зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1523175 - land NSS a306d84e4c70 UPGRADE_NSS_RELEASE, r=me
--HG-- extra : rebase_source : bef6e6945c8f62707a5daa51bd1a1092769c9c20
This commit is contained in:
Родитель
24aacfe9a4
Коммит
129044424e
|
@ -99,6 +99,12 @@ static const struct CertAuthorityHash ROOT_TABLE[] = {
|
|||
0x1B, 0xB4, 0xAF, 0xAC, 0xF0, 0xAA, 0x9A, 0x58, 0xB5, 0xD5, 0x7A, 0x33, 0x8A, 0x3A, 0xFB, 0xCB },
|
||||
51 /* Bin Number */
|
||||
},
|
||||
{
|
||||
/* emSign_Root_CA___C1 */
|
||||
{ 0x12, 0x56, 0x09, 0xAA, 0x30, 0x1D, 0xA0, 0xA2, 0x49, 0xB9, 0x7A, 0x82, 0x39, 0xCB, 0x6A, 0x34,
|
||||
0x21, 0x6F, 0x44, 0xDC, 0xAC, 0x9F, 0x39, 0x54, 0xB1, 0x42, 0x92, 0xF2, 0xE8, 0xC8, 0x60, 0x8F },
|
||||
208 /* Bin Number */
|
||||
},
|
||||
{
|
||||
/* Global_Chambersign_Root___2008 */
|
||||
{ 0x13, 0x63, 0x35, 0x43, 0x93, 0x34, 0xA7, 0x69, 0x80, 0x16, 0xA0, 0xD3, 0x24, 0xDE, 0x72, 0x28,
|
||||
|
@ -309,6 +315,12 @@ static const struct CertAuthorityHash ROOT_TABLE[] = {
|
|||
0x8F, 0xF6, 0x1E, 0x17, 0x08, 0xDF, 0x68, 0x81, 0x72, 0x48, 0x49, 0xCD, 0x5D, 0x27, 0xCB, 0x69 },
|
||||
30 /* Bin Number */
|
||||
},
|
||||
{
|
||||
/* emSign_Root_CA___G1 */
|
||||
{ 0x40, 0xF6, 0xAF, 0x03, 0x46, 0xA9, 0x9A, 0xA1, 0xCD, 0x1D, 0x55, 0x5A, 0x4E, 0x9C, 0xCE, 0x62,
|
||||
0xC7, 0xF9, 0x63, 0x46, 0x03, 0xEE, 0x40, 0x66, 0x15, 0x83, 0x3D, 0xC8, 0xC8, 0xD0, 0x03, 0x67 },
|
||||
206 /* Bin Number */
|
||||
},
|
||||
{
|
||||
/* OISTE_WISeKey_Global_Root_GA_CA */
|
||||
{ 0x41, 0xC9, 0x23, 0x86, 0x6A, 0xB4, 0xCA, 0xD6, 0xB7, 0xAD, 0x57, 0x80, 0x81, 0x58, 0x2E, 0x02,
|
||||
|
@ -447,6 +459,12 @@ static const struct CertAuthorityHash ROOT_TABLE[] = {
|
|||
0x5A, 0x5B, 0x2B, 0x45, 0x7D, 0x81, 0xF3, 0x69, 0x2B, 0x61, 0x0A, 0x98, 0x67, 0x2F, 0x0E, 0x1B },
|
||||
139 /* Bin Number */
|
||||
},
|
||||
{
|
||||
/* Hongkong_Post_Root_CA_3 */
|
||||
{ 0x5A, 0x2F, 0xC0, 0x3F, 0x0C, 0x83, 0xB0, 0x90, 0xBB, 0xFA, 0x40, 0x60, 0x4B, 0x09, 0x88, 0x44,
|
||||
0x6C, 0x76, 0x36, 0x18, 0x3D, 0xF9, 0x84, 0x6E, 0x17, 0x10, 0x1A, 0x44, 0x7F, 0xB8, 0xEF, 0xD6 },
|
||||
210 /* Bin Number */
|
||||
},
|
||||
{
|
||||
/* TrustCor_ECA_1 */
|
||||
{ 0x5A, 0x88, 0x5D, 0xB1, 0x9C, 0x01, 0xD9, 0x12, 0xC5, 0x75, 0x93, 0x88, 0x93, 0x8C, 0xAF, 0xBB,
|
||||
|
@ -657,6 +675,12 @@ static const struct CertAuthorityHash ROOT_TABLE[] = {
|
|||
0x4A, 0xD6, 0x8B, 0x69, 0xB8, 0xEE, 0x88, 0x68, 0x4F, 0xF7, 0x11, 0x37, 0x58, 0x05, 0xB3, 0x48 },
|
||||
37 /* Bin Number */
|
||||
},
|
||||
{
|
||||
/* emSign_ECC_Root_CA___G3 */
|
||||
{ 0x86, 0xA1, 0xEC, 0xBA, 0x08, 0x9C, 0x4A, 0x8D, 0x3B, 0xBE, 0x27, 0x34, 0xC6, 0x12, 0xBA, 0x34,
|
||||
0x1D, 0x81, 0x3E, 0x04, 0x3C, 0xF9, 0xE8, 0xA8, 0x62, 0xCD, 0x5C, 0x57, 0xA3, 0x6B, 0xBE, 0x6B },
|
||||
207 /* Bin Number */
|
||||
},
|
||||
{
|
||||
/* EC_ACC */
|
||||
{ 0x88, 0x49, 0x7F, 0x01, 0x60, 0x2F, 0x31, 0x54, 0x24, 0x6A, 0xE2, 0x8C, 0x4D, 0x5A, 0xEF, 0x10,
|
||||
|
@ -897,6 +921,12 @@ static const struct CertAuthorityHash ROOT_TABLE[] = {
|
|||
0x6F, 0x05, 0x45, 0x27, 0xE8, 0x02, 0xEA, 0xA9, 0x2D, 0x59, 0x54, 0x44, 0x25, 0x8A, 0xFE, 0x71 },
|
||||
120 /* Bin Number */
|
||||
},
|
||||
{
|
||||
/* emSign_ECC_Root_CA___C3 */
|
||||
{ 0xBC, 0x4D, 0x80, 0x9B, 0x15, 0x18, 0x9D, 0x78, 0xDB, 0x3E, 0x1D, 0x8C, 0xF4, 0xF9, 0x72, 0x6A,
|
||||
0x79, 0x5D, 0xA1, 0x64, 0x3C, 0xA5, 0xF1, 0x35, 0x8E, 0x1D, 0xDB, 0x0E, 0xDC, 0x0D, 0x7E, 0xB3 },
|
||||
209 /* Bin Number */
|
||||
},
|
||||
{
|
||||
/* AffirmTrust_Premium_ECC */
|
||||
{ 0xBD, 0x71, 0xFD, 0xF6, 0xDA, 0x97, 0xE4, 0xCF, 0x62, 0xD1, 0x64, 0x7A, 0xDD, 0x25, 0x81, 0xB0,
|
||||
|
|
|
@ -1033,7 +1033,32 @@
|
|||
"label": "Certigna_Root_CA",
|
||||
"binNumber": 205,
|
||||
"sha256Fingerprint": "1I09I+7bUKRZ5VGXYBwnd0udexjJTVoFlRGhAlC5MWg="
|
||||
},
|
||||
{
|
||||
"label": "emSign_Root_CA___G1",
|
||||
"binNumber": 206,
|
||||
"sha256Fingerprint": "QPavA0apmqHNHVVaTpzOYsf5Y0YD7kBmFYM9yMjQA2c="
|
||||
},
|
||||
{
|
||||
"label": "emSign_ECC_Root_CA___G3",
|
||||
"binNumber": 207,
|
||||
"sha256Fingerprint": "hqHsugicSo07vic0xhK6NB2BPgQ8+eioYs1cV6Nrvms="
|
||||
},
|
||||
{
|
||||
"label": "emSign_Root_CA___C1",
|
||||
"binNumber": 208,
|
||||
"sha256Fingerprint": "ElYJqjAdoKJJuXqCOctqNCFvRNysnzlUsUKS8ujIYI8="
|
||||
},
|
||||
{
|
||||
"label": "emSign_ECC_Root_CA___C3",
|
||||
"binNumber": 209,
|
||||
"sha256Fingerprint": "vE2AmxUYnXjbPh2M9PlyanldoWQ8pfE1jh3bDtwNfrM="
|
||||
},
|
||||
{
|
||||
"label": "Hongkong_Post_Root_CA_3",
|
||||
"binNumber": 210,
|
||||
"sha256Fingerprint": "Wi/APwyDsJC7+kBgSwmIRGx2Nhg9+YRuFxAaRH+479Y="
|
||||
}
|
||||
],
|
||||
"maxBin": 205
|
||||
"maxBin": 210
|
||||
}
|
|
@ -1 +1 @@
|
|||
536fd7c9db5a
|
||||
a306d84e4c70
|
||||
|
|
|
@ -121,6 +121,9 @@ static PRBool enableCertStatus = PR_FALSE;
|
|||
|
||||
PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT;
|
||||
|
||||
static const SSLSignatureScheme *enabledSigSchemes = NULL;
|
||||
static unsigned int enabledSigSchemeCount = 0;
|
||||
|
||||
char *progName;
|
||||
|
||||
secuPWData pwdata = { PW_NONE, 0 };
|
||||
|
@ -143,7 +146,8 @@ Usage(void)
|
|||
"Usage: %s [-n nickname] [-p port] [-d dbdir] [-c connections]\n"
|
||||
" [-BDNovqs] [-f filename] [-N | -P percentage]\n"
|
||||
" [-w dbpasswd] [-C cipher(s)] [-t threads] [-W pwfile]\n"
|
||||
" [-V [min-version]:[max-version]] [-a sniHostName] hostname\n"
|
||||
" [-V [min-version]:[max-version]] [-a sniHostName]\n"
|
||||
" [-J signatureschemes] hostname\n"
|
||||
" where -v means verbose\n"
|
||||
" -o flag is interpreted as follows:\n"
|
||||
" 1 -o means override the result of server certificate validation.\n"
|
||||
|
@ -161,7 +165,17 @@ Usage(void)
|
|||
" -T enable the cert_status extension (OCSP stapling)\n"
|
||||
" -u enable TLS Session Ticket extension\n"
|
||||
" -z enable compression\n"
|
||||
" -g enable false start\n",
|
||||
" -g enable false start\n"
|
||||
" -J enable signature schemes\n"
|
||||
" This takes a comma separated list of signature schemes in preference\n"
|
||||
" order.\n"
|
||||
" Possible values are:\n"
|
||||
" rsa_pkcs1_sha1, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512,\n"
|
||||
" ecdsa_sha1, ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,\n"
|
||||
" ecdsa_secp521r1_sha512,\n"
|
||||
" rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512,\n"
|
||||
" rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512,\n"
|
||||
" dsa_sha1, dsa_sha256, dsa_sha384, dsa_sha512\n",
|
||||
progName);
|
||||
exit(1);
|
||||
}
|
||||
|
@ -1158,6 +1172,14 @@ client_main(
|
|||
errExit("error setting SSL/TLS version range ");
|
||||
}
|
||||
|
||||
if (enabledSigSchemes) {
|
||||
rv = SSL_SignatureSchemePrefSet(model_sock, enabledSigSchemes,
|
||||
enabledSigSchemeCount);
|
||||
if (rv < 0) {
|
||||
errExit("SSL_SignatureSchemePrefSet");
|
||||
}
|
||||
}
|
||||
|
||||
if (bigBuf.data) { /* doing FDX */
|
||||
rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1);
|
||||
if (rv < 0) {
|
||||
|
@ -1316,7 +1338,7 @@ main(int argc, char **argv)
|
|||
/* XXX: 'B' was used in the past but removed in 3.28,
|
||||
* please leave some time before resuing it. */
|
||||
optstate = PL_CreateOptState(argc, argv,
|
||||
"C:DNP:TUV:W:a:c:d:f:gin:op:qst:uvw:z");
|
||||
"C:DJ:NP:TUV:W:a:c:d:f:gin:op:qst:uvw:z");
|
||||
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
|
||||
switch (optstate->option) {
|
||||
case 'C':
|
||||
|
@ -1330,6 +1352,15 @@ main(int argc, char **argv)
|
|||
case 'I': /* reserved for OCSP multi-stapling */
|
||||
break;
|
||||
|
||||
case 'J':
|
||||
rv = parseSigSchemeList(optstate->value, &enabledSigSchemes, &enabledSigSchemeCount);
|
||||
if (rv != SECSuccess) {
|
||||
PL_DestroyOptState(optstate);
|
||||
fprintf(stderr, "Bad signature scheme specified.\n");
|
||||
Usage();
|
||||
}
|
||||
break;
|
||||
|
||||
case 'N':
|
||||
NoReuse = 1;
|
||||
break;
|
||||
|
@ -1516,6 +1547,8 @@ main(int argc, char **argv)
|
|||
|
||||
PL_strfree(hostName);
|
||||
|
||||
PORT_Free((SSLSignatureScheme *)enabledSigSchemes);
|
||||
|
||||
/* some final stats. */
|
||||
printf(
|
||||
"strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n"
|
||||
|
|
|
@ -10,3 +10,4 @@
|
|||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* vim: set ts=2 et sw=2 tw=80: */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
||||
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#ifndef scoped_ptrs_smime_h__
|
||||
#define scoped_ptrs_smime_h__
|
||||
|
||||
#include <memory>
|
||||
#include "smime.h"
|
||||
|
||||
struct ScopedDeleteSmime {
|
||||
void operator()(NSSCMSMessage* id) { NSS_CMSMessage_Destroy(id); }
|
||||
};
|
||||
|
||||
template <class T>
|
||||
struct ScopedMaybeDeleteSmime {
|
||||
void operator()(T* ptr) {
|
||||
if (ptr) {
|
||||
ScopedDeleteSmime del;
|
||||
del(ptr);
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
#define SCOPED(x) \
|
||||
typedef std::unique_ptr<x, ScopedMaybeDeleteSmime<x> > Scoped##x
|
||||
|
||||
SCOPED(NSSCMSMessage);
|
||||
|
||||
#undef SCOPED
|
||||
|
||||
#endif // scoped_ptrs_smime_h__
|
|
@ -21,7 +21,7 @@ all: prepare all-man all-html
|
|||
prepare: date-and-version
|
||||
mkdir -p html
|
||||
mkdir -p nroff
|
||||
|
||||
|
||||
clean:
|
||||
rm -f date.xml version.xml *.tar.bz2
|
||||
rm -f html/*.proc
|
||||
|
@ -45,11 +45,11 @@ version.xml:
|
|||
|
||||
nroff/%.1 : %.xml
|
||||
$(COMPILE.1) $<
|
||||
|
||||
|
||||
MANPAGES = \
|
||||
nroff/certutil.1 nroff/cmsutil.1 nroff/crlutil.1 nroff/pk12util.1 \
|
||||
nroff/modutil.1 nroff/ssltap.1 nroff/derdump.1 nroff/signtool.1 nroff/signver.1 \
|
||||
nroff/pp.1 nroff/vfychain.1 nroff/vfyserv.1
|
||||
nroff/pp.1 nroff/vfychain.1 nroff/vfyserv.1 nroff/nss-policy-check.1
|
||||
|
||||
all-man: prepare $(MANPAGES)
|
||||
|
||||
|
@ -64,6 +64,6 @@ html/%.html : %.xml
|
|||
HTMLPAGES = \
|
||||
html/certutil.html html/cmsutil.html html/crlutil.html html/pk12util.html html/modutil.html \
|
||||
html/ssltap.html html/derdump.html html/signtool.html html/signver.html html/pp.html \
|
||||
html/vfychain.html html/vfyserv.html
|
||||
html/vfychain.html html/vfyserv.html html/nss-policy-check.html
|
||||
|
||||
all-html: prepare $(HTMLPAGES)
|
||||
|
|
|
@ -179,6 +179,10 @@ Use the -a argument to specify ASCII output.</para></listitem>
|
|||
For certificate requests, ASCII output defaults to standard output unless redirected.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--simple-self-signed</term>
|
||||
<listitem><para>When printing the certificate chain, don't search for a chain if issuer name equals to subject name.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>-b validity-time</term>
|
||||
<listitem><para>Specify a time at which a certificate is required to be valid. Use when checking certificate validity with the <option>-V</option> option. The format of the <emphasis>validity-time</emphasis> argument is <emphasis>YYMMDDHHMMSS[+HHMM|-HHMM|Z]</emphasis>, which allows offsets to be set relative to the validity end time. Specifying seconds (<emphasis>SS</emphasis>) is optional. When specifying an explicit time, use a Z at the end of the term, <emphasis>YYMMDDHHMMSSZ</emphasis>, to close it. When specifying an offset time, use <emphasis>YYMMDDHHMMSS+HHMM</emphasis> or <emphasis>YYMMDDHHMMSS-HHMM</emphasis> for adding or subtracting time, respectively.
|
||||
|
|
|
@ -0,0 +1,97 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="nss-policy-check">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>NSS Security Tools</title>
|
||||
<productname>nss-tools</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>NSS-POLICY-CHECK</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>nss-policy-check</refname>
|
||||
<refpurpose>nss-policy-check policy-file</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>nss-policy-check</command>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><command>nss-policy-check</command> verifies crypto-policy configuration that controls certain crypto algorithms are allowed/disallowed to use in the NSS library.</para>
|
||||
|
||||
<para>The crypto-policy configuration can be stored in either a system-wide configuration file, specified with the POLICY_PATH and POLICY_FILE build options, or in the pkcs11.txt in NSS database.</para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="basic-usage">
|
||||
<title>Usage and Examples</title>
|
||||
<para>To check the global crypto-policy configuration in <filename>/etc/crypto-policies/back-ends/nss.config</filename>:
|
||||
</para>
|
||||
<programlisting>$ nss-policy-check /etc/crypto-policies/back-ends/nss.config
|
||||
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
|
||||
NSS-POLICY-INFO: PRIME256V1 is enabled for KX
|
||||
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
|
||||
NSS-POLICY-INFO: SECP256R1 is enabled for KX
|
||||
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
|
||||
NSS-POLICY-INFO: SECP384R1 is enabled for KX
|
||||
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
|
||||
...
|
||||
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 13
|
||||
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
|
||||
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 9
|
||||
...
|
||||
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
|
||||
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
|
||||
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
|
||||
...
|
||||
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 24
|
||||
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 3
|
||||
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 2
|
||||
</programlisting>
|
||||
<para>If there is a failure or warning, it will be prefixed with
|
||||
NSS-POLICY-FAIL or NSS-POLICY_WARN.
|
||||
</para>
|
||||
<para><command>nss-policy-check</command> exits with 2 if any
|
||||
failure is found, 1 if any warning is found, or 0 if no errors are
|
||||
found.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="resources">
|
||||
<title>Additional Resources</title>
|
||||
<para>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
|
||||
<para>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</para>
|
||||
<para>IRC: Freenode at #dogtag-pki</para>
|
||||
</refsection>
|
||||
|
||||
<!-- fill in your name first; keep the other names for reference -->
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>
|
||||
Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
</refentry>
|
|
@ -108,7 +108,7 @@
|
|||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-n | --cert-key-len certKeyLength</term>
|
||||
<term>--cert-key-len certKeyLength</term>
|
||||
<listitem><para>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
|
@ -24,6 +24,7 @@ NSS_SRCDIRS = \
|
|||
cryptohi_gtest \
|
||||
der_gtest \
|
||||
pk11_gtest \
|
||||
smime_gtest \
|
||||
softoken_gtest \
|
||||
ssl_gtest \
|
||||
$(SYSINIT_GTEST) \
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
#! gmake
|
||||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
#######################################################################
|
||||
# (1) Include initial platform-independent assignments (MANDATORY). #
|
||||
#######################################################################
|
||||
|
||||
include manifest.mn
|
||||
|
||||
#######################################################################
|
||||
# (2) Include "global" configuration information. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
include $(CORE_DEPTH)/coreconf/config.mk
|
||||
|
||||
#######################################################################
|
||||
# (3) Include "component" configuration information. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
|
||||
#######################################################################
|
||||
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
|
||||
#######################################################################
|
||||
|
||||
include ../common/gtest.mk
|
||||
|
||||
#######################################################################
|
||||
# (5) Execute "global" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
|
||||
#######################################################################
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
#######################################################################
|
|
@ -0,0 +1,22 @@
|
|||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
CORE_DEPTH = ../..
|
||||
DEPTH = ../..
|
||||
MODULE = nss
|
||||
|
||||
CPPSRCS = \
|
||||
smime_unittest.cc \
|
||||
$(NULL)
|
||||
|
||||
INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
|
||||
-I$(CORE_DEPTH)/gtests/common \
|
||||
-I$(CORE_DEPTH)/cpputil
|
||||
|
||||
REQUIRES = nspr gtest
|
||||
|
||||
PROGRAM = smime_gtest
|
||||
|
||||
EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX)
|
|
@ -0,0 +1,30 @@
|
|||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
{
|
||||
'includes': [
|
||||
'../../coreconf/config.gypi',
|
||||
'../common/gtest.gypi',
|
||||
],
|
||||
'targets': [
|
||||
{
|
||||
'target_name': 'smime_gtest',
|
||||
'type': 'executable',
|
||||
'sources': [
|
||||
'smime_unittest.cc',
|
||||
'<(DEPTH)/gtests/common/gtests.cc'
|
||||
],
|
||||
'dependencies': [
|
||||
'<(DEPTH)/exports.gyp:nss_exports',
|
||||
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
|
||||
'<(DEPTH)/lib/util/util.gyp:nssutil3',
|
||||
'<(DEPTH)/lib/nss/nss.gyp:nss3',
|
||||
'<(DEPTH)/lib/smime/smime.gyp:smime',
|
||||
'<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
|
||||
]
|
||||
}
|
||||
],
|
||||
'variables': {
|
||||
'module': 'nss'
|
||||
}
|
||||
}
|
|
@ -0,0 +1,137 @@
|
|||
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* vim: set ts=2 et sw=2 tw=80: */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License v. 2.0. If a copy of the MPL was not distributed with this file
|
||||
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include <string>
|
||||
|
||||
#include "gtest/gtest.h"
|
||||
|
||||
#include "scoped_ptrs_smime.h"
|
||||
#include "smime.h"
|
||||
|
||||
namespace nss_test {
|
||||
|
||||
// See bug 1507174; this is a CMS serialization (RFC 5652) that claims to be
|
||||
// 12336 bytes long, which ensures CMS validates the streaming decoder's
|
||||
// incorrect length.
|
||||
static const unsigned char kHugeLenAsn1[] = {
|
||||
0x30, 0x82, 0x30, 0x30, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
|
||||
0x0D, 0x01, 0x07, 0x02, 0xA0, 0x82, 0x02, 0x30, 0x30, 0x30, 0x02,
|
||||
0x01, 0x30, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, 0x30, 0x30, 0x30,
|
||||
0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x00, 0x30, 0x0B, 0x06,
|
||||
0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05};
|
||||
|
||||
// secp256r1 signature with no certs and no attrs
|
||||
static unsigned char kValidSignature[] = {
|
||||
0x30, 0x81, 0xFE, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
|
||||
0x07, 0x02, 0xA0, 0x81, 0xF0, 0x30, 0x81, 0xED, 0x02, 0x01, 0x01, 0x31,
|
||||
0x0F, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
|
||||
0x02, 0x01, 0x05, 0x00, 0x30, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
|
||||
0xF7, 0x0D, 0x01, 0x07, 0x01, 0x31, 0x81, 0xC9, 0x30, 0x81, 0xC6, 0x02,
|
||||
0x01, 0x01, 0x30, 0x5D, 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
|
||||
0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06,
|
||||
0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x53, 0x6F, 0x6D, 0x65, 0x2D, 0x53,
|
||||
0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04,
|
||||
0x0A, 0x0C, 0x18, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x65, 0x74, 0x20,
|
||||
0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20,
|
||||
0x4C, 0x74, 0x64, 0x02, 0x14, 0x6B, 0x22, 0xCA, 0x91, 0xE0, 0x71, 0x97,
|
||||
0xEB, 0x45, 0x0D, 0x68, 0xC0, 0xD4, 0xB6, 0xE9, 0x45, 0x38, 0x4C, 0xDD,
|
||||
0xA3, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
|
||||
0x02, 0x01, 0x05, 0x00, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE,
|
||||
0x3D, 0x04, 0x03, 0x02, 0x04, 0x47, 0x30, 0x45, 0x02, 0x20, 0x48, 0xEB,
|
||||
0xE6, 0xBA, 0xFC, 0xFD, 0x83, 0xB3, 0xA2, 0xB5, 0x59, 0x35, 0x0C, 0xA1,
|
||||
0x31, 0x0E, 0x2F, 0xE3, 0x8D, 0x81, 0xD8, 0xF5, 0x33, 0xE4, 0x83, 0x87,
|
||||
0xB1, 0xFD, 0x43, 0x9D, 0x95, 0x7D, 0x02, 0x21, 0x00, 0xD0, 0x05, 0x0E,
|
||||
0x05, 0xA6, 0x80, 0x3C, 0x1A, 0xFE, 0x51, 0xFC, 0x4D, 0x1A, 0x25, 0x05,
|
||||
0x78, 0xB5, 0x42, 0xF5, 0xDE, 0x4E, 0x8A, 0xF8, 0xE3, 0xD8, 0x52, 0xDC,
|
||||
0x2B, 0x73, 0x80, 0x4A, 0x1A};
|
||||
|
||||
// See bug 1507135; this is a CMS signature that contains only the OID
|
||||
static unsigned char kTruncatedSignature[] = {0x30, 0x0B, 0x06, 0x09, 0x2A,
|
||||
0x86, 0x48, 0x86, 0xF7, 0x0D,
|
||||
0x01, 0x07, 0x02};
|
||||
|
||||
// secp256r1 signature that's truncated by one byte.
|
||||
static unsigned char kSlightlyTruncatedSignature[] = {
|
||||
0x30, 0x81, 0xFE, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
|
||||
0x07, 0x02, 0xA0, 0x81, 0xF0, 0x30, 0x81, 0xED, 0x02, 0x01, 0x01, 0x31,
|
||||
0x0F, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
|
||||
0x02, 0x01, 0x05, 0x00, 0x30, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
|
||||
0xF7, 0x0D, 0x01, 0x07, 0x01, 0x31, 0x81, 0xC9, 0x30, 0x81, 0xC6, 0x02,
|
||||
0x01, 0x01, 0x30, 0x5D, 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
|
||||
0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06,
|
||||
0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x53, 0x6F, 0x6D, 0x65, 0x2D, 0x53,
|
||||
0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04,
|
||||
0x0A, 0x0C, 0x18, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x65, 0x74, 0x20,
|
||||
0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20,
|
||||
0x4C, 0x74, 0x64, 0x02, 0x14, 0x6B, 0x22, 0xCA, 0x91, 0xE0, 0x71, 0x97,
|
||||
0xEB, 0x45, 0x0D, 0x68, 0xC0, 0xD4, 0xB6, 0xE9, 0x45, 0x38, 0x4C, 0xDD,
|
||||
0xA3, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
|
||||
0x02, 0x01, 0x05, 0x00, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE,
|
||||
0x3D, 0x04, 0x03, 0x02, 0x04, 0x47, 0x30, 0x45, 0x02, 0x20, 0x48, 0xEB,
|
||||
0xE6, 0xBA, 0xFC, 0xFD, 0x83, 0xB3, 0xA2, 0xB5, 0x59, 0x35, 0x0C, 0xA1,
|
||||
0x31, 0x0E, 0x2F, 0xE3, 0x8D, 0x81, 0xD8, 0xF5, 0x33, 0xE4, 0x83, 0x87,
|
||||
0xB1, 0xFD, 0x43, 0x9D, 0x95, 0x7D, 0x02, 0x21, 0x00, 0xD0, 0x05, 0x0E,
|
||||
0x05, 0xA6, 0x80, 0x3C, 0x1A, 0xFE, 0x51, 0xFC, 0x4D, 0x1A, 0x25, 0x05,
|
||||
0x78, 0xB5, 0x42, 0xF5, 0xDE, 0x4E, 0x8A, 0xF8, 0xE3, 0xD8, 0x52, 0xDC,
|
||||
0x2B, 0x73, 0x80, 0x4A};
|
||||
|
||||
class SMimeTest : public ::testing::Test {};
|
||||
|
||||
TEST_F(SMimeTest, InvalidDER) {
|
||||
PK11SymKey* bulk_key = nullptr;
|
||||
NSSCMSDecoderContext* dcx =
|
||||
NSS_CMSDecoder_Start(nullptr, nullptr, nullptr, /* content callback */
|
||||
nullptr, nullptr, /* password callback */
|
||||
nullptr, /* key callback */
|
||||
bulk_key);
|
||||
ASSERT_NE(nullptr, dcx);
|
||||
EXPECT_EQ(SECSuccess, NSS_CMSDecoder_Update(
|
||||
dcx, reinterpret_cast<const char*>(kHugeLenAsn1),
|
||||
sizeof(kHugeLenAsn1)));
|
||||
EXPECT_EQ(nullptr, bulk_key);
|
||||
ASSERT_FALSE(NSS_CMSDecoder_Finish(dcx));
|
||||
}
|
||||
|
||||
TEST_F(SMimeTest, IsSignedValid) {
|
||||
SECItem sig_der_item = {siBuffer, kValidSignature, sizeof(kValidSignature)};
|
||||
|
||||
ScopedNSSCMSMessage cms_msg(NSS_CMSMessage_CreateFromDER(
|
||||
&sig_der_item, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
|
||||
|
||||
ASSERT_TRUE(cms_msg);
|
||||
|
||||
ASSERT_TRUE(NSS_CMSMessage_IsSigned(cms_msg.get()));
|
||||
}
|
||||
|
||||
TEST_F(SMimeTest, TruncatedCmsSignature) {
|
||||
SECItem sig_der_item = {siBuffer, kTruncatedSignature,
|
||||
sizeof(kTruncatedSignature)};
|
||||
|
||||
ScopedNSSCMSMessage cms_msg(NSS_CMSMessage_CreateFromDER(
|
||||
&sig_der_item, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
|
||||
|
||||
ASSERT_TRUE(cms_msg);
|
||||
|
||||
ASSERT_FALSE(NSS_CMSMessage_IsSigned(cms_msg.get()));
|
||||
}
|
||||
|
||||
TEST_F(SMimeTest, SlightlyTruncatedCmsSignature) {
|
||||
SECItem sig_der_item = {siBuffer, kSlightlyTruncatedSignature,
|
||||
sizeof(kSlightlyTruncatedSignature)};
|
||||
|
||||
ScopedNSSCMSMessage cms_msg(NSS_CMSMessage_CreateFromDER(
|
||||
&sig_der_item, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
|
||||
|
||||
ASSERT_FALSE(cms_msg);
|
||||
|
||||
ASSERT_FALSE(NSS_CMSMessage_IsSigned(cms_msg.get()));
|
||||
}
|
||||
|
||||
TEST_F(SMimeTest, IsSignedNull) {
|
||||
ASSERT_FALSE(NSS_CMSMessage_IsSigned(nullptr));
|
||||
}
|
||||
|
||||
} // namespace nss_test
|
|
@ -183,15 +183,12 @@ class TlsHkdfTest : public ::testing::Test,
|
|||
DumpData("Output", &output[0], output.size());
|
||||
EXPECT_EQ(0, memcmp(expected.data(), &output[0], expected.len()));
|
||||
|
||||
if (session_hash_len > 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Verify that the public API produces the same result.
|
||||
PRUint16 cs = GetSomeCipherSuiteForHash(base_hash);
|
||||
PK11SymKey* secret;
|
||||
rv = SSL_HkdfDeriveSecret(SSL_LIBRARY_VERSION_TLS_1_3, cs, prk->get(),
|
||||
label, label_len, &secret);
|
||||
rv = SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3, cs, prk->get(),
|
||||
session_hash, session_hash_len, label, label_len,
|
||||
&secret);
|
||||
EXPECT_EQ(SECSuccess, rv);
|
||||
ASSERT_NE(nullptr, prk);
|
||||
VerifyKey(ScopedPK11SymKey(secret), expected);
|
||||
|
@ -347,51 +344,62 @@ TEST_P(TlsHkdfTest, BadExtractWrapperInput) {
|
|||
EXPECT_EQ(nullptr, key);
|
||||
}
|
||||
|
||||
TEST_P(TlsHkdfTest, BadDeriveSecretWrapperInput) {
|
||||
TEST_P(TlsHkdfTest, BadExpandLabelWrapperInput) {
|
||||
PK11SymKey* key = nullptr;
|
||||
static const char* kLabel = "label";
|
||||
|
||||
// Bad version.
|
||||
EXPECT_EQ(SECFailure, SSL_HkdfDeriveSecret(SSL_LIBRARY_VERSION_TLS_1_2,
|
||||
TLS_AES_128_GCM_SHA256, k1_.get(),
|
||||
kLabel, strlen(kLabel), &key));
|
||||
EXPECT_EQ(
|
||||
SECFailure,
|
||||
SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256,
|
||||
k1_.get(), nullptr, 0, kLabel, strlen(kLabel), &key));
|
||||
EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
|
||||
|
||||
// Bad ciphersuite.
|
||||
EXPECT_EQ(SECFailure, SSL_HkdfDeriveSecret(SSL_LIBRARY_VERSION_TLS_1_3,
|
||||
TLS_RSA_WITH_NULL_MD5, k1_.get(),
|
||||
kLabel, strlen(kLabel), &key));
|
||||
EXPECT_EQ(
|
||||
SECFailure,
|
||||
SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3, TLS_RSA_WITH_NULL_MD5,
|
||||
k1_.get(), nullptr, 0, kLabel, strlen(kLabel), &key));
|
||||
EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
|
||||
|
||||
// Old ciphersuite.
|
||||
EXPECT_EQ(SECFailure,
|
||||
SSL_HkdfDeriveSecret(SSL_LIBRARY_VERSION_TLS_1_3,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA, k1_.get(),
|
||||
kLabel, strlen(kLabel), &key));
|
||||
SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA, k1_.get(),
|
||||
nullptr, 0, kLabel, strlen(kLabel), &key));
|
||||
EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
|
||||
|
||||
// Null PRK.
|
||||
EXPECT_EQ(SECFailure, SSL_HkdfDeriveSecret(SSL_LIBRARY_VERSION_TLS_1_2,
|
||||
TLS_AES_128_GCM_SHA256, nullptr,
|
||||
kLabel, strlen(kLabel), &key));
|
||||
EXPECT_EQ(SECFailure, SSL_HkdfExpandLabel(
|
||||
SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256,
|
||||
nullptr, nullptr, 0, kLabel, strlen(kLabel), &key));
|
||||
EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
|
||||
|
||||
// Null, non-zero-length handshake hash.
|
||||
EXPECT_EQ(
|
||||
SECFailure,
|
||||
SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256,
|
||||
k1_.get(), nullptr, 2, kLabel, strlen(kLabel), &key));
|
||||
|
||||
EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
|
||||
// Null, non-zero-length label.
|
||||
EXPECT_EQ(SECFailure, SSL_HkdfDeriveSecret(SSL_LIBRARY_VERSION_TLS_1_3,
|
||||
TLS_AES_128_GCM_SHA256, k1_.get(),
|
||||
nullptr, strlen(kLabel), &key));
|
||||
EXPECT_EQ(SECFailure,
|
||||
SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3,
|
||||
TLS_AES_128_GCM_SHA256, k1_.get(), nullptr, 0,
|
||||
nullptr, strlen(kLabel), &key));
|
||||
EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
|
||||
|
||||
// Null, empty label.
|
||||
EXPECT_EQ(SECFailure, SSL_HkdfDeriveSecret(SSL_LIBRARY_VERSION_TLS_1_3,
|
||||
TLS_AES_128_GCM_SHA256, k1_.get(),
|
||||
nullptr, 0, &key));
|
||||
EXPECT_EQ(SECFailure, SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3,
|
||||
TLS_AES_128_GCM_SHA256, k1_.get(),
|
||||
nullptr, 0, nullptr, 0, &key));
|
||||
EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
|
||||
|
||||
// Null key pointer..
|
||||
EXPECT_EQ(SECFailure, SSL_HkdfDeriveSecret(SSL_LIBRARY_VERSION_TLS_1_3,
|
||||
TLS_AES_128_GCM_SHA256, k1_.get(),
|
||||
kLabel, strlen(kLabel), nullptr));
|
||||
EXPECT_EQ(SECFailure,
|
||||
SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3,
|
||||
TLS_AES_128_GCM_SHA256, k1_.get(), nullptr, 0,
|
||||
kLabel, strlen(kLabel), nullptr));
|
||||
EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
|
||||
|
||||
EXPECT_EQ(nullptr, key);
|
||||
|
|
|
@ -23153,3 +23153,678 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
|||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "emSign Root CA - G1"
|
||||
#
|
||||
# Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
|
||||
# Serial Number:31:f5:e4:62:0c:6c:58:ed:d6:d8
|
||||
# Subject: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
|
||||
# Not Valid Before: Sun Feb 18 18:30:00 2018
|
||||
# Not Valid After : Wed Feb 18 18:30:00 2043
|
||||
# Fingerprint (SHA-256): 40:F6:AF:03:46:A9:9A:A1:CD:1D:55:5A:4E:9C:CE:62:C7:F9:63:46:03:EE:40:66:15:83:3D:C8:C8:D0:03:67
|
||||
# Fingerprint (SHA1): 8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "emSign Root CA - G1"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061
|
||||
\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156
|
||||
\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145
|
||||
\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147
|
||||
\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006
|
||||
\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157
|
||||
\164\040\103\101\040\055\040\107\061
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061
|
||||
\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156
|
||||
\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145
|
||||
\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147
|
||||
\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006
|
||||
\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157
|
||||
\164\040\103\101\040\055\040\107\061
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\012\061\365\344\142\014\154\130\355\326\330
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\003\224\060\202\002\174\240\003\002\001\002\002\012\061
|
||||
\365\344\142\014\154\130\355\326\330\060\015\006\011\052\206\110
|
||||
\206\367\015\001\001\013\005\000\060\147\061\013\060\011\006\003
|
||||
\125\004\006\023\002\111\116\061\023\060\021\006\003\125\004\013
|
||||
\023\012\145\155\123\151\147\156\040\120\113\111\061\045\060\043
|
||||
\006\003\125\004\012\023\034\145\115\165\144\150\162\141\040\124
|
||||
\145\143\150\156\157\154\157\147\151\145\163\040\114\151\155\151
|
||||
\164\145\144\061\034\060\032\006\003\125\004\003\023\023\145\155
|
||||
\123\151\147\156\040\122\157\157\164\040\103\101\040\055\040\107
|
||||
\061\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060
|
||||
\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060
|
||||
\132\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116
|
||||
\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147
|
||||
\156\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034
|
||||
\145\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157
|
||||
\147\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032
|
||||
\006\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157
|
||||
\157\164\040\103\101\040\055\040\107\061\060\202\001\042\060\015
|
||||
\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
|
||||
\017\000\060\202\001\012\002\202\001\001\000\223\113\273\351\146
|
||||
\212\356\235\133\325\064\223\320\033\036\303\347\236\270\144\063
|
||||
\177\143\170\150\264\315\056\161\165\327\233\040\306\115\051\274
|
||||
\266\150\140\212\367\041\232\126\065\132\363\166\275\330\315\232
|
||||
\377\223\126\113\245\131\006\241\223\064\051\335\026\064\165\116
|
||||
\362\201\264\307\226\116\255\031\025\122\112\376\074\160\165\160
|
||||
\315\257\053\253\025\232\063\074\252\263\213\252\315\103\375\365
|
||||
\352\160\377\355\317\021\073\224\316\116\062\026\323\043\100\052
|
||||
\167\263\257\074\001\054\154\355\231\054\213\331\116\151\230\262
|
||||
\367\217\101\260\062\170\141\326\015\137\303\372\242\100\222\035
|
||||
\134\027\346\160\076\065\347\242\267\302\142\342\253\244\070\114
|
||||
\265\071\065\157\352\003\151\372\072\124\150\205\155\326\362\057
|
||||
\103\125\036\221\015\016\330\325\152\244\226\321\023\074\054\170
|
||||
\120\350\072\222\322\027\126\345\065\032\100\034\076\215\054\355
|
||||
\071\337\102\340\203\101\164\337\243\315\302\206\140\110\150\343
|
||||
\151\013\124\000\213\344\166\151\041\015\171\116\064\010\136\024
|
||||
\302\314\261\267\255\327\174\160\212\307\205\002\003\001\000\001
|
||||
\243\102\060\100\060\035\006\003\125\035\016\004\026\004\024\373
|
||||
\357\015\206\236\260\343\335\251\271\361\041\027\177\076\374\360
|
||||
\167\053\032\060\016\006\003\125\035\017\001\001\377\004\004\003
|
||||
\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060
|
||||
\003\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001
|
||||
\013\005\000\003\202\001\001\000\131\377\362\214\365\207\175\161
|
||||
\075\243\237\033\133\321\332\370\323\234\153\066\275\233\251\141
|
||||
\353\336\026\054\164\075\236\346\165\332\327\272\247\274\102\027
|
||||
\347\075\221\353\345\175\335\076\234\361\317\222\254\154\110\314
|
||||
\302\042\077\151\073\305\266\025\057\243\065\306\150\052\034\127
|
||||
\257\071\357\215\320\065\303\030\014\173\000\126\034\315\213\031
|
||||
\164\336\276\017\022\340\320\252\241\077\002\064\261\160\316\235
|
||||
\030\326\010\003\011\106\356\140\340\176\266\304\111\004\121\175
|
||||
\160\140\274\252\262\377\171\162\172\246\035\075\137\052\370\312
|
||||
\342\375\071\267\107\271\353\176\337\004\043\257\372\234\006\007
|
||||
\351\373\143\223\200\100\265\306\154\012\061\050\316\014\237\317
|
||||
\263\043\065\200\101\215\154\304\067\173\201\057\200\241\100\102
|
||||
\205\351\331\070\215\350\241\123\315\001\277\151\350\132\006\362
|
||||
\105\013\220\372\256\341\277\235\362\256\127\074\245\256\262\126
|
||||
\364\213\145\100\351\375\061\201\054\364\071\011\330\356\153\247
|
||||
\264\246\035\025\245\230\367\001\201\330\205\175\363\121\134\161
|
||||
\210\336\272\314\037\200\176\112
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
|
||||
# Trust for "emSign Root CA - G1"
|
||||
# Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
|
||||
# Serial Number:31:f5:e4:62:0c:6c:58:ed:d6:d8
|
||||
# Subject: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
|
||||
# Not Valid Before: Sun Feb 18 18:30:00 2018
|
||||
# Not Valid After : Wed Feb 18 18:30:00 2043
|
||||
# Fingerprint (SHA-256): 40:F6:AF:03:46:A9:9A:A1:CD:1D:55:5A:4E:9C:CE:62:C7:F9:63:46:03:EE:40:66:15:83:3D:C8:C8:D0:03:67
|
||||
# Fingerprint (SHA1): 8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "emSign Root CA - G1"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\212\307\255\217\163\254\116\301\265\165\115\245\100\364\374\317
|
||||
\174\265\216\214
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\234\102\204\127\335\313\013\247\056\225\255\266\363\332\274\254
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061
|
||||
\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156
|
||||
\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145
|
||||
\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147
|
||||
\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006
|
||||
\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157
|
||||
\164\040\103\101\040\055\040\107\061
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\012\061\365\344\142\014\154\130\355\326\330
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "emSign ECC Root CA - G3"
|
||||
#
|
||||
# Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
|
||||
# Serial Number:3c:f6:07:a9:68:70:0e:da:8b:84
|
||||
# Subject: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
|
||||
# Not Valid Before: Sun Feb 18 18:30:00 2018
|
||||
# Not Valid After : Wed Feb 18 18:30:00 2043
|
||||
# Fingerprint (SHA-256): 86:A1:EC:BA:08:9C:4A:8D:3B:BE:27:34:C6:12:BA:34:1D:81:3E:04:3C:F9:E8:A8:62:CD:5C:57:A3:6B:BE:6B
|
||||
# Fingerprint (SHA1): 30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "emSign ECC Root CA - G3"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061
|
||||
\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156
|
||||
\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145
|
||||
\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147
|
||||
\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006
|
||||
\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103
|
||||
\040\122\157\157\164\040\103\101\040\055\040\107\063
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061
|
||||
\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156
|
||||
\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145
|
||||
\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147
|
||||
\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006
|
||||
\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103
|
||||
\040\122\157\157\164\040\103\101\040\055\040\107\063
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\012\074\366\007\251\150\160\016\332\213\204
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\002\116\060\202\001\323\240\003\002\001\002\002\012\074
|
||||
\366\007\251\150\160\016\332\213\204\060\012\006\010\052\206\110
|
||||
\316\075\004\003\003\060\153\061\013\060\011\006\003\125\004\006
|
||||
\023\002\111\116\061\023\060\021\006\003\125\004\013\023\012\145
|
||||
\155\123\151\147\156\040\120\113\111\061\045\060\043\006\003\125
|
||||
\004\012\023\034\145\115\165\144\150\162\141\040\124\145\143\150
|
||||
\156\157\154\157\147\151\145\163\040\114\151\155\151\164\145\144
|
||||
\061\040\060\036\006\003\125\004\003\023\027\145\155\123\151\147
|
||||
\156\040\105\103\103\040\122\157\157\164\040\103\101\040\055\040
|
||||
\107\063\060\036\027\015\061\070\060\062\061\070\061\070\063\060
|
||||
\060\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060
|
||||
\060\132\060\153\061\013\060\011\006\003\125\004\006\023\002\111
|
||||
\116\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151
|
||||
\147\156\040\120\113\111\061\045\060\043\006\003\125\004\012\023
|
||||
\034\145\115\165\144\150\162\141\040\124\145\143\150\156\157\154
|
||||
\157\147\151\145\163\040\114\151\155\151\164\145\144\061\040\060
|
||||
\036\006\003\125\004\003\023\027\145\155\123\151\147\156\040\105
|
||||
\103\103\040\122\157\157\164\040\103\101\040\055\040\107\063\060
|
||||
\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053\201
|
||||
\004\000\042\003\142\000\004\043\245\014\270\055\022\365\050\363
|
||||
\261\262\335\342\002\022\200\236\071\137\111\115\237\311\045\064
|
||||
\131\164\354\273\006\034\347\300\162\257\350\256\057\341\101\124
|
||||
\207\024\250\112\262\350\174\202\346\133\152\265\334\263\165\316
|
||||
\213\006\320\206\043\277\106\325\216\017\077\004\364\327\034\222
|
||||
\176\366\245\143\302\365\137\216\056\117\241\030\031\002\053\062
|
||||
\012\202\144\175\026\223\321\243\102\060\100\060\035\006\003\125
|
||||
\035\016\004\026\004\024\174\135\002\204\023\324\314\212\233\201
|
||||
\316\027\034\056\051\036\234\110\143\102\060\016\006\003\125\035
|
||||
\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035
|
||||
\023\001\001\377\004\005\060\003\001\001\377\060\012\006\010\052
|
||||
\206\110\316\075\004\003\003\003\151\000\060\146\002\061\000\276
|
||||
\363\141\317\002\020\035\144\225\007\270\030\156\210\205\005\057
|
||||
\203\010\027\220\312\037\212\114\350\015\033\172\261\255\325\201
|
||||
\011\107\357\073\254\010\004\174\134\231\261\355\107\007\322\002
|
||||
\061\000\235\272\125\374\251\112\350\355\355\346\166\001\102\173
|
||||
\310\370\140\331\215\121\213\125\073\373\214\173\353\145\011\303
|
||||
\370\226\315\107\250\202\362\026\125\167\044\176\022\020\225\004
|
||||
\054\243
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
|
||||
# Trust for "emSign ECC Root CA - G3"
|
||||
# Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
|
||||
# Serial Number:3c:f6:07:a9:68:70:0e:da:8b:84
|
||||
# Subject: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
|
||||
# Not Valid Before: Sun Feb 18 18:30:00 2018
|
||||
# Not Valid After : Wed Feb 18 18:30:00 2043
|
||||
# Fingerprint (SHA-256): 86:A1:EC:BA:08:9C:4A:8D:3B:BE:27:34:C6:12:BA:34:1D:81:3E:04:3C:F9:E8:A8:62:CD:5C:57:A3:6B:BE:6B
|
||||
# Fingerprint (SHA1): 30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "emSign ECC Root CA - G3"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\060\103\372\117\362\127\334\240\303\200\356\056\130\352\170\262
|
||||
\077\346\273\301
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\316\013\162\321\237\210\216\320\120\003\350\343\270\213\147\100
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061
|
||||
\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156
|
||||
\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145
|
||||
\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147
|
||||
\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006
|
||||
\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103
|
||||
\040\122\157\157\164\040\103\101\040\055\040\107\063
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\012\074\366\007\251\150\160\016\332\213\204
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "emSign Root CA - C1"
|
||||
#
|
||||
# Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US
|
||||
# Serial Number:00:ae:cf:00:ba:c4:cf:32:f8:43:b2
|
||||
# Subject: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US
|
||||
# Not Valid Before: Sun Feb 18 18:30:00 2018
|
||||
# Not Valid After : Wed Feb 18 18:30:00 2043
|
||||
# Fingerprint (SHA-256): 12:56:09:AA:30:1D:A0:A2:49:B9:7A:82:39:CB:6A:34:21:6F:44:DC:AC:9F:39:54:B1:42:92:F2:E8:C8:60:8F
|
||||
# Fingerprint (SHA1): E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "emSign Root CA - C1"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156
|
||||
\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145
|
||||
\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003
|
||||
\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164
|
||||
\040\103\101\040\055\040\103\061
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156
|
||||
\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145
|
||||
\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003
|
||||
\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164
|
||||
\040\103\101\040\055\040\103\061
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\013\000\256\317\000\272\304\317\062\370\103\262
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\003\163\060\202\002\133\240\003\002\001\002\002\013\000
|
||||
\256\317\000\272\304\317\062\370\103\262\060\015\006\011\052\206
|
||||
\110\206\367\015\001\001\013\005\000\060\126\061\013\060\011\006
|
||||
\003\125\004\006\023\002\125\123\061\023\060\021\006\003\125\004
|
||||
\013\023\012\145\155\123\151\147\156\040\120\113\111\061\024\060
|
||||
\022\006\003\125\004\012\023\013\145\115\165\144\150\162\141\040
|
||||
\111\156\143\061\034\060\032\006\003\125\004\003\023\023\145\155
|
||||
\123\151\147\156\040\122\157\157\164\040\103\101\040\055\040\103
|
||||
\061\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060
|
||||
\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060
|
||||
\132\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123
|
||||
\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147
|
||||
\156\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013
|
||||
\145\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006
|
||||
\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157
|
||||
\164\040\103\101\040\055\040\103\061\060\202\001\042\060\015\006
|
||||
\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
|
||||
\000\060\202\001\012\002\202\001\001\000\317\353\251\271\361\231
|
||||
\005\314\330\050\041\112\363\163\064\121\204\126\020\365\240\117
|
||||
\054\022\343\372\023\232\047\320\317\371\171\032\164\137\035\171
|
||||
\071\374\133\370\160\216\340\222\122\367\344\045\371\124\203\331
|
||||
\035\323\310\132\205\077\136\307\266\007\356\076\300\316\232\257
|
||||
\254\126\102\052\071\045\160\326\277\265\173\066\255\254\366\163
|
||||
\334\315\327\035\212\203\245\373\053\220\025\067\153\034\046\107
|
||||
\334\073\051\126\223\152\263\301\152\072\235\075\365\301\227\070
|
||||
\130\005\213\034\021\343\344\264\270\135\205\035\203\376\170\137
|
||||
\013\105\150\030\110\245\106\163\064\073\376\017\310\166\273\307
|
||||
\030\363\005\321\206\363\205\355\347\271\331\062\255\125\210\316
|
||||
\246\266\221\260\117\254\176\025\043\226\366\077\360\040\064\026
|
||||
\336\012\306\304\004\105\171\177\247\375\276\322\251\245\257\234
|
||||
\305\043\052\367\074\041\154\275\257\217\116\305\072\262\363\064
|
||||
\022\374\337\200\032\111\244\324\251\225\367\236\211\136\242\211
|
||||
\254\224\313\250\150\233\257\212\145\047\315\211\356\335\214\265
|
||||
\153\051\160\103\240\151\013\344\271\017\002\003\001\000\001\243
|
||||
\102\060\100\060\035\006\003\125\035\016\004\026\004\024\376\241
|
||||
\340\160\036\052\003\071\122\132\102\276\134\221\205\172\030\252
|
||||
\115\265\060\016\006\003\125\035\017\001\001\377\004\004\003\002
|
||||
\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003
|
||||
\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001\013
|
||||
\005\000\003\202\001\001\000\302\112\126\372\025\041\173\050\242
|
||||
\351\345\035\373\370\055\304\071\226\101\114\073\047\054\304\154
|
||||
\030\025\200\306\254\257\107\131\057\046\013\343\066\260\357\073
|
||||
\376\103\227\111\062\231\022\025\133\337\021\051\377\253\123\370
|
||||
\273\301\170\017\254\234\123\257\127\275\150\214\075\151\063\360
|
||||
\243\240\043\143\073\144\147\042\104\255\325\161\313\126\052\170
|
||||
\222\243\117\022\061\066\066\342\336\376\000\304\243\140\017\047
|
||||
\255\240\260\212\265\066\172\122\241\275\047\364\040\047\142\350
|
||||
\115\224\044\023\344\012\004\351\074\253\056\310\103\011\112\306
|
||||
\141\004\345\111\064\176\323\304\310\365\017\300\252\351\272\124
|
||||
\136\363\143\053\117\117\120\324\376\271\173\231\214\075\300\056
|
||||
\274\002\053\323\304\100\344\212\007\061\036\233\316\046\231\023
|
||||
\373\021\352\232\042\014\021\031\307\136\033\201\120\060\310\226
|
||||
\022\156\347\313\101\177\221\073\242\107\267\124\200\033\334\000
|
||||
\314\232\220\352\303\303\120\006\142\014\060\300\025\110\247\250
|
||||
\131\174\341\256\042\242\342\012\172\017\372\142\253\122\114\341
|
||||
\361\337\312\276\203\015\102
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
|
||||
# Trust for "emSign Root CA - C1"
|
||||
# Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US
|
||||
# Serial Number:00:ae:cf:00:ba:c4:cf:32:f8:43:b2
|
||||
# Subject: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US
|
||||
# Not Valid Before: Sun Feb 18 18:30:00 2018
|
||||
# Not Valid After : Wed Feb 18 18:30:00 2043
|
||||
# Fingerprint (SHA-256): 12:56:09:AA:30:1D:A0:A2:49:B9:7A:82:39:CB:6A:34:21:6F:44:DC:AC:9F:39:54:B1:42:92:F2:E8:C8:60:8F
|
||||
# Fingerprint (SHA1): E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "emSign Root CA - C1"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\347\056\361\337\374\262\011\050\317\135\324\325\147\067\261\121
|
||||
\313\206\117\001
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\330\343\135\001\041\372\170\132\260\337\272\322\356\052\137\150
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156
|
||||
\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145
|
||||
\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003
|
||||
\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164
|
||||
\040\103\101\040\055\040\103\061
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\013\000\256\317\000\272\304\317\062\370\103\262
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "emSign ECC Root CA - C3"
|
||||
#
|
||||
# Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US
|
||||
# Serial Number:7b:71:b6:82:56:b8:12:7c:9c:a8
|
||||
# Subject: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US
|
||||
# Not Valid Before: Sun Feb 18 18:30:00 2018
|
||||
# Not Valid After : Wed Feb 18 18:30:00 2043
|
||||
# Fingerprint (SHA-256): BC:4D:80:9B:15:18:9D:78:DB:3E:1D:8C:F4:F9:72:6A:79:5D:A1:64:3C:A5:F1:35:8E:1D:DB:0E:DC:0D:7E:B3
|
||||
# Fingerprint (SHA1): B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "emSign ECC Root CA - C3"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156
|
||||
\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145
|
||||
\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003
|
||||
\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040
|
||||
\122\157\157\164\040\103\101\040\055\040\103\063
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156
|
||||
\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145
|
||||
\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003
|
||||
\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040
|
||||
\122\157\157\164\040\103\101\040\055\040\103\063
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\012\173\161\266\202\126\270\022\174\234\250
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\002\053\060\202\001\261\240\003\002\001\002\002\012\173
|
||||
\161\266\202\126\270\022\174\234\250\060\012\006\010\052\206\110
|
||||
\316\075\004\003\003\060\132\061\013\060\011\006\003\125\004\006
|
||||
\023\002\125\123\061\023\060\021\006\003\125\004\013\023\012\145
|
||||
\155\123\151\147\156\040\120\113\111\061\024\060\022\006\003\125
|
||||
\004\012\023\013\145\115\165\144\150\162\141\040\111\156\143\061
|
||||
\040\060\036\006\003\125\004\003\023\027\145\155\123\151\147\156
|
||||
\040\105\103\103\040\122\157\157\164\040\103\101\040\055\040\103
|
||||
\063\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060
|
||||
\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060
|
||||
\132\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123
|
||||
\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147
|
||||
\156\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013
|
||||
\145\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006
|
||||
\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103
|
||||
\040\122\157\157\164\040\103\101\040\055\040\103\063\060\166\060
|
||||
\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000
|
||||
\042\003\142\000\004\375\245\141\256\173\046\020\035\351\267\042
|
||||
\060\256\006\364\201\263\261\102\161\225\071\274\323\122\343\257
|
||||
\257\371\362\227\065\222\066\106\016\207\225\215\271\071\132\351
|
||||
\273\337\320\376\310\007\101\074\273\125\157\203\243\152\373\142
|
||||
\260\201\211\002\160\175\110\305\112\343\351\042\124\042\115\223
|
||||
\273\102\014\257\167\234\043\246\175\327\141\021\316\145\307\370
|
||||
\177\376\365\362\251\243\102\060\100\060\035\006\003\125\035\016
|
||||
\004\026\004\024\373\132\110\320\200\040\100\362\250\351\000\007
|
||||
\151\031\167\247\346\303\364\317\060\016\006\003\125\035\017\001
|
||||
\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001
|
||||
\001\377\004\005\060\003\001\001\377\060\012\006\010\052\206\110
|
||||
\316\075\004\003\003\003\150\000\060\145\002\061\000\264\330\057
|
||||
\002\211\375\266\114\142\272\103\116\023\204\162\265\256\335\034
|
||||
\336\326\265\334\126\217\130\100\132\055\336\040\114\042\203\312
|
||||
\223\250\176\356\022\100\307\326\207\117\370\337\205\002\060\034
|
||||
\024\144\344\174\226\203\021\234\260\321\132\141\113\246\017\111
|
||||
\323\000\374\241\374\344\245\377\177\255\327\060\320\307\167\177
|
||||
\276\201\007\125\060\120\040\024\365\127\070\012\250\061\121
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
|
||||
# Trust for "emSign ECC Root CA - C3"
|
||||
# Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US
|
||||
# Serial Number:7b:71:b6:82:56:b8:12:7c:9c:a8
|
||||
# Subject: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US
|
||||
# Not Valid Before: Sun Feb 18 18:30:00 2018
|
||||
# Not Valid After : Wed Feb 18 18:30:00 2043
|
||||
# Fingerprint (SHA-256): BC:4D:80:9B:15:18:9D:78:DB:3E:1D:8C:F4:F9:72:6A:79:5D:A1:64:3C:A5:F1:35:8E:1D:DB:0E:DC:0D:7E:B3
|
||||
# Fingerprint (SHA1): B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "emSign ECC Root CA - C3"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\266\257\103\302\233\201\123\175\366\357\153\303\037\037\140\025
|
||||
\014\356\110\146
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\076\123\263\243\201\356\327\020\370\323\260\035\027\222\365\325
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156
|
||||
\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145
|
||||
\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003
|
||||
\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040
|
||||
\122\157\157\164\040\103\101\040\055\040\103\063
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\012\173\161\266\202\126\270\022\174\234\250
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Hongkong Post Root CA 3"
|
||||
#
|
||||
# Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK
|
||||
# Serial Number:08:16:5f:8a:4c:a5:ec:00:c9:93:40:df:c4:c6:ae:23:b8:1c:5a:a4
|
||||
# Subject: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK
|
||||
# Not Valid Before: Sat Jun 03 02:29:46 2017
|
||||
# Not Valid After : Tue Jun 03 02:29:46 2042
|
||||
# Fingerprint (SHA-256): 5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6
|
||||
# Fingerprint (SHA1): 58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Hongkong Post Root CA 3"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061
|
||||
\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113
|
||||
\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157
|
||||
\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012
|
||||
\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061
|
||||
\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157
|
||||
\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040
|
||||
\063
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061
|
||||
\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113
|
||||
\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157
|
||||
\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012
|
||||
\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061
|
||||
\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157
|
||||
\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040
|
||||
\063
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\024\010\026\137\212\114\245\354\000\311\223\100\337\304\306
|
||||
\256\043\270\034\132\244
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\005\317\060\202\003\267\240\003\002\001\002\002\024\010
|
||||
\026\137\212\114\245\354\000\311\223\100\337\304\306\256\043\270
|
||||
\034\132\244\060\015\006\011\052\206\110\206\367\015\001\001\013
|
||||
\005\000\060\157\061\013\060\011\006\003\125\004\006\023\002\110
|
||||
\113\061\022\060\020\006\003\125\004\010\023\011\110\157\156\147
|
||||
\040\113\157\156\147\061\022\060\020\006\003\125\004\007\023\011
|
||||
\110\157\156\147\040\113\157\156\147\061\026\060\024\006\003\125
|
||||
\004\012\023\015\110\157\156\147\153\157\156\147\040\120\157\163
|
||||
\164\061\040\060\036\006\003\125\004\003\023\027\110\157\156\147
|
||||
\153\157\156\147\040\120\157\163\164\040\122\157\157\164\040\103
|
||||
\101\040\063\060\036\027\015\061\067\060\066\060\063\060\062\062
|
||||
\071\064\066\132\027\015\064\062\060\066\060\063\060\062\062\071
|
||||
\064\066\132\060\157\061\013\060\011\006\003\125\004\006\023\002
|
||||
\110\113\061\022\060\020\006\003\125\004\010\023\011\110\157\156
|
||||
\147\040\113\157\156\147\061\022\060\020\006\003\125\004\007\023
|
||||
\011\110\157\156\147\040\113\157\156\147\061\026\060\024\006\003
|
||||
\125\004\012\023\015\110\157\156\147\153\157\156\147\040\120\157
|
||||
\163\164\061\040\060\036\006\003\125\004\003\023\027\110\157\156
|
||||
\147\153\157\156\147\040\120\157\163\164\040\122\157\157\164\040
|
||||
\103\101\040\063\060\202\002\042\060\015\006\011\052\206\110\206
|
||||
\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
|
||||
\002\202\002\001\000\263\210\327\352\316\017\040\116\276\346\326
|
||||
\003\155\356\131\374\302\127\337\051\150\241\203\016\076\150\307
|
||||
\150\130\234\034\140\113\211\103\014\271\324\025\262\356\301\116
|
||||
\165\351\265\247\357\345\351\065\231\344\314\034\347\113\137\215
|
||||
\063\060\040\063\123\331\246\273\325\076\023\216\351\037\207\111
|
||||
\255\120\055\120\312\030\276\001\130\242\023\160\226\273\211\210
|
||||
\126\200\134\370\275\054\074\341\114\127\210\273\323\271\225\357
|
||||
\313\307\366\332\061\164\050\246\346\124\211\365\101\061\312\345
|
||||
\046\032\315\202\340\160\332\073\051\273\325\003\365\231\272\125
|
||||
\365\144\321\140\016\263\211\111\270\212\057\005\322\204\105\050
|
||||
\174\217\150\120\022\170\374\013\265\123\313\302\230\034\204\243
|
||||
\236\260\276\043\244\332\334\310\053\036\332\156\105\036\211\230
|
||||
\332\371\000\056\006\351\014\073\160\325\120\045\210\231\313\315
|
||||
\163\140\367\325\377\065\147\305\241\274\136\253\315\112\270\105
|
||||
\353\310\150\036\015\015\024\106\022\343\322\144\142\212\102\230
|
||||
\274\264\306\010\010\370\375\250\114\144\234\166\001\275\057\251
|
||||
\154\063\017\330\077\050\270\074\151\001\102\206\176\151\301\311
|
||||
\006\312\345\172\106\145\351\302\326\120\101\056\077\267\344\355
|
||||
\154\327\277\046\001\021\242\026\051\112\153\064\006\220\354\023
|
||||
\322\266\373\152\166\322\074\355\360\326\055\335\341\025\354\243
|
||||
\233\057\054\311\076\053\344\151\073\377\162\045\261\066\206\133
|
||||
\307\177\153\213\125\033\112\305\040\141\075\256\313\120\341\010
|
||||
\072\276\260\217\143\101\123\060\010\131\074\230\035\167\272\143
|
||||
\221\172\312\020\120\140\277\360\327\274\225\207\217\227\305\376
|
||||
\227\152\001\224\243\174\133\205\035\052\071\072\320\124\241\321
|
||||
\071\161\235\375\041\371\265\173\360\342\340\002\217\156\226\044
|
||||
\045\054\240\036\054\250\304\211\247\357\355\231\006\057\266\012
|
||||
\114\117\333\242\314\067\032\257\107\205\055\212\137\304\064\064
|
||||
\114\000\375\030\223\147\023\321\067\346\110\264\213\006\305\127
|
||||
\173\031\206\012\171\313\000\311\122\257\102\377\067\217\341\243
|
||||
\036\172\075\120\253\143\006\347\025\265\077\266\105\067\224\067
|
||||
\261\176\362\110\303\177\305\165\376\227\215\105\217\032\247\032
|
||||
\162\050\032\100\017\002\003\001\000\001\243\143\060\141\060\017
|
||||
\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
|
||||
\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060
|
||||
\037\006\003\125\035\043\004\030\060\026\200\024\027\235\315\036
|
||||
\213\326\071\053\160\323\134\324\240\270\037\260\000\374\305\141
|
||||
\060\035\006\003\125\035\016\004\026\004\024\027\235\315\036\213
|
||||
\326\071\053\160\323\134\324\240\270\037\260\000\374\305\141\060
|
||||
\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202
|
||||
\002\001\000\126\325\173\156\346\042\001\322\102\233\030\325\016
|
||||
\327\146\043\134\343\376\240\307\222\322\351\224\255\113\242\306
|
||||
\354\022\174\164\325\110\322\131\024\231\300\353\271\321\353\364
|
||||
\110\060\133\255\247\127\163\231\251\323\345\267\321\056\131\044
|
||||
\130\334\150\056\056\142\330\152\344\160\013\055\040\120\040\244
|
||||
\062\225\321\000\230\273\323\375\367\062\362\111\256\306\172\340
|
||||
\107\276\156\316\313\243\162\072\055\151\135\313\310\350\105\071
|
||||
\324\372\102\301\021\114\167\135\222\373\152\377\130\104\345\353
|
||||
\201\236\257\240\231\255\276\251\001\146\313\070\035\074\337\103
|
||||
\037\364\115\156\264\272\027\106\374\175\375\207\201\171\152\015
|
||||
\063\017\372\057\370\024\271\200\263\135\115\252\227\341\371\344
|
||||
\030\305\370\325\070\214\046\074\375\362\050\342\356\132\111\210
|
||||
\054\337\171\075\216\236\220\074\275\101\112\072\335\133\366\232
|
||||
\264\316\077\045\060\177\062\175\242\003\224\320\334\172\241\122
|
||||
\336\156\223\215\030\046\375\125\254\275\217\233\322\317\257\347
|
||||
\206\054\313\037\011\157\243\157\251\204\324\163\277\115\241\164
|
||||
\033\116\043\140\362\314\016\252\177\244\234\114\045\250\262\146
|
||||
\073\070\377\331\224\060\366\162\204\276\150\125\020\017\306\163
|
||||
\054\026\151\223\007\376\261\105\355\273\242\125\152\260\332\265
|
||||
\112\002\045\047\205\327\267\267\206\104\026\211\154\200\053\076
|
||||
\227\251\234\325\176\125\114\306\336\105\020\034\352\351\073\237
|
||||
\003\123\356\356\172\001\002\026\170\324\350\302\276\106\166\210
|
||||
\023\077\042\273\110\022\035\122\000\264\002\176\041\032\036\234
|
||||
\045\364\363\075\136\036\322\034\371\263\055\266\367\067\134\306
|
||||
\313\041\116\260\367\231\107\030\205\301\053\272\125\256\006\352
|
||||
\320\007\262\334\253\320\202\226\165\316\322\120\376\231\347\317
|
||||
\057\237\347\166\321\141\052\373\041\273\061\320\252\237\107\244
|
||||
\262\042\312\026\072\120\127\304\133\103\147\305\145\142\003\111
|
||||
\001\353\103\331\330\370\236\255\317\261\143\016\105\364\240\132
|
||||
\054\233\055\305\246\300\255\250\107\364\047\114\070\015\056\033
|
||||
\111\073\122\364\350\210\203\053\124\050\324\362\065\122\264\062
|
||||
\203\142\151\144\014\221\234\237\227\352\164\026\375\037\021\006
|
||||
\232\233\364
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
|
||||
# Trust for "Hongkong Post Root CA 3"
|
||||
# Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK
|
||||
# Serial Number:08:16:5f:8a:4c:a5:ec:00:c9:93:40:df:c4:c6:ae:23:b8:1c:5a:a4
|
||||
# Subject: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK
|
||||
# Not Valid Before: Sat Jun 03 02:29:46 2017
|
||||
# Not Valid After : Tue Jun 03 02:29:46 2042
|
||||
# Fingerprint (SHA-256): 5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6
|
||||
# Fingerprint (SHA1): 58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Hongkong Post Root CA 3"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\130\242\320\354\040\122\201\133\301\363\370\144\002\044\116\302
|
||||
\216\002\113\002
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\021\374\237\275\163\060\002\212\375\077\363\130\271\313\040\360
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061
|
||||
\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113
|
||||
\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157
|
||||
\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012
|
||||
\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061
|
||||
\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157
|
||||
\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040
|
||||
\063
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\024\010\026\137\212\114\245\354\000\311\223\100\337\304\306
|
||||
\256\043\270\034\132\244
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
|
|
@ -46,8 +46,8 @@
|
|||
* It's recommend to switch back to 0 after having reached version 98/99.
|
||||
*/
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 30
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "2.30"
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 32
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "2.32"
|
||||
|
||||
/* These version numbers detail the semantic changes to the ckfw engine. */
|
||||
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
|
||||
|
|
|
@ -690,15 +690,16 @@ typedef struct SSLAeadContextStr SSLAeadContext;
|
|||
PK11SymKey * *_keyp), \
|
||||
(version, cipherSuite, salt, ikm, keyp))
|
||||
|
||||
#define SSL_HkdfDeriveSecret(version, cipherSuite, prk, \
|
||||
label, labelLen, keyp) \
|
||||
SSL_EXPERIMENTAL_API("SSL_HkdfDeriveSecret", \
|
||||
(PRUint16 _version, PRUint16 _cipherSuite, \
|
||||
PK11SymKey * _prk, \
|
||||
const char *_label, unsigned int _labelLen, \
|
||||
PK11SymKey **_keyp), \
|
||||
(version, cipherSuite, prk, \
|
||||
label, labelLen, keyp))
|
||||
#define SSL_HkdfExpandLabel(version, cipherSuite, prk, \
|
||||
hsHash, hsHashLen, label, labelLen, keyp) \
|
||||
SSL_EXPERIMENTAL_API("SSL_HkdfExpandLabel", \
|
||||
(PRUint16 _version, PRUint16 _cipherSuite, \
|
||||
PK11SymKey * _prk, \
|
||||
const PRUint8 *_hsHash, unsigned int _hsHashLen, \
|
||||
const char *_label, unsigned int _labelLen, \
|
||||
PK11SymKey **_keyp), \
|
||||
(version, cipherSuite, prk, \
|
||||
hsHash, hsHashLen, label, labelLen, keyp))
|
||||
|
||||
/* Deprecated experimental APIs */
|
||||
#define SSL_UseAltServerHelloType(fd, enable) SSL_DEPRECATED_EXPERIMENTAL_API
|
||||
|
|
|
@ -1775,9 +1775,10 @@ SECStatus SSLExp_AeadDecrypt(const SSLAeadContext *ctx, PRUint64 counter,
|
|||
|
||||
SECStatus SSLExp_HkdfExtract(PRUint16 version, PRUint16 cipherSuite,
|
||||
PK11SymKey *salt, PK11SymKey *ikm, PK11SymKey **keyp);
|
||||
SECStatus SSLExp_HkdfDeriveSecret(PRUint16 version, PRUint16 cipherSuite, PK11SymKey *prk,
|
||||
const char *label, unsigned int labelLen,
|
||||
PK11SymKey **key);
|
||||
SECStatus SSLExp_HkdfExpandLabel(PRUint16 version, PRUint16 cipherSuite, PK11SymKey *prk,
|
||||
const PRUint8 *hsHash, unsigned int hsHashLen,
|
||||
const char *label, unsigned int labelLen,
|
||||
PK11SymKey **key);
|
||||
|
||||
SEC_END_PROTOS
|
||||
|
||||
|
|
|
@ -226,9 +226,10 @@ SSLExp_HkdfExtract(PRUint16 version, PRUint16 cipherSuite,
|
|||
}
|
||||
|
||||
SECStatus
|
||||
SSLExp_HkdfDeriveSecret(PRUint16 version, PRUint16 cipherSuite, PK11SymKey *prk,
|
||||
const char *label, unsigned int labelLen,
|
||||
PK11SymKey **keyp)
|
||||
SSLExp_HkdfExpandLabel(PRUint16 version, PRUint16 cipherSuite, PK11SymKey *prk,
|
||||
const PRUint8 *hsHash, unsigned int hsHashLen,
|
||||
const char *label, unsigned int labelLen,
|
||||
PK11SymKey **keyp)
|
||||
{
|
||||
if (prk == NULL || keyp == NULL ||
|
||||
label == NULL || labelLen == 0) {
|
||||
|
@ -243,7 +244,7 @@ SSLExp_HkdfDeriveSecret(PRUint16 version, PRUint16 cipherSuite, PK11SymKey *prk,
|
|||
if (rv != SECSuccess) {
|
||||
return SECFailure; /* Code already set. */
|
||||
}
|
||||
return tls13_HkdfExpandLabel(prk, hash, NULL, 0, label, labelLen,
|
||||
return tls13_HkdfExpandLabel(prk, hash, hsHash, hsHashLen, label, labelLen,
|
||||
tls13_GetHkdfMechanismForHash(hash),
|
||||
tls13_GetHashSizeForHash(hash), keyp);
|
||||
}
|
||||
|
|
|
@ -4053,7 +4053,7 @@ struct {
|
|||
EXP(HelloRetryRequestCallback),
|
||||
EXP(InstallExtensionHooks),
|
||||
EXP(HkdfExtract),
|
||||
EXP(HkdfDeriveSecret),
|
||||
EXP(HkdfExpandLabel),
|
||||
EXP(KeyUpdate),
|
||||
EXP(MakeAead),
|
||||
EXP(RecordLayerData),
|
||||
|
|
|
@ -203,6 +203,7 @@
|
|||
'gtests/mozpkix_gtest/mozpkix_gtest.gyp:mozpkix_gtest',
|
||||
'gtests/nss_bogo_shim/nss_bogo_shim.gyp:nss_bogo_shim',
|
||||
'gtests/pk11_gtest/pk11_gtest.gyp:pk11_gtest',
|
||||
'gtests/smime_gtest/smime_gtest.gyp:smime_gtest',
|
||||
'gtests/softoken_gtest/softoken_gtest.gyp:softoken_gtest',
|
||||
'gtests/ssl_gtest/ssl_gtest.gyp:ssl_gtest',
|
||||
'gtests/util_gtest/util_gtest.gyp:util_gtest',
|
||||
|
|
|
@ -87,7 +87,7 @@ gtest_cleanup()
|
|||
}
|
||||
|
||||
################## main #################################################
|
||||
GTESTS="${GTESTS:-prng_gtest certhigh_gtest certdb_gtest der_gtest pk11_gtest util_gtest freebl_gtest softoken_gtest sysinit_gtest blake2b_gtest}"
|
||||
GTESTS="${GTESTS:-prng_gtest certhigh_gtest certdb_gtest der_gtest pk11_gtest util_gtest freebl_gtest softoken_gtest sysinit_gtest blake2b_gtest smime_gtest}"
|
||||
gtest_init "$0"
|
||||
gtest_start
|
||||
gtest_cleanup
|
||||
|
|
|
@ -1225,6 +1225,51 @@ ssl_scheme()
|
|||
html "</TABLE><BR>"
|
||||
}
|
||||
|
||||
############################ ssl_scheme_stress ##########################
|
||||
# local shell function to test strsclnt and selfserv handling of signature schemes
|
||||
#########################################################################
|
||||
ssl_scheme_stress()
|
||||
{
|
||||
if [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
|
||||
return 0
|
||||
fi
|
||||
|
||||
html_head "SSL SCHEME $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
|
||||
|
||||
NO_ECC_CERTS=1
|
||||
schemes=("rsa_pkcs1_sha256" "rsa_pss_rsae_sha256" "rsa_pkcs1_sha256,rsa_pss_rsae_sha256")
|
||||
for sscheme in "${schemes[@]}"; do
|
||||
for cscheme in "${schemes[@]}"; do
|
||||
testname="ssl_scheme server='$sscheme' client='$cscheme'"
|
||||
echo "${testname}"
|
||||
|
||||
start_selfserv -V tls1.2:tls1.2 -J "$sscheme"
|
||||
|
||||
echo "strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
|
||||
echo " -V tls1.2:tls1.2 -J "$cscheme" ${HOSTADDR} < ${REQUEST_FILE}"
|
||||
${PROFTOOL} ${BINDIR}/strsclnt -q -p ${PORT} ${CLIENT_OPTIONS} \
|
||||
-d ${P_R_CLIENTDIR} $verbose -V tls1.2:tls1.2 -J "$cscheme" ${HOSTADDR} < ${REQUEST_FILE} 2>&1
|
||||
ret=$?
|
||||
# If both schemes include just one option and those options don't
|
||||
# match, then the test should fail; otherwise, assume that it works.
|
||||
if [ "${cscheme#*,}" = "$cscheme" -a \
|
||||
"${sscheme#*,}" = "$sscheme" -a \
|
||||
"$cscheme" != "$sscheme" ]; then
|
||||
expected=1
|
||||
else
|
||||
expected=0
|
||||
fi
|
||||
html_msg $ret $expected "${testname}" \
|
||||
"produced a returncode of $ret, expected is $expected"
|
||||
kill_selfserv
|
||||
done
|
||||
done
|
||||
NO_ECC_CERTS=0
|
||||
|
||||
html "</TABLE><BR>"
|
||||
}
|
||||
|
||||
############################## ssl_cleanup #############################
|
||||
# local shell function to finish this script (no exit since it might be
|
||||
# sourced)
|
||||
|
@ -1267,6 +1312,7 @@ ssl_run()
|
|||
;;
|
||||
"scheme")
|
||||
ssl_scheme
|
||||
ssl_scheme_stress
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
|
Загрузка…
Ссылка в новой задаче