Index: net/data/parse_ocsp_unittest/ocsp_sign_bad_indirect.pem |
diff --git a/net/data/parse_ocsp_unittest/ocsp_sign_bad_indirect.pem b/net/data/parse_ocsp_unittest/ocsp_sign_bad_indirect.pem |
new file mode 100644 |
index 0000000000000000000000000000000000000000..308d2c7d4237dd9682758a50ddefe210667a67a6 |
--- /dev/null |
+++ b/net/data/parse_ocsp_unittest/ocsp_sign_bad_indirect.pem |
@@ -0,0 +1,163 @@ |
+Signed through an intermediate without the correct key usage |
+$ openssl asn1parse -i < [OCSP RESPONSE] |
+ 0:d=0 hl=4 l= 750 cons: SEQUENCE |
+ 4:d=1 hl=2 l= 1 prim: ENUMERATED :00 |
+ 7:d=1 hl=4 l= 743 cons: cont [ 0 ] |
+ 11:d=2 hl=4 l= 739 cons: SEQUENCE |
+ 15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response |
+ 26:d=3 hl=4 l= 724 prim: OCTET STRING |
+ 0:d=0 hl=4 l= 720 cons: SEQUENCE |
+ 4:d=1 hl=3 l= 135 cons: SEQUENCE |
+ 7:d=2 hl=2 l= 35 cons: cont [ 1 ] |
+ 9:d=3 hl=2 l= 33 cons: SEQUENCE |
+ 11:d=4 hl=2 l= 31 cons: SET |
+ 13:d=5 hl=2 l= 29 cons: SEQUENCE |
+ 15:d=6 hl=2 l= 3 prim: OBJECT :commonName |
+ 20:d=6 hl=2 l= 22 prim: PRINTABLESTRING :Test False OCSP Signer |
+ 44:d=2 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z |
+ 61:d=2 hl=2 l= 79 cons: SEQUENCE |
+ 63:d=3 hl=2 l= 77 cons: SEQUENCE |
+ 65:d=4 hl=2 l= 56 cons: SEQUENCE |
+ 67:d=5 hl=2 l= 7 cons: SEQUENCE |
+ 69:d=6 hl=2 l= 5 prim: OBJECT :sha1 |
+ 76:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:02FF75DA24DE8ADD150FAB689DCCE6E6636D0901 |
+ 98:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7735ACB4DFE7B9DC8259381B7EEDF0882B973534 |
+ 120:d=5 hl=2 l= 1 prim: INTEGER :03 |
+ 123:d=4 hl=2 l= 0 prim: cont [ 0 ] |
+ 125:d=4 hl=2 l= 15 prim: GENERALIZEDTIME :20160304164002Z |
+ 142:d=1 hl=2 l= 13 cons: SEQUENCE |
+ 144:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption |
+ 155:d=2 hl=2 l= 0 prim: NULL |
+ 157:d=1 hl=3 l= 129 prim: BIT STRING |
+ 289:d=1 hl=4 l= 431 cons: cont [ 0 ] |
+ 293:d=2 hl=4 l= 427 cons: SEQUENCE |
+ 297:d=3 hl=4 l= 423 cons: SEQUENCE |
+ 301:d=4 hl=4 l= 272 cons: SEQUENCE |
+ 305:d=5 hl=2 l= 3 cons: cont [ 0 ] |
+ 307:d=6 hl=2 l= 1 prim: INTEGER :02 |
+ 310:d=5 hl=2 l= 1 prim: INTEGER :02 |
+ 313:d=5 hl=2 l= 13 cons: SEQUENCE |
+ 315:d=6 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption |
+ 326:d=6 hl=2 l= 0 prim: NULL |
+ 328:d=5 hl=2 l= 18 cons: SEQUENCE |
+ 330:d=6 hl=2 l= 16 cons: SET |
+ 332:d=7 hl=2 l= 14 cons: SEQUENCE |
+ 334:d=8 hl=2 l= 3 prim: OBJECT :commonName |
+ 339:d=8 hl=2 l= 7 prim: PRINTABLESTRING :Test CA |
+ 348:d=5 hl=2 l= 30 cons: SEQUENCE |
+ 350:d=6 hl=2 l= 13 prim: UTCTIME :160304214002Z |
+ 365:d=6 hl=2 l= 13 prim: UTCTIME :260302214002Z |
+ 380:d=5 hl=2 l= 33 cons: SEQUENCE |
+ 382:d=6 hl=2 l= 31 cons: SET |
+ 384:d=7 hl=2 l= 29 cons: SEQUENCE |
+ 386:d=8 hl=2 l= 3 prim: OBJECT :commonName |
+ 391:d=8 hl=2 l= 22 prim: PRINTABLESTRING :Test False OCSP Signer |
+ 415:d=5 hl=3 l= 159 cons: SEQUENCE |
+ 418:d=6 hl=2 l= 13 cons: SEQUENCE |
+ 420:d=7 hl=2 l= 9 prim: OBJECT :rsaEncryption |
+ 431:d=7 hl=2 l= 0 prim: NULL |
+ 433:d=6 hl=3 l= 141 prim: BIT STRING |
+ 577:d=4 hl=2 l= 13 cons: SEQUENCE |
+ 579:d=5 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption |
+ 590:d=5 hl=2 l= 0 prim: NULL |
+ 592:d=4 hl=3 l= 129 prim: BIT STRING |
+-----BEGIN OCSP RESPONSE----- |
+MIIC7goBAKCCAucwggLjBgkrBgEFBQcwAQEEggLUMIIC0DCBh6EjMCExHzAdBgNVBAMTFlRlc3Q |
+gRmFsc2UgT0NTUCBTaWduZXIYDzIwMTYwMzA0MTY0MDAyWjBPME0wODAHBgUrDgMCGgQUAv912i |
+Teit0VD6tonczm5mNtCQEEFHc1rLTf57ncglk4G37t8IgrlzU0AgEDgAAYDzIwMTYwMzA0MTY0M |
+DAyWjANBgkqhkiG9w0BAQUFAAOBgQBUbTwYMCKST8shnSN4BIA6rdPZn+kUZF2hEWLqY7A0Ru1H |
+OaAd4idxtPIfb7nzydt3gXuaI1lgjT5F9Choe99e20X2+xkZpnnzoN5OKeUhiK08I8azqGHsxfC |
+hWlrAASXdA7iwld5dGbw+RlNHB4nrAuknAUdTHFGdiP7x7TBhNaCCAa8wggGrMIIBpzCCARCgAw |
+IBAgIBAjANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE2MDMwNDIxNDAwM |
+loXDTI2MDMwMjIxNDAwMlowITEfMB0GA1UEAxMWVGVzdCBGYWxzZSBPQ1NQIFNpZ25lcjCBnzAN |
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApn44UGWdpvHcClqexVMmT8yIGg8DjLaZzDMT4YktTYs |
+Df011huQhUoNNOHbVR+zveTORiw+J+Xe2fvz10E35Fp8hrdc2BUXPywcIwGMBAqw4Xfn065B0it |
+sUg8AYm4yPTL0/TPXFKj4LF5TbGdOlYD/hQgzehtvsPLEfCPLy6IsCAwEAATANBgkqhkiG9w0BA |
+QUFAAOBgQCU24MnAyNiaNesmlQRj9sZSBERuSddMWKsLlXBMs4k3iVJBq92wxOcj3YCk84dFttM |
+nj5hEKVnVxzHDTSGjOWLvzJtj7y8CjQ2CS1xkB1c1xrnsYXjQLqWSSIwUFIxC926BsTMIU7zOs/ |
+mjO7GAm4CJhP9MYGPwv3Yy4g66I+HUA== |
+-----END OCSP RESPONSE----- |
+ |
+$ openssl asn1parse -i < [CA CERTIFICATE] |
+ 0:d=0 hl=4 l= 408 cons: SEQUENCE |
+ 4:d=1 hl=4 l= 257 cons: SEQUENCE |
+ 8:d=2 hl=2 l= 3 cons: cont [ 0 ] |
+ 10:d=3 hl=2 l= 1 prim: INTEGER :02 |
+ 13:d=2 hl=2 l= 1 prim: INTEGER :00 |
+ 16:d=2 hl=2 l= 13 cons: SEQUENCE |
+ 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption |
+ 29:d=3 hl=2 l= 0 prim: NULL |
+ 31:d=2 hl=2 l= 18 cons: SEQUENCE |
+ 33:d=3 hl=2 l= 16 cons: SET |
+ 35:d=4 hl=2 l= 14 cons: SEQUENCE |
+ 37:d=5 hl=2 l= 3 prim: OBJECT :commonName |
+ 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA |
+ 51:d=2 hl=2 l= 30 cons: SEQUENCE |
+ 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z |
+ 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z |
+ 83:d=2 hl=2 l= 18 cons: SEQUENCE |
+ 85:d=3 hl=2 l= 16 cons: SET |
+ 87:d=4 hl=2 l= 14 cons: SEQUENCE |
+ 89:d=5 hl=2 l= 3 prim: OBJECT :commonName |
+ 94:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA |
+ 103:d=2 hl=3 l= 159 cons: SEQUENCE |
+ 106:d=3 hl=2 l= 13 cons: SEQUENCE |
+ 108:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption |
+ 119:d=4 hl=2 l= 0 prim: NULL |
+ 121:d=3 hl=3 l= 141 prim: BIT STRING |
+ 265:d=1 hl=2 l= 13 cons: SEQUENCE |
+ 267:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption |
+ 278:d=2 hl=2 l= 0 prim: NULL |
+ 280:d=1 hl=3 l= 129 prim: BIT STRING |
+-----BEGIN CA CERTIFICATE----- |
+MIIBmDCCAQGgAwIBAgIBADANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE |
+2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowEjEQMA4GA1UEAxMHVGVzdCBDQTCBnzANBgkqhk |
+iG9w0BAQEFAAOBjQAwgYkCgYEAxN8IR7ey6jTVUyS6kkCqt2x9/mxnRz77Py6Kwdm3P9jqIwqrC |
+RuqAXfC5QcyeyUaXKCc49bmL7cy64UowTrnIjyqiYOX0VO6t3ZdKcy2/8U2uwdL5oZPlBkpI6mU |
+7vl+3rKbKkNPNPLv8apwFF1zIHUm1tund152PlMAWQu6rmUCAwEAATANBgkqhkiG9w0BAQUFAAO |
+BgQCYaWdjhx0ARGhs1Dj1N6RXIf0U669nJcx0XkuC/yL5Ji16cjI1s76arVjGK7OPZ011x4/gNM |
+RLj31wyxKsfg3qQdlYkVl89CwtA+KxghQoRhD8cSWY1aOQcm4hM11HE5t5VyNbheSOBVwoOb8wO |
+cgZFERfCNWbcx2a3WYVJCGoUw== |
+-----END CA CERTIFICATE----- |
+ |
+$ openssl asn1parse -i < [CERTIFICATE] |
+ 0:d=0 hl=4 l= 410 cons: SEQUENCE |
+ 4:d=1 hl=4 l= 259 cons: SEQUENCE |
+ 8:d=2 hl=2 l= 3 cons: cont [ 0 ] |
+ 10:d=3 hl=2 l= 1 prim: INTEGER :02 |
+ 13:d=2 hl=2 l= 1 prim: INTEGER :03 |
+ 16:d=2 hl=2 l= 13 cons: SEQUENCE |
+ 18:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption |
+ 29:d=3 hl=2 l= 0 prim: NULL |
+ 31:d=2 hl=2 l= 18 cons: SEQUENCE |
+ 33:d=3 hl=2 l= 16 cons: SET |
+ 35:d=4 hl=2 l= 14 cons: SEQUENCE |
+ 37:d=5 hl=2 l= 3 prim: OBJECT :commonName |
+ 42:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Test CA |
+ 51:d=2 hl=2 l= 30 cons: SEQUENCE |
+ 53:d=3 hl=2 l= 13 prim: UTCTIME :160304214002Z |
+ 68:d=3 hl=2 l= 13 prim: UTCTIME :260302214002Z |
+ 83:d=2 hl=2 l= 20 cons: SEQUENCE |
+ 85:d=3 hl=2 l= 18 cons: SET |
+ 87:d=4 hl=2 l= 16 cons: SEQUENCE |
+ 89:d=5 hl=2 l= 3 prim: OBJECT :commonName |
+ 94:d=5 hl=2 l= 9 prim: PRINTABLESTRING :Test Cert |
+ 105:d=2 hl=3 l= 159 cons: SEQUENCE |
+ 108:d=3 hl=2 l= 13 cons: SEQUENCE |
+ 110:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption |
+ 121:d=4 hl=2 l= 0 prim: NULL |
+ 123:d=3 hl=3 l= 141 prim: BIT STRING |
+ 267:d=1 hl=2 l= 13 cons: SEQUENCE |
+ 269:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption |
+ 280:d=2 hl=2 l= 0 prim: NULL |
+ 282:d=1 hl=3 l= 129 prim: BIT STRING |
+-----BEGIN CERTIFICATE----- |
+MIIBmjCCAQOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdUZXN0IENBMB4XDTE |
+2MDMwNDIxNDAwMloXDTI2MDMwMjIxNDAwMlowFDESMBAGA1UEAxMJVGVzdCBDZXJ0MIGfMA0GCS |
+qGSIb3DQEBAQUAA4GNADCBiQKBgQCynU7qbknY0uuN2uYvVj9/UeLaZ+GTuIICagyaSvwhDdEFI |
+ieSELYv5c3TlrIzAzuMlx78eOuhyxyL5SqDe1+YrD4tsHTMoWhSsmjRmKHpxfVScPwgBvnZ3i5d |
+jS/iLKlvoTnH8qPE2QC+B2GgoU8HFEaVg5jI1NACo5gh75ZAawIDAQABMA0GCSqGSIb3DQEBBQU |
+AA4GBAHSL52wcNMvGbcbSI3fZd9ckcx2Kgor0/FZOcjWFaI877E9ok7TGk1uwy5QsTcRZdEuCsl |
+3Ph9kpZYkiB6JIGrEzvmE5Nmv8VmYtEAX4F1JX6WPETlRR95fA4D4WmHNb2bxBy8bP9wLpced2V |
+42JEeS36VZs/yhLupvaLx9PcRwM |
+-----END CERTIFICATE----- |