‡,CFGñÞ¿ž‡®w™éÔ«£|0z0U#0€4½d㟎n˜%Ûe6®4•ë0Uå™–µÇ}UB­ŽÇ%öͬy0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚K@<Ú}"à!sðýJ,hî+Ëüß„´} Ça¿ÌG3d•`8Õ)¹lîcMܬmhɯÕô´‘÷OÍ€/»¶¬tÑhͼ烈û0H9œ4—Ý?áÀ±uýžP*ašž‡/BgpG¥DˆòLßï×TÙk†Y¹Mˆs…©y­yd lrîW“Gk.ù«™ÂüµZ1Û Y Ä㇈¹Õø}Ùú¼}妹þã'Õ2þ7äûçþè?¿_8G…„%œñXn«1´YVgQQÓT:G<Åò;6lç·Su 5l;µNvXzZçìÞqùX‹@èÏ_3ù0yàÚZT$‘«Î{Êòcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint6CACert.crt000066400000000000000000000016211453642760600302660ustar00rootroot000000000000000‚0‚u 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0N1 0 UUS10U Test Certificates 201110UpathLenConstraint6 CA0‚"0  *†H†÷ ‚0‚ ‚Èk˜¥,Ò¶&u´Wá¢Ov”"Œâõ#>0Ƹ4™Ò+`Ô?i… ‡˜×ªÏ×ÃSë—ä²G4óÒlGpLâјÎ©ÚPT¾´6å–’§ewú¾¯ÿÕ‘ ³è*à¹%4ôõkG&¿[{vRçiíTLÿG‰PK4$ßi°ZLßy¿37w%Q™Á˜‘?š†! \2Ø^ꎡã“>Xó'wûtÐØ‹2®dÐÒBƒÿ|.lvœÅD:€—°"ôuT²÷óŸ÷lÔ*ÅÁðèîQ§a?Š†é^«Gè­»í¼E…IÙj9ˆï„fëêÝöw²üŸ^ÞgoncÊ“£0}0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U¯¼…®þL®á—#ˆÈ¥±` ºNØ0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚0«ïCz)=¸J„áý»uŽþCZ¢¢·9þcƒÈÌ‘‘²—†F8d—>Á§â>ÞÉ€–"S¿Ga8b?d׃Ňl…s<1ÞHŽÃ¡}7ö­gö÷/rxVwÔò]6­p°jŸÖGr÷i-rÓSB×Ú?­‡ˆØþˆ¿‰3Ý!Óîéõ’ÜP“dao[¸= [C©Höƒø&wZÒ;Z‘½YªYðßì&û ªÆË?ŽŸ£ïGf aÿl2_ÅMhL]Ê-q?j£©ÚÖæYrõâ£|%7ÄpAÕ±7ßa_ Iô7)j·j ð,ª–—ඊsƒ4ÊMºÊ¥x0‹certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint6subCA0Cert.crt000066400000000000000000000016361453642760600310660ustar00rootroot000000000000000‚š0‚‚ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint6 CA0 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 UpathLenConstraint6 subCA00‚"0  *†H†÷ ‚0‚ ‚é€d ¿¦mƨ¬m Û”1JÏY#à´e6‘‹©rŽAL•½aðá7Ci¶¹v²žà(«ã¾Žfu‡½Ùµ¥û˾q’ßö>põ£}Zqq=ò¤ä¥Å{NïÙ.œ2Aô§ƒæ«`Á<[g7Ík'  àæ;TØXòU•™¾Ä­Nóùˆõä8²ª.T¹G;¢7>ãŒF½'†7Ÿ•v'L8¥LÕ?öù§×A+ühwW,t ª•ˆÃw­‹È°Ñ#ð0òM¦½Án :%`èÁï)ÚoÿK1•p™Â¦«MÙQ³‡°ÿçÁ=ŠŒ£ŽÀ[ ×£0}0U#0€¯¼…®þL®á—#ˆÈ¥±` ºNØ0UÏvvƒs$Ç£mg|ëRÀÔÔíH0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚@ZÁ ½ÀF—]9ÝäâŒó¦|óe&6þô‚ë0¸Wœ•'è•ŸJ=£I)¡hªíÛ–lÕT0oU ®~”ˆP®ÿùBÓ‚‡ŽµêCÚRÉ •œÒ´«àµûÀ<õn×г™šØ-©rKạ̀şJ¸m©ÐŠ¹ÝÀÚ…n;›¼8p&¦qŸ ËÀnó"S:ÖìŠ4ïÈù”ȸ¬rè˜ÍLjå/á·rÛKüGAê…>ÉDJ*ç°ÊË(^Â¥oLnÎ ÷1`ãDšÓe€íê?7œ3êìÖs;gM‰\é3f§#ÖئdaÏ[Ôfj³"áƒK¿É.ò‰zLcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint6subCA1Cert.crt000066400000000000000000000016361453642760600310670ustar00rootroot000000000000000‚š0‚‚ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint6 CA0 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 UpathLenConstraint6 subCA10‚"0  *†H†÷ ‚0‚ ‚Û—ÿñZCpçÔ›u?Š ŒkQÒSÙöº4c¥ùU9m mOT“E;8¬M°îîÄ'¸®%b!7Ei_siŒ:Ž,e >©4~E€j­t¨54ƒ¬Šèpðè=õôÒÇôþö%?EX>p ¥—«"#Ê}8š!Ü ?T8w‰§0Ñmül8¸½i 3ëòÍ;µnl+w»àfž ¨dQåÑ…•áÚ7÷N†Ê™{ÄT v:b\›®h‰Ë²~Y¢µqaˆ³rÉ𴆀Tý7PZ´ÒÑÈG;a G¿Cêv±©@9_ºäyåVMñVèqs_̶…-2æŠ×q4ž]¡Ð'£0}0U#0€¯¼…®þL®á—#ˆÈ¥±` ºNØ0U<š•ž“^Vbé[8lš:n’Û÷ 0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚´ùîDÍ„ã…ÏÑ Àå„!»ÕîœátI¨û¶^h [àŽ«æ0¤'Žâ7öØ¡W…Ϭ­Y.2-Þ¯Y!è¡ÓjæY׿ª à d 9}¥•¥eú‘;º¾æJÃÇ€ö)ö<²æQÆœÇò„²¼6€5-KD¦ ³¿ Ÿœ› Ö¿¡ÞÈf0ØŸH2i&tщ|hº­÷éíELš È0"µnw¶‹‡z/”Åz)èKÙt• ®ƒÝà8ü¬N×€6$”Í„¤$[_!Àùl2ÜÒO“¤k0‰ˆ‰gþ¤‡~ŽEŒ ç5 ‰ÕMA %¼”U„ËëZ%\Tû{U½o™1×u‹¸¿ªÖ¥}Èra LÏfàsª;W=Ù%§kE¯$»FmrÛñþ††‚ú|ÝZÝ^ßtzã0}0U#0€¯¼…®þL®á—#ˆÈ¥±` ºNØ0UI…ÛKûcÙ™(´ zžZw0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚fI…f—²ÕÅOËÅsü‘¶±1˯Ÿ"ÊüÊ~îƒ?J´jvÑ^ܪE½KxJ+ ,ÇînÙ`ŠÊE5w ùÖ{Jêx+ÄÖ41ˆ;¾šº»U ÓT@gKê=ˆ(õo|}¹?¸ÐâÞ{H¦íEZÉAG%Bsç€(%+/UISÆ“½ù0˜½Q_³geWþ°}î–æð`á÷~]%x¿¥DaÄý•Ò÷ðw¾}9®¤V­Ã¶ªºJÖ4ÜllÛ9„cäó‹m2þG XB¬¹‘Í'™ð Þ„m~3Xù_ ä\r¢$^i%"ëɤ·²¿ü\È8ƹ‹lÊè¢QLaæÄW“5¤g£0}0U#0€Ïvvƒs$Ç£mg|ëRÀÔÔíH0Uº¹âˆ÷ÔY%Šã)ßO 8Ýqt‚0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚BŠ;Šf.q2Wé˜Õ£*ÑJZÿ2ÏMÒú\XµµABy²?¤ØC sŽ²õCJw§Bö¥þUî†ï Boâ2hä RjW®‚¶-¹Å̲T2¦Ð°wæruvcFñ3¨ð'L÷gŽ¯#c›%Oþ³~þ»¡IõþW»Šr´!GïCÁòþÇþ[ù2 —Y #€ÃÈYšGTM¬‚ö±¤e^¨GƒÛçê 1]çа’ËÂQ|{ꪖä“BîÔ3$ÌfËþeh>ø—Œ§}üSÙF{¾>]ˆåþ¥J.¶DCrW1dÇSä{àYíŠÑâP—”0‡s}¦certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint6subsubCA11Cert.crt000066400000000000000000000016461453642760600316630ustar00rootroot000000000000000‚¢0‚Š 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UpathLenConstraint6 subCA10 100101083000Z 301231083000Z0V1 0 UUS10U Test Certificates 20111&0$UpathLenConstraint6 subsubCA110‚"0  *†H†÷ ‚0‚ ‚»þ执óì„’ÈvMj%#ü¤Õ/KÇ QچѷÕ/,/{9‚ Ü—ä,ä.Ã3~&gKÄ|mMJÙ"ƒãÓäªt6ý$%ä¸%=á©ÕÝ1©þÌìôuYÝ÷§ÚO ¿€gzŸ±¤È~ƒ©çï{Ÿ£0†Î¹Ëi wÃ5Šü>éhî  œHålÙ딲 w±% *Ÿ¯Ã1ñ¶áÛóWœŒ=TÇòeØ·üoñ€ýé;ò¯¢ÕR8ÉL6Ðu Ì/\9Ø5[~.nq-…IÀù_ï6„0,6'’@¿>IÒ:¼à8YAö´ÑÈ"ôÇŸ‘ª"Ñ£0}0U#0€<š•ž“^Vbé[8lš:n’Û÷ 0UÓ¦E^g}”€s¹„Æ[µ1¾0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚O†çÔ·+õC8äêO)ýGŠ‘æâ`£óG6ù×Ajþ Ú£œµGC™·–€Ã”bÞ^˜ŠÚ†‚%„¥¶ÔÅhG¥qû$ËYêç!Š ²~~Á˜ÜsÞ.n÷€€ìË[ß«ïåždœ\Ê–ŒN~ÒAèM™¹zž+ß_ç¿J"< eçVpüÙŽZ »úŒVL×N¢Ucñ)Ö¾Ð$vºævùHdÎãkÈâ¿ç°eÎóêŒQ2˜$<çÇd˜ J”œ¯&][ÇLþÌò‹-š®ææ¡Ã°´HV/ô7•"¿á»7Hð{ßåeü«-u„ë certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint6subsubCA41Cert.crt000066400000000000000000000016461453642760600316660ustar00rootroot000000000000000‚¢0‚Š 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UpathLenConstraint6 subCA40 100101083000Z 301231083000Z0V1 0 UUS10U Test Certificates 20111&0$UpathLenConstraint6 subsubCA410‚"0  *†H†÷ ‚0‚ ‚Øpl5¨JŸ”×ض‘‹E#p 7¿ÿ¸’àášz±ãRO¼ÇD³‘1zrýÌÓ&*è¾ ¿i—’Á­r»}u"DØÆ”!cýÇI¿å„ñ©ã4¾Á€2ïWç;Ë+Y¦éêù€:ýµ*˜vu¼Aóð-x5¶Ç–'2<®-«\?ô°/ô.Õ ƒ­¸9™Z [ì ÃQH¬çŒT8¾ÿb™^ï'Q™Ú¾UêpOy­+jöÊ 5‡u6³&ý–‘r:Èá©8ÕAÒ”““~4i *U»)‚võœ%ÂðUfŸªÿÜ$·+»þŸÖ#£0}0U#0€I…ÛKûcÙ™(´ zžZw0UDZ¦ÏöóÈÇFïd¡õ[Á?‚¼W0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚·?«‘3C¦ùÌŒ óšõe¶"ßDSÝÆŠ‘¨‘·cÏ@6Ôµu Ò#Pá×»üŶ4"à‰›ÆóëP#•Qâ,¬ßQÀ¯>M÷}q@qåÇ@y¾(j‰Ó‹*)D3©„¯Å•<8žárMë\Mˆ‹ÆM™˜>T‹- ¯Ñ}Ëqa½\ çdBŸ4~‡BÂ;9O°²7‰k[ªÞX–0=µ,µGi'@êÌH–QËðûƒ؆ç@ÓjJpŒ¹ÝÚ­p3D»µZ`d¯èq+3Ÿx!FP}`2Ë$é—p„FÑþšZ.æ€W¢¶ª6U_ ù 6l½certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pathLenConstraint6subsubsubCA11XCert.crt000066400000000000000000000016531453642760600325230ustar00rootroot000000000000000‚§0‚ 0  *†H†÷  0V1 0 UUS10U Test Certificates 20111&0$UpathLenConstraint6 subsubCA110 100101083000Z 301231083000Z0Z1 0 UUS10U Test Certificates 20111*0(U!pathLenConstraint6 subsubsubCA11X0‚"0  *†H†÷ ‚0‚ ‚ΠÑFO~vËÃh§po)­Ù›oh½( cʲl Qiª´°ª©>ÖÖÂdpÅǯ˜Æ eX¿·\¯žß³QÜ,!„{¾i¿ðCæ‡ß@µÁ˜zN-­ ÿQèM¶Š³8H½l¸Q£|0z0U#0€DZ¦ÏöóÈÇFïd¡õ[Á?‚¼W0U¡í¢ó5T¥Ÿ¼cæGjS$lJ r,0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚LÿíO:¢…€šÂ7“xv1dPBÍr3?jø xëå?P§M¥ÅWf¨9€â\)Þ‚ø X…@¡Ü¸ˆzji*\Aß‚™|ío±oƒn»(BþÆ3?£ìB¾7Ž%­Í±‘ú5ø1 É®´i½=† ·.b$X&·ÛM§o Ѭ½.˜$Í >"ÉcÑg‰ªhgÉ£(¸F룪Ÿ ;`%ðªÖ‡ÅÂz3±€ —ê2ˆý¥NGL¦iÞ ¦©dg¿J–½øðÆzGã½+lKÖîgS ý†..húš þV–à£Sdèž(ñ–ðIˆ·áoù²™£certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/pre2000CRLnextUpdateCACert.crt000066400000000000000000000016221453642760600302340ustar00rootroot000000000000000‚Ž0‚v 0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 Upre2000 CRL nextUpdate CA0‚"0  *†H†÷ ‚0‚ ‚Éh¥½×‡} &àoعY;½ÄÑ !;n-ñÅ:n¸1×nŽ<ã^Ž×Ás :ð¼Í&bX‹ìöJ$X/T×J·¾¤&ó8Æ\x±zé¤RiðäÓ_nûé?»z¦jcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy0subCACert.crt000066400000000000000000000016421453642760600316730ustar00rootroot000000000000000‚ž0‚† 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy0 CA0 100101083000Z 301231083000Z0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy0 subCA0‚"0  *†H†÷ ‚0‚ ‚ÖBkéM=ÏêüiµFøHƒÐvvŽàÌ€‡4÷ÏâÑG©ã°¦ÅLUv2À¨X 6‚ÁºšEó®’–Yº3í1WaæZ0ÒoŽ50rtòå¶x†fTÙä80o!:»ß¹·þÍêѹ(MÈæêoǃ¹ý™‹.XÚëc?ÏÓÆOªøÛžH$XZ¢¡z?òd7ù­.°&âa7ÄDÕ…€Vâª%x“"_±Bw:óñÚM¥%Úý×›/)-Ð>ÏàL± ²<à$ C)a1yc†Lᜱq…Ø'1£áã"í»/‹"¬,’Œ•“1æÔ£|0z0U#0€¹ìߺR"¸¸¾j÷¢Õ' Ög50U¾bxý;½nœ 3ò;2ªAóå‰Z0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚µIŽü"ùqÁû§é_eº¸Ô—gõ`ÌHí¥êno—H9†¿IFºôÃ(J¨ÒÔg‘Ÿ“úŠtñê#±Hû'÷‹ÕOv'•AÞm[Í ¾Õ¶ hø<âåºè¡(§½&îå©aßÔh–ðüû”™uùÝ"oŸªÜ3b&œÿ4½åqÂg£ê'ÿ5üJòê `@î5éu DßYÁæ;Ž˜Ð˜™l ÈÿQ¡1gŸØèoK"€_I¼„Ì1Žª—¬özp÷q 7¨úñº#±ç˜ú‘þ¢€ÉnÞØ%¢=÷nq«‰.¨Ûê|ù— ‡S飸Δ댘2certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy0subsubCACert.crt000066400000000000000000000016501453642760600324040ustar00rootroot000000000000000‚¤0‚Œ 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy0 subCA0 100101083000Z 301231083000Z0X1 0 UUS10U Test Certificates 20111(0&UrequireExplicitPolicy0 subsubCA0‚"0  *†H†÷ ‚0‚ ‚»bhL<Š€öÖ#\t¨2ñÝ1jê ÓÎÜ…àZú1h›=M2tí2S…¨ÔQëª=äKµx½å`ë@†FØâ?'MSFETœ7Åýìµf²¤¸va4P``õöêÆvgè àJ¹ôü0y·UDš¸È)ܾc*ëå”%(œ9r}Öû½Ÿ“§£Š(ƒÉŸ DÈ™EÜÄqm¼¾À„uŬA¥{_B )oV…V]TJN} ²ìü‹…uýIþœílGKÃL«”ÝŸ\¯Ù=˜rðlål¼¸9‰Û‚F ‘kõÄ6§7°1VMxOÅmëŒD:U£|0z0U#0€¾bxý;½nœ 3ò;2ªAóå‰Z0UëØ—zz#5äÏ—$'"Ìg§VI0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚• s÷àîÃ#Eõ™ ŒM>þ„\,틼.L•¼«õ2…s¡¼UÀ²HÄE(0‡-|_eXº…i@$ðuS¤õÃͽÆo,‚ñæ°ј›÷­ÌÌVAþa¦y°ÜÓÌæŽÑÐ@£bLåŠ ¸|ûÀ0fÝX×£þ¼' (ýbA=g€Uè4Á >þz=2Ý_Ì&‹u_í Ôhœ®´çB»Oö«Ù×Ñ®æzŒ\O¦&„KÁ­Ð°  AY¯AÀ#¢LÀxBÝ4í7=Xoów¡ùbÊ‘Š÷íª oæÞhêíÖ‘£ÔLXж$ÇŒt%Qcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy0subsubsubCACert.crt000066400000000000000000000016561453642760600331240ustar00rootroot000000000000000‚ª0‚’ 0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UrequireExplicitPolicy0 subsubCA0 100101083000Z 301231083000Z0[1 0 UUS10U Test Certificates 20111+0)U"requireExplicitPolicy0 subsubsubCA0‚"0  *†H†÷ ‚0‚ ‚áß¼ÝИA)R)E×~®ÿ°öÒñÛÅåˆ<¨³ï2 þwGp¯É;«ä6xÙuu¨¾ŸÙD‚Ëû õ$[HÔiÈ3ín»¤—xOiC½P+ix*6ùÿ7É» "¤†ôþjÚš÷¶Æí|ÁM8lHÙrAè <‹E5x¸¼}zYÝ‚YŠ¶Wà(j“jËib[£EŒ¦üàk˜!„Šû+ëtðÌ‚ïkÂ-•ÃáÔäWÿŸèGt£íqÍz2Îw/U°»’ä“>à£#¶¹;iI\)^úZ¢Ý‡Ž #ã&1ýM4›ª(oA‘ÏùÓ#w?¢$~2mql#£|0z0U#0€ëØ—zz#5äÏ—$'"Ìg§VI0UµÛÖÈ /ZAÇx£D‰ÚÎ.kº0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚;Etá䓆ºjj=yÉÄ”ÉÑ?}úa¤{- L³™½J¿"ƒ€‡tS ÔŒCe}´&«{üøAq„¸Æ u’”EÿÖ'ÊsA´‡í û\rHžã6£fïHN2Bl<ªU‘?Ù[C‘îrÏ—ùmd)V3q WzœÊÀç6W —é4.°zri" ’>ul6iü])Dˆ}GQ^®G0A– Ðâ·_¦¬ß°)åg«?Âß­’¤ÖÅSH˜ŸßRÓ³ù±‡6Ðc8¯z`FÍÙ­Œë:0ÔW½bÿ ßycüº¶æ±”›eRx/DZËCY:ü’Bº¼ââ™Ü^Âcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy10CACert.crt000066400000000000000000000016461453642760600312460ustar00rootroot000000000000000‚¢0‚Š *0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0S1 0 UUS10U Test Certificates 20111#0!UrequireExplicitPolicy10 CA0‚"0  *†H†÷ ‚0‚ ‚óÚM…yþLF¥âuþ¢Pè‘WÀè÷¬ÌpW¬1ñ"ìÂÏÆ4½ÿ<šgo¿ÛþÓÙƒ›mF˜ñPíB‰,@«Vç³™ƒ Mµ#ÖõzTðÁSžqåš#ú^²#µú­WÏ9™’•¨(W@Â1ÌF7Z)î<¶û áÃ/ÐBá J¼žz ñãè†o¼­1-±g¯Ì|þ¡!É{DÚ.]e²AÃÎ;ŒÿuS Yá€â<ɇ÷3ãU4õt÷ôH_ýYË)™êºfÙgóF훵@šÅ×á”׺ÎXU2 wA—ÝII<ËÆðovb%ï,”&îlôäî MŸ}žV*㒺׺bP ƒwõ:–ðp e¯Ë©µÇsxf¦è9¤ÃÆðPö²ëŒ«\¸MîçF6kþq0¨­¼˜&¸UôNH}€@e¬Ì噊òôcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy10subCACert.crt000066400000000000000000000016441453642760600317560ustar00rootroot000000000000000‚ 0‚ˆ 0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UrequireExplicitPolicy10 CA0 100101083000Z 301231083000Z0V1 0 UUS10U Test Certificates 20111&0$UrequireExplicitPolicy10 subCA0‚"0  *†H†÷ ‚0‚ ‚Õ_@Š–~2ÎÜOŒ]ô"õ)r²í& !¯a¢¶æ:ÀŒRŽƒe—*cZËd’ºc’¾Ù§‡ÌüÜ®Ì]Ú87˜nxXá)t8';,}ð<5•™œ\Ÿ2óŠD…ë¢(ž,šJAJ’¾¿:.;ö¢ iòÇç,&ÂÑá[—ØQ?&kéÌ‘V\B+Ã7×/GÞ;©ÞDhMvÎw´/ T µ“JÛO亳3³G_,VàÛU‡ŒŸLhm¤Œ}r¸¢4*eÉùÌßû瀓æ#2 ÇÊKúŽ&D$¦!€ÖÛ…‘Æ…kâ²b~b±cŠÀ«M5…ËêA š(V)£|0z0U#0€óLÑ_Õ€Góø4,ä˜ÏkŸ0Un¦a$hÛ.–&7¯Éx)V0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚éä²ïŸ Ž¿7úà ƒ¾t÷Ø)²Nøœõ¾5uÖ)—xÌr¾‹°ìáóvCï«•piõÙ­ÅlXûfÞøÓ×"YgŸi&tÏl6kdž7’ßhó‘É?,³k‹”†)YOuY‚¿Jþ3z`©l€=&Í6$ƒQ‚×4U¡ilóä`hAðÉ…»ÔÎgê–†x浄/« ”"Ü iŒÎLW"(ïK­ ÛNÕT6z‚RÜkµTBqÔm(Ξ‰UÝSŲŽxhË_äˆÑmnŽ"ñQˆÅ›y0)ì±ã"DÿæörþQ¡¼áã„Óûcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy10subsubCACert.crt000066400000000000000000000016521453642760600324670ustar00rootroot000000000000000‚¦0‚Ž 0  *†H†÷  0V1 0 UUS10U Test Certificates 20111&0$UrequireExplicitPolicy10 subCA0 100101083000Z 301231083000Z0Y1 0 UUS10U Test Certificates 20111)0'U requireExplicitPolicy10 subsubCA0‚"0  *†H†÷ ‚0‚ ‚·C£¥)†ìaäûïpÄoi­oDéÎ÷…ä%ñöÜ I=¼´Ï2µ9,3^ofùŽÊ…R|«Ù[)6º•ŽÇíIi÷æÆÁÉJ¼ëñµW½¢›BÉëÿgñà[=zÓ-rÍôà*  ß¦°šþ½ï, +ãêQÈZúÎ84à ðù©*5»qÞÚö¶¼a_’ò±.á&¹H ÐU¿Q%T-תBD·üì ÕBo%¹&_wðƒfKl}¯áH¡ÁXõ¯¦ELùš¼U3¤/ G˜ÿ Åt­:•©oìIn°|®—ŸDÖfoŸ¼ôµW0Êvño< È_—ŠÒ1?­X±£|0z0U#0€n¦a$hÛ.–&7¯Éx)V0UXPOòþr$¤Ðw? –,wµ$è!0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ÎTÌ„ˆÔà‘Bû=£á¶w(ÙÚôÎ{aa쬘ãËgT¥gêjÝr*·‡oL^ˆçSJѾƒ°«DQ¾ë ¿;Ó<®ÿ5€×`©—ØÁ½×ÏÃù™úž÷Hj«F‘b9É’µ¢Ǹ©ë }²e=x…¯¨™Ñ½czõKá"òŪÆ`ÍïPиºèhfìÞ­Jù~Ö_8kG«‘±¦vË,oúÆÔ½"+}3t’Cîë}^×ñÈxÈlÅÆÊSl–BíZ¡¤ïVjÄ…KÐZM¤ä´¿%ÏëÖøèPµVC´R}:ª%ßkBC±qkZ#-ÉÊ1certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy10subsubsubCACert.crt000066400000000000000000000016601453642760600332000ustar00rootroot000000000000000‚¬0‚” 0  *†H†÷  0Y1 0 UUS10U Test Certificates 20111)0'U requireExplicitPolicy10 subsubCA0 100101083000Z 301231083000Z0\1 0 UUS10U Test Certificates 20111,0*U#requireExplicitPolicy10 subsubsubCA0‚"0  *†H†÷ ‚0‚ ‚¶ ïyÕ:0_ü?V' ÁÊ{ŽæðCý˜Ñ$Té€G¥^hH“ÿjsbú6,@SÎ!cèý]ViÆ@áÖ!ÓùîÌ6Ô&S=}I}ª2€ \j程ebå¾qƤáŸfš­#þ²Ô§ìï´\n ‘o3DõØØ3¡E¦;7û¹åâ4\}H2è—™¥ÏÕÙ. €-¸4û'î$A¥ *óp¯vˆšœeÖzÕªŠí¼ôø4×[µà[Hž–&ÁúÏÀC쀾aÁ¬žËŸY€íÂë$ÿ¢MV#Ö oyONã<áÓxj9>¨Àgc¯%úTKt‘mC¶çò´y~ë“ôë¢ÔH'‚€´1¥T¼!-.åcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy2CACert.crt000066400000000000000000000016451453642760600311660ustar00rootroot000000000000000‚¡0‚‰ /0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy2 CA0‚"0  *†H†÷ ‚0‚ ‚³Åø¹ó‡…ókN…i m_÷9ZF­aõs;ŒÉª´ÏFyF²‹Ð¦¯»M¶×ò­xìÈ“­ãºíÉ]2iÈR`ž…¢î‹zcâìÜ(²Ò~Ýpw|1•x1Iú#ÖŸ-$Ûá©n’è~KØú©ãÛ]g~ ¹,ÉŠ£Kê‘ÈWâ[ŸTŒ½Ä×Í?¦nd·”m#ªÍý¾¾SJÜrõÀÜ¢k±è½Ú ÙÛÒo°›; ºþD(³Ê|ÁÎý%IÌnäYrÔ›¢ÀˆÑ²ìdî(Ǻ´‡-Ì4äÆÿøÈê®â%ƒ‰]™ücç•á (*ó£Ž0‹0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U6©Ùûª8/ ÷L;Ù…š£-©Ç0Uÿ0U 00  `†He00Uÿ0ÿ0U$ÿ0€0  *†H†÷  ‚Ðý0‹in&Eò8(T+ŠîŽ\¢zŸ†Àeض{*Ùð!gµsÅÂA<¢Õ:Я€ˆÏÀDGGÙ•Råxã8&<…ȉVµµàO]»¯3±Ìæ”Sïñ#ÇNå¹/OUÛÓäòöÈÓ3HW–~†­¿„AÑ®Z…myÞ®€3”Èš 9ÄFF/KÄ4èSÈ løx× N'ÑOxÂz™ˆØ\,G_ÉyfÊNÍÄÙ¯õ¢ÒÉM÷î˜ —ZaŽ”̯ZÎÝjâßiàôßm€ñ‹¨O’È _RÛ$ŠJÝ—OaÁ¸ØŒÂLé,'jÆ'&Û™‰í;†Ô ä7åÓcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy2SelfIssuedCACert.crt000066400000000000000000000016371453642760600331560ustar00rootroot000000000000000‚›0‚ƒ 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy2 CA0 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy2 CA0‚"0  *†H†÷ ‚0‚ ‚äŽ#£ÄO¨fx¥fa¾©¨£o=Ÿ—GÚÚ zôZó•ü8€ í¦øó$«½f]twÏà ¿¨ŒÒï•´]:s%NŽ®A)MjñD•ðf‡'`п‘Ãÿr™Þâ ³7rˈELôêqWNĤA!ÚöÇÜÞ8§ï—Aä‘Gå³TÙ-­&PÌT êébŒ„ª´R0M} ×ùR¤CŽ"‹-QÙÐ5³¢df¼/Ø9®ÆQÆ•sº›#Á [zƪsÛ.ÊoÖ“³Š¿ÊŽ:jb8ŸÇ›yñDBì1ýÓ-‘É /w³ó—íºú|ÁàPŒ4*ÏÛ£|0z0U#0€6©Ùûª8/ ÷L;Ù…š£-©Ç0Uï«ÚØá€1§CîÄv ¯ìmò`¡0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ h VkM“[/Go¶A³ï=t Í[~¡¬­ÍL‚}íIŒîåm¦0s‘`’‚õ’¾+ÚøÛ`3l.!¢Eüû5‘ m­Õ3@k°¶ÿËNÞ)9¶U—Ǻô|P˜Oüª[ÇígƒTØýg ÓE¡ ø¡í£ñ%f@Ê©\B±4%í"ÏÞÒ_ ÐÇ÷CQ0® XÆ£lGšùÁ@…Æ;†.dÏx ¡/\…c Ã9‰ó†›Ü’þKÅ]ÜDzŽtÍõµÂ:‚ëÉÏZ‘Î~ V žÐÌ,i芆‘Q7´Z ’³ñÝøl hÊQÄ÷PAìÝròu¬E Écertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy2SelfIssuedsubCACert.crt000066400000000000000000000016451453642760600336670ustar00rootroot000000000000000‚¡0‚‰ 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy2 subCA0 100101083000Z 301231083000Z0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy2 subCA0‚"0  *†H†÷ ‚0‚ ‚Â|ÒR˜Sý 6—‚¬Îù]–Þμů.Åq•–!d4¦OË2‰ˆ|€âå‘ÚÒ3àv¨5õi¼¢¶Z§+ÊÚYÄhn?¿VjÛ_8 w”Š;{.²X€›WuM“4öZØÝ€5u¥Æ1[  UJ™ð3ÖRâS{,ÖjJKôFcwô¦M,Qjq¢»nõŽr %ìæXg~ûÝûºØÙµËͦài’³ƒ ˆ/@SzÜ2,mð1”OîxTâžF„ƒ|È•CÄ>Áb–"]~ô]6s=/ÄÉbÐX¼Pñ<Ò–¨¶8¨¼nê×xf‡Ã$¹ ÿ^ö‚ KÏŽ¹-£|0z0U#0€ wþL0â³Q°÷ƒ˜G0UI gaVGÒY—¯"f0QwPªÜ¢0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚tÛÎïØuvª>•¾5—õÕuiwë'ö Ms Ùà…|:]dt‰ñuxE©$Uä¬IPáP“`9﬇Û6éÍ‚j×Sµêr½økØù*\EÑâC¹NÑŒŠR_Ö•Ó"ÙUhþÌøµu,ñýYD7©ôЕ\À]£|0z0U#0€ï«ÚØá€1§CîÄv ¯ìmò`¡0U wþL0â³Q°÷ƒ˜G0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ªu¯#¤LÓCÙÅŠm'µœ¶úÚ3jgPöoü ¨ªç…_À² ¬©"¨’²ôYaÅDxÖGLÿsF¯ã¶á½­‘¹E«}æÇv¾çþÏ5ëSÖ ” D/II™{iÍ£·´ó¸ƒ#ƒIMžYØÁ¹§t; §ù¿·RuÄ|~‘‘¢Èòm{xKñGì's¬˜è,i•g8 A­]{þŒ#+¦|Iæ–¬h™/®1²³à†1R_þgdž&@}S• |‘rÇeo6¤*¦å”îýµÅ°Œ"Ìúøꣻfl[6  ý¸‹b}ÍEÆÝèMœØ¿“cX}Ÿkcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy4CACert.crt000066400000000000000000000016451453642760600311700ustar00rootroot000000000000000‚¡0‚‰ ,0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy4 CA0‚"0  *†H†÷ ‚0‚ ‚Úø%]'?#AG¦e°ƒ7üK•¤¶ˆ$Ù,H?¬4Mϯÿå ÀÁnT®|D…öᚬÖ!ÖÀÄ Fª1f )þ'I×[3Ó"÷;íÜÔBS Ø]Üžd¹{ƒPLz"a“ë ö V¥æ×è\ïË–¹EG²S5¦žºQpŠÎ]¨£Q¯sÞlŸ Î#¡\›zÌ>¯¾„?˯£Ž0‹0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0UÍÑÜÌÔ1c,]6±žu¾K^c0Uÿ0U 00  `†He00Uÿ0ÿ0U$ÿ0€0  *†H†÷  ‚u~ßÑßø5TxŒ]Z²Zždø8¸•ðcKf8hþ`f„z÷²ÔÙ¤Lh,ÇÝ3'ß%Žrg¿ÇâÄ8?þV_äSªÀ¥ÎܬB§+9Wýâ€1sÚ¤2vÔå=ØKÀÅI»Ô©Ãçp$4õI/é-ãe˜Š¹3&ĪÈñ¶Bà§ÝÁÔ2*ÛÈP☀–RÝ¢Ÿ Ôã¢:.œãÊô*Álšµ\»6ƒÚ§€ÑòݶQ ‘ÆPE¦«r%P®Žß1hbp¬Ÿ›ÑÇs™¥3TÂ,°'w,á#³R9.}”‰(+'p/làÃhˆÒ&‚²¢–ržG¬Xsðsòcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy4subCACert.crt000066400000000000000000000016421453642760600316770ustar00rootroot000000000000000‚ž0‚† 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy4 CA0 100101083000Z 301231083000Z0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy4 subCA0‚"0  *†H†÷ ‚0‚ ‚²<@™Q‰+ôßԥ܅ÀE|á¯LÖ‚<ŠÑ´ú ¹ÔÐU¥•P¶Õ9P”Û;SAÈ„h&ïSŠb™ª0LR1W¢ãò‰Â&’ûK.R‹ß’ÅÓé`¿}ênia„NÆ—Í^u˾-ùççqvýºeu$°¿N4®ûócMç¤òö‹ ¡±¿^(Rh•z5¢™'½vßÔ1MíD)©s.2Op9lù_wäg·ÝÑgª6±_÷ºšCaNyã){7ý÷#©;Èx°]Ëx[‰ÓÖ¸cg¬ÐÝ ßOòl¹>“ã†Bî>…:…*=qe®Be5Ö q/f&&Åx{£|0z0U#0€ÍÑÜÌÔ1c,]6±žu¾K^c0U}ï”»ö§—æØ"HCH¬³îº0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚hÔ^U¢Ñ~ÌdÞR,“À6ÇéÓy“õV±8dþ^lÇñÇa§Š*Ë2œhÿÒŒ;|kŽœ–w~Œs~Z– ‰‘ÀSY<­oÑr%6B½‰Î>/üLÞi9 6ds¥®Ò“_ñ¤tí8wg¨J³,7r‘º´S1j3Œ¶†^#«¬¡ _üò¶r†IXÁÓ§½æ.$ãøöQŠñõU¨Û§&}êèóVMÀø@cª½ÞyN‰#@Mfµ^¦o@êêcíþDù%]ó£,õ4Sëpký®¹÷–¯+à-Ù>{¨®Hz èL~¯!·Ðkx­BônYÈ:Ôžé軽ŽÐcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy4subsubCACert.crt000066400000000000000000000016501453642760600324100ustar00rootroot000000000000000‚¤0‚Œ 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy4 subCA0 100101083000Z 301231083000Z0X1 0 UUS10U Test Certificates 20111(0&UrequireExplicitPolicy4 subsubCA0‚"0  *†H†÷ ‚0‚ ‚Êoe|”O\w#Îòyb}ËX”ÍÒ÷‘¨VgóÑõ$÷càÉKgaf€àÍòwoàº.HßÎvhk)ˆÏ;–¨ñfOpI˜]¬Ð‚ÕÒQ¹Ÿþ{¸2ïó)L£àë[¾Àv“Ë€0Õ¼>µÓêê‚”W ÙQ?Mê¤)` .ïlý˱1Š­[Á/ä¢Aå%z=0Œ{rvôÒÜÝL}Xou£¦Ô¬¶ë¨¹ ¹sÒ]©g°Î¹˜@ ˜F‹ß‘¨ê˜rQÌšCkgj‚Õæ"è ”Çrx±¾Ný¦yñ±œ*-‚"h”`Ò·(¡+|±f:üš6XüB!áÓû˜·nü'£|0z0U#0€}ï”»ö§—æØ"HCH¬³îº0U©êæÓž° —¯çþ.2¡gL†0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ª–¿íe§˜ø7ݯò`X5ñõÄ–† jˆóáåGíÓ@Œˆ±ÈÍ¥±ðÊêvet“ ÒlAÈöUw;d¼q.¸ðRŸ/FBþ hvX²U¦·«Êš I–h6/IÏmú¢Ú¦~â.øc¢Nœ’L·aˆt…Šˆ˜ø¤ŸIëÿ,uíWû^ ò?ÒzƒßtiÿîÐLàÊ|N ÄVŽº<`Hôãá#;Üæ:&¥?™ãI_Ÿæj†LMÌm¢ãæšEmwEnvlìçÛÙ˜T4` "Ådª›LPÆö1&tvMjÏý!rOí³œÂá”–4jòNüÍu¦ƒñcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy4subsubsubCACert.crt000066400000000000000000000016561453642760600331300ustar00rootroot000000000000000‚ª0‚’ 0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UrequireExplicitPolicy4 subsubCA0 100101083000Z 301231083000Z0[1 0 UUS10U Test Certificates 20111+0)U"requireExplicitPolicy4 subsubsubCA0‚"0  *†H†÷ ‚0‚ ‚ÙÓÄ¿¨ÀBªŽtv5óéó„æa¢`äCÊésü*¨Ä¤ù·3sü»SA¦ße3˜‹ YŸ·ÜuHòÒÒÏ£Š‘€TKŽPÉÔ§T7:_}ƒvÉ çuOd<dFYû ¾än=€MŸYßcÝ¢,E‚³™åÉítYD  ­H²‰ºy˜É¿å²^Ë&°Ì?—ŸÑÛ´¹ö±\4k£|0z0U#0€©êæÓž° —¯çþ.2¡gL†0U»Ñ&ôž<‹ÏÙ{²,Ü£!0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚xMÏ£þ[ÌZreª°¦5†Æ´È}§Ðh0p¢eÆ3PŸêU>À©E¼ÙY]®N‚¨zRQ "ÃZ¿ù`xuÍê¥2øè|ñ†–¡g«wáõ” Ó‡ËÚ†‘sà O`oE^×õX<ÔhÙvî¼€2 ¾“SzëÊ¿w7z!8Z8‹÷‡4l Ÿ&½Ú ¿üÙŒ$ÿ´¼ó¯V¶‘À‰v¨y~fÈ¥kžÒDbTÙà&Êl^ë*L¹>‰ÿ ÃÈŸ´l€è(}ò?nÄÜ´0-¦ ]³ót^^ê-Ìñ¥\¬­¨fœ¤¸cN"ÌÔfï-,certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy5CACert.crt000066400000000000000000000016451453642760600311710ustar00rootroot000000000000000‚¡0‚‰ +0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy5 CA0‚"0  *†H†÷ ‚0‚ ‚×ë†!Ð}ºÔ½Þ´Ëy½tq,ÎÎ4Þàñ†5ÇóÆ¢IÈýjtî~ÖÀ‡C3ŠìôGân®/J0 ¼RômÖcO¨Ä"Ž0|€$?ÀSÞ©Moñ­—ãc¢_{´ àŦ«Ë,pÏ1ˆ¹ÂÒ ‘õ¤œ+U+¯‡ÑqÅð¢ðS ØýDqÙ¡t×¹”Îf?¸£ƒl3v¸<葱µxˆ­à1ÓÝúóϦ#w¢Vt}àQƒ"þ@99B\µ#–å_ßG/Û/ÓQ™H5œLŽrß¹pd ©Òª¸ýșʊÄÑÈ»gílÅwîozfzðòa¿©bzÜÉ£Ž0‹0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0U»‘ƒ«®®Þ\Øàò<\úŸ.á9h0Uÿ0U 00  `†He00Uÿ0ÿ0U$ÿ0€0  *†H†÷  ‚x– ÷ˆÝ4 T¿Ä®Ø»ÆÎÄ6ÏæÏ(°ÜbÉ€µW¦eH€—µ…T…6áA^V¥7ÓŸêq-m²v9#þiƒ* fQ˜v[16½ÀÁ%S¥k&J÷¸æOie˜]FÚfÖŽK]¾Oy>%P±¨jÊ€¶ÕÂ^ÍŽÏÖ‘{ôÔ VÓ<Í‹}l‚|GÑø‹ûÐæ&ŽÏÂå¿pÉAµY…ëB¶yÅH*¡è‚£¼pÿð7þ½5’êëaWOit^èP%eÖ~g–¡ù’ÖBûïDïx7âò²Ž‚#=§ Èh¬6g¥4œûïôæ¿}ÊòqA¼'ûHm9ÚˆB3>écertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy5subCACert.crt000066400000000000000000000016421453642760600317000ustar00rootroot000000000000000‚ž0‚† 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy5 CA0 100101083000Z 301231083000Z0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy5 subCA0‚"0  *†H†÷ ‚0‚ ‚Ó$Eˆü\ ®r123ñÇdZaiö3—¨lWè¾~¤?-¥Æ,Lai7pXܾÿ ÚQAâŠ]_ÒBÉ°¶‘/|õ½x¬ØÆH°²à5˜ªx¼'¡ö3º¡§ÊÉ. ç‡ö}xüä¥=òAIUkGŒã”45¾-A5V¿9ߥ¦P¢l«áž)Ì„ä,okܒâ®Lc²=&EGáydZ©æDHg»Ú´ÏŠ¾øðƒªD¦¨dóáÜŠG!’Û‡x]IèÕ ßÛ50è$zKŠÎŠ‰ ©ž·‘Ð&íy³ˆì.í£|0z0U#0€»‘ƒ«®®Þ\Øàò<\úŸ.á9h0U7Ó¿ÞÜPǯȊ蒰ÄHað:0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚ƧŒ‹JzAÂÝ0œÕ VL7“²¹øn¥xVñlÁÒüSYøPßgxúœQ‹ëŒÞSz‚÷Ío)íÌï«fÁòÕƒFOoøåÝÒäþO~$» n-gĉŸgÅO—-ciÞêyÁ}Ø]ˆôVê›ÅÓÇá M­oæ‚—$†)³æ€8r‰M©Ô{&ÉÑ'Eqp B]ªxz r—ƒ——ЉŽVêo,è…âŽÉ'ÿŠ| L]V¾ŸqæâKí~˜^¡ÞÝhƒ|ý´È¾i1 µ/7Êæ;=B:3~—%id&æH*<Âw q=4G`uÓ$œDYõ$ZŽY§o$ïcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy5subsubCACert.crt000066400000000000000000000016501453642760600324110ustar00rootroot000000000000000‚¤0‚Œ 0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy5 subCA0 100101083000Z 301231083000Z0X1 0 UUS10U Test Certificates 20111(0&UrequireExplicitPolicy5 subsubCA0‚"0  *†H†÷ ‚0‚ ‚æ‹#Ò“ìAÞÕ´ñö¯|dËç ¶iT*V¿¿bT{/áo5 r€)á„gå5q/K\iFUAúh|$ü«ÛmƒØ¸©Uœ"êá|¡ì½€.«6>áCkžPÏÙ#¯‹X¯äWÄwËdË^[Ä+8ïÕæ¶ðÖïK_‰d@K 8çgRXODrbµè@ÄL¦ ø",£Ïô? ådÚ®ñòbo£õQYBžÄ9çªûqŽ n58OKߦ6ãúÿ˜ 1†û}‚Á”´Ó:!CíJ n$W€uædWÿÖxŒ‰UÖU£|0z0U#0€7Ó¿ÞÜPǯȊ蒰ÄHað:0Uø‚/yÿ´~Û[¯2ä5aµl0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚7¶L¸Rëcû±¿kSj­˜*y$“ß=ÖXa•0F%Dš—à…«…ýŒCLkÝ?¾tá&Ƹp0ØéeÒXOš™àŸî^•éeÝCçe‡¾L_ùQdªÜ“Ÿð>€Q>ÿAl£·‹¼ŽÂ݉KðiW)_]ÇúÁ95ߥå2ÿm*Ý·–µjªÍÖ»ŒØï¡P_"¿íCE²Ãß5f®½Ì%½¾ mö [ñº;z¼n£Lm…Þñt@€fÔ˜"œ&„¢Rf3¾H;ƒÃÚ-†M´x¯e¼³èìô¸ëÉv’ ‚£ ¦«$®r„®—ªÍCú¢®öçcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy5subsubsubCACert.crt000066400000000000000000000016561453642760600331310ustar00rootroot000000000000000‚ª0‚’ 0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UrequireExplicitPolicy5 subsubCA0 100101083000Z 301231083000Z0[1 0 UUS10U Test Certificates 20111+0)U"requireExplicitPolicy5 subsubsubCA0‚"0  *†H†÷ ‚0‚ ‚•7õ{ f!àù‰ùP÷O·g¸˜úR‰÷XÁH„³äáÂЯ®åá8ód(`æ‰5®üF³—þ‹l½µ0Ì}žšdÙa_ÊÅž`,ôªû˜ER-±Íîõê¼ ‹oÐÒWÖò¨Æ; 8=0ïÀJt‡¡q=Öê´c’TÜN3 ÐÐr#!é Æ,ÃçhftôI~Ø_¶žj› ”6SÃmIm-'r»÷Ÿ…ûYpOO½¹»îÕZ<'Ù “3uÖìF½8»Ø—Оמó1ƒÓëWÜpTS*Êš2™#¨Iê½­Yhä[;eáiÿ-Äé:É jÓL}ÓoGÛ¦GÀ~3£|0z0U#0€ø‚/yÿ´~Û[¯2ä5aµl0Uúbº½~^_ߺ¾y7‚Üü(0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚Ât| y‘˜TU 7»ÂÓkuM1Ú3b3Â9dž‘t.!䘺,øN¬Òe‰¼æT*0 Ze8§âî6_ øBNi~®¡÷,¬cxds(†YOXèŸNàéhB JÁÑCLiÛx)>yÏ VQØw½6{]=×®`ïD•bæc6ìr£ø5ÈæÛ²¤/-à«>ItŒ­K€`*+Ý LMb[bÿ/µE¼úX?rzy¹†Ž‘\!ªõònNãÔÓhÔ {(‡ÂeoÄ^ˆ5ŸùKt83ˆ˜÷±Œz—lÑ÷“-ÍÇQD©gÈMãcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy7CACert.crt000066400000000000000000000016451453642760600311730ustar00rootroot000000000000000‚¡0‚‰ .0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor0 100101083000Z 301231083000Z0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy7 CA0‚"0  *†H†÷ ‚0‚ ‚©TªG0ƒ™*Ñ¡Š…!€µ“]ö‹[gòEhO,âø-¡ÊÒÁT¼ŸˆP¡·Í1I¨¹ ø8«äI›w¯ƒ"¼4’ÿ;žÛ Þ#L5 ^°;[g‹œ… ‘ˆOb0‰Cu¬c»zSâXÐ\ÄzÞôªq6OÈ«hû¿–õ¿E«Y(^Åýà}ƒµ‚&lÑ-ߣâ2»eÛa¹ËGÝág8²ÑظªzýSkìzF%¿\²2ûTª´*:o Kî5çÐdég=Žäûû'œ^ëÙÖûÛ”-À¦bP®{–wfõäFÿê©ç ö¢20›+‚Œn¡V÷£Ž0‹0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0Ul1—5 ÞÛ5å iXYˆdÌ!ÎJ0Uÿ0U 00  `†He00Uÿ0ÿ0U$ÿ0€0  *†H†÷  ‚t)‹“\U©>Ĉgø÷È]t7×c–)ªfêÁ Ï1¯3«®ÆTbØq(ù<hÝ.ÜnjÝë“í´¢{míÌZO5è¹ÝÖ/ºùÖŠÞ'ˆnûÛ!?¬ñ™ '€yQ1f÷*á$qçð”²4£E{}ßuœPÍ ¹Ñ4®NîÖ°ƒ¡å ºÿ…³ï;Bì¶Ég 3pj/L}.éÈSI¹½ØèØ0²/PÒ›I§"ÃúØ-a.W[•È=æ ï¸kcˆ'P|Pä‹üZIf{º¤‰„ ¥ 0æm†]Ò2Ž`ÿÄ•ÍeÿMvQû¹>0i*%É¡ñ®NJûœÌ¸, ¡fcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy7subCARE2Cert.crt000066400000000000000000000016701453642760600322140ustar00rootroot000000000000000‚´0‚œ 0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy7 CA0 100101083000Z 301231083000Z0X1 0 UUS10U Test Certificates 20111(0&UrequireExplicitPolicy7 subCARE20‚"0  *†H†÷ ‚0‚ ‚¬Ð‚‡ÎÛd³¾a'L.÷×$}¦z;Eó€°Bšˆú6‰ëÁiÙP^\¢×Ew*Y¾Yžä—¯vc IÑàQ«ý†ÕÏu k’1ÒëãßzT‰›è{ÂLÕ&„"N™'¨Ymd=|¾ñ°,»3ku˜ùŸݢÛtÛšLBÓI€:žŒÐôíåª:þ¯{ðŠßÝšÒ+Ñ™ô¹è¥p\ƒ½q3 MË‚óˆ)o0TiKÌÃÎTVºÈ:âð+wÜàRÓ¢Ì7žåj·KøG5¶ú§Jæ ÁÍò7rÄîÞÈáÛt +å(•#“ap/9šøgð¢ö“Õ£Ž0‹0U#0€l1—5 ÞÛ5å iXYˆdÌ!ÎJ0Uç\%Ž~ªLwƒ{ÃêiÖÇ¢4á4Y0Uÿ0U 00  `†He00Uÿ0ÿ0U$ÿ0€0  *†H†÷  ‚¢IëË+k¢Œ³Ë¾»,u{ÁÑ^þ+°ƒ=½Îøçês±TÿÅPд ¯¬t¤Y0b. ˜¥I@Û¸OÖ÷ïÛY8}QxGe½ºú<¤¬"ÍùýÃÄ«ó{µkoÕˆb•Àõ?äÙ!K`°êÞ³¸Ô2è;[w»¯c‚-L¦F¼ëü“ÖörÒÖ/¯ã7ž_±Œ^5¿5—cóÛNuž‹\¶ÆÃ?¢ ЩS=ˆHçdv[Î#"ñCà—QÝcnBoN[v@ „2Æ>œ‘;ÎÆWÐ [Â7‘tã)z˜@ONS×ïÞ£ªÌ¹`Bcertvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt000066400000000000000000000017041453642760600332370ustar00rootroot000000000000000‚À0‚¨ 0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UrequireExplicitPolicy7 subCARE20 100101083000Z 301231083000Z0^1 0 UUS10U Test Certificates 20111.0,U%requireExplicitPolicy7 subsubCARE2RE40‚"0  *†H†÷ ‚0‚ ‚°¢óªáµ[`íÓ‰®³×²ì+¡b\'Ú¸]Ê*<=`nÝ‹xü¬KP0ç9Ê+aßw!ÂqÉ˱ɜøô“e€-Ç(œ¢fÛ`d{Óu6ÂÅ–EOäµÙF€,bçᘣN"…nGà¨qî—/^¯(fÂãmf¼ÁM5÷™Ç'y¨ „`§ú÷þw¼¨Ã•ÀÂi”®3à/Þ½q篕¦äèß°®_)Tq/ï{£Ž0‹0U#0€ç\%Ž~ªLwƒ{ÃêiÖÇ¢4á4Y0Unÿ‹fþ›¥{ûd3eê•H”˜0Uÿ0U 00  `†He00Uÿ0ÿ0U$ÿ0€0  *†H†÷  ‚ôCýJßølw£é1¤jé˜ã°X:D{qŠ]ç,¢ÖÖGI\´,@餺ƒ”ãÑböb¥ù¶µ¯Çäqð ×ã&îúºP@]Ñ/ð-™Ý0Ÿ×Žüéj_èê+£¨$Y–ZïHXEÃ~Cók8O°2€›‚8ó‘(ê+ Z´<ÁÁšðËœ9Ê2šh[ÏðAd·|ÄcÖw DDcþ“-è›æœ‡Ô¦µ»tú+Ô³_´å á]ß›rTÅ:óØ\©¸Ðt8É0F[ËEt'“_ݯgÚ:å¯*C°ø)È•¬ôÑq¿Æ(©g6>aw(lè=¤ŒÏΆÛ®certvalidator-0.26.3/tests/fixtures/nist_pkits/certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt000066400000000000000000000016721453642760600337550ustar00rootroot000000000000000‚¶0‚ž 0  *†H†÷  0^1 0 UUS10U Test Certificates 20111.0,U%requireExplicitPolicy7 subsubCARE2RE40 100101083000Z 301231083000Z0a1 0 UUS10U Test Certificates 2011110/U(requireExplicitPolicy7 subsubsubCARE2RE40‚"0  *†H†÷ ‚0‚ ‚»¨ZÈ-”Ѐú°‰Xü¼b}•î;XH>íð¤pL›Ëˆ®}1‹÷=<Ø~¥\Æ f_o·ý8O±^YñKÆ¡Ï ;’›’ø¸¶·ó“ ˜ª/¹`:3 þ'5R Ø{îž}záàµq”œ1-àÈ^¢u¶&2Ρ¬¤µÔoâ¦[ª @É«²Ü– ;å‚VbÙ§Ÿ1j(_ðñSSœ%®­“·Zuxh¥Ê ¤Î— žaÙ*@˜HÏ+Æ£”–H ¤"µô}2¡ÌÞ&çøå æ•Cf™s`Ï<¾$«@Aßñ]I’,Õƒ>†xRt&Eû?b_ñZ’0‡£|0z0U#0€nÿ‹fþ›¥{ûd3eê•H”˜0U{,Qa1­¬,k©¾;;’ªD0Uÿ0U 00  `†He00Uÿ0ÿ0  *†H†÷  ‚œ™ osmó±žV±¡ºŠ×1Vk â…Z9LÂÂæœìäÅr" ÚÛ6°ÀçOœ®¥q6}7V^œh ‘”‚¤W}m@;¾ß‰/ú|·#ÿm}Fóñ2dCÀ~¹R‰uC-SÚÐpþc·‚06RìóôhjSù%¦·F‘¡¥u[ª 1Ïn%öÇ-–…èX¤ªó×'æ—ò¼*×óèW³7ÇÇ ŒôÍÎÉ^{¼˜ÓyaR½Â¾”€U~i·±ªÕ eQóÑcç¯ÚCÏØüÊ/kɤƒq "c0솃ÃÊ?˜lÚ¤g~[ìÈ€½ýËíl‚šÊ‡» =ˆs¦certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/000077500000000000000000000000001453642760600226275ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/BadCRLIssuerNameCACRL.crl000066400000000000000000000007201453642760600271200ustar00rootroot000000000000000‚Ì0µ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UIncorrect CRL Issuer Name 100101083000Z 301231083000Z /0-0U#0€rò5]ÕJ A(ý”pq0 U0  *†H†÷  ‚‚$ÿî¾v¢ÿ"¦)€ÚVáÿ"Ödî.WYº9„R­×Úñª˜r „†ˆ!~:åP¤c¶,×WVç«& ”5š‰$J»¤Ñ†e4øsM ™šlÇϹ%ZLÍScx ,ÚúÇQ»uyføZhú¯ßK9ÁVÁ…(-§Å$pb]Çw-0EÉ’âʪm±½<2Î_ÔEÀØŸ­Y9§íœ@ Ú„®Î‘”×s´¿£þ¢KSnUµöBD¾x}ýö1âáeDû<gl…5Ž'‹0Äȹ.Ü A÷;?-oQ¨î>*†+ý½®(výD5¬eú•(D>ÔŸ<×certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/BadCRLSignatureCACRL.crl000066400000000000000000000007131453642760600270100ustar00rootroot000000000000000‚Ç0°0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UBad CRL Signature CA 100101083000Z 301231083000Z /0-0U#0€1‹5žDa0Þç .H$Ûù½0 U0  *†H†÷  ‚l=ð!ÊŒ#és&f7÷¤ÈÂ}®l ‚oyS½v‹°ÓF®1Œ‰æÀ8¶Í.¤¶+ÍÛzÜæ³ñHêžZÃ_\pò¯þïàû BÊØì¨^B™Ùun!2šÿ•¦Ýa«åCà3Ùî «2rquüÞ¬¦ø¬ÄÈÚ‚Z0v³ž3áÄ ð8á@†`©ú8ávaªÖöñ,ó*TA³µ†‹Óõxo­’ŽŠ[XÆß9ð=8ñ‰ˆ@5°ëÔK*tËüçgQxŸ¡#I ’·}óÓHn@qT›¨þcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/BadSignedCACRL.crl000066400000000000000000000007041453642760600257170ustar00rootroot000000000000000‚À0©0  *†H†÷  0F1 0 UUS10U Test Certificates 201110U Bad Signed CA 100101083000Z 301231083000Z /0-0U#0€{Ý;JàÈÝD…Nˆ¼žû¡òY¡/K•þæÞV¸†@0 U0  *†H†÷  ‚œÞ‡ß˜ .óc]Ïè…ŒS-Y°ˆÈ´Ñb©¼â5rÒa¶×2’lùýß¡ê$ ÂA¡jºÿdy„³ÚÍïŸ>–ƒõ?Tvï"r· FÓÓàS²ÝbÖDÅ YW¹BÜ“k‡ Gµ³óÈ×÷)àž1@`­N:œa*û6äµÌö±ÍØ/5œ±¾[HRÞ³º9@Ä7÷À’½©l™JÞÎF†üEV€%vP´«%[a×н<Õ%«XØ휈…X ­#{?Œ‹Ë,ÕùÉEU !óYŽXGõÉþ.V!$«,¼=7™Y)N6–GÅ­Â/ÂU/™GNúv5certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/BasicSelfIssuedCRLSigningKeyCACRL.crl000066400000000000000000000007771453642760600314520ustar00rootroot000000000000000‚û0ä0  *†H†÷  0]1 0 UUS10U Test Certificates 20111-0+U$Basic Self-Issued CRL Signing Key CA 100101083000Z 301231083000Z0"0  100101083000Z0 0 U  /0-0U#0€$ÁUqúžá!…*ð­a§¹ÕMC0 U0  *†H†÷  ‚ˆ?ó˜̃=M…q|`s°jùmV~°)nËœðÄds–’WŒ•œ¶b~gZVRÿ+ÆŽ[æúG‹ç75FÆ*r@»~[ºž8¯«€®¶ª–z¶œkMˆ^E‹6AUÌîõˬyXiÂÆŒ‹bøµÝòÝòÒŽ Á1—/À {ÐÝX…ö¬Õp ¯Ø~|‡hçä’ ÅeïlnJ‘ ÛZßóŠžT¹{¶8)nHëšÙåøˆù5¨ÛúéŒ_z¸‘°ðÔ@ØÚŽðļR©é¹™•×‘çÜ'‘&ï+Åì«m nZ…/kÝpÏÉ'­krãÕe:‚…ðòi ¿®certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl000066400000000000000000000011521453642760600324110ustar00rootroot000000000000000‚f0‚N0  *†H†÷  0]1 0 UUS10U Test Certificates 20111-0+U$Basic Self-Issued CRL Signing Key CA 100101083000Z 301231083000Z ¼0¹0U#0€)šE.6•ìò^TœÕÙöD‘,0‰Uÿ0} { y¤w0u1 0 UUS10U Test Certificates 20111E0CUÄY;Ÿ‚‚a$`lÞ¢ž8Ã6ç.FõXù°óF—n§xN¿SÔôÜR{Áym3PQ\[’㪼B%Ux Àׇàúã<¸E„óõÎœ÷ªB}oÚ(t,Εeî/qÐÈcP–¸ò™yíaöÒ@Ñï1l=o§·AÚu²jŒœ¸~‘¤ þÙkT­ R£›tþ8HHúCZØFRd¸Ÿ×&„'='zžÝú,t…¾h© ‡‹÷üZ7·Î#;†’|Äßêuôäü¼Øo§¹‘ ÊY§3í›K(ãÁj1certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/BasicSelfIssuedNewKeyCACRL.crl000066400000000000000000000007671453642760600302430ustar00rootroot000000000000000‚ó0Ü0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued New Key CA 100101083000Z 301231083000Z0"0  100101083000Z0 0 U  /0-0U#0€ üÀ,ëUî’l©é__¢Ÿb#•0 U0  *†H†÷  ‚p.{CõÃÕ`·ù¯†'^z"åÚéæ|´$ ˆç–^]ancq*ì„,ttLæèlñ5É"¸p¹/‡ÔšÆFj€”çXnF—w6×ÕÌ“Š4´#S7惓›à–Æ.šÀÝšÙ—Íʸî­ÖemœÁl½^É̱e…›ŸüÈ%ˆâœó Ö´7Û¦E:sSô—fÏÎùƒŠ²¬#ØŒ"nFЊfÈK uoøâŒó‚ +¢nR°|Ù‡`È÷CrÈšBoyA…Õß3"x¿)õôŒûm?&%P Çb´S©Üàà¢ÿüïB O§ œùÓ–RÕÿéVÛ0pøcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/BasicSelfIssuedOldKeyCACRL.crl000066400000000000000000000007671453642760600302300ustar00rootroot000000000000000‚ó0Ü0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued Old Key CA 100101083000Z 301231083000Z0"0  100101083000Z0 0 U  /0-0U#0€ˆ_¾?59fšëMÂ&&±*'µ*0 U0  *†H†÷  ‚²OŒà\¾³Iy®[M×iD~Þµ[<R7oQ'Ÿ² ùÌ„ˆ0 ƼÏB*œ÷O0û<ØT›yR›ºÓÏŽÎ"Ìo0xð>NF™cÊ£:Ùgq%Š§uô¬u…î²9ϤvzŠ¦ê¬²ÿ¬¤¾×Ýn4>z•ÜnÜ1 ŠÃ(ÝžïOîiʃ@ñJmÆ™x&=A¾Á¾¾µ‡ø|D“0?KÛr¢6-õK½‹›ÝhSª¤zæ†Ç¬û ~¿Öû\µ½ •c¶ÕŽ’ôb¡8ÙevÖ”±õ—³~|ýœ—ª  HF¬+œmLÎzÝ٬ⰶ3certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/BasicSelfIssuedOldKeySelfIssuedCertCRL.crl000066400000000000000000000011321453642760600326140ustar00rootroot000000000000000‚V0‚>0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UBasic Self-Issued Old Key CA 100101083000Z 301231083000Z ´0±0U#0€Ý uShÄË@À†0¡¾¯0Uÿw0u s q¤o0m1 0 UUS10U Test Certificates 20111=0;U4Self-Issued Cert DP for Basic Self-Issued Old Key CA0 U0  *†H†÷  ‚À €ˆ¶;4}Xï›4ÁOCÝVuý”Ü£ ‰f> ý!+/9e ^ÎXcñÅ{0´Ÿ»Ñĺ|×!wvÙ®qNQ¥pÍ(¬M–!°Ú ›$pù£Âo£ Eð…^Š`~úÛï±'AÓ’À§ÒiT•­Y>`p ˆêŽÎB'º[TGN)2wÁ«_g ~/Õæ~?Ïñ¯L Ý`ä³Û—…aþ ±Ð=ï.\=BÖԃߗAè­' ‘™¤Llñ|ž c§íR`“3µ^Œ{JX=¥à£¾NHÄ3ÓÆÓáß«×ŽQÐ;ŠïèÏÄnŒ)˜I™åR‰`ýKÝxcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/DSACACRL.crl000066400000000000000000000003411453642760600245030ustar00rootroot000000000000000Þ0ž0 *†HÎ80?1 0 UUS10U Test Certificates 201110 UDSA CA 100101083000Z 301231083000Z /0-0U#0€ÆŒtè{ ÈYÇ}<[TY`% ±0 U0 *†HÎ800-2—œ’ní–¥p‡?½¨Ñ'jtË ®ºïN  $"QO#ñžç±ãcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/DSAParametersInheritedCACRL.crl000066400000000000000000000003651453642760600303710ustar00rootroot000000000000000ò0³0 *†HÎ80T1 0 UUS10U Test Certificates 20111$0"UDSA Parameters Inherited CA 100101083000Z 301231083000Z /0-0U#0€eŸp:Œ­öCÈçUŽèKÛ‡â0 U0 *†HÎ8/0,<Ð]-*uLäDî±+ªÎ¡€‡<€,ßµ«r=ÌAY©)ÞdxÑÉp·”certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/GeneralizedTimeCRLnextUpdateCACRL.crl000066400000000000000000000007301453642760600315510ustar00rootroot000000000000000‚Ô0½0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UGenerizedTime CRL nextUpdate CA 100101083000Z20500101120100Z /0-0U#0€~*uï 6ÇKç ÙaHGŽƒ,0 U0  *†H†÷  ‚—ÿ@{¥b!ïoiœ%Ek6rµ>|ʾ"ÒrìXLêÒÖ£~LL5{I7)2 –xþ|=ð¦xSz­ÝŒòKì/u&K{c ¯€¯X¥›/¹’P¤åÂA‘>~IP¸M\bG`vò#ÙÞ,ÞJê>¯3) ]f¨©Òn=ûfq¸¸\ôÌBc1¸/¾{“sÃG ë´ø§b/Ñý÷ŽÖ( ÁAR©aßôÝrÅÉÔËʲ!Ù3sÛÙˆ(‹™(Ëh4Mø—]¼zÑ éMg¸²“˜wÍ*Du^ù7ÝèÞÞ,B:û"vÓo¾8êÂúÃlÐÉ!03rcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/GoodCACRL.crl000066400000000000000000000010041453642760600247610ustar00rootroot000000000000000‚0é0  *†H†÷  0@1 0 UUS10U Test Certificates 201110UGood CA 100101083000Z 301231083000Z0D0  100101083000Z0 0 U 0  100101083001Z0 0 U  /0-0U#0€X„$¼+R”J=¥rQõ¯:É0 U0  *†H†÷  ‚=¼ó Š)ÃðnÅj„ì»ÄöJÓ‹S‹<|Jž¹A¬ÿxv¾Uu—ØähêÕÚMƒ6j ˆ3”>mJ íImÇåóolÀ¹ð ÙíþúNY2ԣϿéÜ2ž³Qïkúá&mã¥!¥+–zÖᶫM“_8F†P”Í9¤ÀåNyþ,=¨Ç7G¿UÞÎzäæ…²Ž‰«Ÿ¯íÊomx;/he9Û²õõ(÷4V2HP¢Š²Ëð®O1G•®‘aV/&äEæ¦Å­M’·"`­'uß°g_,BCg´õïPç ¼…K›«Øㅔ˳êBI²HI0KãÓVDcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/GoodsubCACRL.crl000066400000000000000000000007011453642760600254760ustar00rootroot000000000000000‚½0¦0  *†H†÷  0C1 0 UUS10U Test Certificates 201110U Good subCA 100101083000Z 301231083000Z /0-0U#0€2,žt]-])»±z;R´}Bx0 U0  *†H†÷  ‚FÉ´38`GJnê#øP;GƒaR“;Št xÎ —ho‚2JIÔÕ$ %µìl­ta"éò[Ádõ­^ׯí¤5_r±H Ø>8OõelìÏ»o”¹‰ùì Ð×–ýz†FÖlѫܼ¹=òÄ­› ðsiIi¯2üêÖ›Ê>Àå輪ìК>É®ñ¡kü“h¼dïäško­,T,Té¸=D$Ôd–o‚"S³æïféQv¢cðk`$•øÞÌsGÿ¾GRn<±kä¸ÿN›-Þÿ™u U6ór8J|lÕˆŠ›±ê$$êÛÜcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/GoodsubCAPanyPolicyMapping1to2CACRL.crl000066400000000000000000000007311453642760600317370ustar00rootroot000000000000000‚Õ0¾0  *†H†÷  0[1 0 UUS10U Test Certificates 20111+0)U"Good subCA PanyPolicy Mapping 1to2 100101083000Z 301231083000Z /0-0U#0€[sy™ã®ÓŠ¦3Nxä ±äÉ0 U0  *†H†÷  ‚¢ŸL²ë†ù±ñb?çÜFx  …•HYv+-Çu¢•#¿:2'TpÀºo;êKçoîœúdR¤Údóî(µ¿sÙnìKE¢µaÎ@•€ï›œiË>¨*¯u´°ÿ6Ðx9×וìÏÔ³xˆüÈ|&Ÿd¿–Ò¢ ³}fŽæ¸ðÅ̽`ÌÇqÍTº§ú~ðÚ°ÐÉi÷D#n…­úð>ÒA Cc„+«JÚ›,§&$1ë!Râ¿Ú¹Úz}†±¼û•¶Xý36„¼¡übKµ’¾—¾kEfå_O6¼Úù—ãl@Rbc'òθ²6v»óÖ¶ûØcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/LongSerialNumberCACRL.crl000066400000000000000000000010031453642760600273000ustar00rootroot000000000000000‚ÿ0è0  *†H†÷  0N1 0 UUS10U Test Certificates 201110ULong Serial Number CA 100101083000Z 301231083000Z0503  100101083000Z0 0 U  /0-0U#0€ c·G®Â2oã:¸ê ÿ×d¤0 U0  *†H†÷  ‚÷ÂN‚»èâˆK¢e`A춱.±‡†ï+ú™›/s35SÔ)K»ŽÕà"Gqw¹ÆÓê‡8c›•2Ãó9œÒ“®æÄFôнˆM6Þ» ‚Â’øxØHʉÂZö|ú$48\˜|ȲòIr/JEœÑ.Âc+u°'ü©Ö®ïÉž%Lh¡ƒbºèH*ÏB¥äö°“Ư°¤ñd7S%Ë‘\îÅgA¬Ô4 tx»Z>Ýï­k•ZÔe¤›ïP4òêfœ§»úV $<~H.¼¦Ïç®@°§žé0œ[;̉C”`è*¾;0w< $e‰ôßš sàH‡¢Ycertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/Mapping1to2CACRL.crl000066400000000000000000000007061453642760600262020ustar00rootroot000000000000000‚Â0«0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UMapping 1to2 CA 100101083000Z 301231083000Z /0-0U#0€™ÅxiË=3v™¬Då°þ¹ôÛÇ0 U0  *†H†÷  ‚0MbRžV»Ð¡Opt¸fhˆú“EÐt;ðI]Ž}ŸÃ_ Ë(2[ª|<ÈŠGë½Ï*W¯˜loËч™»<ڱ뛆X=À‘ͬôaY»fÈù澚…VG`UñT‘ð¢Öæ|J‰þÖy‡+à"ËWíî&º{Éæ<í¢f OEö6ôSáÒ©)õ4j<ºXâ†0hl^õC ªõ]¢X©Et­‚7•”7-øÊ$¥‚û™ë@òË8¥Ÿ†¶3†õ9ΊØÅÍaÜï­"9¸‚?¨S‚ö£¬”}*>%j<Y=Åñ.ºÙ~u£ &uJÖÒcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/MappingFromanyPolicyCACRL.crl000066400000000000000000000007201453642760600302040ustar00rootroot000000000000000‚Ì0µ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UMapping From anyPolicy CA 100101083000Z 301231083000Z /0-0U#0€hsà 4Ïr@Ú”–Ö«z¤o.Œ0 U0  *†H†÷  ‚¦rˆ6ÌÖ9X™2Ñ‹«É}L—xsÝ‘âæدƒ»lTêÞ1Çol ƒ›åcçuÛߨ»Ð”•'Úóð…ž~[¦{¢Ô¢ya¨ZKåcü”üwø©;LjÿÛ·¦ÛV0Júéνx"Ss9ÖN¨«®#ü®uò9*8¥‚EçoY½Y¥c;WŠ@!ˆ˜Æë9È;8€ƒŽÿ!г¶æñµl-WÈæwüâäO´ïåqrÊj63ç0½  ðºõqTô¸6›ôƒjÖ‚ÖiÖ ¡®¥®ƒÊ…Ó'…2þtÙ’¼%'³­p@=M‚fˆ¾¥ Sé3Ôýcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/MappingToanyPolicyCACRL.crl000066400000000000000000000007161453642760600276700ustar00rootroot000000000000000‚Ê0³0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UMapping To anyPolicy CA 100101083000Z 301231083000Z /0-0U#0€,í“ñp”‹-“´˜Ò·¬0 U0  *†H†÷  ‚ u•›}Œ( Ü+’=Ô¸ï¼øˆ]°LÃ…qµ,ªk3tŒãþˆC™*,>&\¾•MíVÜëî俹É$«Ÿ9k;ÜÌ%õ‰¥Ç¿Ì¨]µ¡ROW|D*Æcq¢šQ¶Mn‚jq³RßôÅ«¼8Åæcù.K$â2§•«HåxõK Zë-†¨¼¤ôœo»˜ßÚ|O¤É Wi;Ûl©íü+ÇPpiÔJ=¯Ç"³(Ô¼ÀV#–ºîkÝên™ÎftÚäPr àSªùm¦Ô¨±ŸÉó˘®o H j©}7÷u"ÎÈ:O釢fxŠÊkÑcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/MissingbasicConstraintsCACRL.crl000066400000000000000000000007221453642760600307420ustar00rootroot000000000000000‚Î0·0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UMissing basicConstraints CA 100101083000Z 301231083000Z /0-0U#0€0V¼OÆ&Ƶœ¡p’ÒùO y0 U0  *†H†÷  ‚ Òu{uþ¶~%í–$ìÌ"‰gY¦¹XÉê‡ïËÿøú¾{dµB7ÎßÑùñ!¤Ù»6©;¶B̵\‘S]œ‹_:ˆ¼>”Á±NÇ¥úÇÒc¾WïÌ9}ä}ÈæZîéÊ †]ew¥âdiW_Ãú³‘ÿÝj3i®AîÊ &ÿ,'åÀŒRhvZèº)!v™ƒ„6"^Û£d.  ¸Jj­ËcÈ#¤›VíÑ,ìt(ßsž ‹6»Ä:OJIn—‹ºÆºe]9%oCŽ± ꫆•ƒBÓAÒ²ñ¸=ÿ¶ ò”ƒú#DØ 'f§é¬ƒÆ¢MÒË«_'certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/NameOrderCACRL.crl000066400000000000000000000010221453642760600257450ustar00rootroot000000000000000‚0÷0  *†H†÷  0“1 0 UUS10U Test Certificates 20111#0!U Organizational Unit Name 11#0!U Organizational Unit Name 210UName Ordering CA 100101083000Z 301231083000Z /0-0U#0€¿J‹›MŒ1Œ[éÌÝ/èyQP0 U0  *†H†÷  ‚2iÄ2 å†KØ­Ñþ·ïo;Š± "â^Z›ý2Å×±–_7ÿÔxçð!ÙáÄÇQž°ð HÜ™ö[q«+Uð^ñ©H”¥„pê Ò8ì&†…?€(càF“Ÿø ¼#ØÌÍÈ׿Ê<ø? ¸OBî£3ëGv•œË…e³çHΚü/Ë[9Æ0‡Tf,Ê)Ìh÷’ÂP±N²è,¨{ªÜ¯©‹²“JÙE‘ºÎUr=€.£yøbæÀù°™‰§ŠKP3Ê?ˈÐÈmt®çì ]Æ’s ãííQïó=’¶Ï™Wù0²±¿®[F?ÖÂWûcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/NegativeSerialNumberCACRL.crl000066400000000000000000000007641453642760600301600ustar00rootroot000000000000000‚ð0Ù0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UNegative Serial Number CA 100101083000Z 301231083000Z0"0 ÿ 100101083000Z0 0 U  /0-0U#0€bä.5ÆÅè‘Ð ÁÞ¶¯ÚˆÙ?0 U0  *†H†÷  ‚äAV Î"f½(`­×yÌŽ €åHô¡¯ëà¬aABœ¢üWYM2¢ßwÓ®?•‡ƒ4¼ܯ\òAʆOø[˜Ñ¿óÁ/»fu.-<êù&ß趡~ é’÷_é(ÌÃ..v½ íÕNŒt ô3>8£î×5çJ:?G½ûí‚•îDÔ `¤jÞ©ø*0jõŠaKó)PF;Òh¿—M¼¯¶/7cÉϪµHÏuQpnÆ,p&a½Üÿó3KòZN‡3”2„ð7äÜEkÌ•…˜£'Úhl@ø 7ÁÃì xG/ò^çã®h†¨¯Gè”e>*êGW„ÛS([áW!!Vü÷ certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/NoPoliciesCACRL.crl000066400000000000000000000007051453642760600261440ustar00rootroot000000000000000‚Á0ª0  *†H†÷  0G1 0 UUS10U Test Certificates 201110UNo Policies CA 100101083000Z 301231083000Z /0-0U#0€B$í¥Kvœ—˜\tê:ü5äœ0 U0  *†H†÷  ‚n±¡·‡Ë4ý÷ºÂZÕ›]_GO¬à}O@Q5ö¤: bñd-¢f­)®{¢ å÷ÅØK݀Ēæ1ENÌlÃ&iW âIÇmhQÆð·:f¨tf×\·C9a)O¨dè £îÐ@ äǷ§ƭM-ämõÅéÎÕÿP_âî¶ÊQ諨Õà¢åZK DÜ?Ú(¿O3ÏݲJøgð›Ä_½â«¤£Fö=ž|ÝþáƒHÄw_Òf¬Æ¶déÃM1ƒ`ð—ñ{ÝÍ%)ýpVˆž—)um#ÂN'æÓ?)&¿ND>×6xË?žý<቙…Mú7¾ÀÓ*‹Mz·“¬vµ³ØÒÁKåÎ8?¢n§ÐCZu“œAçÚÆ‘^·’ê>ã,¦–Á.X&!JxÕ³¢[1hiŒlݤù¾þfT"™Ê| [,"rÜÍÀÐåI÷ÛÓ€ÏÍç®BeÆ$Ô:§ízÎì9ä§xÈ­MU;,ÀN9¿3PàKà­Ìd|©Ñêcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/OldCRLnextUpdateCACRL.crl000066400000000000000000000007141453642760600272210ustar00rootroot000000000000000‚È0±0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UOld CRL nextUpdate CA 100101083000Z 100102083000Z /0-0U#0€ÎÚÚZÌŽ—ú )O¬–*Íx0 U0  *†H†÷  ‚4´ãµ"õCvÛׇ!EÙDµÃEä#)!LoKw1ôGgÂâf_˜{!àz´[5{š€¯:^²Ó=sÊ”4㋤certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/P12Mapping1to3CACRL.crl000066400000000000000000000007121453642760600264630ustar00rootroot000000000000000‚Æ0¯0  *†H†÷  0L1 0 UUS10U Test Certificates 201110UP12 Mapping 1to3 CA 100101083000Z 301231083000Z /0-0U#0€üôa32€|}5‡Þ_RûiñÁ0 U0  *†H†÷  ‚5…ܼT+§š ëÿÛ =}(^…¡òN^ë8ÏŽîMÿ†÷O. ¥EaØɇŒéK¼¢“I¨¦§‡ª@mÌ¥NzGÂÄ)' Ašpû’yŸ•hŸ¬ÿÝ2&º½³ŸD7šà'„;Gi*ÔñK0dz1Žà f‰òÓ_Ám‹Œ“certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/P12Mapping1to3subCACRL.crl000066400000000000000000000007151453642760600272000ustar00rootroot000000000000000‚É0²0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UP12 Mapping 1to3 subCA 100101083000Z 301231083000Z /0-0U#0€¾{“¡ä›Å'<0S×¥ÉæZ–z40 U0  *†H†÷  ‚²Ñà xÙòÚ“Â!¾+,«ÕFÍt–ÌƬ Vc†ë K#ÀÆZæ[S«¤ßØÀQd3”vç¢ÂÑ-¶äZ†· ëAéCÈ3&iФC@BKÔóÔ/?‘ü({ݘ8n p­vS?ÛãN<_ë•…Í’ß8õ3äÁ¿Þ!äž\&>CÓsæ$hÄBoçŸÓY®ÔA€ph6ÏÅÖþ·„…Ú6Qbæö.‘•g™4â3òyÀM`Ô,>%$fãD.ÙÄð©ôi9*¦ÄÒ¥;²˜ˆñ™Šà_£ØÌê{(OØ-–³’©r\“!\»viEÍô†½ÚUºZ²;ˆ~certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/P12Mapping1to3subsubCACRL.crl000066400000000000000000000007201453642760600277060ustar00rootroot000000000000000‚Ì0µ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UP12 Mapping 1to3 subsubCA 100101083000Z 301231083000Z /0-0U#0€]9>åª*^-ö®h*­3›=›s0 U0  *†H†÷  ‚«. [¶?õnå ÞDMß›{r­z L;°dBÛžÍ÷j20 à[zj‚˜HüÄݔ<ÓˆEii®$áJ¥q2 1Ù\ðÒÎΛàØÌnEÁ¦ëâ«ñ‡å´äž&Msu Þå__·¾“Hc™¨­â´ØFë“Š—·| QÛòM.‚cÎåtÌ|žp"hPÅš¡2ä@#€IöÝÀüÊø~ú>hÊwLáwšÀ… æK%dÂÀœúéa2mMo3ݪ$üN1kÃÅS'+fgÚ !IèN.²6‘2ï Xô$fÄÔ¡uHmà!®å7» Æ„ûÑùŸhcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/P1Mapping1to234CACRL.crl000066400000000000000000000007131453642760600265500ustar00rootroot000000000000000‚Ç0°0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UP1 Mapping 1to234 CA 100101083000Z 301231083000Z /0-0U#0€• ©IxªvÚ ¬ˆùõ÷G’0 U0  *†H†÷  ‚ªh!Uá4b// g«» ”¥ºÆÎMSíÂõѤÜ!Mžw5x¦ktc{@'$t…å©–ñ«§æý.TáŨ3­£“ƒók½ª$ÓN ­¥û¤O :– ÿ¢Ûi[Ùg`ŠG»ÖÂZ^ç¼ÅYÃ’;8²Ëú*’£µaK ÙÃ}„HÁñ·ðü)͆1W?‰6¥,7·9G,Hdë¨(4;œ‚v%Г“W­[À€G4 ³ ¦!5*Ãúœ‡Þc/:h¾U„Ì42•I1°{\'j¸qi*Uî¡ÇªÀ{TúÍÀÌ\GEpÛ¿ý1@«Ø×certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/P1Mapping1to234subCACRL.crl000066400000000000000000000007161453642760600272650ustar00rootroot000000000000000‚Ê0³0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UP1 Mapping 1to234 subCA 100101083000Z 301231083000Z /0-0U#0€å•ý*9x¯ËFö@˜e í»0 U0  *†H†÷  ‚ÂRoNµ/ëTeùé¡iF׊ŒAÇýiÂû“lu8 ÈÏ?6×æ* ÷¬F³½B%²–¹acertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP1234CACRL.crl000066400000000000000000000007101453642760600262750ustar00rootroot000000000000000‚Ä0­0  *†H†÷  0J1 0 UUS10U Test Certificates 201110UPolicies P1234 CA 100101083000Z 301231083000Z /0-0U#0€öý©Œ&,´ÏÖÓëÔ­’j»$P0 U0  *†H†÷  ‚ÕW 6?\;Ÿ¸·». ¼?B“jJ"¢áù®÷Øw¡43¿˜|ÀpB£“ Üv$¸!È°-Àø-<Ý@~ÕçæIUÀQ¸Òyȃœ,º}þh8¾f!“RF®Ìéf¿?{Ë%û»/KÉ­? ä|=6«.ÌZ¦Búå­s- ÐÎ[àèd %Ò+îà©8…‰d%}•¥dÊgÌÖ(tÁu›ËEV–ð+ĨYΖé׬uWù`&FÆó:„Jš…Ò wq>KB„/J/Bâz÷Z°1yüvyRpMçë˜ð ½žs~O›ež,ÙUo6538àcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP1234subCAP123CRL.crl000066400000000000000000000007171453642760600273640ustar00rootroot000000000000000‚Ë0´0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UPolicies P1234 subCAP123 100101083000Z 301231083000Z /0-0U#0€¹ªP¦4fQhBî)ˆjìÈ|÷0 U0  *†H†÷  ‚}]®ÈpŸ‚%ëÂMµB0ø˜ž^¬6AØwò3¡81°Á­¶¿{‹cºßc½&îíão šXIÂðP(~gÙ~ÃÞ B ÛpŽmÍ/õÊÏÚr½ `6è)Xí0 Û;HŒPÜKäµþÖe'¶ê)z”ãFøj[LsÑÜ»oü/`dÎ!½ Ó„GX+ør×AƒqbOÚÎâ"ƒ7D’YE%í÷º vïñÏÎœŽÍCñ•²¤’JŽÕ9YIt¿SÒˆ¿:¥ñ^3›ÖëŒRÁîµ·LçR:VD$„(Ý799ƒ aÎ7šî­=6Ì= certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP1234subsubCAP123P12CRL.crl000066400000000000000000000007251453642760600303600ustar00rootroot000000000000000‚Ñ0º0  *†H†÷  0W1 0 UUS10U Test Certificates 20111'0%UPolicies P1234 subsubCAP123P12 100101083000Z 301231083000Z /0-0U#0€Nô^¡ù0{e¬’À ,Ó´–0 U0  *†H†÷  ‚;y”køsâïbwˆúÔ•®éÎ R_ÆÜ`T¯ÿDþÃ.ßO~¸Äj•8Ce࢔§r,ð×†Ä }©iù%Ô5 !om+UÆOÄL*ì]ö ¼­$‹ÄKdÎ9¼.ÏVðŠü²âg•»ŽØø³f&$wÒd>™ˆá {ÂòªÖFü?`1"°ñ†ÐCßÀµ 1÷5ü&굡ý°VÑ;µ¯·uq¨š¹#C "Ì诹½ås\öÝ‹Ð" )´«`Ú}(£ïíÉR;¾!…® 5]sò[‚ %9XÂ>‚í³D²“ñ áÙ9£I0œåp—‘^´°YysçoêRç„M7Bjžwšcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP123CACRL.crl000066400000000000000000000007071453642760600262170ustar00rootroot000000000000000‚Ã0¬0  *†H†÷  0I1 0 UUS10U Test Certificates 201110UPolicies P123 CA 100101083000Z 301231083000Z /0-0U#0€Œ( Ú bî==–¸q“‰êèc0 U0  *†H†÷  ‚_œ\fšíª Å|!)[þ:…¾9Báj9K¿ûÓ -È^µÛz‘ÝÑ9ý‹‰àTàš·¨8ÂjáDötÞCñ»ZzÈc­¯P­2YâÞL®8й×æ¯÷c÷I€uЄínÜUÛ-xöÓ{H‘—VFáìÿù¯¼#‹n!†Øò^€ 'Ð65 ·¼ààN)j¶ÛŒiW¯%±}-‡Û"Yü«uSO:œŠˆÞLÖVöÕßR„r…˜„ ¨™dd­ym³‘ºšIÐ+ÔÍp‰gøÕ.SÃ÷]å”ܳ’tÃŽç¡wí çä8t«IÎFØy_ëcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP123subCAP12CRL.crl000066400000000000000000000007151453642760600272130ustar00rootroot000000000000000‚É0²0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UPolicies P123 subCAP12 100101083000Z 301231083000Z /0-0U#0€ÎÚýª“@øÀ y­ÁxÎ×'öž0 U0  *†H†÷  ‚@^ Ôå‹Uå‘CsC,EßRð+ò+L½`0i.Þ©ƒ-!™ÞuèÔ tiºÇé~%‹ÿ ¿»£ßMÇtØ=‡®÷>Atþúr æ[·J‰ˆåWY]\RhØŸïosÀ&€bœÕmÄûßô(&ü„¦ÇK {8A)žrÃ-ºgtWP,±ÄFÍ8ï7FTédü¿£Ôê–)ép&¨-Tûü7-ºs3íÆ(joôór™$z|#RÎGa¬\‹Œ¦šWŠ‚òADð¯4«6”ÔL¤ø¨©Ì¥aã½$¸‹Lp9ÕÐåÎ>âQÕp7ÊKeM2ÜÛřՎ&Èôcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP123subsubCAP12P1CRL.crl000066400000000000000000000007221453642760600301240ustar00rootroot000000000000000‚Î0·0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UPolicies P123 subsubCAP12P1 100101083000Z 301231083000Z /0-0U#0€ä>F·æÈ©ØíÑ3áñ]$Â0 U0  *†H†÷  ‚f j…ã/Diþ0kuªôˆKgH™:á—ˆ%IŒyhÊ(YËÀ´0ŠÄµÍ>£ê×Ùy¦x,Éê˜èЊ3ÝNœÆ« k~}Sùßò3‡Ø½v¡ëî}~s~¡”ríÜb×À"uÿ׺hàƒö)Úʹ]ú’§†{!CÝú/üt]Ï‘ù¾r“Éh×iuݬÇ&™»p¿~Û0…ø•jö°eí eŒpøMT¿3/©P$o²v„L.ÔŇޖ„Ó¬’Ó5]Íø8ˆÀ¤ÓÿŸ÷$r [ :™º†N` C4^²óPQ©«˜R-pº~8µcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP123subsubCAP2P2CRL.crl000066400000000000000000000007221453642760600300440ustar00rootroot000000000000000‚Î0·0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UPolicies P123 subsubCAP12P2 100101083000Z 301231083000Z /0-0U#0€éü¶^VNÑ2ýˆ`køi0 U0  *†H†÷  ‚aÀ“´¢ò{üQOÁÓörØÈÈýW?s¾ëÑB}Rü3€À|ïb­Bå²—š|¹YUÂ`å/PJ›=ù˜=K]"6˨~FS§Þñ­[Y>Σ,„ìæt^6´ªX‰¥3åV 5^H7M‡5†|û©§0,áï?Å-œ;Ù-É­À °y,ç­,¿Ì"?÷ý ä\*KV‘VJ©Š¿ çÜyo5‹c–óP´Yv…„‰ \*:Ò ;™áKdä ±:ÂðkHGáÖ¾ÿ‰ñ:·Œ­ˆò˜oE¤µjùU`ÇIK:|s`”î¸ Ðö©îÄücertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP123subsubsubCAP12P2P1CRL.crl000066400000000000000000000007271453642760600310450ustar00rootroot000000000000000‚Ó0¼0  *†H†÷  0Y1 0 UUS10U Test Certificates 20111)0'U Policies P123 subsubsubCAP12P2P1 100101083000Z 301231083000Z /0-0U#0€‰ „û¬» ×Þ^^žhö9P@ˆ0 U0  *†H†÷  ‚KêŠvî\NíXÿ·õaÈ¿P±€µ~(bŒzжIzN—PsLÓ1P*wÐÝüÙØЃƒGËÑ:UW!ð<§ùŠÞí^àä2¯ÇsŸ\‘µì°É§ ^Ã^wäEPk¢í ¦Ãï`ÔW~‡1ýÑcM@#ã:xéÅOZR ª(¦À64}óLk¶­gè®Å:ˆÆ¨§Nî†*ŠY~mL¡„) u–ÉôM[•ía< Tù sW’"‰*hw¼þvòO›bö”iƒŽv é&!ºNü#pXÌ„"‹F÷4,ÌÚÎìcé½ÏpCê6¸ÝKº)oÔýG s0› certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP12CACRL.crl000066400000000000000000000007061453642760600261330ustar00rootroot000000000000000‚Â0«0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UPolicies P12 CA 100101083000Z 301231083000Z /0-0U#0€Ø_5âšÁ7*&΃Ìsp*:â10 U0  *†H†÷  ‚R Š}jfÄ\^ïeÖ©Û°Ö }°íGº;H³Ž²ß§4íÞíõP`GÿПÊtÕÚ}ðVâh!SvHŸOøç6°¯üƒê ½<& ´/ÒY-Áo8P´ãþpÞ*ü¬¨bŠ>=èØä`Vo®õ^ž†ü@ <Ê„ðs¶®½2Ù)­Ym‡à.§dhÔºêmÝXÛGt»ŸõðÌ’·‘Â|¬¨!ð;åÛ'¸¾Ñ%Qo®7Ä~4q{<û³•þºÁÒy`€¯ÄUá³ÅšP»|wR0¸25E ›Zæ"ƒ¿Eí¶öΗ5hªE»¦äت¤…NlÁH3¬6—"certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP12subCAP1CRL.crl000066400000000000000000000007131453642760600270440ustar00rootroot000000000000000‚Ç0°0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UPolicies P12 subCAP1 100101083000Z 301231083000Z /0-0U#0€"ž×¸HÎ :]¾ÖMX#VËÖ0 U0  *†H†÷  ‚ž#ÑMŒ/4í^˜ÚG¹çCFÜÝ„±ˆ&‡Õ»’7š}¦m¼°§Í üسx쨵ÏýŠZ¶‹In?ʧcŒ9Ôljë—û,ÛÌ¥"Ÿ”Ÿ¢¡ äÂàg 㱧@:‰^‰ÆÌD‡lfj™–…9W‘C{ãzoìqýò¹ûÚ„Ëëe(Á±% È{jì”dÁ(2Šž þßT[±ù9¬Hg,Ÿ#Χ4¬|5|Ü«Ä*{2Èu=&㵋rbdíja@]òd èBYùã,!ECùn «€®!k(ò˜qiâp!l¸¸nx‘D¾•jcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP12subsubCAP1P2CRL.crl000066400000000000000000000007201453642760600277560ustar00rootroot000000000000000‚Ì0µ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UPolicies P12 subsubCAP1P2 100101083000Z 301231083000Z /0-0U#0€Ç¥7§Ðú$å|ßÛò]iÛîÊö™î0 U0  *†H†÷  ‚¥®\¼L3±ø2FÀ±ÚÕ¸6äRòælíýK"uŠ±­"»½}}—®|/=Mʶæó&WÎÆHIý%ð‹R0¨å6AY'êrg]ƒô'G<@LñbV ðÇ 1–Ñöf‚.:Š3!>>ÛõÁ6­KYË×FáÂüÑ^*Æ¡Ð-^¥4Ëùö*@nºÉ÷\„¯4lÔK<ääÜ»tý|ºÑÅE%pd’+à¨ø-Æ­`\&v0@¿˜ r+bÂQ€Ä*<òÌ„`QH÷ϘU)Röˆk¼©,J’BÙ“ Æ/Õ?Öeíq¨Ô§?«ÛÈ‹?‹‰œ,mõU!Ècertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP2subCA2CRL.crl000066400000000000000000000007111453642760600266420ustar00rootroot000000000000000‚Å0®0  *†H†÷  0K1 0 UUS10U Test Certificates 201110UPolicies P2 subCA2 100101083000Z 301231083000Z /0-0U#0€,ê¸w=e¥¿3ÌzÒ˜ü¾0 U0  *†H†÷  ‚ICioòŠÒ n_ØìtqŽ£_$RF3±6± ¶ê¥ý‹œ®¤ ÍŸÆÍÀE=Õ»(Gvn”RIÖ &X#îù±Í¿Ò v슅âJÙCn\¦VoÒ„"uVOŽËжú>œžÚ¿€ãÎ㯕&ÿjcúð¨Z”i*ùˆß˜ýdñRÐ,߀ñ¨4V?Ùr{S³”¹Ì%'ÿeVu/Êš{õ‚xŽé6«OØ¥ ºU®u¶•_zw8´®Ê2È0)’‚A ôÿî>¦c˜øÄ=Ú÷ómBȘ•º¬ÀúvQ-!9n‰û¥à­Ë¢gƒ/ú¨Tí#øɃ3fÆÄzgcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP2subCACRL.crl000066400000000000000000000007101453642760600265570ustar00rootroot000000000000000‚Ä0­0  *†H†÷  0J1 0 UUS10U Test Certificates 201110UPolicies P2 subCA 100101083000Z 301231083000Z /0-0U#0€^<„sž0prq˜®6Û"|¯0 U0  *†H†÷  ‚‚78‰=KTå*ïR-˜1ôÊQá[w6·%ȉç3è»b ëÏ&ó÷jep±NK}%ƒÐXb1±¶£(ÆÚ7«rIç'åÇ“‚UÛ\ïH´ØHøëÀ®r­ÎN‘¥þéKt’å7]T èŒ3bhXkíR*í¾Qh¹7é ŸqÿrÚ0@:ÞwRçZîãLeŸ >1 šô 5DÒÛûä˜ ešÙÛIpðuÇ€[½¾ 1d/1PêŸóºW—7¼S™n°*£–ÍM¨ ÚO^âu#ˆd=‹´­ª®Æ0»Vƒ<-g¥Úö.òăîNÍøÐÝA#>:Ÿcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/PoliciesP3CACRL.crl000066400000000000000000000007051453642760600260520ustar00rootroot000000000000000‚Á0ª0  *†H†÷  0G1 0 UUS10U Test Certificates 201110UPolicies P3 CA 100101083000Z 301231083000Z /0-0U#0€Ø«, ‹Ã’ÜÆ­j?¿óƘåÜý0 U0  *†H†÷  ‚°Åª‰Z2ki:°Ó>v÷1Þà÷-…õ¢j*öSlÚ‹OmäíN¶©Å”ÏŸMFšç—J½iéˆóC$ýY8X ýÁäì;+W¬Ó á$á&þZ589)Te°dkVãV8Æ&s…+/u» ÃüRìz‰šC½&§²t´õY@¹fÝþ}<ž°irL3 ’³0ÈOg¹è”zVÝúçÖ¤Ôœ&`ÊYÍðtv 6ù­Ÿ†säí;âM×Wh3 ÷k•úxœUO% Šd;Í|¯á/hÞr¥rT­NÉ€›¥î"u΂ŃËÞT©IEW½©žwf”Q|Ž1Ù¯Nû<ԗܺk¸„ certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/RFC3280MandatoryAttributeTypesCACRL.crl000066400000000000000000000010221453642760600316100ustar00rootroot000000000000000‚0÷0  *†H†÷  0“1 0 UUS10U Test Certificates 201110 ’&‰“ò,dgov1 0 ’&‰“ò,dtestcertificates10UMaryland1 0 U3451 0 U.CA 100101083000Z 301231083000Z /0-0U#0€ðQbïÎAÇ·°gtk¼2 3™ë0 U0  *†H†÷  ‚Z“Kò3˜ªoˆï…¿ï€ŸÛñÆ è^¡*`6 ºUû•/O¡BZ^¯gºMBÊRS¶:Ug6¢JRa¶lЬ 5ÿDƒc<„ ° ›y0„ý²sèICí‰Hãø^ˆKNš 1Ï·ãY5ˆxp#C…ý×Tz°z ¹EW bœ«ñý/šäpÝdÂ?Šüh'ã¬ÃÀQaRM>̤áÉÁ±üž¹ü¼=k€­¿¬Õ”Ðó ·ë¾£Â3ì'—ÿ™€ÝÔˆ«åm¥J´ñ„ç¥:·f9!ñÊbd6‚³„kÕÀ‹certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/RevokedsubCACRL.crl000066400000000000000000000007041453642760600262100ustar00rootroot000000000000000‚À0©0  *†H†÷  0F1 0 UUS10U Test Certificates 201110U Revoked subCA 100101083000Z 301231083000Z /0-0U#0€–o’™ évt»_ÔøûÙÏ ï0 U0  *†H†÷  ‚…>­ ?4•Ù,Rí²ÔÑFÙb^ªüûf$¸-óŽšRÿ£dn s›}†ÎåÇ'jl]®mÜ:¿O†kÉrqýØDÈÝóÌvÂ+ÅŠ›h|‚¿´ZׯEÎxcß™ù¦òÉDG Cgíh+êíäòëRªVz>§‚(³ñZôv¹¨n„\`!ve%T•"CÆOë~µ,EC´^¼+ýŽ_J‡ü„E©/ñcŽ.¹ÆeA¢ÅWJŠ+ì*·Åƒ4ů.gŸñ¸½0S*‹Zªzww8Áì yB~>Ö‘Ûp¢"û³™­nÁq\~ÌÂ,I‹˜Q_’àz›©certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/RolloverfromPrintableStringtoUTF8StringCACRL.crl000066400000000000000000000007451453642760600340250ustar00rootroot000000000000000‚á0Ê0  *†H†÷  0g1 0 UUS10U Test Certificates 20111705U .Rollover from PrintableString to UTF8String CA 100101083000Z 301231083000Z /0-0U#0€µmO(?Ç»±˜¤©¥Ð¨[^Jt³ç0 U0  *†H†÷  ‚SÃ,ï&ÐìNóˆu—1KÎÆlµÒŠ€¶L4~máìJ˜e¶IØÁ,@Ñ,Šz»¼sÄU:íw·R ¥æ¦ ô!8 ×1m¹#ìY!¹˜"äÝœŠ3¸¡u t›,°W·;øÖL±$ãEf€.â˜ñ‹Yœ5€Êæ9øæ0vågŽøS›ÎÒŽE©öüéO•zÐ]ç¥b<›³ÐRÌ#Vç)Žû%¿jÏdCyWM‚¿[ú„–Ekéhb7‰É„_¶É'ÎßÖ ŸÌ.â“·ÉNý€S¤Þ×TfG pÍsúºÇ2LGhtÜÚ>¨4xЪmJ´Í”°ŒøIútd™certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/SeparateCertificateandCRLKeysCA2CRL.crl000066400000000000000000000007341453642760600317530ustar00rootroot000000000000000‚Ø0Á0  *†H†÷  0^1 0 UUS10U Test Certificates 20111.0,U%Separate Certificate and CRL Keys CA2 100101083000Z 301231083000Z /0-0U#0€„=„ª|w_1ÝÍ`ó——Ù±0 U0  *†H†÷  ‚£yåkUDNföÔVWºB¢•LëáŸ%ʸ~*¥ò:QHf`?ìÇ_ ­ÍªÔ¡X;iIà›².îniÌÎÐ9V«¦ xJbyU¡ì`¬ò—LRé©á×.N›x6 ì\×Ȯ̃)kû`FÉ»p=$C&Ý*R‚Áó½‹úw•M3+;öÇ*^x@a©ÖÖ¬h·S‘AÿM6È`ki[ÄÍð»³:Žs›ô¶^ÝZÔÃ_Ÿ„ùy=úè½—O$ýس½wô­üúDÿÙŒ'£8à!ÉüÕI8/¸ZùIX"Ýts‘€ìžé šøðJ‘xr¢8C'Ù,í?¾ôÎìÓrï¤ } *­&Žt'ä†Çm4LÍã²ß‚^FH'¼ß8ûV õ¿¡±ùÎq’€Þšÿ Ëb.Ò‹ŽI@ɶº£t³N¡.ЧGý\;̽:¨^Úå:ÅÚs¾B^certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/TrustAnchorRootCRL.crl000066400000000000000000000007471453642760600270220ustar00rootroot000000000000000‚ã0Ì0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U Trust Anchor 100101083000Z 301231083000Z0"0 h 100101083000Z0 0 U  /0-0U#0€ä}_Ñ\•†,®¾u¶e§Ù]¨f0 U0  *†H†÷  ‚«µ»!k¶áLÍð·7ž•8ÑÔ€®ðûÙü64ì–¯y'7ª+GW©¸v¡ór%ÊÖ)¬â¸u­‘aŽ)CnøäåQKJû‚Ñk÷Æ}°ÛÕj¥ Z¼_'Âì·ÞvÒ—œ{¬|éð}/¥OáƒF"²Üû¸DŒ@À,›>¶ÓèÄÓWÀ)A¹Ç&D’ÅÐŽ´eÑÿ¯ÞeuPšíMŽUsµ0+™•d–©t-ÂÌMºqmcqÁS¬ÐãJ6äNGî±vvBm‚”qXR@gð–³cCÙš6J"¡–ø €(òq½&Otز˜ó7HþC,/"TêÜÇd‹J÷wæcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/TwoCRLsCABadCRL.crl000066400000000000000000000007621453642760600260070ustar00rootroot000000000000000‚î0×0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UBad CRL for Two CRLs CA 100101083000Z 301231083000Z0"0  100101083000Z0 0 U  /0-0U#0€¡Ö™€ãmýçîwK_ñIÙ?¾=7Â" ‚éŽîYìí²? ¸ŸuðI„År¹Dì õ§S[žz/ŽÑ ¡m[ìÉóýÛ´¿»;@ú„ÄaK²º">¦Jh¼›=tæÖYlØœ{è’_爕qÜQÑ™!¼¨¢ ˆ1y*8Füdž6š¸r C@-FØTøŒãƒ¸ô¥.rx¶†·>ÚÌ9« k?åÑ8ìJ衵/]´4SÉLb8Tê™d8ð½v…‡qeеKînÌØËWPùJbQñ*\­ðRÛ–ƒ‹Q-<Ãø–cFwÄXb?G‰˜TÝŠ4GFvj•¦mUfÄÒPËèÀcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/TwoCRLsCAGoodCRL.crl000066400000000000000000000007021453642760600262030ustar00rootroot000000000000000‚¾0§0  *†H†÷  0D1 0 UUS10U Test Certificates 201110U Two CRLs CA 100101083000Z 301231083000Z /0-0U#0€¡Ö™€ãmýçîwK_ñIÙ³¢ë8 &gÓìBÝ*‡kIÑ M’äœ@¹±_#Ub(c‰fT„#”šÈî‘2PEHx;’vˆ³Ö¾ J4certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/UTF8StringCaseInsensitiveMatchCACRL.crl000066400000000000000000000007331453642760600320100ustar00rootroot000000000000000‚×0À0  *†H†÷  0]1 0 UUS10U Test Certificates 20111-0+U $UTF8String Case Insensitive Match CA 100101083000Z 301231083000Z /0-0U#0€`ßÑÊ©P’!DÒwõj­¦¾x0 U0  *†H†÷  ‚~r£ÓÆU €7)³9E¸Vù Ò¸©‹¤š|Т·¡mB8Œ³>±¿6í‘yb+kÒʼ®­öAäÜ$êúñ½ýRÕ»>?o_À•x/S,+2&—*µ¿t b~¾ô8!‚ü‚Á R $ÿŒSAš°¿ü~µsF=éòD߆’ôó”â(%Ê™àôWì¼Ù^±n&ñŸ¤îæG6iA0o²Í8}dVyª¯™Ž·€¤îÜdTDúý!6_‚*ð[Öè} :Ñ‹’Œê¶ÓèÄÓWÀ)A¹Ç&D’ÅÐŽ´eÑÿ¯ÞeuPšíMŽUsµ0+™•d–©t-ÂÌMºqmcqÁS¬ÐãJ6äNGî±vvBm‚”qXR@gð–³cCÙš6J"¡–ø €(òq½&Otز˜ó7HþC,/"TêÜÇd‹J÷wæcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/anyPolicyCACRL.crl000066400000000000000000000007031453642760600260450ustar00rootroot000000000000000‚¿0¨0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U anyPolicy CA 100101083000Z 301231083000Z /0-0U#0€»ÉÞÈ•çB⢎®\«$`~…0 U0  *†H†÷  ‚[¸ºÍÓë+F¦K¼‘‚ŸÙeqöÚˆ0X~¾÷‚Å‘ÿÚ6d^_¿û_E/E%7EV)›X5\ð„¬¯iÇ·F7ÃÚ€Êã\Ë€ ã»8 r6)À¾Û ðè[{5Wâ-²Ã}nD*»¿úÚGDULw2 *¼ ºÛ Ö• *Ùtà¯-4ª?6m+IŽÔtÓ„<·Ú§¨†DÐD3|n2<'ë‰Ù(•÷¡C¤ï”5ÄëýW•öÌtÄ :©’S缜¿(!¡›MŸ#ЈdxLâœF§ù¤‹‘/—qir®FKØV¤tå¢]certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/basicConstraintsCriticalcAFalseCACRL.crl000066400000000000000000000007341453642760600323050ustar00rootroot000000000000000‚Ø0Á0  *†H†÷  0^1 0 UUS10U Test Certificates 20111.0,U%basicConstraints Critical cA False CA 100101083000Z 301231083000Z /0-0U#0€pßD/™sò6<4Ð Ñòí0 U0  *†H†÷  ‚VŠà¦!¬j?£ÒSó§dh%7‹êºàé¯WŽô”÷^Öò:® kŒ5¦ ].ª^æ1ê²V6Uåì9ó{KÆ»NšéýÓ9}ÒpÖXcßîÕTl_ÏòÞB”ƒo„AÚû½€£…"Ù"ê¤ ä»^t;}‘»ËóQŽ¥ý'œÈ"fס¿Ã×ÀãëgvÛÁ¾ðÈÁ‰þ,jì{— ‘®"Gà–ÎÂ#p {œ)áƒyüðÔ—¬‹+{RÈÕ€JzÈ©´é CÆÒ\u;EûŸç{Kú÷íDoñ´|5èä0M'½p£BRÈÉÐ6÷øµ '³Dƒß5Ž­ºÃÅf‘certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/basicConstraintsNotCriticalCACRL.crl000066400000000000000000000007271453642760600315510ustar00rootroot000000000000000‚Ó0¼0  *†H†÷  0Y1 0 UUS10U Test Certificates 20111)0'U basicConstraints Not Critical CA 100101083000Z 301231083000Z /0-0U#0€ ¤¹0C¬CÈ4ÏïUè¿pŸF¯0 U0  *†H†÷  ‚Xý•¤•‚S¡{¥ÎòjÆÞ&…Ú xC+@·ÿË9XË•Ýo á ¥C±0Äch`üª)$¿l2w@EŠú×PÿŽÓ×FSH,¨žfݾs” $ËÖàªÂÑ‚>šÎ¥î‹@—‚= {µ‹å,Bej“”½vˆšÜÕ9Kƒ‰¥Å„OØç-]Ú x‹§0ŠÔ䥶¢[ã°zŸE ¿h²ÝçÔœ‰o¥Û(솀[v¨£'Ær%p4 Ý٢₊ñ×è\ƒ]…R åÕ°Çm¿˜=Gxö%{£pÇìU}¡[V„ô‹Ç@\IÞ|ÎçÕsšuiÚ[Àâcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/basicConstraintsNotCriticalcAFalseCACRL.crl000066400000000000000000000007401453642760600327630ustar00rootroot000000000000000‚Ü0Å0  *†H†÷  0b1 0 UUS10U Test Certificates 20111200U)basicConstraints Not Critical cA False CA 100101083000Z 301231083000Z /0-0U#0€9Л·O)7¾Ó°ŠvêjžÍïF¾X0 U0  *†H†÷  ‚y½.ÂT«7¯Á»-LWÉN»@àòI÷Ó9öb->}ÿvË\ߧ2·1!_«Ú%("’¦‚ÂÓeUâøá~pŒèÓy'®u×ëFÿy[½_–²•0<0U#0€w#åv„È”?‚Ðêt±à¤/30 Uÿ0 U0  *†H†÷  ‚V}22ÖYÇ<‘Û¿ª÷€ö`¾Á ŽÊnî ïN%¿p2h6ø!Ä®âÀ†wc»—SƒvŠX×ÜÕdck(fg¯“‘uôÄíúø²é×}¶òÔñ¶M} ¶×ð¤`áó'ÎÕ!c‘Éf ÿÕÿ&®k¥%Ì¿±r¾Žü$sµ—'ÌË/€hö&oG8‘ú ç`2¶¸¯«¾¢\·Xdd…û²xIX3!Ý>µ€†Ýà-ŽÍÐÇ/Œ÷Tø^WÊæ-¼‚N¡7’)<_ W˜œñ`„|žœ‹I²bäƒèqÔäÿ¯ÑL-SÂ3T_´ÿu¨\¼mDcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/deltaCRLCA2CRL.crl000066400000000000000000000011041453642760600256060ustar00rootroot000000000000000‚@0‚(0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U deltaCRL CA2 100601083000Z 301231083000Z0"0  100101083000Z0 0 U  Š0‡0U#0€|Øö¾LÎÏ·?¡»3«µ×ûÄ0XU.Q0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA20 U0  *†H†÷  ‚ç±²áuÄÌèø¡¶aÎ0ðx&_¿DEìÓÍ‹5‹’ÀZÀÜ>á &¾µ-¹vÅè¨û  TNÎNëù’)=èÌ”)j ®GÁ·sdº#xÎ'ñ8_1³Îÿ’‹åxbg *ßéÄIÙwWI»êÁù4²RN¸žWØ2gâw¾Ùgú›:)© §­Z >PÇ+7þvGÔÿ`k ‹æknÿÅ7ãk~âÁ[.n×þœƒpù)ö‰ö9 €F½Ð r- gÚO±>šå†$å&þ–pâ¨g$>³Òá¢~G9k9hMÊÀWRæú5Îv>ÏR¿‹Ûãµßš¶áPLcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/deltaCRLCA2deltaCRL.crl000066400000000000000000000007661453642760600266350ustar00rootroot000000000000000‚ò0Û0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U deltaCRL CA2 110101083000Z 301231083000Z0"0  100101083000Z0 0 U  >0<0U#0€|Øö¾LÎÏ·?¡»3«µ×ûÄ0 Uÿ0 U0  *†H†÷  ‚Y~oè~ª™(«£v`bKÈ‹…ƒ„ ¦3 \Ðî»>˜øÔö /øPEqɼÆÑq0~ôòÜÞo:@Ãa<¢\z’GViàÐÓ}Ã0’{ž†É(=æ[<üþœØÕŠ»Frâ½êÇÚZˆ)RÖ߉Ht  xŭ㎿™¥ ó½9h«.-jc¶éðQïT/÷9certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/deltaCRLCA3CRL.crl000066400000000000000000000010401453642760600256060ustar00rootroot000000000000000‚0‚0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U deltaCRL CA3 100101083000Z 100601083000Z Š0‡0U#0€ïcÓ¨N±ùßaâ ã˜Ò“™ç0XU.Q0O0M K I¤G0E1 0 UUS10U Test Certificates 201110U deltaCRL CA30 U0  *†H†÷  ‚\å 5 aJ­MÁÍùRNÙ¢ ®JÌÆk^æ¨{{úEŒCK^Ó²ù+|eŽpAIôÌæJ€¸?YÒ®dÅUMFæa½Sæâ cÒ³ÄQ›Ïûɑš®€ºHª5 o 4Šyµ &n`Ò·4èµF‰Ï˜€­©p,&à™À„a]攈T9@8ñl4Yé…(ôðô UÝDF¤ìë0– 8—ßЃ•Ü†Á'>Äp­l‘¸Å_¿Aí÷&'ù‡Au(Ð.ÓR¯ãœ¥uüº¶P§†UA÷9;8y½±D­Y>?W†+ýò&p£hQ¯2‡¿¸/ ]Þ ¸*yPƒ?𧇢certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/deltaCRLCA3deltaCRL.crl000066400000000000000000000007221453642760600266260ustar00rootroot000000000000000‚Î0·0  *†H†÷  0E1 0 UUS10U Test Certificates 201110U deltaCRL CA3 100601083000Z 301231083000Z >0<0U#0€ïcÓ¨N±ùßaâ ã˜Ò“™ç0 Uÿ0 U0  *†H†÷  ‚˼¥jÎy’ª3žZ–K×éÄ ·O‰’…á,éßn‹¨+8‘ÝzU¸·šûý¢(ÎÐ Z2y†Iƒ¥Ÿ4¶àú6TÕnX}d `@õÔà®'0—nᣢ™Æs|cß\fÞ8—åÐPÐ3Î/‘‰àì*Û}ɼBH]‘‹Á þuJ6Du—>ßÛ$ª—·j‹dCpëKýp¸nNeË(6rërï“NŸ2º åõ`Eï2„·¹í–ŽP„ó~=®Hb’ùÅX‡ÜÖËvÀk9£°¨U+e•ƒª±ÃÒah Ö‹!~Ä Ad!õ,„ÏÀWÁ¦è#Ìôò‹ÑÎcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/deltaCRLIndicatorNoBaseCACRL.crl000066400000000000000000000007421453642760600304600ustar00rootroot000000000000000‚Þ0Ç0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UdeltaCRLIndicator No Base CA 100501083000Z 301231083000Z >0<0U#0€ô8v%«¤ãÀÈuŒkc#¶Š0 Uÿ0 U0  *†H†÷  ‚“˜ûX&oØ>‡7#í¼ ;NìxÙ #è=¸3÷÷‚2Fƒ>«Ñ6; ~uØ#šî%èdKgÍÙJ0!D?ô”­>Û²P'[$‡´Ô%n–ñ­"À00ÙŠAOêªÏr .^SˆF…Äð¸4@qG@^|ø;9‘OÀ&¥½ú9Á¢„ÆýÁ{®%;Ò¹|©S›ú<0®üqÓ¬=;e˜ Çj®#›Å3Ó—·¦¥ g#þÅ6®Šz“!yŸ)!×õb.nŶæ‹8¬yq?ƒ™pD,ˆÊ´1ÏÑL8Ï„¨@Põóù¶†ßÏè¨ ÛTÉøªcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/distributionPoint1CACRL.crl000066400000000000000000000012011453642760600277020ustar00rootroot000000000000000‚}0‚e0  *†H†÷  0N1 0 UUS10U Test Certificates 201110U distributionPoint1 CA 100101083000Z 301231083000Z0"0  100101083000Z0 0 U  ¾0»0U#0€0s½p(‚ÒoÏÒ7íÍë#‘Ûï0‹Uÿ€0~ | z¤x0v1 0 UUS10U Test Certificates 201110U distributionPoint1 CA1&0$UCRL1 of distributionPoint1 CA0 U0  *†H†÷  ‚*ñéyïÖòóÔ ½­zbº7\ò}•{¿—Ç Bš˜Ÿ oS¥±o……Á Hlê©­´ìÞ|ÑAdªŠ%& î€r «È§òÀe Q]Ñ– ¸m»OD‰«CE´ÉYÕ`‰­Óªš›w5 —™œDÜŸ~[æ¢Àš¿„iW > ~Z°¹½$ƒ¥êŸpšáù¾Îsß%ýFþ'ëÞó%f1Z¿Ñ„†¿–v"5öWØ–v7>pÜŽ2ù¸Ó<¹p剥⋳8ÔÈáß1 ÿQ›Ø#2¦m´í·ÈÖî#¿¿Ó-/ÄèÚO8’Ü:°ZuR &b±Û`õ<Mcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/distributionPoint2CACRL.crl000066400000000000000000000010511453642760600277060ustar00rootroot000000000000000‚%0‚ 0  *†H†÷  0N1 0 UUS10U Test Certificates 201110U distributionPoint2 CA 100101083000Z 301231083000Z0"0  100101083000Z0 0 U  g0e0U#0€DlîÛoëNIxþÍå ì»`k06Uÿ,0* (¡&0$UCRL1 of distributionPoint2 CA0 U0  *†H†÷  ‚ž´F[JÌl ø·Ÿ£}Ÿåêã@ ü"5&ïPrïV^ÁµÔ*™;[4¤îÓæÌÇ]VSz‘!©Y˜im?Ç­q#ýцpÚbÆ[¯’Cev ëƒÐP(Ú“ & 6ΛJW¾P¬A0¦uc²þÀäz¨1.æ/ÕÙÜçêÇŸý&E¹/X6Î î„ò)–%®,»Sšf°qÚŒbê~Ãñ¢_DšÈ»ExÀ½únÿÓ"°m½=certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/indirectCRLCA1CRL.crl000066400000000000000000000007731453642760600263300ustar00rootroot000000000000000‚÷0à0  *†H†÷  0H1 0 UUS10U Test Certificates 201110UindirectCRL CA1 100101083000Z 301231083000Z0"0  100101083000Z0 0 U  @0>0U#0€%ø¯ü¯¶©yKÛËd,‹K±Í0Uÿ0„ÿ0 U0  *†H†÷  ‚ ª%@•a¸YT·BT:”µú\h¯ /1*¡&áô¾céÛ€CÏ¥ñ¤&pg¡üi.:xo 1’LKóZ“¾ëÛ…æ®c=Úiks÷°5lËȸÀŸÃK´e7W³–{GM× Æn٘ʣ¹ï.WN´ÔÕS5‰Žt°Å…gXéÞG&:Mò›oõ‡­lZYD±¹¼™—¿é'!‹ëÆÊN|š=æ*m$žßòfèÛ†ÝÂÕ-¼Ï"®§ðZ¹¯Ú\š~]ÚàuÒ)K~5Ô¸Ö?6Xgð,)ÜÒWèüUÄÇCCZ‹@ó MÎO|ÔïìŠC Gbcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/indirectCRLCA3CRL.crl000066400000000000000000000010661453642760600263260ustar00rootroot000000000000000‚20‚0  *†H†÷  0H1 0 UUS10U Test Certificates 201110U indirectCRL CA3 100101083000Z 301231083000Z 0š0U#0€H“T}Äm0ÿ-WEq$ßLŸJ-0kUÿa0_ ] [¤Y0W1 0 UUS10U Test Certificates 201110U indirectCRL CA31 0 UCRL10 U0  *†H†÷  ‚+óXô¦÷ÍÕ¼lå¾É3[Z†u4„¼Í$CÓ}ÈLÔvä>’EZ®=¿jYÍàNÜ1lå«Z¡s¾–G€)Œöf n3— ^km½ì×’ø&\LÚædÎfž}¯óC$$»[å¼ùktüå»÷Ã{—ñFbDxÀ µÙ盇Ķ Æà{²›Ñ%Ÿë(ŸäÜ¿nÂ!}`U±q2<ªßMÕàI­»\F궹nNB¡fwBD©LajÓía?q;KsëXøÈ~£Ó0.áÌè胉]ÚtT™e©dc u2„'G…®£§ÄsÏvá†"lÒcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/indirectCRLCA3cRLIssuerCRL.crl000066400000000000000000000011561453642760600301220ustar00rootroot000000000000000‚j0‚R0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA3 cRLIssuer 100101083000Z 301231083000Z Ë0È0U#0€‘Ñ9˜ÉïOTeŠR-| lw0˜Uÿ0Š „ ¤0}1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA3 cRLIssuer1)0'U indirect CRL for indirectCRL CA3„ÿ0 U0  *†H†÷  ‚4Ùã¾›©Ãg¼‹bÄìl,ÜÜ÷Sá´åŠxÄÂÜâ(*?Öúhï±µó'k#SÀö{z‡»zt”‹?æW^âà!/ÞR A<þ“ÆÆÚ† )ÊFË]dú¶&ú¢±‘bx(JŽ½¼«Ó  ¸2D,Û¸#ÝÌ›“q¹|A¦¤NqWÛÖmÿ÷¿9UN¾OäCðSåeº‰E‘"ÑH ^6Ød‹Ê Gåë·M€Æ±õ Ú#Šÿ€ýƒ ò”*ðMŠ h“Ë?çMž†SÀÈD/€ÍíüÖôS‡(¦¬6ön ËÎ8kÅÕ_hÙó.†ˆ°©ÖòñN0Âcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/indirectCRLCA4cRLIssuerCRL.crl000066400000000000000000000011561453642760600301230ustar00rootroot000000000000000‚j0‚R0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA4 cRLIssuer 100101083000Z 301231083000Z Ë0È0U#0€óëm¹Å ¤ÚEÿ¯zG¯À¹0˜Uÿ0Š „ ¤0}1 0 UUS10U Test Certificates 20111"0 U indirectCRL CA4 cRLIssuer1)0'U indirect CRL for indirectCRL CA4„ÿ0 U0  *†H†÷  ‚)ò¬ŠBôz›Ôò´¾1ºÊV”í‡=È‹ Ü>üµ~;N–Ï'P^ñ„Ÿèä™}j²¸ ÐwU¿9WõÉ‚z±¦¢^-(CsÞOJå ÙúîܺÅ™ý–œr©ú°ÖÜ ÑÖíëðP-ŠNEîz,ÖÑQƒfEÈž•8%At•ùXüÂê—/•Ž’ŽÁôzRGèw£¼¿#ð…I´UnÀÄóGþ¦êr’c2|7Às§’ËQô:¦I‚Eam¶µãϺ3s¡Ìé°Lyf—Þ“t:Æ4Wô&9 ,òcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/indirectCRLCA5CRL.crl000066400000000000000000000030511453642760600263240ustar00rootroot000000000000000‚%0‚ 0  *†H†÷  0H1 0 UUS10U Test Certificates 201110U indirectCRL CA5 100101083000Z 301231083000Z0‚Þ0  100101083000Z0 0 U 0z 100101083000Z0f0 U 0XUÿN0L¤J0H1 0 UUS10U Test Certificates 201110UindirectCRL CA60  100101083000Z0 0 U 0  100101083000Z0 0 U 0z 100101083000Z0f0 U 0XUÿN0L¤J0H1 0 UUS10U Test Certificates 201110UindirectCRL CA70  100101083000Z0 0 U 0  100101083000Z0 0 U 0z 100101083000Z0f0 U 0XUÿN0L¤J0H1 0 UUS10U Test Certificates 201110UindirectCRL CA60   100101083000Z0 0 U 0z  100101083000Z0f0 U 0XUÿN0L¤J0H1 0 UUS10U Test Certificates 201110U indirectCRL CA50   100101083000Z0 0 U  ‚­0‚©0U#0€÷ª½HuY€°Ïß#Ø“F‚³0‚xUÿ‚l0‚h ‚a ‚]¤u0s1 0 UUS10U Test Certificates 201110U indirectCRL CA51)0'U indirect CRL for indirectCRL CA6¤u0s1 0 UUS10U Test Certificates 201110U indirectCRL CA51)0'U indirect CRL for indirectCRL CA7¤m0k1 0 UUS10U Test Certificates 201110U indirectCRL CA51!0UCRL1 for indirectCRL CA5„ÿ0 U0  *†H†÷  ‚·›•ŠFª÷ÞÚp€È0ŠªEK'ç΂p´\];½.8¢Ï’Íg{›u•ìé[cŽ¥áŽ ͧջîÒ.YiJn×j±:–…gÇ׫úbÜc·Æ¨ ‚i)”ú-T¸Àº¶ò&@ú+à‹ó_ySéÊ:y9 ¼kÿÝ™=S’æazÚÊ;,4hbÉ"@<ˆÅ‡º*w©„PuŽ¿ÿ8ƒœHüV¶¹²2ÑSñ6òæ8uÒÃ?£C+-Ñ"êHbª?YîF jíWieèG&eà Úy 1͈ qá«î]˜Üo IàïÉ@_*౉GãÝrÕ;¨þcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitAnyPolicy0CACRL.crl000066400000000000000000000007131453642760600274350ustar00rootroot000000000000000‚Ç0°0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UinhibitAnyPolicy0 CA 100101083000Z 301231083000Z /0-0U#0€  zjÿj…‚$ÍÃ&…ø¿Š70 U0  *†H†÷  ‚~xó'ßeРÆY&µëœIZŠ bz‘µ.9å%yš~Ü7–O¾=$H¥1*Û¯nç3nߣ0˜Sž ! ‡Û=ñ­!êJ%PàÒ$®vŸ£khßÖÚV¹¨Ñù$â›êi^‚m­ë(ûJåÃjé„Òî‹L¦õO2Ùµm¨’#J`NU'Bá{±¹”zóòï“õ›]ž0ÒTþ•á3šj jS\m¨@Nܳ¬l̦¹4F$ï¡gX7¿çWˆH™qà(ÒC›^°–æóá-sØ`ÚÅ©ZT:a—lG "dÆmmos´xq=|§•âaòcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitAnyPolicy1CACRL.crl000066400000000000000000000007131453642760600274360ustar00rootroot000000000000000‚Ç0°0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UinhibitAnyPolicy1 CA 100101083000Z 301231083000Z /0-0U#0€ئž'—ÃŽÔ!× ¼œí¡{òÓ0 U0  *†H†÷  ‚LÚ´cGJ_€2ï 8Ô•ÖÜ V³žKØR”«h1;Eý6ñZ  Wôl(&#Îð\§Ð°ŸÇ"/ d‹A5$ßàò“L„K/ÂÏD}Ýàž#l¾1žã|þŒ! 9åxŠRôchS˜s+ö¿µ`6´£™§£1azu ]g9¹MÍÄ»Ÿ®þ…EÞD9«KÜkqS+W9Ѹ F½ë#Ü0¢`'U¸~NÅ·b âPÌùÍàKO“}ì´aO~í$ß´€µÿIц&g`+¨'†ÈMš£r÷ê:¥‘ÏÒëhãõç:qÊQ©×ø(;&µ4¡J5'certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitAnyPolicy1subCA1CRL.crl000066400000000000000000000007171453642760600302350ustar00rootroot000000000000000‚Ë0´0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA1 100101083000Z 301231083000Z /0-0U#0€t ÕXÙ+SÒ+°Í]qÆ¡¿C§È0 U0  *†H†÷  ‚qÛ3*jÚQ iß;Ýä¡6€ Z}_ø›Å“ï¶\@«Ê/˜ìg”ÃëÔÇVÑØ€2aÇ*ô_,r`pnj‘ÁtßC‚®ß{Ö–G¸åBð\âä_ãmg 1} ¹2Jœ>Î’_QÂ5âô@¬þm|(º¨ž˜õ KËzV_ÀÒÒ9Õéd›zq¢©¨‰£9íy#¼çgôãÿ7Ÿ¨`2Ü9"»ú}4<ÈjŽ!¸á®hú°:"Ao÷x3 BŽæ†tÇQ™À«íÛI$& 3B̹ÚÒLßÈuYämé$c¶’!]Ö”ì³éšúBcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitAnyPolicy1subCA2CRL.crl000066400000000000000000000007171453642760600302360ustar00rootroot000000000000000‚Ë0´0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UinhibitAnyPolicy1 subCA2 100101083000Z 301231083000Z /0-0U#0€ŒÜß~dÛb¾ÛKQdŒjfØ\££0 U0  *†H†÷  ‚²³÷GöÓ¼ןÃDù+Ð*û:Z¯þ¹¼Ðü¾¾ÄQžOßí¼‚XLÖ3§ó@x½‡•¨ÂBfƒí?n‹’ýô°$XD?‘£=ïmZG°e¥,)™xHT[ÿȼ&ýQ·ÿhÀøÚo.v¡A×$[ÈB¬Ë›s¨ß@½Š 1!ÂálòŸ5#c—¸ÿªOO­ g#GléæD&Ò¥˜÷ 2#ÂãÛ¿‚v$«a6ýÆáS÷¹3(Vï²Où)‰ËÚâ÷…•+\ÿ¬sÍ5ª_—7éçOåŽQ÷´ŠÉùArŠ“Ç„ÎE¥zð.8ø!(ÒX0@>Ô€¯ócertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitAnyPolicy1subCAIAP5CRL.crl000066400000000000000000000007221453642760600305670ustar00rootroot000000000000000‚Î0·0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UinhibitAnyPolicy1 subCAIAP5 100101083000Z 301231083000Z /0-0U#0€‰Tt`³÷n aŽû¾R&0 U0  *†H†÷  ‚梺Ëi9Q ·šÑ©"Oo憃ÛÍCþ¼q¨\AÁYûO ^xhîòÖç‘6šs™¦0þ` 93U)¹™ŠÓƒ^}˜kf7(.9P/!”#œÙ—Ȧý·ù(xvÔŠ W£’ª [Š->wmgC4^ß-ï·¾e¡óØãÇÐJ …2(BÎ ‘ ëÚÅõ+‘Éù6×¥¥ßî;£´CÜE†&]Žp˜ê«`Cÿc»þ‘iv¼Ó•YK'V¢z¨ÕDù>"W ÉJ»˜f—œÈÔZmÔE*ɺ¢ú Ñ-ýPå;Rw»Æw½qr¾3NIócertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitAnyPolicy1subsubCA2CRL.crl000066400000000000000000000007221453642760600307440ustar00rootroot000000000000000‚Î0·0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UinhibitAnyPolicy1 subsubCA2 100101083000Z 301231083000Z /0-0U#0€}ÀœŠvùI3÷¤KŽ0u•;èˆ0 U0  *†H†÷  ‚¬MIqŽ1’ÈúIÙ½hEeéKc(-orÒß &Cx´ËŠ™Ãѯ°;Rv¸‡m¨‡ô,C¯¥~N‹FÕ64ã¶Äýs🺉^øeB\*†úÿ`é\´šÉCM/\ØðÎKé_±ëH¨èiïÌK‰ ‡'Žj äßkkדö ‚Qï×;ót€Ã£°ù!棆 ¨ ÷õð°@œÔÜq³S] 𸮼`¯1bj@ù`ÌB‘& UñyËö² òâ*ÉÓﶬR5YÕŠIŒïåô†E€£5Wq- ÃÖ†ýÃŽõ(àH0É' ®²EY[úM¹«­øcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitAnyPolicy5CACRL.crl000066400000000000000000000007131453642760600274420ustar00rootroot000000000000000‚Ç0°0  *†H†÷  0M1 0 UUS10U Test Certificates 201110UinhibitAnyPolicy5 CA 100101083000Z 301231083000Z /0-0U#0€À&çiÖ|ð½ÕªSeùœË 0 U0  *†H†÷  ‚—!ÇÐ,Nr y›´=•¡õ÷ãOu³kBÝÝÍÌ‘%¨âQA±½Ï¿K÷¡0¢’&f‡Ñ#Mš×@ÔN…K—r‰ ã8?.õý6fr÷>$¹4ÌÈ¥ˆd¨í‘/ÁƒgmˆÝ¹i¡VÓlÇŒãæòÔ~“‰—Å*ßêwQµŒÑôôÞ<Åž£ÜH…PxàJ´–2?cÖýD¡üý…Úvv3¢þ i[ÂM»š–ôwËA‰=­"ŠbÛ()©¬ñ¹ˆq4ˬ”–ØÒ‰¯²æÆ3d1¢V°W©wñÌ¡u‚ëÈRÑò9¾ðÓ#1êÀéÆ|uÑÌ5±@ápÃÛVcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitAnyPolicy5subCACRL.crl000066400000000000000000000007161453642760600301570ustar00rootroot000000000000000‚Ê0³0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UinhibitAnyPolicy5 subCA 100101083000Z 301231083000Z /0-0U#0€l™©¶ë¾pI6LXš"舅/Û0 U0  *†H†÷  ‚ŸpŸúÛ©ðZþŸå ôPÑ_:nZARÄoW¨î4³»+³oˆ˜àLÕùX·Ó…ÓÃTx»ÄÞÁqØ¥ýÖ²þÿFŠÀ÷!¯*aÛrD&ô˽ê8•'QU¢S¹5ì9Õ£4 æt+æªû#Ø fç-s&`pã*³¤Ûy â3©_N²b7Û³\Bnæô×fû~¬¿ÅeÑZ˜/®‡ußL:¼*Ã6÷m7}gçm„WÂ7‰úî" í-Žˆ ðŽ4=Ógx¾91Ÿ…ë1o˜Ü"D¨KœkLMvŠÖ‹‚Ð{ˆBQ?FƒŸk£g#Ü%e3nk’}¼V¹¯òcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitAnyPolicy5subsubCACRL.crl000066400000000000000000000007211453642760600306650ustar00rootroot000000000000000‚Í0¶0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UinhibitAnyPolicy5 subsubCA 100101083000Z 301231083000Z /0-0U#0€1á?übn€eÍ©y+n‰ZèÃ0 U0  *†H†÷  ‚A5q£>HÌÇ(˜£qy)æYØ0&òœyaR-âú’ͳ~ Ï·µj¨i€”ÀyÚaƒ¢Vo‹`ç¡)s§¦EÚ!Å ¼™ãû[£8w†¦9ämYg6q{#×úåÁÞ94‡T`Å Q “èô¼oQs4Ot2˜ö²ã–ññøêÉíwì˜ìåˆ)}Wg(léÚ˜’ˆ˜]Š%zöÜï½ ¹“tÛÒ…£žÊ7ÙåòÊ”›=6ñAuj«†ã±[?¸tÆQ—¸`öær–j3T×—Gü—òªœU~dé‹ix!Ϻ½ ˜š3,àZÛÑà´VXö¿Êè¿&úñcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitPolicyMapping0CACRL.crl000066400000000000000000000007171453642760600303050ustar00rootroot000000000000000‚Ë0´0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UinhibitPolicyMapping0 CA 100101083000Z 301231083000Z /0-0U#0€X7&‘„`¬îö@>¥+üÿ—Û0 U0  *†H†÷  ‚½-{ùtÇIP4«+ôîæ“žÓ…62HR,µK`*èÇ«Îü [l $ªÉÿùÿTZ„w Ø0È]-ˆa›Ú„Ÿ‹I²°7óSý—ßRkž¯¾‰B¯·ïA€f<Æ·T8çU§Ã‚Ó:—Ó|ƒ­uª^[Bs±›(jeÚÑf~CÕ‹ÚÓØ a>ê8Cè÷á1™_¬ìCJ%„HÐÝAÄÌs~ZÖyçEÎÉšå#:™öºš!¤Ü>I÷CÝÅ2³` _ŸEÊžú‰=届OYL­žÞÞÐÚX±”ÆunVóûáÖ62$ÜÓ~M•þõ-ïªÅE@certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitPolicyMapping0subCACRL.crl000066400000000000000000000007221453642760600310130ustar00rootroot000000000000000‚Î0·0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UinhibitPolicyMapping0 subCA 100101083000Z 301231083000Z /0-0U#0€ÿ´sbR\–:Z®¼¸‹~i4©Ÿ–I½›=¯ØÔ¬®Æð‡Ž`žA¹¥Ã³w_&kÍ N¦‘4º+ÒnSðrˆ3í[‹**A‹É~sPcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitPolicyMapping1P12CACRL.crl000066400000000000000000000007231453642760600305660ustar00rootroot000000000000000‚Ï0¸0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UinhibitPolicyMapping1 P12 CA 100101083000Z 301231083000Z /0-0U#0€Mg~Ý9¯è&Þ4x±uÚ¤0 U0  *†H†÷  ‚äÀ˜ÖàŒhÐîêãÒ¬#ì…õ:5™ÝÇØ…¡ÖZzš¿{° ˜€ëîø²ØWò6y‹D–φÿÝ×HøØr—+¡~ÛúÈÀÊì¦fšÉzãc“Óت³”€¡B˜ðf6µÛÚ„9úGŠQëÅÔnbÈèh¿aOéÅÿq3x|¨Ñfâëc $ÎB^íêÔ­”×c5r~S9´¾ç‹Ëß–\ÎSãkžåi-ÚÑ`‰ Må·­‰n\ô Gç‰w¡èý¶pR³i´¸*rçÝק†Aåè¸Ê^c°^R…Vkú…›î4œåíûP:Õ.—certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitPolicyMapping1P12subCACRL.crl000066400000000000000000000007261453642760600313030ustar00rootroot000000000000000‚Ò0»0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UinhibitPolicyMapping1 P12 subCA 100101083000Z 301231083000Z /0-0U#0€ª&”d~¼]`Wüp•flç0 U0  *†H†÷  ‚hsG\½1æ<þ*:²ÁYu—#Êü:ƒèHù™¯Ù‚@6ÈÙØ›)í±=[°ó>æÐ$‘¬ƒ¯¢ÌLŒÑš«Ô¼[ghPŸù-i<2w:Q›Ð¤[æ%§ÝcW,“¥dìPl íÕV% níÛU ´ É`=ó¸Ì¿Œ©ãƒão P(VF²g¡–Ú®ÁR9¤@NFÓF^Át×,²¸}M3aˆ\aÐw‡µ)gI-¿J) -_¸A$w®âü½ç½i¸K?D°à[³¤IÛ:ÂõL:»f6|±vJ{µÄIç»°9pØèJ¾¹³6¦"}certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitPolicyMapping1P12subCAIPM5CRL.crl000066400000000000000000000007321453642760600317330ustar00rootroot000000000000000‚Ö0¿0  *†H†÷  0\1 0 UUS10U Test Certificates 20111,0*U#inhibitPolicyMapping1 P12 subCAIPM5 100101083000Z 301231083000Z /0-0U#0€Ïv'";Âô‚.îæÝ€{S0 U0  *†H†÷  ‚“÷¶Y÷ýñyR’ï)hv9²êgîÕ‰ìÈáĘ~ÜY8`|ÇŸ‚=zë‚ëë¢cþ†ù5,t#ÕÎiµ-Îa¦±"¿wg8—£ZŽÏÅ68î"{eU2a¿æÅCñŠIPìQ´EHäâäÆM¬xø’Q®±Œ÷Ã#LÿïÉ£„Of‹6"íaT³~úÅ<ˆÅL{¿ì"ƒ«7åÂçT~œdB–‹¼oûR.ÙÊÑzÏIkËVX*âýÿ$“¼µ¼ ¢ÆøϽîé{Êoµ¬1ñ§¶‡©ÓŸÖ<Òxä½ [†Û™ø3½åCG,¬³CY4 °BüÂ4' ÇC*êÜ.¶d4h÷´„vnÜ7ruämÅꦾtØ™ÙB¥Åð)Á,™Ú|:H è¼TôI*ømÇm¤R )§xªl²žöÍ—ÈÛGÅòO9nHójÖq<Í£ñÐ\›ï*™(¥-]•žœwùØ„£Ö-ºÃC·à 3…ji‹kcùz—xxrmó湯[ò‹¯„m®Õécertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitPolicyMapping1P1CACRL.crl000066400000000000000000000007221453642760600305030ustar00rootroot000000000000000‚Î0·0  *†H†÷  0T1 0 UUS10U Test Certificates 20111$0"UinhibitPolicyMapping1 P1 CA 100101083000Z 301231083000Z /0-0U#0€¾¶½)¡Ù‹á¤€hƒ(­Jð0 U0  *†H†÷  ‚Rÿ¯&RŠí2¥ÈïÓÿ*ßÛ p¤vºt‘Ñz¨Ë‡§¿‰t—= ×¾àëë‚ø£Ë<_œ»‡Ÿ¢½ɘ¶–z²>ùø‹‰ ÞwÝx*9®Æ¶iznWÐë™FC%ƒZƒ1‰MÜA*rš]gMò÷D¯Ãõ{[¿›ñåI˜}#¤ ”3Ž!¤z·D2æx”%-¨œ=‰›hcùg¼_Nó·+öE ~´ñ“ DÏ ¿K• ó ôÏq_p“­x£éœÖ°çéÔC"ºÂ­‹§äêlš¡§"ÿ”øJ,ÆU訜ÍÚ4®óC R»H““àÊbxcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitPolicyMapping1P1subCACRL.crl000066400000000000000000000007251453642760600312200ustar00rootroot000000000000000‚Ñ0º0  *†H†÷  0W1 0 UUS10U Test Certificates 20111'0%UinhibitPolicyMapping1 P1 subCA 100101083000Z 301231083000Z /0-0U#0€óÍ?ƒ0ÓÇbÚæÊl¥±¶€Ë0 U0  *†H†÷  ‚á©pêš¡é îXøNÐ ÁÕù€›‹&7·®DÕÈv¶ZUݸ P[6ž7^ÀXO† Ùì•£^âÚ©«p¡‡ö-™GµçoÆN%Å1VèäTY†4¯+ÅSTLïIµoz"¨‹ùwƒøíy¡Uú4Ôïí>Çæ²ñÑ”‚xµ^w,@aõ·¨¹ë*«ÿòá_ÅŠj›kKËËt¿dÆ—š}ölÍHè@ÞX8 'æo1ë"ùí·‰0xÅdÃy¼ÓdvJx”µAv¤Ø;vÔmÕ(üªÞþâcAƒ€ºÂ)¼û/ú{¯ÁÔãqð°Âk«l(‹å˜qò‡ê ³VëúÖcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitPolicyMapping1P1subsubCACRL.crl000066400000000000000000000007301453642760600317260ustar00rootroot000000000000000‚Ô0½0  *†H†÷  0Z1 0 UUS10U Test Certificates 20111*0(U!inhibitPolicyMapping1 P1 subsubCA 100101083000Z 301231083000Z /0-0U#0€>Et¢‹ÒñVŒFfxp$Æ"Áž0 U0  *†H†÷  ‚tÌâ@CÍÑQ+:×yäàù0ó—Xô[æ.ŠQ0ƱÙëblHLýáÆ´u¼ö’ø&<ëÁº~I|ÿ;2zÉOBsаýÚî_;'ñø¢þû¨9WŸ0•¥Ù`ëÎòþVM!F?£T¾ «d‚†­Ê©[ÊƟ̬TœþøÝ£z–›'$Þ]¨Ò0ƧOì1Å2†ñbŒBØuw%fa iV Ä¥` ›Ž²,Hz\!(|ÅÒ¯ù³¶· ù¤ ½ÜmÏv‡¸£p›éhÒÔ£ÄÔ¢6o Ç]íûœÑ]D ËU¯ˆ…!mâ|D.ývæc@º) pgÜM>ƒ ù\2^—ù qFöô?Ü4 ­Óv ¼Ö½ÿucH‘¡W¢™÷Ì…$»¸l¤4û}*ß7%6Í%:½¸Ð#Á’˜ßÙôfŽâ‡hK’ ½´ââcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitPolicyMapping5subsubCACRL.crl000066400000000000000000000007251453642760600315350ustar00rootroot000000000000000‚Ñ0º0  *†H†÷  0W1 0 UUS10U Test Certificates 20111'0%UinhibitPolicyMapping5 subsubCA 100101083000Z 301231083000Z /0-0U#0€5§ÔáKtNU¨q´B2þɸ0 U0  *†H†÷  ‚m¬¡”}5K*7¢S ¼¨û…Aw˜uD†Š³Ù#°M0ó¨$ËʧívOŸ_loÅ7pÞžªö¢èuF]¦úKĨ〷j¹W¯„'ÑÒ `o\üH¨Vi cE* ˜ ;óŽLV€ÚltÌÚ½ LõaÁÓ6etŸ®à²m)v]gsbª0Ôœcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/inhibitPolicyMapping5subsubsubCACRL.crl000066400000000000000000000007301453642760600322430ustar00rootroot000000000000000‚Ô0½0  *†H†÷  0Z1 0 UUS10U Test Certificates 20111*0(U!inhibitPolicyMapping5 subsubsubCA 100101083000Z 301231083000Z /0-0U#0€®cË×âÃqãôÎnü5ô›ÒM>Ü0 U0  *†H†÷  ‚J£Ìä0MÅ€ƒròU˜+yCÔŠ—Ý|%G…Ë[ß7aÂh=–}†ŒÊ®©¾‰Û¢ùšôÞ*RÇÑf× 1'1{~1"ˆó–&¸ÿû…–+[<ó]¦›è¼Ršè«ë™-ߣŸˆó•–²$m´Ð¾þ8`«’Glš¼RÅl+µwK!Df[ðý'›‘‘©1[â>Z0±©àƒ“í’ì@Kúg@í€êùä]V‚Ž:XNf1r >DÀ™t’–Ä—zþ ¹¢‘Þã²ä¤¡W5ÍʦWO‹c6Ѻº´ïðW¡ b²£9»ø„x›ñøüf‰1certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/keyUsageCriticalcRLSignFalseCACRL.crl000066400000000000000000000007311453642760600315240ustar00rootroot000000000000000‚Õ0¾0  *†H†÷  0[1 0 UUS10U Test Certificates 20111+0)U"keyUsage Critical cRLSign False CA 100101083000Z 301231083000Z /0-0U#0€ÂÊiõ´¯-ôœòUË*0³ÒZI0 U0  *†H†÷  ‚™?S–½Éº‘¸F¹Ø¨KÜ—ÖóÞ©xˆe3™€<©Ì¼ÏDJª:Çu0pñ52ý%DA‘a›ýèê ')Ë\ðnø ǘ’÷¡Å€‹¯ Ì™ø?“Å Ž£N)¥ï‡­¡àrÚÈ(l†¨F:]Ì’_F«zìŒ@øêm7N0[®ûR{ 7á 3J‚¬=˜q|Ä:ÍÌ{$ª§kÁóïK – ¯Ÿ¸ì8ïKÞÙ|¹³äêʼnA©tý΢§zŠÚ¬·`7qˆ–*¤33Û#ÍÛI)°l"'™"yÜÎÚ)lÍæŽl‡@ Ê={m±ò2»;‚ü¢ðcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/keyUsageCriticalkeyCertSignFalseCACRL.crl000066400000000000000000000007351453642760600324560ustar00rootroot000000000000000‚Ù0Â0  *†H†÷  0_1 0 UUS10U Test Certificates 20111/0-U&keyUsage Critical keyCertSign False CA 100101083000Z 301231083000Z /0-0U#0€4U gü±ÜÂr ðcéÔ›ðcù0 U0  *†H†÷  ‚wmø¬3Uº Ja‡qfF ¥ì®3ÕÌô·o~Éì¢>ndÙ#®6ô%r_ÉFr©B´RïÙRBl¦ aKÕ³imÑ¿ühøÉ$²´>gÞkoKïîع2Z¦Çp–¦ x‡ãå]5€w7:O*+",_rßb[ Ÿçž·œ÷)2~óÙˆ[ÚðÖ…ÛP¡ƒ“‚ë0ä¤ï€ª~›²è‘Ê`ßvjÈ# dçæ£ÙrÙjÿ†ha‹Ý=Ò“ÁjQ¤ÓtÏY‰ªÌ“9ùxT^Ý-YL;ù$}üzÉ{áØ·ÄJDàDfõÕ±•ú#Êçcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/keyUsageNotCriticalCACRL.crl000066400000000000000000000007171453642760600300140ustar00rootroot000000000000000‚Ë0´0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UkeyUsage Not Critical CA 100101083000Z 301231083000Z /0-0U#0€ÁJÙ´+Åp~ÎŒ;bXå»—+s0 U0  *†H†÷  ‚€®HÆBw»ºQ¦Á( p“à„«:Ëzï;æ¼Gï˜ÌË7% pºáö¡¤5ä6¾bžU@IÁ"Á„IS$1ã¤<¥-âx]c#ëÉ[è¤Á> X©Ïï%ê󭑈ҲÁÕWácô…×R¼ÁÝæ⢭•‰ã$'UÊò%ú=|´CâF÷:FÎëg¿t‰;`ìµ7‹ °Œ†eÃ’¤ r} êæ“ë#¾UjÛ'¨¤d·P”ƒ“GÎ"§"ØÜûì·S°ZÞ=÷´XÚ*Hšhþ|Šû¿Å0óvæ;v2ýéáÞŸIöcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/keyUsageNotCriticalcRLSignFalseCACRL.crl000066400000000000000000000007351453642760600322110ustar00rootroot000000000000000‚Ù0Â0  *†H†÷  0_1 0 UUS10U Test Certificates 20111/0-U&keyUsage Not Critical cRLSign False CA 100101083000Z 301231083000Z /0-0U#0€ù~R yfDeyÝæCñØ0 U0  *†H†÷  ‚šÜRêÆ×RØ×’Ác/ºØœtœ3ìRÑ”_ßA¾ZÃíš„go¾wZHe%–\‚X¥LkßA Ä„¤ïÔƒ%éŒ8ûJâÔ}7HOÄ)ÆLoç«o`{÷ÝŒâ$…yÁ’Ô2äÁòQ¤clÛCn’÷¥1"úî1v(¯–wJû3êÍ£ÚýVayofQMÕ™t|û®ómNíÑb íYdO$ÚÒlZžàDþEšTþ :ú7£„FPS§\'¾Z½w“5ЧZ»À|±;3¸e‡¡ƒf–I/PlË—8Ѿ›ç¿Âä+ÈË´Ÿ_Üg¼©‰³ÍBëÝt¨1ÆHcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/keyUsageNotCriticalkeyCertSignFalseCACRL.crl000066400000000000000000000007411453642760600331340ustar00rootroot000000000000000‚Ý0Æ0  *†H†÷  0c1 0 UUS10U Test Certificates 20111301U*keyUsage Not Critical keyCertSign False CA 100101083000Z 301231083000Z /0-0U#0€²%Ò(0ÐUhnLµÂHóÊ›ò@E0 U0  *†H†÷  ‚´‡Š•}®·²…Ô®–Ê3n>\b…<êõé˜w]m:0Á¡­Z›~]y:“ê¿H¥Ò•öm%T÷³rædp7ß±LNÃfÑÈ9&tŸ,úáñÌ<6<1­­C©Å5¥ŽsÎ _Ã,Ùn™dOJ[aÈÜ4ÓÌ­Úd4K…ÿ5žÕ2â©~Ù£@éÌ%=÷°—ÊLYÏãÐ=@«ê©vÝW;ØM™Z{©©—¿²„X§…tPŸúãöjW=•‚û>òk¯[Lûcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsDN1CACRL.crl000066400000000000000000000007151453642760600275540ustar00rootroot000000000000000‚É0²0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN1 CA 100101083000Z 301231083000Z /0-0U#0€AxBFÍN¨‚çá9ß÷©À üï†0 U0  *†H†÷  ‚[\_±sµ…à•:'[$kÉA÷§Ì»þ.F­XjfäYó&,¸\àçYduzåMíâ[¦˜¤ÅÎtÑ«Æ,П­øÇ©jÄ É‰Y&¸áR?ó~냃±Òò@€“7Ç®ÜG ë´gúŒÕdïþ¥ÎÎ0ì”[é!Ò…Çc­'²x{4ø¿<Ñ›á $„Ò‡1V6ÝàœÃ)Bú{û- #ç–‘¿ÆÜùþY­R¬À³¿P r=HZcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsDN1subCA2CRL.crl000066400000000000000000000007551453642760600303540ustar00rootroot000000000000000‚é0Ò0  *†H†÷  0o1 0 UUS10U Test Certificates 201110U permittedSubtree11#0!UnameConstraints DN1 subCA2 100101083000Z 301231083000Z /0-0U#0€¢/Xƒ[L•—·îö‡´—àà—0 U0  *†H†÷  ‚È7,¦IÜ¥ôFìëÆw¥[ϳÀŸÜÍéœÂQÕÇËí•Ø¥ÃLO쾋\øþžä%4¤µñ:Âö;ÌrÎL< ö3O¦lçâÕF&"•û|J¢/×o@ŽÒ#ùZ¯Ç‘ ãÀ #îõØèZàO8y<mX 5¯NU>?-ýùy^ƒQÿ‹Ú `ØGÛŸ&Ç¡)A±rd>¹1zëy8’6Óõˆ—è%ÎËR|üá­™'Íj»éF*à¹Ð®£hƒ&u¥Î:ùþÑ«: ÿ5¾€¨¾7kéav›0©¤€f¤áªþª'nÓÅÿ2[çܧäíô–"°f )certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsDN1subCA3CRL.crl000066400000000000000000000007551453642760600303550ustar00rootroot000000000000000‚é0Ò0  *†H†÷  0o1 0 UUS10U Test Certificates 201110U permittedSubtree11#0!UnameConstraints DN1 subCA3 100101083000Z 301231083000Z /0-0U#0€'IäÙEúl˜”lüí Ã$RmUD0 U0  *†H†÷  ‚¸G®¹ðJõkôRõ³]±uè"˜9Sb´½0õ%$ŽGäPØ»ð¤™d7-¨ß>±°"¡0Ž‚'Ê_8´¶ÌÇD/a²ø2DO&_mx(ˆ9.=Ó¥Ìñ5÷üþyIxÔöð² ÐLOœrm¡àiTyúkGÃÒeÓˆr¬[ ¶©,p½¿=CËV3˜²I®Ø'µäâàÞ6ܬ ´O(_굶Æqö®µ©®¶Ç#zì{Y4)ûÜZHå6I€+ ãnÝ"W¢„’…4ðY”Ã5ÓÅ}[ÈËȇ‘ù¹ñvÉÐÌ`ÒO˜Éû›e¸<÷Œ&‘ƒ¼}j„Ö0˃lZ‹}certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsDN2CACRL.crl000066400000000000000000000007151453642760600275550ustar00rootroot000000000000000‚É0²0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN2 CA 100101083000Z 301231083000Z /0-0U#0€£WÙ[]³`ök‰Q+‚à s¨{0 U0  *†H†÷  ‚ 2é»VM¨@ÿñü¾ü»È[[È9`ü²EîT‘Ë¿BÝKgÏ97[¼¿š¢£°‡M–QTÚw~¶˜—h\—å/Un;gsširRÌE^ˆË­E™,óÍßíìg…æbœ×SëS?hª„‰•Bq„ÚœvÄ’3š£¤s…V±¨¬‹ÓÄ„M“aÁ? 3±sYR³‚²ó#7£.ÞÝü2r„Íþàa+ˆU»¦Îp•q .È Kiáý›7É{§SÂ0Ÿ6lê µ½"PÅiõUEz†“ð9ý©ePí–Ã]RÙÁ¥±j|½ˆ{ÁãJ‚¹Ÿ‰»³ü7¨øcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsDN3CACRL.crl000066400000000000000000000007151453642760600275560ustar00rootroot000000000000000‚É0²0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN3 CA 100101083000Z 301231083000Z /0-0U#0€Ü[¾Ç7Y¤Š@t| EDëéCˆŽ÷007Ð9ãÒG¤î¯ö¬ÞQÚ›pKXÔò-ÌŸ¿ÆMeƒyí>h¤P0ø6dqžG};Æ-”ÙÚó+øG|¾certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsDN3subCA1CRL.crl000066400000000000000000000007211453642760600303460ustar00rootroot000000000000000‚Í0¶0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints DN3 subCA1 100101083000Z 301231083000Z /0-0U#0€€¼Ç.÷Žñ8{ô5ëÝéXÆÿ0å#KažHn€ó›\d†; ÌØ`QÙ;¡°¹hî˜ôsâ©ß¡Š³2c¯Ís©{CœKH„%:Ž²Ïþ?šÒCÔ@ЦÑ'ò ҙȊn]¹¡Ö—%Q*ýò$@»Gþ•ªÃ‚<<²q¯Í?RvÞ3wï0MÌa JµvåšÎmÁÍл‰H8uÕQ®›ä8p¼ÅÌÙVâZ •Á òÀ‡.þlG´`òÎyÏsÀ%÷‘+$ª’m<ŽjF eéýoññ°ì|¿certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsDN3subCA2CRL.crl000066400000000000000000000007211453642760600303470ustar00rootroot000000000000000‚Í0¶0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints DN3 subCA2 100101083000Z 301231083000Z /0-0U#0€Ìíj(~Þdêˆ*ìu¿¥.g0 U0  *†H†÷  ‚RA¶½<'ŒÞÜ'Ÿõå°™_4µ'Ï ‹Y’3M¹¦röŒß0µvêYßéÔ±®%ä²öo*dod UTœmf‰H‹°MŽL´¢Â’Ú@HÀç$Р*/t¼#E;Ö øƒßð:1Z*W,îÀŒ§Y™~WÖ ?•[ƒ¦çΧꛌØhbsçy}ÿ6)Æ¿ÑÞ¨ý¬ªN²‘¼ÑÕï˜ÃÂkä¬ñ¬"”_.îi—@Îþ‘mOWìÁ-wV¨ÅšÆËKBe¢Áë¥Lxâ S.¾‹än3ýÍõ+ünõ g…Ò.©ëÈì@¤i¿ïé^—Ë‚ÜgîøÃcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsDN4CACRL.crl000066400000000000000000000007151453642760600275570ustar00rootroot000000000000000‚É0²0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN4 CA 100101083000Z 301231083000Z /0-0U#0€lI6­.X‰6QA;TR&$ÓÊu0 U0  *†H†÷  ‚~]néQaêV¥Å] ánô'ê´çÃõSùÕ°ã îÎ:¿æá̬ ¬Š/KçÆå¦ #yâ3¾c'^ÙHi™j¹†3F³!š#G[×Ùi6íòxñ¿pßð‚Ϋ0‡ÃU™2Ò ÉS7µ8÷lj(ôS§9?Íè#­lʲNΚӯ…Ê­ÀËyz5â—Ø›F È(6ÜΡš@ëÓj3Ò÷EbqÇ_›7~— xôƒ¦“\FDq*P/]*Obj÷[Tylî—nF½µS¶zdw¡Çˆ¼„/=É1š(°÷?570*Þà¡ÞÆLM¨certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsDN5CACRL.crl000066400000000000000000000007151453642760600275600ustar00rootroot000000000000000‚É0²0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UnameConstraints DN5 CA 100101083000Z 301231083000Z /0-0U#0€ºŸ Ê9œNwZëû•¬Ó§J]'0 U0  *†H†÷  ‚„æf/eËO:¯Ì£iF,™­õ‚°Ê÷“Sê î‰Do¿´Ð5è;…#WVãÿˆ>Ñ+ƒA#j•[ƒ= ?uðî\Í ?^ $¸ÕNM‡ê!ñá½B uW_)¸ùúT·îØY›NZ‹ëå"%>ÖͪÌÑÖ S-¢ò"Dõ4·ZSŠ“fcˆ`+–Ež‡A}ÄpáÝôRœ'GÌâöò&ÓŽìauëÍ…‹ºLÅcª¿¹üâ7³‘y+.»MX fô¸±§¥ºá)Bþ WE+û½é–p/¤ý6I'i`©RòÊ• vÓèæ:ïËñV»ÅÅÊø nAcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsDNS1CACRL.crl000066400000000000000000000007161453642760600277000ustar00rootroot000000000000000‚Ê0³0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UnameConstraints DNS1 CA 100101083000Z 301231083000Z /0-0U#0€±ªðãÏÌÒ§‰¦ƒÝÿnÚãI0 U0  *†H†÷  ‚5èk#~ M4ź—Ähð<“˜×ä9õ(vMm%+™5 “Üÿ3Xðò±®*ZBЧUCÅ­ŒVaÈûU:5{ïoäA¿RªÌ~êÝ.ãíy^Iµv€€BÅtœœo@Y%`ׇÌ}L*_‡õ+†ÌáaÅ!ÕÛÄ·w6¼s´õÞòÇô»éý3„½7cµ°gÒL(› C W‰wÐÁ5qNå‹×È0TÞë ˜sL“L+‹Zè'5 R¹Ø-Š1ÔïùÛ'u’D7‚·-™À\%oh…®certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsDNS2CACRL.crl000066400000000000000000000007161453642760600277010ustar00rootroot000000000000000‚Ê0³0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UnameConstraints DNS2 CA 100101083000Z 301231083000Z /0-0U#0€FHœB Ž]SpØàÁÉ5 0 U0  *†H†÷  ‚&†E‹8ìÍ@ òå»ï‚ þ½€ÕÚLÚÀnŒVÂz[— ¤þ¤G ‰Å·6Úø‰ÂèFVò£êÌ÷‰¦2%ºí6OnDE&¦yFÇCM—è߶Tœ<:•a~7û)…ÂÞ“º"‚ön >ùf#RBÕ†ZfH²^}iî3WQ´‹#2¢^Ö†ÃáÎÄ#ò”@WsŸ ´zw/ÅãpG—Ï«]\Òéÿ¾~)YÙfG@®÷™À7—%TÛÌåo?Y™Ì¦àØr:M} ±Ô±ÅÖ;…QÜ°¡¦ýÏÅ:ƒçSb‡Ø¿ÇF~´¤7;~œïa!OY“üÚpò£‹•9ƒ)€!Ô ŽÌŠnw–ä &certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsRFC822CA2CRL.crl000066400000000000000000000007211453642760600301170ustar00rootroot000000000000000‚Í0¶0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints RFC822 CA2 100101083000Z 301231083000Z /0-0U#0€Q€ÍúIrH<íN ÎÎ@ep 0 U0  *†H†÷  ‚0ðiEj;•¨O Ä8…¯7°“Ê%MçlÎ#÷¨í¸X¶±Wun`s_&\ÞyW:q8˜’Hƒùø‰¼]ÈÛQœ(ÖL6ô¦çBåCEk³s¡¶¤½péè1Ðí2ÙÀ'Ï}¬§ÜÎ$XB’äéÎÞŽ¸ZýÕ”¯ÎõQ BžÉ5Mórg]ƒ~#bøÓÂWÄblÃs̃\ZâýÚÁ&ÓOü¿®†”¤ÿg£Ýº¹½Ç§`ðc¸‹hçK¶pE>7E.æS<†%爽îh@0>¥ŽdÕ I˜©ÉÓŠy‹/QS@¥^e·DKãt%báýcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsRFC822CA3CRL.crl000066400000000000000000000007211453642760600301200ustar00rootroot000000000000000‚Í0¶0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UnameConstraints RFC822 CA3 100101083000Z 301231083000Z /0-0U#0€šº9MÚ!u¯êAÃL—è06}±ä(“­åY [Šé†ýozæÙÌ\xŠ¥¾¤ &*~DÏÈ¿z6=ƒ9ãóYô@ërØcÀy±Žý[Kÿš ¥ÓËìŽ×½certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsURI1CACRL.crl000066400000000000000000000007161453642760600277130ustar00rootroot000000000000000‚Ê0³0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UnameConstraints URI1 CA 100101083000Z 301231083000Z /0-0U#0€ú(­AÞ*hÈ#?&Þ0 U0  *†H†÷  ‚+ÜH¤IV‘d ¯Óð¦/ü¬-çfšÂ`^);39h/zŠ3 GÝë蕆ü²BìíX(8…ɪª-¹"ô¬k^]à;KObçÅbÒ³ˆšÃQÕ‹íà°Ò‡3)y5ì¶5‚|ÉaZpU º­ À`õIk\‹ÝSë8•w3}Þ²/b­«?Õþ)Õ$*5€{¥i Q&ú®1?1¢ü«tìÒD 3žÚ#¥ªœ"ÛFQÉw§nŽ®ó ¡Äßg\jäl‹ÜBj¤ÉÀ°êÆ‹™#TxU„Bô@"êü4waf±4‚òÆiæÄMÖ3¼6WU2Æ Xñ&wgÙø_$¦certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/nameConstraintsURI2CACRL.crl000066400000000000000000000007161453642760600277140ustar00rootroot000000000000000‚Ê0³0  *†H†÷  0P1 0 UUS10U Test Certificates 20111 0UnameConstraints URI2 CA 100101083000Z 301231083000Z /0-0U#0€Më‰qßð²úv:X±º`ÝŒÓÃ0 U0  *†H†÷  ‚dôá[ ÙÒXΨ /ƒ™ö=>~0 v.üBåEJkÏ<è··è:³ã0Ù°‹’#> íÒ%q–¯žbªÈ7š¿6¡]Ž]pÑKÍŠ÷.<ÈضG`ásÉ]ÇÆ ùÊmo yîY£ëéiRÅÑF#f>Û¤^$íEC.¾ :ŽÛ¿• É3Íì43epÇ™fO_ã¡í¯äÂú…¥1æ©kï¶-a-©ti­K'$Mo˜t×['*³¨kÃK7¡pwöú”Ýþ¼¶à¹ÌJ[Ñ/BTlû˜Ù[E”™0U#0€Mþö-¼µPMß™zm3pN0Uÿ0…ÿ0 U0  *†H†÷  ‚‚ËP;–mz„QWîb¢šâqD’*ª¨»a6 I$·Vc7þe¿˜tøI¬’LnÈ+V4ƒɳAÅ÷ƒ¸dÜ8*È—†Ð.yÆ4eJCÀ.#µeUDæüip“£a,ð /1U”®Ãý:Ö¨éCŠÙøÀÙ"Öu2ÿnMajƒ²¢Hv0œÝ?W¬Ys$=£KŽí1ÞÈƘôú‘ä!Ž O³m½"û¥×~u>ëÇ­ÌQq …¯¿ðHœU[1x¾Úð[«j=À…IsFݧUИ‰nYQÑ aŽ táð7²c-B­‘.@Áhdkû2ø(ªW°17ÁՉΠãcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/onlyContainsCACertsCACRL.crl000066400000000000000000000007361453642760600277710ustar00rootroot000000000000000‚Ú0Ã0  *†H†÷  0O1 0 UUS10U Test Certificates 201110UonlyContainsCACerts CA 100101083000Z 301231083000Z @0>0U#0€%8îÊ-uz[MÔÀ’ˆ"ÇlT0Uÿ0‚ÿ0 U0  *†H†÷  ‚0yåÁ|T"ýïñŸ£ðé‹t‚†-kœ”  E#beÉì!:ñì]bsÏ~ 0U#0€¼©ÜÍþ–ˆ}µžO™Þ$Ò0Uÿ0ÿ0 U0  *†H†÷  ‚‡[±LûéŸGéówö=ñ§ RƒŒ6”„¥4ú\»0~Ãk4ÛÖÏ#‹l€ªL¯jűݦñ½“à9¤øÞü¾gI{§~é *°ÞCpVQæUË5ó(›É4KOëézì?=]Nîßw¦·±G`~m;ãø|×"•@’Ÿ°O‡÷ —£…ñ–ó}ÿ~ûÙMZÙT×{oQÜìXÎÞvù‚PÂb¡•zíû²½êOCtòL\lÉš’\GϤ wô¾f»h|0ÙWsô¶¸Nk2)B_MÚzŠ±„9îÞLPÜm”©¼0}åÍöÂ$¶çáƒñƸX7æÞeecertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/onlySomeReasonsCA1compromiseCRL.crl000066400000000000000000000010001453642760600314040ustar00rootroot000000000000000‚ü0å0  *†H†÷  0L1 0 UUS10U Test Certificates 201110UonlySomeReasons CA1 100101083000Z 301231083000Z0"0  100101083000Z0 0 U  A0?0U#0€PhÑ A'‡ç N·xVûŽîq0Uÿ0ƒ`0 U0  *†H†÷  ‚a‚é¹å{ôb!y ¸oZš £ˆÄsCÑ?/LÜ:|¤šƒÔ^æܸs[CÀ™CtQc~Žó`K"b2Çãe´7ç»mÓ2ïõvÙÄu+i?¹ ¯²gÆ91¿ÎnÚÐ{tBÓ:«öëÕOo´s´TÉ^!¢ƒýX5vPŒÿõ¶º]öȤìI áFkº?h[;€¼¬,1ƒ€4o Q×:ßÕ¶†%Wiþ~|ÏnA 0Ä:›@s)f™ˆb –Ð:Þyø^ýïõfA´ƒÊfDû=áy“§æV׎ð-q¸uÎ *žDï(‹ÌÔò²?uÜ~οcQâYBWs3ÕA°ê¶sÇcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/onlySomeReasonsCA1otherreasonsCRL.crl000066400000000000000000000010011453642760600317440ustar00rootroot000000000000000‚ý0æ0  *†H†÷  0L1 0 UUS10U Test Certificates 201110UonlySomeReasons CA1 100101083001Z 301231083000Z0"0  100101083000Z0 0 U  B0@0U#0€PhÑ A'‡ç N·xVûŽîq0Uÿ0ƒŸ€0 U0  *†H†÷  ‚ßÓÄ…[‹}‚ÝW+”= ¥+ÍfΛ0ÁÆÕ-$cŽu¥ÖZðUÎ)•ÀUO`ŠDòá5 êÁ(ÊÈ„½iO6.ŠBðiÄeTÕ›6jbaÐÉÄò®V_¿ƒòTúóèOS¡;ó÷ðò™),Á\›ñŠgtjßQ¼ž+¸ÄtöôE·üc}±@¿c‡F=ÄÍ%ÍΑÊËîÝX)üýçEuz©MopvÞƒ“!ý‰ÜÞœhé ãñl$ñMšˆ;Ê©zÏöü2[u ée"ŒÝ*†Í:†žþÒž×YÁ;ÿÖ‡˜uºIéQ…LÊ—ÅI txm¯“ŸØŒ‘ ÛŽsyþhcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/onlySomeReasonsCA2CRL1.crl000066400000000000000000000007341453642760600274050ustar00rootroot000000000000000‚Ø0Á0  *†H†÷  0L1 0 UUS10U Test Certificates 201110UonlySomeReasons CA2 100101083000Z 301231083000Z A0?0U#0€`cßÒ#¤)ÖA¤¬Ê†y˜¦eH®0Uÿ0ƒ0 U0  *†H†÷  ‚NØ¿IlÙgÛ¾Ê@­SGí\-r¥Ž¢»!bzì„Ó¾S-·>ÕB'<´ßÝÔ+̆]›?¿­q±’À&Z°’£¨J,“•`_©— MgF÷—·ÈvªcI„Ž¥ù¬õ€4{„.TOœQ,ô”ƒnî 9Ù~m?™<4Ûè_0ü²´“¤ZBìûšKƒ«òB·©­ÿ ŒÝ´ ©9CëÏ¥„šÌ¢Æ³îcR¹žýô*D t3&O‘F•Ñhïe˜À)ÓéØÝGyÝžÀaIÖßܵꜩ:‹¿TÔ˜Ïj ɼaßæ‚EPÚ2dͧÿ²]certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/onlySomeReasonsCA2CRL2.crl000066400000000000000000000007341453642760600274060ustar00rootroot000000000000000‚Ø0Á0  *†H†÷  0L1 0 UUS10U Test Certificates 201110UonlySomeReasons CA2 100101083001Z 301231083000Z A0?0U#0€`cßÒ#¤)ÖA¤¬Ê†y˜¦eH®0Uÿ0ƒ0 U0  *†H†÷  ‚Žü·„Ü"¥‚‡kÔÈÊ:õgéjNÔ‚"àvì(®`<0&{Ð? ¯ä”6h¹üfIIã'âŽç!9b$ModØ+Ù/^àZ&‰ìqiõÑŸzÈq5Ñ™ª¨‚kº4ÚkÓûè¨Z¢ð‚¡iIP ‚9!} <£åòr%… Åz8 V,,& x4­æù€wQËúx=†+ Â5ËþS©×¥®30.l¢ç šòS€µ /WÌ„Á½Iâ\ëL;èXý¬F¢9&üƒJ\بKç5ª¾¯í‘lT%©ÁY:O‡—yFˆí£û®áó†ávÐ-.–TY”"O&certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/onlySomeReasonsCA3compromiseCRL.crl000066400000000000000000000011011453642760600314100ustar00rootroot000000000000000‚=0‚%0  *†H†÷  0L1 0 UUS10U Test Certificates 201110U onlySomeReasons CA3 100101083000Z 301231083000Z ¤0¡0U#0€-$·—‡,îÚ¾Þ—„¯ ¾k0rUÿh0f ` ^¤\0Z1 0 UUS10U Test Certificates 201110U onlySomeReasons CA31 0 UCRLƒ`0 U0  *†H†÷  ‚uZö¶6ßæ×ÀÌÁ" )ÙE˜r±%à«ÃÜ:.Ñ4t‘  ¶¨}Ù¬p\ÚäK T*÷Ð Œå›ùv?aÆŽýº ¶e¨|M€²ùÇ$¶¦O ÉòxhX0‚&0  *†H†÷  0L1 0 UUS10U Test Certificates 201110U onlySomeReasons CA3 100101083001Z 301231083000Z ¥0¢0U#0€-$·—‡,îÚ¾Þ—„¯ ¾k0sUÿi0g ` ^¤\0Z1 0 UUS10U Test Certificates 201110U onlySomeReasons CA31 0 UCRLƒŸ€0 U0  *†H†÷  ‚MönÁTm²ª6¤ˆî‚‡ƒÔ»ö][çœá“Ô·ýÚMÿ!°Ø2iÚpc²ÄŸÊ¨Å–Õ_°Œà©xã´c&®ÞýÙŽ37Ê-^RÆ·ˆƒh3—F?š ªa³k‹ÉâG*mþð"º¥°Hïsdl&¼ï"Þ¯! `ZïEhÃþù)ÊH¨¬¬ÜŠ°`O='¬úÍ‘GÚŽu·gßÈ;‡sÚÆíO|¿²üžÐ« ‡í°eÍíSœì½ 7§è“i¢¸ÝfK@—2À‘%+|;˜÷<`¿I*'®+¥üM]n™æñÐ=J>h*(Ê|Tjÿèàp¥X<certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/onlySomeReasonsCA4compromiseCRL.crl000066400000000000000000000011461453642760600314220ustar00rootroot000000000000000‚b0‚J0  *†H†÷  0L1 0 UUS10U Test Certificates 201110U onlySomeReasons CA4 100101083000Z 301231083000Z0"0  100101083000Z0 0 U  ¥0¢0U#0€¾fÜ ;öÓˆ4‘S& hnÉ0sUÿi0g a _¤]0[1 0 UUS10U Test Certificates 201110U onlySomeReasons CA41 0 UCRL1ƒ`0 U0  *†H†÷  ‚H7KGnÇ3ÅÃïéïdL”t}RÚ¿ÙE^»#XÎP±¨ôxç]46¯üÄ.ñÔ/bBVí(»p”Öeƒà8¨·ÀH_ꤕÙf<5o³CÆ]“ìî"Á?¶xï°»T—Ý÷—ê>EG:ߣtuL,²IŽVð!Ë.`çÌ|Ùu9¶î¶”¤jâÜQ2ZGhÓôêôŒE[™Vê]C•«ð[¿„Ê”åöÑ’Ixrô¡µ_C%üœLG"¬ïhQƒB q¢ÔDk/y¥S*¿Ð =¤ª³ZWwlÖ¥vy}·ÓÂgé=̯ÏYKÆã¶Na@ÜqE¡UH÷ÙѾŠ…Vk¯G"§IÇƵúKâ㙞&ÁÍ}£•·&öqyØvæ"J·fئ"-ÏK «y6ôJU»ý•ø5ÿŸœ&guW=uj¾äûwŠ£‘ƒÏCè|ÔÔaUñëK{­FØ“~va±«—èÉ»dd®ˆ×‚Ãê©´R'œéŸ^c)•ƒêìÝ‘ ¤PHGP¤@~iÉ2Ð+øÏ™­f«©-ÏxGŒÑøCZñ•øܼ¼Lð|’cØÜåíøüVJC[ø6 Ã`Ü2¹Š½certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/pathLenConstraint0CACRL.crl000066400000000000000000000007141453642760600276200ustar00rootroot000000000000000‚È0±0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint0 CA 100101083000Z 301231083000Z /0-0U#0€›+²J<ÅnPÉ"½cÎ ñŒ=ú0 U0  *†H†÷  ‚ ³j섺2ªÊwÓd!‡`ÐçùÐ ·ÁG= 1Î8K½%œÜ^è÷|v-í÷@¡°2®å‚KÈöµ2!Ø7Ž¦ šæ™6ŠRÀIˆ!2ö HTHf ã`^ @ªG/jÀÌŠéVçXº;ªC{àRñ¯Xð^×mÂeë`t±[p…6M;õÝ®1RU?gæWõ³|N$–°ócjXìá¤ü$ÈÑt0ÄñÀªv¨?,!ö‹/Ç#"¨»î£“z’˜ûò€Åß°Ä/Ô¹/U)HÛZÐ> º·2-u(Œßi« 94k9+9Ú÷–w0Qû’’ì’Šš„³@certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/pathLenConstraint0subCA2CRL.crl000066400000000000000000000007201453642760600304110ustar00rootroot000000000000000‚Ì0µ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UpathLenConstraint0 subCA2 100101083000Z 301231083000Z /0-0U#0€Æ *û¸é>h`zǗγXQ{vÞ0 U0  *†H†÷  ‚š„Ç&SƒÃ`‚{HÜFÒ %#±îÇ~öÚAͶÉü«'¨+ü›cÉDd<¥'ïíF\ ÚûÀôSv²ÈÒ jfr·àÔ%[Õ~¹‡;®³è¸YÔ1Þx3“[g™ï|%ª0iÝ]=xÚ_ô¹akþ\²ÎIgà/èDZ—®ŽF/°îŸØ£(Š/US ×¢iöNÝÁ¡Eî-ýõ+gFoú¬Cküÿ¯tRÑ?ÅÎÀl.ÙVã.ªÙº"c*ež® ˜H|­J{‹Ë|FRÿ¤,ßÝȼ}¢}6ÿ/Þd¼Æ ·ÇžúÑÌ*certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/pathLenConstraint0subCACRL.crl000066400000000000000000000007171453642760600303350ustar00rootroot000000000000000‚Ë0´0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UpathLenConstraint0 subCA 100101083000Z 301231083000Z /0-0U#0€bg}Ò7ÅrÐ޵ʣs^0 U0  *†H†÷  ‚œdFÖG~M–2ÿ ¨>‡dQsìÏÖ™/ŸŽ¬JB_ÅûS!*ùz`óxÖÜø5°ð`ƒ™ÿY1ßV€ûG½ÎAiÎÎÛŽ²#?“#ƒ=ó>ß “ ÅÒ%m­ Ó¡Ÿ¸Wܾ´™ãÚѧÞvÍäð–‚²0âG–¦ž¨\ åéúæ9ç5¶Áä5êºJi†Ï×x?G×ÈfødLRÃÔQ€®1­ôqõ÷·Ÿs##DÕ ùLé¸&ˆ3ñ+<÷SÄ&ôê7Ïàw9î^¶2ti*[Çy8mîqvÏyYS³ÜL&Y¸³~!ŃˆÝyîÚK݈‡qÅ©Ãhñcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/pathLenConstraint1CACRL.crl000066400000000000000000000007141453642760600276210ustar00rootroot000000000000000‚È0±0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint1 CA 100101083000Z 301231083000Z /0-0U#0€óäq`ÿÞ&…3~üÁGgúÁ0 U0  *†H†÷  ‚aAÀÜÔAªŽ !ÙŨ±d—æ Ú¦8¤_Ø£¢öøªq„ëæÀõTr2l7:Å&ûQºœýpbƒWykMßgà5®ÂÑLJ¶˜T‚nðT@e°v<(÷/•_]T_Ú‰Øa7ZZü¨¨ë6ÀÇþ€ëîÔ)›s&ýÌ¥ê{”A„ o"!Ù4óá3¤Úæh¾)koµ%*óY|yáäg@IOZc›D-¢Ó<û ¡‘1«?¢•_Æ#y.ìˆm•eí§T"1RJÄši—³‡†Â°®´Ôõ´½WNù²iŒ[ÈED ǨœoØct‰certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/pathLenConstraint1subCACRL.crl000066400000000000000000000007171453642760600303360ustar00rootroot000000000000000‚Ë0´0  *†H†÷  0Q1 0 UUS10U Test Certificates 20111!0UpathLenConstraint1 subCA 100101083000Z 301231083000Z /0-0U#0€å™–µÇ}UB­ŽÇ%öͬy0 U0  *†H†÷  ‚EõG'›>,+©}¢ ÖG=Ø+UÅ–}–EËÑéãçèC¥¦-:v /]BªªbbÔ“Æ( ú‡Ôp^‹Ê*´4´`B=‘|ÿ ‘äëFÜÀ«ˆÉS™bÎœÛì{¶.ñ¡‹ÆTŽ è1W¿ŽpŸû=}ɶ´ÔÚ{O^c£ø/p ¤ß™ßr³±pí‚ÉÞo¶¨„8®Ã"ƒYéh.Ve¿:¡gùB®ë˜¥Ðja­N£ZÀŸB¦:{Z•§ÒD÷¦€˜ø=oµ5µÙsè”-wqètüÄàõí;*/OŠßR™“›E›r™:¸É#ܘ»¾kY„/certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/pathLenConstraint6CACRL.crl000066400000000000000000000007141453642760600276260ustar00rootroot000000000000000‚È0±0  *†H†÷  0N1 0 UUS10U Test Certificates 201110UpathLenConstraint6 CA 100101083000Z 301231083000Z /0-0U#0€¯¼…®þL®á—#ˆÈ¥±` ºNØ0 U0  *†H†÷  ‚˜w–ä±ûz$ÿhPtb§x•ÀÏœùØqÍX óú' ­/(°w§ì#’Ðaù¥àÖ`‘99Õ u´Ÿ¦ÄÑ#­Ë¶aþG#F×KõËù%u¢øÉVnìÍ×Gœ{¼¥·å®­ÅãüÛÔ:f™ƒèDžÿ3€€£ÆwbªÓå@øêü äû+˜ÀRå·ü„‘î¶P<Ñõ¼cˆpT,/' ³a“”O5åòÊM 32pý¦É|p7ÎÚŒ ï¶ìC.›d#%e¿#'bwdÌdmÿԤŇ*Ù•ÚºyÀÆJ:o/è©Ÿ‘Õ­0ù%˾7ôEcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/pathLenConstraint6subCA0CRL.crl000066400000000000000000000007201453642760600304150ustar00rootroot000000000000000‚Ì0µ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UpathLenConstraint6 subCA0 100101083000Z 301231083000Z /0-0U#0€Ïvvƒs$Ç£mg|ëRÀÔÔíH0 U0  *†H†÷  ‚\¨ …¿ýûîT3[É£‘ÀþykÌQÎ|]·Dl§»f9d>`SIÍöƒÁŠdËðel¢¡ûgÊáb¢rÈVbr+Íçî²£¥­õîØε(´ÌörLÒú†{HÃZ ÷Bnš2a«4OÛâ#ç ¬ùoV4UžT6¹èåñæ‡üá< ñ²±N(5 .&Ž¹7ñ_ùÅRÒ.'\þÓÏSÎó[ž¨Ìü’iùã¬C:†«X-û²ò˜Ù)Eî’™éîtaw¬ŸìK9ŽÓ Å8Ó¾F :ŽÉòŒ?Z㛾jT —œQFUõwwÒ†¹âV¬äƒÃÎÇ)7ÑÀûÂõ:„öcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/pathLenConstraint6subCA4CRL.crl000066400000000000000000000007201453642760600304210ustar00rootroot000000000000000‚Ì0µ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UpathLenConstraint6 subCA4 100101083000Z 301231083000Z /0-0U#0€I…ÛKûcÙ™(´ zžZw0 U0  *†H†÷  ‚·”¯$ÁLx1¨þÇe†M6 ÿçâc/ ×Î4õøÛèÔrùÆf}( “I‰Ÿw?ª˜}õ#¥ YNvÕ«eBE£ðéN²&N- )K©¦µmX¸›&Û.?† ûËeù): ÑðæqU/Îå¨Ì7ðGÿmè•Ÿã5“á&[5Ô3ç´ó•«^Ï„ê̼¿¼œ#,á™{ÓJÃq ¹0ÆL`øæ1äRAš'$øÉäa%~'Dß b:X4:?ß^6ùr šâä~° ˜:_A3:Eõ[:¸Iì[¦˜*ôñSðK¬Õ… ŸÅ­]U{,|\›§certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/pathLenConstraint6subsubCA00CRL.crl000066400000000000000000000007241453642760600312130ustar00rootroot000000000000000‚Ð0¹0  *†H†÷  0V1 0 UUS10U Test Certificates 20111&0$UpathLenConstraint6 subsubCA00 100101083000Z 301231083000Z /0-0U#0€º¹âˆ÷ÔY%Šã)ßO 8Ýqt‚0 U0  *†H†÷  ‚½¶9=×&â;öy†lŒc s쵑Ýqs\H]'CtÎIGá •»ö⸀6w2ÈBÕƒ×Wç«xŸJƒÐΗ¿NÞçÆÔ¸å¬ÔÆ÷[ºOÃ[³éI”Ž+‡z…oÕ‘¶+þfç6uŽÅ³dž/ˆfðüXmq¸¹sÐDma¨–²¬ÐÕ^"ÈP—²Ž ?ytˆŸÛ Õ‚I˳ƒˆ!:D±š^Í:à2ƒuòeÜû…“…ldÑìl$bÔ² ræâ ÿÄ—‚S§èS]ùvùÎJׂQÝ%º±õ%çP_׎݈£ wÐï=£«ïF² ’ð§™sµäªd¹Y@3aÐädüÉÈ9…±r!^•'¤×Ü©…tÿä"%sófßÞ;ΧÍk‘?sk7C|Iýbbä¡›Ã4¾`j‚À¼Þ4âêS ªg™ÀÇÞJ;“tΔ#»#·úŒJz Q°ÄíL‰ Ýåbï|b–Œå%x/ȹóñ¤,°h«K,íxk‚¾ C•·›÷3V刑K†ÖC%.âÿLÛ»ÿáö„ï’ 3­0×Àà>"&4;0íU[hô6¬,Š•‡Í¾‘¬Rü±†IsmwýNâ¤Mx£certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/pathLenConstraint6subsubsubCA11XCRL.crl000066400000000000000000000007301453642760600320540ustar00rootroot000000000000000‚Ô0½0  *†H†÷  0Z1 0 UUS10U Test Certificates 20111*0(U!pathLenConstraint6 subsubsubCA11X 100101083000Z 301231083000Z /0-0U#0€ƒÚ¸µÆÈ‹|‹?ír%â¯ê0 U0  *†H†÷  ‚˜¬ZBç+\§€ãÍÂ!fÈÿLo{v&“!–…u†3çi6>® Ö° nžØ8”ù†æ}RG”[zp¶)¨ZÁδbÎ4ôÌü aÈS$v4¢ŒÎ®šåæÖ7ËË­‰ÂËÉ8™å®«Œí hqØ?8—ç¤ÆÌïS›§"ú9S¬ìËû£üd‘½Dy5ÊØ+žKv#ý¨šÍð^kÀâ¶"ŒÈÆSÒ{5àÉŸ}ÆÑO?GO9ú4Úƒêa¼6žfyˆ+yPgðåuS)+òâ¿m2s³Ü%=¥(iuyvf‰žÓ,et(•”YrÖŽ¿¦µžcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/pathLenConstraint6subsubsubCA41XCRL.crl000066400000000000000000000007301453642760600320570ustar00rootroot000000000000000‚Ô0½0  *†H†÷  0Z1 0 UUS10U Test Certificates 20111*0(U!pathLenConstraint6 subsubsubCA41X 100101083000Z 301231083000Z /0-0U#0€¡í¢ó5T¥Ÿ¼cæGjS$lJ r,0 U0  *†H†÷  ‚Ù½wP9r¤ÉI·JKø)øÀ$; :¬Ÿ—T ^=¼2®7bRÛr†¢½m2/î8Îé›ÓfJ¯‹õ©Þí?” >ûþ iC·#Ç)­÷ˆî•_öKU?¯Ì ¹O˯¨daCÆ­‚­‚Öv”–Ùóò5×¢ÔÁkÓ^’´>Ÿ¿Z¼ö€jhË?µ¤ž¬ì®ÈT=ÿïë‹Ý‚²ä²YýUÂôùiÍNvÜCnÌ%t˜Ôàů¤>gHÍI,{®‚e´[Qm["+"H6\šŠ„2 N‹±v|&Å~1±³‹Zx²†à&dcÆ vÄK%8Y0(ˆ)EõôÕ>ecertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/pre2000CRLnextUpdateCACRL.crl000066400000000000000000000007201453642760600275700ustar00rootroot000000000000000‚Ì0µ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 Upre2000 CRL nextUpdate CA 980101120100Z 990101120100Z /0-0U#0€¨Gœa€h(±Bš)Œæ()’Ì0 U0  *†H†÷  ‚^š]¼1ÊlkÑ1Uتjù¿;•Q"4v1~Ꚉž€æ“u÷)*["U…FŸÊM>ݬrØòäåw'É)|è–^ÿpuOZ=Û¸cüF7²Nè êp”å? ¸aþaÅ(!•ã'ŽÙôq­;7JÜ[;ò¶°mtŸ/ *Aÿú+†¤®¯jzÏM£«X\Ä ·ow´÷Ú«$9»oZ Ú±<¬ò˜,x’šH~ô¼mÎÿþXä{aà`ø;ï ,/¶®°8 õ"A=»m¢3™Ïzš¬¿)⥑ËBU³UmÊàHéOy¾ž{“G. oEù¤Fµ)certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy0CACRL.crl000066400000000000000000000007201453642760600305130ustar00rootroot000000000000000‚Ì0µ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy0 CA 100101083000Z 301231083000Z /0-0U#0€¹ìߺR"¸¸¾j÷¢Õ' Ög50 U0  *†H†÷  ‚JÙjùÄÉ8‡÷³Ð°{Xk¢$ 3=õiÔœúµÊSœn@,OZ²Fî±zìÃÅG!÷æñ°]è”]pý§´¶K1DæÉDulïZ«ÊÔóBƒYXƒÒtøt©î¸©ðSÑ ð7à´h^ÇñƒPàiù¦Z?­’Û¥¾RµPjuÍé°K]™°ÿû2û|Ä8;sSêí˵ Rá/‘¨mv)™%”ªfæ™@OÉ+é&:$²$ò Ø“'Hx Ôûcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy0subsubCACRL.crl000066400000000000000000000007261453642760600317450ustar00rootroot000000000000000‚Ò0»0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UrequireExplicitPolicy0 subsubCA 100101083000Z 301231083000Z /0-0U#0€ëØ—zz#5äÏ—$'"Ìg§VI0 U0  *†H†÷  ‚6ˆ²HŽu?ù}8°ñàÌDŽç ×ÚE*Jü»ÒB¹¶·´˜¹Ý¦zïFD#j ma¹ÚüRâ³"»¥êïÐÏXºÝ)ÍñûTñÿtˆ‚§°th×Åž±~ × žV[aŸÁçQæ_…»ý,ÏGKsx6» ´¾µ½%*+u}µ§îæÀ$iø[K‹¼éDQ»8Š)uåeZUëía_+ “ÚkUær|•í~.,JPdi6é 5_­Çù£…'¡ªoøÎ@óújä‚GúKq#‡Àè+—fª3«ðF±/Õ¬õZÅC”.Ä;ðE5ÌßcãN‘¥îcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy0subsubsubCACRL.crl000066400000000000000000000007311453642760600324530ustar00rootroot000000000000000‚Õ0¾0  *†H†÷  0[1 0 UUS10U Test Certificates 20111+0)U"requireExplicitPolicy0 subsubsubCA 100101083000Z 301231083000Z /0-0U#0€µÛÖÈ /ZAÇx£D‰ÚÎ.kº0 U0  *†H†÷  ‚(W[¹¯7Zëçö5gYþjÈWÁGz›#¦€NZb—Ç¿Eô£ÎCOÙ*Ê„h»(;2~ÅèË”j|1Ã[î¼qÝ>=%›ØD-¢ÆkSõÓuË_O¿“™Ÿ‹JùF*Ïy;¬WÆí]’Å    PFå_#üÆ”²´-ë !|TB2¹Œ@p¯Ë•bp+Ÿß“˜Õç`h„]ì§zNv¢ ~Bš*­rl¹ªÒŠ«ü§AÌÒÞ¸o`‰¿ºE‡0t~ ]qkçlÙÇ-™ñÓ{9` NÉ"ìœß­þOÈíÕº­ê!‚ñuÁV‹óyöcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy10CACRL.crl000066400000000000000000000007211453642760600305750ustar00rootroot000000000000000‚Í0¶0  *†H†÷  0S1 0 UUS10U Test Certificates 20111#0!UrequireExplicitPolicy10 CA 100101083000Z 301231083000Z /0-0U#0€óLÑ_Õ€Góø4,ä˜ÏkŸ0 U0  *†H†÷  ‚ 0ãëå¹B_]¿Âj‹(ár­ÂçBÊ4ÅyÖvr‹¾)ÖRš ÒÒØ'*zZô~àýðô”¼¦·íJÖØý}t·´t®¤_á~F‚¯[¼îGàAþpGñu"Ä;¨|‘HáŒ"p SþEŽ¨KÇë“cÎ%t²MÖhŠI¾=ßå˧÷•‰>Wzß[çÜÞCÚ¯ÿúμ—to|Ž´±@Ÿ(œ¦³þg¤ye7ðu+CÉU­=éÒxûWD6V¢_C¾M(TÄyÕ=¾Vâuÿºùz=E—d¼3Zú÷~†€mý+]ÞZc²“åF£Däëm+¾Œàhqg–¯P.¤Û´e>¾ø¾#ûb°FŸº±ÐoÌȪë‘ø`yÍ~(…‰[`Sá—gíïèfUˆåä p8RAÒŠNTò½å”E«Ê>oõkcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy10subsubsubCACRL.crl000066400000000000000000000007321453642760600325350ustar00rootroot000000000000000‚Ö0¿0  *†H†÷  0\1 0 UUS10U Test Certificates 20111,0*U#requireExplicitPolicy10 subsubsubCA 100101083000Z 301231083000Z /0-0U#0€–Œqü¨;ÎÙÄøÃÐ_iq|èK0 U0  *†H†÷  ‚s–¯¶îX¬Þ8º~6iŸsÍÒ-‹*mŽ%µy”°7¸®®„¯§ ahOþ¤=ÖÌ,ï«÷À+Iêˆ8"YSn*›º© ﱟX ¿.´ˆlŒ€Ðý M­²‚kq"}.~[Î(‚u±‚wAzƒ[ /ž;[ÆòˆÙCè«Yðç½=«ÖׯMkÖ$cÙ¸­÷0¬@R³!µzïØÉ맢š)aöñ;r+`dæŽ'«8›iµèjgõùp¿‰‰¼áUœÞŽ_<\)t«ÓØ#ª†û“¸«»HÉ¿ñÒ;á\)_¦‘¶C¤[¾ÝU‘Žê÷ˉcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy2CACRL.crl000066400000000000000000000007201453642760600305150ustar00rootroot000000000000000‚Ì0µ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy2 CA 100101083000Z 301231083000Z /0-0U#0€6©Ùûª8/ ÷L;Ù…š£-©Ç0 U0  *†H†÷  ‚?1NJ‘V…6Çv<úƒ\ˆ~ÂE6ìéI lœƒxÆß&àûá£Õ^SÒx‹æq¢š&O¯á*YnXUüƒ$ùN’Ctv|K´—o BSˆQõÒ‘å…ÿBG% ÝBÒ»ÁšOwLWÐ>Í€-Çàänm ±'ª‚ŸÈg­SǽuãÂêm½$Ø•Y‚yÏ’µ“þç£jãšû¸f¸Y#7Ý<,d™šå_ÓÔ}èU$b9³«LÒ±Ë-- ®c)zE7ƒüç¦6|³èß–šðÃ6ÑZÙ¿€3±… ¾ñøq+aÆ_J\€š‘½Ið¡†wïv¸­pjcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy2subCACRL.crl000066400000000000000000000007231453642760600312320ustar00rootroot000000000000000‚Ï0¸0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy2 subCA 100101083000Z 301231083000Z /0-0U#0€ wþL0â³Q°÷ƒ˜G0 U0  *†H†÷  ‚yäï?GèøßêïæÀ8X mZǵ`Ôô¬ÿu„:ú:ž¹‚ˆ_µ)Ù”N—ŸkÏBØôNDÐtëÍž @¨«¶éMm!ÌÇÏÁæ73 DªyeZW\Z3Hìl¢c£'ª,óZ'‡Ör !›!’Ï/áÙµóé\§rúâ ·‡ut¤|ç†&áq){¨‡¢úmÙ–³½ÆÒô£.tòdV0"YÙ.ëuвŒ$jeËqw×´]Z)¤ÖŸÞ7” 1£YçÛ¨Ø,&¡ÞÇÔ·³§Jùß 5nOï%ÔFÆ?¦ú"#Øù·{/•Š œ.Nb{œÄ𖦙 -§X 7ý1certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy4CACRL.crl000066400000000000000000000007201453642760600305170ustar00rootroot000000000000000‚Ì0µ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy4 CA 100101083000Z 301231083000Z /0-0U#0€ÍÑÜÌÔ1c,]6±žu¾K^c0 U0  *†H†÷  ‚#TÇR«·€™p×vJïó\:Ô€ºñTwã —DY)XbPšAˆ4~Ξ9LEÏÄÈ¥5âýt€íð›÷zaÓèdåh¬ÂûçÖN;×))ˆ“ÆRÔÄ)IÔÜQ’Oæ®B8AëyB“%Ùß—‰T^÷ˆ|ð³G#Ë>wy.Béu¢´8k‡õ!™Ë)Pœ…”²1¶¶>§üR0æÒkò® ¦e+0ðp¬xè4)ÐIÖ.‡ji²certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy4subCACRL.crl000066400000000000000000000007231453642760600312340ustar00rootroot000000000000000‚Ï0¸0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy4 subCA 100101083000Z 301231083000Z /0-0U#0€}ï”»ö§—æØ"HCH¬³îº0 U0  *†H†÷  ‚² Û*4 Cš jY`u=â¤3¶õšóî‹4äÚs…´¹òWµº5­63vÎ…aYíC'0"¼—£À=/$¤¢oCAH©)ž*N¯î£:›¡VËÞšÌ;™½‹UÞíê+&€›a0g w?uo³€r×6ÈǶˆ«|ÄÍè‰?2©þãÀW›ÅŠAQK›öò_ÁÞv§[o«`ÉÄ1@e#¼­OàqžV||‹óq@µ˜kQr4²WÖœBš fÈÿ]^=eŽT°Du`Åö!UÇåä~öp˜?Í4 ºjŽZŽÏ0^â©ÆÁl&‘9ùwÎ7‚xY£;+œ˜Âe=Ëö‡öÆcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy4subsubCACRL.crl000066400000000000000000000007261453642760600317510ustar00rootroot000000000000000‚Ò0»0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UrequireExplicitPolicy4 subsubCA 100101083000Z 301231083000Z /0-0U#0€©êæÓž° —¯çþ.2¡gL†0 U0  *†H†÷  ‚=<('Nˆ!“3“ØÈQ>XhuVqˆ |'SQ&+ïÍÆ©kj³×‚E«W—¶ð¾ÂvÂy$O„3L^V_çDá›óüÖüUo0ݨ@þi¼BÜIÂCÊõSÕú9noq5s%™kôE¡¹ˆ¨- uE"j&·'mŠt!Ò4¢‡²S•ÏêúÁÿ(&|P4›Q_–÷¤¢}%¯Nß7¸RŒ–0§ÄŒVk_—G¨&…+ú­ØÎöIÄþ °ÛQsAy¬Î‡ŒÛ±­íê¢{{¾\é#Û1í\ëG‚|îg›nŽ#/ŸQžê¬ ò£§ír¯9å_ÅVL¬švkø¸/0‡cÁØzJ q[fç09+µDÓ ‹$’1öAà å>f¬cËç"”‚&²¼BÀ¥¾?,‹¦}º›Ô‚ýñì´Š)DÂþ×9\*wepѲ¼¼3Š§3n4ôó'þÎIþê×FT$)Šù__ÛMQMcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy5subCACRL.crl000066400000000000000000000007231453642760600312350ustar00rootroot000000000000000‚Ï0¸0  *†H†÷  0U1 0 UUS10U Test Certificates 20111%0#UrequireExplicitPolicy5 subCA 100101083000Z 301231083000Z /0-0U#0€7Ó¿ÞÜPǯȊ蒰ÄHað:0 U0  *†H†÷  ‚Ђ_kTÿ‹,F/_¨¢¸ºÑ´”~Ô°E"Ù)ìèw€–;•ê˜IÏé‹VŠTk‚ƒ»åÃ4¾þ{4šP‚ñ¥épwò€ ËõzÛT{osëø©D€ô+U~ðBfGCÓc^Œƒ(þIƒkõŽ„ßN‹¿± am¦È]ßYV³ XVñš}÷??½‹­ôd ¹®HòR^ CÓ}T}'‡cÇbм7~ù \U¸´ü$ˆÒbTÐnåלð0n\ÅÆvzDÅX%&á_ôå\ùW³Tbëå‹©¬4¼GCac" ªoɵs½˜¬×¹Þp—?+p´ùcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy5subsubCACRL.crl000066400000000000000000000007261453642760600317520ustar00rootroot000000000000000‚Ò0»0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UrequireExplicitPolicy5 subsubCA 100101083000Z 301231083000Z /0-0U#0€ø‚/yÿ´~Û[¯2ä5aµl0 U0  *†H†÷  ‚©Ò­{–õãç›&°Nˆ·6‰;|*TôÉÃê<¨>Ä;©+H/ ø÷R9+ø‰ý”uÿW® äç;à ®þþBTtþd¤f)’/D9”"c¤¯”nýÎ[bmöˆ‡É· sx|Øw@D¢ø¡øŠ)ß¿O|œ§m:‰ÝƒÆ3ûešJKû–ÞÏw¿¡úä%Ï ê*Ü)Læg‹Ü{qеý®Vò8¼VlÞÎögÔÊløHßà²yeàzI*´M⠲ŠL)gªu ?¶fG¤]ýš5[KldƒZ©Î/™V³ ñýŠV ß>2€Ökê±uaËüo4Q“ÞLp/certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy5subsubsubCACRL.crl000066400000000000000000000007311453642760600324600ustar00rootroot000000000000000‚Õ0¾0  *†H†÷  0[1 0 UUS10U Test Certificates 20111+0)U"requireExplicitPolicy5 subsubsubCA 100101083000Z 301231083000Z /0-0U#0€úbº½~^_ߺ¾y7‚Üü(0 U0  *†H†÷  ‚d"‹K±¹I½¢O4KG MçéJÙ€U• úö;î2{|uD‡ßÊÌëš©èè³¢[d´”dknf(ÃÂO{Õß 9HH¡{ÈMŠ‡§rxÖÁþ0ÅDÓù­²œÀ’F©zßÇ\ã¢ÌsÌ™dÁ±Èý–+zŒÐ†UŸVÇ?aœC^îd˜¥%aU]¸íÙmãáàEê ôмn±=Wgj‡m‹é¢IÖ#z¢æHíãðÉÐ\¦ß!Æo d)dô´W+§Egï$9Æ»›ë ¨ BŽêφH(MZ;kW'ßsÃ:g«µ1çŸyÿô•…“ígÑ›ááSê ­certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy7CACRL.crl000066400000000000000000000007201453642760600305220ustar00rootroot000000000000000‚Ì0µ0  *†H†÷  0R1 0 UUS10U Test Certificates 20111"0 UrequireExplicitPolicy7 CA 100101083000Z 301231083000Z /0-0U#0€l1—5 ÞÛ5å iXYˆdÌ!ÎJ0 U0  *†H†÷  ‚p¾9ßëç'[A“,Ì „€ŸøÉûáF ’¿³¼²Þ=bigÈAÑ5 g Ï ²ýýÒ´0¶n{ÏZ,t©IµW¼¿fü’ç$`£‰/kº\ ¨ £ÎµÏýîhËÁuq,S¢`œVú¡:ïÔ¸H¢Ö:Ç:ètE±Ô&¼!uý^OlÏ7°Üùº2mpåŠÚ°B-¨ÜúÏ W[A2®8ƒçf³1è½òƨ±'Jø*Hæèt ÖÚÇY8œ]þg ¶¤#a í'gnô{¯®Çê+Y?HeåзЗÆ™Œ§::7ùßúÇ=ÂÁñpi^–certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy7subCARE2CRL.crl000066400000000000000000000007261453642760600315530ustar00rootroot000000000000000‚Ò0»0  *†H†÷  0X1 0 UUS10U Test Certificates 20111(0&UrequireExplicitPolicy7 subCARE2 100101083000Z 301231083000Z /0-0U#0€ç\%Ž~ªLwƒ{ÃêiÖÇ¢4á4Y0 U0  *†H†÷  ‚(io õ‘࿯pŒï@(ô†[§Ê÷NDˆÜê£'1å„iÒèkl(X×(Äã•H„­Z2²W•­úèK÷ ôT0½1L<$Wž!ÊßϬ0aðbq:KœFÿú †íÖÐÃÑš›àè;«i¶t>œÒñÉu »åÿ)„‘£¬kŒ²QG\•å,¸y½¯¬Í·4;ö[ oß·Þd•ž†¥I5Ñl0˜¬Ë:¼ð‹÷q) Ì>(£4æHMYhin mtÆYZÚ¡ 27 LSä'ž‡2Ö¸ŽÝž™T™{˯'ÖÎÊ¢m1¿oœk"5žcertvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy7subsubCARE2RE4CRL.crl000066400000000000000000000007341453642760600325770ustar00rootroot000000000000000‚Ø0Á0  *†H†÷  0^1 0 UUS10U Test Certificates 20111.0,U%requireExplicitPolicy7 subsubCARE2RE4 100101083000Z 301231083000Z /0-0U#0€nÿ‹fþ›¥{ûd3eê•H”˜0 U0  *†H†÷  ‚;‚bãRP£’¬ŒßHhê ÚúÜ l½5gV Rÿ3·dr‡÷Ⱥ±–”Dª\|vQ®³¼»ºí¤r®Ò…. ÊÂé¼eŒìFoÑ9Íy>µÜhûý"mðŽ,˜°ºõâ8Ú«‹HE×i™ˆ‰ÕÃÀð­wâ‡màÌ ¨º±Û=ÎG¸ÇøëŸ)YÙr„7™•uáæöË^Ó¥Gõ5‹ôíë=8ö.Xp"ö—’ªôÊc`Ѥ´ÉÁé`¿¿SÌŽÉJ·s;÷ÝZdIÒ>·¢±h‘ ÿ»]cGøOlAýI{öùAi?öD¨»ƒ’yo¬±±Á´certvalidator-0.26.3/tests/fixtures/nist_pkits/crls/requireExplicitPolicy7subsubsubCARE2RE4CRL.crl000066400000000000000000000007371453642760600333140ustar00rootroot000000000000000‚Û0Ä0  *†H†÷  0a1 0 UUS10U Test Certificates 2011110/U(requireExplicitPolicy7 subsubsubCARE2RE4 100101083000Z 301231083000Z /0-0U#0€{,Qa1­¬,k©¾;;’ªD0 U0  *†H†÷  ‚ ´úgTÊÙÃömØ<Æù×Tšî|©ðkk·•—l¥ûÜ0¡ØëÓ›˜ ƒ­@’8!DÞÕWÇ¥ œê[+XyE+î«» þˆ>'Â!ëûßö±•-”»äÊÔvTl?TÒè,ú«{[já¨8[ºÞÙà|;$´iG b’5®ŸøõŽbýp@Å+lå°†³b] “Âsó•ÌSøþQ]¾bz5#žüm¥QõœD J¨Š&aÍÄü˜éPAd0;¹téB»AŸ°°pëV¦Þ^ò œuIr;›”’äFD–” ä|~&’O6ô‚LÝ*‘E,R:/pøcertvalidator-0.26.3/tests/fixtures/nist_pkits/pkits-user-notice.json000066400000000000000000000064331453642760600261520ustar00rootroot00000000000000[ { "id": "40815", "name": "user_notice_qualifier_test15", "cert": "UserNoticeQualifierTest15EE.crt", "notice": "q1: This is the user notice from qualifier 1. This certificate is for test purposes only" }, { "id": "40816", "name": "user_notice_qualifier_test16", "cert": "UserNoticeQualifierTest16EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "notice": "q1: This is the user notice from qualifier 1. This certificate is for test purposes only" }, { "id": "40817", "name": "user_notice_qualifier_test17", "cert": "UserNoticeQualifierTest17EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "notice": "q3: This is the user notice from qualifier 3. This certificate is for test purposes only" }, { "id": "40818", "name": "user_notice_qualifier_test18_q4", "cert": "UserNoticeQualifierTest18EE.crt", "other_certs": [ "PoliciesP12CACert.crt" ], "crls": [ "PoliciesP12CACRL.crl" ], "notice": "q4: This is the user notice from qualifier 4 associated with NIST-test-policy-1. This certificate is for test purposes only", "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ] } }, { "id": "40818", "name": "user_notice_qualifier_test18_q5", "cert": "UserNoticeQualifierTest18EE.crt", "other_certs": [ "PoliciesP12CACert.crt" ], "crls": [ "PoliciesP12CACRL.crl" ], "notice": "q5: This is the user notice from qualifier 5 associated with anyPolicy. This user notice should be associated with NIST-test-policy-2", "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.2" ] } }, { "id": "40818", "name": "user_notice_qualifier_test19", "cert": "UserNoticeQualifierTest19EE.crt", "notice": "q6: Section 4.2.1.5 of RFC 3280 states the maximum size of explicitText is 200 characters, but warns that some non-conforming CAs exceed this limit. Thus RFC 3280 states that certificate users SHOULD gracefully handle explicitText with more than 200 characters. This explicitText is over 200 characters long" }, { "id": "41012", "name": "valid_policy_mapping_test12_with_testpol1", "cert": "ValidPolicyMappingTest12EE.crt", "other_certs": [ "P12Mapping1to3CACert.crt" ], "crls": [ "P12Mapping1to3CACRL.crl" ], "notice": "q7: This is the user notice from qualifier 7 associated with NIST-test-policy-3. This user notice should be displayed when NIST-test-policy-1 is in the user-constrained-policy-set", "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ] } }, { "id": "41012", "name": "valid_policy_mapping_test12_with_testpol2", "cert": "ValidPolicyMappingTest12EE.crt", "other_certs": [ "P12Mapping1to3CACert.crt" ], "crls": [ "P12Mapping1to3CACRL.crl" ], "notice": "q8: This is the user notice from qualifier 8 associated with anyPolicy. This user notice should be displayed when NIST-test-policy-2 is in the user-constrained-policy-set", "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.2" ] } } ] certvalidator-0.26.3/tests/fixtures/nist_pkits/pkits.json000066400000000000000000003252441453642760600237230ustar00rootroot00000000000000[ { "id": "40101", "name": "valid_signatures_test1", "cert": "ValidCertificatePathTest1EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40102", "name": "invalid_ca_signature_test2", "cert": "InvalidCASignatureTest2EE.crt", "other_certs": [ "BadSignedCACert.crt" ], "crls": [ "BadSignedCACRL.crl" ], "path_len": 3, "revocation": false, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because the signature of intermediate certificate 1 could not be verified" } }, { "id": "40103", "name": "invalid_ee_signature_test3", "cert": "InvalidEESignatureTest3EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "revocation": false, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because the signature of the end-entity certificate could not be verified" } }, { "id": "40104", "name": "valid_dsa_signatures_test4", "cert": "ValidDSASignaturesTest4EE.crt", "other_certs": [ "DSACACert.crt" ], "crls": [ "DSACACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40105", "name": "valid_dsa_parameter_inheritance_test5", "cert": "ValidDSAParameterInheritanceTest5EE.crt", "other_certs": [ "DSACACert.crt", "DSAParametersInheritedCACert.crt" ], "crls": [ "DSAParametersInheritedCACRL.crl", "DSACACRL.crl" ], "path_len": 4, "revocation": false }, { "id": "40106", "name": "invalid_dsa_signature_test6", "cert": "InvalidDSASignatureTest6EE.crt", "other_certs": [ "DSACACert.crt" ], "crls": [ "DSACACRL.crl" ], "path_len": 3, "revocation": false, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because the signature of the end-entity certificate could not be verified" } }, { "id": "40201", "name": "invalid_ca_notbefore_date_test1", "cert": "InvalidCAnotBeforeDateTest1EE.crt", "other_certs": [ "BadnotBeforeDateCACert.crt" ], "crls": [ "BadnotBeforeDateCACRL.crl" ], "path_len": 3, "revocation": false, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because intermediate certificate 1 is not valid until 2047-01-01 12:01:00Z" } }, { "id": "40202", "name": "invalid_ee_notbefore_date_test2", "cert": "InvalidEEnotBeforeDateTest2EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "revocation": false, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because the end-entity certificate is not valid until 2047-01-01 12:01:00Z" } }, { "id": "40203", "name": "valid_pre2000_utc_notbefore_date_test3", "cert": "Validpre2000UTCnotBeforeDateTest3EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40204", "name": "valid_generalizedtime_notbefore_date_test4", "cert": "ValidGeneralizedTimenotBeforeDateTest4EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40205", "name": "invalid_ca_notafter_date_test5", "cert": "InvalidCAnotAfterDateTest5EE.crt", "other_certs": [ "BadnotAfterDateCACert.crt" ], "crls": [ "BadnotAfterDateCACRL.crl" ], "path_len": 3, "revocation": false, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because intermediate certificate 1 expired 2011-01-01 08:30:00Z" } }, { "id": "40206", "name": "invalid_ee_notafter_date_test6", "cert": "InvalidEEnotAfterDateTest6EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "revocation": false, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because the end-entity certificate expired 2011-01-01 08:30:00Z" } }, { "id": "40207", "name": "invalid_pre2000_utc_ee_notafter_date_test7", "cert": "Invalidpre2000UTCEEnotAfterDateTest7EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "revocation": false, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because the end-entity certificate expired 1999-01-01 12:01:00Z" } }, { "id": "40208", "name": "valid_generalizedtime_notbefore_date_test8", "cert": "ValidGeneralizedTimenotAfterDateTest8EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40301", "name": "invalid_name_chaining_ee_test1", "cert": "InvalidNameChainingTest1EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "path_intermediates": [ "GoodCACert.crt" ], "revocation": false, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because the end-entity certificate issuer name could not be matched" } }, { "id": "40302", "name": "invalid_name_chaining_order_test2", "cert": "InvalidNameChainingOrderTest2EE.crt", "other_certs": [ "NameOrderingCACert.crt" ], "crls": [ "NameOrderCACRL.crl" ], "path_len": 3, "path_intermediates": [ "NameOrderingCACert.crt" ], "revocation": false, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because the end-entity certificate issuer name could not be matched" } }, { "id": "40303", "name": "valid_name_chaining_whitespace_test3", "cert": "ValidNameChainingWhitespaceTest3EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40304", "name": "valid_name_chaining_whitespace_test4", "cert": "ValidNameChainingWhitespaceTest4EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40305", "name": "valid_name_chaining_capitalization_test5", "cert": "ValidNameChainingCapitalizationTest5EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40306", "name": "valid_name_chaining_uids_test6", "cert": "ValidNameUIDsTest6EE.crt", "other_certs": [ "UIDCACert.crt" ], "crls": [ "UIDCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40307", "name": "valid_rfc3280_mandatory_attribute_types_test7", "cert": "ValidRFC3280MandatoryAttributeTypesTest7EE.crt", "other_certs": [ "RFC3280MandatoryAttributeTypesCACert.crt" ], "crls": [ "RFC3280MandatoryAttributeTypesCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40308", "name": "valid_rfc3280_optional_attribute_types_test8", "cert": "ValidRFC3280OptionalAttributeTypesTest8EE.crt", "other_certs": [ "RFC3280OptionalAttributeTypesCACert.crt" ], "crls": [ "RFC3280OptionalAttributeTypesCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40309", "name": "valid_utf8string_encoded_names_test9", "cert": "ValidUTF8StringEncodedNamesTest9EE.crt", "other_certs": [ "UTF8StringEncodedNamesCACert.crt" ], "crls": [ "UTF8StringEncodedNamesCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40310", "name": "valid_rollover_from_printablestring_to_utf8string_test10", "cert": "ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt", "other_certs": [ "RolloverfromPrintableStringtoUTF8StringCACert.crt" ], "crls": [ "RolloverfromPrintableStringtoUTF8StringCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40311", "name": "valid_utf8string_case_insensitive_match_test11", "cert": "ValidUTF8StringCaseInsensitiveMatchTest11EE.crt", "other_certs": [ "UTF8StringCaseInsensitiveMatchCACert.crt" ], "crls": [ "UTF8StringCaseInsensitiveMatchCACRL.crl" ], "path_len": 3, "revocation": false }, { "id": "40401", "name": "missing_crl_test1", "cert": "InvalidMissingCRLTest1EE.crt", "other_certs": [ "NoCRLCACert.crt" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because no revocation information could be found for the end-entity certificate" } }, { "id": "40402", "name": "invalid_revoked_ca_test2", "cert": "InvalidRevokedCATest2EE.crt", "other_certs": [ "RevokedsubCACert.crt", "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl", "RevokedsubCACRL.crl" ], "path_len": 4, "error": { "class": "RevokedError", "msg_regex": "CRL indicates intermediate certificate 2 was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "40403", "name": "invalid_revoked_ee_test3", "cert": "InvalidRevokedEETest3EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:01 on 2010-01-01, due to a compromised key" } }, { "id": "40404", "name": "invalid_bad_crl_signature_test4", "cert": "InvalidBadCRLSignatureTest4EE.crt", "other_certs": [ "BadCRLSignatureCACert.crt" ], "crls": [ "BadCRLSignatureCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: CRL signature could not be verified" } }, { "id": "40405", "name": "invalid_bad_crl_issuer_name_test5", "cert": "InvalidBadCRLIssuerNameTest5EE.crt", "other_certs": [ "BadCRLIssuerNameCACert.crt" ], "crls": [ "BadCRLIssuerNameCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because no revocation information could be found for the end-entity certificate" } }, { "id": "40406", "name": "invalid_wrong_crl_test6", "cert": "InvalidWrongCRLTest6EE.crt", "other_certs": [ "WrongCRLCACert.crt" ], "crls": [ "WrongCRLCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because no revocation information could be found for the end-entity certificate" } }, { "id": "40407", "name": "valid_two_crls_test7", "cert": "ValidTwoCRLsTest7EE.crt", "other_certs": [ "TwoCRLsCACert.crt" ], "crls": [ "TwoCRLsCAGoodCRL.crl", "TwoCRLsCABadCRL.crl" ], "path_len": 3 }, { "id": "40408", "name": "invalid_unknown_crl_entry_extension_test8", "cert": "InvalidUnknownCRLEntryExtensionTest8EE.crt", "other_certs": [ "UnknownCRLEntryExtensionCACert.crt" ], "crls": [ "UnknownCRLEntryExtensionCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: One or more unrecognized critical extensions are present in the CRL entry for the certificate" } }, { "id": "40409", "name": "invalid_unknown_crl_extension_test9", "cert": "InvalidUnknownCRLExtensionTest9EE.crt", "other_certs": [ "UnknownCRLExtensionCACert.crt" ], "crls": [ "UnknownCRLExtensionCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: One or more unrecognized critical extensions are present in the CRL" } }, { "id": "40410", "name": "invalid_unknown_crl_extension_test10", "cert": "InvalidUnknownCRLExtensionTest10EE.crt", "other_certs": [ "UnknownCRLExtensionCACert.crt" ], "crls": [ "UnknownCRLExtensionCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: One or more unrecognized critical extensions are present in the CRL" } }, { "id": "40411", "name": "invalid_old_crl_nextupdate_test11", "cert": "InvalidOldCRLnextUpdateTest11EE.crt", "other_certs": [ "OldCRLnextUpdateCACert.crt" ], "crls": [ "OldCRLnextUpdateCACRL.crl" ], "path_len": 3, "error": { "class": "StaleRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: CRL is not recent enough" } }, { "id": "40412", "name": "invalid_pre2000_crl_nextupdate_test12", "cert": "Invalidpre2000CRLnextUpdateTest12EE.crt", "other_certs": [ "pre2000CRLnextUpdateCACert.crt" ], "crls": [ "pre2000CRLnextUpdateCACRL.crl" ], "path_len": 3, "error": { "class": "StaleRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: CRL is not recent enough" } }, { "id": "40413", "name": "valid_generalizedtime_crl_nextupdate_test13", "cert": "ValidGeneralizedTimeCRLnextUpdateTest13EE.crt", "other_certs": [ "GeneralizedTimeCRLnextUpdateCACert.crt" ], "crls": [ "GeneralizedTimeCRLnextUpdateCACRL.crl" ], "path_len": 3 }, { "id": "40414", "name": "valid_negative_serial_number_test14", "cert": "ValidNegativeSerialNumberTest14EE.crt", "other_certs": [ "NegativeSerialNumberCACert.crt" ], "crls": [ "NegativeSerialNumberCACRL.crl" ], "path_len": 3 }, { "id": "40415", "name": "invalid_negative_serial_number_test15", "cert": "InvalidNegativeSerialNumberTest15EE.crt", "other_certs": [ "NegativeSerialNumberCACert.crt" ], "crls": [ "NegativeSerialNumberCACRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "40416", "name": "valid_long_serial_number_test16", "cert": "ValidLongSerialNumberTest16EE.crt", "other_certs": [ "LongSerialNumberCACert.crt" ], "crls": [ "LongSerialNumberCACRL.crl" ], "path_len": 3 }, { "id": "40417", "name": "valid_long_serial_number_test17", "cert": "ValidLongSerialNumberTest17EE.crt", "other_certs": [ "LongSerialNumberCACert.crt" ], "crls": [ "LongSerialNumberCACRL.crl" ], "path_len": 3 }, { "id": "40418", "name": "invalid_long_serial_number_test18", "cert": "InvalidLongSerialNumberTest18EE.crt", "other_certs": [ "LongSerialNumberCACert.crt" ], "crls": [ "LongSerialNumberCACRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "40419", "name": "valid_separate_certificate_and_crl_keys_test19", "cert": "ValidSeparateCertificateandCRLKeysTest19EE.crt", "other_certs": [ "SeparateCertificateandCRLKeysCertificateSigningCACert.crt", "SeparateCertificateandCRLKeysCRLSigningCert.crt" ], "crls": [ "SeparateCertificateandCRLKeysCRL.crl" ], "path_len": 3 }, { "id": "40420", "name": "invalid_separate_certificate_and_crl_keys_test20", "cert": "InvalidSeparateCertificateandCRLKeysTest20EE.crt", "other_certs": [ "SeparateCertificateandCRLKeysCertificateSigningCACert.crt", "SeparateCertificateandCRLKeysCRLSigningCert.crt" ], "crls": [ "SeparateCertificateandCRLKeysCRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "40421", "name": "invalid_separate_certificate_and_crl_keys_test21", "cert": "InvalidSeparateCertificateandCRLKeysTest21EE.crt", "other_certs": [ "SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt", "SeparateCertificateandCRLKeysCA2CRLSigningCert.crt" ], "crls": [ "SeparateCertificateandCRLKeysCA2CRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: The CRL issuer certificate path could not be validated. CRL indicates the end-entity certificate CRL issuer was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "40501", "name": "valid_basic_self_issued_old_with_new_test1", "cert": "ValidBasicSelfIssuedOldWithNewTest1EE.crt", "other_certs": [ "BasicSelfIssuedNewKeyOldWithNewCACert.crt", "BasicSelfIssuedNewKeyCACert.crt" ], "crls": [ "BasicSelfIssuedNewKeyCACRL.crl" ], "path_len": 4 }, { "id": "40502", "name": "invalid_basic_self_issued_old_with_new_test2", "cert": "InvalidBasicSelfIssuedOldWithNewTest2EE.crt", "other_certs": [ "BasicSelfIssuedNewKeyOldWithNewCACert.crt", "BasicSelfIssuedNewKeyCACert.crt" ], "crls": [ "BasicSelfIssuedNewKeyCACRL.crl" ], "path_len": 4, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "40503", "name": "valid_basic_self_issued_new_with_old_test3", "cert": "ValidBasicSelfIssuedNewWithOldTest3EE.crt", "other_certs": [ "BasicSelfIssuedOldKeyCACert.crt", "BasicSelfIssuedOldKeyNewWithOldCACert.crt" ], "crls": [ "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl", "BasicSelfIssuedOldKeyCACRL.crl" ], "path_len": 4 }, { "id": "40504", "name": "valid_basic_self_issued_new_with_old_test4", "cert": "ValidBasicSelfIssuedNewWithOldTest4EE.crt", "other_certs": [ "BasicSelfIssuedOldKeyCACert.crt", "BasicSelfIssuedOldKeyNewWithOldCACert.crt" ], "crls": [ "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl", "BasicSelfIssuedOldKeyCACRL.crl" ], "path_len": 3 }, { "id": "40505", "name": "invalid_basic_self_issued_new_with_old_test5", "cert": "InvalidBasicSelfIssuedNewWithOldTest5EE.crt", "other_certs": [ "BasicSelfIssuedOldKeyCACert.crt", "BasicSelfIssuedOldKeyNewWithOldCACert.crt" ], "crls": [ "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl", "BasicSelfIssuedOldKeyCACRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "40506", "name": "valid_basic_self_issued_crl_signing_key_test6", "cert": "ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt", "other_certs": [ "BasicSelfIssuedCRLSigningKeyCACert.crt", "BasicSelfIssuedCRLSigningKeyCRLCert.crt" ], "crls": [ "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl", "BasicSelfIssuedCRLSigningKeyCACRL.crl" ], "path_len": 3 }, { "id": "40507", "name": "invalid_basic_self_issued_crl_signing_key_test7", "cert": "InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt", "other_certs": [ "BasicSelfIssuedCRLSigningKeyCACert.crt", "BasicSelfIssuedCRLSigningKeyCRLCert.crt" ], "crls": [ "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl", "BasicSelfIssuedCRLSigningKeyCACRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "40508", "name": "invalid_basic_self_issued_crl_signing_key_test8", "cert": "InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt", "other_certs": [ "BasicSelfIssuedCRLSigningKeyCACert.crt", "BasicSelfIssuedCRLSigningKeyCRLCert.crt" ], "crls": [ "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl", "BasicSelfIssuedCRLSigningKeyCACRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because intermediate certificate 2 is not a CA" } }, { "id": "40601", "name": "invalid_missing_basicconstraints_test1", "cert": "InvalidMissingbasicConstraintsTest1EE.crt", "other_certs": [ "MissingbasicConstraintsCACert.crt" ], "crls": [ "MissingbasicConstraintsCACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because intermediate certificate 1 is not a CA" } }, { "id": "40602", "name": "invalid_ca_false_test2", "cert": "InvalidcAFalseTest2EE.crt", "other_certs": [ "basicConstraintsCriticalcAFalseCACert.crt" ], "crls": [ "basicConstraintsCriticalcAFalseCACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because intermediate certificate 1 is not a CA" } }, { "id": "40603", "name": "invalid_ca_false_test3", "cert": "InvalidcAFalseTest3EE.crt", "other_certs": [ "basicConstraintsNotCriticalcAFalseCACert.crt" ], "crls": [ "basicConstraintsNotCriticalcAFalseCACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because intermediate certificate 1 is not a CA" } }, { "id": "40604", "name": "valid_basicconstraints_not_critical_test4", "cert": "ValidbasicConstraintsNotCriticalTest4EE.crt", "other_certs": [ "basicConstraintsNotCriticalCACert.crt" ], "crls": [ "basicConstraintsNotCriticalCACRL.crl" ], "path_len": 3 }, { "id": "40605", "name": "invalid_pathlenconstraint_test5", "cert": "InvalidpathLenConstraintTest5EE.crt", "other_certs": [ "pathLenConstraint0CACert.crt", "pathLenConstraint0subCACert.crt" ], "crls": [ "pathLenConstraint0CACRL.crl", "pathLenConstraint0subCACRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because it exceeds the maximum path length" } }, { "id": "40606", "name": "invalid_pathlenconstraint_test6", "cert": "InvalidpathLenConstraintTest6EE.crt", "other_certs": [ "pathLenConstraint0CACert.crt", "pathLenConstraint0subCACert.crt" ], "crls": [ "pathLenConstraint0CACRL.crl", "pathLenConstraint0subCACRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because it exceeds the maximum path length" } }, { "id": "40607", "name": "valid_pathlenconstraint_test7", "cert": "ValidpathLenConstraintTest7EE.crt", "other_certs": [ "pathLenConstraint0CACert.crt" ], "crls": [ "pathLenConstraint0CACRL.crl" ], "path_len": 3 }, { "id": "40608", "name": "valid_pathlenconstraint_test8", "cert": "ValidpathLenConstraintTest8EE.crt", "other_certs": [ "pathLenConstraint0CACert.crt" ], "crls": [ "pathLenConstraint0CACRL.crl" ], "path_len": 3 }, { "id": "40609", "name": "invalid_pathlenconstraint_test9", "cert": "InvalidpathLenConstraintTest9EE.crt", "other_certs": [ "pathLenConstraint6CACert.crt", "pathLenConstraint6subCA0Cert.crt", "pathLenConstraint6subsubCA00Cert.crt" ], "crls": [ "pathLenConstraint6CACRL.crl", "pathLenConstraint6subCA0CRL.crl", "pathLenConstraint6subsubCA00CRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because it exceeds the maximum path length" } }, { "id": "40610", "name": "invalid_pathlenconstraint_test10", "cert": "InvalidpathLenConstraintTest10EE.crt", "other_certs": [ "pathLenConstraint6CACert.crt", "pathLenConstraint6subCA0Cert.crt", "pathLenConstraint6subsubCA00Cert.crt" ], "crls": [ "pathLenConstraint6CACRL.crl", "pathLenConstraint6subCA0CRL.crl", "pathLenConstraint6subsubCA00CRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because it exceeds the maximum path length" } }, { "id": "40611", "name": "invalid_pathlenconstraint_test11", "cert": "InvalidpathLenConstraintTest11EE.crt", "other_certs": [ "pathLenConstraint6CACert.crt", "pathLenConstraint6subCA1Cert.crt", "pathLenConstraint6subsubCA11Cert.crt", "pathLenConstraint6subsubsubCA11XCert.crt" ], "crls": [ "pathLenConstraint6CACRL.crl", "pathLenConstraint6subCA1CRL.crl", "pathLenConstraint6subsubCA11CRL.crl", "pathLenConstraint6subsubsubCA11XCRL.crl" ], "path_len": 6, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because it exceeds the maximum path length" } }, { "id": "40612", "name": "invalid_pathlenconstraint_test12", "cert": "InvalidpathLenConstraintTest12EE.crt", "other_certs": [ "pathLenConstraint6CACert.crt", "pathLenConstraint6subCA1Cert.crt", "pathLenConstraint6subsubCA11Cert.crt", "pathLenConstraint6subsubsubCA11XCert.crt" ], "crls": [ "pathLenConstraint6CACRL.crl", "pathLenConstraint6subCA1CRL.crl", "pathLenConstraint6subsubCA11CRL.crl", "pathLenConstraint6subsubsubCA11XCRL.crl" ], "path_len": 6, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because it exceeds the maximum path length" } }, { "id": "40613", "name": "valid_pathlenconstraint_test13", "cert": "ValidpathLenConstraintTest13EE.crt", "other_certs": [ "pathLenConstraint6CACert.crt", "pathLenConstraint6subCA4Cert.crt", "pathLenConstraint6subsubCA41Cert.crt", "pathLenConstraint6subsubsubCA41XCert.crt" ], "crls": [ "pathLenConstraint6CACRL.crl", "pathLenConstraint6subCA4CRL.crl", "pathLenConstraint6subsubCA41CRL.crl", "pathLenConstraint6subsubsubCA41XCRL.crl" ], "path_len": 6 }, { "id": "40614", "name": "valid_pathlenconstraint_test14", "cert": "ValidpathLenConstraintTest14EE.crt", "other_certs": [ "pathLenConstraint6CACert.crt", "pathLenConstraint6subCA4Cert.crt", "pathLenConstraint6subsubCA41Cert.crt", "pathLenConstraint6subsubsubCA41XCert.crt" ], "crls": [ "pathLenConstraint6CACRL.crl", "pathLenConstraint6subCA4CRL.crl", "pathLenConstraint6subsubCA41CRL.crl", "pathLenConstraint6subsubsubCA41XCRL.crl" ], "path_len": 6 }, { "id": "40615", "name": "valid_self_issued_pathlenconstraint_test15", "cert": "ValidSelfIssuedpathLenConstraintTest15EE.crt", "other_certs": [ "pathLenConstraint0CACert.crt", "pathLenConstraint0SelfIssuedCACert.crt" ], "crls": [ "pathLenConstraint0CACRL.crl" ], "path_len": 4 }, { "id": "40616", "name": "invalid_self_issued_pathlenconstraint_test16", "cert": "InvalidSelfIssuedpathLenConstraintTest16EE.crt", "other_certs": [ "pathLenConstraint0CACert.crt", "pathLenConstraint0SelfIssuedCACert.crt", "pathLenConstraint0subCA2Cert.crt" ], "crls": [ "pathLenConstraint0CACRL.crl", "pathLenConstraint0subCA2CRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because it exceeds the maximum path length" } }, { "id": "40617", "name": "valid_self_issued_pathlenconstraint_test17", "cert": "ValidSelfIssuedpathLenConstraintTest17EE.crt", "other_certs": [ "pathLenConstraint1CACert.crt", "pathLenConstraint1SelfIssuedCACert.crt", "pathLenConstraint1subCACert.crt", "pathLenConstraint1SelfIssuedsubCACert.crt" ], "crls": [ "pathLenConstraint1CACRL.crl", "pathLenConstraint1subCACRL.crl" ], "path_len": 6 }, { "id": "40701", "name": "invalid_keyusage_critical_keycertsign_false_test1", "cert": "InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt", "other_certs": [ "keyUsageCriticalkeyCertSignFalseCACert.crt" ], "crls": [ "keyUsageCriticalkeyCertSignFalseCACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because intermediate certificate 1 is not allowed to sign certificates" } }, { "id": "40702", "name": "invalid_keyusage_not_critical_keycertsign_false_test2", "cert": "InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt", "other_certs": [ "keyUsageNotCriticalkeyCertSignFalseCACert.crt" ], "crls": [ "keyUsageNotCriticalkeyCertSignFalseCACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because intermediate certificate 1 is not allowed to sign certificates" } }, { "id": "40703", "name": "valid_keyusage_not_critical_test3", "cert": "ValidkeyUsageNotCriticalTest3EE.crt", "other_certs": [ "keyUsageNotCriticalCACert.crt" ], "crls": [ "keyUsageNotCriticalCACRL.crl" ], "path_len": 3 }, { "id": "40704", "name": "invalid_keyusage_critical_crlsign_false_test4", "cert": "InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt", "other_certs": [ "keyUsageCriticalcRLSignFalseCACert.crt" ], "crls": [ "keyUsageCriticalcRLSignFalseCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: The CRL issuer that was identified is not authorized to sign CRLs" } }, { "id": "40705", "name": "invalid_keyusage_not_critical_crlsign_false_test5", "cert": "InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt", "other_certs": [ "keyUsageNotCriticalcRLSignFalseCACert.crt" ], "crls": [ "keyUsageNotCriticalcRLSignFalseCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: The CRL issuer that was identified is not authorized to sign CRLs" } }, { "id": "40801", "name": "all_certs_same_policy_test1_norestr", "cert": "ValidCertificatePathTest1EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3 }, { "id": "40801", "name": "all_certs_same_policy_test1_explicit_policy", "cert": "ValidCertificatePathTest1EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "params": { "initial_explicit_policy": true } }, { "id": "40801", "name": "all_certs_same_policy_test1_with_constraints1", "cert": "ValidCertificatePathTest1EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ], "initial_explicit_policy": true } }, { "id": "40801", "name": "all_certs_same_policy_test1_with_constraint_mismatch", "cert": "ValidCertificatePathTest1EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" }, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.2" ], "initial_explicit_policy": true } }, { "id": "40801", "name": "all_certs_same_policy_test1_with_constraint_mismatch_ignored", "cert": "ValidCertificatePathTest1EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.2" ] } }, { "id": "40801", "name": "all_certs_same_policy_test1_with_constraints2", "cert": "ValidCertificatePathTest1EE.crt", "other_certs": [ "GoodCACert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1", "2.16.840.1.101.3.2.1.48.2" ] } }, { "id": "40802", "name": "all_certificates_no_policies_test2", "cert": "AllCertificatesNoPoliciesTest2EE.crt", "other_certs": [ "NoPoliciesCACert.crt" ], "crls": [ "NoPoliciesCACRL.crl" ], "path_len": 3 }, { "id": "40802", "name": "all_certificates_no_policies_test2_force_explicit", "cert": "AllCertificatesNoPoliciesTest2EE.crt", "other_certs": [ "NoPoliciesCACert.crt" ], "crls": [ "NoPoliciesCACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for intermediate certificate \\d" }, "params": { "initial_explicit_policy": true } }, { "id": "40803", "name": "different_policies_test3", "cert": "DifferentPoliciesTest3EE.crt", "other_certs": [ "GoodCACert.crt", "PoliciesP2subCACert.crt" ], "crls": [ "GoodCACRL.crl", "PoliciesP2subCACRL.crl" ], "path_len": 4 }, { "id": "40803", "name": "different_policies_test3_force_explicit", "cert": "DifferentPoliciesTest3EE.crt", "other_certs": [ "GoodCACert.crt", "PoliciesP2subCACert.crt" ], "crls": [ "GoodCACRL.crl", "PoliciesP2subCACRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for intermediate certificate \\d" }, "params": { "initial_explicit_policy": true } }, { "id": "40803", "name": "different_policies_test3_force_explicit_with_user_set", "cert": "DifferentPoliciesTest3EE.crt", "other_certs": [ "GoodCACert.crt", "PoliciesP2subCACert.crt" ], "crls": [ "GoodCACRL.crl", "PoliciesP2subCACRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for intermediate certificate \\d" }, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1", "2.16.840.1.101.3.2.1.48.2" ], "initial_explicit_policy": true } }, { "id": "40804", "name": "different_policies_test4", "cert": "DifferentPoliciesTest4EE.crt", "other_certs": [ "GoodCACert.crt", "GoodsubCACert.crt" ], "crls": [ "GoodCACRL.crl", "GoodsubCACRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "40805", "name": "different_policies_test5", "cert": "DifferentPoliciesTest5EE.crt", "other_certs": [ "GoodCACert.crt", "PoliciesP2subCA2Cert.crt" ], "crls": [ "GoodCACRL.crl", "PoliciesP2subCA2CRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "40806", "name": "overlapping_policies_test6", "cert": "OverlappingPoliciesTest6EE.crt", "other_certs": [ "PoliciesP1234CACert.crt", "PoliciesP1234subCAP123Cert.crt", "PoliciesP1234subsubCAP123P12Cert.crt" ], "crls": [ "PoliciesP1234CACRL.crl", "PoliciesP1234subCAP123CRL.crl", "PoliciesP1234subsubCAP123P12CRL.crl" ], "path_len": 5 }, { "id": "40806", "name": "overlapping_policies_test6_with_testpol1", "cert": "OverlappingPoliciesTest6EE.crt", "other_certs": [ "PoliciesP1234CACert.crt", "PoliciesP1234subCAP123Cert.crt", "PoliciesP1234subsubCAP123P12Cert.crt" ], "crls": [ "PoliciesP1234CACRL.crl", "PoliciesP1234subCAP123CRL.crl", "PoliciesP1234subsubCAP123P12CRL.crl" ], "path_len": 5, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ] } }, { "id": "40806", "name": "overlapping_policies_test6_with_testpol2", "cert": "OverlappingPoliciesTest6EE.crt", "other_certs": [ "PoliciesP1234CACert.crt", "PoliciesP1234subCAP123Cert.crt", "PoliciesP1234subsubCAP123P12Cert.crt" ], "crls": [ "PoliciesP1234CACRL.crl", "PoliciesP1234subCAP123CRL.crl", "PoliciesP1234subsubCAP123P12CRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" }, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.2" ] } }, { "id": "40806", "name": "overlapping_policies_test6_with_testpol2_explicit", "cert": "OverlappingPoliciesTest6EE.crt", "other_certs": [ "PoliciesP1234CACert.crt", "PoliciesP1234subCAP123Cert.crt", "PoliciesP1234subsubCAP123P12Cert.crt" ], "crls": [ "PoliciesP1234CACRL.crl", "PoliciesP1234subCAP123CRL.crl", "PoliciesP1234subsubCAP123P12CRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" }, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.2" ], "initial_explicit_policy": true } }, { "id": "40807", "name": "different_policies_test7", "cert": "DifferentPoliciesTest7EE.crt", "other_certs": [ "PoliciesP123CACert.crt", "PoliciesP123subCAP12Cert.crt", "PoliciesP123subsubCAP12P1Cert.crt" ], "crls": [ "PoliciesP123CACRL.crl", "PoliciesP123subCAP12CRL.crl", "PoliciesP123subsubCAP12P1CRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "40808", "name": "different_policies_test8", "cert": "DifferentPoliciesTest8EE.crt", "other_certs": [ "PoliciesP12CACert.crt", "PoliciesP12subCAP1Cert.crt", "PoliciesP12subsubCAP1P2Cert.crt" ], "crls": [ "PoliciesP12CACRL.crl", "PoliciesP12subCAP1CRL.crl", "PoliciesP12subsubCAP1P2CRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for intermediate certificate 3" } }, { "id": "40809", "name": "different_policies_test9", "cert": "DifferentPoliciesTest9EE.crt", "other_certs": [ "PoliciesP123CACert.crt", "PoliciesP123subCAP12Cert.crt", "PoliciesP123subsubCAP12P2Cert.crt", "PoliciesP123subsubsubCAP12P2P1Cert.crt" ], "crls": [ "PoliciesP123CACRL.crl", "PoliciesP123subCAP12CRL.crl", "PoliciesP123subsubCAP2P2CRL.crl", "PoliciesP123subsubsubCAP12P2P1CRL.crl" ], "path_len": 6, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for intermediate certificate 4" } }, { "id": "40810", "name": "all_certificates_same_policies_test10", "cert": "AllCertificatesSamePoliciesTest10EE.crt", "other_certs": [ "PoliciesP12CACert.crt" ], "crls": [ "PoliciesP12CACRL.crl" ], "path_len": 3 }, { "id": "40810", "name": "all_certificates_same_policies_test10_with_testpol1", "cert": "AllCertificatesSamePoliciesTest10EE.crt", "other_certs": [ "PoliciesP12CACert.crt" ], "crls": [ "PoliciesP12CACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ] } }, { "id": "40810", "name": "all_certificates_same_policies_test10_with_testpol2", "cert": "AllCertificatesSamePoliciesTest10EE.crt", "other_certs": [ "PoliciesP12CACert.crt" ], "crls": [ "PoliciesP12CACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.2" ] } }, { "id": "40811", "name": "all_certificates_any_policy_test11", "cert": "AllCertificatesanyPolicyTest11EE.crt", "other_certs": [ "anyPolicyCACert.crt" ], "crls": [ "anyPolicyCACRL.crl" ], "path_len": 3 }, { "id": "40811", "name": "all_certificates_any_policy_test11_constrained", "cert": "AllCertificatesanyPolicyTest11EE.crt", "other_certs": [ "anyPolicyCACert.crt" ], "crls": [ "anyPolicyCACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ] } }, { "id": "40812", "name": "different_policies_test12", "cert": "DifferentPoliciesTest12EE.crt", "other_certs": [ "PoliciesP3CACert.crt" ], "crls": [ "PoliciesP3CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "40813", "name": "all_certificates_same_policies_test13", "cert": "AllCertificatesSamePoliciesTest13EE.crt", "other_certs": [ "PoliciesP123CACert.crt" ], "crls": [ "PoliciesP123CACRL.crl" ], "path_len": 3 }, { "id": "40813", "name": "all_certificates_same_policies_test13_with_testpol1", "cert": "AllCertificatesSamePoliciesTest13EE.crt", "other_certs": [ "PoliciesP123CACert.crt" ], "crls": [ "PoliciesP123CACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ] } }, { "id": "40813", "name": "all_certificates_same_policies_test13_with_testpol2", "cert": "AllCertificatesSamePoliciesTest13EE.crt", "other_certs": [ "PoliciesP123CACert.crt" ], "crls": [ "PoliciesP123CACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.2" ] } }, { "id": "40813", "name": "all_certificates_same_policies_test13_with_testpol3", "cert": "AllCertificatesSamePoliciesTest13EE.crt", "other_certs": [ "PoliciesP123CACert.crt" ], "crls": [ "PoliciesP123CACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.3" ] } }, { "id": "40813", "name": "all_certificates_same_policies_test13_with_testpol1_2", "cert": "AllCertificatesSamePoliciesTest13EE.crt", "other_certs": [ "PoliciesP123CACert.crt" ], "crls": [ "PoliciesP123CACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1", "2.16.840.1.101.3.2.1.48.2" ] } }, { "id": "40814", "name": "any_policy_test14", "cert": "AnyPolicyTest14EE.crt", "other_certs": [ "anyPolicyCACert.crt" ], "crls": [ "anyPolicyCACRL.crl" ], "path_len": 3 }, { "id": "40814", "name": "any_policy_test14_with_testpol1", "cert": "AnyPolicyTest14EE.crt", "other_certs": [ "anyPolicyCACert.crt" ], "crls": [ "anyPolicyCACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ] } }, { "id": "40814", "name": "any_policy_test14_with_testpol1_2", "cert": "AnyPolicyTest14EE.crt", "other_certs": [ "anyPolicyCACert.crt" ], "crls": [ "anyPolicyCACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1", "2.16.840.1.101.3.2.1.48.2" ] } }, { "id": "40814", "name": "any_policy_test14_with_testpol2", "cert": "AnyPolicyTest14EE.crt", "other_certs": [ "anyPolicyCACert.crt" ], "crls": [ "anyPolicyCACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" }, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.2" ] } }, { "id": "40901", "name": "valid_require_explicit_policy_test1", "cert": "ValidrequireExplicitPolicyTest1EE.crt", "other_certs": [ "requireExplicitPolicy10CACert.crt", "requireExplicitPolicy10subCACert.crt", "requireExplicitPolicy10subsubCACert.crt", "requireExplicitPolicy10subsubsubCACert.crt" ], "crls": [ "requireExplicitPolicy10CACRL.crl", "requireExplicitPolicy10subCACRL.crl", "requireExplicitPolicy10subsubCACRL.crl", "requireExplicitPolicy10subsubsubCACRL.crl" ], "path_len": 6 }, { "id": "40902", "name": "valid_require_explicit_policy_test2", "cert": "ValidrequireExplicitPolicyTest2EE.crt", "other_certs": [ "requireExplicitPolicy5CACert.crt", "requireExplicitPolicy5subCACert.crt", "requireExplicitPolicy5subsubCACert.crt", "requireExplicitPolicy5subsubsubCACert.crt" ], "crls": [ "requireExplicitPolicy5CACRL.crl", "requireExplicitPolicy5subCACRL.crl", "requireExplicitPolicy5subsubCACRL.crl", "requireExplicitPolicy5subsubsubCACRL.crl" ], "path_len": 6 }, { "id": "40903", "name": "invalid_require_explicit_policy_test3", "cert": "InvalidrequireExplicitPolicyTest3EE.crt", "other_certs": [ "requireExplicitPolicy4CACert.crt", "requireExplicitPolicy4subCACert.crt", "requireExplicitPolicy4subsubCACert.crt", "requireExplicitPolicy4subsubsubCACert.crt" ], "crls": [ "requireExplicitPolicy4CACRL.crl", "requireExplicitPolicy4subCACRL.crl", "requireExplicitPolicy4subsubCACRL.crl", "requireExplicitPolicy4subsubsubCACRL.crl" ], "path_len": 6, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "40904", "name": "valid_require_explicit_policy_test4", "cert": "ValidrequireExplicitPolicyTest4EE.crt", "other_certs": [ "requireExplicitPolicy0CACert.crt", "requireExplicitPolicy0subCACert.crt", "requireExplicitPolicy0subsubCACert.crt", "requireExplicitPolicy0subsubsubCACert.crt" ], "crls": [ "requireExplicitPolicy0CACRL.crl", "requireExplicitPolicy0subCACRL.crl", "requireExplicitPolicy0subsubCACRL.crl", "requireExplicitPolicy0subsubsubCACRL.crl" ], "path_len": 6 }, { "id": "40905", "name": "invalid_require_explicit_policy_test5", "cert": "InvalidrequireExplicitPolicyTest5EE.crt", "other_certs": [ "requireExplicitPolicy7CACert.crt", "requireExplicitPolicy7subCARE2Cert.crt", "requireExplicitPolicy7subsubCARE2RE4Cert.crt", "requireExplicitPolicy7subsubsubCARE2RE4Cert.crt" ], "crls": [ "requireExplicitPolicy7CACRL.crl", "requireExplicitPolicy7subCARE2CRL.crl", "requireExplicitPolicy7subsubCARE2RE4CRL.crl", "requireExplicitPolicy7subsubsubCARE2RE4CRL.crl" ], "path_len": 6, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "40906", "name": "valid_self_issued_require_explicit_policy_test6", "cert": "ValidSelfIssuedrequireExplicitPolicyTest6EE.crt", "other_certs": [ "requireExplicitPolicy2CACert.crt", "requireExplicitPolicy2SelfIssuedCACert.crt" ], "crls": [ "requireExplicitPolicy2CACRL.crl" ], "path_len": 4 }, { "id": "40907", "name": "invalid_self_issued_require_explicit_policy_test7", "cert": "InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt", "other_certs": [ "requireExplicitPolicy2CACert.crt", "requireExplicitPolicy2SelfIssuedCACert.crt", "requireExplicitPolicy2subCACert.crt" ], "crls": [ "requireExplicitPolicy2CACRL.crl", "requireExplicitPolicy2subCACRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "40908", "name": "invalid_self_issued_require_explicit_policy_test8", "cert": "InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt", "other_certs": [ "requireExplicitPolicy2CACert.crt", "requireExplicitPolicy2SelfIssuedCACert.crt", "requireExplicitPolicy2subCACert.crt", "requireExplicitPolicy2SelfIssuedsubCACert.crt" ], "crls": [ "requireExplicitPolicy2CACRL.crl", "requireExplicitPolicy2subCACRL.crl" ], "path_len": 6, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41001", "name": "valid_policy_mapping_test2_with_testpol1", "cert": "ValidPolicyMappingTest1EE.crt", "other_certs": [ "Mapping1to2CACert.crt" ], "crls": [ "Mapping1to2CACRL.crl" ], "path_len": 3, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ] } }, { "id": "41001", "name": "valid_policy_mapping_test2_with_testpol2", "cert": "ValidPolicyMappingTest1EE.crt", "other_certs": [ "Mapping1to2CACert.crt" ], "crls": [ "Mapping1to2CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" }, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.2" ] } }, { "id": "41001", "name": "valid_policy_mapping_test2_inhibit_mapping", "cert": "ValidPolicyMappingTest1EE.crt", "other_certs": [ "Mapping1to2CACert.crt" ], "crls": [ "Mapping1to2CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" }, "params": { "initial_policy_mapping_inhibit": true } }, { "id": "41001", "name": "valid_policy_mapping_test2_inhibit_mapping_testpol1", "cert": "ValidPolicyMappingTest1EE.crt", "other_certs": [ "Mapping1to2CACert.crt" ], "crls": [ "Mapping1to2CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" }, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ], "initial_policy_mapping_inhibit": true } }, { "id": "41002", "name": "invalid_policy_mapping_test2", "cert": "InvalidPolicyMappingTest2EE.crt", "other_certs": [ "Mapping1to2CACert.crt" ], "crls": [ "Mapping1to2CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41002", "name": "invalid_policy_mapping_test2_inhibit_mapping", "cert": "InvalidPolicyMappingTest2EE.crt", "other_certs": [ "Mapping1to2CACert.crt" ], "crls": [ "Mapping1to2CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" }, "params": { "initial_policy_mapping_inhibit": true } }, { "id": "41003", "name": "valid_policy_mapping_test3_with_testpol1", "cert": "ValidPolicyMappingTest3EE.crt", "other_certs": [ "P12Mapping1to3CACert.crt", "P12Mapping1to3subCACert.crt", "P12Mapping1to3subsubCACert.crt" ], "crls": [ "P12Mapping1to3CACRL.crl", "P12Mapping1to3subCACRL.crl", "P12Mapping1to3subsubCACRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" }, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ] } }, { "id": "41003", "name": "valid_policy_mapping_test3_with_testpol2", "cert": "ValidPolicyMappingTest3EE.crt", "other_certs": [ "P12Mapping1to3CACert.crt", "P12Mapping1to3subCACert.crt", "P12Mapping1to3subsubCACert.crt" ], "crls": [ "P12Mapping1to3CACRL.crl", "P12Mapping1to3subCACRL.crl", "P12Mapping1to3subsubCACRL.crl" ], "path_len": 5, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.2" ] } }, { "id": "41004", "name": "invalid_policy_mapping_test4", "cert": "InvalidPolicyMappingTest4EE.crt", "other_certs": [ "P12Mapping1to3CACert.crt", "P12Mapping1to3subCACert.crt", "P12Mapping1to3subsubCACert.crt" ], "crls": [ "P12Mapping1to3CACRL.crl", "P12Mapping1to3subCACRL.crl", "P12Mapping1to3subsubCACRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41005", "name": "valid_policy_mapping_test5_with_testpol1", "cert": "ValidPolicyMappingTest5EE.crt", "other_certs": [ "P1Mapping1to234CACert.crt", "P1Mapping1to234subCACert.crt" ], "crls": [ "P1Mapping1to234CACRL.crl", "P1Mapping1to234subCACRL.crl" ], "path_len": 4, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ] } }, { "id": "41005", "name": "valid_policy_mapping_test5_with_testpol6", "cert": "ValidPolicyMappingTest5EE.crt", "other_certs": [ "P1Mapping1to234CACert.crt", "P1Mapping1to234subCACert.crt" ], "crls": [ "P1Mapping1to234CACRL.crl", "P1Mapping1to234subCACRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" }, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.6" ] } }, { "id": "41006", "name": "valid_policy_mapping_test6_with_testpol1", "cert": "ValidPolicyMappingTest6EE.crt", "other_certs": [ "P1Mapping1to234CACert.crt", "P1Mapping1to234subCACert.crt" ], "crls": [ "P1Mapping1to234CACRL.crl", "P1Mapping1to234subCACRL.crl" ], "path_len": 4, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.1" ] } }, { "id": "41006", "name": "valid_policy_mapping_test6_with_testpol6", "cert": "ValidPolicyMappingTest6EE.crt", "other_certs": [ "P1Mapping1to234CACert.crt", "P1Mapping1to234subCACert.crt" ], "crls": [ "P1Mapping1to234CACRL.crl", "P1Mapping1to234subCACRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" }, "params": { "user_initial_policy_set": [ "2.16.840.1.101.3.2.1.48.6" ] } }, { "id": "41007", "name": "invalid_mapping_from_any_policy_test7", "cert": "InvalidMappingFromanyPolicyTest7EE.crt", "other_certs": [ "MappingFromanyPolicyCACert.crt" ], "crls": [ "MappingFromanyPolicyCACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because intermediate certificate 1 contains a policy mapping for the \"any policy\"" } }, { "id": "41008", "name": "invalid_mapping_to_any_policy_test8", "cert": "InvalidMappingToanyPolicyTest8EE.crt", "other_certs": [ "MappingToanyPolicyCACert.crt" ], "crls": [ "MappingToanyPolicyCACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because intermediate certificate 1 contains a policy mapping for the \"any policy\"" } }, { "id": "41009", "name": "valid_policy_mapping_test9", "cert": "ValidPolicyMappingTest9EE.crt", "other_certs": [ "PanyPolicyMapping1to2CACert.crt" ], "crls": [ "PanyPolicyMapping1to2CACRL.crl" ], "path_len": 3 }, { "id": "41010", "name": "invalid_policy_mapping_test10", "cert": "InvalidPolicyMappingTest10EE.crt", "other_certs": [ "GoodCACert.crt", "GoodsubCAPanyPolicyMapping1to2CACert.crt" ], "crls": [ "GoodCACRL.crl", "GoodsubCAPanyPolicyMapping1to2CACRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41011", "name": "valid_policy_mapping_test11", "cert": "ValidPolicyMappingTest11EE.crt", "other_certs": [ "GoodCACert.crt", "GoodsubCAPanyPolicyMapping1to2CACert.crt" ], "crls": [ "GoodCACRL.crl", "GoodsubCAPanyPolicyMapping1to2CACRL.crl" ], "path_len": 4 }, { "id": "41013", "name": "valid_policy_mapping_test13", "cert": "ValidPolicyMappingTest13EE.crt", "other_certs": [ "P1anyPolicyMapping1to2CACert.crt" ], "crls": [ "P1anyPolicyMapping1to2CACRL.crl" ], "path_len": 3 }, { "id": "41014", "name": "valid_policy_mapping_test14", "cert": "ValidPolicyMappingTest14EE.crt", "other_certs": [ "P1anyPolicyMapping1to2CACert.crt" ], "crls": [ "P1anyPolicyMapping1to2CACRL.crl" ], "path_len": 3 }, { "id": "41101", "name": "invalid_inhibit_policy_mapping_test1", "cert": "InvalidinhibitPolicyMappingTest1EE.crt", "other_certs": [ "inhibitPolicyMapping0CACert.crt", "inhibitPolicyMapping0subCACert.crt" ], "crls": [ "inhibitPolicyMapping0CACRL.crl", "inhibitPolicyMapping0subCACRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41102", "name": "valid_inhibit_policy_mapping_test2", "cert": "ValidinhibitPolicyMappingTest2EE.crt", "other_certs": [ "inhibitPolicyMapping1P12CACert.crt", "inhibitPolicyMapping1P12subCACert.crt" ], "crls": [ "inhibitPolicyMapping1P12CACRL.crl", "inhibitPolicyMapping1P12subCACRL.crl" ], "path_len": 4 }, { "id": "41103", "name": "invalid_inhibit_policy_mapping_test3", "cert": "InvalidinhibitPolicyMappingTest3EE.crt", "other_certs": [ "inhibitPolicyMapping1P12CACert.crt", "inhibitPolicyMapping1P12subCACert.crt", "inhibitPolicyMapping1P12subsubCACert.crt" ], "crls": [ "inhibitPolicyMapping1P12CACRL.crl", "inhibitPolicyMapping1P12subCACRL.crl", "inhibitPolicyMapping1P12subsubCACRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41104", "name": "valid_inhibit_policy_mapping_test4", "cert": "ValidinhibitPolicyMappingTest4EE.crt", "other_certs": [ "inhibitPolicyMapping1P12CACert.crt", "inhibitPolicyMapping1P12subCACert.crt", "inhibitPolicyMapping1P12subsubCACert.crt" ], "crls": [ "inhibitPolicyMapping1P12CACRL.crl", "inhibitPolicyMapping1P12subCACRL.crl", "inhibitPolicyMapping1P12subsubCACRL.crl" ], "path_len": 5 }, { "id": "41105", "name": "invalid_inhibit_policy_mapping_test5", "cert": "InvalidinhibitPolicyMappingTest5EE.crt", "other_certs": [ "inhibitPolicyMapping5CACert.crt", "inhibitPolicyMapping5subCACert.crt", "inhibitPolicyMapping5subsubCACert.crt", "inhibitPolicyMapping5subsubsubCACert.crt" ], "crls": [ "inhibitPolicyMapping5CACRL.crl", "inhibitPolicyMapping5subCACRL.crl", "inhibitPolicyMapping5subsubCACRL.crl", "inhibitPolicyMapping5subsubsubCACRL.crl" ], "path_len": 6, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41106", "name": "invalid_inhibit_policy_mapping_test6", "cert": "InvalidinhibitPolicyMappingTest6EE.crt", "other_certs": [ "inhibitPolicyMapping1P12CACert.crt", "inhibitPolicyMapping1P12subCAIPM5Cert.crt", "inhibitPolicyMapping1P12subsubCAIPM5Cert.crt" ], "crls": [ "inhibitPolicyMapping1P12CACRL.crl", "inhibitPolicyMapping1P12subCAIPM5CRL.crl", "inhibitPolicyMapping1P12subsubCAIPM5CRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41107", "name": "valid_self_issued_inhibit_policy_mapping_test7", "cert": "ValidSelfIssuedinhibitPolicyMappingTest7EE.crt", "other_certs": [ "inhibitPolicyMapping1P1CACert.crt", "inhibitPolicyMapping1P1SelfIssuedCACert.crt", "inhibitPolicyMapping1P1subCACert.crt" ], "crls": [ "inhibitPolicyMapping1P1CACRL.crl", "inhibitPolicyMapping1P1subCACRL.crl" ], "path_len": 5 }, { "id": "41108", "name": "invalid_self_issued_inhibit_policy_mapping_test8", "cert": "InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt", "other_certs": [ "inhibitPolicyMapping1P1CACert.crt", "inhibitPolicyMapping1P1SelfIssuedCACert.crt", "inhibitPolicyMapping1P1subCACert.crt", "inhibitPolicyMapping1P1subsubCACert.crt" ], "crls": [ "inhibitPolicyMapping1P1CACRL.crl", "inhibitPolicyMapping1P1subCACRL.crl", "inhibitPolicyMapping1P1subsubCACRL.crl" ], "path_len": 6, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41109", "name": "invalid_self_issued_inhibit_policy_mapping_test9", "cert": "InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt", "other_certs": [ "inhibitPolicyMapping1P1CACert.crt", "inhibitPolicyMapping1P1SelfIssuedCACert.crt", "inhibitPolicyMapping1P1subCACert.crt", "inhibitPolicyMapping1P1subsubCACert.crt" ], "crls": [ "inhibitPolicyMapping1P1CACRL.crl", "inhibitPolicyMapping1P1subCACRL.crl", "inhibitPolicyMapping1P1subsubCACRL.crl" ], "path_len": 6, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41110", "name": "invalid_self_issued_inhibit_policy_mapping_test10", "cert": "InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt", "other_certs": [ "inhibitPolicyMapping1P1CACert.crt", "inhibitPolicyMapping1P1SelfIssuedCACert.crt", "inhibitPolicyMapping1P1subCACert.crt", "inhibitPolicyMapping1P1SelfIssuedsubCACert.crt" ], "crls": [ "inhibitPolicyMapping1P1CACRL.crl", "inhibitPolicyMapping1P1subCACRL.crl" ], "path_len": 6, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41111", "name": "invalid_self_issued_inhibit_policy_mapping_test11", "cert": "InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt", "other_certs": [ "inhibitPolicyMapping1P1CACert.crt", "inhibitPolicyMapping1P1SelfIssuedCACert.crt", "inhibitPolicyMapping1P1subCACert.crt", "inhibitPolicyMapping1P1SelfIssuedsubCACert.crt" ], "crls": [ "inhibitPolicyMapping1P1CACRL.crl", "inhibitPolicyMapping1P1subCACRL.crl" ], "path_len": 6, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41201", "name": "invalid_inhibit_any_policy_test1", "cert": "InvalidinhibitAnyPolicyTest1EE.crt", "other_certs": [ "inhibitAnyPolicy0CACert.crt" ], "crls": [ "inhibitAnyPolicy0CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41202", "name": "valid_inhibit_any_policy_test2", "cert": "ValidinhibitAnyPolicyTest2EE.crt", "other_certs": [ "inhibitAnyPolicy0CACert.crt" ], "crls": [ "inhibitAnyPolicy0CACRL.crl" ], "path_len": 3 }, { "id": "41203", "name": "inhibit_any_policy_test3", "cert": "inhibitAnyPolicyTest3EE.crt", "other_certs": [ "inhibitAnyPolicy1CACert.crt", "inhibitAnyPolicy1subCA1Cert.crt" ], "crls": [ "inhibitAnyPolicy1CACRL.crl", "inhibitAnyPolicy1subCA1CRL.crl" ], "path_len": 4 }, { "id": "41203", "name": "inhibit_any_policy_test3_initial_inhibit", "cert": "inhibitAnyPolicyTest3EE.crt", "other_certs": [ "inhibitAnyPolicy1CACert.crt", "inhibitAnyPolicy1subCA1Cert.crt" ], "crls": [ "inhibitAnyPolicy1CACRL.crl", "inhibitAnyPolicy1subCA1CRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for intermediate certificate \\d" }, "params": { "initial_any_policy_inhibit": true } }, { "id": "41204", "name": "invalid_inhibit_any_policy_test4", "cert": "InvalidinhibitAnyPolicyTest4EE.crt", "other_certs": [ "inhibitAnyPolicy1CACert.crt", "inhibitAnyPolicy1subCA1Cert.crt" ], "crls": [ "inhibitAnyPolicy1CACRL.crl", "inhibitAnyPolicy1subCA1CRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41205", "name": "invalid_inhibit_any_policy_test5", "cert": "InvalidinhibitAnyPolicyTest5EE.crt", "other_certs": [ "inhibitAnyPolicy5CACert.crt", "inhibitAnyPolicy5subCACert.crt", "inhibitAnyPolicy5subsubCACert.crt" ], "crls": [ "inhibitAnyPolicy5CACRL.crl", "inhibitAnyPolicy5subCACRL.crl", "inhibitAnyPolicy5subsubCACRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41206", "name": "invalid_inhibit_any_policy_test6", "cert": "InvalidinhibitAnyPolicyTest6EE.crt", "other_certs": [ "inhibitAnyPolicy1CACert.crt", "inhibitAnyPolicy1subCAIAP5Cert.crt" ], "crls": [ "inhibitAnyPolicy1CACRL.crl", "inhibitAnyPolicy1subCAIAP5CRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41207", "name": "valid_self_issued_inhibit_any_policy_test7", "cert": "ValidSelfIssuedinhibitAnyPolicyTest7EE.crt", "other_certs": [ "inhibitAnyPolicy1CACert.crt", "inhibitAnyPolicy1SelfIssuedCACert.crt", "inhibitAnyPolicy1subCA2Cert.crt" ], "crls": [ "inhibitAnyPolicy1CACRL.crl", "inhibitAnyPolicy1subCA2CRL.crl" ], "path_len": 5 }, { "id": "41208", "name": "invalid_self_issued_inhibit_any_policy_test8", "cert": "InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt", "other_certs": [ "inhibitAnyPolicy1CACert.crt", "inhibitAnyPolicy1SelfIssuedCACert.crt", "inhibitAnyPolicy1subCA2Cert.crt", "inhibitAnyPolicy1subsubCA2Cert.crt" ], "crls": [ "inhibitAnyPolicy1CACRL.crl", "inhibitAnyPolicy1subCA2CRL.crl", "inhibitAnyPolicy1subsubCA2CRL.crl" ], "path_len": 6, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for intermediate certificate 4" } }, { "id": "41209", "name": "valid_self_issued_inhibit_any_policy_test9", "cert": "ValidSelfIssuedinhibitAnyPolicyTest9EE.crt", "other_certs": [ "inhibitAnyPolicy1CACert.crt", "inhibitAnyPolicy1SelfIssuedCACert.crt", "inhibitAnyPolicy1subCA2Cert.crt", "inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt" ], "crls": [ "inhibitAnyPolicy1CACRL.crl", "inhibitAnyPolicy1subCA2CRL.crl" ], "path_len": 6 }, { "id": "41210", "name": "invalid_self_issued_inhibit_any_policy_test10", "cert": "InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt", "other_certs": [ "inhibitAnyPolicy1CACert.crt", "inhibitAnyPolicy1SelfIssuedCACert.crt", "inhibitAnyPolicy1subCA2Cert.crt" ], "crls": [ "inhibitAnyPolicy1CACRL.crl", "inhibitAnyPolicy1subCA2CRL.crl" ], "path_len": 5, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because there is no valid set of policies for the end-entity certificate" } }, { "id": "41301", "name": "valid_dn_nameconstraints_test1", "cert": "ValidDNnameConstraintsTest1EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl" ], "path_len": 3 }, { "id": "41302", "name": "invalid_dn_nameconstraints_test2", "cert": "InvalidDNnameConstraintsTest2EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41303", "name": "invalid_dn_nameconstraints_test3", "cert": "InvalidDNnameConstraintsTest3EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41303", "name": "invalid_dn_nameconstraints_test3", "cert": "InvalidDNnameConstraintsTest3EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41304", "name": "valid_dn_nameconstraints_test4", "cert": "ValidDNnameConstraintsTest4EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl" ], "path_len": 3 }, { "id": "41305", "name": "valid_dn_nameconstraints_test5", "cert": "ValidDNnameConstraintsTest5EE.crt", "other_certs": [ "nameConstraintsDN2CACert.crt" ], "crls": [ "nameConstraintsDN2CACRL.crl" ], "path_len": 3 }, { "id": "41306", "name": "valid_dn_nameconstraints_test6", "cert": "ValidDNnameConstraintsTest6EE.crt", "other_certs": [ "nameConstraintsDN3CACert.crt" ], "crls": [ "nameConstraintsDN3CACRL.crl" ], "path_len": 3 }, { "id": "41307", "name": "invalid_dn_nameconstraints_test7", "cert": "InvalidDNnameConstraintsTest7EE.crt", "other_certs": [ "nameConstraintsDN3CACert.crt" ], "crls": [ "nameConstraintsDN3CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority." } }, { "id": "41308", "name": "invalid_dn_nameconstraints_test8", "cert": "InvalidDNnameConstraintsTest8EE.crt", "other_certs": [ "nameConstraintsDN4CACert.crt" ], "crls": [ "nameConstraintsDN4CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority." } }, { "id": "41309", "name": "invalid_dn_nameconstraints_test9", "cert": "InvalidDNnameConstraintsTest9EE.crt", "other_certs": [ "nameConstraintsDN4CACert.crt" ], "crls": [ "nameConstraintsDN4CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority." } }, { "id": "41310", "name": "invalid_dn_nameconstraints_test10", "cert": "InvalidDNnameConstraintsTest10EE.crt", "other_certs": [ "nameConstraintsDN5CACert.crt" ], "crls": [ "nameConstraintsDN5CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority." } }, { "id": "41311", "name": "valid_dn_nameconstraints_test11", "cert": "ValidDNnameConstraintsTest11EE.crt", "other_certs": [ "nameConstraintsDN5CACert.crt" ], "crls": [ "nameConstraintsDN5CACRL.crl" ], "path_len": 3 }, { "id": "41312", "name": "invalid_dn_nameconstraints_test12", "cert": "InvalidDNnameConstraintsTest12EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt", "nameConstraintsDN1subCA1Cert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl", "nameConstraintsDN1subCA1CRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41313", "name": "invalid_dn_nameconstraints_test13", "cert": "InvalidDNnameConstraintsTest13EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt", "nameConstraintsDN1subCA2Cert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl", "nameConstraintsDN1subCA2CRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41314", "name": "valid_dn_nameconstraints_test14", "cert": "ValidDNnameConstraintsTest14EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt", "nameConstraintsDN1subCA2Cert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl", "nameConstraintsDN1subCA2CRL.crl" ], "path_len": 4 }, { "id": "41315", "name": "invalid_dn_nameconstraints_test15", "cert": "InvalidDNnameConstraintsTest15EE.crt", "other_certs": [ "nameConstraintsDN3CACert.crt", "nameConstraintsDN3subCA1Cert.crt" ], "crls": [ "nameConstraintsDN3CACRL.crl", "nameConstraintsDN3subCA1CRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority." } }, { "id": "41316", "name": "invalid_dn_nameconstraints_test16", "cert": "InvalidDNnameConstraintsTest16EE.crt", "other_certs": [ "nameConstraintsDN3CACert.crt", "nameConstraintsDN3subCA1Cert.crt" ], "crls": [ "nameConstraintsDN3CACRL.crl", "nameConstraintsDN3subCA1CRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority." } }, { "id": "41317", "name": "invalid_dn_nameconstraints_test17", "cert": "InvalidDNnameConstraintsTest17EE.crt", "other_certs": [ "nameConstraintsDN3CACert.crt", "nameConstraintsDN3subCA2Cert.crt" ], "crls": [ "nameConstraintsDN3CACRL.crl", "nameConstraintsDN3subCA2CRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority." } }, { "id": "41318", "name": "valid_dn_nameconstraints_test18", "cert": "ValidDNnameConstraintsTest18EE.crt", "other_certs": [ "nameConstraintsDN3CACert.crt", "nameConstraintsDN3subCA2Cert.crt" ], "crls": [ "nameConstraintsDN3CACRL.crl", "nameConstraintsDN3subCA2CRL.crl" ], "path_len": 4 }, { "id": "41319", "name": "valid_self_issued_dn_nameconstraints_test19", "cert": "ValidDNnameConstraintsTest19EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt", "nameConstraintsDN1SelfIssuedCACert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl" ], "path_len": 4 }, { "id": "41320", "name": "invalid_self_issued_dn_nameconstraints_test20", "cert": "InvalidDNnameConstraintsTest20EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt", "nameConstraintsDN1SelfIssuedCACert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41321", "name": "valid_rfc822_nameconstraints_test21", "cert": "ValidRFC822nameConstraintsTest21EE.crt", "other_certs": [ "nameConstraintsRFC822CA1Cert.crt" ], "crls": [ "nameConstraintsRFC822CA1CRL.crl" ], "path_len": 3 }, { "id": "41322", "name": "invalid_rfc822_nameconstraints_test22", "cert": "InvalidRFC822nameConstraintsTest22EE.crt", "other_certs": [ "nameConstraintsRFC822CA1Cert.crt" ], "crls": [ "nameConstraintsRFC822CA1CRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41323", "name": "valid_rfc822_nameconstraints_test23", "cert": "ValidRFC822nameConstraintsTest23EE.crt", "other_certs": [ "nameConstraintsRFC822CA2Cert.crt" ], "crls": [ "nameConstraintsRFC822CA2CRL.crl" ], "path_len": 3 }, { "id": "41324", "name": "invalid_rfc822_nameconstraints_test24", "cert": "InvalidRFC822nameConstraintsTest24EE.crt", "other_certs": [ "nameConstraintsRFC822CA2Cert.crt" ], "crls": [ "nameConstraintsRFC822CA2CRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41325", "name": "valid_rfc822_nameconstraints_test25", "cert": "ValidRFC822nameConstraintsTest25EE.crt", "other_certs": [ "nameConstraintsRFC822CA3Cert.crt" ], "crls": [ "nameConstraintsRFC822CA3CRL.crl" ], "path_len": 3 }, { "id": "41326", "name": "invalid_rfc822_nameconstraints_test26", "cert": "InvalidRFC822nameConstraintsTest26EE.crt", "other_certs": [ "nameConstraintsRFC822CA3Cert.crt" ], "crls": [ "nameConstraintsRFC822CA3CRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority." } }, { "id": "41327", "name": "valid_dn_and_rfc822_nameconstraints_test27", "cert": "ValidDNandRFC822nameConstraintsTest27EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt", "nameConstraintsDN1subCA3Cert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl", "nameConstraintsDN1subCA3CRL.crl" ], "path_len": 4 }, { "id": "41328", "name": "invalid_dn_and_rfc822_nameconstraints_test28", "cert": "InvalidDNandRFC822nameConstraintsTest28EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt", "nameConstraintsDN1subCA3Cert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl", "nameConstraintsDN1subCA3CRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41329", "name": "invalid_dn_and_rfc822_nameconstraints_test29", "cert": "InvalidDNandRFC822nameConstraintsTest29EE.crt", "other_certs": [ "nameConstraintsDN1CACert.crt", "nameConstraintsDN1subCA3Cert.crt" ], "crls": [ "nameConstraintsDN1CACRL.crl", "nameConstraintsDN1subCA3CRL.crl" ], "path_len": 4, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41330", "name": "valid_dns_nameconstraints_test30", "cert": "ValidDNSnameConstraintsTest30EE.crt", "other_certs": [ "nameConstraintsDNS1CACert.crt" ], "crls": [ "nameConstraintsDNS1CACRL.crl" ], "path_len": 3 }, { "id": "41331", "name": "invalid_dns_nameconstraints_test31", "cert": "InvalidDNSnameConstraintsTest31EE.crt", "other_certs": [ "nameConstraintsDNS1CACert.crt" ], "crls": [ "nameConstraintsDNS1CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41332", "name": "valid_dns_nameconstraints_test32", "cert": "ValidDNSnameConstraintsTest32EE.crt", "other_certs": [ "nameConstraintsDNS2CACert.crt" ], "crls": [ "nameConstraintsDNS2CACRL.crl" ], "path_len": 3 }, { "id": "41333", "name": "invalid_dns_nameconstraints_test33", "cert": "InvalidDNSnameConstraintsTest33EE.crt", "other_certs": [ "nameConstraintsDNS2CACert.crt" ], "crls": [ "nameConstraintsDNS2CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority." } }, { "id": "41334", "name": "valid_uri_nameconstraints_test34", "cert": "ValidURInameConstraintsTest34EE.crt", "other_certs": [ "nameConstraintsURI1CACert.crt" ], "crls": [ "nameConstraintsURI1CACRL.crl" ], "path_len": 3 }, { "id": "41335", "name": "invalid_uri_nameconstraints_test35", "cert": "InvalidURInameConstraintsTest35EE.crt", "other_certs": [ "nameConstraintsURI1CACert.crt" ], "crls": [ "nameConstraintsURI1CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41336", "name": "valid_uri_nameconstraints_test36", "cert": "ValidURInameConstraintsTest36EE.crt", "other_certs": [ "nameConstraintsURI2CACert.crt" ], "crls": [ "nameConstraintsURI2CACRL.crl" ], "path_len": 3 }, { "id": "41337", "name": "invalid_uri_nameconstraints_test37", "cert": "InvalidURInameConstraintsTest37EE.crt", "other_certs": [ "nameConstraintsURI2CACert.crt" ], "crls": [ "nameConstraintsURI2CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority." } }, { "id": "41338", "name": "invalid_dns_nameconstraints_test38", "cert": "InvalidDNSnameConstraintsTest38EE.crt", "other_certs": [ "nameConstraintsDNS1CACert.crt" ], "crls": [ "nameConstraintsDNS1CACRL.crl" ], "path_len": 3, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority." } }, { "id": "41401", "name": "valid_distributionpoint_test1", "cert": "ValiddistributionPointTest1EE.crt", "other_certs": [ "distributionPoint1CACert.crt" ], "crls": [ "distributionPoint1CACRL.crl" ], "path_len": 3 }, { "id": "41402", "name": "invalid_distributionpoint_test2", "cert": "InvaliddistributionPointTest2EE.crt", "other_certs": [ "distributionPoint1CACert.crt" ], "crls": [ "distributionPoint1CACRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "41403", "name": "invalid_distributionpoint_test3", "cert": "InvaliddistributionPointTest3EE.crt", "other_certs": [ "distributionPoint1CACert.crt" ], "crls": [ "distributionPoint1CACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because no revocation information could be found for the end-entity certificate" } }, { "id": "41404", "name": "valid_distributionpoint_test4", "cert": "ValiddistributionPointTest4EE.crt", "other_certs": [ "distributionPoint1CACert.crt" ], "crls": [ "distributionPoint1CACRL.crl" ], "path_len": 3 }, { "id": "41405", "name": "valid_distributionpoint_test5", "cert": "ValiddistributionPointTest5EE.crt", "other_certs": [ "distributionPoint2CACert.crt" ], "crls": [ "distributionPoint2CACRL.crl" ], "path_len": 3 }, { "id": "41406", "name": "invalid_distributionpoint_test6", "cert": "InvaliddistributionPointTest6EE.crt", "other_certs": [ "distributionPoint2CACert.crt" ], "crls": [ "distributionPoint2CACRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "41407", "name": "valid_distributionpoint_test7", "cert": "ValiddistributionPointTest7EE.crt", "other_certs": [ "distributionPoint2CACert.crt" ], "crls": [ "distributionPoint2CACRL.crl" ], "path_len": 3 }, { "id": "41408", "name": "invalid_distributionpoint_test8", "cert": "InvaliddistributionPointTest8EE.crt", "other_certs": [ "distributionPoint2CACert.crt" ], "crls": [ "distributionPoint2CACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because no revocation information could be found for the end-entity certificate" } }, { "id": "41409", "name": "invalid_distributionpoint_test9", "cert": "InvaliddistributionPointTest9EE.crt", "other_certs": [ "distributionPoint2CACert.crt" ], "crls": [ "distributionPoint2CACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because no revocation information could be found for the end-entity certificate" } }, { "id": "41410", "name": "valid_no_issuingdistributionpoint_test10", "cert": "ValidNoissuingDistributionPointTest10EE.crt", "other_certs": [ "NoissuingDistributionPointCACert.crt" ], "crls": [ "NoissuingDistributionPointCACRL.crl" ], "path_len": 3 }, { "id": "41411", "name": "invalid_onlycontainsusercerts_crl_test11", "cert": "InvalidonlyContainsUserCertsTest11EE.crt", "other_certs": [ "onlyContainsUserCertsCACert.crt" ], "crls": [ "onlyContainsUserCertsCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: CRL only contains end-entity certificates and certificate is a CA certificate" } }, { "id": "41412", "name": "invalid_onlycontainscacerts_crl_test12", "cert": "InvalidonlyContainsCACertsTest12EE.crt", "other_certs": [ "onlyContainsCACertsCACert.crt" ], "crls": [ "onlyContainsCACertsCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: CRL only contains CA certificates and certificate is an end-entity certificate" } }, { "id": "41413", "name": "valid_onlycontainscacerts_crl_test13", "cert": "ValidonlyContainsCACertsTest13EE.crt", "other_certs": [ "onlyContainsCACertsCACert.crt" ], "crls": [ "onlyContainsCACertsCACRL.crl" ], "path_len": 3 }, { "id": "41414", "name": "invalid_onlycontainsattributecerts_crl_test14", "cert": "InvalidonlyContainsAttributeCertsTest14EE.crt", "other_certs": [ "onlyContainsAttributeCertsCACert.crt" ], "crls": [ "onlyContainsAttributeCertsCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: CRL only contains attribute certificates" } }, { "id": "41415", "name": "invalid_onlysomereasons_test15", "cert": "InvalidonlySomeReasonsTest15EE.crt", "other_certs": [ "onlySomeReasonsCA1Cert.crt" ], "crls": [ "onlySomeReasonsCA1compromiseCRL.crl", "onlySomeReasonsCA1otherreasonsCRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "41416", "name": "invalid_onlysomereasons_test16", "cert": "InvalidonlySomeReasonsTest16EE.crt", "other_certs": [ "onlySomeReasonsCA1Cert.crt" ], "crls": [ "onlySomeReasonsCA1compromiseCRL.crl", "onlySomeReasonsCA1otherreasonsCRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a certificate hold" } }, { "id": "41417", "name": "invalid_onlysomereasons_test17", "cert": "InvalidonlySomeReasonsTest17EE.crt", "other_certs": [ "onlySomeReasonsCA2Cert.crt" ], "crls": [ "onlySomeReasonsCA2CRL1.crl", "onlySomeReasonsCA2CRL2.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: The available CRLs do not cover all revocation reasons" } }, { "id": "41418", "name": "valid_onlysomereasons_test18", "cert": "ValidonlySomeReasonsTest18EE.crt", "other_certs": [ "onlySomeReasonsCA3Cert.crt" ], "crls": [ "onlySomeReasonsCA3compromiseCRL.crl", "onlySomeReasonsCA3otherreasonsCRL.crl" ], "path_len": 3 }, { "id": "41419", "name": "valid_onlysomereasons_test19", "cert": "ValidonlySomeReasonsTest19EE.crt", "other_certs": [ "onlySomeReasonsCA4Cert.crt" ], "crls": [ "onlySomeReasonsCA4compromiseCRL.crl", "onlySomeReasonsCA4otherreasonsCRL.crl" ], "path_len": 3 }, { "id": "41420", "name": "invalid_onlysomereasons_test20", "cert": "InvalidonlySomeReasonsTest20EE.crt", "other_certs": [ "onlySomeReasonsCA4Cert.crt" ], "crls": [ "onlySomeReasonsCA4compromiseCRL.crl", "onlySomeReasonsCA4otherreasonsCRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "41421", "name": "invalid_onlysomereasons_test21", "cert": "InvalidonlySomeReasonsTest21EE.crt", "other_certs": [ "onlySomeReasonsCA4Cert.crt" ], "crls": [ "onlySomeReasonsCA4compromiseCRL.crl", "onlySomeReasonsCA4otherreasonsCRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to an affiliation change" } }, { "id": "41422", "name": "valid_idp_with_indirectcrl_test22", "cert": "ValidIDPwithindirectCRLTest22EE.crt", "other_certs": [ "indirectCRLCA1Cert.crt" ], "crls": [ "indirectCRLCA1CRL.crl" ], "path_len": 3 }, { "id": "41423", "name": "invalid_idp_with_indirectcrl_test23", "cert": "InvalidIDPwithindirectCRLTest23EE.crt", "other_certs": [ "indirectCRLCA1Cert.crt" ], "crls": [ "indirectCRLCA1CRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "41424", "name": "valid_idp_with_indirectcrl_test24", "cert": "ValidIDPwithindirectCRLTest24EE.crt", "other_certs": [ "indirectCRLCA1Cert.crt", "indirectCRLCA2Cert.crt" ], "crls": [ "indirectCRLCA1CRL.crl" ], "path_len": 3 }, { "id": "41425", "name": "valid_idp_with_indirectcrl_test25", "cert": "ValidIDPwithindirectCRLTest25EE.crt", "other_certs": [ "indirectCRLCA1Cert.crt", "indirectCRLCA2Cert.crt" ], "crls": [ "indirectCRLCA1CRL.crl" ], "path_len": 3 }, { "id": "41426", "name": "invalid_idp_with_indirectcrl_test26", "cert": "InvalidIDPwithindirectCRLTest26EE.crt", "other_certs": [ "indirectCRLCA1Cert.crt", "indirectCRLCA2Cert.crt" ], "crls": [ "indirectCRLCA1CRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because no revocation information could be found for the end-entity certificate" } }, { "id": "41427", "name": "invalid_crlissuer_test27", "cert": "InvalidcRLIssuerTest27EE.crt", "other_certs": [ "GoodCACert.crt", "indirectCRLCA2Cert.crt" ], "crls": [ "GoodCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because no revocation information could be found for the end-entity certificate" } }, { "id": "41428", "name": "valid_crlissuer_test28", "cert": "ValidcRLIssuerTest28EE.crt", "other_certs": [ "indirectCRLCA3Cert.crt", "indirectCRLCA3cRLIssuerCert.crt" ], "crls": [ "indirectCRLCA3CRL.crl", "indirectCRLCA3cRLIssuerCRL.crl" ], "path_len": 3 }, { "id": "41429", "name": "valid_crlissuer_test29", "cert": "ValidcRLIssuerTest29EE.crt", "other_certs": [ "indirectCRLCA3Cert.crt", "indirectCRLCA3cRLIssuerCert.crt" ], "crls": [ "indirectCRLCA3CRL.crl", "indirectCRLCA3cRLIssuerCRL.crl" ], "path_len": 3 }, { "id": "41430", "name": "valid_crlissuer_test30", "cert": "ValidcRLIssuerTest30EE.crt", "other_certs": [ "indirectCRLCA4Cert.crt", "indirectCRLCA4cRLIssuerCert.crt" ], "crls": [ "indirectCRLCA4cRLIssuerCRL.crl" ], "path_len": 3 }, { "id": "41431", "name": "invalid_crlissuer_test31", "cert": "InvalidcRLIssuerTest31EE.crt", "other_certs": [ "indirectCRLCA5Cert.crt", "indirectCRLCA6Cert.crt" ], "crls": [ "indirectCRLCA5CRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "41432", "name": "invalid_crlissuer_test32", "cert": "InvalidcRLIssuerTest32EE.crt", "other_certs": [ "indirectCRLCA5Cert.crt", "indirectCRLCA6Cert.crt" ], "crls": [ "indirectCRLCA5CRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "41433", "name": "valid_crlissuer_test33", "cert": "ValidcRLIssuerTest33EE.crt", "other_certs": [ "indirectCRLCA5Cert.crt", "indirectCRLCA6Cert.crt" ], "crls": [ "indirectCRLCA5CRL.crl" ], "path_len": 3 }, { "id": "41434", "name": "invalid_crlissuer_test34", "cert": "InvalidcRLIssuerTest34EE.crt", "other_certs": [ "indirectCRLCA5Cert.crt" ], "crls": [ "indirectCRLCA5CRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "41435", "name": "invalid_crlissuer_test35", "cert": "InvalidcRLIssuerTest35EE.crt", "other_certs": [ "indirectCRLCA5Cert.crt" ], "crls": [ "indirectCRLCA5CRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because no revocation information could be found for the end-entity certificate" } }, { "id": "41501", "name": "invalid_deltacrlindicator_no_base_set_test1", "cert": "InvaliddeltaCRLIndicatorNoBaseTest1EE.crt", "other_certs": [ "deltaCRLIndicatorNoBaseCACert.crt" ], "crls": [ "deltaCRLIndicatorNoBaseCACRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because no revocation information could be found for the end-entity certificate" } }, { "id": "41502", "name": "valid_deltacrl_test2", "cert": "ValiddeltaCRLTest2EE.crt", "other_certs": [ "deltaCRLCA1Cert.crt" ], "crls": [ "deltaCRLCA1CRL.crl", "deltaCRLCA1deltaCRL.crl" ], "path_len": 3 }, { "id": "41503", "name": "invalid_deltacrl_test3", "cert": "InvaliddeltaCRLTest3EE.crt", "other_certs": [ "deltaCRLCA1Cert.crt" ], "crls": [ "deltaCRLCA1CRL.crl", "deltaCRLCA1deltaCRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "41504", "name": "invalid_deltacrl_test4", "cert": "InvaliddeltaCRLTest4EE.crt", "other_certs": [ "deltaCRLCA1Cert.crt" ], "crls": [ "deltaCRLCA1CRL.crl", "deltaCRLCA1deltaCRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-06-01, due to a compromised key" } }, { "id": "41505", "name": "valid_deltacrl_test5", "cert": "ValiddeltaCRLTest5EE.crt", "other_certs": [ "deltaCRLCA1Cert.crt" ], "crls": [ "deltaCRLCA1CRL.crl", "deltaCRLCA1deltaCRL.crl" ], "path_len": 3 }, { "id": "41506", "name": "invalid_deltacrl_test6", "cert": "InvaliddeltaCRLTest6EE.crt", "other_certs": [ "deltaCRLCA1Cert.crt" ], "crls": [ "deltaCRLCA1CRL.crl", "deltaCRLCA1deltaCRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "41507", "name": "valid_deltacrl_test7", "cert": "ValiddeltaCRLTest7EE.crt", "other_certs": [ "deltaCRLCA1Cert.crt" ], "crls": [ "deltaCRLCA1CRL.crl", "deltaCRLCA1deltaCRL.crl" ], "path_len": 3 }, { "id": "41508", "name": "valid_deltacrl_test8", "cert": "ValiddeltaCRLTest8EE.crt", "other_certs": [ "deltaCRLCA2Cert.crt" ], "crls": [ "deltaCRLCA2CRL.crl", "deltaCRLCA2deltaCRL.crl" ], "path_len": 3 }, { "id": "41509", "name": "invalid_deltacrl_test9", "cert": "InvaliddeltaCRLTest9EE.crt", "other_certs": [ "deltaCRLCA2Cert.crt" ], "crls": [ "deltaCRLCA2CRL.crl", "deltaCRLCA2deltaCRL.crl" ], "path_len": 3, "error": { "class": "RevokedError", "msg_regex": "CRL indicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key" } }, { "id": "41510", "name": "invalid_deltacrl_test10", "cert": "InvaliddeltaCRLTest10EE.crt", "other_certs": [ "deltaCRLCA3Cert.crt" ], "crls": [ "deltaCRLCA3CRL.crl", "deltaCRLCA3deltaCRL.crl" ], "path_len": 3, "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: CRL is not recent enough" } }, { "id": "41601", "name": "valid_unknown_not_critical_certificate_extension_test1", "cert": "ValidUnknownNotCriticalCertificateExtensionTest1EE.crt", "path_len": 2 }, { "id": "41602", "name": "invalid_unknown_critical_certificate_extension_test2", "cert": "InvalidUnknownCriticalCertificateExtensionTest2EE.crt", "path_len": 2, "error": { "class": "PathValidationError", "msg_regex": "The path could not be validated because the end-entity certificate contains the following unsupported critical extension: 2.16.840.1.101.2.1.12.2" } } ] certvalidator-0.26.3/tests/fixtures/nist_pkits/readme.md000066400000000000000000000001441453642760600234420ustar00rootroot00000000000000Path validation fixtures from http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html. certvalidator-0.26.3/tests/fixtures/openssl-ocsp/000077500000000000000000000000001453642760600221225ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/openssl-ocsp/D1.ors000066400000000000000000000037441453642760600231230ustar00rootroot00000000000000MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRf2uQDFpGg Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMjMxMDI1MzZaMHUwczBLMAkGBSsOAwIaBQAE FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDIzMDcwMDAwWqARGA8yMDEyMTAzMDA4 MDAwMFowCwYJKoZIhvcNAQEFA4IBAQAJU3hXN7NApN50/vlZTG2p8+QQJp4uaod3 wyBQ0Ux3DoQZQ9RG6/7Mm4qpOLCCSTh/lJjZ0fD+9eB3gcp/JupN1JrU+dgTyv/Y 9MOctJz7y+VoU9I+qB8knV4sQCwohAVm8GmA9s4p/rHq5Oymci0SuG/QCfkVxOub rI1bWjbHLvvXyvF3PoGMORVHG3SA+jJ9VkHWJyi6brHxY+QR/iYxer8lJsBtpyc7 q2itFgvax/OHwne3lxsck9q0QgKpmEdJu2LuGyWFIhrEwR3b7ASEu1G/nKClv3dR vyOXMm1XIwuUhCjAcpNEKiOMorFwnLS1F8LhfqFWTAFG0JbWpAi8oIID+DCCA/Qw ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi 9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3 tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+ snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG 5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p 4J2l certvalidator-0.26.3/tests/fixtures/openssl-ocsp/D1_Cert_EE.pem000066400000000000000000000045321453642760600244230ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIGujCCBaKgAwIBAgISESG8vx4IzALnkqQG05AvM+2bMA0GCSqGSIb3DQEBBQUA MFkxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMS8wLQYD VQQDEyZHbG9iYWxTaWduIEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EgLSBHMjAeFw0x MjA4MTQxMjM1MDJaFw0xMzA4MTUxMDMxMjlaMIIBCjEdMBsGA1UEDwwUUHJpdmF0 ZSBPcmdhbml6YXRpb24xDzANBgNVBAUTBjU3ODYxMTETMBEGCysGAQQBgjc8AgED EwJVUzEeMBwGCysGAQQBgjc8AgECEw1OZXcgSGFtcHNoaXJlMQswCQYDVQQGEwJV UzEWMBQGA1UECAwNTmV3IEhhbXBzaGlyZTETMBEGA1UEBwwKUG9ydHNtb3V0aDEg MB4GA1UECRMXVHdvIEludGVybmF0aW9uYWwgRHJpdmUxDTALBgNVBAsMBC5DT00x GzAZBgNVBAoMEkdNTyBHbG9iYWxTaWduIEluYzEbMBkGA1UEAwwSd3d3Lmdsb2Jh bHNpZ24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx/nHBP4 6s5KKMDlfZS4qFDiAWsoPSRn6WO4nrUF/G2S3I/AdJ0IcSDOHb48/3APj5alqbgo o4IzdG6KLAbENpHMl0L3pHBq/5tJPTi02SbiYUHfp2fhueMauRo8spfEk6fNRnDn QpyMFRkYd7Jz+KMerTO1xAcOH+xp0KkcP0i2jFTEuM3LwR0yTms1rry+RryjDDt5 7W0DLnNFWhyGd6YymzNkCPeL6weV8uk2uYRKKf2XOAzgIpNo3zU6iakZOzlQB9h9 qRuIks2AU/cZ89cBkDjHua0ezX5rG3/Url33jAT9cR5zCXHWtj7VzlOjDXXnn16b L9/AWsvGMNkYHQIDAQABo4ICxzCCAsMwDgYDVR0PAQH/BAQDAgWgMEwGA1UdIARF MEMwQQYJKwYBBAGgMgEBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2Jh bHNpZ24uY29tL3JlcG9zaXRvcnkvMIIBKwYDVR0RBIIBIjCCAR6CEnd3dy5nbG9i YWxzaWduLmNvbYIVc3RhdHVzLmdsb2JhbHNpZ24uY29tghF0aC5nbG9iYWxzaWdu LmNvbYISZGV2Lmdsb2JhbHNpZ24uY29tghNpbmZvLmdsb2JhbHNpZ24uY29tghZh cmNoaXZlLmdsb2JhbHNpZ24uY29tghZzdGF0aWMxLmdsb2JhbHNpZ24uY29tghZz dGF0aWMyLmdsb2JhbHNpZ24uY29tghNibG9nLmdsb2JhbHNpZ24uY29tghdzc2xj aGVjay5nbG9iYWxzaWduLmNvbYIVc3lzdGVtLmdsb2JhbHNpZ24uY29tghhvcGVy YXRpb24uZ2xvYmFsc2lnbi5jb22CDmdsb2JhbHNpZ24uY29tMAkGA1UdEwQCMAAw HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD8GA1UdHwQ4MDYwNKAyoDCG Lmh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3NleHRlbmR2YWxnMi5jcmww gYgGCCsGAQUFBwEBBHwwejBBBggrBgEFBQcwAoY1aHR0cDovL3NlY3VyZS5nbG9i YWxzaWduLmNvbS9jYWNlcnQvZ3NleHRlbmR2YWxnMi5jcnQwNQYIKwYBBQUHMAGG KWh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc2V4dGVuZHZhbGcyMB0GA1Ud DgQWBBSvMoTDlFB0aVgVrNkkS1QSmYfx1zAfBgNVHSMEGDAWgBSwsEr9HHUo+Bxh qhP2+sGQPWsWozANBgkqhkiG9w0BAQUFAAOCAQEAgnohm8IRw1ukfc0GmArK3ZLC DLGpsefwWMvNrclqwrgtVrBx4pfe5xGAjqyQ2QI8V8a8a1ytVMCSC1AMWiWxawvW fw48fHunqtpTYNDyEe1Q+7tTGZ0SQ3HljYY9toVEjAMDhiM0Szl6ERRO5S7BTCen mDpWZF8w3ScRRY2UJc8xwWFiYyGWDNzNL1O8R2Y95QIkHUgQpSD3cjl4YvF/Xx/o hBEzl884uNAggIyQRu0ImLEetEtHWB2w0pZG3nTAqjOAAAyH2Q8IHoJtjQzvg6fy IQEO1C5GoQ7isiKIjKBXVYOm+gKSQXlzwj1BlU/OW6kEe24IiERhAN9ILA24wA== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/D1_Issuer_ICA.pem000066400000000000000000000031371453642760600251030ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz MTAwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoUbMUpq4pbR/WNnN 2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB /wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8 BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl TercGL7FG81kwA== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/D2.ors000066400000000000000000000037741453642760600231270ustar00rootroot00000000000000MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB yVdbHxANRLCFYj1mqBgPMjAxMjEwMjMxMDI1MzZaMG4wbDBEMAkGBSsOAwIaBQAE FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL BgkqhkiG9w0BAQUDggEBAEJN4FuPQPnizPIwEj4Q8Ht765gI6QqMNrvj3UykxYeu qUajKcqA+V1zaDHTaz+eCQthtmCNKC9T+zVkjGelVsd7Kn2fVKWqp+5wVPI8dVkm 6Gs/IGZ16HDnQ/siTrY3ILWCRz4Hf6lnHpIErQuQRQyjlGKNcE7RYmjGw4w0bxx8 vHN/baCMApBL0D0zeBqlpJCMUZqJJ3D1+87HxHYR1MkMZDC9rOPIhlpEP4yL17gx ckrPf+w+A/3kC++jVeA3b8Xtr+MaWOFH4xVn6BTxopczZKVl18tSYqgwITlx5/cL LpYEdllC0l83E8GRzsOp0SvFxo0NBotgFNZQQujpOzagggQQMIIEDDCCBAgwggLw oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL 866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5 MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7 8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb 4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC fBIRKjnK621vAWvc7UR+0hqnZ+U= certvalidator-0.26.3/tests/fixtures/openssl-ocsp/D2_Cert_ICA.pem000066400000000000000000000031121453642760600245200ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEdzCCA1+gAwIBAgILBAAAAAABL07hRxAwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wNjEyMTUwODAw MDBaFw0yODAxMjgxMjAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBD QSAtIFIyMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps8kDr4ubyiZRULEqz4h VJsL03+EcPoSs8u/h1/Gf4bTsjBc1v2t8Xvc5fhglgmSEPXQU977e35ziKxSiHtK pspJpl6op4xaEbx6guu+jOmzrJYlB5dKmSoHL7Qed7+KD7UCfBuWuMW5Oiy81hK5 61l94tAGhl9eSWq1OV6INOy8eAwImIRsqM1LtKB9DHlN8LgtyyHK1WxbfeGgKYSh +dOUScskYpEgvN0L1dnM+eonCitzkcadG6zIy+jgoPQvkItN+7A2G/YZeoXgbfJh E4hcn+CTClGXilrOr6vV96oJqmC93Nlf33KpYBNeAAHJSvo/pOoHAyECjoLKA8Kb jwIDAQABo4IBTTCCAUkwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w HQYDVR0OBBYEFJviB1dnHB7AagbeWbSaLd/cGYYuMEcGA1UdIARAMD4wPAYEVR0g ADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBv c2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24u bmV0L3Jvb3QuY3JsMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDov L29jc3AuZ2xvYmFsc2lnbi5jb20vcm9vdHIxMCkGA1UdJQQiMCAGCCsGAQUFBwMB BggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30E zTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEAOg/NJk04MAioxvxc2Ah67/ocKgPO Mq5EluFSA5UKUtZnr1uWfN0ZizBbNjprbqAVxoKhyzlmAFeLAqJuhfusVVq4FVAa kN4JSOyo9lccGDG9xn3IvevCpzlRbaL/HHjeHCcE4c8klegO5NUfsPn7UMrLbp5i JniG9cT1eI/dcq9uLtWe3c48y7jHLVRg1+WcAkuGRPBXUSvNCps8sfU6TB2KxfAw PmWHxA5fbkqsiqge5/rkM4AVhFZlJZv7njCIy5EWwQXDqSTsIdLVsPy3I0annff3 xlMSeDe0E3OPN5deBJv5mYuTPiZCl5/9HrXVy4hINKJmoPqsco/dRy+CdA== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/D2_Issuer_Root.pem000066400000000000000000000023551453642760600254340ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp 1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE 38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/D3.ors000066400000000000000000000045561453642760600231270ustar00rootroot00000000000000MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAyMzEwMzkzMFowZjBkMDwwCQYF Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y ORjRAgMLs8aAABgPMjAxMjEwMjMwOTU5MTJaoBEYDzIwMTIxMDI1MTAzOTMwWjAN BgkqhkiG9w0BAQUFAAOCAQEAYaaAzW26JQGFRyawj9ROtnSdJ9QPJ6B/wfpJif8e QU9lmKx0zIDdTum3Mc5tfxML71W025UW9jzowAfQ5bZbqa4nwZlWX5Py3hKebeYo WiND4pvhS4BRkheSkycEok0bj1FJYWYiJVpnTqKAPnOKrlL4qvGC2IOHk2toS/Je iLyoUwxrPtqaXt4Caoa3I70HE3H1QqvPIGIY6V4bxV7Km/xv99QOutkbfANGiNsx W7EDB3TRNhldzMnjEwG58X5Pe3xwEVqjCiBL+wQ8JALn08bJzFn9E04aYrqCGc8s gw1dgaBoZt+0vbQUN71KEocwMj5mzJqottOyqNwo7FZnBaCCBL4wggS6MIIEtjCC Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr 2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU 6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo 5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a wG/pag== certvalidator-0.26.3/tests/fixtures/openssl-ocsp/D3_Cert_EE.pem000066400000000000000000000052341453642760600244250ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIFZDCCA0ygAwIBAgIDC7PGMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y dEBjYWNlcnQub3JnMB4XDTEyMDUwNjE4NDY0MVoXDTE0MDUwNjE4NDY0MVowWzEL MAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYD VQQKEwtDQWNlcnQgSW5jLjEXMBUGA1UEAxMOd3d3LmNhY2VydC5vcmcwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeNSAxSFtymeN6rQD69eXIJEnCCP7Z 24/fdOgxRDSBhfQDUVhdmsuDOvuziOoWGqRxZPcWdMEMRcJ5SrA2aHIstvnaLhUl xp2fuaeXx9XMCJ9ZmzHZbH4wqLaU+UlhcSsdkPzapf3N3HaUAW8kT4bHEGzObYVC UBxxhpY01EoGRQmnFojzLNF3+0O1npQzXg5MeIWHW/Z+9jE+6odL6IXgg1bvrP4d FgoveTcG6BmJu+50RwHaUad7hQuNeS+pNsVzCiDdMF2qoCQXtAGhnEQ9/KHpBD2z ISBVIyEbYxdyU/WxnkaOof63Mf/TAgMNzVN9duqEtFyvvMrQY1XkBBwfAgMBAAGj ggERMIIBDTAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMCBggrBgEF BQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEF BQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMIGE BgNVHREEfTB7gg53d3cuY2FjZXJ0Lm9yZ4IRc2VjdXJlLmNhY2VydC5vcmeCEnd3 d21haWwuY2FjZXJ0Lm9yZ4IKY2FjZXJ0Lm9yZ4IOd3d3LmNhY2VydC5uZXSCCmNh Y2VydC5uZXSCDnd3dy5jYWNlcnQuY29tggpjYWNlcnQuY29tMA0GCSqGSIb3DQEB BQUAA4ICAQA2+uCGX18kZD8gyfj44TlwV4TXJ5BrT0M9qogg2k5u057i+X2ePy3D iE2REyLkU+i5ekH5gvTl74uSJKtpSf/hMyJEByyPyIULhlXCl46z2Z60drYzO4ig apCdkm0JthVGvk6/hjdaxgBGhUvSTEP5nLNkDa+uYVHJI58wfX2oh9gqxf8VnMJ8 /A8Zi6mYCWUlFUobNd/ozyDZ6WVntrLib85sAFhds93nkoUYxgx1N9Xg/I31/jcL 6bqmpRAZcbPtvEom0RyqPLM+AOgySWiYbg1Nl8nKx25C2AuXk63NN4CVwkXpdFF3 q5qk1izPruvJ68jNW0pG7nrMQsiY2BCesfGyEzY8vfrMjeR5MLNv5r+obeYFnC1j uYp6JBt+thW+xPFzHYLjohKPwo/NbMOjIUM9gv/Pq3rVRPgWru4/8yYWhrmEK370 rtlYBUSGRUdR8xed1Jvs+4qJ3s9t41mLSXvUfwyPsT7eoloUAfw3RhdwOzXoC2P6 ftmniyu/b/HuYH1AWK+HFtFi9CHiMIqOJMhj/LnzL9udrQOpir7bVej/mlb3kSRo 2lZymKOvuMymMpJkvBvUU/QEbCxWZAkTyqL2qlcQhHv7W366DOFjxDqpthaTRD69 T8i/2AnsBDjYFxa47DisIvR57rLmE+fILjSvd94N/IpGs3lSOS5JeA== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/D3_Issuer_Root.pem000066400000000000000000000120731453642760600254330ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ 8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg 18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc 7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz 0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 4GGSt/M3mMS+lqO3ig== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISDOSC_D1.ors000066400000000000000000000037441453642760600241670ustar00rootroot00000000000000MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBSpTXftIZX0 lLT9zwVSQC5Jfp3pqhgPMjAxMjEwMTAxNDU0NDNaMHUwczBLMAkGBSsOAwIaBQAE FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDEwMTMwMDAwWqARGA8yMDEyMTAxNzEz MDAwMFowCwYJKoZIhvcNAQEFA4IBAQBw5Z+0ggEddRTIq7cXlMoxG9Nrx4HtutsH itIUoZp/rlLoxHsJTo/VmdZvTTGIc7Ok9XuoH61lY/x9glAKsGRjz4Myc9+5rx0O 675lwmOS+uaf3/hRkicVrVr7Pt2ug3R7OXm2MJrohjNKP8lqtLJ0hHP88a8rotKA r9uz/qHm7K4Uh7dRt/Pnu9MPG74tZeFNN4M1ONMEiRdG39FqzFDXWxwQ3NmyC0Wo DQn+NklZMknr8mm7IBWpzgU1fTD9R0yv0zdhUZGiEXxvdhm7GJrTET5jS30Ksm5j o+n39YVu/vGbjyyYx3+WdeQLEyipaGvldSuJpT+R684/RuFWNetcoIID+DCCA/Qw ggPwMIIC2KADAgECAhIRIcYjwu4UNkR1VGrDbSdFei8wDQYJKoZIhvcNAQEFBQAw WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy MDkxOTA3NDAzMVoXDTEyMTIxOTA4NDAzMVowgYUxCzAJBgNVBAYTAkJFMRkwFwYD VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDExFzAVBgNV BAUTDjIwMTIwOTE5MDkzOTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAxkkb6QhDH3sEDj4zaysjVzYelq9lZ1cso4R2IyQxaoPaG6GkaCmHA4sz6KP+ m3ADqplibEUBa/mzCxHW8/oy3NhGMFdbezduZrnRFLbzakOTeIo8VEIM3JPfgREv CX8nj6Xu7ERD6JO/ZQ9Xr7YVzKKN+3cVZlcMHoGBnOPcO2Sz0AcYyk5m5IsGBRoT T86j6Cr9PhOPTVwXL6Wxy1KVHsUZXUwnRacV0O4SHWQ4zM9Sablus9fTbh1CgIqW sKDyzVB4yECXkBVeUlA+cuCaRRVHRiR+jPDSgbU62nnNudEpGG7dyoop6IOvXv2O ydncWzaukxIVvQ/Ij85kHqs7HQIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw HQYDVR0OBBYEFKlNd+0hlfSUtP3PBVJALkl+nemqMB8GA1UdIwQYMBaAFLCwSv0c dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCe4rZg61Dmwygl/Uae BJZog64/FvuB1sfCqKLJTjKOfLcugSTX1TT7bLJbzXRGPQuorI3TIZEOwldIw01d DTLlsOCHrfHd+bpxgijxPkUuaA4NYnpvqTEMJqPKOC8QYfKupNjAPSuHvwqvqCfO RCe3jY6xQDO0WCTZ8/xMsOkw+J/YEYqALETf2Ug7k5eRL/TvfLd8Sgi7vPfmUeiW ptlsbhMOWQoQc+JA3vCI01rrjNq+0kIZ/r8nPGvablRr0Aakk6eDuS2dcReaPwuK 0xE136pJYiXdQ3SA7uwmlorjxmejavyoPCr23TU74DQEt6hhc6uIcabsa4Y8KvJy RI4F certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISDOSC_D2.ors000066400000000000000000000037741453642760600241730ustar00rootroot00000000000000MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB yVdbHxANRLCFYj1mqBgPMjAxMjEwMTEwOTE1MzNaMG4wbDBEMAkGBSsOAwIaBQAE FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL BgkqhkiG9w0BAQUDggEBAF/9ByrCS+pCCK4qovqUAH/yoWckmpLFCzKJGHkErJeY FlUbAJuu/Gs0IdLmLp+2VbStjsL4vLtDU2Q4e417C1fm8+ixh+kP7qPRd8cxyMBx cmD2m1v0CgbrflCZEC71cTrrWpcW+6jg623lI4Ug3A4zlizbT/f9IrxuV9VB9/G5 6kPI5dYOVZM0ColIxmJsafuxfr6ONQLPHKTlZJK3SyWebs25006OmrSyfBi0j26j WU5d6B2NJZBKqvDVMXxZ0q6QOgKxOs8WD+6DaA1d1f7gTOl45XJZWz5KnRePyRxM Fp0ak6XYbE1y2vHE2RWp1w4lcVJ0BUQXWxx+g86F5W2gggQQMIIEDDCCBAgwggLw oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL 866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5 MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7 8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb 4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC fBIRKjnK621vAWvc7UR+0hqnZ+Y= certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISDOSC_D3.ors000066400000000000000000000045561453642760600241730ustar00rootroot00000000000000MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTEwMTAyMVowZjBkMDwwCQYF Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y ORjRAgMLs8aAABgPMjAxMjEwMTEwOTUyNDJaoBEYDzIwMTIxMDEzMTAxMDIxWjAN BgkqhkiG9w0BAQUFAAOCAQEAWX7faLDXkmIdOv/IKBh7awhPmGUhFPVSrMI4dc9/ fcPDOYhFwWr9evKT/QdXRGpZY493mfa4Z6eEDxRDTexOloaiaJzVpSeV9hoJUxoS 8NEWDyi33bDlIJH6zru4kk1LpuSMiSWsvLaeoRhHmW3EPDeadpCa5tYX2yNW5hdP iCfphDJ34/hWHHwHP6mLd1wEO1Rw6nymqeDbuLk1FviD/ZWXMGzK8Sv++tmsQ0Tg 7XrkIPcSrozPKOTCf/1iJVF5KeQVIb0Ju1PvGUKtGaVTX8IZQmer2WQ1D6OOUcsS cWA6NSpWmScX/0/uBpXdSDX0AnGUS9SNrPNEolz6rA5OUaCCBL4wggS6MIIEtjCC Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr 2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU 6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo 5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a wG/paw== certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISIC_D1_Issuer_ICA.pem000066400000000000000000000031371453642760600257120ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz MTAwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoUbMUpq4pbR/WNnN 2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB /wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8 BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl TercGL7FG81kwQ== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISIC_D2_Issuer_Root.pem000066400000000000000000000023551453642760600262430ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp 1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE 38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4Q== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISIC_D3_Issuer_Root.pem000066400000000000000000000050111453642760600262340ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ 8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg 18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVE -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISIC_ND1_Issuer_ICA.pem000066400000000000000000000034111453642760600260230ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi 7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY 5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1 MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9 P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40 TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl 9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf7 -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISIC_ND2_Issuer_Root.pem000066400000000000000000000025471453642760600263640ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI 2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8 t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug R1uUq27UlTMdphVx8fiUylQ5PsI= -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISIC_ND3_Issuer_Root.pem000066400000000000000000000027611453642760600263630ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgU= -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISOP_D1.ors000066400000000000000000000037441453642760600237550ustar00rootroot00000000000000MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBSpTXftIZX0 lLT9zwVSQC5Jfp3pqhgPMjAxMjEwMTAxMTU1NDVaMHUwczBLMAkGBSsOAwIaBQAE FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDEwMTAwMDAwWqARGA8yMDEyMTAxNzEw MDAwMFowCwYJKoZIhvcNAQEFA4IBAQCaiUf6TuPaSmZR2i3hUwqdEfhjcZkcCXPu 9diWuDZbaL6ubthfeTwx6OsZ0eM3Q+WPhBNlYQ9Sm8PDUQsQiq3YvuYu+QUisChx PN6BUEwFQZAGz+FX2h5+kAmK1M/xZeXMBCXJWJCClagiw5hOJfeV0ue7RUZRVuZv am0ZjyIeLsxsIrxghlcaJRosFmYNoM++euu5lvclutv1UQ5yyNxlYy0T/jA9gS07 WJ/i38+zxnXTuAPOm67p5N1IkEAEg/7OPRIG17Ig1C38NctN74vAOdTU1d/ay05V Bz4ZiI9PffkUkPgW2QRQCEjv50i80wYkKH5pIbT/mTk4t53DUK1UoIID+DCCA/Qw ggPwMIIC2KADAgECAhIRIcYjwu4UNkR1VGrDbSdFei8wDQYJKoZIhvcNAQEFBQAw WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy MDkxOTA3NDAzMVoXDTEyMTIxOTA4NDAzMVowgYUxCzAJBgNVBAYTAkJFMRkwFwYD VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDExFzAVBgNV BAUTDjIwMTIwOTE5MDkzOTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAxkkb6QhDH3sEDj4zaysjVzYelq9lZ1cso4R2IyQxaoPaG6GkaCmHA4sz6KP+ m3ADqplibEUBa/mzCxHW8/oy3NhGMFdbezduZrnRFLbzakOTeIo8VEIM3JPfgREv CX8nj6Xu7ERD6JO/ZQ9Xr7YVzKKN+3cVZlcMHoGBnOPcO2Sz0AcYyk5m5IsGBRoT T86j6Cr9PhOPTVwXL6Wxy1KVHsUZXUwnRacV0O4SHWQ4zM9Sablus9fTbh1CgIqW sKDyzVB4yECXkBVeUlA+cuCaRRVHRiR+jPDSgbU62nnNudEpGG7dyoop6IOvXv2O ydncWzaukxIVvQ/Ij85kHqs7HQIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw HQYDVR0OBBYEFKlNd+0hlfSUtP3PBVJALkl+nemqMB8GA1UdIwQYMBaAFLCwSv0c dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCe4rZg61Dmwygl/Uae BJZog64/FvuB1sfCqKLJTjKOfLcugSTX1TT7bLJbzXRGPQuorI3TIZEOwldIw01d DTLlsOCHrfHd+bpxgijxPkUuaA4NYnpvqTEMJqPKOC8QYfKupNjAPSuHvwqvqCfO RCe3jY6xQDO0WCTZ8/xMsOkw+J/YEYqALETf2Ug7k5eRL/TvfLd8Sgi7vPfmUeiW ptlsbhMOWQoQc+JA3vCI01rrjNq+0kIZ/r8nPGvablRr0Aakk6eDuS2dcReaPwuK 0xE136pJYiXdQ3SA7uwmlorjxmejavyoPCr23TU74DQEt6hhc6uIcabsa4Y8KvJy RI4G certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISOP_D2.ors000066400000000000000000000037741453642760600237610ustar00rootroot00000000000000MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBT0zghPr/K8 jV5hpjGMML9Q+DwzShgPMjAxMjEwMTAxMjA5NTlaMG4wbDBEMAkGBSsOAwIaBQAE FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL BgkqhkiG9w0BAQUDggEBAGZY28eFWl169g7puLnKSeEzi6Ma5/rErOveFRp052ck 785B83HWkNmW/Bgw7Ws6Y7jBJce6ZQ5TMhwgNP34HuG/mVyn2ZjtCe4KKFBVnZV7 mHGx93jgKkQvdp4pbNKxZ504eZDp8UOlR9+uwWOWHVObn7o+2N8iWKErSbZ2uX54 Ajk8Hg/XN5wI4RUtcK3QpZSf3Ren5iit4NInwCpmTOkDz/IVK96BWaEQICq4VlHG ziD0H0SlBQCdcSPzZndGoCtIhNyJEL3O2y3Grg4X1XH7VeeyGesuTLEIAEMHJPJD TOVNoe5YPRK9Tqb+6jsubw8X/1b72kw3xVgb6MfC0tqgggQQMIIEDDCCBAgwggLw oAMCAQICCwQAAAAAAThXoveHMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh bmNoIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMQY/h5DSRT24n mMtD19lrn8WZzOoIl+Z9qOsrLLjEQeTMDlL7JPZh5pLaHHb6kSWT+O/RcEwpw6Dq H9jtAgDOsGoN7gCK7wJbIvn4MdmkXZqVBcVl3uLuII3v1CPnlc/zoz5d9qXcZKb6 YuzseyzhDPecQ+7l2NVAUOFUj8GXOZi//bIveMsm+/zSLMfriIC84Uym2QY649SC aFNbtF/tR6upvLCLe0b2D1g+OBfGqZasi3QI5uX6lT0gHbCnPhRo3uxG2+S4KL3M 9sndMByrR5K6QuVf7UqA1vt0CfbA2OUXwcH5x3/TsHxtXDj2F/fWnC9QBBSN5n4I G8K7ZpYtAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBT0zghP r/K8jV5hpjGMML9Q+DwzSjBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD ggEBAGU9HIQImzhTHkQLyA178dUdnF5E3DdzmNtwVV3cxGrFOLMpciMQLioQ/xp5 t6j5Mshlp59imFylqowRRxRy4aN5TtMCufNh7yHIxI2Dt4O6qpPM946t5CJkMy+k 63pXz2xFIxaJDzAmzpWzu70OY0jrh3dZa8NR4AvhtoZ8zFE6suva6ZGK7JIoINaA j5uyZ0qU+7vFwV1awdReNV6494z/HRjs1n956mNbalB9mKp9XXyfZlix/nN5mTJd NlJqz7QjnCzZRM/Gfamzk8L3/CPS3XmSblFyn6SeZ92Vms4PNqZiEUNa2TMKXQR1 EMiDRMkyfIIMI80VgRvvzCiOt0c= certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISOP_D3.ors000066400000000000000000000045561453642760600237610ustar00rootroot00000000000000MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMDEzMjE1OVowZjBkMDwwCQYF Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y ORjRAgMLs8aAABgPMjAxMjEwMTAxMzA1MjBaoBEYDzIwMTIxMDEyMTMyMTU5WjAN BgkqhkiG9w0BAQUFAAOCAQEAH1auyXFf1fOdfShSnAFkg5JsRUvajrilUioTkPIn IGYV//huaPNZwZGCC2haZIdUuKB6G2OCXeZVskBTXPjt8/6JmoHgsZeI3x5xKXxZ vddLC0PgYp0cA3FqjXR2UCpdBF+GK37rnfZsdW2vD9JaEBXxTV4+ICDAg15ZphJW lLGmdP3mQqPURIwamcYam8tntARimgEpA0KgfVue2A+izjcxC7qk9BQYG72Fh3hC ZFxi5u6xKNUQ2EBF9KXZyP9d2i/bYCZAUeUSRtir+fsOXHlihYRih9npKyAPwpHd NqhwK9NhKed8gmkX3cSaK0arBx7ev7avhM4Dqem+BzppjKCCBL4wggS6MIIEtjCC Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr 2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU 6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo 5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a wG/pag== certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISOP_ND1.ors000066400000000000000000000011761453642760600240700ustar00rootroot00000000000000MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTAwODU0NDVaMHMwcTBJMAkGBSsOAwIaBQAE FEi2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMDA4NTQ0NVqgERgPMjAxMjEwMTQwODU0 NDVaMA0GCSqGSIb3DQEBBQUAA4IBAQDHKDxWTbAHRXY7HapfhE99T+OSa/AfRYqX H9yIeMRa5VftXMyvBFuvVm/qLRwK6mxhkiVIvF/Pk5yxMjbm7xPO26D+WHOdQML4 +M4OX9BO76FjZRin5x+4b0Xo5SuSU1ulqfvSZnx+nG+hMbt/3Y7ODCEUWCYFoXNp U+TXTbv2mwJ9AL8Q/zjL4P8NJHzFJBKjEs+AAVRxTY/5RHHKU9dcm7ux/gsWoDUM w677Xxzn6icd8mqn72/HmzPnMrLHKKJFe2escbJn7JlV6qbZ9EWbrr+3OH0IJy5I E3LcPIsNZ//QEc6vS6J+j8ljV8Xne6rS1EmiOwV9NgubvYwDCm4R certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISOP_ND2.ors000066400000000000000000000011761453642760600240710ustar00rootroot00000000000000MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAwMDI1NTdaMHMwcTBJMAkGBSsOAwIaBQAE FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0 0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDAwMjU1N1qgERgPMjAxMjEwMTQwMDI1 NTdaMA0GCSqGSIb3DQEBBQUAA4IBAQCJRXcrz4wJe7bqWBHULu/QDXVz74OhSNlu swI0J4h+UmzJuW1GpdhTwJcTG3ARVwCLKz3evvpvHSumcsop0G3NolryNLP/oGD0 Vf6PbLrJ8v+NxUNugPbtWM985Ti/B2a+XjbzYlH2vS3KOTL4X1zWSL07IQFNXc2h yHBscKpYgt0mZcFZFxN3NTCNpT6IjJzZzTG9xTYZ3hZdMQQ3DYO+/Hv4J+U1/Ybq CjuMWRak/0R/BiBDJdGhbThlvV7bNUxYY7DVaOiLER8ptpmhnzlB/vsTAxZqX48J mJdv2bxoTby98Pm/BMydEA9qcFqyP1XvqhzIY35ngoS/1XREyW7t certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ISOP_ND3.ors000066400000000000000000000012021453642760600240600ustar00rootroot00000000000000MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm 9/rEJlTvA73gJMtUGhgPMjAxMjEwMDkxNjAxNTNaMHQwcjBKMAkGBSsOAwIaBQAE FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN bJWejX5BTb8DmevkCauAABgPMjAxMjEwMDkxNjAxNTNaoBEYDzIwMTIxMDEzMTYw MTUzWjANBgkqhkiG9w0BAQUFAAOCAQEAFnJAzuT8P4KKyTI6sdj5HkQ352qEu5CN K9M2kU/eg9kPfwLv8z3yArobwgx+/IDRajbVAKrk8UPCGUqkDc0OiU5c0+jpn+nT 20VVCtWsBSWDfzKqYln/NGrblhv+/iuFZJpyfud5nWguW5nogPC8IAfgt9FMDMl6 wlQWLSWEkgAJWvhNR3nzgvyMnuDuMIVQgB9/+vAIxA7nlpEEh6KTswyGqE9+u1yC kvrz4PwKZQMT6r1eRCLs6NaagOZT84QHhZ6TAA+QHjfK406KL8F9mFgbGKbW+st2 QHm+giUhrgZMv+1Yaxe34BjDS439LCPjdZ29On8FeZr3F55T+s3VzA== certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ND1.ors000066400000000000000000000011761453642760600232360ustar00rootroot00000000000000MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE FEi2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk 8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc 087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32 certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ND1_Cert_EE.pem000066400000000000000000000043041453642760600245360ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIGTTCCBTWgAwIBAgIQIuEzIiCgSN8psr+aMcKbBzANBgkqhkiG9w0BAQUFADCB jjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNDAyBgNV BAMTK0NPTU9ETyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0Ew HhcNMTEwMzMxMDAwMDAwWhcNMTMwNjI3MjM1OTU5WjCCAT8xETAPBgNVBAUTCDA0 MDU4NjkwMRMwEQYLKwYBBAGCNzwCAQMTAkdCMR0wGwYDVQQPExRQcml2YXRlIE9y Z2FuaXphdGlvbjELMAkGA1UEBhMCR0IxDzANBgNVBBETBk01IDNFUTEbMBkGA1UE CBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRYwFAYDVQQJ Ew1UcmFmZm9yZCBSb2FkMRYwFAYDVQQJEw1FeGNoYW5nZSBRdWF5MSUwIwYDVQQJ ExwzcmQgRmxvb3IsIDI2IE9mZmljZSBWaWxsYWdlMRowGAYDVQQKExFDT01PRE8g Q0EgTGltaXRlZDEaMBgGA1UECxMRQ29tb2RvIEVWIFNHQyBTU0wxGjAYBgNVBAMT EXNlY3VyZS5jb21vZG8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEA168izw0zK6cChTGFuAwNARwTu1Ky/z+dXHkSmB0tQrAk3bq7mnUPtmQ+td8r G2hlhQPd+YXQVYEW3RuopydmdB9wMlEGCCfU2ZqohsC9uut+HenCVbYvn4sSB0KJ VdOXLPCEnfdk/FmcNWcYv73HmoJXZjT0THNQmnfpo6mMGAOerenMgNuCpq1buZ8c fFUeUY18ZGLZKZyRNM6GPgVA37Dm8Ru+9Cf8/rm7NSIoVWH4BDztM3Y1BZvZ0d4G 49jRA4MXbhsDEMYzaSCDmaRHSFhCtrGkN2S4A1ZxoSoxQVCLcnnInVd+J0X8J6pa Efio/aD6UQBQq29HyTsWVe6BewIDAQABo4IB8TCCAe0wHwYDVR0jBBgwFoAUiERR /1AqaV4tiPQhutkM8s7L6nwwHQYDVR0OBBYEFKvAXKp4bYRmxU4SlM8k8FbWiXiL MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF BwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMEYGA1UdIAQ/MD0w OwYMKwYBBAGyMQECAQUBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNv bW9kby5jb20vQ1BTMFMGA1UdHwRMMEowSKBGoESGQmh0dHA6Ly9jcmwuY29tb2Rv Y2EuY29tL0NPTU9ET0V4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy bDCBhAYIKwYBBQUHAQEEeDB2ME4GCCsGAQUFBzAChkJodHRwOi8vY3J0LmNvbW9k b2NhLmNvbS9DT01PRE9FeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAzBgNVHREE LDAqghFzZWN1cmUuY29tb2RvLmNvbYIVd3d3LnNlY3VyZS5jb21vZG8uY29tMA0G CSqGSIb3DQEBBQUAA4IBAQC9SoVG+B40khDWAzlz+G0WDBM3OuqK5n8vY/XxdPS5 qyv6K05S4VRGR/6PQa1UVzMbnhfLh54OWrpnalRGabpTmKDu8Pa912pzDSzMxg4U Rff4/hVLd1n/58q+riLxdtkIigLUjtFfwUrE1H89QODOCb4nw7f9BQaDoug+ovM3 KO9rxVZ/3TshaxW0mPVM/cMbX+6RrQ7+d1y5fdX/fksCZhOW+P25+FPlaorQEWNa s0UZNQ6qVuxB7CPmnLqmLBfAKTbeKcQFxx//0eyyZqCkzIvYUNjeRR0Q7DnxXq4C Pj1Y6VcPJDmZOeogte5/vNIdU8Wq55IJJ1G/uKXztwVT -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ND1_Issuer_ICA.pem000066400000000000000000000034111453642760600252140ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi 7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY 5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1 MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9 P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40 TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl 9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6 -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ND2.ors000066400000000000000000000011761453642760600232370ustar00rootroot00000000000000MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0 0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC +ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ND2_Cert_ICA.pem000066400000000000000000000034111453642760600246400ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi 7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY 5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1 MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9 P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40 TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl 9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6 -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ND2_Issuer_Root.pem000066400000000000000000000025471453642760600255550ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI 2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8 t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug R1uUq27UlTMdphVx8fiUylQ5PsE= -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ND3.ors000066400000000000000000000012021453642760600232260ustar00rootroot00000000000000MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm 9/rEJlTvA73gJMtUGhgPMjAxMjEwMTExMTM2NDdaMHQwcjBKMAkGBSsOAwIaBQAE FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTExMTM2NDdaoBEYDzIwMTIxMDE1MTEz NjQ3WjANBgkqhkiG9w0BAQUFAAOCAQEAfnj3nh6z+USW6VlDWRytWpNmC1ZRwWlg P2+G4UF4HE8bMJkuiFLcZEVYTxlTYv+xAEpSFxdInFM2Q5C+O6pWOZ9NbikeR4oZ FTI1kAZ0Uw+YMpVM4ztvKBIpUSqlbi69iNJ9WGF6qzxVeqobSOyrjjwtTsuglUbR +mshp/SP7Br2IIK+KM1vgsmVExPfGPYANyk7ki/Q8uUnjqkreeSa9WC2iJLGcybW YavDhYWALebUGukNeedkloYhdjPboPPxDkKNjakwIG8EkbJK7uXewMOHHOFvFTX3 K388me8u5iQf4f3fj6ilEgs6f5Szzmb+vklPX0zIny/TVk2+Az7HmA== certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ND3_Cert_EE.pem000066400000000000000000000040561453642760600245440ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIF3TCCBMWgAwIBAgIRAKcNbJWejX5BTb8DmevkCaswDQYJKoZIhvcNAQEFBQAw bzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1B ZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3Qg RXh0ZXJuYWwgQ0EgUm9vdDAeFw0xMDA1MDQwMDAwMDBaFw0xNTA1MDQyMzU5NTla MIIBCjELMAkGA1UEBhMCR0IxDzANBgNVBBETBk01IDNFUTEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRYwFAYDVQQJEw1UcmFm Zm9yZCBSb2FkMRYwFAYDVQQJEw1FeGNoYW5nZSBRdWF5MSUwIwYDVQQJExwzcmQg Rmxvb3IsIDI2IE9mZmljZSBWaWxsYWdlMRowGAYDVQQKExFDT01PRE8gQ0EgTGlt aXRlZDEaMBgGA1UECxMRQ29tb2RvIFByZW1pdW1TU0wxLDAqBgNVBAMTI2FkZHRy dXN0ZXh0ZXJuYWxjYXJvb3QuY29tb2RvY2EuY29tMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAz5MM/mco91yFJNtF3t9c0x/bGds+zGAqJlHBXCR43og+ 3vgsBkCcn5M3PAqmL6XxilpsrEfS6RqtNcLfxwDyl7rr3qpJSM537Km1ZGOTHs0C i0JA4YBZFOxBwPO2nHQGD+t9kJx3auFdBLnjJc5Q3jFUmnyJ8D2h3P9BrHgOoIbO KYOUc/3zcqE6NttdbiuUMzlad8guhnXlWPCh2NJtNtMLDQxG7DWWDEm/Kt+CdKAR jko6kEp7nqBKyujjJoGD2nEtEnuuqiB9n6sgSXR1NGtecJrW8IqIS7hkcsxhGTI9 jnY73+NiMV3nglejkNseTUdcEi6L94EdifXuVLgEAwIDAQABo4IB1TCCAdEwHwYD VR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFDXpt6NocCrd 7XZ2MLUa116TIesKMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEB AgEDBDArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQ UzB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BZGRU cnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21vZG8u bmV0L0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAk BggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMFcGA1UdEQRQME6C I2FkZHRydXN0ZXh0ZXJuYWxjYXJvb3QuY29tb2RvY2EuY29tgid3d3cuYWRkdHJ1 c3RleHRlcm5hbGNhcm9vdC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEFBQADggEB AF2TF6xg8ZoBICoiQvjD2Z0SKcJRw1Dhj3HpGzV9F+Y0e/MxCXhYA+340JZxnC2P VA968QKFrNwDWiS9Klc+cs4k3HIeiZp3uHw1ezElqXXNa+S1CrSS03FqWeeugSrB xpuXCWDJSfD4DJq835hlEuXgxmAjsbuRUjaq1lxwSWnNoBkfMCCAgVlHtFljTlqq nwfBZcnj73+yiERgTvhN4gEL59ZzjFliKEUuXHZoe8klhn73cnY+XoRV0e7wU+Xj PzLoAhjGkS35hfDQTHdCwNBaN3iI2Q+HBjhfffAYFdK+Jo3kSXq12s7CJD7utAho xxRhA0l1ziJgrEubLi6ItNg= -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/ND3_Issuer_Root.pem000066400000000000000000000027611453642760600255540ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/R2.pem000066400000000000000000000025111453642760600231070ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG 3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO 291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== -----END CERTIFICATE-----certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WIKH_D1.ors000066400000000000000000000037441453642760600237450ustar00rootroot00000000000000MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRf2uQDFpGg Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMTExMzI5NDJaMHUwczBLMAkGBSsOAwIaBQAE FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSxsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDExMTAwMDAwWqARGA8yMDEyMTAxODEw MDAwMFowCwYJKoZIhvcNAQEFA4IBAQCX3gEX+JVfxuYmxBBxC9sNCi3o76ODIicr XMvm0DTO9VSyDBl7LDsMMgNMIDtO3flQSlBNZ2B9ikwyckXOSWXiXzybZVMdA/uq NchgkM9aChrlhG0AHZyYe/+dJSmEBFXkIomy+S6YQ7Mcs2s6WxCeWU7gB4XOy1zO /CvWjv0WQV1J2lZZ6pkvtECKAEjrVP275LA38HInFbYvVPXWzl4sDcX2TAxwUa4S xAJAfwl+B+oZSerZWGRo6KjZuB/OB31cB5n/lABmRez6Obi27D0UUCRv/eSbwOF4 Ofaa/XzJt7sF7WpVgoR41HI88W7aN4vtcw1zcVsBmfRMUNYZSqtfoIID+DCCA/Qw ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi 9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3 tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+ snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG 5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p 4J2l certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WIKH_D2.ors000066400000000000000000000037741453642760600237510ustar00rootroot00000000000000MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB yVdbHxANRLCFYj1mqBgPMjAxMjEwMTExMzMwMTBaMG4wbDBEMAkGBSsOAwIaBQAE FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRhe2YaRQ2XyolQL30EzTSo//z9SwILBAAA AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL BgkqhkiG9w0BAQUDggEBAA0H7bvcULg1GayFtQVrYDyW0feOEMNGLmgaGuwRdrY3 KuWyNJLUUJKQZnOkdT8A4RpVX8xD4EgVyOqRACUahgdgp0g3QOn+vf2Zyf+NJIgW woF5qaJgCOeIOw5O6F4r1vUhp8NvqXHotswgG58Nzz6UMD+uyIgq5o8uzOjryEm6 wO2X+KvN9sMzkeZhNvAHkgBQL8CG4CggWnzn7At1DmhhsizfhDrosigM4Zr6Sm6z v1YfSPznD0b3TQ7RzvpbJPofF2aJXMIMxdKR5pemuevTDR2+JCXjVPsD/ZODFykc rsQeqx2vTOIg84PRKboXjCAwHn4rIN7JJtQqebLtD9egggQQMIIEDDCCBAgwggLw oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL 866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5 MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7 8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb 4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC fBIRKjnK621vAWvc7UR+0hqnZ+U= certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WIKH_D3.ors000066400000000000000000000045561453642760600237510ustar00rootroot00000000000000MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTE0MDYzNlowZjBkMDwwCQYF Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBe1MhvUx/Pg5o7zvdKwOu6y ORjRAgMLs8aAABgPMjAxMjEwMTExMzU4MTBaoBEYDzIwMTIxMDEzMTQwNjM2WjAN BgkqhkiG9w0BAQUFAAOCAQEAjcryO6FUK5+TcPBxJKixVt9q07Xy3qv1e/VFuJ0f tnYDcu83Q5yCta49PXaA13nFDFZ445wCDivDBLolS6JKSh+JrLpAxSBzak7Ps8wz DPNAtexZz9/hPPzHnGOMlRtew07jk+NX5ZgCxDZGmBHIHOGyab2WoqmpRTll0oP4 b/DzI3mzrur5lm2NAT3ZJ8bVaWsAJBVTfUye3S4GRWlfGSRVAMk0QHnCkYP42okc psIKbvdIoS2gxo6kBTMevxciPV2lPIiSrIWH0IGm7AqGM5+Vz7IdbD6fOQd1I3uw O+1NugMYfScB6jCvSW2uESeRZ+qW/HMXQbU1eiH+x88UIKCCBL4wggS6MIIEtjCC Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr 2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU 6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo 5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a wG/pag== certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WIKH_ND1.ors000066400000000000000000000011761453642760600240600ustar00rootroot00000000000000MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE FEi2DTgjjfhFbk7lhD6jlBEYApefBBSJRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk 8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc 087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32 certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WIKH_ND2.ors000066400000000000000000000011761453642760600240610ustar00rootroot00000000000000MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQMWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0 0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC +ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WIKH_ND3.ors000066400000000000000000000012021453642760600240500ustar00rootroot00000000000000MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm 9/rEJlTvA73gJMtUGhgPMjAxMjEwMTExMTM2NDdaMHQwcjBKMAkGBSsOAwIaBQAE FHyxZlScq9tE7mImFq30ZXv3etWUBBSuvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTExMTM2NDdaoBEYDzIwMTIxMDE1MTEz NjQ3WjANBgkqhkiG9w0BAQUFAAOCAQEAfnj3nh6z+USW6VlDWRytWpNmC1ZRwWlg P2+G4UF4HE8bMJkuiFLcZEVYTxlTYv+xAEpSFxdInFM2Q5C+O6pWOZ9NbikeR4oZ FTI1kAZ0Uw+YMpVM4ztvKBIpUSqlbi69iNJ9WGF6qzxVeqobSOyrjjwtTsuglUbR +mshp/SP7Br2IIK+KM1vgsmVExPfGPYANyk7ki/Q8uUnjqkreeSa9WC2iJLGcybW YavDhYWALebUGukNeedkloYhdjPboPPxDkKNjakwIG8EkbJK7uXewMOHHOFvFTX3 K388me8u5iQf4f3fj6ilEgs6f5Szzmb+vklPX0zIny/TVk2+Az7HmA== certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WINH_D1.ors000066400000000000000000000037441453642760600237500ustar00rootroot00000000000000MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRf2uQDFpGg Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMTExMzI5NDJaMHUwczBLMAkGBSsOAwIaBQAE FKFyDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDExMTAwMDAwWqARGA8yMDEyMTAxODEw MDAwMFowCwYJKoZIhvcNAQEFA4IBAQCX3gEX+JVfxuYmxBBxC9sNCi3o76ODIicr XMvm0DTO9VSyDBl7LDsMMgNMIDtO3flQSlBNZ2B9ikwyckXOSWXiXzybZVMdA/uq NchgkM9aChrlhG0AHZyYe/+dJSmEBFXkIomy+S6YQ7Mcs2s6WxCeWU7gB4XOy1zO /CvWjv0WQV1J2lZZ6pkvtECKAEjrVP275LA38HInFbYvVPXWzl4sDcX2TAxwUa4S xAJAfwl+B+oZSerZWGRo6KjZuB/OB31cB5n/lABmRez6Obi27D0UUCRv/eSbwOF4 Ofaa/XzJt7sF7WpVgoR41HI88W7aN4vtcw1zcVsBmfRMUNYZSqtfoIID+DCCA/Qw ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi 9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3 tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+ snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG 5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p 4J2l certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WINH_D2.ors000066400000000000000000000037741453642760600237540ustar00rootroot00000000000000MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB yVdbHxANRLCFYj1mqBgPMjAxMjEwMTExMzMwMTBaMG4wbDBEMAkGBSsOAwIaBQAE FLhXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL BgkqhkiG9w0BAQUDggEBAA0H7bvcULg1GayFtQVrYDyW0feOEMNGLmgaGuwRdrY3 KuWyNJLUUJKQZnOkdT8A4RpVX8xD4EgVyOqRACUahgdgp0g3QOn+vf2Zyf+NJIgW woF5qaJgCOeIOw5O6F4r1vUhp8NvqXHotswgG58Nzz6UMD+uyIgq5o8uzOjryEm6 wO2X+KvN9sMzkeZhNvAHkgBQL8CG4CggWnzn7At1DmhhsizfhDrosigM4Zr6Sm6z v1YfSPznD0b3TQ7RzvpbJPofF2aJXMIMxdKR5pemuevTDR2+JCXjVPsD/ZODFykc rsQeqx2vTOIg84PRKboXjCAwHn4rIN7JJtQqebLtD9egggQQMIIEDDCCBAgwggLw oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL 866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5 MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7 8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb 4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC fBIRKjnK621vAWvc7UR+0hqnZ+U= certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WINH_D3.ors000066400000000000000000000045561453642760600237540ustar00rootroot00000000000000MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTE0MzkxOFowZjBkMDwwCQYF Kw4DAhoFAAQUjKTJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y ORjRAgMLs8aAABgPMjAxMjEwMTExNDIzMjVaoBEYDzIwMTIxMDEzMTQzOTE4WjAN BgkqhkiG9w0BAQUFAAOCAQEAgdrf+v+BwEhG0ghTLMVmuxWprJr/9VFtpKpxQrTo egSoW+5JOPCUAStfw3R3u7QM8sJf9bnPorgoCoY1hPKcWNLhvf1Ng3QlVkNa6NcO EonbuI4KE9Rhoflpf//pD/3AFKzU+ecRs04KtYezKrUvC1RayGabd7bgtIpdFss4 ZCZ22riqjFtqD3+2//AHg7VaqiJMKlRt05CMmGe+HKn5PEN9HaeI52nsTf+L1Jeh ItnaDPfV76vFHHXyUhR3iIgnqQDCig0q3yj7BQqH50+K+myiMAY+p8cuVqebno1i BzXxxpZl/fw1KnTFdEa7p2jtmXw3KZiHAWAddwg1F1tHTaCCBL4wggS6MIIEtjCC Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr 2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU 6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo 5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a wG/pag== certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WINH_ND1.ors000066400000000000000000000011761453642760600240630ustar00rootroot00000000000000MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE FEm2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk 8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc 087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32 certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WINH_ND2.ors000066400000000000000000000011761453642760600240640ustar00rootroot00000000000000MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE FO2+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0 0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC +ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WINH_ND3.ors000066400000000000000000000012021453642760600240530ustar00rootroot00000000000000MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm 9/rEJlTvA73gJMtUGhgPMjAxMjEwMTExMTM2NDdaMHQwcjBKMAkGBSsOAwIaBQAE FH2xZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTExMTM2NDdaoBEYDzIwMTIxMDE1MTEz NjQ3WjANBgkqhkiG9w0BAQUFAAOCAQEAfnj3nh6z+USW6VlDWRytWpNmC1ZRwWlg P2+G4UF4HE8bMJkuiFLcZEVYTxlTYv+xAEpSFxdInFM2Q5C+O6pWOZ9NbikeR4oZ FTI1kAZ0Uw+YMpVM4ztvKBIpUSqlbi69iNJ9WGF6qzxVeqobSOyrjjwtTsuglUbR +mshp/SP7Br2IIK+KM1vgsmVExPfGPYANyk7ki/Q8uUnjqkreeSa9WC2iJLGcybW YavDhYWALebUGukNeedkloYhdjPboPPxDkKNjakwIG8EkbJK7uXewMOHHOFvFTX3 K388me8u5iQf4f3fj6ilEgs6f5Szzmb+vklPX0zIny/TVk2+Az7HmA== certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WKDOSC_D1.ors000066400000000000000000000037441453642760600241750ustar00rootroot00000000000000MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBSpTXftIZX0 lLT9zwVSQC5Jfp3pqhgPMjAxMjEwMTAxNDU0NDNaMHUwczBLMAkGBSsOAwIaBQAE FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDEwMTMwMDAwWqARGA8yMDEyMTAxNzEz MDAwMFowCwYJKoZIhvcNAQEFA4IBAQBw5Z+0ggEddRTIq7cXlMoxG9Nrx4HtutsH itIUoZp/rlLoxHsJTo/VmdZvTTGIc7Ok9XuoH61lY/x9glAKsGRjz4Myc9+5rx0O 675lwmOS+uaf3/hRkicVrVr7Pt2ug3R7OXm2MJrohjNKP8lqtLJ0hHP88a8rotKA r9uz/qHm7K4Uh7dRt/Pnu9MPG74tZeFNN4M1ONMEiRdG39FqzFDXWxwQ3NmyC0Wo DQn+NklZMknr8mm7IBWpzgU1fTD9R0yv0zdhUZGiEXxvdhm7GJrTET5jS30Ksm5j o+n39YVu/vGbjyyYx3+WdeQLEyipaGvldSuJpT+R684/RuFWNetcoIID+DCCA/Qw ggPwMIIC2KADAgECAhIRIcYjwu4UNkR1VGrDbSdFei8wDQYJKoZIhvcNAQEFBQAw WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy MDkxOTA3NDAzMVoXDTEyMTIxOTA4NDAzMVowgYUxCzAJBgNVBAYTAkJFMRkwFwYD VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDExFzAVBgNV BAUTDjIwMTIwOTE5MDkzOTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAx0kb6QhDH3sEDj4zaysjVzYelq9lZ1cso4R2IyQxaoPaG6GkaCmHA4sz6KP+ m3ADqplibEUBa/mzCxHW8/oy3NhGMFdbezduZrnRFLbzakOTeIo8VEIM3JPfgREv CX8nj6Xu7ERD6JO/ZQ9Xr7YVzKKN+3cVZlcMHoGBnOPcO2Sz0AcYyk5m5IsGBRoT T86j6Cr9PhOPTVwXL6Wxy1KVHsUZXUwnRacV0O4SHWQ4zM9Sablus9fTbh1CgIqW sKDyzVB4yECXkBVeUlA+cuCaRRVHRiR+jPDSgbU62nnNudEpGG7dyoop6IOvXv2O ydncWzaukxIVvQ/Ij85kHqs7HQIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw HQYDVR0OBBYEFKlNd+0hlfSUtP3PBVJALkl+nemqMB8GA1UdIwQYMBaAFLCwSv0c dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCe4rZg61Dmwygl/Uae BJZog64/FvuB1sfCqKLJTjKOfLcugSTX1TT7bLJbzXRGPQuorI3TIZEOwldIw01d DTLlsOCHrfHd+bpxgijxPkUuaA4NYnpvqTEMJqPKOC8QYfKupNjAPSuHvwqvqCfO RCe3jY6xQDO0WCTZ8/xMsOkw+J/YEYqALETf2Ug7k5eRL/TvfLd8Sgi7vPfmUeiW ptlsbhMOWQoQc+JA3vCI01rrjNq+0kIZ/r8nPGvablRr0Aakk6eDuS2dcReaPwuK 0xE136pJYiXdQ3SA7uwmlorjxmejavyoPCr23TU74DQEt6hhc6uIcabsa4Y8KvJy RI4G certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WKDOSC_D2.ors000066400000000000000000000037741453642760600242010ustar00rootroot00000000000000MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB yVdbHxANRLCFYj1mqBgPMjAxMjEwMTAxNDU0NDhaMG4wbDBEMAkGBSsOAwIaBQAE FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL BgkqhkiG9w0BAQUDggEBACkGyoGefA2WuktIerofBoPgeyT8Mry57DxF7IEvX8dI Adk+MZRo5suYIE2AJty8bohYYiIxS7sZ5nsUM+iyu5cIdmsIwt/YifYsSdHc6DKz l3Yh4bS27QX05/Vuok3HmEMsRBmensKATMfvGP+TOwhuFeHWAK8KHSCmUbGZFP3A WKtrhRh/qC4qetMt07z/OKZcqHUYegEpO3xqRJ4MdqRJpV1urjdL/852US0mWAOL /EPoexWiHiKJmsNy7HAEKFQ+daqdZYM1BTGbS2aj3go/BVqf0xEhRLT0fsdof4Is 1Cy2ZHGbaVEyOQpXsxUEAqEdJcFRcLFGhdgnUjcQ9lqgggQQMIIEDDCCBAgwggLw oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ2QF8p0+Fb7ID MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL 866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5 MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7 8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb 4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC fBIRKjnK621vAWvc7UR+0hqnZ+U= certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WKDOSC_D3.ors000066400000000000000000000045561453642760600242010ustar00rootroot00000000000000MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMDE1MTkzOVowZjBkMDwwCQYF Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y ORjRAgMLs8aAABgPMjAxMjEwMTAxNDU2MTdaoBEYDzIwMTIxMDEyMTUxOTM5WjAN BgkqhkiG9w0BAQUFAAOCAQEAH1Bs3glJoAvCHhgVtN4F/avlKA1St74v7yuD1DIu cBf/4YRJdxZATXMI8I0TPjSl8L+rRAiUTVd8sPhWQ9XD9WaYKkTEjuQSPp851/81 zDihz9Kj5Rzo5PYpFsbSps/ALMQSRkrtuX4DCm9fbK7xC+adpbhQDnWW/GXM1+Ob lv3pHDQXLh2GQbRsaJBgLeSUxIIE7RWJv1N+Ugi5zF8rja5qnJ9DnkilEqMeXQp8 SThaI+TOe+KHK+7wTp5QkFNIE5l/uKgvSNIOwLe9HDevlSl1wYF6e+mAz3uoQyJa Ucx8FIoV6CIr+wUd+P8CmNXiQ7M59I8gm3FCDiEvWDQGEaCCBL4wggS6MIIEtjCC Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCdxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr 2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU 6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo 5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a wG/pag== certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WKIC_D1_Issuer_ICA.pem000066400000000000000000000031371453642760600257200ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz MTAwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOoUbMUpq4pbR/WNnN 2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB /wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8 BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl TercGL7FG81kwA== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WKIC_D2_Issuer_Root.pem000066400000000000000000000023551453642760600262510ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbDuaZ jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp 1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE 38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WKIC_D3_Issuer_Root.pem000066400000000000000000000050111453642760600262420ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC CgKCAgEAzyLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ 8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg 18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WKIC_ND1_Issuer_ICA.pem000066400000000000000000000034111453642760600260310ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAM1KljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi 7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY 5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1 MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9 P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40 TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl 9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6 -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WKIC_ND2_Issuer_Root.pem000066400000000000000000000025471453642760600263720ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UCLi3LjkRv3 UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI 2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8 t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug R1uUq27UlTMdphVx8fiUylQ5PsE= -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WKIC_ND3_Issuer_Root.pem000066400000000000000000000027611453642760600263710ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALj3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WRID_D1.ors000066400000000000000000000037441453642760600237500ustar00rootroot00000000000000MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRg2uQDFpGg Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMTExMTI1MjJaMHUwczBLMAkGBSsOAwIaBQAE FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDExMTAwMDAwWqARGA8yMDEyMTAxODEw MDAwMFowCwYJKoZIhvcNAQEFA4IBAQAHQBPHdHWNzaFs5bfBvQcvxBWsDnsCFXNs a1fECiWDFNt6Nz4MCBY4rC7n0nhQfvg4m1woNcTAZVO8lacYomwUU/5/XpeFM6yc NeFcVbfVXA48GWPANitNQCwyRL5hGfIqNy1I9T1BHlBqYusmJKy65r2iqpmld/hD 7S1dsCd4fXhjBQQORPmBqhKvWEU08Dh5aoaDAuaZoxRH8B1q+mUs0ODOIu34L84y JcxTKccd/HCwI8oxwLoBtyXSHb+dCzc7zSjFvQhbT5dOCvJNNe/fk6+EhMtQ6ybC D7p9EShCvU5jAdw54bZWk5wIQSvsWk9axUmYFFLYI3hAaoybpFVroIID+DCCA/Qw ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi 9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3 tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+ snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG 5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p 4J2l certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WRID_D2.ors000066400000000000000000000037741453642760600237540ustar00rootroot00000000000000MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTrlwecTarB yVdbHxANRLCFYj1mqBgPMjAxMjEwMTExMTI1MjVaMG4wbDBEMAkGBSsOAwIaBQAE FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL BgkqhkiG9w0BAQUDggEBAHThkPoy6eA7qX9y5C5b1ElRSwdjzsd15OJSqP2yjQbS Ol1K8DWtX0UhTfRH+CrIPoWL40g2HjXtIVeMD6s3hakYimZUenIJ/IRRSVWp+EXU MewgTVPz/wJN/9dJIkSbOI/BmpIGlaaBaLwcb39nJjZMq0sXj8jRI5i0isotOAFz Zc0R20viBEH099KuGktB2fKKEpVbbWPljTxKzkIBs9SXZBIqd/X2MWzQWcLKzhL0 oynkvqxTFqNVjjZKcKSXPS/XEUufLrv/E3xQZYAfTJr778kFkyA8JzrXiH6W5DX6 UbqsnO5DaPZvMDfvlQWETkoS1j+Qgu2mIWzdiw7sPrOgggQQMIIEDDCCBAgwggLw oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL 866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5 MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7 8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb 4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC fBIRKjnK621vAWvc7UR+0hqnZ+U= certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WRID_D3.ors000066400000000000000000000045561453642760600237540ustar00rootroot00000000000000MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV BAYTAlVTMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTEzMjE0MVowZjBkMDwwCQYF Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y ORjRAgMLs8aAABgPMjAxMjEwMTExMjQyMTZaoBEYDzIwMTIxMDEzMTMyMTQxWjAN BgkqhkiG9w0BAQUFAAOCAQEAEWd9kKEfaurOXDV98OVtU27TmK4L4MeGEPdkg1i+ fbPMe1mouWlVm23W6yaM7mM2NMXLW+hTNzqfyMPM7rByXNaFAAniCPTXNO3eJRIA Zf0F10OSdBQ/ln4igHQCVZCnXR30/aP5/PMb4u3/LTuC9aW6K7mLXcuCvJztGnXO v3r64q/qTGG/b4eS65exykV9riSFuGp1rzLAy5fSYTBWTOBQ679PFjQnL60GkrZA Egtxw2ozEDwo+X0WamEouxN8mjX/VQlMdEbykUFDuPD3vZydZ04BV9f18RJZOU9j gCwMzd9gb4jUL4ykdWiLmO+YPDWFyNSYEIfnGgk1VvPHuaCCBL4wggS6MIIEtjCC Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr 2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU 6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo 5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a wG/pag== certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WRID_ND1.ors000066400000000000000000000011761453642760600240630ustar00rootroot00000000000000MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSJRFH/UCpp Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE FEi2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk 8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc 087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32 certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WRID_ND2.ors000066400000000000000000000011761453642760600240640ustar00rootroot00000000000000MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQMWOWLxkwV N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0 0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC +ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WRID_ND3.ors000066400000000000000000000012021453642760600240530ustar00rootroot00000000000000MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBSuvZh6NLQm 9/rEJlTvA73gJMtUGhgPMjAxMjEwMTAxMzA3NDZaMHQwcjBKMAkGBSsOAwIaBQAE FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTAxMzA3NDZaoBEYDzIwMTIxMDE0MTMw NzQ2WjANBgkqhkiG9w0BAQUFAAOCAQEAA70+GYJoFuUBwIN9KHMqmOOtnmoLBBlm HL2Su70ZEqSmL4zTt3iHY3m2YaNYSPphgDlQ4lY8zGAkCSrZ3ulpJun3RRy+gD29 0ks155tChMbYNZrFm46vKWabBjh2p+623daymlcbgizi5Z+P4oJL68VrOqh+DArE MpHH16BTGaF+bAjzTRSbS90xUReqwnnEpRBrmcQVo4uKpSkbyrx7iMLqsJ2vGpgh xqj1kNPT9g3+gegmdU9QpFV0l9ZV8X/f0uz5nT4I0NL81d/KDHGx2rd+bftLODeL ZAWAzFbr5B5EMqPGoh/SQXpcuVOqMHjh8fi8PBXBcitlIFzdDKXDvA== certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WSNIC_D1_Issuer_ICA.pem000066400000000000000000000031371453642760600260460ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz MTAwMDAwWjBZMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoUbMUpq4pbR/WNnN 2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB /wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8 BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl TercGL7FG81kwA== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WSNIC_D2_Issuer_Root.pem000066400000000000000000000023551453642760600263770ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCVVMxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBHbG9i YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp 1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE 38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WSNIC_D3_Issuer_Root.pem000066400000000000000000000050111453642760600263700ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdUZXN0 IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO BgNVBAoTB1Rlc3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ 8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg 18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WSNIC_ND1_Issuer_ICA.pem000066400000000000000000000034111453642760600261570ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJVUzEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi 7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY 5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1 MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9 P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40 TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl 9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6 -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WSNIC_ND2_Issuer_Root.pem000066400000000000000000000025471453642760600265200ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJVUzEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI 2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8 t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug R1uUq27UlTMdphVx8fiUylQ5PsE= -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/WSNIC_ND3_Issuer_Root.pem000066400000000000000000000027611453642760600265170ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCVVMx FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- certvalidator-0.26.3/tests/fixtures/openssl-ocsp/openssl-ocsp.json000066400000000000000000000326611453642760600254520ustar00rootroot00000000000000[ { "name": "direct_with_intermediate_success", "root": "ND2_Issuer_Root.pem", "other_certs": [ "ND1_Issuer_ICA.pem" ], "cert": "ND1_Cert_EE.pem", "ocsps": [ "ND1.ors", "ND2.ors" ], "path_len": 3, "moment": "2012-10-12T00:00:00+00:00" }, { "name": "direct_success", "root": "ND3_Issuer_Root.pem", "cert": "ND3_Cert_EE.pem", "ocsps": [ "ND3.ors" ], "path_len": 2, "moment": "2012-10-12T00:00:00+00:00" }, { "name": "delegated_with_intermediate_success", "root": "R2.pem", "other_certs": [ "D1_Issuer_ICA.pem" ], "cert": "D1_Cert_EE.pem", "ocsps": [ "D1.ors" ], "path_len": 3, "moment": "2012-10-23T11:00:00+00:00" }, { "name": "delegated_success", "root": "D3_Issuer_Root.pem", "cert": "D3_Cert_EE.pem", "ocsps": [ "D3.ors" ], "path_len": 2, "moment": "2012-10-23T11:00:00+00:00" }, { "name": "direct_with_intermediate_invalid_response_signature_ee", "root": "ND2_Issuer_Root.pem", "other_certs": [ "ND1_Issuer_ICA.pem" ], "cert": "ND1_Cert_EE.pem", "ocsps": [ "ISOP_ND1.ors", "ND2.ors" ], "path_len": 3, "moment": "2012-10-12T00:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: Unable to verify OCSP response signature" } }, { "name": "direct_with_intermediate_invalid_response_signature_intermediate", "root": "ND2_Issuer_Root.pem", "other_certs": [ "ND1_Issuer_ICA.pem" ], "cert": "ND1_Cert_EE.pem", "ocsps": [ "ND1.ors", "ISOP_ND2.ors" ], "path_len": 3, "moment": "2012-10-12T00:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the intermediate certificate 1 revocation checks failed: Unable to verify OCSP response signature" } }, { "name": "direct_invalid_response_signature", "root": "ND3_Issuer_Root.pem", "cert": "ND3_Cert_EE.pem", "ocsps": [ "ISOP_ND3.ors" ], "path_len": 2, "moment": "2012-10-12T00:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: Unable to verify OCSP response signature" } }, { "name": "delegated_with_intermediate_invalid_response_signature", "root": "R2.pem", "other_certs": [ "D1_Issuer_ICA.pem" ], "cert": "D1_Cert_EE.pem", "ocsps": [ "ISOP_D1.ors" ], "path_len": 3, "moment": "2012-10-10T14:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: Unable to verify OCSP response signature" } }, { "name": "delegated_invalid_response_signature", "root": "D3_Issuer_Root.pem", "cert": "D3_Cert_EE.pem", "ocsps": [ "ISOP_D3.ors" ], "path_len": 2, "moment": "2012-10-10T14:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: Unable to verify OCSP response signature" } }, { "name": "direct_with_intermediate_invalid_wrong_responder_id_ee", "root": "ND2_Issuer_Root.pem", "other_certs": [ "ND1_Issuer_ICA.pem" ], "cert": "ND1_Cert_EE.pem", "ocsps": [ "WRID_ND1.ors", "ND2.ors" ], "path_len": 3, "moment": "2012-10-12T00:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: Unable to verify OCSP response since response signing certificate could not be located" } }, { "name": "direct_with_intermediate_invalid_wrong_responder_id_intermediate", "root": "ND2_Issuer_Root.pem", "other_certs": [ "ND1_Issuer_ICA.pem" ], "cert": "ND1_Cert_EE.pem", "ocsps": [ "ND1.ors", "WRID_ND2.ors" ], "path_len": 3, "moment": "2012-10-12T00:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the intermediate certificate 1 revocation checks failed: Unable to verify OCSP response since response signing certificate could not be located" } }, { "name": "direct_invalid_wrong_responder_id", "root": "ND3_Issuer_Root.pem", "cert": "ND3_Cert_EE.pem", "ocsps": [ "WRID_ND3.ors" ], "path_len": 2, "moment": "2012-10-12T00:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: Unable to verify OCSP response since response signing certificate could not be located" } }, { "name": "delegated_with_intermediate_invalid_wrong_responder_id", "root": "R2.pem", "other_certs": [ "D1_Issuer_ICA.pem" ], "cert": "D1_Cert_EE.pem", "ocsps": [ "WRID_D1.ors" ], "path_len": 3, "moment": "2012-10-11T14:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: Unable to verify OCSP response since response signing certificate could not be located" } }, { "name": "delegated_invalid_wrong_responder_id", "root": "D3_Issuer_Root.pem", "cert": "D3_Cert_EE.pem", "ocsps": [ "WRID_D3.ors" ], "path_len": 2, "moment": "2012-10-11T14:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: Unable to verify OCSP response since response signing certificate could not be located" } }, { "name": "direct_with_intermediate_invalid_wrong_issuer_name_hash_ee", "root": "ND2_Issuer_Root.pem", "other_certs": [ "ND1_Issuer_ICA.pem" ], "cert": "ND1_Cert_EE.pem", "ocsps": [ "WINH_ND1.ors", "ND2.ors" ], "path_len": 3, "moment": "2012-10-12T00:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: OCSP response issuer name hash does not match" } }, { "name": "direct_with_intermediate_invalid_wrong_issuer_name_hash_intermediate", "root": "ND2_Issuer_Root.pem", "other_certs": [ "ND1_Issuer_ICA.pem" ], "cert": "ND1_Cert_EE.pem", "ocsps": [ "ND1.ors", "WINH_ND2.ors" ], "path_len": 3, "moment": "2012-10-12T00:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the intermediate certificate 1 revocation checks failed: OCSP response issuer name hash does not match" } }, { "name": "direct_invalid_wrong_issuer_name_hash", "root": "ND3_Issuer_Root.pem", "cert": "ND3_Cert_EE.pem", "ocsps": [ "WINH_ND3.ors" ], "path_len": 2, "moment": "2012-10-12T00:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: OCSP response issuer name hash does not match" } }, { "name": "delegated_with_intermediate_invalid_wrong_issuer_name_hash", "root": "R2.pem", "other_certs": [ "D1_Issuer_ICA.pem" ], "cert": "D1_Cert_EE.pem", "ocsps": [ "WINH_D1.ors" ], "path_len": 3, "moment": "2012-10-11T14:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: OCSP response issuer name hash does not match" } }, { "name": "delegated_invalid_wrong_issuer_name_hash", "root": "D3_Issuer_Root.pem", "cert": "D3_Cert_EE.pem", "ocsps": [ "WINH_D3.ors" ], "path_len": 2, "moment": "2012-10-11T14:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: OCSP response issuer name hash does not match" } }, { "name": "direct_with_intermediate_invalid_wrong_issuer_key_hash_ee", "root": "ND2_Issuer_Root.pem", "other_certs": [ "ND1_Issuer_ICA.pem" ], "cert": "ND1_Cert_EE.pem", "ocsps": [ "WIKH_ND1.ors", "ND2.ors" ], "path_len": 3, "moment": "2012-10-12T00:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: OCSP response issuer key hash does not match" } }, { "name": "direct_with_intermediate_invalid_wrong_issuer_key_hash_intermediate", "root": "ND2_Issuer_Root.pem", "other_certs": [ "ND1_Issuer_ICA.pem" ], "cert": "ND1_Cert_EE.pem", "ocsps": [ "ND1.ors", "WIKH_ND2.ors" ], "path_len": 3, "moment": "2012-10-12T00:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the intermediate certificate 1 revocation checks failed: OCSP response issuer key hash does not match" } }, { "name": "direct_invalid_wrong_issuer_key_hash", "root": "ND3_Issuer_Root.pem", "cert": "ND3_Cert_EE.pem", "ocsps": [ "WIKH_ND3.ors" ], "path_len": 2, "moment": "2012-10-12T00:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: OCSP response issuer key hash does not match" } }, { "name": "delegated_with_intermediate_invalid_wrong_issuer_key_hash", "root": "R2.pem", "other_certs": [ "D1_Issuer_ICA.pem" ], "cert": "D1_Cert_EE.pem", "ocsps": [ "WIKH_D1.ors" ], "path_len": 3, "moment": "2012-10-11T14:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: OCSP response issuer key hash does not match" } }, { "name": "delegated_invalid_wrong_issuer_key_hash", "root": "D3_Issuer_Root.pem", "cert": "D3_Cert_EE.pem", "ocsps": [ "WIKH_D3.ors" ], "path_len": 2, "moment": "2012-10-11T14:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: OCSP response issuer key hash does not match" } }, { "name": "delegated_with_intermediate_invalid_wrong_key_in_signing_cert", "root": "R2.pem", "other_certs": [ "D1_Issuer_ICA.pem" ], "cert": "D1_Cert_EE.pem", "ocsps": [ "WKDOSC_D1.ors" ], "path_len": 3, "moment": "2012-10-11T14:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: Unable to verify OCSP response signature" } }, { "name": "delegated_invalid_wrong_key_in_signing_cert", "root": "D3_Issuer_Root.pem", "cert": "D3_Cert_EE.pem", "ocsps": [ "WKDOSC_D3.ors" ], "path_len": 2, "moment": "2012-10-11T14:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: Unable to verify OCSP response signature" } }, { "name": "delegated_with_intermediate_invalid_signature_on_signing_cert", "root": "R2.pem", "other_certs": [ "D1_Issuer_ICA.pem" ], "cert": "D1_Cert_EE.pem", "ocsps": [ "ISDOSC_D1.ors" ], "path_len": 3, "moment": "2012-10-11T14:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: Unable to verify OCSP response since response signing certificate could not be validated" } }, { "name": "delegated_invalid_signature_on_signing_cert", "root": "D3_Issuer_Root.pem", "cert": "D3_Cert_EE.pem", "ocsps": [ "ISDOSC_D3.ors" ], "path_len": 2, "moment": "2012-10-11T14:00:00+00:00", "error": { "class": "InsufficientRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: Unable to verify OCSP response since response signing certificate could not be validated" } }, { "name": "direct_stale_otherwise_ok", "root": "ND3_Issuer_Root.pem", "cert": "ND3_Cert_EE.pem", "ocsps": [ "ND3.ors" ], "path_len": 2, "moment": "2013-10-12T00:00:00+00:00", "error": { "class": "StaleRevinfoError", "msg_regex": "The path could not be validated because the end-entity certificate revocation checks failed: OCSP response is not recent enough" } } ] certvalidator-0.26.3/tests/fixtures/openssl-ocsp/readme.md000066400000000000000000000001451453642760600237010ustar00rootroot00000000000000OCSP certificates and responses from https://github.com/openssl/openssl/tree/master/test/ocsp-tests. certvalidator-0.26.3/tests/fixtures/self-signed-with-policy.crt000066400000000000000000000016141453642760600246570ustar00rootroot000000000000000‚ˆ0‚p 0  *†H†÷  0K1 0 UBE10U Testing Authority10U Signers10 U Alice0  000101000000Z25000101000000Z0K1 0 UBE10U Testing Authority10U Signers10 U Alice0‚"0  *†H†÷ ‚0‚ ‚ás‚n/~.½F+_†¤È@búÉô€&(ñC­„ _–ìEáLJv6ZÔü¥]Û aP¥Fá6í#¸ da´FÅ«:}BP1{ £ÎÓDw¾ý[e—g©cS’#¶†¯I‰~ @±ížw»R1¯‰›°•Eit¬K"ÒEþ::¯æÁ º!‚*“*oòFšùËůÄ6PòWk4îJ¢!D(b{f Ù™ýÿ%¸ ©†cß[ á»ÌGãX£Áž˜I¦ë1ñƒë2+Ü\y7@Ûv.‚fe_²»b }{ße´ù×4ôúM- 2óüÿBjÞKIë£t0r0U^ǧºÔ g­®z=­j8µs ¸0U#0€^ǧºÔ g­®z=­j8µs ¸0Uÿ0ÿ0Uÿ†0U 00ˆ70  *†H†÷  ‚k–rûôuÿ³ábçûnÅÓ$ËË-µ‘5¸„1ýIŠH˜)¥{pdhrÁd@z2BüÑgŘÝw¤-üV$GYÆA”kW>îß# ÷à˜åðˆ@ï&a$zhó”›Ë‹Fÿ—ª¸˜ÿ˜¶†Ê øŠ’@‡OþŒUž°g²¿îî‚ûØòq3ñ=œ…ix‰…uBAe¿aßK´ãña[ÅÌgªÍmVˆ2Qbi¤ìÚɯäL¬õy1†CÀÇñ*ù56känçøñ‹Okƒî‚oP’ ¡= ü¡UŠ×£,HÊK¿ô?Ä8ñ 9fÐœoá6–p[ªJo øcertvalidator-0.26.3/tests/fixtures/testing-aia/000077500000000000000000000000001453642760600217025ustar00rootroot00000000000000certvalidator-0.26.3/tests/fixtures/testing-aia/brazilian_root_ca_v5000066400000000000000000000032451453642760600257240ustar00rootroot000000000000000‚¡0‚‰ 0  *†H†÷  0—1 0 UBR10U ICP-Brasil1=0;U 4Instituto Nacional de Tecnologia da Informacao - ITI1402U +Autoridade Certificadora Raiz Brasileira v50 160302130138Z 290302235938Z0—1 0 UBR10U ICP-Brasil1=0;U 4Instituto Nacional de Tecnologia da Informacao - ITI1402U +Autoridade Certificadora Raiz Brasileira v50‚"0  *†H†÷ ‚0‚ ‚÷-xmE¬è_ú`àÞeä¨LŸ“u^…ÛÇíÿŒ$¿¢ìXGA)‹h] Å$3_ÝtŒ—' ¨Nw‡` v1þŠ­,¢•ä%&(¬Ñôía2ZÉç½"°¨¯RÜÒú3\*C¶®gOc"‡f×.Çk’_§mö1—™»¾4äLĺÇߎaslÓÔ›•Ý\»6©=Rk2^”õÂÆ Î] Åøí.W ‹bF-ñ³B ߃Nòøko‚ï’6ÁbˆƒXÃïo³§jôa:)˜£ƒ6i4­(²;"nUÓÞ#žË饙ôÓI<žD”ßµLa¤†ýzshn‘¼}ˆ'ÛšNâ›hF*4ñáúáSØ¡-ªt¦ÏmÝñ 1ÍÙÊè`ªrÙM¨A5AIÿa z:|ª7ÎÝÓbö`X¤½S÷Õ Âu¢¶`.á~,ŠiŒ1q1¿‹ÍY®,Lû¤2%ö/ê{¸ÄÅ6I%N 6œBæ}³ÈÏ}ºÔw¸`Yß›ÃwŠŽ/(•}ëÿŸI¯}<>(Äwç~>Qš¢3KÈØ]’'¦âa#WÊ¥ãùèF¹Ø¹H'Æj°ñÌu®ÝiW>!2ª×èÌmˆÄë„Q ˆh `ÖR:@¸0{èÛò{‚î~¤\¨¶ímÇË6¦£õ0ò0NU G0E0C`L0:08+,http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?U80604 2 0†.http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0U#0€i¨¾uÙÄïlçEäanåhø¶@^0Ui¨¾uÙÄïlçEäanåhø¶@^0Uÿ0ÿ0Uÿ0  *†H†÷  ‚mÛòbYª^º?¦XQàüršS§ò^g‘tWiù˜¦^`ê”hZÈDÁW/!!– 9Ô9"|‚sÔÝéEã–ÀI7?-¯Ê0ð׎TX±³?NfÄÿÓî›aM‚ÉÔn½t¥û ýLòRôné†Kžá šÀdìôÌî’!k0è—èfM§A.t£˜òÔrN“&3y~çÏH-ïîÔ‰R¤ê£œû®ƒg$G1€c,ù^é[9ÎRÀþÙ>(ÿÜ•¶êwøazù¦t—%.¿jY–\: îM˜²ë¢ÕnÑñM\jú(¯_»Ž)8v£˜Ë\­×î¿ÏÂ}ThÑwEd.‘{F }x~Ê™ÔH,Àúâø$ûG l¯‘µ¢ºY.²ÚN)D•Àó¼ ¬AC¯©ÖÀG°¼ÁØ“.+aÙ8»§Y¦ÿ4«pì–àãš³¥±m„ßUîÞ¯2wK.üÇ„m{!ïc,³ÐFý-L¬Gg µkß=N¯žƒàbó†;P³‹!„²”.@‡â•‚]`Bâ–;…zò±Vñ¯ã¾­¼±¶>Ëð(ÐŽh†™Áq€k…o>²&Ó›j6 »;C ÿ(c®zë‰\a¸  <ûX;`}_|è‰5L¶ÍÒ ün~MuEüPÃWÖÁáSqõRšcertvalidator-0.26.3/tests/fixtures/testing-aia/ca_brazilian_fro_v4000066400000000000000000000031441453642760600255240ustar00rootroot000000000000000‚`0‚H 0  *†H†÷  0—1 0 UBR10U ICP-Brasil1=0;U 4Instituto Nacional de Tecnologia da Informacao - ITI1402U +Autoridade Certificadora Raiz Brasileira v50 160720133204Z 290302120004Z01 0 UBR10U ICP-Brasil1402U +Autoridade Certificadora Raiz Brasileira v51604U -AC Secretaria da Receita Federal do Brasil v40‚"0  *†H†÷ ‚0‚ ‚`wªÊð/`-åõµqTýËÛ#D9Rc¯ôž¹+ùlM !ÏäR:TÓ.Qï‚L?‚J‹{ª¾Ã²ŸcŸÁS.p ®~£ÖÆÛ’€øÊÔÈÝaÔº'ŸÏú¦ÿ‡ç3ìÂ=É©L—h®ÛÌÞ@‘ÍÏ4U3E½þQ»Xg׊p@{ k¥˜}ú*ûê«N€=8¨õ%’„f ‹8é‘Ñá5@?Ó ]öN$ŠS­Þç°DþÄ(ÌŒ<=ꃵ`–HŸîöb-'+)&7—ng opTß*CA¼˜œ LXgµ—ÆïO|‘t|…@²Ü“à«2Tƒ–‚?+Ú–}×|‰~†ÌDì¥óÕù•äv÷È3À8MÙB‰\yŸíqs¨äàÐyxt®KÍ(4í¶ª(oÆ0W•g@VDÝfŽe3‘P¾n41r/`ÐÀ;f¤ÊÐí Õ‹]ü°ÅŒz]´²%ü·fÎ…ÇsQâPßö<çIÜê=uÝ”MK×ñ¯ ¡7àŽÜ»XY€ýrPªö3Àtت¡îõÀ9 ¥1ó÷Õ&xl¡Á€#ø¨ÁÃ* [Reˆ¿u@ä÷<öz˜û’>í£»0¸0U˜æCÊÝ’ž™cEZ*é‡ Í50Uÿ0ÿ0Uÿ0U  0 0 `L00?U80604 2 0†.http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0U#0€i¨¾uÙÄïlçEäanåhø¶@^0  *†H†÷  ‚kBà é5›vs©¸Ì}>G>¾¾nMÞæ—Œ_<û?#àMdýC£“Çýº›ª½¬êåëÿ@&—¬‹ei?4ß¼ë—xq±žÄLv1 ژ䳻¥—®‹e$äsŸŸ¹‰Š5…<¸éF ÛÃ×t¾y©9cŠXø.çT˜­¦õZ5¡JÎý}nÁPZv þ/ytS6T£ÿ ÿ±¯OnJ·$"uÐDôÔiI:튷û<ÜnOHcAOP°Wo›…L~Xßë^"é‡ðÏ¿.àƒÈkŸ‰•ó諺±~ûrÌ2pCJ^¹júÀظü†JÛ} x¥”3Oî§,äŽÊ£ÛZ¥ïÍ^²rKtGÒÝ=fÜÅþ'èD÷ce”’ÐQ¹ïôÝ ÕbÜƈŒ_é÷pfoþ6Åù ý1¿[¡"p.k6IN)Ü>41LCVÄÒP Òv»^2•)ákШv;‘Óǯõ¥Àμwz cU6#Ž\SÜUdŒzÐÒ»`“üù/ƒ¾#[uO`MJ f÷¤„R·a0]Å®Á#ªÍHäé´k€2ò‡³yÞõ½ùV{åNéBî@8ö¼±à ³ãI?âå2)Ê 1ÑA@›Ô¸9ŽËpZÇ}û5úͦ *é £}Á,ΈG¡ÿŽ™ë¢ ʆÞjèôëKàgU²Õfb’‘¯-{Þ—tÞšÚõëDtõŸ‹ë&»ƒKm›Þœ—è•h¼5Ÿ‡]úStm¡ïõw:S¾dá|dšõá`"Ÿ§b»4ÌG¶=Åë²8åí¾1!¥…£‚U0‚Q0§U Ÿ0œ0L`L 0B0@+4http://www.receita.fazenda.gov.br/acrfb/dpcacrfb.pdf0L`L0B0@+4http://www.receita.fazenda.gov.br/acrfb/dpcacrfb.pdf0DU=0;09 7 5†3http://www.receita.fazenda.gov.br/acrfb/acrfbv4.crl0U#0€˜æCÊÝ’ž™cEZ*é‡ Í50U€-~šEÀñ[?Õ@°o/eàé0Uÿ0ÿ0Uÿ0  *†H†÷  ‚'1úÙšéÒT>cÉsôÕö!° EÚFEzÌq q÷âÚ* ¦mìÇåËdÿi“ ‚®sVlHî™Ö]G8à6á,…Zß·ÁÚo„óýxhS4®‘°OΕh? ˆ’¯ŽL3}ÇxpÎËý¹M]žè&¡QÓ‚?Ýv ©÷ÿ®rÎ6hc z§ôe•ÁMã@iÃ`ý’üo‡,"M0Î:EΰàÕ‡.q˜íÁóÖÝ°~_å“SNÓŒ1ÑlÊh`!.]ia ± @$<3öûôpTòyšOéŸ@¯9i Çõ4:_Çéé¾´Tí·­”3y“sŽÍ”¸牠ÉÖ|¡‚ HÊ5¸˜•óÇû“i@Gµ¬øŽ<âñG‘aDáD°åòœÞìf×µ`í8E7Žú+ŽEnY¼§^†Ý©¢ó.|˜4Žé0¸“õÛå§ÆýL¥èêgØ™PmN°ªvOàj´g)]ϱ $Ê…†4ëÜ‚Š„QaØóG0E  »!i¤•ëî^Ïá¿"sþ ÷ÜEÿ§ü®<þÛÑd=!¤^oëxCnE(õî6͇ŽÍjíÊ'*d—Aú:2Ý|w·>û$ßœMºuò9źXôl]üBÏzŸ5Äž %í´™„QaؾH0F!—Ç2”+ÄÑþ7vÕŸcØÃSËô&§Ï¥YZîÏŒ/~!ÂËŠV Æ(‘A€ìRÙª“SæºO€žDF|Mщ{0  *†H†÷  ‚ /ñ,@ÕE¾ÜJ8­& ">¯dcÉ´}ëwˆ#šÔ¥ƒEè³Þ^¹BØpEÌB%‹róXÈé;ËÕâý‰Ùû«Æ£ù„` Ä^}ºü`ç&Ô‚Ìõ1Teã³,Œü÷|ª«ÌÅ`//'0U†èa£H‡š#cðJQÏÈ5vǼE2j±gº#uÆGIÌ#ë*ø¤öN„¦ŸìY–²oxƒÀ“—že)Æ™"ÔÓÛKcpP©WP¨b ‘ê0üúÛEyòuæo ÀÓÅLž}oîïíâ@š¤ô½M‚lRo‡s6Wgq±}ìcP^Š‚!þcertvalidator-0.26.3/tests/fixtures/testing-aia/icpedu.rnp.br000066400000000000000000000032241453642760600242770ustar00rootroot000000000000000‚0‚x ^Þþºê¡û§ £Ba#ЮòxÏ0  *†H†÷  0C10U AC PESSOA SC1 0 UBR1 0 U RNP10 U ICPEDU0 220326155351Z 230326155351Z0€1(0&U Frederico Schardong:004893690141604U -UFSC - Universidade Federal de Santa Catarina10 U ICPEdu1 0 UBR0‚"0  *†H†÷ ‚0‚ ‚„e…Õ¢áz•dÀ’\CnrÛ´¶à:ósÁc£6ÝVÑ%=C¯9g+=ÜöæFÀïÖcßÎ tú¼õ=C£‘Úõ8!|Tð§ùDj3´åŽ±£â±-_¸²M˜$,Ø5•¸#  `PF󃓔#ºXÅ^…’?"âaa5ì]Á„,¿_»ÉÿzgªN¸ŠøïN(•3PªöŠŽÍ|€å8ÕYË_ÐXæ¸ëöWÇËxÐPȉ¬šÓ÷1/Èá®Ê lß'§áR-¦¿­îgNç?æiKbrõö2gèg̉ºÙu/ŽøÑ/nbÆ®®«2ÏÀV•Ç£‚<0‚80 U00U?–¶/‰†ÜªÏ$†¾L‚;ˆtÂ?±0U#0€®×ÀÃ÷0lâ⨼(g¡úò3N0Uÿà0U%0++0³U«0¨FREDE.SCH@GMAIL.COM B`L 970206199100489369014000000000000000000000000000000000000 `L  000000000000 4`L +)000000000000000000000000000000000000000000GU@0>0< : 8†6https://pessoal.icpedu.rnp.br/public/crl/download/last0dU ]0[0Y +ü|0K0I+=https://repositorio.icpedu.rnp.br/ac-pessoa/dpc-ac-pessoa.pdf0W+K0I0G+0†;https://repositorio.icpedu.rnp.br/ac-pessoa/ac-pessoa-chain0  *†H†÷  ‚üª¾NÅYfïÕX^wÑSµI~±‰KFè's ¼[¡îÎÖàšï&›ò+©^"/8˜Öz©Jð±Ýøó…‚š|Pþm‹š,ÝkÁmÂN ó¨ UÅxY›5&ZÔ˜MÆÌ©mÉÄe‰=I2gP„*@N´$ÝKâRî!í6žÑÞ‡ÛRiÁ¬žv¸ªú‰mÖ¥Ö…1kå¸Ç äúm ¹¡¦j«@»š$Þ(£Á* <{^É5­˜³’ˆ–¥¼ÇI¹4 SÖ‚4Œ¤,´LôÙ¿à¨WI¼ãT:æ€7å[QU€à•âÂÄSeé†[*>>ÆQ'™ä2.’Jý¼µ:P,G?ïÄz%àé9Þlj}cæÙ;”lWTš£A¼Ž}?N³«yÃ2[iÕZÁÒ#ék¹LuÅj¬ Á¹-\R|Ýê–Ëûþx]YêÜ<ßÝù¹faÏ|¾\–¾‘e>[•oÚÙ -<‚wUèœÖÐŒ¾u¯F¿˜Xþ?pUãb1XÙ‰E£4ÌÜ&Z™š1’—‚îÕõMÓ„ÐÙq±¹hÜßAçïSÙ-òu™º¸dŒé?… ærX aDoXmP+¡¿¿ÐG+ßþ³Šãr?eõsÏ!DéE©+Ó³ïKZ\qv£}$h§h³ú²>¹å35"4Xe3²eacertvalidator-0.26.3/tests/fixtures/testing-aia/microsoft.com000066400000000000000000000121631453642760600244120ustar00rootroot000000000000000‚o0‚W 3y[uÓ¡KjÌÙOy[u0  *†H†÷  0Y1 0 UUS10U Microsoft Corporation1*0(U!Microsoft Azure TLS Issuing CA 020 221208170655Z 231203170655Z0d1 0 UUS1 0 UWA10URedmond10U Microsoft Corporation10U microsoft.com0‚"0  *†H†÷ ‚0‚ ‚Ùž•£U¯qõw¼REÚ9‚þ×C;Ȉµ{£sï_3ŠÂšä9¦®±yø‡†mù9ÛAÇV ÷ÄMÒ9ZÁí»ÞÀDD<—ÃÔC¤´²WµZœR²y*/ÿ¬ÊmÆwÿõB¯Å²¬[í ­Â«fö–ëVyä´Ã¯ 'êûÔœv£ïõƒ^ÓõöÛ4Ü·lzŠ|£ÀÄo‚Ä´µp¢Eææ†K·`…䑃¹˜2Hl‰Ög,abz¨®hÇÒ$FÖ+²ÅŽºæg¸Ê˜)ƒœF¹9ì€ö`aËGÖiW9‘4Ã~ ‡‡újDCJ•5xüêuŠ™nJÕ?£‚#0‚0‚| +Öy‚l‚hfvè>ÐÚ>õ52çW(¼‰kÉÓËÑkìëiáw}m½n„ò½‡G0E s3qŽÀïgê71è ½¶G˜‰ÍÜç8*§SÃv!Üj©Ëñƒ±!N³.]íSÞˆn—¡âàZ­›R âå)uz2ŒTØ·-¶ ê8àRé„p2…M;Ò+Á:W£RëR„ò½‡¸F0D qä "e™¬íè¿W8ñébC½Z&å)*{—\ª¨› ²í@mÓð…4¢®í\ðl›+¸ª›³žìðu³swá„Pøc†Ö©Ü Jy-±g ‡Üðy6¥š„ò½ˆ F0D z[²÷eb>î{áõsôŽþAm¢"½:Ta…zkj0' +‚7 00 +0 +0< +‚7/0-%+‚7‡½×çëF‚.ŽÐ ‡ðÚ]‚„åi‚ó§>d%0®+¡0ž0m+0†ahttp://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2002%20-%20xsign.crt0-+0†!http://oneocsp.microsoft.com/ocsp0U\qÈÝÙØ7Ù¼$.Y±½±0Uÿ°0‚ 8U‚ /0‚ +‚ microsoft.com‚s.microsoft.com‚ga.microsoft.com‚aep.microsoft.com‚aer.microsoft.com‚grv.microsoft.com‚hup.microsoft.com‚mac.microsoft.com‚mkb.microsoft.com‚pme.microsoft.com‚pmi.microsoft.com‚rss.microsoft.com‚sar.microsoft.com‚tco.microsoft.com‚fuse.microsoft.com‚ieak.microsoft.com‚mac2.microsoft.com‚mcsp.microsoft.com‚open.microsoft.com‚shop.microsoft.com‚spur.microsoft.com‚build.microsoft.com‚itpro.microsoft.com‚mango.microsoft.com‚music.microsoft.com‚pymes.microsoft.com‚store.microsoft.com‚aether.microsoft.com‚alerts.microsoft.com‚design.microsoft.com‚garage.microsoft.com‚gigjam.microsoft.com‚msctec.microsoft.com‚online.microsoft.com‚stream.microsoft.com‚afflink.microsoft.com‚connect.microsoft.com‚develop.microsoft.com‚domains.microsoft.com‚example.microsoft.com‚madeira.microsoft.com‚msdnisv.microsoft.com‚mspress.microsoft.com‚quantum.microsoft.com‚sponsor.microsoft.com‚www.aep.microsoft.com‚www.aer.microsoft.com‚wwwbeta.microsoft.com‚business.microsoft.com‚empresas.microsoft.com‚learning.microsoft.com‚msdnwiki.microsoft.com‚openness.microsoft.com‚pinpoint.microsoft.com‚snackbox.microsoft.com‚sponsors.microsoft.com‚stationq.microsoft.com‚aistories.microsoft.com‚community.microsoft.com‚crawlmsdn.microsoft.com‚iotschool.microsoft.com‚messenger.microsoft.com‚minecraft.microsoft.com‚backoffice.microsoft.com‚enterprise.microsoft.com‚iotcentral.microsoft.com‚pinunblock.microsoft.com‚reroute443.microsoft.com‚communities.microsoft.com‚explore-smb.microsoft.com‚expressions.microsoft.com‚ondernemers.microsoft.com‚techacademy.microsoft.com‚terraserver.microsoft.com‚communities2.microsoft.com‚connectevent.microsoft.com‚dataplatform.microsoft.com‚entrepreneur.microsoft.com‚hxd.research.microsoft.com‚mspartnerira.microsoft.com‚mydatahealth.microsoft.com‚oemcommunity.microsoft.com‚real-stories.microsoft.com‚www.formspro.microsoft.com‚futuredecoded.microsoft.com‚upgradecenter.microsoft.com‚learnanalytics.microsoft.com‚onlinelearning.microsoft.com‚businesscentral.microsoft.com‚cloud-immersion.microsoft.com‚studentpartners.microsoft.com‚analyticspartner.microsoft.com‚businessplatform.microsoft.com‚explore-security.microsoft.com‚kleinunternehmen.microsoft.com‚partnercommunity.microsoft.com‚explore-marketing.microsoft.com‚innovationcontest.microsoft.com‚partnerincentives.microsoft.com‚phoenixcataloguat.microsoft.com‚szkolyprzyszlosci.microsoft.com‚www.powerautomate.microsoft.com‚ successionplanning.microsoft.com‚"lumiaconversationsuk.microsoft.com‚#successionplanninguat.microsoft.com‚$businessmobilitycenter.microsoft.com‚%skypeandteams.fasttrack.microsoft.com‚'www.microsoftdlapartnerow.microsoft.com‚(commercialappcertification.microsoft.com‚)www.skypeandteams.fasttrack.microsoft.com‚"ceoconnections.event.microsoft.com‚biz4afrika.microsoft.com‚cashback.microsoft.com‚www.cashback.microsoft.com‚visio.microsoft.com‚insidemsr.microsoft.com‚developervelocityassessment.com‚#www.developervelocityassessment.com‚ gears5.com‚www.gears5.com‚www.gearstactics.com‚gearstactics.com0 Uÿ00dU]0[0Y W U†Shttp://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2002.crl0fU _0]0Q +‚7Lƒ}0A0?+3http://www.microsoft.com/pkiops/Docs/Repository.htm0g 0U#0€«‘ü!b&—š¨yaA`©bgý0U%0++0  *†H†÷  ‚¡ŽÅ–è|7±ö-²KÙc·Ýüs# hj¼¥îibõ§Hs×ÉåGìº'LÀ- Ü 6š½·ªÖ$…›ZíJY£Ÿ²6FŒ&&/ü퇔ø®FZó_G>²nüGºA³IĤýлÙñ><|x^7vR#¥Ã$¿¯u¶ù;Í:§&ê/uÂÑ #u†>â·PD¬åT) BÔ9'Â-à§ü"©²”n©ó™9çÊ ŒÎâB2Ö‹COho9dAî"®çç3‡ÑG5;“aà•hó<Ê¥puC¥ó²$[‚•çqí¬0rpâŠcáZ–xþ-9R&+=7…&D±ê=¯ò °Fª»¬Èjv„z7ݪÂî$­á¦ã‡ˆœ¶¾ýþ¢éá× ÁÍH× ÷°ô.–¦ã]ÒFr¦EÜ… ý‰ÙTáýÊ ‹Ô^h‰.7W <›£|jÛ.Ÿl2Âcertvalidator-0.26.3/tests/fixtures/testing-aia/repositorio.serpro.gov.br000066400000000000000000000035031453642760600267110ustar00rootroot000000000000000‚?0‚'  »}¤„6;“)ÄiQ0  *†H†÷  0‰1 0 UBR10U ICP-Brasil1604U -Secretaria da Receita Federal do Brasil - RFB1-0+U $Autoridade Certificadora SERPRORFBv50 230420201724Z 240419201724Z0â1 0 UBR10U ICP-Brasil10U videoconferencia10U 336831110001071604U -Secretaria da Receita Federal do Brasil - RFB10U ARSERPRO10U RFB e-CPF A31(0&U FREDERICO SCHARDONG:004893690140‚"0  *†H†÷ ‚0‚ ‚é‘•2öaÄ“B?M2ðv ‰„/&ö¹^²'ÞQ·m·Í ¦”¼Ÿ­ÞM¸›ƒ¥{SX·_:€“‰ÿ ¦ÔÓjÄcÙF%û1[Ø_Ö\±‹Œ¹ åÙ–ãáf©LRúº9›Kï›*¨®P¹Ú84‘M·-í­.òÎ-æ¡ b>L·¤0W$89Ë}©§Â2a4±f:]>*]s ü:´O†úLåí¹’xo¨Ò¿4ýRm´w?µslÙµàš†´PÀ'ˆ Žò1„w[e¦ãÈé´œ›ÛWÏaÆÊ*´ÔÉ{dínÕ¢ä8Ô‚üvGþ·Kfýô¾þÂÏ#ðJ=R6õ'£‚I0‚E0U#0€€-~šEÀñ[?Õ@°o/eàé0ˆU€0~0< : 8†6http://repositorio.serpro.gov.br/lcr/acserprorfbv5.crl0> < :†8http://certificados2.serpro.gov.br/lcr/acserprorfbv5.crl0V+J0H0F+0†:http://repositorio.serpro.gov.br/cadeias/acserprorfbv5.p7b0“U‹0ˆ 8`L /-020619910048936901400000000000000000000000000 `L  000000000000 `L 0000000000000000000frede.sch@gmail.com0Uÿà0U%0++0[U T0R0P`L0F0D+8http://repositorio.serpro.gov.br/docs/dpcacserprorfb.pdf0U*t ï^{%Ï¥¾øÎoõ)C*G0  *†H†÷  ‚•‚<öiÖdoÈ®q$’ KŽšÝq)4wXÆʺG6éâ†úeÖ»,NÒï^M:•÷ÿÀ̧^`ë$TÝþ¬þiùÔöµ¸‘j·ÌƒìÒ0­F¡Ö I'o*ùNàýŒ §.;i«Ëo•Æ óaS_Ю±NT:P·OArÞ“Ä"\ \Zg~³©~05-s“*¬©ÎPÖ< W‘—ä*¦7_üýÓ„HËÂa½`L\a…ÂdI_Eº:áZ‚É¡P¨ŸJÄ9aÖzjÆ‘R¥×ýãª÷ïê=çàÕ­ö·Hé¢Ç% ¾;g2ZŸDa|h…¾êS?}ý^>š „O><–rM¾˜¿#Ƥ4ùÔ¼( …P ¶µÐPNÞ#ñ#lî`ó¹æÎŒ1×jëÕŒÂI¼p€$ÿ³>«wXmß78à¡Ëû—ÎQ3)ö_;J ¹F˼Ú.°¡böfp&6¼Aq5Œ)Aoò"<à2½z«”tÄÓäoUê›±¹f ìËÜ Ó­f÷¾ÆȤ0²×¤j·À ­ûcõù€¹PlêZ<œ2ÿ âg H«BQÅ"ä\ê Ù“Ï«¶Î þ_÷,- D¥6§Ÿ7¬L‡Ck„¯kioªþÕt8ç uŠ«‚س)ÑJ˜ÿwPþp»y5E˜Þ'Ôå"certvalidator-0.26.3/tests/fixtures/testing-aia/root-icpedu.rnp.br000066400000000000000000000032671453642760600252670ustar00rootroot000000000000000‚³0‚› 0  *†H†÷  01 0 UBR1 0 U RNP1 0 U GSER10U ac-raiz-v310USanta Catarina10U Florianopolis10 *†H†÷   gopac@rnp.br0 200127203343Z 450120203343Z01 0 UBR1 0 U RNP1 0 U GSER10U ac-raiz-v310USanta Catarina10U Florianopolis10 *†H†÷   gopac@rnp.br0‚"0  *†H†÷ ‚0‚ ‚ÖE— ·òõ#ÉÔ2øUVEåiÒTàäÝ[0ÒÅõ“€QNɪܮæv•à”v ¨7sä‘ö'L1ÐàG2ºÖ—#ù¾ˆí¡^Í€Y*Ò·)jÿ÷¨£œ-(‹ RÞíúžük€Šœ© ¦Ç™k[^ûeß¼­Ùød£öGU ’T ñóeMe uýjBÜ]×(ògµ8»2Âh±)š 終&¯ôˆ>~Z/à)†4ØÑf‚ZÇÖ-U–\¼nù¨¶È•A.ÅâJÁ¡ Œˆ¦‰W 'ÔúÔÉF ¼r³K&¬Tè©Î‰:¸2ÃÅY4ªÉ±2ºçÃE¯Û™TPâÄ…ÔËEfTÖ_±³Q‚.æ_û]Lõ¯K)8ÈØKÃNnv%"ù™/{Ìzè !òô®ä 1y”⇳li5éÕqÔV<îúûežE£<‘‚Œ€,m°ŸeÃçk«ÅçȽúBù" SÙ>±ZÍšÒºE—E µ±³#·Æ8TÝvıË2¸t÷; …Çz®)äIé g-¬¼tEqüOxmä<ÖwrÅüEKˆ ïigVÌ’0nÛ½ÈÚÕj}¹ÎqïñyA¡‰qd6< ¹_ËYAXüØ–“Z"‹X*ÊcsÂö´«ý‘øA.}£‚0‚0U0 gopac@rnp.br0UÁ'—ÚÑQ´ fDBW0 U0ÿ0TUM0K0I G E†Chttps://repositorio.icpedu.rnp.br/ac-raiz/lcr-ac-raiz-icpedu-v3.crl0 U0kU d0b0` +ü|0Q0O+Chttps://repositorio.icpedu.rnp.br/ac-raiz/dpc-ac-raiz-icpedu-v3.pdf0  *†H†÷  ‚!ðÔªtîÈ¢]ÔÁ¢Ýw±7/:q™èÇ 7ä? WR)Lû³JD’˵­F~Ë6U{ pË´ Õeå?I¥Öô}êrÉÕjêŽøùËAwêH ÷êNì©]õ‰…AÜ¡ˆ:ÖÁÀgò¤× æäˆH(m^_¤9£QÄ(8ùOó˜{OÛA«Q ^ œ‰ìJ`ú,ÐÁLµÍÁ³Uø€øØ\øLÀÜ«M«,ÙCÆÎ}gÑÖŒ’è.-fzñ0 ’CŘtËÁ®–Ñ-ZW;qVš„ÃÊœÊR™2+=c¹0 ‚vÄ4H™œX¬½œwµxrʬ¢¥â¸Bì¤E´s˜Ü¿„’îGfüäoÒVñ¼KYÿ¬]ÖÓæ¥WðªN©ýdŽ,,fö¨™5ÕÅ'OÂÎ%±‹ÓBy†üÐBZXL¬·ë©X8f\ s¢t•ªI½ÈlC^XÓ®Ýļ“Ðô‰¡\BÝè 6 ¨Ôß`™ÇÊTòmÅ~©'ÄËqÙ¤›£·^J›xN~þ>ǧé¦Ûl¿Þ ý$K·äº O†ÊkŸ9DÄ×ÃÁ³¸<Ú«ç@«kgã#[lI±ËóC(/ /…›&n Ûù>@ïª837LmÅîqŒå¨…§þ*S_ é&S·ú¯â‰l éT\Ícertvalidator-0.26.3/tests/fixtures/testing-aia/southwest.com000066400000000000000000000036111453642760600244500ustar00rootroot000000000000000‚…0‚m @„.··µþ f¿ø[0  *†H†÷  0r1 0 UUS10U  IdenTrust1.0,U %HydrantID Trusted Certificate Service10UHydrantID Server CA O10 221031154502Z 231125154402Z0k10Uwww.southwest.com10U Southwest Airlines Co.10 UDallas10 UTexas1 0 UUS0‚"0  *†H†÷ ‚0‚ ‚èñ}u¤¤–tþŸ5^`Í÷y|ìŽ2R[ ¾~wÁr ’ä ÞÙg—ãi¤PÑœú ÄÃÖø¦Ÿï’¼nÿ§¾›Êä;· •cx½Øä+DKvÄÑœ™µFšÖý¿~¤&*mUÖz(’Å_ß`ÂÉ9ÞcFÅ;ºÈ+¶†‰°«ðê,Hn~åžUa4C¥K¸­1þ’Ò®„!s”‡–'Ò›ßa&Ç]–€Á$«Z8·‘äöÑQÒ’ÙU|ÿ× =i9Yû#[&Øû±¿1× :8v¥ _Øê½Qº®­(.n=X°)½(O°gjÂÙe*›Š%;­sË~š`£‚0‚0Uÿ 0…+y0w00+0†$http://commercial.ocsp.identrust.com0C+0†7http://validation.identrust.com/certs/hydrantidcaO1.p7c0U#0€‰¸›¶žíû°Æ½ ìgN<£’-ù0‚&U ‚0‚0  `†H†ù/0‚g 0ü0@+4https://secure.identrust.com/certificates/policy/ts/0·+0ª §This TrustID Server Certificate has been issued in accordance with IdenTrust's TrustID Certificate Policy found at https://secure.identrust.com/certificates/policy/ts/0FU?0=0; 9 7†5http://validation.identrust.com/crl/hydrantidcao1.crl0+U$0"‚ southwest.com‚www.southwest.com0Uc”¢moqXf›mõi½rÁ&li_0U%0++0‚~ +Öy‚n‚jhv­÷¾ú|ÿÈ‹=œ>j´g)]ϱ $Ê…†4ëÜ‚Š„.·»>G0E!Ž™~Q~;¶Ž2b³V^<œµPi¶ºÕ¢Öz;~ª OõóÎwþ[—rØð¬‹Óä¢ß~þõš+AÁ:¥Ü.vè>ÐÚ>õ52çW(¼‰kÉÓËÑkìëiáw}m½n„.·¸–G0E!ø_ óÝo69nÓhD´5]xš¼”^f¼I61 $Oæù}MkZ´,KvKµ,‰Á½¦‰@Å38ÊÅ.vz2ŒTØ·-¶ ê8àRé„p2…M;Ò+Á:W£RëR„.·¸…G0E!¹ß†Â¿gOkqèš÷yOFVö¤0Ñ3ÝÚ”4Oô 7êuÌuHo•é§¸K"%zÝ uAQ«¶h{Ÿ¢Ö¨÷·å0  *†H†÷  ‚ŠÑΈj‚âÍ@JÔû-⟶2¸8 ·ºˆœ%½bÞ›Ûû+Æk“$ÿÓ´f´gªwÂ)³µüûŒD^÷.^!hÞ&Mv]¦ô †®[BéAÚ ¢:ä*qã½°Gbç*ŸÇ'pù}aa™Iôq@U=¨±€ž¢`‰BàÉíûn>H”Bµ;ÅnÙ-ÕʃҀÃgŠê£@í+ €T®â>ê5 ™Er 3J¾HÇÆCýý ñÜPŽÌ_Kµ×Çf£·žiü OCüçBiuׯÁfGž15ìR¦Ûçï"u H¼`É­j’1àÖ }AÒË“certvalidator-0.26.3/tests/fixtures/testing-aia/www.cnn.com000066400000000000000000000052551453642760600240120ustar00rootroot000000000000000‚ ©0‚ ‘ t²0¢iZšÜ¡éUœÉ=0  *†H†÷  0X1 0 UBE10U GlobalSign nv-sa1.0,U%GlobalSign Atlas R3 DV TLS CA 2022 Q40 221209191920Z 240110191919Z010U cnn.com0‚"0  *†H†÷ ‚0‚ ‚º@Xû…C7yˆL¹ÆÁA'ØúöþÔý}ÔXOåJIX@u¥ y3Û4LÑ7›ƒ7/4a†˜S¶®ÀK2QÅÑ–ÆãþkühèÜ/ß÷å…]_4k–•Ëˆ¨t9bòö&X­¤KÙMî”(aœ&Ô›ý¡j£„Ñ–)d-¾ðu;Í8‘*{*,U€-Wk™ýÖ6Œï\“DäC¹rÌ\ï³øÞ­¨üS-¤ f!’t§)\DáùöÀ¨HäB†@¯²èeÍÞuñ¶';;E¥*[FÍ›l¾hSùåáIÛ ð©PY!Ú©>ÇiFU‹¢³G£‚³0‚¯0‚gU‚^0‚Z‚cnn.com‚ *.api.cnn.com‚ *.api.cnn.io‚*.api.electiontracker.cnn.com‚*.api.platform.cnn.com‚*.arabic.cnn.com‚*.artemis.turner.com‚*.blogs.cnn.com‚*.client.appletv.cnn.com‚ *.cnn.com‚*.cnn.io‚*.cnnarabic.com‚*.cnnmoney.com‚*.cnnpolitics.com‚*.config.outturner.com‚*.data.api.cnn.io‚*.edition.cnn.com‚*.edition.i.cdn.cnn.com‚*.edition.stage.next.cnn.com‚*.edition.stage2.next.cnn.com‚*.edition.stage3.next.cnn.com‚*.elections.cnn.com‚*.electiontracker.cnn.com‚ *.go.cnn.com‚*.i.cdn.cnn.com‚*.markets.money.cnn.io‚*.money.cnn.com‚*.next.cnn.com‚*.odm.platform.cnn.com‚*.outturner.com‚*.platform.cnn.com‚*.section-content.money.cnn.com‚*.stage.next.cnn.com‚*.stage2.next.cnn.com‚*.stage3.next.cnn.com‚*.stellar.cnn.com‚*.terra.next.cnn.com‚*.travel.cnn.com‚*.www.i.cdn.cnn.com‚api.etp.cnn.com‚client.appletv.cnn.com‚ cnnarabic.com‚ cnnmoney.com‚cnnpolitics.com‚ dcfandome.com‚graphql.verticals.api.cnn.io‚i.cdn.travel.cnn.com‚preview.dev.money.cnn.com‚preview.qa.money.cnn.com‚preview.ref.money.cnn.com‚preview.train.money.cnn.com‚preview2.ref.money.cnn.com‚underscored.com0Uÿ 0U%0++0U…™n¡ÿµŸÄQì‰O8ÙîøW0WU P0N0g 0B + 2 0402+&https://www.globalsign.com/repository/0 Uÿ00ž+‘0Ž0@+0†4http://ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q40J+0†>http://secure.globalsign.com/cacert/gsatlasr3dvtlsca2022q4.crt0U#0€ˆhÙÄ›‰à Bw_ÃyŽÃn0HUA0?0= ; 9†7http://crl.globalsign.com/ca/gsatlasr3dvtlsca2022q4.crl0‚ +Öy‚o‚kivvÿˆ? ¶û•QÂaÌõ‡º4´¤Í»)ÜhB ŸægLZ:t„øSðXG0E!Å×Î1¥ôSa÷EJLsÉ3¶´¡SžgléI ç mUß‘,ÁìT.2i —è»CÜÚíú¼®N¢š[wîÍÐdÕÛÎÅ\·´Í¢2‡F|¼ìÞÃQHYFqµ›„øSð—H0F!¹cCËæÇ*1¢^­”­”âäFŒ'=Œ×¬&º X¾8ö!¡*ô’V[m×ö°siÃ{Ì44£xêÀPB|ñ] ¶]vÚ¶¿k?µ¶"Ÿ›Â»\kèp‘ql»Q„…4½¤=0H×û«„øSð¹G0E [ÚëÑǺká:óž¿}g¸5Ä­`ÈÒzìCe[Ò]Á^á!¤pÍŠþ²:“Ò»‡ÞÇç®Tdá났úßÌ÷êK0  *†H†÷  ‚TFwEØËUÙe";#²\Ž…nì±Ëó) °{Oø5• ·ÄØÓ¡¬´ßûÂã¡+.•6XáÁ¢k¸é ô¡N‡òXØ2·uƒ%‹,Ç{ ¤_±D@œ|ÅÃT¡•qYÈ_”Z‡LÒ§ÀÖ²C½p]¯ÖÔá§XäQt•è~'Èr±o(à) Ä‹ Å`bÏÏD·/¬º²Xä@—€ÑñŸïhGO5'56!œÐìZ‚\÷IyÿEÞ#Ù¾…4gYZæîÀ\¼4!ú—‚ãm‡àÊ G‚Ÿìš¡[›ñz]#È𺽃)žh\ßž£®‰šüvt†UµÝŠËyÁ!õšþÇÂcertvalidator-0.26.3/tests/fixtures/testing-aia/xuite.net000066400000000000000000000036621453642760600235570ustar00rootroot000000000000000‚®0‚– C·¬ÒÈ\3Ár1Jp0  *†H†÷  0`1 0 UTW1#0!U Chunghwa Telecom Co., Ltd.1,0*U #Public Certification Authority - G20 220519085250Z 230519085250Z0`1 0 UTW10U 臺北市1'0%U 中è¯é›»ä¿¡è‚¡ä»½æœ‰é™å…¬å¸10U *.xuite.net0‚"0  *†H†÷ ‚0‚ ‚Ô±‚±¼ êSçló¶+öÏ3mX£­BŠ½yÝA>ù6Õœ;H'BË=V¡{ôÈó`P'àÍŒO¹ U€Bˆ$üÌkß-½é‰¶8;é,J¬ÌÈŠ”ã¹IÊËØ—è+â¡IJ›ÓñÅÜÊ v±@(Ï;Rgpß·ùzÔndW¶ËúÎÛåM§p|B«¬ß‡™sZnQi‘ÂÔ±HÃh¾„©m©æCaÓ}íö¢¥<ÏMˆ­•ÑE°Ý¥y¸–ÔwNS¿Ö&Á_¾Ê|µK«ý{ 46w1Uð miAÙ»½?kÀ¬Þâ‡ÕöÎÇ£‚b0‚^0U#0€˃}e¯©Éó¨©ôd|yRt@a0UéåE¬ÔìÝ_<à Ø|LyãÇ0œU”0‘0J H F†Dhttp://repository.publicca.hinet.net/crl/PubCAG2/1000-1/complete.crl0C A ?†=http://repository.publicca.hinet.net/crl/PubCAG2/complete.crl0“+†0ƒ0I+0†=http://repository.publicca.hinet.net/certs/IssuedToThisCA.p7b06+0†*http://ocsp.publicca.hinet.net/OCSP/ocspG20"U 00g 0  +·#d0U%0++0!U0‚ *.xuite.net‚ xuite.net0Uÿ 0‚o +Öy‚_‚[Yvè>ÐÚ>õ52çW(¼‰kÉÓËÑkìëiáw}m½n€Û…!üG0E!þ°-R·ëKÓ‘\Ëû%1öVÚìZqÚË5{[ËŠ Rªá=gÄ-ŒûùÕ?ãÂ<7Uò“7qü—ºÖ9v­÷¾ú|ÿÈ‹=œ>j´g)]ϱ $Ê…†4ëÜ‚Š€Û…(G0E Xå¤sRïÚfÝ3mîì±üÝZ7rOTÑdi~H”£+$¯!‡ÜDwi–ˆIØ Þ >W8Sßå:·t—=[áõ66Äv³swá„Pøc†Ö©Ü Jy-±g ‡Üðy6¥š€Û…+oG0E!’ÜBôWÚëlÒ¶´£ „“:ÍÇmÉr·v¦VñóÅ '[DLÉcëgØ”ë§Z¼I[sLõ„lõ`)‰÷ŒD[vz2ŒTØ·-¶ ê8àRé„p2…M;Ò+Á:W£RëR€Û…,uG0E ó®zÀ6-ÙâÖ¬¾”Åt†Ü$ ùç—µ¢U‚«Q¢!å:ÑPC €íF’@hÍFë=<¡Èpè5%ázxùn wUÔÂ6Jê ›W x509.Certificate: with open(fname, 'rb') as inf: return x509.Certificate.load(inf.read()) def load_attr_cert(fname) -> cms.AttributeCertificateV2: with open(fname, 'rb') as inf: return cms.AttributeCertificateV2.load(inf.read()) def load_crl(fname) -> crl.CertificateList: with open(fname, 'rb') as inf: return crl.CertificateList.load(inf.read()) def load_ocsp_response(fname) -> ocsp.OCSPResponse: with open(fname, 'rb') as inf: return ocsp.OCSPResponse.load(inf.read()) @pytest.mark.asyncio async def test_basic_ac_validation_aacontrols_norev(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-norev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], ) result = await validate.async_validate_ac(ac, vc) assert len(result.aa_path) == 3 assert 'role' in result.approved_attributes assert 'group' not in result.approved_attributes @pytest.mark.asyncio async def test_basic_ac_validation_bad_signature(): ac = load_attr_cert(os.path.join(basic_aa_dir, 'aa', 'badsig.attr.crt')) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], ) msg = 'signature could not be verified' with pytest.raises(InvalidCertificateError, match=msg): await validate.async_validate_ac(ac, vc) @pytest.mark.asyncio async def test_ac_validation_expired(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-norev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], moment=datetime.datetime(3000, 1, 1, tzinfo=datetime.timezone.utc), ) msg = 'intermediate certificate 1 expired' with pytest.raises(PathValidationError, match=msg): await validate.async_validate_ac(ac, vc) @pytest.mark.asyncio async def test_basic_ac_validation_sig_algo_mismatch(): ac = load_attr_cert(os.path.join(basic_aa_dir, 'aa', 'badsig.attr.crt')) # manipulate the signature algorithm ac = cms.AttributeCertificateV2( { 'ac_info': ac['ac_info'], 'signature_algorithm': {'algorithm': 'md5_rsa'}, 'signature': ac['signature'], } ) ac.dump() root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], ) msg = 'algorithm declaration.*does not match' with pytest.raises(InvalidCertificateError, match=msg): await validate.async_validate_ac(ac, vc) @pytest.mark.asyncio async def test_basic_ac_validation_bad_aa_controls(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-norev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) # no AA controls on this one interm = load_cert( os.path.join(basic_aa_dir, 'root', 'interm-unrestricted.crt') ) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], ) msg = 'AA controls extension only present on part ' with pytest.raises(PathValidationError, match=msg): await validate.async_validate_ac(ac, vc) @pytest.mark.asyncio async def test_basic_ac_validation_aa_controls_path_too_long(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-norev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) # no AA controls on this one interm = load_cert( os.path.join(basic_aa_dir, 'inbetween', 'interm-pathlen-violation.crt') ) inbetween = load_cert( os.path.join(basic_aa_dir, 'root', 'inbetween-aa.crt') ) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa, inbetween], ) msg = 'exceeds the maximum path length for an AA certificate' with pytest.raises(PathValidationError, match=msg): await validate.async_validate_ac(ac, vc) def _load_targeted_ac(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-norev-targeted.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert( os.path.join(basic_aa_dir, 'root', 'interm-unrestricted.crt') ) aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'aa-unrestricted.crt')) return root, interm, aa, ac @pytest.mark.asyncio async def test_basic_ac_validation_no_targeting(): root, interm, aa, ac = _load_targeted_ac() vc = ValidationContext( trust_roots=[root], other_certs=[interm, aa], ) msg = 'no targeting information' with pytest.raises(InvalidCertificateError, match=msg): await validate.async_validate_ac(ac, vc) @pytest.mark.asyncio async def test_basic_ac_validation_bad_targeting_name(): root, interm, aa, ac = _load_targeted_ac() vc = ValidationContext( trust_roots=[root], other_certs=[interm, aa], acceptable_ac_targets=ACTargetDescription( validator_names=[ x509.GeneralName( name='directory_name', value=x509.Name.build( { 'country_name': 'XX', 'organization_name': 'Testing Attribute Authority', 'organizational_unit_name': 'Validators', 'common_name': 'Not Validator', } ), ) ] ), ) msg = 'AC targeting' with pytest.raises(InvalidCertificateError, match=msg): await validate.async_validate_ac(ac, vc) @pytest.mark.asyncio async def test_basic_ac_validation_bad_targeting_group(): root, interm, aa, ac = _load_targeted_ac() vc = ValidationContext( trust_roots=[root], other_certs=[interm, aa], acceptable_ac_targets=ACTargetDescription( group_memberships=[ x509.GeneralName( name='directory_name', value=x509.Name.build( { 'country_name': 'XX', 'organization_name': 'Testing Attribute Authority', 'organizational_unit_name': 'Not Validators', } ), ) ] ), ) msg = 'AC targeting' with pytest.raises(InvalidCertificateError, match=msg): await validate.async_validate_ac(ac, vc) @pytest.mark.asyncio async def test_basic_ac_validation_good_targeting_name(): root, interm, aa, ac = _load_targeted_ac() vc = ValidationContext( trust_roots=[root], other_certs=[interm, aa], acceptable_ac_targets=ACTargetDescription( validator_names=[ x509.GeneralName( name='directory_name', value=x509.Name.build( { 'country_name': 'XX', 'organization_name': 'Testing Attribute Authority', 'organizational_unit_name': 'Validators', 'common_name': 'Validator', } ), ) ] ), ) result = await validate.async_validate_ac(ac, vc) assert len(result.aa_path) == 3 assert 'role' in result.approved_attributes assert 'group' in result.approved_attributes @pytest.mark.asyncio async def test_basic_ac_validation_good_targeting_group(): root, interm, aa, ac = _load_targeted_ac() vc = ValidationContext( trust_roots=[root], other_certs=[interm, aa], acceptable_ac_targets=ACTargetDescription( group_memberships=[ x509.GeneralName( name='directory_name', value=x509.Name.build( { 'country_name': 'XX', 'organization_name': 'Testing Attribute Authority', 'organizational_unit_name': 'Validators', } ), ) ] ), ) result = await validate.async_validate_ac(ac, vc) assert len(result.aa_path) == 3 assert 'role' in result.approved_attributes assert 'group' in result.approved_attributes @pytest.mark.asyncio async def test_match_holder_ac(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-norev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) alice = load_cert(os.path.join(basic_aa_dir, 'people-ca', 'alice.crt')) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], ) await validate.async_validate_ac(ac, vc, holder_cert=alice) @pytest.mark.asyncio async def test_match_holder_ac_mismatch(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-norev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) bob = load_cert(os.path.join(basic_aa_dir, 'people-ca', 'bob.crt')) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], ) msg = 'Could not match.*base_certificate_id' with pytest.raises(InvalidCertificateError, match=msg): await validate.async_validate_ac(ac, vc, holder_cert=bob) @pytest.mark.asyncio async def test_ac_revoked(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-with-rev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) role_aa_crl = load_crl( os.path.join(basic_aa_dir, 'role-aa-some-revoked.crl') ) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], crls=[role_aa_crl], moment=datetime.datetime( year=2021, month=12, day=12, tzinfo=datetime.timezone.utc ), ) ac_path = ValidationPath(CertTrustAnchor(root), [interm, role_aa], ac) with pytest.raises(RevokedError): await verify_crl(ac, ac_path, vc) @pytest.mark.asyncio async def test_ac_unrevoked(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-with-rev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) role_aa_crl = load_crl(os.path.join(basic_aa_dir, 'role-aa-all-good.crl')) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], crls=[role_aa_crl], moment=datetime.datetime( year=2019, month=12, day=12, tzinfo=datetime.timezone.utc ), ) ac_path = ValidationPath(CertTrustAnchor(root), [interm, role_aa], ac) await verify_crl(ac, ac_path, vc) @pytest.mark.asyncio async def test_ac_revoked_full_path_validation(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-with-rev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) role_aa_crl = load_crl( os.path.join(basic_aa_dir, 'role-aa-some-revoked.crl') ) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], crls=[role_aa_crl], moment=datetime.datetime( year=2021, month=12, day=12, tzinfo=datetime.timezone.utc ), ) with pytest.raises(RevokedError): await validate.async_validate_ac(ac, vc) @pytest.mark.asyncio async def test_ac_unrevoked_full_path_validation(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-with-rev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) role_aa_crl = load_crl(os.path.join(basic_aa_dir, 'role-aa-all-good.crl')) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], crls=[role_aa_crl], moment=datetime.datetime( year=2019, month=12, day=12, tzinfo=datetime.timezone.utc ), ) await validate.async_validate_ac(ac, vc) @pytest.mark.asyncio async def test_ac_revoked(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-with-rev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) ocsp_resp = load_ocsp_response( os.path.join(basic_aa_dir, 'alice-revoked.ors') ) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], ocsps=[ocsp_resp], moment=datetime.datetime( year=2021, month=12, day=12, tzinfo=datetime.timezone.utc ), ) ac_path = ValidationPath(CertTrustAnchor(root), [interm, role_aa], ac) with pytest.raises(RevokedError): await verify_ocsp_response(ac, ac_path, vc) @pytest.mark.asyncio async def test_ac_unrevoked(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-with-rev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) ocsp_resp = load_ocsp_response( os.path.join(basic_aa_dir, 'alice-all-good.ors') ) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], ocsps=[ocsp_resp], moment=datetime.datetime( year=2019, month=12, day=12, tzinfo=datetime.timezone.utc ), ) ac_path = ValidationPath(CertTrustAnchor(root), [interm, role_aa], ac) await verify_ocsp_response(ac, ac_path, vc) @pytest.mark.asyncio async def test_ac_revoked_full_path_validation(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-with-rev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) ocsp_resp = load_ocsp_response( os.path.join(basic_aa_dir, 'alice-revoked.ors') ) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], ocsps=[ocsp_resp], moment=datetime.datetime( year=2021, month=12, day=12, tzinfo=datetime.timezone.utc ), ) with pytest.raises(RevokedError): await validate.async_validate_ac(ac, vc) @pytest.mark.asyncio async def test_ac_unrevoked_full_path_validation(): ac = load_attr_cert( os.path.join(basic_aa_dir, 'aa', 'alice-role-with-rev.attr.crt') ) root = load_cert(os.path.join(basic_aa_dir, 'root', 'root.crt')) interm = load_cert(os.path.join(basic_aa_dir, 'root', 'interm-role.crt')) role_aa = load_cert(os.path.join(basic_aa_dir, 'interm', 'role-aa.crt')) ocsp_resp = load_ocsp_response( os.path.join(basic_aa_dir, 'alice-all-good.ors') ) vc = ValidationContext( trust_roots=[root], other_certs=[interm, role_aa], ocsps=[ocsp_resp], moment=datetime.datetime( year=2019, month=12, day=12, tzinfo=datetime.timezone.utc ), ) await validate.async_validate_ac(ac, vc) certvalidator-0.26.3/tests/test_ades_time_slide.py000066400000000000000000000334161453642760600223560ustar00rootroot00000000000000import datetime import os import pytest from freezegun import freeze_time from pyhanko_certvalidator.context import ( CertValidationPolicySpec, ValidationDataHandlers, ) from pyhanko_certvalidator.errors import ( InsufficientPOEError, InsufficientRevinfoError, ) from pyhanko_certvalidator.ltv.ades_past import past_validate from pyhanko_certvalidator.ltv.errors import TimeSlideFailure from pyhanko_certvalidator.ltv.poe import POEManager, POEType, digest_for_poe from pyhanko_certvalidator.ltv.time_slide import time_slide from pyhanko_certvalidator.path import ValidationPath from pyhanko_certvalidator.policy_decl import ( CertRevTrustPolicy, FreshnessReqType, RevocationCheckingPolicy, RevocationCheckingRule, ) from pyhanko_certvalidator.registry import ( CertificateRegistry, SimpleTrustManager, ) from pyhanko_certvalidator.revinfo.archival import CRLContainer, OCSPContainer from pyhanko_certvalidator.revinfo.manager import RevinfoManager from .common import load_cert_object, load_crl, load_ocsp_response, load_path BASE_DIR = os.path.join('ades', 'time-slide') def read_test_path(revoked_intermediate_ca=False) -> ValidationPath: return load_path( os.path.join(BASE_DIR, 'certs'), 'root.crt', 'interm-revoked.crt' if revoked_intermediate_ca else 'interm.crt', 'alice.crt', ) def load_cert_registry(revoked_intermediate_ca=False) -> CertificateRegistry: cert_files = ( 'root.crt', 'interm-revoked.crt' if revoked_intermediate_ca else 'interm.crt', 'interm-ocsp.crt', 'alice.crt', ) reg = CertificateRegistry() for cert_file in cert_files: reg.register(load_cert_object(BASE_DIR, 'certs', cert_file)) return reg def now() -> datetime.datetime: return datetime.datetime.now(tz=datetime.timezone.utc) DEFAULT_REV_CHECK_POLICY = RevocationCheckingPolicy( ee_certificate_rule=RevocationCheckingRule.CRL_OR_OCSP_REQUIRED, intermediate_ca_cert_rule=RevocationCheckingRule.CRL_OR_OCSP_REQUIRED, ) DEFAULT_TRUST_POLICY = CertRevTrustPolicy( revocation_checking_policy=DEFAULT_REV_CHECK_POLICY, ) DEFAULT_TOLERANCE = datetime.timedelta(minutes=10) @pytest.mark.asyncio @freeze_time("2020-11-29T00:05:00+00:00") async def test_time_slide_not_revoked(): test_path = read_test_path() alice_ocsp = load_ocsp_response(BASE_DIR, 'alice-2020-11-29.ors') root_crl = load_crl(BASE_DIR, 'root-2020-11-29.crl') revinfo_manager = RevinfoManager( certificate_registry=load_cert_registry(), poe_manager=POEManager(), crls=[CRLContainer(root_crl)], ocsps=[OCSPContainer(alice_ocsp)], ) control_time = await time_slide( test_path, init_control_time=now(), revinfo_manager=revinfo_manager, rev_trust_policy=DEFAULT_TRUST_POLICY, algo_usage_policy=None, time_tolerance=DEFAULT_TOLERANCE, ) assert control_time == now() @pytest.mark.asyncio @freeze_time("2020-12-10T00:05:00+00:00") async def test_time_slide_revocation_ocsp(): test_path = read_test_path() alice_ocsp = load_ocsp_response(BASE_DIR, 'alice-2020-12-10.ors') root_crl = load_crl(BASE_DIR, 'root-2020-12-10.crl') revinfo_manager = RevinfoManager( certificate_registry=load_cert_registry(), poe_manager=POEManager(), crls=[CRLContainer(root_crl)], ocsps=[OCSPContainer(alice_ocsp)], ) control_time = await time_slide( test_path, init_control_time=now(), revinfo_manager=revinfo_manager, rev_trust_policy=DEFAULT_TRUST_POLICY, algo_usage_policy=None, time_tolerance=DEFAULT_TOLERANCE, ) assert control_time == datetime.datetime( 2020, 12, 1, tzinfo=datetime.timezone.utc ) @pytest.mark.asyncio @freeze_time("2020-12-10T00:05:00+00:00") async def test_time_slide_revocation_crl(): test_path = read_test_path() root_crl = load_crl(BASE_DIR, 'root-2020-12-10.crl') interm_crl = load_crl(BASE_DIR, 'interm-2020-12-10.crl') revinfo_manager = RevinfoManager( certificate_registry=load_cert_registry(), poe_manager=POEManager(), crls=[CRLContainer(root_crl), CRLContainer(interm_crl)], ocsps=[], ) control_time = await time_slide( test_path, init_control_time=now(), revinfo_manager=revinfo_manager, rev_trust_policy=DEFAULT_TRUST_POLICY, algo_usage_policy=None, time_tolerance=DEFAULT_TOLERANCE, ) assert control_time == datetime.datetime( 2020, 12, 1, tzinfo=datetime.timezone.utc ) VERY_LENIENT_FRESHNESS = CertRevTrustPolicy( revocation_checking_policy=DEFAULT_REV_CHECK_POLICY, freshness_req_type=FreshnessReqType.MAX_DIFF_REVOCATION_VALIDATION, freshness=datetime.timedelta(days=100), ) @pytest.mark.asyncio @freeze_time("2020-12-10T00:05:00+00:00") async def test_time_slide_revoked_intermediate(): test_path = read_test_path(revoked_intermediate_ca=True) # the intermediate cert is listed as revoked on this CRL root_crl = load_crl(BASE_DIR, 'root-2020-12-10.crl') # this CRL would be valid long enough to serve as non-revocation # evidence for the 'alice' cert # We set a ridiculous freshness window to ensure it's covered. poe_manager = POEManager() interm_crl = load_crl(BASE_DIR, 'interm-2020-11-29.crl') poe_date = datetime.datetime(2020, 11, 30, tzinfo=datetime.timezone.utc) poe_manager.register(test_path.leaf, dt=poe_date, poe_type=POEType.PROVIDED) # ...make sure to include some POE prior to the revocation date of the # intermediate cert poe_manager.register( CRLContainer(interm_crl), dt=poe_date, poe_type=POEType.PROVIDED ) revinfo_manager = RevinfoManager( certificate_registry=load_cert_registry(revoked_intermediate_ca=True), poe_manager=poe_manager, crls=[CRLContainer(root_crl), CRLContainer(interm_crl)], ocsps=[], ) control_time = await time_slide( test_path, init_control_time=now(), revinfo_manager=revinfo_manager, rev_trust_policy=VERY_LENIENT_FRESHNESS, algo_usage_policy=None, time_tolerance=DEFAULT_TOLERANCE, ) assert control_time == datetime.datetime( 2020, 12, 1, tzinfo=datetime.timezone.utc ) @pytest.mark.asyncio @freeze_time("2020-12-10T00:05:00+00:00") async def test_time_slide_revoked_intermediate_enforce_cert_poe(): test_path = read_test_path(revoked_intermediate_ca=True) # the intermediate cert is listed as revoked on this CRL root_crl = load_crl(BASE_DIR, 'root-2020-12-10.crl') poe_manager = POEManager() # No POE for the leaf cert at the control time # at which the intermediate cert was revoked => fail interm_crl = load_crl(BASE_DIR, 'interm-2020-11-29.crl') poe_date = datetime.datetime(2020, 11, 30, tzinfo=datetime.timezone.utc) poe_manager.register( CRLContainer(interm_crl), dt=poe_date, poe_type=POEType.PROVIDED ) revinfo_manager = RevinfoManager( certificate_registry=load_cert_registry(revoked_intermediate_ca=True), poe_manager=poe_manager, crls=[CRLContainer(root_crl), CRLContainer(interm_crl)], ocsps=[], ) with pytest.raises(InsufficientPOEError, match='for.*Alice'): await time_slide( test_path, init_control_time=now(), revinfo_manager=revinfo_manager, rev_trust_policy=VERY_LENIENT_FRESHNESS, algo_usage_policy=None, time_tolerance=DEFAULT_TOLERANCE, ) @pytest.mark.asyncio @freeze_time("2020-12-10T00:05:00+00:00") async def test_time_slide_revoked_intermediate_enforce_revinfo_poe(): test_path = read_test_path(revoked_intermediate_ca=True) # the intermediate cert is listed as revoked on this CRL root_crl = load_crl(BASE_DIR, 'root-2020-12-10.crl') poe_manager = POEManager() poe_date = datetime.datetime(2020, 11, 30, tzinfo=datetime.timezone.utc) poe_manager.register(test_path.leaf, dt=poe_date, poe_type=POEType.PROVIDED) # This CRL issued by the intermediate CA predates its revocation date # so without POE, it should be treated as no longer valid # => no revinfo for the leaf cert => can't finish interm_crl = load_crl(BASE_DIR, 'interm-2020-11-29.crl') revinfo_manager = RevinfoManager( certificate_registry=load_cert_registry(revoked_intermediate_ca=True), poe_manager=poe_manager, crls=[CRLContainer(root_crl), CRLContainer(interm_crl)], ocsps=[], ) with pytest.raises(InsufficientRevinfoError, match='for.*Alice'): await time_slide( test_path, init_control_time=now(), revinfo_manager=revinfo_manager, rev_trust_policy=VERY_LENIENT_FRESHNESS, algo_usage_policy=None, time_tolerance=DEFAULT_TOLERANCE, ) VALIDATION_POLICY_SPEC = CertValidationPolicySpec( trust_manager=SimpleTrustManager.build( trust_roots=[load_cert_object(BASE_DIR, 'certs', 'root.crt')] ), revinfo_policy=DEFAULT_TRUST_POLICY, ) @pytest.mark.asyncio @freeze_time("2020-11-29T00:05:00+00:00") async def test_point_in_time_validation_not_revoked(): test_path = read_test_path() alice_ocsp = load_ocsp_response(BASE_DIR, 'alice-2020-11-29.ors') root_crl = load_crl(BASE_DIR, 'root-2020-11-29.crl') cert_registry = load_cert_registry() poe_manager = POEManager() revinfo_manager = RevinfoManager( certificate_registry=cert_registry, poe_manager=poe_manager, crls=[CRLContainer(root_crl)], ocsps=[OCSPContainer(alice_ocsp)], ) last_valid_time = await past_validate( test_path, validation_policy_spec=VALIDATION_POLICY_SPEC, init_control_time=now(), validation_data_handlers=ValidationDataHandlers( revinfo_manager=revinfo_manager, poe_manager=poe_manager, cert_registry=cert_registry, ), ) assert last_valid_time == now() @pytest.mark.asyncio @freeze_time("2020-12-10T00:05:00+00:00") async def test_point_in_time_validation_revoked_intermediate(): # Same scenario as the time slide test w/ revoked intermediate cert & PoE # in this module test_path = read_test_path(revoked_intermediate_ca=True) # the intermediate cert is listed as revoked on this CRL root_crl = load_crl(BASE_DIR, 'root-2020-12-10.crl') # this CRL would be valid long enough to serve as non-revocation # evidence for the 'alice' cert # We set a ridiculous freshness window to ensure it's covered. poe_date = datetime.datetime(2020, 11, 30, tzinfo=datetime.timezone.utc) poe_manager = POEManager() poe_manager.register(test_path.leaf, dt=poe_date, poe_type=POEType.PROVIDED) interm_crl = load_crl(BASE_DIR, 'interm-2020-11-29.crl') # ...make sure to include some POE prior to the revocation date of the # intermediate cert poe_manager.register( CRLContainer(interm_crl), dt=poe_date, poe_type=POEType.PROVIDED ) cert_registry = load_cert_registry(revoked_intermediate_ca=True) revinfo_manager = RevinfoManager( certificate_registry=cert_registry, poe_manager=poe_manager, crls=[CRLContainer(root_crl), CRLContainer(interm_crl)], ocsps=[], ) last_valid_time = await past_validate( test_path, validation_policy_spec=VALIDATION_POLICY_SPEC, init_control_time=now(), validation_data_handlers=ValidationDataHandlers( revinfo_manager=revinfo_manager, poe_manager=poe_manager, cert_registry=cert_registry, ), ) assert last_valid_time == datetime.datetime( 2020, 12, 1, tzinfo=datetime.timezone.utc ) @pytest.mark.asyncio @freeze_time("2020-12-10T00:05:00+00:00") async def test_point_in_time_validation_revinfo_insufficient_poe(): test_path = read_test_path(revoked_intermediate_ca=True) # the intermediate cert is listed as revoked on this CRL root_crl = load_crl(BASE_DIR, 'root-2020-12-10.crl') poe_manager = POEManager() cert_registry = load_cert_registry(revoked_intermediate_ca=True) revinfo_manager = RevinfoManager( certificate_registry=cert_registry, poe_manager=poe_manager, crls=[CRLContainer(root_crl)], ocsps=[], ) with pytest.raises(TimeSlideFailure): await past_validate( test_path, validation_policy_spec=VALIDATION_POLICY_SPEC, init_control_time=now(), validation_data_handlers=ValidationDataHandlers( revinfo_manager=revinfo_manager, poe_manager=poe_manager, cert_registry=cert_registry, ), ) def test_poe_manager_read_cert(): manager = POEManager() cert = load_cert_object(BASE_DIR, 'certs', 'root.crt') with freeze_time('2020-11-11'): manager.register(cert, poe_type=POEType.PROVIDED) assert manager[cert].date() == datetime.date(2020, 11, 11) def test_poe_manager_cert_by_digest(): manager = POEManager() cert = load_cert_object(BASE_DIR, 'certs', 'root.crt') with freeze_time('2020-11-11'): manager.register_by_digest( digest_for_poe(cert.dump()), poe_type=POEType.PROVIDED ) assert manager[cert].date() == datetime.date(2020, 11, 11) def test_poe_manager_read_bytes(): manager = POEManager() msg = b'deadbeef' with freeze_time('2020-11-11'): manager.register(msg, poe_type=POEType.PROVIDED) assert manager[msg].date() == datetime.date(2020, 11, 11) def test_poe_manager_read_bytes_by_digest(): manager = POEManager() msg = b'deadbeef' with freeze_time('2020-11-11'): manager.register_by_digest( digest_for_poe(msg), poe_type=POEType.PROVIDED ) assert manager[msg].date() == datetime.date(2020, 11, 11) certvalidator-0.26.3/tests/test_certificate_validator.py000066400000000000000000000122531453642760600235670ustar00rootroot00000000000000# coding: utf-8 from datetime import datetime import pytest from asn1crypto.util import timezone from pyhanko_certvalidator import ( CertificateValidator, PKIXValidationParams, ValidationContext, ) from pyhanko_certvalidator.errors import ( InvalidCertificateError, PathValidationError, ) from tests.common import load_cert_object, load_nist_cert @pytest.mark.asyncio async def test_basic_certificate_validator_tls(): cert = load_cert_object('mozilla.org.crt') other_certs = [load_cert_object('digicert-sha2-secure-server-ca.crt')] moment = datetime(2019, 1, 1, 0, 0, 0, tzinfo=timezone.utc) context = ValidationContext(moment=moment) validator = CertificateValidator(cert, other_certs, context) await validator.async_validate_tls('www.mozilla.org') @pytest.mark.asyncio async def test_basic_certificate_validator_tls_expired(): cert = load_cert_object('mozilla.org.crt') other_certs = [load_cert_object('digicert-sha2-secure-server-ca.crt')] moment = datetime(2020, 1, 1, 0, 0, 0, tzinfo=timezone.utc) context = ValidationContext(moment=moment) validator = CertificateValidator(cert, other_certs, context) with pytest.raises(PathValidationError, match='expired'): await validator.async_validate_tls('www.mozilla.org') @pytest.mark.asyncio async def test_basic_certificate_validator_tls_invalid_hostname(): cert = load_cert_object('mozilla.org.crt') other_certs = [load_cert_object('digicert-sha2-secure-server-ca.crt')] moment = datetime(2019, 1, 1, 0, 0, 0, tzinfo=timezone.utc) context = ValidationContext(moment=moment) validator = CertificateValidator(cert, other_certs, context) with pytest.raises(InvalidCertificateError, match='not valid'): await validator.async_validate_tls('google.com') @pytest.mark.asyncio async def test_basic_certificate_validator_tls_invalid_key_usage(): cert = load_cert_object('mozilla.org.crt') other_certs = [load_cert_object('digicert-sha2-secure-server-ca.crt')] moment = datetime(2019, 1, 1, 0, 0, 0, tzinfo=timezone.utc) context = ValidationContext(moment=moment) validator = CertificateValidator(cert, other_certs, context) with pytest.raises(InvalidCertificateError, match='for the purpose'): await validator.async_validate_usage({'crl_sign'}) @pytest.mark.asyncio async def test_basic_certificate_validator_tls_whitelist(): cert = load_cert_object('mozilla.org.crt') other_certs = [load_cert_object('digicert-sha2-secure-server-ca.crt')] moment = datetime(2020, 1, 1, 0, 0, 0, tzinfo=timezone.utc) context = ValidationContext( whitelisted_certs=[cert.sha1_fingerprint], moment=moment ) validator = CertificateValidator(cert, other_certs, context) # If whitelist does not work, this will raise exception for expiration await validator.async_validate_tls('www.mozilla.org') # If whitelist does not work, this will raise exception for hostname await validator.async_validate_tls('google.com') # If whitelist does not work, this will raise exception for key usage await validator.async_validate_usage({'crl_sign'}) @pytest.mark.asyncio async def test_certvalidator_with_params(): cert = load_nist_cert('ValidPolicyMappingTest12EE.crt') ca_certs = [load_nist_cert('TrustAnchorRootCertificate.crt')] other_certs = [load_nist_cert('P12Mapping1to3CACert.crt')] context = ValidationContext( trust_roots=ca_certs, other_certs=other_certs, revocation_mode="soft-fail", weak_hash_algos={'md2', 'md5'}, ) validator = CertificateValidator( cert, validation_context=context, pkix_params=PKIXValidationParams( user_initial_policy_set=frozenset(['2.16.840.1.101.3.2.1.48.1']) ), ) path = await validator.async_validate_usage(key_usage={'digital_signature'}) # check if we got the right policy processing # (i.e. if our params got through) qps = path.qualified_policies() (qp,) = qps assert 1 == len(qp.qualifiers) (qual_obj,) = qp.qualifiers assert qual_obj['policy_qualifier_id'].native == 'user_notice' assert qual_obj['qualifier']['explicit_text'].native == ( 'q7: This is the user notice from qualifier 7 associated with ' 'NIST-test-policy-3. This user notice should be displayed ' 'when NIST-test-policy-1 is in the user-constrained-policy-set' ) @pytest.mark.asyncio async def test_self_signed_with_policy(): # tests whether a corner case in the policy validation logic when the # path length is zero is handled gracefully cert = load_cert_object('self-signed-with-policy.crt') context = ValidationContext(trust_roots=[cert], allow_fetching=False) validator = CertificateValidator(cert, validation_context=context) path = await validator.async_validate_usage({'digital_signature'}) (qp,) = path.qualified_policies() # Note: the cert declares a concrete policy, but for the purposes # of PKIX validation, any policy is valid, since we're validating # a -signed certificate (so everything breaks down anyway) assert qp.user_domain_policy_id == 'any_policy' assert qp.issuer_domain_policy_id == 'any_policy' certvalidator-0.26.3/tests/test_common_utils.py000066400000000000000000000013451453642760600217500ustar00rootroot00000000000000import os import pytest from asn1crypto import cms, x509 from pyhanko_certvalidator.fetchers.common_utils import unpack_cert_content from .common import load_cert_object TESTS_ROOT = os.path.dirname(__file__) FIXTURES_DIR = os.path.join(TESTS_ROOT, 'fixtures') def test_unpack_cert_content_pkcs7_with_binary_octet_stream_alias(): with open( os.path.join(FIXTURES_DIR, 'certs_to_unpack/acserprorfbv5.p7b'), 'rb' ) as f: pkcs7_bytes = f.read() certs_returned = unpack_cert_content( response_data=pkcs7_bytes, content_type="binary/octet-stream", permit_pem=True, url="http://repositorio.serpro.gov.br/cadeias/acserprorfbv5.p7b", ) assert len(list(certs_returned)) == 3 certvalidator-0.26.3/tests/test_crl_client.py000066400000000000000000000023371453642760600213600ustar00rootroot00000000000000# coding: utf-8 import pytest from pyhanko_certvalidator.context import ValidationContext from pyhanko_certvalidator.fetchers import aiohttp_fetchers, requests_fetchers from pyhanko_certvalidator.revinfo.validate_crl import verify_crl from .common import load_cert_object from .constants import TEST_REQUEST_TIMEOUT async def _test_with_fetchers(fetchers): intermediate = load_cert_object('digicert-g5-ecc-sha384-2021-ca1.crt') root = load_cert_object('digicert-root-g5.crt') crls = await fetchers.crl_fetcher.fetch(intermediate) context = ValidationContext( trust_roots=[root], crls=crls, fetchers=fetchers ) paths = await context.path_builder.async_build_paths(intermediate) path = paths[0] await verify_crl(intermediate, path, context) @pytest.mark.asyncio async def test_fetch_crl_aiohttp(): fb = aiohttp_fetchers.AIOHttpFetcherBackend( per_request_timeout=TEST_REQUEST_TIMEOUT ) async with fb as fetchers: await _test_with_fetchers(fetchers) @pytest.mark.asyncio async def test_fetch_requests(): fetchers = requests_fetchers.RequestsFetcherBackend( per_request_timeout=TEST_REQUEST_TIMEOUT ).get_fetchers() await _test_with_fetchers(fetchers) certvalidator-0.26.3/tests/test_freshness.py000066400000000000000000000162511453642760600212420ustar00rootroot00000000000000import os from datetime import datetime, timedelta, timezone import pytest from pyhanko_certvalidator import ValidationContext from pyhanko_certvalidator.errors import PathValidationError, RevokedError from pyhanko_certvalidator.policy_decl import ( CertRevTrustPolicy, FreshnessReqType, RevocationCheckingPolicy, ) from pyhanko_certvalidator.validate import async_validate_path from .common import load_cert_object, load_crl, load_ocsp_response freshness_dir = 'freshness' certs = os.path.join('freshness', 'certs') @pytest.mark.asyncio async def test_cooldown_period_ok(): req_policy = RevocationCheckingPolicy.from_legacy('require') policy = CertRevTrustPolicy( revocation_checking_policy=req_policy, freshness=timedelta(days=3), freshness_req_type=FreshnessReqType.TIME_AFTER_SIGNATURE, ) root = load_cert_object(certs, 'root.crt') alice = load_cert_object(certs, 'alice.crt') interm = load_cert_object(certs, 'interm.crt') alice_ocsp = load_ocsp_response(freshness_dir, 'alice-2020-10-01.ors') root_crl = load_crl(freshness_dir, 'root-2020-10-01.crl') vc = ValidationContext( trust_roots=[root], other_certs=[interm], ocsps=[alice_ocsp], crls=[root_crl], revinfo_policy=policy, moment=datetime(2020, 10, 1, tzinfo=timezone.utc), best_signature_time=datetime(2020, 9, 18, tzinfo=timezone.utc), ) (path,) = await vc.path_builder.async_build_paths(alice) await async_validate_path(vc, path) @pytest.mark.asyncio async def test_cooldown_period_too_early(): req_policy = RevocationCheckingPolicy.from_legacy('require') policy = CertRevTrustPolicy( revocation_checking_policy=req_policy, freshness=timedelta(days=3), freshness_req_type=FreshnessReqType.TIME_AFTER_SIGNATURE, ) root = load_cert_object(certs, 'root.crt') alice = load_cert_object(certs, 'alice.crt') interm = load_cert_object(certs, 'interm.crt') alice_ocsp = load_ocsp_response(freshness_dir, 'alice-2020-10-01.ors') root_crl = load_crl(freshness_dir, 'root-2020-10-01.crl') vc = ValidationContext( trust_roots=[root], other_certs=[interm], ocsps=[alice_ocsp], crls=[root_crl], revinfo_policy=policy, moment=datetime(2020, 10, 1, tzinfo=timezone.utc), best_signature_time=datetime(2020, 9, 30, tzinfo=timezone.utc), ) (path,) = await vc.path_builder.async_build_paths(alice) with pytest.raises(PathValidationError, match='CRL.*recent enough'): await async_validate_path(vc, path) @pytest.mark.asyncio async def test_use_delta_ok(): req_policy = RevocationCheckingPolicy.from_legacy('require') policy = CertRevTrustPolicy( revocation_checking_policy=req_policy, freshness=timedelta(days=9), freshness_req_type=FreshnessReqType.MAX_DIFF_REVOCATION_VALIDATION, ) root = load_cert_object(certs, 'root.crt') alice = load_cert_object(certs, 'alice.crt') interm = load_cert_object(certs, 'interm.crt') alice_ocsp = load_ocsp_response(freshness_dir, 'alice-2020-10-01.ors') root_crl = load_crl(freshness_dir, 'root-2020-10-01.crl') vc = ValidationContext( trust_roots=[root], other_certs=[interm], ocsps=[alice_ocsp], crls=[root_crl], revinfo_policy=policy, moment=datetime(2020, 10, 1, tzinfo=timezone.utc), ) (path,) = await vc.path_builder.async_build_paths(alice) await async_validate_path(vc, path) @pytest.mark.asyncio async def test_use_delta_stale(): req_policy = RevocationCheckingPolicy.from_legacy('require') policy = CertRevTrustPolicy( revocation_checking_policy=req_policy, freshness=timedelta(hours=1), freshness_req_type=FreshnessReqType.MAX_DIFF_REVOCATION_VALIDATION, ) root = load_cert_object(certs, 'root.crt') alice = load_cert_object(certs, 'alice.crt') interm = load_cert_object(certs, 'interm.crt') alice_ocsp = load_ocsp_response(freshness_dir, 'alice-2020-10-01.ors') root_crl = load_crl(freshness_dir, 'root-2020-10-01.crl') vc = ValidationContext( trust_roots=[root], other_certs=[interm], ocsps=[alice_ocsp], crls=[root_crl], revinfo_policy=policy, moment=datetime(2020, 10, 1, tzinfo=timezone.utc), ) (path,) = await vc.path_builder.async_build_paths(alice) with pytest.raises(PathValidationError, match='CRL.*recent enough'): await async_validate_path(vc, path) @pytest.mark.asyncio async def test_use_most_recent(): req_policy = RevocationCheckingPolicy.from_legacy('require') policy = CertRevTrustPolicy( revocation_checking_policy=req_policy, freshness=timedelta(days=20), # some ridiculous value freshness_req_type=FreshnessReqType.MAX_DIFF_REVOCATION_VALIDATION, ) root = load_cert_object(certs, 'root.crt') alice = load_cert_object(certs, 'alice.crt') interm = load_cert_object(certs, 'interm.crt') alice_ocsp_older = load_ocsp_response(freshness_dir, 'alice-2020-11-29.ors') alice_ocsp_recent = load_ocsp_response( freshness_dir, 'alice-2020-12-10.ors' ) root_crl = load_crl(freshness_dir, 'root-2020-12-10.crl') vc = ValidationContext( trust_roots=[root], other_certs=[interm], ocsps=[alice_ocsp_older, alice_ocsp_recent], crls=[root_crl], revinfo_policy=policy, moment=datetime(2020, 12, 10, tzinfo=timezone.utc), ) (path,) = await vc.path_builder.async_build_paths(alice) with pytest.raises(RevokedError): await async_validate_path(vc, path) # Double-check: the validator should be fooled if we don't include the # second OCSP response because of the very lenient time delta allowed vc = ValidationContext( trust_roots=[root], other_certs=[interm], ocsps=[alice_ocsp_older], crls=[root_crl], revinfo_policy=policy, moment=datetime(2020, 12, 10, tzinfo=timezone.utc), ) (path,) = await vc.path_builder.async_build_paths(alice) await async_validate_path(vc, path) @pytest.mark.asyncio async def test_discard_post_validation_time(): req_policy = RevocationCheckingPolicy.from_legacy('require') policy = CertRevTrustPolicy( revocation_checking_policy=req_policy, freshness=timedelta(days=20), # some ridiculous value freshness_req_type=FreshnessReqType.MAX_DIFF_REVOCATION_VALIDATION, ) root = load_cert_object(certs, 'root.crt') alice = load_cert_object(certs, 'alice.crt') interm = load_cert_object(certs, 'interm.crt') alice_ocsp_older = load_ocsp_response(freshness_dir, 'alice-2020-11-29.ors') alice_ocsp_recent = load_ocsp_response( freshness_dir, 'alice-2020-12-10.ors' ) root_crl = load_crl(freshness_dir, 'root-2020-11-29.crl') vc = ValidationContext( trust_roots=[root], other_certs=[interm], ocsps=[alice_ocsp_older, alice_ocsp_recent], crls=[root_crl], revinfo_policy=policy, moment=datetime(2020, 11, 29, tzinfo=timezone.utc), ) (path,) = await vc.path_builder.async_build_paths(alice) await async_validate_path(vc, path) certvalidator-0.26.3/tests/test_ocsp_client.py000066400000000000000000000062241453642760600215430ustar00rootroot00000000000000# coding: utf-8 import os import pytest from asn1crypto import pem, x509 from pyhanko_certvalidator.context import ValidationContext from pyhanko_certvalidator.errors import OCSPFetchError from pyhanko_certvalidator.fetchers import aiohttp_fetchers, requests_fetchers from pyhanko_certvalidator.registry import ( CertificateRegistry, PathBuilder, SimpleTrustManager, ) from pyhanko_certvalidator.revinfo.validate_ocsp import verify_ocsp_response from .common import load_cert_object from .constants import TEST_REQUEST_TIMEOUT @pytest.mark.asyncio async def _test_with_fetchers(fetchers): intermediate = load_cert_object('digicert-g5-ecc-sha384-2021-ca1.crt') trust_roots = [load_cert_object(os.path.join('digicert-root-g5.crt'))] path_builder = PathBuilder( registry=CertificateRegistry.build(cert_fetcher=fetchers.cert_fetcher), trust_manager=SimpleTrustManager.build(trust_roots=trust_roots), ) paths = await path_builder.async_build_paths(intermediate) path = paths[0] authority = path.find_issuing_authority(intermediate) ocsp_response = await fetchers.ocsp_fetcher.fetch(intermediate, authority) context = ValidationContext( trust_roots=trust_roots, ocsps=[ocsp_response], fetchers=fetchers ) await verify_ocsp_response(intermediate, path, context) async def _test_fetch_error(fetchers): # a cert that doesn't have any OCSP URLs will always throw an error cert_file = os.path.join('testing-ca-pss', 'interm.cert.pem') intermediate = load_cert_object(cert_file) root_file = os.path.join('testing-ca-pss', 'root.cert.pem') root = load_cert_object(root_file) path_builder = PathBuilder( registry=CertificateRegistry.build(cert_fetcher=fetchers.cert_fetcher), trust_manager=SimpleTrustManager.build(trust_roots=[root]), ) paths = await path_builder.async_build_paths(intermediate) path = paths[0] authority = path.find_issuing_authority(intermediate) async def fetch_err(): with pytest.raises(OCSPFetchError): await fetchers.ocsp_fetcher.fetch(intermediate, authority) # trigger this twice, to make sure we get an error for both jobs await fetch_err() await fetch_err() @pytest.mark.asyncio async def test_fetch_ocsp_aiohttp(): fb = aiohttp_fetchers.AIOHttpFetcherBackend( per_request_timeout=TEST_REQUEST_TIMEOUT ) async with fb as fetchers: await _test_with_fetchers(fetchers) @pytest.mark.asyncio async def test_fetch_ocsp_err_aiohttp(): fb = aiohttp_fetchers.AIOHttpFetcherBackend( per_request_timeout=TEST_REQUEST_TIMEOUT ) async with fb as fetchers: await _test_fetch_error(fetchers) @pytest.mark.asyncio async def test_fetch_ocsp_requests(): fb = requests_fetchers.RequestsFetcherBackend( per_request_timeout=TEST_REQUEST_TIMEOUT ) fetchers = fb.get_fetchers() await _test_with_fetchers(fetchers) @pytest.mark.asyncio async def test_fetch_ocsp_err_requests(): fb = requests_fetchers.RequestsFetcherBackend( per_request_timeout=TEST_REQUEST_TIMEOUT ) fetchers = fb.get_fetchers() await _test_fetch_error(fetchers) certvalidator-0.26.3/tests/test_policy_proc.py000066400000000000000000000156161453642760600215700ustar00rootroot00000000000000import os import pytest from asn1crypto import x509 from pyhanko_certvalidator.authority import ( CertTrustAnchor, NamedKeyAuthority, TrustAnchor, TrustQualifiers, ) from pyhanko_certvalidator.context import ValidationContext from pyhanko_certvalidator.errors import PathValidationError from pyhanko_certvalidator.name_trees import ( GeneralNameType, x509_names_to_subtrees, ) from pyhanko_certvalidator.path import ValidationPath from pyhanko_certvalidator.policy_decl import PKIXValidationParams from pyhanko_certvalidator.validate import async_validate_path from tests.common import load_nist_cert def test_extract_policy(): # I know this isn't a CA cert, but it's a convenient one to use crt = load_nist_cert('ValidCertificatePathTest1EE.crt') anchor = CertTrustAnchor(crt, derive_default_quals_from_cert=True) params = anchor.trust_qualifiers.standard_parameters nist_test_policy = '2.16.840.1.101.3.2.1.48.1' assert params.user_initial_policy_set == {nist_test_policy} def test_extract_permitted_subtrees(): crt = load_nist_cert('nameConstraintsDN1CACert.crt') anchor = CertTrustAnchor(crt, derive_default_quals_from_cert=True) params = anchor.trust_qualifiers.standard_parameters dirname_trs = params.initial_permitted_subtrees[ GeneralNameType.DIRECTORY_NAME ] assert len(dirname_trs) == 1 (tree,) = dirname_trs expected_name = x509.Name.build( { 'organizational_unit_name': 'permittedSubtree1', 'organization_name': 'Test Certificates 2011', 'country_name': 'US', } ) assert tree.tree_base.value == expected_name @pytest.mark.asyncio async def test_validate_with_derived(): crt = load_nist_cert('nameConstraintsDN1CACert.crt') anchor = CertTrustAnchor(crt, derive_default_quals_from_cert=True) ee = load_nist_cert('InvalidDNnameConstraintsTest2EE.crt') context = ValidationContext( trust_roots=[anchor], revocation_mode='soft-fail', ) (path,) = await context.path_builder.async_build_paths(ee) assert path.pkix_len == 1 with pytest.raises(PathValidationError, match='not all names.*permitted'): await async_validate_path(context, path) @pytest.mark.asyncio async def test_validate_with_merged_permitted_subtrees(): crt = load_nist_cert('nameConstraintsDN1CACert.crt') anchor = CertTrustAnchor(crt, derive_default_quals_from_cert=True) ee = load_nist_cert('ValidDNnameConstraintsTest1EE.crt') context = ValidationContext( trust_roots=[anchor], revocation_mode='soft-fail', ) (path,) = await context.path_builder.async_build_paths(ee) assert path.pkix_len == 1 # this should be OK await async_validate_path(context, path) # merge in an extra name constraint extra_name = x509.Name.build( { 'organizational_unit_name': 'someNameYouDontHave', 'organization_name': 'Test Certificates 2011', 'country_name': 'US', } ) extra_params = PKIXValidationParams( initial_permitted_subtrees=x509_names_to_subtrees([extra_name]) ) with pytest.raises(PathValidationError, match='not all names.*permitted'): await async_validate_path(context, path, parameters=extra_params) @pytest.mark.asyncio async def test_validate_with_merged_excluded_subtrees(): crt = load_nist_cert('nameConstraintsDN3CACert.crt') anchor = CertTrustAnchor(crt, derive_default_quals_from_cert=True) ee = load_nist_cert('ValidDNnameConstraintsTest6EE.crt') context = ValidationContext( trust_roots=[anchor], revocation_mode='soft-fail', ) (path,) = await context.path_builder.async_build_paths(ee) assert path.pkix_len == 1 # this should be OK await async_validate_path(context, path) # merge in an extra name constraint extra_name = x509.Name.build( { 'organizational_unit_name': 'permittedSubtree1', 'organization_name': 'Test Certificates 2011', 'country_name': 'US', } ) extra_params = PKIXValidationParams( initial_excluded_subtrees=x509_names_to_subtrees([extra_name]) ) with pytest.raises(PathValidationError, match='some names.*excluded'): await async_validate_path(context, path, parameters=extra_params) @pytest.mark.asyncio async def test_validate_with_certless_root(): crt = load_nist_cert('nameConstraintsDN1CACert.crt') # manually build params permitted = x509.Name.build( { 'organizational_unit_name': 'permittedSubtree1', 'organization_name': 'Test Certificates 2011', 'country_name': 'US', } ) extra_params = PKIXValidationParams( initial_permitted_subtrees=x509_names_to_subtrees([permitted]) ) anchor = TrustAnchor( NamedKeyAuthority(crt.subject, crt.public_key), quals=TrustQualifiers(standard_parameters=extra_params), ) ee = load_nist_cert('ValidDNnameConstraintsTest1EE.crt') context = ValidationContext( trust_roots=[anchor], revocation_mode='soft-fail', ) (path,) = await context.path_builder.async_build_paths(ee) assert path.pkix_len == 1 assert isinstance(path.first, x509.Certificate) assert path.trust_anchor is anchor await async_validate_path(context, path, parameters=extra_params) @pytest.mark.asyncio async def test_validate_with_certless_root_failure(): crt = load_nist_cert('nameConstraintsDN1CACert.crt') # manually build params permitted = x509.Name.build( { 'organizational_unit_name': 'someNameYouDontHave', 'organization_name': 'Test Certificates 2011', 'country_name': 'US', } ) extra_params = PKIXValidationParams( initial_permitted_subtrees=x509_names_to_subtrees([permitted]) ) anchor = TrustAnchor( NamedKeyAuthority(crt.subject, crt.public_key), quals=TrustQualifiers(standard_parameters=extra_params), ) ee = load_nist_cert('ValidDNnameConstraintsTest1EE.crt') context = ValidationContext( trust_roots=[anchor], revocation_mode='soft-fail', ) (path,) = await context.path_builder.async_build_paths(ee) assert path.pkix_len == 1 assert isinstance(path.first, x509.Certificate) assert path.trust_anchor is anchor with pytest.raises(PathValidationError, match='not all names.*permitted'): await async_validate_path(context, path, parameters=extra_params) @pytest.mark.asyncio async def test_validate_empty_path_certless_root(): crt = load_nist_cert('nameConstraintsDN1CACert.crt') anchor = TrustAnchor( NamedKeyAuthority(crt.subject, crt.public_key), ) context = ValidationContext( trust_roots=[anchor], revocation_mode='soft-fail', ) trivial_path = ValidationPath(trust_anchor=anchor, interm=[], leaf=None) await async_validate_path(context, trivial_path) certvalidator-0.26.3/tests/test_registry.py000066400000000000000000000037751453642760600211210ustar00rootroot00000000000000# coding: utf-8 import pytest from pyhanko_certvalidator.fetchers.requests_fetchers import ( RequestsCertificateFetcher, ) from pyhanko_certvalidator.registry import ( CertificateRegistry, PathBuilder, SimpleTrustManager, ) from .common import load_cert_object def test_build_paths_custom_ca_certs(): cert = load_cert_object('mozilla.org.crt') other_certs = [load_cert_object('digicert-sha2-secure-server-ca.crt')] builder = PathBuilder( trust_manager=SimpleTrustManager.build(trust_roots=other_certs), registry=CertificateRegistry.build(certs=other_certs), ) paths = builder.build_paths(cert) assert 1 == len(paths) path = paths[0] assert 2 == len(path) assert [item.subject.sha1 for item in path] == [ b"\x10_\xa6z\x80\x08\x9d\xb5'\x9f5\xce\x83\x0bC\x88\x9e\xa3\xc7\r", b'I\xac\x03\xf8\xf3Km\xca)V)\xf2I\x9a\x98\xbe\x98\xdc.\x81', ] @pytest.mark.parametrize( 'domain', [ "google.com", "www.cnn.com", "microsoft.com", "southwest.com", "xuite.net", "icpedu.rnp.br", ], ) @pytest.mark.asyncio async def test_basic_certificate_validator_tls_aia(domain): # google.com -> application/pkix-cert # www.cnn.com -> application/x-x509-ca-cert # microsoft.com -> application/octet-stream (DER) # southwest.com -> application/pkcs7-mime # xuite.net -> application/x-pkcs7-certificates # icpedu.rnp.br -> binary/octet-stream (PEM, PKCS#7) icpedu_root = load_cert_object('testing-aia', 'root-icpedu.rnp.br') trust_manager = SimpleTrustManager.build( extra_trust_roots=[icpedu_root], ) cert = load_cert_object('testing-aia', domain) registry = CertificateRegistry.build( certs=(cert,), cert_fetcher=RequestsCertificateFetcher(per_request_timeout=30), ) builder = PathBuilder(trust_manager=trust_manager, registry=registry) paths = await builder.async_build_paths(end_entity_cert=cert) assert len(paths) >= 1 certvalidator-0.26.3/tests/test_validate.py000066400000000000000000000647361453642760600210460ustar00rootroot00000000000000# coding: utf-8 import json import os from dataclasses import dataclass, field from datetime import datetime from typing import Iterable, List, Optional, Type import pytest from asn1crypto import crl, ocsp, x509 from asn1crypto.util import timezone from pyhanko_certvalidator import PKIXValidationParams from pyhanko_certvalidator.authority import Authority, CertTrustAnchor from pyhanko_certvalidator.context import ValidationContext from pyhanko_certvalidator.errors import ( CertificateFetchError, CRLFetchError, InsufficientRevinfoError, OCSPFetchError, OCSPValidationError, PathValidationError, RevokedError, StaleRevinfoError, ) from pyhanko_certvalidator.fetchers import ( CertificateFetcher, CRLFetcher, FetcherBackend, Fetchers, OCSPFetcher, aiohttp_fetchers, requests_fetchers, ) from pyhanko_certvalidator.ltv.poe import POEManager from pyhanko_certvalidator.path import QualifiedPolicy, ValidationPath from pyhanko_certvalidator.policy_decl import ( DisallowWeakAlgorithmsPolicy, NonRevokedStatusAssertion, ) from pyhanko_certvalidator.registry import ( CertificateRegistry, PathBuilder, SimpleTrustManager, ) from pyhanko_certvalidator.revinfo.manager import RevinfoManager from pyhanko_certvalidator.validate import async_validate_path, validate_path from .common import ( FIXTURES_DIR, load_cert_object, load_nist_cert, load_nist_crl, load_openssl_ors, ) from .constants import TEST_REQUEST_TIMEOUT class MockOCSPFetcher(OCSPFetcher): def fetched_responses(self) -> Iterable[ocsp.OCSPResponse]: return () def fetched_responses_for_cert( self, cert: x509.Certificate ) -> Iterable[ocsp.OCSPResponse]: return () async def fetch(self, cert: x509.Certificate, authority: Authority): raise OCSPFetchError("No connection") class MockOCSPFetcherWithValidationError(MockOCSPFetcher): async def fetch(self, cert: x509.Certificate, authority: Authority): raise OCSPValidationError("Something went wrong") class MockCRLFetcher(CRLFetcher): def fetched_crls_for_cert( self, cert: x509.Certificate ) -> Iterable[crl.CertificateList]: return () def fetched_crls(self) -> Iterable[crl.CertificateList]: return () async def fetch(self, cert: x509.Certificate, *, use_deltas=None): raise CRLFetchError("No connection") class MockCertFetcher(CertificateFetcher): def fetched_certs(self) -> Iterable[x509.Certificate]: return () def fetch_cert_issuers(self, cert): return self def fetch_crl_issuers(self, certificate_list): return self def __aiter__(self): raise CertificateFetchError("No connection") class MockFetcherBackend(FetcherBackend): def get_fetchers(self) -> Fetchers: return Fetchers( ocsp_fetcher=MockOCSPFetcher(), crl_fetcher=MockCRLFetcher(), cert_fetcher=MockCertFetcher(), ) class MockFetcherBackendWithValidationError(FetcherBackend): def get_fetchers(self) -> Fetchers: return Fetchers( ocsp_fetcher=MockOCSPFetcherWithValidationError(), crl_fetcher=MockCRLFetcher(), cert_fetcher=MockCertFetcher(), ) ERR_CLASSES = { cls.__name__: cls for cls in ( PathValidationError, RevokedError, InsufficientRevinfoError, StaleRevinfoError, ) } @dataclass(frozen=True) class PKITSTestCaseErrorResult: err_class: Type[Exception] msg_regex: str def test_revocation_mode_soft(): cert = load_cert_object( 'digicert-ecc-p384-root-g5-revoked-chain-demos-digicert-com.crt' ) ca_certs = [load_cert_object('digicert-root-g5.crt')] other_certs = [ load_cert_object('digicert-g5-ecc-sha384-2021-ca1.crt'), ] context = ValidationContext( trust_roots=ca_certs, other_certs=other_certs, moment=datetime(2023, 1, 10, tzinfo=timezone.utc), allow_fetching=True, weak_hash_algos={'md2', 'md5'}, fetcher_backend=MockFetcherBackend(), ) paths = context.path_builder.build_paths(cert) assert 1 == len(paths) path = paths[0] assert 3 == len(path) validate_path(context, path) def test_revocation_mode_soft_fail(): cert = load_cert_object( 'digicert-ecc-p384-root-g5-revoked-chain-demos-digicert-com.crt' ) ca_certs = [load_cert_object('digicert-root-g5.crt')] other_certs = [ load_cert_object('digicert-g5-ecc-sha384-2021-ca1.crt'), ] context = ValidationContext( trust_roots=ca_certs, other_certs=other_certs, moment=datetime(2023, 1, 10, tzinfo=timezone.utc), allow_fetching=True, weak_hash_algos={'md2', 'md5'}, fetcher_backend=MockFetcherBackendWithValidationError(), ) paths = context.path_builder.build_paths(cert) path = paths[0] with pytest.raises(InsufficientRevinfoError, match="Something went wrong"): validate_path(context, path) @pytest.mark.skip("annoying to maintain; replace with certomancer test") def test_revocation_mode_hard(): cert = load_cert_object( 'digicert-ecc-p384-root-g5-revoked-chain-demos-digicert-com.crt' ) ca_certs = [load_cert_object('digicert-root-g5.crt')] other_certs = [ load_cert_object('digicert-g5-ecc-sha384-2021-ca1.crt'), ] context = ValidationContext( trust_roots=ca_certs, other_certs=other_certs, allow_fetching=True, revocation_mode='hard-fail', weak_hash_algos={'md2', 'md5'}, fetcher_backend=requests_fetchers.RequestsFetcherBackend( per_request_timeout=TEST_REQUEST_TIMEOUT ), ) paths = context.path_builder.build_paths(cert) assert 1 == len(paths) path = paths[0] assert 3 == len(path) expected = ( '(CRL|OCSP response) indicates the end-entity certificate was ' 'revoked at \\d\\d:\\d\\d:\\d\\d on \\d\\d\\d\\d-\\d\\d-\\d\\d' ', due to an unspecified reason' ) with pytest.raises(RevokedError, match=expected): validate_path(context, path) @pytest.mark.skip("annoying to maintain; replace with certomancer test") @pytest.mark.asyncio async def test_revocation_mode_hard_async(): cert = load_cert_object( 'digicert-ecc-p384-root-g5-revoked-chain-demos-digicert-com.crt' ) ca_certs = [load_cert_object('digicert-root-g5.crt')] other_certs = [ load_cert_object('digicert-g5-ecc-sha384-2021-ca1.crt'), ] fb = aiohttp_fetchers.AIOHttpFetcherBackend( per_request_timeout=TEST_REQUEST_TIMEOUT ) async with fb as fetchers: context = ValidationContext( trust_roots=ca_certs, other_certs=other_certs, allow_fetching=True, revocation_mode='hard-fail', weak_hash_algos={'md2', 'md5'}, fetchers=fetchers, ) paths = await context.path_builder.async_build_paths(cert) assert 1 == len(paths) path = paths[0] assert 3 == len(path) expected = ( '(CRL|OCSP response) indicates the end-entity certificate was ' 'revoked at \\d\\d:\\d\\d:\\d\\d on \\d\\d\\d\\d-\\d\\d-\\d\\d' ', due to an unspecified reason' ) with pytest.raises(RevokedError, match=expected): await async_validate_path(context, path) @pytest.mark.skip("annoying to maintain; replace with certomancer test") @pytest.mark.asyncio async def test_revocation_mode_hard_aiohttp_autofetch(): cert = load_cert_object( 'digicert-ecc-p384-root-g5-revoked-chain-demos-digicert-com.crt' ) ca_certs = [load_cert_object('digicert-root-g5.crt')] fb = aiohttp_fetchers.AIOHttpFetcherBackend( per_request_timeout=TEST_REQUEST_TIMEOUT ) async with fb as fetchers: context = ValidationContext( trust_roots=ca_certs, allow_fetching=True, revocation_mode='hard-fail', weak_hash_algos={'md2', 'md5'}, fetchers=fetchers, ) paths = await context.path_builder.async_build_paths(cert) assert 1 == len(paths) path = paths[0] assert 3 == len(path) expected = ( '(CRL|OCSP response) indicates the end-entity certificate was ' 'revoked at \\d\\d:\\d\\d:\\d\\d on \\d\\d\\d\\d-\\d\\d-\\d\\d' ', due to an unspecified reason' ) with pytest.raises(RevokedError, match=expected): await async_validate_path(context, path) @pytest.mark.skip("annoying to maintain; replace with certomancer test") @pytest.mark.asyncio async def test_revocation_mode_hard_requests_autofetch(): cert = load_cert_object( 'digicert-ecc-p384-root-g5-revoked-chain-demos-digicert-com.crt' ) ca_certs = [load_cert_object('digicert-root-g5.crt')] fb = requests_fetchers.RequestsFetcherBackend( per_request_timeout=TEST_REQUEST_TIMEOUT ) async with fb as fetchers: context = ValidationContext( trust_roots=ca_certs, allow_fetching=True, revocation_mode='hard-fail', weak_hash_algos={'md2', 'md5'}, fetchers=fetchers, ) paths = await context.path_builder.async_build_paths(cert) assert 1 == len(paths) path = paths[0] assert 3 == len(path) expected = ( '(CRL|OCSP response) indicates the end-entity certificate was ' 'revoked at \\d\\d:\\d\\d:\\d\\d on \\d\\d\\d\\d-\\d\\d-\\d\\d' ', due to an unspecified reason' ) with pytest.raises(RevokedError, match=expected): await async_validate_path(context, path) def test_rsassa_pss(): cert = load_cert_object('testing-ca-pss', 'signer1.cert.pem') ca_certs = [load_cert_object('testing-ca-pss', 'root.cert.pem')] other_certs = [load_cert_object('testing-ca-pss', 'interm.cert.pem')] moment = datetime(2021, 5, 3, tzinfo=timezone.utc) context = ValidationContext( trust_roots=ca_certs, other_certs=other_certs, allow_fetching=False, moment=moment, revocation_mode='soft-fail', weak_hash_algos={'md2', 'md5'}, ) paths = context.path_builder.build_paths(cert) assert 1 == len(paths) path = paths[0] assert 3 == len(path) validate_path(context, path) def test_rsassa_pss_exclusive(): cert = load_cert_object('testing-ca-pss-exclusive', 'signer1.cert.pem') ca_certs = [load_cert_object('testing-ca-pss-exclusive', 'root.cert.pem')] other_certs = [ load_cert_object('testing-ca-pss-exclusive', 'interm.cert.pem') ] moment = datetime(2021, 5, 3, tzinfo=timezone.utc) context = ValidationContext( trust_roots=ca_certs, other_certs=other_certs, allow_fetching=False, moment=moment, revocation_mode='soft-fail', weak_hash_algos={'md2', 'md5'}, ) paths = context.path_builder.build_paths(cert) assert 1 == len(paths) path = paths[0] assert 3 == len(path) validate_path(context, path) def test_ed25519(): cert = load_cert_object('testing-ca-ed25519', 'signer.cert.pem') ca_certs = [load_cert_object('testing-ca-ed25519', 'root.cert.pem')] other_certs = [load_cert_object('testing-ca-ed25519', 'interm.cert.pem')] context = ValidationContext( trust_roots=ca_certs, other_certs=other_certs, allow_fetching=False, revocation_mode='soft-fail', weak_hash_algos={'md2', 'md5'}, moment=datetime(2020, 11, 1, tzinfo=timezone.utc), ) paths = context.path_builder.build_paths(cert) assert 1 == len(paths) path = paths[0] assert 3 == len(path) validate_path(context, path) def test_ed448(): cert = load_cert_object('testing-ca-ed448', 'signer.cert.pem') ca_certs = [load_cert_object('testing-ca-ed448', 'root.cert.pem')] other_certs = [load_cert_object('testing-ca-ed448', 'interm.cert.pem')] context = ValidationContext( trust_roots=ca_certs, other_certs=other_certs, allow_fetching=False, revocation_mode='soft-fail', weak_hash_algos={'md2', 'md5'}, moment=datetime(2020, 11, 1, tzinfo=timezone.utc), ) paths = context.path_builder.build_paths(cert) assert 1 == len(paths) path = paths[0] assert 3 == len(path) validate_path(context, path) def test_assert_no_revinfo_needed_by_fiat(): cert = load_cert_object('testing-ca-pss', 'signer1.cert.pem') ca_certs = [load_cert_object('testing-ca-pss', 'root.cert.pem')] other_certs = [load_cert_object('testing-ca-pss', 'interm.cert.pem')] moment = datetime(2021, 5, 3, tzinfo=timezone.utc) assertion = NonRevokedStatusAssertion(cert.sha256, moment) revinfo_manager = RevinfoManager( certificate_registry=CertificateRegistry.build(), poe_manager=POEManager(), crls=(), ocsps=(), assertions=(assertion,), ) context = ValidationContext( trust_roots=ca_certs, other_certs=other_certs, allow_fetching=False, moment=moment, revocation_mode='require', # turn on strict revinfovalidation revinfo_manager=revinfo_manager, ) paths = context.path_builder.build_paths(cert) assert 1 == len(paths) path = paths[0] assert 3 == len(path) validate_path(context, path) def test_multitasking_ocsp(): # regression test for case where the same responder ID (name + key ID) # is used in OCSP responses for different issuers in the same chain of # trust ors_dir = os.path.join(FIXTURES_DIR, 'multitasking-ocsp') with open(os.path.join(ors_dir, 'ocsp-resp-alice.der'), 'rb') as ocspin: ocsp_resp_alice = ocsp.OCSPResponse.load(ocspin.read()) with open(os.path.join(ors_dir, 'ocsp-resp-interm.der'), 'rb') as ocspin: ocsp_resp_interm = ocsp.OCSPResponse.load(ocspin.read()) vc = ValidationContext( trust_roots=[ load_cert_object('multitasking-ocsp', 'root.cert.pem'), ], other_certs=[load_cert_object('multitasking-ocsp', 'interm.cert.pem')], revocation_mode='hard-fail', allow_fetching=False, ocsps=[ocsp_resp_interm, ocsp_resp_alice], moment=datetime(2021, 8, 19, 12, 20, 44, tzinfo=timezone.utc), ) cert = load_cert_object('multitasking-ocsp', 'alice.cert.pem') paths = vc.path_builder.build_paths(cert) assert 1 == len(paths) path = paths[0] assert 3 == len(path) validate_path(vc, path) @dataclass(frozen=True) class OCSPTestCase: name: str roots: List[x509.Certificate] cert: x509.Certificate ocsps: List[ocsp.OCSPResponse] path_len: int moment: datetime other_certs: List[x509.Certificate] = field(default_factory=list) expected_error: Optional[PKITSTestCaseErrorResult] = None @classmethod def from_json(cls, obj: dict): roots = [load_cert_object('openssl-ocsp', obj['root'])] kwargs = dict( name=obj['name'], cert=load_cert_object('openssl-ocsp', obj['cert']), path_len=int(obj['path_len']), moment=datetime.fromisoformat(obj['moment']), roots=roots, ) kwargs['ocsps'] = [ load_openssl_ors(filename) for filename in obj['ocsps'] ] if 'other_certs' in obj: kwargs['other_certs'] = [ load_cert_object('openssl-ocsp', filename) for filename in obj['other_certs'] ] if 'error' in obj: kwargs['expected_error'] = PKITSTestCaseErrorResult( ERR_CLASSES[obj['error']['class']], obj['error']['msg_regex'] ) return OCSPTestCase(**kwargs) def read_openssl_ocsp_test_params(): data_path = os.path.join(FIXTURES_DIR, 'openssl-ocsp', 'openssl-ocsp.json') with open(data_path, 'r') as inf: cases = json.load(inf) return [OCSPTestCase.from_json(obj) for obj in cases] @pytest.mark.parametrize( "test_case", read_openssl_ocsp_test_params(), ids=lambda case: case.name ) def test_openssl_ocsp(test_case: OCSPTestCase): context = ValidationContext( trust_roots=test_case.roots, other_certs=test_case.other_certs, moment=test_case.moment, ocsps=test_case.ocsps, weak_hash_algos={'md2', 'md5'}, ) paths = context.path_builder.build_paths(test_case.cert) assert 1 == len(paths) path = paths[0] assert test_case.path_len == len(path) err = test_case.expected_error if err: with pytest.raises(err.err_class, match=err.msg_regex): validate_path(context, path) else: validate_path(context, path) def parse_pkix_params(obj: dict): kwargs = {} if 'user_initial_policy_set' in obj: kwargs['user_initial_policy_set'] = frozenset( obj['user_initial_policy_set'] ) kwargs['initial_policy_mapping_inhibit'] = bool( obj.get('initial_policy_mapping_inhibit', False) ) kwargs['initial_explicit_policy'] = bool( obj.get('initial_explicit_policy', False) ) kwargs['initial_any_policy_inhibit'] = bool( obj.get('initial_any_policy_inhibit', False) ) return PKIXValidationParams(**kwargs) @dataclass(frozen=True) class CannedTestInfo: test_id: int test_name: str def __str__(self): return f"{self.test_id} ({self.test_name})" @dataclass(frozen=True) class PKITSTestCase: test_info: CannedTestInfo cert: x509.Certificate roots: List[x509.Certificate] crls: List[crl.CertificateList] path_len: int path: Optional[ValidationPath] = None check_revocation: bool = True other_certs: List[x509.Certificate] = field(default_factory=list) expected_error: Optional[PKITSTestCaseErrorResult] = None pkix_params: Optional[PKIXValidationParams] = None @classmethod def from_json(cls, obj: dict): root = load_nist_cert('TrustAnchorRootCertificate.crt') crls = [load_nist_crl('TrustAnchorRootCRL.crl')] if 'crls' in obj: crls.extend(load_nist_crl(crl_path) for crl_path in obj['crls']) cert = load_nist_cert(obj['cert']) kwargs = dict( test_info=CannedTestInfo( test_id=int(obj['id']), test_name=obj['name'], ), cert=cert, path_len=int(obj['path_len']), check_revocation=bool(obj.get('revocation', True)), roots=[root], crls=crls, ) kwargs['crls'] = crls if 'other_certs' in obj: kwargs['other_certs'] = [ load_nist_cert(cert_path) for cert_path in obj['other_certs'] ] if 'path_intermediates' in obj: # -> prebuild the path as indicated in the test spec kwargs['path'] = ValidationPath( trust_anchor=CertTrustAnchor(root), interm=( load_nist_cert(cert_path) for cert_path in obj['path_intermediates'] ), leaf=cert, ) if 'params' in obj: kwargs['pkix_params'] = parse_pkix_params(obj['params']) if 'error' in obj: kwargs['expected_error'] = PKITSTestCaseErrorResult( ERR_CLASSES[obj['error']['class']], obj['error']['msg_regex'] ) return PKITSTestCase(**kwargs) def read_pkits_test_params(): data_path = os.path.join(FIXTURES_DIR, 'nist_pkits', 'pkits.json') with open(data_path, 'r') as inf: cases = json.load(inf) return [PKITSTestCase.from_json(obj) for obj in cases] @pytest.mark.parametrize( 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) ) def test_nist_pkits(test_case: PKITSTestCase): revocation_mode = "require" if test_case.check_revocation else "hard-fail" context = ValidationContext( trust_roots=test_case.roots, other_certs=test_case.other_certs, crls=test_case.crls, revocation_mode=revocation_mode, # adjust default algo policy to pass NIST tests algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 ), ) if test_case.path is None: paths = context.path_builder.build_paths(test_case.cert) assert 1 == len(paths) path: ValidationPath = paths[0] else: path = test_case.path assert test_case.path_len == len(path) err = test_case.expected_error params = test_case.pkix_params if err is not None: with pytest.raises(err.err_class, match=err.msg_regex): validate_path(context, path, parameters=params) else: validate_path(context, path, parameters=params) # sanity check if params is not None and params.user_initial_policy_set != { 'any_policy' }: qps = path.qualified_policies() if qps is not None: for pol in qps: assert ( pol.user_domain_policy_id in params.user_initial_policy_set ) @dataclass(frozen=True) class PKITSUserNoticeTestCase: test_info: CannedTestInfo cert: x509.Certificate roots: List[x509.Certificate] crls: List[crl.CertificateList] notice: str other_certs: List[x509.Certificate] = field(default_factory=list) pkix_params: Optional[PKIXValidationParams] = None @classmethod def from_json(cls, obj: dict): roots = [load_nist_cert('TrustAnchorRootCertificate.crt')] crls = [load_nist_crl('TrustAnchorRootCRL.crl')] if 'crls' in obj: crls.extend(load_nist_crl(crl_path) for crl_path in obj['crls']) kwargs = dict( test_info=CannedTestInfo( test_id=int(obj['id']), test_name=obj['name'], ), cert=load_nist_cert(obj['cert']), roots=roots, crls=crls, notice=obj['notice'], ) kwargs['crls'] = crls if 'other_certs' in obj: kwargs['other_certs'] = [ load_nist_cert(cert_path) for cert_path in obj['other_certs'] ] if 'params' in obj: kwargs['pkix_params'] = parse_pkix_params(obj['params']) return PKITSUserNoticeTestCase(**kwargs) def read_pkits_user_notice_test_params(): data_path = os.path.join( FIXTURES_DIR, 'nist_pkits', 'pkits-user-notice.json' ) with open(data_path, 'r') as inf: cases = json.load(inf) return [PKITSUserNoticeTestCase.from_json(obj) for obj in cases] @pytest.mark.parametrize( 'test_case', read_pkits_user_notice_test_params(), ids=lambda case: str(case.test_info), ) def test_nist_pkits_user_notice(test_case: PKITSUserNoticeTestCase): context = ValidationContext( trust_roots=test_case.roots, other_certs=test_case.other_certs, crls=test_case.crls, revocation_mode="require", weak_hash_algos={'md2', 'md5'}, ) paths = context.path_builder.build_paths(test_case.cert) assert 1 == len(paths) path: ValidationPath = paths[0] validate_path(context, path, parameters=test_case.pkix_params) qps = path.qualified_policies() assert 1 == len(qps) qp: QualifiedPolicy (qp,) = qps assert 1 == len(qp.qualifiers) (qual_obj,) = qp.qualifiers assert qual_obj['policy_qualifier_id'].native == 'user_notice' assert qual_obj['qualifier']['explicit_text'].native == test_case.notice def test_408020_cps_pointer_qualifier_test20(): cert = load_nist_cert('CPSPointerQualifierTest20EE.crt') ca_certs = [load_nist_cert('TrustAnchorRootCertificate.crt')] other_certs = [load_nist_cert('GoodCACert.crt')] crls = [ load_nist_crl('GoodCACRL.crl'), load_nist_crl('TrustAnchorRootCRL.crl'), ] context = ValidationContext( trust_roots=ca_certs, other_certs=other_certs, crls=crls, revocation_mode="require", weak_hash_algos={'md2', 'md5'}, ) paths = context.path_builder.build_paths(cert) assert 1 == len(paths) path: ValidationPath = paths[0] validate_path(context, path) qps = path.qualified_policies() assert 1 == len(qps) qp: QualifiedPolicy (qp,) = qps assert 1 == len(qp.qualifiers) (qual_obj,) = qp.qualifiers assert ( qual_obj['policy_qualifier_id'].native == 'certification_practice_statement' ) assert qual_obj['qualifier'].native == ( 'http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/' 'pki_registration.html#PKITest' ) class MockRequestsCertificateFetcher( requests_fetchers.RequestsCertificateFetcher ): def __init__(self, *args, order, **kwargs): super().__init__(*args, **kwargs) self.order = order async def fetch_certs(self, *args, **kwargs) -> Iterable[x509.Certificate]: root_ca = load_cert_object('testing-aia', 'brazilian_root_ca_v5') middle_ca = load_cert_object('testing-aia', 'ca_brazilian_fro_v4') end_ca = load_cert_object('testing-aia', 'ca_serprorfbv5') certs = {'root': root_ca, 'middle': middle_ca, 'end': end_ca} return [ certs[self.order[0]], certs[self.order[1]], certs[self.order[2]], ] @pytest.mark.parametrize( 'cert_order', [ ('root', 'middle', 'end'), ('root', 'end', 'middle'), ('middle', 'root', 'end'), ('middle', 'end', 'root'), ('root', 'end', 'middle'), ('root', 'middle', 'end'), ], ) @pytest.mark.asyncio async def test_building_trust_path_with_pkcs7_in_different_orders(cert_order): trust_path = [ 'Autoridade Certificadora Raiz Brasileira v5', 'AC Secretaria da Receita Federal do Brasil v4', 'Autoridade Certificadora SERPRORFBv5', ] serpro_root = load_cert_object('testing-aia', 'brazilian_root_ca_v5') trust_manager = SimpleTrustManager.build( extra_trust_roots=[serpro_root], ) cert = load_cert_object('testing-aia', 'repositorio.serpro.gov.br') registry = CertificateRegistry.build( certs=(cert,), cert_fetcher=MockRequestsCertificateFetcher(order=cert_order), ) builder = PathBuilder(trust_manager=trust_manager, registry=registry) paths = await builder.async_build_paths(end_entity_cert=cert) paths_common_name = [ [ authority.name.native['common_name'] for authority in path.iter_authorities() ] for path in paths ] assert trust_path in paths_common_name